jonn ah wrote:
>
>--- "Chris L. Franklin" <[EMAIL PROTECTED]> wrote:
>
>
>
>>I don't mean to be rude or anything. But if the
>>script isn't catching
>>virus' right then you probably don't have have
>>
>>
>>
>I'm sorry I'm just trying to make the script work...
>
>
>
>>A) ClamD running and configured right
>>
>>
>[EMAIL PROTECTED] MailRoot]# ps xaf | grep clamd
> 1639 ? S 0:04 clamd
>20924 pts/2 S 0:00 \_ grep clamd
>
>meaning clamd is running.... right?
>
>
>
>>B) You don't have the script installed right
>>
>>
>>
>
>I have this in my filters.post-data.tab and
>filter.post-data.tab
>
>"/var/MailRoot/filters/anti-virus.sh" "@@FILE"
>"@@REMOTEADDR" "@@USERAUTH"
>
>
>
>>Heres the log from the test virus' I just sent
>>
>>Fri Oct 21 08:50:21 2005 ->
>>/tmp/msrva5bfdbb0.16f90.tmp:
>>Eicar-Test-Signature FOUND
>>Fri Oct 21 08:51:05 2005 ->
>>/tmp/msrva5bfdbb0.1701d.tmp:
>>Eicar-Test-Signature FOUND
>>Fri Oct 21 08:51:25 2005 ->
>>/tmp/msrva5bfdbb0.1705b.tmp:
>>Eicar-Test-Signature FOUND
>>Fri Oct 21 08:52:25 2005 ->
>>/tmp/msrva5bfdbb0.17111.tmp:
>>Eicar-Test-Signature FOUND
>>Fri Oct 21 08:56:11 2005 ->
>>/tmp/msrva5bfdbb0.173bb.tmp:
>>Eicar-Test-Signature FOUND
>>
>>The Script is to simple to really cuase any problem
>>
>>
>>
>
>however, when I send an test email with attachment
>from squirrelmail to another user in the same domain,
>the attachment still arrives and there are no logs
>saying that the attachment contained a virus...
>
>
>
>
>>[Code]
>>#!/bin/bash
>>### Config
>>File=$1
>>RejFile=$File".rej"
>>RemoteAddress=$2
>>Authuser=$3
>>timestamp=`date +%s`
>>date=`date +%Y%m%d000`
>>nowtime=`date +%r`
>>
>>### Doing Stuff
>>ClamAV='clamdscan --no-summary --stdout '
>>run=`$ClamAV $File`
>>Found=`echo "$run" | awk '{print $3}'`
>>Virus=`echo "$run" | awk '{print $2}'`
>>
>>### Log
>>echo "$nowtime $RemoteAddress $Authuser
>>$Virus" >>
>>/var/MailRoot/logs/anti-virus-$date
>>
>>### Exiting
>>if [ $Found ]; then
>> echo "550 Virus : $Virus Found in Email " >
>>$RejFile
>> exit 3
>>fi
>>[/Code]
>>
>>And the Filter code is just as easy.
>>
>>/var/MailRoot/filters.post-data.tab
>>
>>[Code]
>>"/var/MailRoot/filters/anti-virus.sh" "@@FILE"
>> "@@REMOTEADDR"
>>"@@USERAUTH"
>>[/Code]
>>
>>
>>
>>--
>>
>>
>>-- Chris L. Franklin --
>>
>>-
>>To unsubscribe from this list: send the line
>>"unsubscribe xmail" in
>>the body of a message to [EMAIL PROTECTED]
>>For general help: send the line "help" in the body
>>of a message to
>>[EMAIL PROTECTED]
>>
>>
>>
>>
>
>
>
>
>__________________________________
>Yahoo! FareChase: Search multiple travel sites in one click.
>http://farechase.yahoo.com
>-
>To unsubscribe from this list: send the line "unsubscribe xmail" in
>the body of a message to [EMAIL PROTECTED]
>For general help: send the line "help" in the body of a message to
>[EMAIL PROTECTED]
>
>
>
Do the filter logs show that the filter was even fired ?
--
-- Chris L. Franklin --
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
