procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

More clamav testing (results)

2004-02-13 15:39:13
from [Bob George] [Permanent Link] 
OK, the short answer is that the results seem to depend on clamscan itself, or
perhaps the version. By substituting clam(d)scan with another program (echo),
results varied.

The long version:

I tried a procmailrc with the following:

--- cut here --- cut here ---

LOGFILE=./testresults.log
LOGABSTRACT=all
VERBOSE=yes
COMSAT=no
DROPPRIVS=yes

[ test, see below ]

LOG="VIRUS is $VIRUS.
"
:0fw:
* VIRUS ?? : \/.* FOUND$
| formail -A "X-Virus-Status: Yes, $MATCH"

:0Efw:
* VIRUS ?? : OK$
| formail -A "X-Virus-Status: No"

:0
testresults.mbox

--- cut here --- cut here ---

I tried the following test combinations with the results noted, with WORKED
indicating the X-Virus-Status: header was set correctly:

Variation 1: WORKED
:VIRUS=`/usr/bin/clamscan --disable-summary --stdout  -`

Variation 2: No.
:0 b
VIRUS=`/usr/bin/clamscan --disable-summary --stdout  -`

Variation 3: No.
:0
VIRUS=`/usr/bin/clamscan --mbox --disable-summary --stdout  -`

Variation 4: WORKED.
:0
VIRUS=|/usr/bin/clamscan --disable-summary --stdout  -

Variation 5: No.
:0 w
VIRUS=|/usr/bin/clamscan --disable-summary --stdout  -

Variation 6: No.
:0 W
VIRUS=|/usr/bin/clamscan --disable-summary --stdout  -

Variation 7: No.
:0 Wb
VIRUS=|/usr/bin/clamscan --disable-summary --stdout  -

Variation 8: WORKED
:0 b
VIRUS=|/usr/bin/clamscan --disable-summary --stdout  -

Variation 9: WORKED
:0
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout  -

Variation 10: No.
:0 W
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout  -

--- cut here --- cut here ---

I also repeated the test, substitutng clamdscan for clamscan in each test, with
no changes in results. At this point, I decided to substitute echo for
clamscan, and EVERY TEST WORKED.

Based on what I'm seeing here:

1. Return values using shell expansion using backticks is causing problems with
clamav.

2. Any variation of Ww doesn't work with clamav.

So... the moral is, I suppose, to TEST CAREFULLY before implementing any
in-line anti-virus product. I really chased my tail on this one.

It's NOT PROCMAIL, it's NOT SPAMASSASSIN. It's CLAMAV (argh!).

- Bob


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Real Virus Scanner, Bob George
Next by Date:  Re: More clamav testing (results), Bart Schaefer
Previous by Thread:  Multiline Received header not being matched, David Stone
Next by Thread:  Re: More clamav testing (results), Bart Schaefer
Indexes:  [Date] [Thread] [Top] [All Lists]