anomy-list

RE: problems executing antivir

From: Jackson, Jeff (102796@xyz.molar.is)
Date: Tue 18 Nov 2003 - 19:04:30 GMT

  • Next message: James Nonya: "Switching"

    >
    > My configuration is: (sanitizer.conf)
    >
    > file_list_4_scanner = 0:1:3,4:/usr/local/bin/clamscan %FILENAME
    > file_list_4_policy = accept:save:save:save

    I'm configured a little differently. I have this in my anomy.conf:

    file_list_1_policy = unknown:mangle:save:save
    file_list_1_scanner = 0:2:3:/usr/local/anomy/bin/clamavd.sh %FILENAME

    And my calmavd.sh script looks like this:

    #!/bin/sh
     
    # Script for the Sanitizer (procmail filter)
    # Using ClamAV
    # Version: 1.02, Xavier Roche/Serianet
    # Usage: /etc/procmail/clamavd.sh <filename>
    # Returns: "CLEAN : OK" | "VIRUS : <information>" | "ERROR"
    # Exitcode: 0=OK 2=SUSPICIOUS 3=VIRUS
    # This script is under GPL
     
    ##############################################################################
    # Instructions (copied from e-mail from Xavier by Bjarni):
    #
    # I tested various AV systems (avp, f-prot..) and attached to this mail
    # a simple script which recognizes the four most used av scanners on
    # linux systems (the script can be freely used and spread, of course).
    #
    # The use is simple: check_for_virus <filename>
    # which will return 0 (OK), 2 (warning), or 3 (danger)
    #
    # For example, I use the main policy:
    #
    # file_list_1_scanner = 0:2:3:/etc/procmail/check_for_virus %FILENAME
    # file_list_1_policy = unknown:mangle:save:save
    # file_list_1 = (?i).*
    #
     
    logger -p mail.notice "check $1"
     
    if test -n "$1"; then
    if test -f "$1"; then
     
     
    RET=0
     
    # ClamAV (Clam AntiVirus)
    if test -x /usr/local/bin/clamdscan; then
            STATUS=
            /usr/local/bin/clamdscan --quiet "$1"
            RETURNCODE=$?
            if test $RETURNCODE -eq 1; then
                    STATUS="virus found"
                    RET=3
            fi
            if test -n "$STATUS"; then
                    INFO=`/usr/local/bin/clamdscan --disable-summary --stdout "$1"|c
    ut -f2 -d' '`
                    logger -p mail.notice "virus check for $1: VIRUS FOUND!! - $INFO
    "
                    echo "VIRUS : $INFO"
            else
                    logger -p mail.notice "virus check for $1: ok"
                    echo "CLEAN : OK"
            fi
    fi
    exit $RET
     
    fi
    fi
    echo "ERROR"
    exit 0

    I apologize to the fine gentleman who gave me the source for this script, for I have forgotten who and can't not give him proper credit. This is working for me very well, but I have recently found that there is one message coming thru untouched, but I haven't figured out why, yet... It's a bogus paypal message which NAV for Exchange catches as:

     Attachment embedmsg.msg was Quarantined for the following reasons:
        Virus W32.Mimail.I@mm was found in www.paypal.com.scr.

    I think embedmsg.msg isn't being handled right, but I'm probably not talented enough to figure out why quickly...

    Oh, having "unknown" in the file list policy means, accept it, but continue checking it with the rest of the rules.

    HTH,
    Jeff



    hosted by molar.is