On Thu, Feb 12, 2004 at 07:41:50AM -0800, Gary Funck wrote:
BTW, I think you would prefer the -i flag to the clamscan test.
If there is no virus, you're not using the result, which without
that flag is "OK".
I use the following, btw:
:0
* B ?? ! ? clamscan -i --disable-summary -
{
MYEXIT = $?
:0: # positive exit codes other than 1 are problems
* -1^0
* $ $MYEXIT^0
PROBLEM
:0:
MYVIRUS
}
I like this approach, but we are missing the X-Virus-Status: header
that says what kind of virus was found, that was present in the
original example.
Yes, I realize that. I was just giving another way to go for
those looking around at using clamscan; and thinking you could
pick up on using some of the exitcode stuff.
Basically, I see no reason to include the header only to then
add the --mbox option to the clamscan command in order to
strip it off again. And I don't redirect the result from
stderr to stdout, because by keeping it stderr, it shows up
in my log.
Not sure what you mean here. Here's the original example:
:0 wic
You don't want the c flag, btw. It is extraneous to a non-
delivering recipe, of which this is one. I'm also trying to
decide if you want the i flag, but I can't remember the right
answer.
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout -
What I meant is this: clamscan's --mbox option is needed for
mbox-style input, i.e., a header set followed by a space
followed by a body that we suspect might contain the virus.
The virus isn't in the header set, obviously. If, otoh, you
just feed clamscan the body, then you no longer need the --mbox
option at all.
In my sample code, I did just that; albeit on the condition
line, as a test, rather than on the "action" line. I would
think you would get the same result as you are now with this:
:0 wib
VIRUS=| clamscan -i --disable-summary --stdout -
I can't test it, though, because clamscan is compiled poorly on
our system and not all the manner of running it work right for
feeding stdin to it.
:0 hfw
* VIRUS ?? ^.*: \/.* FOUND
| formail -A "X-Virus-Status: yes, $MATCH"
:0 E hfw
| formail -A "X-Virus-Status: no"
If we use the -i option to clamscan, then if there's not a poz exit
code, $VIRUS won't contain anything. So:
:0 hfw
| formail -A "X-Virus-Status: ${VIRUS:-no}"
should probably work. Also, if there is no $VIRUS var after running
clamscan with -i, then the exit status was zero. (I managed to
get exit status codes of 60 and 74 trying to test things with
a badly compiled clamscan, so I know that on positive exit codes,
$VIRUS will say something.) :-) I mention this merely as one
other way to go about deciding what to test the exit status of.
I.e., $VIRUS set non-null implies some positive exit status;
and if it's 1, clamscan found a virus.
I guess you're saying that by default clamscan will add a header,
unless the --mbox switch is present?
Nope. I'm saying you're sending it the email header explicitly, only
then to ask it to strip that off as an action of clamscan's execution.
By declining to send the header in the first place, you are both
decreasing the size of the pipe and making clamscan have to do less
work.
However, clamscan seems to compile problematically on some systems.
Another person trying it out on a different system could not get
my above code to work, although when I suggested to him he try
* HB ?? ! ? clamscan -options --mbox -
it did work. Contrarily, on my (NetBSD) system, that *doesn't* work.
So be forewarned that testing is particularly relevant here.
--
dman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail