anomy-list

RE: Adding ClamAV

From: Peter Mueller (128151@xyz.molar.is)
Date: Thu 03 Jun 2004 - 02:41:01 GMT

  • Next message: Luis Miguel: "sanitizer log in body"

    > It doesn't seem like it even sends it to ClamAV. It just replaces the
    > body of the message saying that a file has been removed. It does this
    > whether there is an attachment or not so I can't get any files if I do
    > this.

    I just got mine working,
    RH7.2+legacypatches+postfix+anomy+spamassassin+clamav. Be sure to
    carefully check permissions. Anomy creates the files as 0600 in the
    quarantine directory. Even if you have directory permissions set for
    e.g. clamav, the files will be filter:filter 0600. It's probably
    easiest to run clamav as the filter user.

    # Specify the Anomy temp file and quarantine directory
    file_name_tpl = /home/filter/quarantine/att-$F-$T.$$

    # Scan files using Clamav
    file_list_2 = (?i).*
    file_list_2_policy = unknown:mangle:save:save
    file_list_2_scanner = 0:2:3:/usr/local/anomy/bin/clamavd.sh %FILENAME

    #!/bin/sh
      
    # Script for the Sanitizer (procmail filter)
    # Using ClamAV
    # Version: 1.02, Xavier Roche/Serianet
    # Usage: /etc/procmail/clamavd.sh <filename>
    # Returns: "CLEAN : OK" | "VIRUS : <information>" | "ERROR"
    # Exitcode: 0=OK 2=SUSPICIOUS 3=VIRUS
    # This script is under GPL
      
    ########################################################################
    ######
    # Instructions (copied from e-mail from Xavier by Bjarni):
    #
    # I tested various AV systems (avp, f-prot..) and attached to this mail
    # a simple script which recognizes the four most used av scanners on
    # linux systems (the script can be freely used and spread, of course).
    #
    # The use is simple: check_for_virus <filename>
    # which will return 0 (OK), 2 (warning), or 3 (danger)
    #
    # For example, I use the main policy:
    #
    # file_list_1_scanner = 0:2:3:/etc/procmail/check_for_virus %FILENAME
    # file_list_1_policy = unknown:mangle:save:save
    # file_list_1 = (?i).*
    #
    # 0 : No virus found.
    # 1 : Virus(es) found.
    # 2 : An error occured.
      
    logger -p mail.notice "check $1"
      
    if test -n "$1"; then
    if test -f "$1"; then
      
      
    RET=0
      
    # ClamAV (Clam AntiVirus)
    if test -x /usr/bin/clamdscan; then
            STATUS=
            /usr/bin/clamdscan --quiet "$1"
            RETURNCODE=$?
            if test $RETURNCODE -eq 1; then
                    STATUS="virus found"
                    RET=3
            fi
            if test -n "$STATUS"; then
                    INFO=`/usr/bin/clamdscan --disable-summary --stdout
    "$1"|cut -f2 -d' '`
                    logger -i -p mail.notice "virus check for $1: VIRUS
    FOUND!! - $INFO"
                    echo "VIRUS : $INFO"
            else
                    logger -i -p mail.notice "virus check for $1: ok"
                    echo "CLEAN : OK"
            fi
    fi
    exit $RET
      
    fi
    fi
    echo "ERROR"
    exit 0

    hosted by molar.is