Hi all,
I'm using the procmail recipe below (from the archives) to call clamscan. For
some reason it's not very accurate. Netsky slips by easily, most viri,
actually. The only stuff that seems to get caught are Worm.Gibe.F and
Exploit.IFrame.Gen
Now I've heard very good things about clamscan for mail scanning (with
products like mailscanner and amavis) so I expect that maybe my recipe has a
fault? Any ideas?
Thank you
:0 # look for possible viral transporters before calling clamscan
* 9876543210^0 ^Content-Type:.*(attachment|multipart)
* 9876543210^0 ^FROM_MAILER
{
:0
SC_OUT=| clamscan --stdout --unzip --log=/var/log/clamscan.log -
CS_EXIT = $?
:0: # look for any clamscan problems ( exit code > 1 )
* -1^0
* $ $CS_EXIT^0
clamscan_problem
MATCH
:0 D # capture right side of var; isolate name of any virus
* SC_OUT ?? : \/.*
* MATCH ?? ^^\/.* FOUND^^
* MATCH ?? ^^\/.* ()
* MATCH ?? ^^\/.*[^ ]
{ LOG = "$NL ClamScan identified $MATCH $NL" }
:0 fw # attach an X-header telling us what matched
| formail -I "X-Clamscan: $MATCH"
:0:
* ! MATCH ?? ^^OK^^
/home/virusbox/Maildir/.viri/
}
--
Kind regards
Hans du Plooy
Newington Consulting Services
hansdp at newingtoncs dot co dot za
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail