procmail
[Top] [All Lists]

Re: pipe through clamav problem

2006-02-25 15:38:46
On Sat, Feb 25, 2006 at 11:05:41PM +0100, Raphael Brunner wrote:

I try for a long time to filter my incoming mails through clamav,
but I don't understand why it don't funktion.

the idea is, a recipe, that scan the mail for virus and, if , set
a headerline and move the mail to a special mailbox to watch and
delete after.


      :0 fhw
      * ? formail -b | /usr/bin/clamscan --stdout --quiet -
      {
              :0 fhw
              | formail -i "X-Filtered: by ${HOST}, recipe: ${FILENAME}-0010 
(ClamAV)"
              
              :0
              995-viruses/
      }

First, I don't think you want your outside recipe
to be a filtering recipe.  You certainly don't want
to send only the header to clamscan.

Here is a recipe set I have used in the past that works
as a separate INCLUDERC.  (If you put it in your main
rcfile, you will want to change the top recipe so it
doesn't invoke SWITCHRC!):

----------------------------------------------------
  :0  # don't bother calling clamscan if neither condition true
  * ! ^Content-Type:.*(attachment|multipart)
  * ! ^FROM_MAILER
  { SWITCHRC }

  NL = '
' VIRUS = ${VIRUS:-${TRASH:-VIRUS}}

  CS_OUT=`clamdscan --mbox --no-summary --stdout -`
  CS_EXIT = $?

  :0:  # look for any clamscan problems ( exit code > 1 )
  *          -1^0
  * $  $CS_EXIT^0
  clamscan_problem
 
  :0 D  # capture right side of var; isolate virus name
  * CS_OUT ?? : \/.* FOUND$
  * MATCH  ?? ^^\/.* ()
  # below brackets contain a caret, a space, and a tab
  * MATCH  ?? ^^\/.*[^  ]
  {
      LOG = "$NL Clamscan identified $MATCH $NL"

      :0 fw h  # attach an X-header telling us what matched
      | formail -I "X-Clamscan: $MATCH"

      :0:  # leave off second ':' for maildir/directory saves
      $VIRUS
  }


-- 
dman


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>