At 01:02 PM 11/16/00 -0500, Scott Savarese wrote:
Wow...the first one is great...I'm not sure where the second one will help
me though...
The second, the antivirus program, I use via a procmail script (which I'm
attaching) to scan attachments. It's run via INCLUDERC in /etc/procmailrc
I have a question about the first virus scheme...which I would like to
implement. When I set up a /etc/procmailrc ruleset what happens if a user
already has a /home/USER/.procmailrc? Will it still be run? (I apologize
for the fact that it is an awefully beginner question, but I have to
ask...)
/etc/procmailrc is run prior to any of the $HOME/.procmailrc files, but
both will get run if the user has their own.
Lee.
METAMAIL_TMPDIR="/etc/procmail/avtemp"
SYSADMIN=lee(_at_)server(_dot_)deanox(_dot_)com
VIRUSMSG=/etc/procmail/virusmsg
CONAME=Deanox
RETURNPATH=`grep -e "return-path" -i | sed "s/^.*<//;s/>//"`
MAILSUBJECT=`grep -e "^subject" -i | sed 's/[Ss]ubject. //g'`
:0 ic:/tmp/avtemp.lock
| metamail -r -w -x
:0 ic:/tmp/avtemp.lock
| /usr/bin/antivir $METAMAIL_TMPDIR/* > $METAMAIL_TMPDIR/antivir.log
VIRUSCHECK=`grep -e "VIRUS" $METAMAIL_TMPDIR/antivir.log`
:0 ic:/tmp/avtemp.lock
| rm -f $METAMAIL_TMPDIR/*
:0
* ! $VIRUSCHECK ?? ^^^^
{
:0 h ci
| ( \
echo "To: $RETURNPATH";\
echo "From: $CONAME E-Mail Security daemon <postmaster>";\
echo 'Subject: VIRUS WARNING - virus found in e-mail attachment';\
echo "X-Loop: $CONAME E-Mail Anti-virus agent"; \
echo ;\
cat $VIRUSMSG;\
echo ;\
echo $VIRUSCHECK;\
echo ;\
echo 'Headers from message:';\
echo ;\
sed -e 's/^/> /' ;\
) | $SENDMAIL -U $RETURNPATH
:0 h i
| ( \
echo "To: $SYSADMIN";\
echo "From: $CONAME E-Mail Security daemon <postmaster>";\
echo 'Subject: VIRUS NOTIFY - virus found in e-mail attachment';\
echo "X-Loop: $CONAME E-Mail Anti-virus agent"; \
echo ;\
echo 'The system successfully caught and deleted mail infected ' ;\
echo 'with the following virus(es): ' ;\
echo ;\
echo $VIRUSCHECK;\
echo ;\
echo 'Headers from message:';\
echo ;\
sed -e 's/^/> /' ;\
) | $SENDMAIL -U $SYSADMIN
:0:/tmp/avtemp.lock
/dev/null
}