> I skimmed thru the last six months worth of qmail archives and I did not
> see any good method for using a virus checker with qmail. Well, there
> was mention of the Star Screening System but all I could find was a white
> paper and I haven't bothered converting it from .doc format.
The last time I set it up (on a previous installation) I used the
RELAYCLIENT environment variable to append a virtual domain (@virus.check)
to mails processed by qmail, then pointed that virtual domain to
scanmails. It required some hacking on the scanmails script but it
essentially worked well that way. I think I also set up scanmails to only
scan the message if it was delivered locally (RECIPIENT contained my
domain name) because scanning each message multiple times for each mailing
list recipient was loaded the machine fairly heavily.
I'm not claiming that this is better or worse; just pointing out that
there's more than one way to do it.
Troy
--- amavis-0.2.0-pre4/src/scanmails/scanmails.in.cls Wed Mar 31 06:43:49 1999
+++ amavis-0.2.0-pre4/src/scanmails/scanmails.in Mon Jul 5 17:57:59 1999
@@ -36,7 +36,8 @@
#
#####################################################################
-scanscriptname="scanmails"
+#scanscriptname="scanmails"
+scanscriptname=`basename $0`
################################################
# Path to DrSolomon Antivirus #
@@ -77,6 +78,7 @@
# in #
################################################
tmpdir=/var/tmp/${scanscriptname}$$
+usingqmail=@USE_QMAIL@
################################################
# "var_log" indicates the path where statistic #
@@ -84,6 +86,7 @@
# - if "do_log" is set to "yes" #
################################################
var_log=@var_log@
+systemlogdir=${var_log}/scanmails/
do_log=@do_log@
do_syslog=@do_syslog@
syslog_level=@syslog_level@
@@ -120,7 +123,34 @@
arc=@arc@
unfreeze=@unfreeze@
-deliver=@deliver@
+if [ "x${usingqmail}" = "x" ]; then
+ deliver=@deliver@
+else
+ deliver=${scanscriptname}-real
+fi
+
+if [ "x${usingqmail}" != "x" ] ; then
+ if [ "${scanscriptname}" = "qmail-remote" ] ; then
+ SENDER="$2"
+ RECIPIENT="$3"
+ elif [ "${scanscriptname}" = "qmail-local" ] ; then
+ # Sometims qmail-local is called with -- as the first arg
+ # this screws up the arg count so shift everything
+ if [ "$1" = "--" ] ; then
+ RECIPIENT="$4"@"$7"
+ SENDER="$8"
+ else
+ RECIPIENT="$3"@"$6"
+ SENDER="$7"
+ fi
+ else
+ SENDER="$1"
+ RECIPIENT="$2"
+ fi
+else
+ SENDER="$2"
+ RECIPIENT="$7"
+fi
################################################
# main program #
@@ -171,8 +201,8 @@
echo xxxxxxxxxxxxxxxxxx`date`xxxxxxxxxxxxxxxxxxxxxxx >${tmpdir}/logfile
echo ${scanscriptname} called $* >>${tmpdir}/logfile
-echo FROM: $2 >>/${tmpdir}/logfile
-echo TO: $7 >>/${tmpdir}/logfile
+echo FROM: $SENDER >>/${tmpdir}/logfile
+echo TO: $RECIPIENT >>/${tmpdir}/logfile
${metamail} -r -q -x -w ${tmpdir}/receivedmail > /dev/null 2>&1
@@ -588,19 +618,19 @@
mv ${tmpdir}/receivedmail ${virusmailsdir}/virus$$
chmod 400 ${virusmailsdir}/virus$$
echo The attached mail has been found to contain a virus >${tmpdir}/virusmail
- echo Originally $* >>${tmpdir}/virusmail
+ echo Originally $0 "$@" >>${tmpdir}/virusmail
echo The mail has been stored as ${virusmailsdir}/virus$$ >> ${tmpdir}/virusmail
- mkdir -p ${var_log}/${scanscriptname}
- cat ${tmpdir}/logfile >>${var_log}/${scanscriptname}/logfile
+ mkdir -p ${systemlogdir}
+ cat ${tmpdir}/logfile >>${systemlogdir}/logfile
cat ${tmpdir}/virusmail ${tmpdir}/logfile | ${mail} -s "FOUND VIRUS IN MAIL $*"
${mailto}
################### send a mail back to sender ######################
-cat <<EOF| ${mail} -s "VIRUS IN YOUR MAIL TO $7" $2
+cat <<EOF| ${mail} -s "VIRUS IN YOUR MAIL TO $RECIPIENT" $SENDER
V I R U S A L E R T
- Our viruschecker found a VIRUS in your email to "$7".
