Re: [Evolution] Deleting infected messages
On Tue, 2012-08-28 at 15:29 -0700, Jonathan Ryshpan wrote: The problem is that clamav identifies the message by their filesystem names, which are things like: /home/jonrysh/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S It's not obvious which message (as evolution refers to it) this is. You can easily find out by opening such a message in a plain text editor (which cannot execute scripts or malicious parts of the email) and taking a look at the Subject/Sender/Date, e.g. by running the command gedit ~/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S Or if you just want the subject and date of the message, run grep Subject: ~/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S grep Date: ~/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S andre -- mailto:ak...@gmx.net | failed http://blogs.gnome.org/aklapper ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Deleting infected messages
Am Mittwoch, den 29.08.2012, 10:30 +0200 schrieb Andre Klapper: On Tue, 2012-08-28 at 15:29 -0700, Jonathan Ryshpan wrote: The problem is that clamav identifies the message by their filesystem names, which are things like: /home/jonrysh/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S It's not obvious which message (as evolution refers to it) this is. You can easily find out by opening such a message in a plain text editor (which cannot execute scripts or malicious parts of the email) and taking a look at the Subject/Sender/Date, e.g. by running the command gedit ~/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S Or if you just want the subject and date of the message, run grep Subject: ~/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S grep Date: ~/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S It is not as easily anymore, if Jonathan has more than let’s say ten messages. So just using `rm` on the command line and telling Evolution to update something would save a lot of time I guess. Thanks, Paul signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Deleting infected messages
On Wed, 2012-08-29 at 10:56 +0200, Paul Menzel wrote: It is not as easily anymore, if Jonathan has more than let’s say ten messages. So just using `rm` on the command line and telling Evolution to update something would save a lot of time I guess. Thanks, Paul I used to have a filter that piped incoming email to this script. If the script returns 1 then process the message as infected. It may very well need tweaking -- i've not used it in a long time. the commented out fp calls write results out to a logfile -- usefull for debugging and when you first start using it. The commented puts calls are there for when I cat'd emails in from the command line to test ala $ cat filename | rubyclamav.rb The script $ cat rubyclamav.rb #!/usr/bin/ruby # require 'socket' #fp = File.open(/var/log/rubyclamav/rubyoutclam_#{Process.pid}.log, a) START_TIME=Time.now sendSock = UNIXSocket.open('/var/run/clamav/clamd.sock') #sendSock = UNIXSocket.open('/var/run/clamav/clamd.ctl') sendSock.puts(STREAM) retStr = sendSock.gets tag, val = retStr.split sendSock1 = TCPSocket.open('localhost',#{val}) res = $stdin.read sendSock1.write($stdin.read) sendSock1.close retStr = sendSock.gets pt = Time.now - START_TIME puts #{retStr} fp.write(#{res}\n) #fp.write(#{retStr}\n) #fp.write(ProcessTime = #{pt}\n) #fp.close if retStr.match(FOUND) then system(zenity --warning --title=\Evolution: Virus detected\ --text=\#{retStr}\ ) exit 1 else exit 0 end ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Deleting infected messages
On Wed, 2012-08-29 at 12:50 +, Reid Thompson wrote: On Wed, 2012-08-29 at 10:56 +0200, Paul Menzel wrote: It is not as easily anymore, if Jonathan has more than let’s say ten messages. So just using `rm` on the command line and telling Evolution to update something would save a lot of time I guess. Thanks, Paul I used to have a filter that piped incoming email to this script. If the script returns 1 then process the message as infected. It may very well need tweaking -- i've not used it in a long time. the commented out fp calls write results out to a logfile -- usefull for debugging and when you first start using it. The commented puts calls are there for when I cat'd emails in from the command line to test ala $ cat filename | rubyclamav.rb The script $ cat rubyclamav.rb #!/usr/bin/ruby # require 'socket' #fp = File.open(/var/log/rubyclamav/rubyoutclam_#{Process.pid}.log, a) START_TIME=Time.now sendSock = UNIXSocket.open('/var/run/clamav/clamd.sock') #sendSock = UNIXSocket.open('/var/run/clamav/clamd.ctl') sendSock.puts(STREAM) retStr = sendSock.gets tag, val = retStr.split sendSock1 = TCPSocket.open('localhost',#{val}) res = $stdin.read sendSock1.write($stdin.read) sendSock1.close retStr = sendSock.gets pt = Time.now - START_TIME puts #{retStr} fp.write(#{res}\n) #fp.write(#{retStr}\n) #fp.write(ProcessTime = #{pt}\n) #fp.close if retStr.match(FOUND) then system(zenity --warning --title=\Evolution: Virus detected\ --text=\#{retStr}\ ) exit 1 else exit 0 end once you have the filter setup to handle infected messages like you want, you can CTRL-A a folder and CTRL-Y to run them all through your filters. If you have other filters that you don't want to apply to your emails a second time - temporarily turn them off. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
[Evolution] Deleting infected messages
I've just run clamav on my system and have discovered a number of messages infected by viruses, which I would like to delete. If this is done, can the index files be recreated by simply deleting all the files of these forms: .foo.cmeta .foo.ibex.index .foo.ibex.index.data restarting evolution and waiting a while? This was true in earlier versions; but I'm not sure now. Thanks - jon ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Deleting infected messages
On Tue, 2012-08-28 at 02:02 -0700, Jonathan Ryshpan wrote: I've just run clamav on my system and have discovered a number of messages infected by viruses, which I would like to delete. I wouldn't use the wording messages are infected here, as it's extremely unlikely that a virus would be executed when opening such a message. Normally they are attachments that you have to explicitly open by clicking yourself, or embedded scripts in the HTML message that cannot be executed in Evolution anyway as Evolution simply does not support that. Also see http://library.gnome.org/users/gnome-help/3.4/net-email-virus.html If this is done, can the index files be recreated by simply deleting all the files of these forms: .foo.cmeta .foo.ibex.index .foo.ibex.index.data restarting evolution and waiting a while? Why would you want to delete these files? In Evolution you can delete any email you don't want to keep (may it have a virus or not), so I don't see any specific reasons for this question yet. andre -- mailto:ak...@gmx.net | failed http://blogs.gnome.org/aklapper ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Deleting infected messages
On Tue, 2012-08-28 at 12:11 +0200, Andre Klapper wrote: If this is done, can the index files be recreated by simply deleting all the files of these forms: .foo.cmeta .foo.ibex.index .foo.ibex.index.data restarting evolution and waiting a while? Why would you want to delete these files? In Evolution you can delete any email you don't want to keep (may it have a virus or not), so I don't see any specific reasons for this question yet. The problem is that clamav identifies the message by their filesystem names, which are things like: /home/jonrysh/.local/share/evolution/mail/local/cur/1309978791.3344_2548.localhost.localdomain:2,S It's not obvious which message (as evolution refers to it) this is. I can delete them using ordinary unix commands (rm, etc), but this would seem to make the index files incorrect, so they would need to be reconstructed. Thanks for your help - jon ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list