procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: help with virus removal using procmail...

2000-11-16 13:28:15
from [Lee Howard] [Permanent Link] 
At 01:02 PM 11/16/00 -0500, Scott Savarese wrote:

Wow...the first one is great...I'm not sure where the second one will help
me though...


The second, the antivirus program, I use via a procmail script (which I'm
attaching) to scan attachments.  It's run via INCLUDERC in /etc/procmailrc


I have a question about the first virus scheme...which I would like to
implement. When I set up a /etc/procmailrc ruleset what happens if a user
already has a /home/USER/.procmailrc? Will it still be run? (I apologize
for the fact that it is an awefully beginner question, but I have to
ask...)


/etc/procmailrc is run prior to any of the $HOME/.procmailrc files, but
both will get run if the user has their own.

Lee.


METAMAIL_TMPDIR="/etc/procmail/avtemp"
SYSADMIN=lee(_at_)server(_dot_)deanox(_dot_)com
VIRUSMSG=/etc/procmail/virusmsg
CONAME=Deanox
RETURNPATH=`grep -e "return-path" -i | sed "s/^.*<//;s/>//"`
MAILSUBJECT=`grep -e "^subject" -i | sed 's/[Ss]ubject. //g'`

:0 ic:/tmp/avtemp.lock
| metamail -r -w -x

:0 ic:/tmp/avtemp.lock
| /usr/bin/antivir $METAMAIL_TMPDIR/* > $METAMAIL_TMPDIR/antivir.log

VIRUSCHECK=`grep -e "VIRUS" $METAMAIL_TMPDIR/antivir.log`

:0 ic:/tmp/avtemp.lock
| rm -f $METAMAIL_TMPDIR/*

:0
* ! $VIRUSCHECK ?? ^^^^
{
 :0 h ci
 | ( \
    echo "To: $RETURNPATH";\
    echo "From: $CONAME E-Mail Security daemon <postmaster>";\
    echo 'Subject: VIRUS WARNING - virus found in e-mail attachment';\
    echo "X-Loop: $CONAME E-Mail Anti-virus agent"; \
    echo ;\
    cat $VIRUSMSG;\
    echo ;\
    echo $VIRUSCHECK;\
    echo ;\
    echo 'Headers from message:';\
    echo ;\
    sed -e 's/^/> /' ;\
   ) | $SENDMAIL -U $RETURNPATH

 :0 h i
 | ( \
    echo "To: $SYSADMIN";\
    echo "From: $CONAME E-Mail Security daemon <postmaster>";\
    echo 'Subject: VIRUS NOTIFY - virus found in e-mail attachment';\
    echo "X-Loop: $CONAME E-Mail Anti-virus agent"; \
    echo ;\
    echo 'The system successfully caught and deleted mail infected ' ;\
    echo 'with the following virus(es): ' ;\
    echo ;\
    echo $VIRUSCHECK;\
    echo ;\
    echo 'Headers from message:';\
    echo ;\
    sed -e 's/^/> /' ;\
   ) | $SENDMAIL -U $SYSADMIN

 :0:/tmp/avtemp.lock
 /dev/null
}
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Procmail not parsing mbox, Dallman Ross
Next by Date:  Re: Procmail not parsing mbox, David W. Tamkin
Previous by Thread:  Re: help with virus removal using procmail..., Scott Savarese
Next by Thread:  Procmail not parsing mbox, Mark McWiggins
Indexes:  [Date] [Thread] [Top] [All Lists]