Hi -
I successfully installed ClamAV on my Shell Account (I am on a shared
server and don't have privileges to integrate ClamAV in qmail or sendmail
or therelike).
So ... I want to call clamscan via procmail and basically it works
(someone on the NG of the hosting provider put it up there), but *if* a
mail contains a virus, this procmail rule starts looping indefinitely.
Somewhere is a flaw. I am posting the relevant section of my procmail-rule
and the procmail logfile. Maybe someone can tell me what the problem is
and how to fix it.
Also, I would like to change the procmail rule to not discarding the mail,
i.e., not putting it to /dev/null, but to keeping a copy in a special
folder (do I need to change the EXITCODE for this purpose). Moreover, is
there a way of not having to put any incoming mail in this file,
"preprocess" in my configuration?
If anyone has a working procmail rule, please, share it with me or point
me to a site where this is explained.
So, here is my procmail rule:
---BOF---
## ANTIVIRUS SCANNER
SHELL = /usr/local/bin/ksh
LOG="ANTIVIRUS$EOL"
MAILDIR=$HOME/mail/incoming
ADMIN = [EMAIL PROTECTED]
BACKUPDIR = $HOME/mail/backup/antivirus/preprocess
VIRUSDIR = $HOME/mail/backup/antivirus/viruses
CLAM = /usr/home/hiebaum/bin/antivirus/clamav-0.54
CLAMDB = $CLAM/database
CLAMTMP = "--tempdir $BACKUPDIR"
CLAMOPT = "--stdout --infected --disable-summary --unzip --tgz --mbox - "
VIRUS_SCAN = "$CLAM/clamscan/clamscan -d $CLAMDB $CLAMTMP $CLAMOPT"
:0 c
$BACKUPDIR
CURRENT_MESSAGE = $LASTFOLDER
#------------------------------------------------------------------
# VIRUS CHECK
#------------------------------------------------------------------
:0 f
* VIRUS_SCAN ?? ^^^^
| formail -A"X-Virus: Virus Scan unavailable"
:0 E
{
DUMMY=`$VIRUS_SCAN < $CURRENT_MESSAGE | cut -f2 -d " "`
:0 f
* DUMMY ?? ^^^^
| formail -A"X-Virus: Virus Scan Complete: Message OK"
:0 E
{
:0 f
| formail -A"X-Virus: Virus Found: ($DUMMY)"
:0 c
$VIRUSDIR
ORIGINAL = $LASTFOLDER
# Send a note to the administrator about the virus that was found...
:0 hcw
* ! ADMIN ?? ^^^^
| ( echo "To: $ADMIN" ; \
echo "Subject: Virus detected in mail sent to your domain" ; \
echo "The mail has been quarantined; it is stored at: " ; \
echo " $ORIGINAL" ; \
echo "The headers of the mail are as follows:" ; \
echo "------------------------------------------------->>>" ; \
cat - ) | /usr/sbin/sendmail -t
EXITCODE = 99
:0
/dev/null
}
}
---EOF---
... and the log:
---BOF---
procmail: Assigning "[EMAIL PROTECTED]"
procmail: Assigning"BACKUPDIR=/usr/home/hiebaum/mail/backup/antivirus/preprocess"
procmail: Assigning "VIRUSDIR=/usr/home/hiebaum/mail/backup/antivirus/viruses"
procmail: Assigning "CLAM=/usr/home/hiebaum/bin/antivirus/clamav-0.54/"
procmail: Assigning "CLAMDB=/usr/home/hiebaum/bin/antivirus/clamav-0.54//database"
procmail: Assigning "CLAMTMP=--tempdir
/usr/home/hiebaum/mail/backup/antivirus/preprocess"
procmail: Assigning "CLAMOPT=--stdout --infected --disable-summary --unzip --tgz
--mbox - "
procmail: Assigning
"VIRUS_SCAN=/usr/home/hiebaum/bin/antivirus/clamav-0.54//clamscan/clamsca$
procmail: Assigning "LASTFOLDER=/usr/home/hiebaum/mail/backup/antivirus/preprocess"
procmail: Opening "/usr/home/hiebaum/mail/backup/antivirus/preprocess"
procmail: Acquiring kernel-lock
procmail: Assigning
"CURRENT_MESSAGE=/usr/home/hiebaum/mail/backup/antivirus/preprocess"
procmail: No match on "^^^^"
procmail: Executing "$VIRUS_SCAN < $CURRENT_MESSAGE | cut -f2 -d " ""
procmail: Assigning "DUMMY=Can't"
procmail: No match on "^^^^"
procmail: Executing "formail,-AX-Virus: Virus Found: (Can't)"
procmail: Assigning"LASTFOLDER=/usr/home/hiebaum/mail/backup/antivirus/viruses"
procmail: Opening "/usr/home/hiebaum/mail/backup/antivirus/viruses"
procmail: Acquiring kernel-lock
procmail: Assigning "ORIGINAL=/usr/home/hiebaum/mail/backup/antivirus/viruses"
procmail: Match on ! "^^^^"
procmail: Executing " ( echo "To: $ADMIN" ; \
echo "Subject: Virus detected in mail sent to your domain" ;\
echo "The mail has been quarantined; it is stored at: " ;\
echo " $ORIGINAL" ;\
echo "The headers of the mail are as follows:" ;\
echo "------------------------------------------------->>>" ;\
cat - ) | /usr/sbin/sendmail -t"
procmail: Assigning "LASTFOLDER= ( echo "To: $ADMIN" ; \
echo "Subject: Virus detected in mail sent to your domain" ;\
echo "The mail has been quarantined; it is stored at: " ;\
echo " $ORIGINAL" ;\
echo "The headers of the mail are as follows:" ;\
echo "------------------------------------------------->>>" ;\
cat - ) | /usr/sbin/sendmail -t"
procmail: Assigning "EXITCODE=99"
procmail: Assigning "LASTFOLDER=/dev/null"
procmail: Opening "/dev/null"
procmail: Notified comsat: "[EMAIL PROTECTED]:/dev/null"
>>From [EMAIL PROTECTED] Sat Mar 22 14:12:50 2003
Subject: Forwarded mail....
Folder: /dev/null
---EOF---
Thanks in advance!
--
CU, Niki
*Draft beer, not people*
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
