anomy-list

Re: RE: Feature request - adding Virus-Header tag ?

From: Joerg Mertin (136172@xyz.molar.is)
Date: Thu 13 Jan 2005 - 22:12:48 GMT

  • Next message: Paolo: "Re: RE: Feature request - adding Virus-Header tag ?"

    Hi Luis,

    thx for your reply. I read the thread - and - yes. UNderstand your point
    of view.

    This made me think about a way to circumvent the fact that I can't use
    procmail on my system accounts - as the people there have no local
    accounts.
    However.
    But maybe you can give me a hint on my self-built solution here.

    I'm using a script anomy-filter.sh - that basically handles sanitizer.pl
    and pipes it then to formail:

    cat /dev/null > /var/spool/anomy/virus_scan.tmp

    cat | $SPAMC -f -u filter 2>/dev/null \
        | $ANOMY/bin/sanitizer.pl $ANOMY_CONF 2>>$ANOMY_LOG \
        | /usr/bin/formail -a "X-Antivirus:`/bin/cat \
        /var/spool/anomy/virus_scan.tmp`" - \
        | $SENDMAIL "$@" || \
        { echo Message content rejected; exit $EX_UNAVAILABLE; }

    in anomy-sanitizer.conf - I have a part that calls the clamav scanner
    script which write the found viruses of the sanitizer.pl run into
    /var/spool/anomy/virus_scan.tmp for extraction of the formail call.

    Now - the Problem I have - is time.
    I never manage to get the actual Virus (testing with eicar) written into
    the virus_scan.tmp file in time for the formail process to actually read
    it's content and modify the header of the Mail.

    Where is my thinking error ???
    As I want to do it in the streaming-process - I might be in a problem.
    PS: I alreay tried including sync's and sleep statements etc. to see if by
    giving the OS time to write down the file - it would work... to no avail
    :(

    The clamdscan-code-snippet looks like this:
             STATUS=
             INFO=`/usr/bin/clamdscan --no-summary --stdout "$1"|cut -f2 -d' '`
              if test "$INFO" != "OK";
                 then
                    RET=3
                    echo -n " $INFO" >> /var/spool/anomy/virus_scan.tmp
                    logger "virus check for $1: VIRUS FOUND!! - $INFO"
                    echo "VIRUS : $INFO"
                    echo "Anomy-FileScan-VirusName: $INFO"
               else
                    logger "virus check for $1: $INFO"
                    echo "CLEAN : ok"
               fi

    This code snippet adds the Found Virus into the virus_scan.tmp file, and
    echoes back some informations to Anomy to be used in the Virus-Detection
    message. Note that the virus_scan.tmp file is Nulled bny the
    anomy-filter.sh script - as I want to be able to detect more than one
    virus - to be added into the X-Antivirus Header...

    The virus is found by sending the mail - but the X-Antivirus: header stays
    blank ...

    here the part of the Mail-Header:
    X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
        stargate.solsys.org
    X-Spam-Level:
    X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham
        version=3.0.2
    X-Sanitizer: Stargate mail filter
    MIME-Version: 1.0
    Content-Type: MULTIPART/MIXED;
        boundary="MIMEStream=_0+117003_26652029821326_5166188757"
    X-Antivirus:
    Parts/Attachments:

    [...Snip...]
        [ Part 2: "Renamed from 'eicar.zip' to 'DEFANGED-1.txt'" ]

    *** Attached file saved in quarantine ***
    >>> eicar.zip (Eicar-Test-Signature)
    was removed from Mail because it contained a Virus
    or was an other potentially dangerous file type.
    This file will be held in quarantine for 10 days as
    >>> att-eicar.zip-41e5b79c.S7Z
    If you want to recover it - Contact the postmaster
    136262@xyz.molar.is

    <quote who="Luis Miguel R.">
    > Hi, I think that adding the a virus-found header would be hard for
    > design reassons, try to search on previous posts, it has been discussed
    > before.
    >
    > Procmail users can use sanitizer.procmail found on contrib directory.
    >
    > Regards.
    >
    >
    >

    -- 
    

    ------------------------------------------------------------------------ | Joerg Mertin : 136172@xyz.molar.is (Home)| | in Forchheim/Germany : 136304@xyz.molar.is (Alt1)| | Stardust's LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A



    hosted by molar.is