procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Clam through procmail.

2004-05-24 05:12:35
from [Hans du Plooy] [Permanent Link] 
Hi all,

A while ago someone posted a link to the archives to a description of how to 
use clamscan through procmail.  Dallman Ross gave this recipy:

   :0  # look for possible viral transporters before calling clamscan
   *  9876543210^0  ^Content-Type:.*(attachment|multipart)
   *  9876543210^0  ^FROM_MAILER
   SC_OUT=| clamscan --mbox --disable-summary --stdout -
   {
        CS_EXIT = $?

        :0:  # look for any clamscan problems ( exit code > 1 )
        *          -1^0
        * $  $CS_EXIT^0
        clamscan_problem

        MATCH
        :0 D  # capture right side of var; isolate name of any virus
        * SC_OUT ?? : \/.*
        * MATCH  ?? ^^\/.* FOUND^^
        * MATCH  ?? ^^\/.* ()
        * MATCH  ?? ^^\/.*[^ ]
        { LOG = "$NL ClamScan identified $MATCH $NL" }

        :0 fw  # attach an X-header telling us what matched
        | formail -I "X-Clamscan: $MATCH"

        :0:
        * ! MATCH ?? ^^OK^^
        CLAMSCAN_POZZIES
   }

With this included, I get the following header for all mail that has 
attachments, be they viral or not:

X-Clamscan: Access denied.

I assume this means clam cannot scan the file or extract the attachment from 
the mail?  I have the metamail package installed - is there anything else 
that's necessary.  This is running on Debian Woody, with some of the 
packports included (procmail and postfix, amongst others).  Clamscan is v0.7.  
Here's the relevant stuff from the procmail log.

procmail: [1521] Mon May 24 13:18:44 2004
procmail: Assigning "SENDER="
procmail: Assigning "SHIFT=1"
procmail: No match on "^X-BitDefender-Scanner: Infected"
procmail: No match on "^X-Virus-Status: Yes"
procmail: Missing action
procmail: Score: 2147483647 2147483647 "^Content-Type:.*(attachment|
multipart)"
procmail: Assigning "SC_OUT="
procmail: Executing "clamscan,--mbox,--disable-summary,--stdout,-"
procmail: [1521] Mon May 24 13:18:47 2004
procmail: Assigning "CS_EXIT=0"
procmail: Score:      -1      -1 ""
procmail: Score:       0      -1 ""
procmail: Assigning "MATCH"
procmail: Assigning "MATCH="
procmail: Matched "Access denied."
procmail: Match on ": \/.*"
procmail: No match on "^^\/.* FOUND^^"
procmail: Executing "formail,-I,X-Clamscan: Access denied."

Any ideas?
Thank you
-- 
Kind regards
Hans du Plooy
Newington Consulting Services
hansdp at newingtoncs dot co dot za

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Attachments to the list + good spam info Was: Re: What is the most efficient way to query an RBL?, Michelle Konzack
Next by Date:  Re: Clam through procmail., Dallman Ross
Previous by Thread:  Softlabs AV, Hans du Plooy
Next by Thread:  Re: Clam through procmail., Dallman Ross
Indexes:  [Date] [Thread] [Top] [All Lists]