Rob,
Let me echo what has already been said. As one who spends a lot of time
trying to keep annoying e-mail out of my users' inboxes, I decided last
year to turn off virus notifications that our NAVIEG server was sending.
They seem like a courtesy, but because most of the viruses prevalent
today use spoofed "sender" addresses, they are a huge nuisance.
With this last Sobig go 'round, we received far more auto-generated
warnings than actual Sobig messages. I am using several recipes to catch
auto-generated virus warnings and dispose of them before they get to the
users.
Take care,
Dave
--
David W. MacDougall, E-mail administrator
The Post and Courier
843.937.5655
Rob Lists said:
Greetings,
I've worked up a recipe to send out a warning to the user when clamAV
finds
a virus. This recipe also puts the actual infected mail in a folder
called
VIRUS. It all seems to work well, however, if I have verborse logging on
I
get an error message during my message composition. Here is the relevant
(I
hope) section of the recipe that deals with creating the notice. This
section first checks to see if the ClamAV header is there and if it's not
clean do the following (infected). First, create and send an email to the
user about their message being infected and the headers included. Second,
put a full copy in the users $MAILDIR/VIRUS file.
:0
* ^X-ClamAV: \/.*
* ! MATCH ?? ^^clean^^
{
:0w
{
# Grab the entire header for the body of the message
# Grab the Virus name for the Subject line.
HEADER = `formail -X "" `
VIRUS = `formail -xX-ClamAV`
:0
| ( echo "From: Postmaster(_at_)dympna(_dot_)com"; \
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: ** Virus eMail with $VIRUS"; \
echo "No auto-reply was sent to the originator of this virus";\
echo "infected email. You may with to contact the person in";\
echo "the >From: line below."; \
echo " ";\
echo "Following are the headers that were extracted from the
email:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t
}
:0:
$VIRUS_FOLDER
}
Functionally, this completes just fine and does exactly what I want.
However, I'm getting this message from the verbose logging:
procmail: Executing "formail,-xX-ClamAV"
procmail: Assigning "VIRUS= Worm.Gibe.F FOUND"
procmail: Executing " ( echo "From: postmaster(_at_)dympna(_dot_)com"; \
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: Email with $VIRUS"; \
echo " ";\
echo "Following are the headers that were extracted:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t "
procmail: Error while writing to " ( echo "From:
postmaster(_at_)dympna(_dot_)com"; \
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: Email with $VIRUS"; \
echo " ";\
echo "Following are the headers that were extracted:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t "
procmail: Assigning "LASTFOLDER= ( echo "From:
postmaster(_at_)dympna(_dot_)com"; \
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: Email with $VIRUS"; \
echo " ";\
echo "Following are the headers that were extracted:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t "
I don't understand what the error is from. It completes, what am I doing
wrong?
Also, I'd love to hear other ways of doing this...I came up with this
solution on my own after trying out a couple of pipes to external scripts.
I'm sure it's not the most elegant or possibly even correct! I just -had-
to have some form of notification.
(BTW, just noticed I need to change postmaster(_at_)dympna(_dot_)com to
security(_at_)dympna(_dot_)com or something like that)
-Rob
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail