Hello,
We are using a remote mail server by a 3rd party who don't have the best A/V
detection, so we want to scan incoming mails via the OTRS system. From a look
at the docs, I believe we want to use the technique used by spam assassin at
the bottom of this page: http://doc.otrs.org/3.0/en/html/email-receiving.html
The problem is, I cannot get clamdscan to return whatever OTRS expects for it
to ignore the email. Here is my setup from Config.pm:
$Self->{'PostMaster::PreFilterModule'}->{'1-ClamAV'} = {
Module => 'Kernel::System::PostMaster::Filter::CMD',
CMD => '/usr/bin/clamdscan --stdout -| grep "FOUND"',
Set => {
'X-OTRS-Ignore' => 'yes',
},
};
Assuming it is a stream, the output of the command is:
$ cat eicar.com.txt | clamdscan --stdout - | grep FOUND
stream: Eicar-Test-Signature FOUND
Unfortunately, nothing happens and the mails make it into OTRS with a
test-virus attached. I have tried changing the 'CMD' to a few different things
(e.g. using clamscan instead), but no luck so far. I am sure OTRS is passing
something to this command, as if I change it to "CMD => '/usr/bin/clamdscan",
then no tickets are created and I see this in the logs:
Sep 27 11:50:02 <server> OTRS-CGI-10[29783]:
[Notice][Kernel::System::PostMaster::Filter::CMD::Run] Set param
'X-OTRS-Ignore' to 'yes' because of '/files/otrs/bin/cgi-bin: OK ' (Message-ID:
<12345@host>)
Has anyone done anything like this before? Any ideas what syntax I can use in
the CMD? Any help is appreciated.
Regards,
Pierce.
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
