Matthew Cline wrote:
For those of you who are using SA with procmail, and also want to do virus filtering, you can install/config ClamAV (http://www.clamav.net/), then add these lines to your procmailrc file:
:0wc | clamdscan -
:0efw | formail -b -f -t -I "X-Clamav-status: yes"
This will add "X-Clamav-status: yes" to anything message that is found to have a virus, of causes clamdscan to generate an error. Someone who's better at procmail than I could change the ":0efw" rule so that it only goes into effect if the return code of "clamdscan" is 1 (0 = no virus, 1 = virus, 2 = error).
Matthew,
I spent some time working with exactly this (calling clamdscan directly from procmail) and ran into some inconsistencies. In some (brief) research. Apparently, there are some issues (perhaps best discussed on the clamav list) calling clamdscan to check stdin.
When I fed test messages in via procmail, all seemed OK. But "clamdscan - < testmessage" wasn't always consistent. At least enough so I wasn't comfortable using that approach. Have you tested this thoroughly? Instead, I'm sticking to wrapper scripts to extract files, then scan. (I'm also using f-prot for cross-checking).
The whole ugly saga can be found in the archives for this and the procmail lists. :(
Don't get me wrong. Clamav is a WONDERFUL tool. There just seem to be caveats about using to scan mail files -- perhaps with varying encodings? -- via stdin, and with the --mbox option.
- Bob
