PhPOP3clean 0.9.17


phPOP3clean is a PHP-based POP3 email scanner. It's designed to be run as a cron job every minute or so, and to catch & delete several types of unwanted emails.

a) malformed emails - incomplete or malformed headers, which cause some POP3 servers to drop connection when the message is retrieved.
b) email worms - attached executable files matched against database of known variant, including matching variable-length files or files with internal random bytes (such as the currently-popular Netsky & Beagle variants).  Zipped attachments are unzipped and scanned. Password-protected zipped attachments are matched based on deceptive filenames.
c) image-based spam - attached images are matched against database of known spam images to reject messages containing only an inline attached image (technique of bypassing many spam filters). Images with random bytes appended are also matched.
d) obfuscated word spam - scans message body for obfuscated words, such as "víàqrä" in place of "viagra"
e) blacklisted phrase spam - scans message body for phrases (such as "Securities Exchange Act of 1934" or "forward looking statements", both of which are in most stock-promoting spam). Regular expression matches can be used to match variations.
f) blacklisted source code - scans message source for phrases known to be part of exploits (eg: <script language="JScript.Encode">).
g) blacklisted Received header - reject messages based on "Received" header contents.
h) blacklisted IP spam - scans message contents for links to blacklisted IP ranges (eg: Links can be in HTML or plain text, image/iframe src, etc.
i) blacklisted domains - auto-blacklists any IPs associated with domains that regularly swap IPs from a pool of zombie machines.
j) whitelist - "From" and "Return-Path" headers are scanned to match whitelist to bypass all filtering.
k) SpamAssassin support - can delete emails based on what SpamAssassin says.
m) DNSBL support - reject email based on headers or body containing blacklisted IPs/domains.

- PHP v4.x.x
- MySQL v3.x+

License type: GNU General Public License
Date added: 5 years, 5 months 12 days ago | Last updated: 5 years, 3 months 29 days ago

More popular Security System

Listing Files

List All Files