procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Virus scanning and defense-in-depth

2004-03-01 13:56:44
from [Bart Schaefer] [Permanent Link] 
On Mon, 1 Mar 2004, Bob George wrote:


The short answer is that clamav appeared to work when called directly
from procmailrc, but yielded inconsistent results.


But that was when piping to it, rather than invoking it on a tempfile
copy of the message, right?


VHEADER=`/usr/local/bin/vscan-clamav`

:0 fw
| formail -A "$VHEADER"

so I don't know if an INCLUDERC gains much for calling one.


It might avoid forking an extra shell to run the script.  That may not be
important.


However, if several are called -- normally for testing -- it makes good
sense. The only problem is it might not be clear WHERE headers are being
added that are tested later.


You can still follow the model of only setting variables in the
INCLUDERC'd file, and doing the header insertion in the main procmailrc.


For the procmail recipe solution, the command-line parameters
are replaced by assigning to a control variable before INCLUDERC.


Ah, OK. I had contemplated setting them in an /etc/.rc file and sourcing that
from the shell scripts. So in procmailrc, I could put:

VERBOSE="yes" (etc.)


Except that VERBOSE already has special meaning to procmail: yes, exactly.


Here's what's in the scripts:

REPORT=`mktemp -p /tmp -t vscan-${SHORTNAME}-report-XXXXXX` || exit 2
SCANDIR=`mktemp -d -p /tmp -t vscan-${SHORTNAME}-XXXXXX` || exit  2

mktemp returns an error exit code on failure, and prints the temp
file/directory name to STDOUT otherwise. Can I grab STDOUT AND test the
exit code in procmail directly?


Something like this:

REPORT=`mktemp -p /tmp -t vscan-${SHORTNAME}-report-XXXXXX`
STATUS=$?
:0
* ! STATUS ?? ^^0^^
{
 STATUS=2
 SWITCHRC
}

However, you might just want to let procmail create the filenames rather
than resort to mktemp.  (Do some of the scanners really require an entire
private *directory* in which to work, rather than just a unique file to
work on?)


I want different SCANDIRS to be used for each instance so they several
can run simultaneously (scans can take a few seconds). I recall that I
can set EXITSTATUS in procmail with a value, then HOST so procmail will
indicate a delivery failure, and that the message should be requeued.


It's EXITCODE, but yes.  Replace STATUS and SWITCHRC above with EXITCODE
and HOST if that's what you want.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: assigning variable while doing test, Professional Software Engineering
Next by Date:  Re: assigning variable while doing test, Bart Schaefer
Previous by Thread:  Re: Virus scanning and defense-in-depth, Bob George
Next by Thread:  Re: Virus scanning and defense-in-depth, Bob George
Indexes:  [Date] [Thread] [Top] [All Lists]