Sorry if this is a OT for clamav-users, but may be someone will consider this useful.
I wrote a simple GPLv2 clamdscan frontend (in C, for linux) that can be mail piped from an external MTA or MUA to create a very fast and efficient mail virus filtering solution. It's a fast, simple and sysadmin friendly mailfilter that pipes your incoming mail to clamdscan, uses clamd daemon to check your mail from viruses and adds mail headers that you can check (for example with maildrop) to see if the mail contains a virus (or phishing signatures). You can download "scandalo 1.0 stable" from here: http://www.tuxweb.it/?section=progetti/scandalo&user_lang=en Install automake, then: # ./configure # make # make install Now lets do it a try: Feed it with a virus... # cat "test/test_virus.eml | /usr/local/bin/scandalo" From: <d...@test.com> To: <d...@test.com> Subject: Test X-VirScanBy: scandalo 1.0 Stable X-Virus-Ret: 1 X-Virus-stream: Eicar-Test-Signature FOUND x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* Now, feed it with a normal email: # cat "test/test_novirus.eml | /usr/local/bin/scandalo" From: <d...@test.com> To: <d...@test.com> Subject: Test X-VirScanBy: scandalo 1.0 Stable X-Virus-Ret: 0 X-Virus-stream: OK This is not a virus mail. Please let me know if it can be useful to someone. Sorry for the OT, hope this help. This is an example of maildrop rules I use: VIRUSDIR='Virus' # Scan the mail message for viruses xfilter "/usr/bin/scandalo" if ((/^X-Virus-Ret: 1/) && (/^X-Virus-stream: !.*/)) { echo "Virus found: $MATCH2." `test -d ./Maildir/.$VIRUSDIR` # make sure .Virus folder exists if( $RETURNCODE == 1 ) { echo "Virus maildir does not exist" echo "Creating Maildir/.$VIRUSDIR " # This is used to create the virus maildir if it does not exists. DIRMAKE=`/opt/courier/bin/maildirmake -f $VIRUSDIR ./Maildir` `echo "INBOX.$VIRUSDIR" >> ./Maildir/courierimapsubscribed` } to "./Maildir/.$VIRUSDIR/." } Ciao, Dino. ----------------- TuxWeb S.r.l. - InfoServices EveryWhere - http://www.tuxweb.it Soluzioni informatiche, sviluppo, applicazioni web, consulenze sistemistiche e su prodotti opensource, corsi Linux e molto altro ancora! Per maggiori informazioni scrivi a i...@tuxweb.it. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
