Sorry for my format, I am on webmail. The post is from Jun 2:
http://mailtools.anomy.net/archives/anomy-list/2004-06/0000.shtml
Note they aren't my scripts, its just what I have setup. The AV script header says it is from " Xavier Roche/Serianet ", so thank you very much! The setup is with help from very nice people on this list. I don't know perl at all, it looks greek to me ;-). Give me a nice shell script instead any day..
Regards,
P
________________________________
From: Paolo [mailto:129489@xyz.molar.is]
Sent: Wed 6/16/2004 12:18 AM
To: 129537@xyz.molar.is
Subject: Re: clamav (was: Re: [anomy-list]: more sanitizer questions)
On Tue, Jun 15, 2004 at 05:55:35PM +0200, Luis Miguel wrote:
...
> Anyone is using the patch to show the virusname with sanitizer? (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=235352), I have patched Sanitizer.pm and created a wrapper for my antivirus (clamav), but dont know how to pass the virus name from the wrapper to sanitizer.
don't know where Peter's scripts are - have checked archive list but could
not find any - perhaps his stuff may be more complete.
Anyway, here's mine - very rough, I'm not interested in doing anything fancy
with suspect email.
One note reg. clamav, it may be tricky to run clam[d]scan from anomy script
as in some distro (eg Debian) clam*scan runs as user clamav, hence is unable
to read anomy's tempfiles that should be mode 600 - that's why I'm feeding
clamdscan from stdin.
8<---[.sanitizer.cfg]-----
...
msg_file_drop += X-Anomy|Eventuale codice maligno rilevato: %VIRUSNAME.\n
...
file_list_3 = (?i)\.(doc|dot|xls|xlw|sxi|sdc|sdw|sxw
file_list_3 += |zip
file_list_3 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)$
file_list_3_policy = unknown:drop:drop:drop
file_list_3_scanner = 0:1:2:/usr/share/sanitizer/filters/filtro_av.sh %FILENAME
...
8<---[/.sanitizer.cfg]----
8<---[/usr/share/sanitizer/filters/filtro_av.sh]-----
#!/bin/sh
# need anomy with VIRUSNAME patch
#exit 0
VN=
[ -x /usr/bin/clamdscan ] && {
AVR=`cat $1 | /usr/bin/clamdscan - 2>&1`
R=$?
VN=`echo $AVR | grep ": .* FOUND" | sed "s/.*: \([^ ]*\) FOUND.*/\1/"`
# something went bad
[ "$VN" ] || [ $R = 0 ] || \
echo -e "$0:\nR=$R\nAVR=$AVR" | mail -s"clamdscan, errore: $R" root
}
[ "$VN" ] && {
echo Anomy-FileScan-VirusName: $VN
exit 1
}
exit 0
8<---[//usr/share/sanitizer/filters/filtro_av.sh]----
e.g.:
echo "blah blah" | mutt -a eicarsignature.sxw -stest-clamav paolo
...
[-- Allegato #1 --]
[-- Tipo: text/plain, Codifica: 7bit, Dimensioni: 0,1K --]
blah blah
[-- Allegato #2 --]
[-- Tipo: text/plain, Codifica: 8bit, Dimensioni: 0,4K --]
X-Anomy|*****
...
X-Anomy|Eventuale codice maligno rilevato: Eicar-Test-Signature.
^^^^^^^^^^^^^^^^^^^^
...
X-Anomy|*****
-- paoloGPG/PGP id:0x21426690 kfp:EDFB 0103 A8D8 4180 8AB5 D59E 9771 0F28 2142 6690
Attachments: + http://mailtools.anomy.net/archives/anomy-list//1a/5c/40d32841/01.unnamed.html