On Tue, Apr 13, 2004 at 10:27:52PM -0400, Brett I. Holcomb wrote:
I am currently using Thunderbird for mail but am switching to Pine with
fetchmail getting the mail and feeding it to procmail.
May I recommend mutt instead of pine (but okay).
clamscan in procmail doesn't find them. I have been emailing the junk
file to myself and then letting procmail filter them so it should find
them.
Why email them to yourself? Set up a test harness (Sean's sandbox,
about which read at the link in the .sig of any of his posts) is
fine. Or just use
formail -s procmail < mailfile
where "mailfile" must not be in the "line of fire" of procmail's output,
or you will loop.
Here's what is in my procmailrc file.
# Anti-virus check
#
# Scan it and get status.
:0
CLAMAVSTATUS=|/usr/bin/clamscan -
# Was a virus found - if so quarantine it.
:0
* CLAMAVSTATUS ?? ^.*: \/.* FOUND
$MAILDIR/quarantine
It's not catching things because you need the "--mbox"
switch in clamscan for files with mbox-style headers
above the putative virus payload.
Here is something that seems to be very nice, which I've had
sitting in my test harness for a couple of weeks:
:0 # look for possible viral transporters before calling clamscan
* 9876543210^0 ^Content-Type:.*(attachment|multipart)
* 9876543210^0 ^FROM_MAILER
SC_OUT=| clamscan --mbox --disable-summary --stdout -
{
CS_EXIT = $?
:0: # look for any clamscan problems ( exit code > 1 )
* -1^0
* $ $CS_EXIT^0
clamscan_problem
MATCH
:0 D # capture right side of var; isolate name of any virus
* SC_OUT ?? : \/.*
* MATCH ?? ^^\/.* FOUND^^
* MATCH ?? ^^\/.* ()
* MATCH ?? ^^\/.*[^ ]
{ LOG = "$NL ClamScan identified $MATCH $NL" }
:0 fw # attach an X-header telling us what matched
| formail -I "X-Clamscan: $MATCH"
:0:
* ! MATCH ?? ^^OK^^
CLAMSCAN_POZZIES
}
Enjoy!
--
dman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail