On Wed, Feb 11, 2004 at 02:53:25PM -0800, Gary Funck wrote:
Thanks to Christopher's hint, I wound up with the following in procmailrc,
which seems to be working:
#======================================================
# clamav virus scan
#======================================================
:0 HB
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout -
The HB flags apply to conditions, of which you have none. By default
procmail pipes both h and b, so you can remove 'HB':
:0 HB
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout -
:0 Dfw
* VIRUS ?? ^.*: \/.* FOUND
| formail -A "X-Virus-Status: yes, $MATCH"
This could be made more efficient with an 'h', and 'D' is probably
unnecessary:
:0 hfw
* VIRUS ?? ^.*: \/.* FOUND
| formail -A "X-Virus-Status: yes, $MATCH"
:0 Efw
| formail -A "X-Virus-Status: no"
Same with this one:
:0 E hfw
| formail -A "X-Virus-Status: no"
Note that I tag infected messages, not dump them immediately, for gathering
stats. It seems to be catching the test infected messages I sent though just
fine. I probably need to dump --stdout as well, since it's not acting as a
filter.
Now -- IF mbox is a problem -- I could just send the BODY through with the
procmail B flag alone, and not use --mbox, right?
I'm not sure what heuristics clamav uses to decide mime parts, etc. It
may rely on certain MIME headers (though unlikely) to decide how to
parse the message. The best way is to just try it, I guess. Sandbox
applies.
Scott
--
Scott Wiersdorf
scott(_at_)perlcode(_dot_)org
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail