Hi -
Overview:
I'm having a problem with procmail. I tried to set up a system where procmail
sends all incoming emails to a script I wrote, and then filters the emails
based on a header that my home-made script adds. The first part works ok: all
the emails are going to my script and getting the header.
The second part, where procmail is supposed to filter on the new header,
happens most, but not all of the time. That is the part I am struggling with.
The home-made script takes a few seconds to run, so I added a lock to the
procmail recipe, so that processing the message would wait until the virus
scan ($HOME/bin/vs) was finished. This could be the problem -- maybe the lock
doesn't do what I think it is supposed to. I've played around with adding the
lock to different parts, but haven't gotten different results. The
intermittent nature of this problem has made debugging more difficult because
I can't reliably reproduce the bug.
Detail:
I am using a script to scan all incoming mail in my mail spool for viruses.
If the script finds a virus, it adds a header that looks like:
X-Virus-Found: Yes
otherwise, it adds this header:
X-Virus-Found: No
I use procmail to send all messages to this script and then to filter all the
messages with viruses into my suspected-viruses mail folder.
This seems to work most of the time, but sometimes I get messages in my inbox
that have the X-Virus-Found: Yes flag, but did not get filtered. I'm not sure
why.
This is a section from my .procmailrc where I send incoming messages to my
virus-scanning script, and filter on the X-Virus-Found header:
#now scan for viruses.
:0:vs.lock
* !^X-Virus-Found:
| $HOME/bin/vs
:0:
* *X-Virus-Found: Yes
suspected-viruses
This is the $HOME/bin/vs script:
#! /bin/bash
#make sure we have a $HOME/tmp directory to write to.
if [ ! -d $HOME/tmp ]
then
echo "vs can't find $HOME/tmp!"
exit 1
fi
#if the old scanmail file exists, delete it.
if [ -f $HOME/tmp/scanmail.txt ]
then
/bin/rm $HOME/tmp/scanmail.txt
fi
#store the file...
INFILE=$1
/bin/cat $INFILE > $HOME/tmp/scanmail.txt
#use clamscan to scan scanmail.txt
/usr/bin/clamscan --quiet $HOME/tmp/scanmail.txt
if [ $? -gt 0 ]
then
/bin/cat $HOME/tmp/scanmail.txt | /usr/bin/formail -a "X-Virus-Found: Yes"
| \
/usr/bin/procmail
else
/bin/cat $HOME/tmp/scanmail.txt | /usr/bin/formail -a "X-Virus-Found: No" |
\
/usr/bin/procmail
fi
#now cleanup scanmail.txt.
/bin/rm $HOME/tmp/scanmail.txt
Like I said before, most of the time, this system works. However,
occasionally, I get an email in my /var/spool/mail folder that has been
scanned and labeled X-Virus-Found: Yes, but it didn't get moved.
This is a section from my procmail log that shows most of the virus-infected
emails going to suspected-viruses, but one slips through and lands in my mail
spool. The email froming rbeogkio(_at_)online(_dot_)no arriving at 10:23:00
2004 had a
virus, was successfully identified (according to what I read in the message
header) but still it landed in /var/spool/mail/waxmop. I copied in the
headers from that email at the end of this message.
From matt(_at_)newyork(_dot_)ip-secure(_dot_)com Tue Jan 13 10:09:15 2004
Subject: Re: [lugc-talk] Accessing files from the network
Folder: lugc 3242
From matt(_at_)newyork(_dot_)ip-secure(_dot_)com Tue Jan 13 10:09:15 2004
Subject: Re: [lugc-talk] Accessing files from the network
Folder: /home/waxmop/bin/vs 3224
From rbeogkio(_at_)online(_dot_)no Tue Jan 13 10:23:00 2004
SUBJECT: Abort Advice
Folder: /var/spool/mail/waxmop 145464
From rbeogkio(_at_)online(_dot_)no Tue Jan 13 10:23:00 2004
SUBJECT: Abort Advice
Folder: /home/waxmop/bin/vs 145213
From rbeogkio(_at_)online(_dot_)no Tue Jan 13 10:24:45 2004
SUBJECT: Current Microsoft Critical Update
Folder: suspected-viruses 157778
From rbeogkio(_at_)online(_dot_)no Tue Jan 13 10:24:45 2004
SUBJECT: Current Microsoft Critical Update
Folder: /home/waxmop/bin/vs 157579
From athulad(_at_)eureka(_dot_)lk Tue Jan 13 10:57:59 2004
SUBJECT: Current Net Security Upgrade
Folder: suspected-viruses 158322
From athulad(_at_)eureka(_dot_)lk Tue Jan 13 10:57:59 2004
SUBJECT: Current Net Security Upgrade
Folder: /home/waxmop/bin/vs 158123
Finally here is the headers for the message that should have landed in my
suspected-viruses folder. It has the X-Virus-Found: Yes header, but yet, it
still ended up in my spool.
From rbeogkio(_at_)online(_dot_)no Tue Jan 13 10:23:00 2004
Return-Path: <rbeogkio(_at_)online(_dot_)no>
X-Original-To: matt(_at_)overlook(_dot_)homelinux(_dot_)net
Delivered-To: matt(_at_)overlook(_dot_)homelinux(_dot_)net
Received: from mail47.fg.online.no (mail47-s.fg.online.no [148.122.161.47])
by frank.overlook.homelinux.net (Postfix) with ESMTP id 1B7B86F0CC
for <matt(_at_)overlook(_dot_)homelinux(_dot_)net>; Tue, 13 Jan 2004
10:22:59 -0500
(EST)
Received: from zkhaktrf (ti531110a001-0045.dialup.online.no [130.67.177.45])
by mail47.fg.online.no (8.9.3p2/8.9.3) with SMTP id PAA10301;
Tue, 13 Jan 2004 15:43:29 +0100 (MET)
Date: Tue, 13 Jan 2004 15:43:29 +0100 (MET)
Message-Id:
<200401131443(_dot_)PAA10301(_at_)mail47(_dot_)fg(_dot_)online(_dot_)no>
From: "network email service" <mmailrobot(_at_)america(_dot_)net>
To: "Network Client" <receiver(_at_)smtpdomain(_dot_)com>
SUBJECT: Abort Advice
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="peilxlar"
X-Virus-Found: Yes
X-Spam-Status: No, hits=3.9 required=5.0
tests=BAYES_90,HTML_30_40,MICROSOFT_EXECUTABLE,MIME_HTML_ONLY,
MIME_SUSPECT_NAME
version=2.55
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
Status: RO
Content-Length: 144345
Lines: 1890
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
[-- text/html is unsupported (use 'v' to view this part) --]
All remarks are welcome.
Matt
--
My public key:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x8D10BFD5
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail