On Mon, 11 Aug 2003 at 12:43:46 -0700, TwinsPop wrote:
> Ah. Found something that will help anyway: reformime from the maildrop
> package. (Referenced on the amavis page, which I started looking at
> after Tomasz's email.)
>
> % cat msg | reformime
> 1
> 1.1
> 1.2
>
> So there are 2 attachments. Check each one:
>
> % cat msg | reformime -e -s 1.1 | clamscan -
> <snip>
> % cat msg | reformime -e -s 1.2 | clamscan -
> <snip>
>
> Also, 'reformime -i' gives info about the contents of each attachment,
> so one could be more selective in what gets piped to clamscan.
>
> Not perfect, but do-able.
>
Accidentally, Bennett Todd sent today a message to clamav-devel (it
wasn't delivered to all recipients as it contained EICAR string
so AVs stopped it; then I forwarded it) which contains a tip for
decoding mail messages: 'uudeview'.
The Debian description:
Description: Smart multi-file multi-part decoder (command line)
This is a command-line decoder and encoder for files encoded with the
following formats: uuencode, xxencode, BASE64, quoted printable, and
BinHex.
I have never used this utility and don't know if it will give you more
than reformime does, but this is at least another solution.
Below is an excerpt from Bennett's message. The example of using
uudeview is in the following 3 lines but I'm quoting bigger fragment to
show it verbosely.
uudeview -i -a -m -f -t -d -s -q -n - <../full-message.mbox
cd ..
clamscan --quiet -r .
-------------------------------------------------------------------------
[ Start of quoting Bennett Todd ]
My current setup ends up using clamscan; it does it from this
wrapper, which I've nicknamed clamit:
#!/bin/sh
die(){ echo "$0: $*">&2; exit 1; }
tmp=/tmp/`basename $0`.$$
trap "rm -rf $tmp" 0 1 2 3
mkdir $tmp || die "mkdir $tmp failed"
cd $tmp
cat >full-message.mbox
mkdir unpack
cd unpack
uudeview -i -a -m -f -t -d -s -q -n - <../full-message.mbox
cd ..
clamscan --quiet -r .
exit $?
which in turn is called using this clause in my .procmailrc:
:0HB
* ! ? clamit
clamav/
[...]
-Bennett
[ End of quoting Bennett Todd ]
-----------------------------------------------------------------------
HIH
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
