On Thu, 8 Apr 2004, Jack London Networks wrote: > Okay, I like the --mbox support of clamscan. Problem is - now that I > know there are infected messages in people's inboxes/other folders, I > have very little information to go on to find and clean those > messages. For example, I know a few people have copies of Bagle, > SomeFool/Netsky and so forth - but in an inbox of 4,000 items - how do I > know _which_ message is infected?
Use formail/procmail. Formail breaks the big mbox into individual messages, call procmail on each message with an rc file that saves to two different mboxes based on the results ie: cat mbox | formail -s procmail -m ./Clam.rc Clam.rc would be something like: # Start of RC file # VIRUS=`/usr/local/bin/clamdscan --mbox --disable-summary --stdout -` :0 Di * VIRUS ?? FOUND VirusMail :0 GoodMail # End of file This is untested, off the top of my head. ========================================================== Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
