the users has being received too much virus and i need to block it.
Does that mean ClamAV ain't working? Better check and fix infected mailboxes after that else you keep getting stuff in.
but how can i remove the virus now? if i do that... the INBOX file will be removed, dont it?
Here's the idea. Split messages from mailbox, pipe procmail, pipe through clamscan, deliver.
Could look something like this:
Code:
cat /home/user/mailbox|formail -s procmail -m av.rc
The av.rc could contain something like:
Code:
VERBOSE=on
LOGFILE=$HOME/mailbox.log
:0Efw
| clamassassin
:0
* ^X-Virus-Status: Yes
/home/user/mailbox_warning_infected
:0
* ^X-Virus-Scan: Suspicious
/home/user/mailbox_warning_suspicious
:0
mailbox.new
What you've got to do is test this procedure on a copy of a single mailbox to see if all stuff isn in your $PATH, if you need any other variable set, stuff like that. Check the log for errors & post back. I did test the procedure (only mailbox format) and for me it works OK, YMMV(VM). You need clamassassin or else use clamscan/clamdscan in which case you will have to find the necessary parameters to run it yourself. If you use maildir or whatever you know what to do.
Script example. Might look like this. Note it doesnt make backups and leaves the infected/suspicious mailboxes in place for you to examine & remove. Takes one directory name as input:
Code:
#!/bin/bash
if [ -d "$1" ]; then find "$1" -type f | while read ; do file $REPLY|grep -q ": ASCII mail text"; case "$?" in 0) target="$REPLY";
dir=$(dirname "$target"); file=$(basename "$target"); filenew="${file}_new"; echo -en "VERBOSE=on\nLOGFILE=${dir}/\
${filenew}.log\n\n:0Efw\n| clamassassin\n\n:0\n\* ^X-Virus-Status: Yes\n${dir}/${file}_warning_infected\n\n:0\n\* ^X-Virus\
-Scan: Suspicious\n${dir}/${file}_warning_suspicious\n\n:0\n${dir}/${filenew}\n" > "${dir}/${filenew}.rc"; cat "$target"|formail\
-s procmail "${dir}/${filenew}.rc"; mv "${dir}/${filenew}" "$target" && rm -f "${dir}/${filenew}.rc";; esac; done; fi; exit 0
Anyway, HTH
