Guys, check my recipe a bit more. It sends the notice to the RECIPIENT of
the virus email on my network letting them know a virus headed in their
direction has been thwarted. It doesn't do flip for the sender since we all
know those addresses are mostly spoofed. It does drop the original headers
in as the body of the message so someone with a bit of smarts can see if
they needed to get in touch with their cousin Joe.
On Wed, 01 Oct 2003 23:42:55 -0400 (EDT), David W. MacDougall wrote
Rob,
Let me echo what has already been said. As one who spends a lot of
time trying to keep annoying e-mail out of my users' inboxes, I
decided last year to turn off virus notifications that our NAVIEG
server was sending. They seem like a courtesy, but because most of
the viruses prevalent today use spoofed "sender" addresses, they are
a huge nuisance. With this last Sobig go 'round, we received far
more auto-generated warnings than actual Sobig messages. I am using
several recipes to catch auto-generated virus warnings and dispose
of them before they get to the users.
Take care,
Dave
--
David W. MacDougall, E-mail administrator
The Post and Courier
843.937.5655
Rob Lists said:
Greetings,
I've worked up a recipe to send out a warning to the user when clamAV
finds
a virus. This recipe also puts the actual infected mail in a folder
called
VIRUS. It all seems to work well, however, if I have verborse logging
on
I
get an error message during my message composition. Here is the
relevant
(I
hope) section of the recipe that deals with creating the notice. This
section first checks to see if the ClamAV header is there and if it's
not
clean do the following (infected). First, create and send an email to
the
user about their message being infected and the headers included.
Second,
put a full copy in the users $MAILDIR/VIRUS file.
:0
* ^X-ClamAV: \/.*
* ! MATCH ?? ^^clean^^
{
:0w
{
# Grab the entire header for the body of the message
# Grab the Virus name for the Subject line.
HEADER = `formail -X "" `
VIRUS = `formail -xX-ClamAV`
:0
| ( echo "From: Postmaster(_at_)dympna(_dot_)com"; \
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: ** Virus eMail with $VIRUS"; \
echo "No auto-reply was sent to the originator of this virus";\
echo "infected email. You may with to contact the person in";\
echo "the >From: line below."; \
echo " ";\
echo "Following are the headers that were extracted from the
email:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t
}
:0:
$VIRUS_FOLDER
}
Functionally, this completes just fine and does exactly what I want.
However, I'm getting this message from the verbose logging:
procmail: Executing "formail,-xX-ClamAV"
procmail: Assigning "VIRUS= Worm.Gibe.F FOUND"
procmail: Executing " ( echo "From: postmaster(_at_)dympna(_dot_)com"; \
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: Email with $VIRUS"; \
echo " ";\
echo "Following are the headers that were extracted:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t "
procmail: Error while writing to " ( echo "From:
postmaster(_at_)dympna(_dot_)com";
\
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: Email with $VIRUS"; \
echo " ";\
echo "Following are the headers that were extracted:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t "
procmail: Assigning "LASTFOLDER= ( echo "From:
postmaster(_at_)dympna(_dot_)com"; \
echo "To: $LOGNAME(_at_)dympna(_dot_)com"; \
echo "Subject: Email with $VIRUS"; \
echo " ";\
echo "Following are the headers that were extracted:";\
echo " ";\
echo "$HEADER" ) | $SENDMAIL -oi -t "
I don't understand what the error is from. It completes, what am I
doing
wrong?
Also, I'd love to hear other ways of doing this...I came up with this
solution on my own after trying out a couple of pipes to external
scripts.
I'm sure it's not the most elegant or possibly even correct! I just
-had-
to have some form of notification.
(BTW, just noticed I need to change postmaster(_at_)dympna(_dot_)com to
security(_at_)dympna(_dot_)com or something like that)
-Rob
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail