Re: RE: Feature request - adding Virus-Header tag ?

From: Joerg Mertin (
Date: Thu 13 Jan 2005 - 22:12:48 GMT

  • Next message: Paolo: "Re: RE: Feature request - adding Virus-Header tag ?"

    Hi Luis,

    thx for your reply. I read the thread - and - yes. UNderstand your point
    of view.

    This made me think about a way to circumvent the fact that I can't use
    procmail on my system accounts - as the people there have no local
    But maybe you can give me a hint on my self-built solution here.

    I'm using a script - that basically handles
    and pipes it then to formail:

    cat /dev/null > /var/spool/anomy/virus_scan.tmp

    cat | $SPAMC -f -u filter 2>/dev/null \
        | $ANOMY/bin/ $ANOMY_CONF 2>>$ANOMY_LOG \
        | /usr/bin/formail -a "X-Antivirus:`/bin/cat \
        /var/spool/anomy/virus_scan.tmp`" - \
        | $SENDMAIL "$@" || \
        { echo Message content rejected; exit $EX_UNAVAILABLE; }

    in anomy-sanitizer.conf - I have a part that calls the clamav scanner
    script which write the found viruses of the run into
    /var/spool/anomy/virus_scan.tmp for extraction of the formail call.

    Now - the Problem I have - is time.
    I never manage to get the actual Virus (testing with eicar) written into
    the virus_scan.tmp file in time for the formail process to actually read
    it's content and modify the header of the Mail.

    Where is my thinking error ???
    As I want to do it in the streaming-process - I might be in a problem.
    PS: I alreay tried including sync's and sleep statements etc. to see if by
    giving the OS time to write down the file - it would work... to no avail

    The clamdscan-code-snippet looks like this:
             INFO=`/usr/bin/clamdscan --no-summary --stdout "$1"|cut -f2 -d' '`
              if test "$INFO" != "OK";
                    echo -n " $INFO" >> /var/spool/anomy/virus_scan.tmp
                    logger "virus check for $1: VIRUS FOUND!! - $INFO"
                    echo "VIRUS : $INFO"
                    echo "Anomy-FileScan-VirusName: $INFO"
                    logger "virus check for $1: $INFO"
                    echo "CLEAN : ok"

    This code snippet adds the Found Virus into the virus_scan.tmp file, and
    echoes back some informations to Anomy to be used in the Virus-Detection
    message. Note that the virus_scan.tmp file is Nulled bny the script - as I want to be able to detect more than one
    virus - to be added into the X-Antivirus Header...

    The virus is found by sending the mail - but the X-Antivirus: header stays
    blank ...

    here the part of the Mail-Header:
    X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
    X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham
    X-Sanitizer: Stargate mail filter
    MIME-Version: 1.0
    Content-Type: MULTIPART/MIXED;

        [ Part 2: "Renamed from '' to 'DEFANGED-1.txt'" ]

    *** Attached file saved in quarantine ***
    >>> (Eicar-Test-Signature)
    was removed from Mail because it contained a Virus
    or was an other potentially dangerous file type.
    This file will be held in quarantine for 10 days as
    If you want to recover it - Contact the postmaster

    <quote who="Luis Miguel R.">
    > Hi, I think that adding the a virus-found header would be hard for
    > design reassons, try to search on previous posts, it has been discussed
    > before.
    > Procmail users can use sanitizer.procmail found on contrib directory.
    > Regards.


    ------------------------------------------------------------------------ | Joerg Mertin : (Home)| | in Forchheim/Germany : (Alt1)| | Stardust's LiNUX System : | | Web: | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A

    hosted by