For funsies, I decided to play around with adding Eicar to my .sig. I was unsurprised that clamscan nailed it. I was surprised to find that Trend didn't, it allowed it through; apparently it doesn't flag Eicar within a normal text body, only as a separate file or attachment.
Is this business of flagging on Eicar within a text body intrinsic
to clamav, or is it a defect of the way I'm currently playing with
it?
My current setup ends up using clamscan; it does it from this
wrapper, which I've nicknamed clamit:
#!/bin/sh
die(){ echo "$0: $*">&2; exit 1; }
tmp=/tmp/`basename $0`.$$
trap "rm -rf $tmp" 0 1 2 3
mkdir $tmp || die "mkdir $tmp failed"
cd $tmp
cat >full-message.mbox
mkdir unpack
cd unpack
uudeview -i -a -m -f -t -d -s -q -n - <../full-message.mbox
cd ..
clamscan --quiet -r .
exit $?
which in turn is called using this clause in my .procmailrc:
:0HB
* ! ? clamit
clamav/
One might reasonably ask, why am I bothering with A/V, since I run
entirely on Unix and don't run susceptible MUAs; I added clamav to
my screening to help assist bogofilter, in this age of email worms.
-Bennett
[EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
pgp00000.pgp
Description: PGP signature
