On Sun, 10 Aug 2003 at 12:23:39 -0700, TwinsPop wrote: > How best to grab attachments from email msgs? My first hopeful attempt > was to pipe the msgs right into clamscan, but apparently it doesn't > handle encoded email attachments. :-/ (Please correct me if I'm wrong!)
With "--mbox" option clamscan does handle attachments. At least it should. I mean that sometimes it seemingly somehow doesn't properly decode attachments. It isn't critical with scanning mail in transfer as amavis* does all this processing well. Apart from --mbox, other options may be needed (-r, _maybe_ --unzip and so on (sorry, this isn't clear for me whether --unzip is really needed or whether clamscan defaults to unzipping by itself - someone please correct me if I'm wrong)). > I've played with a few command line utils, but none handle multiple > attachments well. Ideally, I'd like to be able to: > > some_decode_script msg.txt | clamscan - > > But maybe that wouldn't work so well with multiple attachments. So maybe > this: > > some_decode_script2 msg.txt > > and the script handles calling clamscan for each attachment, returning a > number for which attachment had the cooties. > > I don't want to re-invent the wheel. If you have any suggestions, please > share! > > Thanks, > jon Personally, I use a good text editor like vi for extracting encoded attachments. If you don't know what part of an email to extract for proper decoding, just ask me. Then I use 'mimencode' program for decoding files, like: 'mimencode -u encoded_file -o decoded_file' (rarely with -q option - when encoding is "quoted-printable" instead of "base64"). Then, having "normal" binary files, I hand them to clamscan (one may use --disable-summary option for shortness). Of course this method is very far from automation. More speedy would be to extract attachments using an up-to-date, recognised as safe, MUA (like mutt) (from unprivileged account of course, like all above vi, mimencode and so on processing). Then give files to clamscan as previously. Not automated method, either... sorry if you have known similar methods already; I know that you expected something better. HTH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
