[xmail] Re: still on clamav and xmail...

Fri, 21 Oct 2005 06:03:08 -0700 

Jeffrey Laramie wrote:

>On Friday 21 October 2005 06:01, jonn ah wrote:
>  
>
>>hi all,
>>
>>Can anybody tell me which av filters (clamav) works on
>>xmail?  I followed chris franklin's  directions on his
>>av filter with xmail but it doesnt detect eicar's test
>>virus when i send it thru xmail...
>>    
>>
>
>This page has a list of XMail filters at the bottom. Check out the links to 
>see which AV programs they support:
>
>http://www.ubaight.com/xmail/index.html
>
>If you're using Lindeman's Antivirus Filter there are instructions for Linux 
>here:
>
>http://www.ubaight.com/xmail/xmailhandbook.html#Lindeman
>
>Jeff
>-
>To unsubscribe from this list: send the line "unsubscribe xmail" in
>the body of a message to [EMAIL PROTECTED]
>For general help: send the line "help" in the body of a message to
>[EMAIL PROTECTED]
>
>  
>

I don't mean to be rude or anything. But if the script isn't catching 
virus' right then you probably don't have have

A) ClamD running and configured right
B) You don't have the script installed right

Heres the log from the test virus' I just sent

Fri Oct 21 08:50:21 2005 -> /tmp/msrva5bfdbb0.16f90.tmp: 
Eicar-Test-Signature FOUND
Fri Oct 21 08:51:05 2005 -> /tmp/msrva5bfdbb0.1701d.tmp: 
Eicar-Test-Signature FOUND
Fri Oct 21 08:51:25 2005 -> /tmp/msrva5bfdbb0.1705b.tmp: 
Eicar-Test-Signature FOUND
Fri Oct 21 08:52:25 2005 -> /tmp/msrva5bfdbb0.17111.tmp: 
Eicar-Test-Signature FOUND
Fri Oct 21 08:56:11 2005 -> /tmp/msrva5bfdbb0.173bb.tmp: 
Eicar-Test-Signature FOUND

The Script is to simple to really cuase any problem

[Code]
#!/bin/bash
### Config
File=$1
RejFile=$File".rej"
RemoteAddress=$2
Authuser=$3
timestamp=`date +%s`
date=`date +%Y%m%d000`
nowtime=`date +%r`

### Doing Stuff
ClamAV='clamdscan --no-summary --stdout '
run=`$ClamAV $File`
Found=`echo "$run" | awk '{print $3}'`
Virus=`echo "$run" | awk '{print $2}'`

### Log
echo "$nowtime  $RemoteAddress  $Authuser       $Virus" >> 
/var/MailRoot/logs/anti-virus-$date

### Exiting
if [ $Found ]; then
 echo "550     Virus : $Virus Found in Email   "  > $RejFile
 exit 3
fi
[/Code]

And the Filter code is just as easy.

/var/MailRoot/filters.post-data.tab

[Code]
"/var/MailRoot/filters/anti-virus.sh"   "@@FILE"        "@@REMOTEADDR"  
"@@USERAUTH"
[/Code]



-- 


-- Chris L. Franklin --

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

Reply via email to