LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   how to connect between procmail and clamAV (https://www.linuxquestions.org/questions/linux-general-1/how-to-connect-between-procmail-and-clamav-736906/)

a7mlinux 07-01-2009 05:56 AM
how to connect between procmail and clamAV
 
I've Installed clamAV (version 0.95.2) and I want to connect it with procmail, I found that I should install trashscan first to do this, but I didn't found it in /clamav-0.95.2/contrib folder, should I download and install it to make procmail work with clamAV?

unSpawn 07-01-2009 08:18 AM
You could use clamassassin (http://jameslick.com/clamassassin/) if you use clamdscan instead of clamscan, a procmail recipe like
Code:
CLAMDSCAN=/usr/bin/clamdscan
MBOX=/dev/null

:0
{
  RESULT=`$CLAMDSCAN --mbox --disable-summary --stdout -`

  :0 Di
  * RESULT ?? FOUND
  $MBOX
}
as it seems thrashcan was removed from /contrib due to an email header bypass flaw (X-Virus-Scan).

a7mlinux 07-01-2009 09:12 AM
when I try to run clamd I got the error:
Code:
ERROR: Please edit the example config file /usr/local/etc/clamd.conf
ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf
is that mean I don't need trashscan to scan incoming e-mails?

unSpawn 07-01-2009 09:47 AM
clamd.conf governs the configuration settings for the ClamAV daemon. That is a separate issue from running procmail/clamassassin/trashscan. If you don't run thrashscan you need to run clamassassin (or a Sendmail milter) or use a procmail recipe.

a7mlinux 07-01-2009 09:54 AM
is there a way to use procmail recipes to scan email-s without using clamAV?

unSpawn 07-01-2009 10:02 AM
Procmail delivers email according to recipes.
ClamAV scans files.
If you do not want to use ClamAV you can choose another antivirus package.
You can not scan email messages for viruses or malware without an antivirus package.

a7mlinux 07-01-2009 10:11 AM
yes I know that but you confused me with:
Quote:
clamd.conf governs the configuration settings for the ClamAV daemon. That is a separate issue from running procmail/clamassassin/trashscan
all I need to run clamAV with clamd command without error:
Code:
ERROR: Please edit the example config file /usr/local/etc/clamd.conf
ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf
and the recipe I should write in procmailrc

repo 07-01-2009 11:08 AM
Quote:
ERROR: Please edit the example config file /usr/local/etc/clamd.conf
Edit the file and
Quote:
# Comment or remove the line below.
Example
Here an ex for procmail and clamassassin


Code:
#####################
# Scan for Virusses #
#####################
# safe the subject line, and put [VIRUS] at the beginning of the subjectline, if any virus is found.

SUBJ_=`formail -xSubject: \
      | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'`

# run clamassassin
:0fw
| /usr/bin/clamassassin

:0:
* ^X-Virus-Status: Yes
{

        :0 fhw
        | formail -I"Subject: [VIRUS] ${SUBJ_}"
        :0 fhw
        | formail -A "X-VIRUS-INFO: BLOCKED BY CLAMASSASSIN"
        LOG="VIRUS "
        :0
        ${VIRUS}
}

a7mlinux 07-01-2009 11:29 AM
welcome back repo
Quote:
Originally Posted by repo (Post 3593149)
Here an ex for procmail and clamassassin
should I install clamassassin or clamav is enough, now I've installed clamav version 0.95.2 and clamassassin work with version lower than I have
thanks in advance

repo 07-01-2009 11:40 AM
You need to install clamassassin.

clamassassin is a simple virus filter wrapper for ClamAV for use in procmail filters

a7mlinux 07-02-2009 03:21 AM
Quote:
You need to install clamassassin.
clamassassin is a simple virus filter wrapper for ClamAV for use in procmail filters
ok I've installed clamassassin version 1.2.4 and it's compatible with clamav version 0.90 and higher, do I need to use this recipe directly:
Code:
#####################
# Scan for Virusses #
#####################
# safe the subject line, and put [VIRUS] at the beginning of the subjectline, if any virus is found.

SUBJ_=`formail -xSubject: \
      | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'`

# run clamassassin
:0fw
| /usr/bin/clamassassin

:0:
* ^X-Virus-Status: Yes
{

        :0 fhw
        | formail -I"Subject: [VIRUS] ${SUBJ_}"
        :0 fhw
        | formail -A "X-VIRUS-INFO: BLOCKED BY CLAMASSASSIN"
        LOG="VIRUS "
        :0
        ${VIRUS}
}
or there is a somthign I need to do before?
thanks in advance

a7mlinux 07-02-2009 07:13 AM
suppose that it's working properly, I need A message with a virus to test my work where do I can find something like this?

unSpawn 07-02-2009 07:26 AM
Search for the word "EICAR". That should yield a "test virus" any AV should recognise.

repo 07-02-2009 09:20 AM
You should name the variable ${VIRUS}
at the beginning of your procmailrc file

Something like

Quote:
PATH=/bin:/usr/bin:/usr/local/bin
LINEBUF=4096
MAILDIR=$HOME/mail
TRASH=$MAILDIR/junkmail
DEFAULT=$MAILDIR/inbox
SPAM=$MAILDIR/spam
LOGFILE=$HOME/pm.log
VERBOSE = on
FGREP=/bin/fgrep
FROM=`formail -x From:`
REC=`formail -x Received:`
TMP=/var/tmp
DROPPRIVS=yes

a7mlinux 07-02-2009 09:57 AM
Quote:
You should name the variable ${VIRUS}
at the beginning of your procmailrc file Something like
sorry but I didn't got you, please expalin more
thanks in advance


All times are GMT -5. The time now is 08:52 AM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page