how to connect between procmail and clamAV

a7mlinux · 07-01-2009, 06:56 AM

I've Installed clamAV (version 0.95.2) and I want to connect it with procmail, I found that I should install trashscan first to do this, but I didn't found it in /clamav-0.95.2/contrib folder, should I download and install it to make procmail work with clamAV?

unSpawn · 07-01-2009, 09:18 AM

You could use clamassassin (http://jameslick.com/clamassassin/) if you use clamdscan instead of clamscan, a procmail recipe like

Code:

CLAMDSCAN=/usr/bin/clamdscan
MBOX=/dev/null

:0
{
  RESULT=`$CLAMDSCAN --mbox --disable-summary --stdout -`

  :0 Di
  * RESULT ?? FOUND
  $MBOX
}

as it seems thrashcan was removed from /contrib due to an email header bypass flaw (X-Virus-Scan).

a7mlinux · 07-01-2009, 10:12 AM

when I try to run clamd I got the error:

Code:

ERROR: Please edit the example config file /usr/local/etc/clamd.conf
ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf

is that mean I don't need trashscan to scan incoming e-mails?

unSpawn · 07-01-2009, 10:47 AM

clamd.conf governs the configuration settings for the ClamAV daemon. That is a separate issue from running procmail/clamassassin/trashscan. If you don't run thrashscan you need to run clamassassin (or a Sendmail milter) or use a procmail recipe.

a7mlinux · 07-01-2009, 10:54 AM

is there a way to use procmail recipes to scan email-s without using clamAV?

unSpawn · 07-01-2009, 11:02 AM

Procmail delivers email according to recipes.
ClamAV scans files.
If you do not want to use ClamAV you can choose another antivirus package.
You can not scan email messages for viruses or malware without an antivirus package.

a7mlinux · 07-01-2009, 11:11 AM

yes I know that but you confused me with:

Quote:

clamd.conf governs the configuration settings for the ClamAV daemon. That is a separate issue from running procmail/clamassassin/trashscan

all I need to run clamAV with clamd command without error:

Code:

ERROR: Please edit the example config file /usr/local/etc/clamd.conf
ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf

and the recipe I should write in procmailrc

repo · 07-01-2009, 12:08 PM

Quote:

ERROR: Please edit the example config file /usr/local/etc/clamd.conf

Edit the file and

Quote:

# Comment or remove the line below.
Example

Here an ex for procmail and clamassassin

Code:

#####################
# Scan for Virusses #
#####################
# safe the subject line, and put [VIRUS] at the beginning of the subjectline, if any virus is found. 

SUBJ_=`formail -xSubject: \
       | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'`

# run clamassassin
:0fw
| /usr/bin/clamassassin

:0:
* ^X-Virus-Status: Yes
{

        :0 fhw
        | formail -I"Subject: [VIRUS] ${SUBJ_}"
        :0 fhw
        | formail -A "X-VIRUS-INFO: BLOCKED BY CLAMASSASSIN"
        LOG="VIRUS "
        :0
        ${VIRUS}
}

a7mlinux · 07-01-2009, 12:29 PM

welcome back repo

Quote:

Originally Posted by repo

Here an ex for procmail and clamassassin

should I install clamassassin or clamav is enough, now I've installed clamav version 0.95.2 and clamassassin work with version lower than I have
thanks in advance

repo · 07-01-2009, 12:40 PM

You need to install clamassassin.

clamassassin is a simple virus filter wrapper for ClamAV for use in procmail filters

a7mlinux · 07-02-2009, 04:21 AM

Quote:

You need to install clamassassin.
clamassassin is a simple virus filter wrapper for ClamAV for use in procmail filters

ok I've installed clamassassin version 1.2.4 and it's compatible with clamav version 0.90 and higher, do I need to use this recipe directly:

Code:

#####################
# Scan for Virusses #
#####################
# safe the subject line, and put [VIRUS] at the beginning of the subjectline, if any virus is found. 

SUBJ_=`formail -xSubject: \
       | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'`

# run clamassassin
:0fw
| /usr/bin/clamassassin

:0:
* ^X-Virus-Status: Yes
{

        :0 fhw
        | formail -I"Subject: [VIRUS] ${SUBJ_}"
        :0 fhw
        | formail -A "X-VIRUS-INFO: BLOCKED BY CLAMASSASSIN"
        LOG="VIRUS "
        :0
        ${VIRUS}
}

or there is a somthign I need to do before?
thanks in advance

a7mlinux · 07-02-2009, 08:13 AM

suppose that it's working properly, I need A message with a virus to test my work where do I can find something like this?

unSpawn · 07-02-2009, 08:26 AM

Search for the word "EICAR". That should yield a "test virus" any AV should recognise.

repo · 07-02-2009, 10:20 AM

You should name the variable ${VIRUS}
at the beginning of your procmailrc file

Something like

Quote:

PATH=/bin:/usr/bin:/usr/local/bin
LINEBUF=4096
MAILDIR=$HOME/mail
TRASH=$MAILDIR/junkmail
DEFAULT=$MAILDIR/inbox
SPAM=$MAILDIR/spam
LOGFILE=$HOME/pm.log
VERBOSE = on
FGREP=/bin/fgrep
FROM=`formail -x From:`
REC=`formail -x Received:`
TMP=/var/tmp
DROPPRIVS=yes

a7mlinux · 07-02-2009, 10:57 AM

Quote:

You should name the variable ${VIRUS}
at the beginning of your procmailrc file Something like

sorry but I didn't got you, please expalin more
thanks in advance