OK, the short answer is that the results seem to depend on clamscan itself, or
perhaps the version. By substituting clam(d)scan with another program (echo),
results varied.
The long version:
I tried a procmailrc with the following:
--- cut here --- cut here ---
LOGFILE=./testresults.log
LOGABSTRACT=all
VERBOSE=yes
COMSAT=no
DROPPRIVS=yes
[ test, see below ]
LOG="VIRUS is $VIRUS.
"
:0fw:
* VIRUS ?? : \/.* FOUND$
| formail -A "X-Virus-Status: Yes, $MATCH"
:0Efw:
* VIRUS ?? : OK$
| formail -A "X-Virus-Status: No"
:0
testresults.mbox
--- cut here --- cut here ---
I tried the following test combinations with the results noted, with WORKED
indicating the X-Virus-Status: header was set correctly:
Variation 1: WORKED
:VIRUS=`/usr/bin/clamscan --disable-summary --stdout -`
Variation 2: No.
:0 b
VIRUS=`/usr/bin/clamscan --disable-summary --stdout -`
Variation 3: No.
:0
VIRUS=`/usr/bin/clamscan --mbox --disable-summary --stdout -`
Variation 4: WORKED.
:0
VIRUS=|/usr/bin/clamscan --disable-summary --stdout -
Variation 5: No.
:0 w
VIRUS=|/usr/bin/clamscan --disable-summary --stdout -
Variation 6: No.
:0 W
VIRUS=|/usr/bin/clamscan --disable-summary --stdout -
Variation 7: No.
:0 Wb
VIRUS=|/usr/bin/clamscan --disable-summary --stdout -
Variation 8: WORKED
:0 b
VIRUS=|/usr/bin/clamscan --disable-summary --stdout -
Variation 9: WORKED
:0
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout -
Variation 10: No.
:0 W
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout -
--- cut here --- cut here ---
I also repeated the test, substitutng clamdscan for clamscan in each test, with
no changes in results. At this point, I decided to substitute echo for
clamscan, and EVERY TEST WORKED.
Based on what I'm seeing here:
1. Return values using shell expansion using backticks is causing problems with
clamav.
2. Any variation of Ww doesn't work with clamav.
So... the moral is, I suppose, to TEST CAREFULLY before implementing any
in-line anti-virus product. I really chased my tail on this one.
It's NOT PROCMAIL, it's NOT SPAMASSASSIN. It's CLAMAV (argh!).
- Bob
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail