procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: clamavd & procmail

2004-03-03 13:08:43
from [Martynas Buozis] [Permanent Link] 
Hello

I managed to solve my problem. I found out, that program exits with code 1
instead of 0 when virus is identified. So procmail restores original
message. Can somebody tell me why ":0 fW" was not ignoring erro code ???

Now I found another problem. In some cases procmail is changing line "From
..." to ">From ....". Why it happens ?

Here are my investigations :

I have file test1 with an email inside. First two lines are :

$ head -2 test1

From relygirrowd(_at_)tiggerfan(_dot_)com  Wed Mar  3 11:27:25 2004

Return-Path: <relygirrowd(_at_)tiggerfan(_dot_)com>

I proccess this email with clamdmail directly (to be sure it is not
clamdmail problem). Clamdmail just adds 2 lines :

$
/usr/local/clamav/bin/clamdmail --admin=root(_at_)mmlab(_dot_)ktu(_dot_)lt 
--mta=/usr/local/c
lamav/bin/sendmail --quar=/tmp < test1 | head -4
X-Virus-Scan: Scanned by clamdmail 0.14 on rs6k (no viruses);
  Wed, 03 Mar 2004 21:17:36 WET

From relygirrowd(_at_)tiggerfan(_dot_)com  Wed Mar  3 11:27:25 2004

Return-Path: <relygirrowd(_at_)tiggerfan(_dot_)com>


Now I create test procmailrc file :

$ cat testrc
:0fw
|
/usr/local/clamav/bin/clamdmail --admin=root(_at_)mmlab(_dot_)ktu(_dot_)lt 
--mta=/usr/local/c
lamav/bin/sendmail --quar=/tmp

:0:
test
$

And test it with same file :

$ cat ./test1 | /usr/local/procmail/bin/formail -q- -s
/usr/local/procmail/bin/procmail -tm VERBOSE=on ./testrc
procmail: [25300] Wed Mar  3 21:18:36 2004
procmail: Assigning "MAILDIR=."
procmail: Rcfile: "./testrc"
procmail: Executing
"/usr/local/clamav/bin/clamdmail,--admin=root(_at_)mmlab(_dot_)ktu(_dot_)lt,--mta=/usr/local/
clamav/bin/sendmail,--quar=/tmp"
procmail: [25300] Wed Mar  3 21:18:37 2004
procmail: Locking "test.lock"
procmail: Assigning "LASTFOLDER=test"
procmail: Opening "test"
procmail: Acquiring kernel-lock
procmail: [25300] Wed Mar  3 21:18:38 2004
procmail: Unlocking "test.lock"
 Subject: **SPAM: Re: Your Free Pay-Per View
  Folder: test
2545
$

In folder test email is changed :

$ head -4 test
X-Virus-Scan: Scanned by clamdmail 0.14 on rs6k (no viruses);
  Wed, 03 Mar 2004 21:18:37 WET

From relygirrowd(_at_)tiggerfan(_dot_)com  Wed Mar  3 11:27:25 2004

Return-Path: <relygirrowd(_at_)tiggerfan(_dot_)com>


This problem isn't same always - just for some mails (don't know how to
identify mail that will have wrong From line). Why is it happening ? Thank
you for your valuable responses.


With best regards
Martynas Buozis



----- Original Message ----- 
From: "Martynas Buozis" <martynas(_at_)ti(_dot_)com>
To: <procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE>
Sent: Wednesday, March 03, 2004 12:48 PM
Subject: clamavd & procmail



Hello

I have one problem with procmail that I can't solve and can't find
information about how it can be solved. Also I am not very experienced

with

procmail, so please excuse me for a question possible from FAQ or smth.


I have clamdmail  program installed and functioning. It scans mail for
viruses via clamd daemon. If virus is not found, so it  add this

information

into the mail :

X-Virus-Scan: Scanned by clamdmail 0.14 on rs6k (no viruses);
  Wed, 03 Mar 2004 12:41:20 WET

If virus was found original email is stored in quarantine and warning

email

is generated by clamdmail instead of original email (it changes both

headers

and body completely).

I have this rule in /etc/procmailrc :

:0 fw
|


/usr/local/clamav/bin/clamdmail --admin=postmaster --mta=/usr/local/clamav/b

in/sendmail --quar=/var/spool/quarantine/

And this rule is working fine when email without virus arrives. But if

virus

is detected (I know this because I am getting mail from clamdmail into
postmaster's mailbox and also message is stored in /var/spool/quarantine/)
then email is arriving into mailbox as it is - no "X-Virus-Scan:" line at
all is seen inside message headers, while there must be at least

information

what virus was found in X-Virus-Scan tag.

I think, that procmail somehow ignores email returned by clamdmail and
reverts back to original file in case when virus is detected (and original
email is replaced by clamdmail generated).

I also tried several various options, like "fW", "fbhiW". Also I tried to
forward email via formail :

:0 fw
|


/usr/local/clamav/bin/clamdmail --admin=postmaster --mta=/usr/local/clamav/b

in/sendmail --quar=/var/spool/quarantine/ |

/usr/local/procmail/bin/formail


This would work fine ! But  formail is commenting line "From ...." even
if -b option is appended and message appear in mailbox file in wrong

format.


What I am doing wrong here ? I suppose there must be method to configure
procmail in right way, when clamdmail is doing right job when I test it
manually ?

Thank you for your kind help.



With best regards
Martynas





_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Recipe Optimization., multimedia-fan
Next by Date:  Re: clamavd & procmail, Martynas Buozis
Previous by Thread:  clamavd & procmail, Martynas Buozis
Next by Thread:  Re: clamavd & procmail, Martynas Buozis
Indexes:  [Date] [Thread] [Top] [All Lists]