procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Real Virus Scanner

2004-02-13 11:48:46
from [Bob George] [Permanent Link] 
Scott Wiersdorf <scott(_at_)perlcode(_dot_)org> wrote:

On Fri, Feb 13, 2004 at 12:14:10AM +0100, Dallman Ross wrote:

In my sample code, I did just that; albeit on the condition
line, as a test, rather than on the "action" line.  I would
think you would get the same result as you are now with this:

   :0 wib
   VIRUS=| clamscan -i --disable-summary --stdout  -

[...]
I can confirm this works (at least on my system). Piping only
the body and removing the --mbox option still scans correctly.


This is maddening. Now I can't get it to work with 'w' at all. Here's what I'm
running:

# uname -a
Linux server.ttlexceeded.com 2.4.20-686-smp #1 SMP Mon Jan 13 23:06:41 EST 2003
i686 GNU/Linux
# procmail -v
procmail v3.22 2001/09/10
[...]
# spamassassin -V
SpamAssassin version 2.63

With VERBOSE=on, I see: Program failure (1) of "clamscan" when using that line
(including variations of adding the full path to clamscan).

When I use:

        :0 wib
        VIRUS=|/usr/bin/clamscan -i --disable-summary --stdout  -
or
        :0 wib
        VIRUS=|/usr/bin/clamscan -i --disable-summary --stdout  -

I get procmail: Skipped "Worm.Gibe.F FOUND" (or similar) messages from
clamscan/clamdscan. Clearly I'm doing something silly with procmai, and it's
interpreting the result a path (?)

With:

        :0 wib
        VIRUS=`/usr/bin/clamscan -i --disable-summary --stdout  -`

I get results like:


From XXX  Fri Feb 13 13:08:58 2004

 Subject: RE: OPST vs CEH
  Folder: VIRUS=

If found that:

        :0
        VIRUS=|/usr/bin/clamdscan --mbox --disable-summary --stdout  -

or just:

        VIRUS=`/usr/bin/clamscan -i --disable-summary --stdout  -`

work. I'm happy, but I do want to understand what I'm doing wrong. Is there a
major adantage or disadvantage to either of these? Why won't the w (with or
without i,b) work consistently?

I don't want to beat this to death, but I'm trying to figure out why my results
seem to vary so much from what "should" work with procmail.

Lest Dallman and others think I'm ignore your excellent suggestions for
optimizing procmail performance, I'm deliberately taking a path that might not
be as efficient, but that provides some extra logging for gathering stats, etc.
This, I'd ideally have a header which indicates whether or not a virus is
detected.

Thanks,

- Bob




_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [pro] Re: Real Virus Scanner, Dallman Ross
Next by Date:  Re: Real Virus Scanner, David W. Tamkin
Previous by Thread:  Re: [pro] Re: Real Virus Scanner, Dallman Ross
Next by Thread:  Re: Real Virus Scanner, Dallman Ross
Indexes:  [Date] [Thread] [Top] [All Lists]