procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: (hbedv) antivir and procmailrc

2004-11-22 21:21:18
from [Bob George] [Permanent Link] 
Rainer Bendig aka Ny wrote:


[...]
While googling around i have only found clamav-procmail howtos but no
one with antivir.

It should scan files with exe,com,pif,scr and several other extensions
with a size larger than x bytes. Infected mail should go to a special
mailbox. Is there any -good- chance to get antivir working with
procmail but without SpamAssassin or a MTA?
I briefly checked out the antivir web site, and it sounds very similar to other antivirus programs I'm using under Linux, namely clamav, f-prot and bitdefender. I'm understanding that you want specifically to SCAN received files, and not simply block specific attachment types wholesale, is that correct? Assuming that's the case, here's the approach I've taken:
Due to problems with clamav reliably scanning mbox format messages in earlier versions, and the complete inability of the other two to handle raw messages, I simply modified James Lick's clamassassin script (http://drivel.com/clamassassin/) The script is generously GPL licensed, so you can freely modify it to suit your specific needs. In short, the script extracts an MIME message contents, scans the resulting files, and hands the results back to procmail for handling, much like spamassassin. I have the scripts insert a header based on results for later testing, but certainly more could be done. I redirect any infected message into a quarantine folder using procmail, based on the header contents.
Rather than try to keep up with an ever-changing list of "bad extensions", I simply scan EVERY incoming message with all three products. I've found a single, uniform wrapper for calling external programs keeps my procmail scripts from becoming tedious to maintain, though admittedly it's not a high-performance solution. Ease-of-maintenance, and the comfort of knowing EVERYTHING has been checked is far more important to me personally.
All that said, this really isn't a procmail solution. The actual wrappers are shell scripts. If you're interested, I'll happily send you my modified versions off list. 

- Bob



____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: (hbedv) antivir and procmailrc, Rainer Bendig aka Ny
Next by Date:  Re: Some ideas to improve performance, Bob George
Previous by Thread:  Re: (hbedv) antivir and procmailrc, Dallman Ross
Next by Thread:  OT: Licensing (Re: (hbedv) antivir and procmailrc), Bart Schaefer
Indexes:  [Date] [Thread] [Top] [All Lists]