Hi,
i'm using anomy since yesterday together with f-prot
command-line and procmail. I have the problem to sort/filter anomy
tagged e-mails, because anomy delivers only the known x-headers
X-Anomy-Sanitizer: Gotcha!
X-Gotcha: Sanitizer!
for all kinds of anomalies and the log.
So some postings to mailing-lists without attached virii are transfered
to my virus-folder too.
I have set in my sanitizer.cfg:
file_list_1_scanner = 0:3,6:8:/usr/local/bin/f-prot -ai -archive -dumb
%FILENAME
file_list_1_policy = unknown:mangle:defang:warn
file_list_1 = (?i)(winmail\.dat
file_list_1 += |\.(exe|vb[es]|c(om|hm)|bat|pif|s(ys|cr))
file_list_1 += (\.g?z|\.bz\d?)*)$
and in my .procmailrc:
:0fw: anomy.lock
| /usr/local/anomy/bin/sanitizer.pl /home/hiro/.anomy/sanitizer.cfg
:0BDA
* ^.*SanitizeFile.*filename.*mimetype.*application/octet-stream
$QUARA
With the f-prot command above, f-prot shows for a message, contaminated
with Sobig:
/virustest.msg->your_details.pif Infection: W32/Sobig.F@mm
and in the result overview:
Infected: 1
Suspicious: 0
So it would be nice, to have an additional x-header like
x-anomy-result: Infection: Virusname or
x-anomy-result: Infected|Suspicious
I have played with the check_for_viruses script, which shows:
VIRUS : W32/Sobig.F@mm
So my question is, how can i integrate the output of the check script
or f-prot in procmail to get a better filtering/sorting or how do you do
that? ;)
Ciao
Kai
WWW: http://kai.iks-jena.de/
GPG-Key: 0x60F3882F / 0x76C65282
ICQ:146714798