OK, with the help of the good folks of this list I have produced this
version of my clamd.rc
My testing seems to indicate that it works. I have tried it with a good
message and with a malware infected one, with clamd running and with it
stopped, with a manufactured SELinux problem and without. It seems to
perform as expected in all those cases.
I post it in full here in the hope that the experts here can reassure me
that my poor knowledge of procmail has not left any gaping holes or
errors that will come back and bite me later...
Thanks again..
Mark
#################################################
#
# clamd.rc
#
# Clamd recipe Version 0.3
#
# Scan for viruses & malware
#
CLAMDSCAN=/usr/bin/clamdscan
CLAMDVERS=`${CLAMDSCAN} -V --stdout`
VIRUS=`${CLAMDSCAN} --no-summary --stdout -`
# If clamd is not running or there is another error:
:0
* VIRUS ?? ^ERROR
# If there is an error mark up the message and quit this rc
{
:0fw
| formail -b -f -t \
-I "X-Clamd-Status: Unkown" \
-I "X-Clamd-Report: ${VIRUS}"
# Deliver to Unknown Folder (for testing only)
# would normally drop through for further processing
:0 :
Malware/Unknown
}
:0 E
* VIRUS ?? ^.*: \/.* FOUND
{ STATUS=${MATCH}
# grab the subject, if any
:0
* ^Subject: \/.*
{ SUBJECT = "${MATCH}" }
# Set Virus status to YES, include the virus found,
# and add the Virus warning message
:0fw
| formail -b -f -t \
-I "X-Clamd-Status: Yes" \
-I "X-Clamd-Version: ${CLAMDVERS}" \
-I "X-Clamd-Report: ${STATUS}" \
-i "Subject: [Virus] ${SUBJECT}"
# Deliver to Virus Folder
:0 :
Malware/Virus
}
:0 fw
| formail -b -f -t \
-I "X-Clamd-Status: No" \
-I "X-Clamd-Version: $CLAMDVERS" \
# Deliver to OK Folder (for testing only)
# would normally drop through for further processing
:0 :
Malware/OK
}
signature.asc
Description: This is a digitally signed message part
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)de
http://mailman.rwth-aachen.de/mailman/listinfo/procmail