+ Our viruschecker found a VIRUS in your email to "$RECIPIENT".
We stopped delivery of this email!
Now it is on you to check your system for viruses
@@ -611,14 +641,15 @@
EOF
+if [ "${scanscriptname}" != "qmail-remote" ] ; then
############### send a mail to the addressee ########################
-cat <<EOF| ${mail} -s "VIRUS IN A MAIL FOR YOU FROM $2" $7
+cat <<EOF| ${mail} -s "VIRUS IN A MAIL FOR YOU FROM $SENDER" $RECIPIENT
V I R U S A L E R T
Our viruschecker found a VIRUS in a mail from
- "$2"
+ "$SENDER"
to you.
Delivery of the email was stopped!
@@ -626,11 +657,34 @@
Please contact your system administrator for details
EOF
-##################### No virus, send as usual #######################
+fi
+
+if [ "x${usingqmail}" != "x" ]; then
+ # Stop all other delivery mechanisms
+ cd /var/tmp && rm -rf ${tmpdir} ;
+ if [ "${scanscriptname}" = "scanmails" ] ; then
+ # Assume we were called by qmail-local
+ exit 99 ;
+ else
+ if [ "${scanscriptname}" = "qmail-remote" ] ; then
+ echo "Message was found to contain virus."
+ fi
+ exit 0 ;
+ fi
+fi
+
else
+##################### No virus, send as usual #######################
echo No virus found - good >> ${tmpdir}/logfile
- if [ "x${deliver}" != "x" ] && [ -x ${deliver} ] ; then
+
+ if [ "x${usingqmail}" != "x" ]; then
+ # If invoked as anything other than "scanmails", invoke the real
+ # program else fall thru to exit
+ if [ "${scanscriptname}" != "scanmails" ] ; then
+ ${scanscriptname}-real "$@" < ${tmpdir}/receivedmail
+ fi
+ elif [ "x${deliver}" != "x" ] && [ -x ${deliver} ] ; then
${deliver} "$@" <${tmpdir}/receivedmail
else
pid=$$
@@ -644,8 +698,8 @@
if [ "x${do_log}" = "xyes" ]
then
- mkdir -p ${var_log}/${scanscriptname}
- cat ${tmpdir}/logfile >> ${var_log}/${scanscriptname}/logfile
+ mkdir -p ${systemlogdir}
+ cat ${tmpdir}/logfile >> ${systemlogdir}/logfile
fi
fi
--- amavis-0.2.0-pre4/configure.in.cls Wed Mar 31 06:45:51 1999
+++ amavis-0.2.0-pre4/configure.in Mon Jul 5 17:41:36 1999
@@ -94,6 +94,9 @@
AC_ARG_ENABLE(sendmail,[ --enable-sendmail=PROG set location of sendmail],
[ MTA="$enableval -oi"], [ MTA="" ])
+AC_ARG_ENABLE(qmail, [ --enable-qmail enable use of qmail features
+in scanmails],
+ [USE_QMAIL=1], [USE_QMAIL=])
+
AC_CACHE_CHECK(mail transport agent (MTA),amavis_cv_SYS_MTA,
if test "$MTA" != ""
then
@@ -125,6 +128,7 @@
fi
AC_SUBST(SENDMAIL)
+AC_SUBST(USE_QMAIL)
AC_SUBST(MTA)
AC_CHECKING([*** H+BEDV AntiVir/X ***])
@@ -215,7 +219,13 @@
dnl ### Enable logging ? ###
dnl ########################
AC_MSG_CHECKING([event logging])
-AC_ARG_ENABLE(logging,[ --enable-logging=[yes/no] perform logging
[default=yes]], do_log="$enableval", do_log="yes")
+dnl if using qmail, scanmails will be run a non-root user
+dnl so logging won't work in most cases
+if test -n "$USE_QMAIL"; then
+ do_log=no
+else
+ AC_ARG_ENABLE(logging,[ --enable-logging=[yes/no] perform logging
+[default=yes]], do_log="$enableval", do_log="yes")
+fi
AC_MSG_RESULT([$do_log])
AC_SUBST(do_log)
