I've been using formail, procmail and clamav to
disinect a 200 MB mailbox, and since last night it's
only processed 80 MB of mail so far. It's a 350 Mhz
box that I'm running it on, and clamav must be pretty
CPU intensive.
Somebody tipped me off to the following procmail
config, which filters on the Subject lines that the
zafi virus uses, and is pretty fast. In just a few
minutes I've saved 26 MB of non-zafi-infected email,
although much of what remains has other viruses and a
bunch of German language spam that I understand was
meant to influence the recent elections in Germany.
Using clamav to filter the viruses that remain in my
mailbox won't be so bad.
Here's the command line I used. 18jun2004.mbx is a
copy of my mail spool file that I made. After copying
it I truncated my mail spool. I emailed the following
info to my hosting service sysadmin so hopefully it
can get set up to filter the mail before I see it:
formail -s procmail -m ./zafi-kill.rc <
../18jun2004.mbx
Here's zafi-kill.rc:
:0
* ^Subject:.*Check this out kid
{
:0
/dev/null
}
:0
* ^Subject:.*You`ve got 1 VoiceMessage
{
:0
/dev/null
}
:0
* ^Subject:.*Don`t worry, be happy
{
:0
/dev/null
}
:0
* ^Subject:.*Jennifer
{
:0
/dev/null
}
:0
* ^Subject:.*David
{
:0
/dev/null
}
:0
GoodMail
I tested this at first with "/dev/null" replaced with
"VirusMail", and found that it successfully got all
the zafi-infected messages into the VirusMail file.
The command just finished running. I ran it at my
hosting service. I don't know how fast the machine
is, but it took ten or fifteen minutes to process a
429 megabyte file, with the GoodMail file now being 27
MB.
Thanks for all your help!
Mike Crawford
[EMAIL PROTECTED]
Tilting at Windmills for a Better Tomorrow.
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
