Re: How to generate a virus warning to the recipient(s)?

Thanks for your answer, but I'm having problem with some explanations. 
For easier understanding I put some logging below.
Every user has his own .procmailrc. Here is the interesting part:

INCLUDERC=${SBDIR}/sb.rc

###### Virus #####
:0bfi
* ^(X-SBCLASS: Virus|X-Virus-Status: Yes)
| /usr/bin/head -n 0 && echo "Mail body was deleted because of a virus"

:0:
* ^(X-SBCLASS: Virus|X-Virus-Status: Yes)
| ${FORMAIL} -A"X-Folder: Virus" >>${VIRUSFOLDER}

-

The problem here is not the echo text, it's simply not inserted when the 
mail has an attachement.
For example, I mailed myself a "w32.netsky.p" virus. The procmail log says:

Assigning "DANGEROUS=yes"
procmail: Match on "yes"
procmail: No match on "yes"
procmail: Executing "/usr/bin/formail,-AX-SBClass: Virus"
procmail: No match on "FILE"
procmail: No match on "MH"
procmail: No match on "yes"
procmail: No match on "yes"
procmail: No match on "yes"
procmail: No match on "yes"
procmail: Match on ! "yes"
procmail: Match on ! "yes"
procmail: No match on ! "yes"
procmail: Assigning "LINEBUF=4096"
procmail: No match on "yes"
procmail: Match on "^(X-SBCLASS: Virus|X-Virus-Status: Yes)"
procmail: Executing " /usr/bin/head -n 0 && echo "Mail body was deleted 
because of a virus""
procmail: Match on "^(X-SBCLASS: Virus|X-Virus-Status: Yes)"
procmail: Locking "/home/thiele/Viren.lock"
procmail: Executing " ${FORMAIL} -A"X-Folder: Virus" >>${VIRUSFOLDER}"
procmail: Assigning "LASTFOLDER= ${FORMAIL} -A"X-Folder: Virus" 
>>${VIRUSFOLDER}"
procmail: Unlocking "/home/thiele/Viren.lock"
procmail: Notified comsat: "thiele@:/home/thiele/ ${FORMAIL} 
-A"X-Folder: Virus" >>${VIRUSFOLDER}"
From thiele(_at_)tasknet(_dot_)de  Tue May 11 21:49:55 2004
Subject: hello
 Folder:  ${FORMAIL} -A"X-Folder: Virus" 
>>${VIRUSFOLDER}                  939
-

> Uhm, the VIRUSNAME bit has to do with having identified some sort of 
> potential virus/malware in the message (which is the purpose of that 
> rcfile).  However, in some cases, such things are identified by other 
> characteristics - SNOWWHITE for instance is flagged simply because of 
> the characteristic From: line.  How are you setting "VIRUSNAME" ?
I set the VIRUSNAME with spambouncer

> What happens when the recipe appears not to work?
Sorry, I just don' t know. I guess if the recipient doesn' t exist the 
mail won' t be delivered to a specific user. And because of not having a 
general /etc/procmailrc this won' t happen..
> > If the mails have an attachement the body will be cleaned but the 
> > echo text won' t be inserted. Instead an empty mail will be 
> > delivered. Does anybody have any suggestions on this?
>
> Yes - make sure you're not reporting a problem because you crammed 
> this recipe into your /etc/procmailrc and the problem is related to 
> users who have an inoperable SHELL.
What do you mean with an inoperable SHELL ? The users / recipients are 
just normal users on the system and they catch their mail with IMAP on 
their windows clients.
> If you use /etc/procmailrc, you should really define a temporary shell 
> to contend with actions which require a shell when the USER may not 
> actually have one.  Similarly, you should ensure that this shell (and 
> other variables you may have redefined) is reset when you leave the 
> /etc/procmailrc, so as to provide the user with a consistent environment.
> Do you have this problem when you run the recipe within a sandbox?  
> What do your VERBOSE logs have to say?
Sorry, but that part is heavy for me. How can I define a temporary shell 
? I think every user has his own working and defined shell and is able 
to execute commands. Overall, is it necessary to reset the shell when 
every user has his own procmailrc file?


Thank you very much for your support,
Oliver

> ---
>  Sean B. Straw / Professional Software Engineering
>
>  Procmail disclaimer: 
> <http://www.professional.org/procmail/disclaimer.html>
>  Please DO NOT carbon me on list replies.  I'll get my copy from the 
> list.
>
> _______________________________________________
> procmail mailing list
> procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
> http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail


--
_______________________________________________________
TASKNET
       IT-Systembetreuung und
       Awendungsentwicklung

       Ritterplatz 2
       90478 Nuernberg
       Tel.:  0911 / 210 41 44
       Fax:   0911 / 120 09 09
       info(_at_)tasknet(_dot_)de

Oliver Thiele
       Mobil: 0163 / 383 66 66
       thiele(_at_)tasknet(_dot_)de
_______________________________________________________ 

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail