Re: Clam AntiVirus plugin for SpamAssassin 3.x

10 Nov 2004 02:36:57 -0000 

Troels Walsted Hansen wrote:

I created a small plugin using the new plugin API in SpamAssassin 3.x. The plugin connects to a local ClamAV server (through TCP) and checks the email for virus. If a virus is found, it returns a positive return code to indicate spam and sets the header "X-Spam-Virus: Yes ($virusname)".

Well sort of. The headers only get set if the message ends up being classified as spam. If you receive a virus from a whitelisted user, or in a message that would otherwise score less than -5.0 (at least with the default score CLAMAV 10), the X-Spam-Virus: Yes ($virus) header won't be added since the headers are only added to %headers_spam. Of course, clean messages won't have a header added in ham messages either.

Adding the "Virus" headers to the headers_ham hash, as in the attached file, correct this.

Otherwise a pretty cool plugin for those who can't for whatever reason do it another way.


Daryl 
package ClamAV;
use strict;
use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use File::Scan::ClamAV;
our @ISA = qw(Mail::SpamAssassin::Plugin);

sub new {
  my ($class, $mailsa) = @_;
  $class = ref($class) || $class;
  my $self = $class->SUPER::new($mailsa);
  bless ($self, $class);
  $self->register_eval_rule ("check_clamav");
  return $self;
}

sub check_clamav {
  my ($self, $permsgstatus, $fulltext) = @_;
  my $av = new File::Scan::ClamAV(port => 3310);
  my ($code, $virus) = $av->streamscan(${$fulltext});
  if(!$code) {
    my $errstr = $av->errstr();
    Mail::SpamAssassin::Plugin::dbg("ClamAV: Error scanning: $errstr");
    $permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = "Error 
($errstr)";
    $permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = "Error ($errstr)";
  } elsif($code eq 'OK') {
    Mail::SpamAssassin::Plugin::dbg("ClamAV: No virus detected");
    $permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = "No";
    $permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = "No";
  } elsif($code eq 'FOUND') {
    Mail::SpamAssassin::Plugin::dbg("ClamAV: Detected virus: $virus");
    $permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = "Yes ($virus)";
    $permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = "Yes ($virus)";
    return 1;
  } 
  return 0;
}

1;

Reply via email to