>
> My configuration is: (sanitizer.conf)
>
> file_list_4_scanner = 0:1:3,4:/usr/local/bin/clamscan %FILENAME
> file_list_4_policy = accept:save:save:save
I'm configured a little differently. I have this in my anomy.conf:
file_list_1_policy = unknown:mangle:save:save
file_list_1_scanner = 0:2:3:/usr/local/anomy/bin/clamavd.sh %FILENAME
And my calmavd.sh script looks like this:
#!/bin/sh
# Script for the Sanitizer (procmail filter)
# Using ClamAV
# Version: 1.02, Xavier Roche/Serianet
# Usage: /etc/procmail/clamavd.sh <filename>
# Returns: "CLEAN : OK" | "VIRUS : <information>" | "ERROR"
# Exitcode: 0=OK 2=SUSPICIOUS 3=VIRUS
# This script is under GPL
##############################################################################
# Instructions (copied from e-mail from Xavier by Bjarni):
#
# I tested various AV systems (avp, f-prot..) and attached to this mail
# a simple script which recognizes the four most used av scanners on
# linux systems (the script can be freely used and spread, of course).
#
# The use is simple: check_for_virus <filename>
# which will return 0 (OK), 2 (warning), or 3 (danger)
#
# For example, I use the main policy:
#
# file_list_1_scanner = 0:2:3:/etc/procmail/check_for_virus %FILENAME
# file_list_1_policy = unknown:mangle:save:save
# file_list_1 = (?i).*
#
logger -p mail.notice "check $1"
if test -n "$1"; then
if test -f "$1"; then
RET=0
# ClamAV (Clam AntiVirus)
if test -x /usr/local/bin/clamdscan; then
STATUS=
/usr/local/bin/clamdscan --quiet "$1"
RETURNCODE=$?
if test $RETURNCODE -eq 1; then
STATUS="virus found"
RET=3
fi
if test -n "$STATUS"; then
INFO=`/usr/local/bin/clamdscan --disable-summary --stdout "$1"|c
ut -f2 -d' '`
logger -p mail.notice "virus check for $1: VIRUS FOUND!! - $INFO
"
echo "VIRUS : $INFO"
else
logger -p mail.notice "virus check for $1: ok"
echo "CLEAN : OK"
fi
fi
exit $RET
fi
fi
echo "ERROR"
exit 0
I apologize to the fine gentleman who gave me the source for this script, for I have forgotten who and can't not give him proper credit. This is working for me very well, but I have recently found that there is one message coming thru untouched, but I haven't figured out why, yet... It's a bogus paypal message which NAV for Exchange catches as:
Attachment embedmsg.msg was Quarantined for the following reasons:
Virus W32.Mimail.I@mm was found in www.paypal.com.scr.
I think embedmsg.msg isn't being handled right, but I'm probably not talented enough to figure out why quickly...
Oh, having "unknown" in the file list policy means, accept it, but continue checking it with the rest of the rules.
HTH,
Jeff