I have created a shell script to use clamscan from the maildrop application.
We currently use maildrop to scan incoming messages using SpamAssassin and wanted to add the additional functionality of virus scanning using clamscan. Why a wrapper? Because maildrop expects the xfilter applications it calls to return the message via stdout, and clamscan doesn't do this, and I couldn't find a switch that made it do so. If somebody has use for it great... If not... Oh well... it works for us. Some caveats, it does extract messages to /tmp so there is the possibililty of somebody being able to intercept mail messages. This wasn't a design concern as our machine has only virtual users. Please feel free to modify the script. Tom Walsh Network Administrator http://www.ala.net/ #!/usr/local/bin/bash ############################################################################ ### # clamscan.sh by Tom Walsh [EMAIL PROTECTED] # # Created August 13th 2003 # # Modified August 20th 2003 # # # # This script was created to be used with maildrop. Maildrop expects any # # filter it calls to return the message back to it via stdout. clamscan does # # not do this, so the shell script acts as a wrapper for clamscan to make it # # follow this behavior. # # # # The program locations are specific to freebsd, so if you aren't using # # freebsd, then you will need to modify the locations. # # # # Dependancies: # # Bash (duh) # # ClamAV (duh, again) # # maildrop which includes the reformail binary # # ripmime # ############################################################################ ### # Setup program locations CLAM="/usr/local/bin/clamscan" REFORM="/usr/local/bin/reformail" RIPMIME="/usr/local/bin/ripmime" # Setup needed dynamic variables TIME=$(/bin/date -j "+s") DIR="$TIME.$PPID" if [ !$(test /tmp/virusscan/) ]; then mkdir /tmp/virusscan/ fi # Grab the message from stdin MSG=$(/bin/cat /dev/stdin) # Extract the attached files to a tmp dir EXTRACT=$(echo "$MSG" | $RIPMIME -i - -d /tmp/virusscan/$DIR) # Scan the tmp dir SCAN=$($CLAM --stdout --disable-summary /tmp/virusscan/$DIR) # Capture the exit code to test for viruses EXIT="$?" # Was there a virus found? if [ "$EXIT" == "1" ]; then # If so... Lets grab what kind of virus it was VIRUS=$(echo "$SCAN" | /usr/bin/grep "FOUND" | /usr/bin/awk '{print $2}') # Now lets get the old Subject SUBJECT=$(echo "$MSG" | $REFORM -x Subject:) # Now lets alter it to indicate it is infected SUBJECT="**VIRUS** [$VIRUS] $SUBJECT" # Now add the altered Subject back to the original message MSG=$(echo "$MSG" | $REFORM -a"X-Virus-Status: INFECTED" -i"Subject: $(echo "$SUBJECT")") else # If there wasn't a virus, we still need to make note of that MSG=$(echo "$MSG" | $REFORM -a"X-Virus-Status: CLEAN") fi # Clean up our mess in temp dir cd /tmp/virusscan/; rm -r -f $DIR # Send the altered message back to stdout echo "$MSG" # Alter exit code of the script to make maildrop behave as it should exit 0 ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
