On Wed, 11 Feb 2004, Bob George wrote:
> Thanks to Christopher's hint, I wound up with the following in procmailrc,
> which seems to be working:
>
> #======================================================
> # clamav virus scan
> #======================================================
> :0 HB
> VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout -
>
> :0 Dfw
> * VIRUS ?? ^.*: \/.* FOUND
> | formail -A "X-Virus-Status: yes, $MATCH"
>
> :0 Efw
> | formail -A "X-Virus-Status: no"
>
> Note that I tag infected messages, not dump them immediately, for gathering
> stats. It seems to be catching the test infected messages I sent though just
> fine. I probably need to dump --stdout as well, since it's not acting as a
> filter.
>
> Now -- IF mbox is a problem -- I could just send the BODY through with the
> procmail B flag alone, and not use --mbox, right?
Not quite. You would have to extract the Base64 encoded attachments from
the body, store them in temp files and then feed each of those to clamscan
if you want to omit the '--mbox' switch.
That's what clamscan does for you when you enable the --mbox mode,
and that's the code that has been problimatic in the past.
Another alternative would be to use a different package such as MIMEDefang
or mailscanner to do the extracting.
I note that you're using 'clamscan' rather than 'clamdscan' in that
script. Note that 'clamscan' has significant startup overhead as
opposed to using 'clamdscan' & 'clamd' (similar to spamassassin vs
spamc/spamd).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
