Suril Patel wrote:
I have successfully got ClamAV working after configuring/tweaking everything necessary and it works fine (so far).
However, I've changed my mind regarding some settings for virus interception in e-mails and would like some help on the settings in /usr/local/etc/procmailrc. At the moment, all messages containing viruses are deleted 'quietly', i.e. the e-mail gets deleted without either party knowing. I presume the detection is in the logs but I'd like the message not to be delivered to me, while the sender gets a message saying "your message was failed due to virus etc. etc." Obviously the sender should just get the subject line or something and not the attachment. Postmaster doesn't need to be notified.
Actually, neither need the sender be notified, because that address is forged in 99.9% of the current virusses. Unless you want to contribute to the backscatter. Read: http://www.postfix.org/BACKSCATTER_README.html
Here is my file as it stands - what should the settings be instead and how can I modify the failure notice sent to the original sender?
======= TMPLOGFILE=$LOGFILE TMPLOGABSTRACT=$LOGABSTRACT TMPVERBOSE=$VERBOSE
LOGFILE=/var/log/procmail.clamav LOGABSTRACT=all VERBOSE=off NL=" "
:0 CLAMAV=|/usr/local/bin/clamscan --disable-summary --stdout --mbox -
:0 * CLAMAV ?? .*: \/.* FOUND { LOG="Possible virus ${MATCH}${NL}"
:0 fhw | formail -a"X-ClamAV: ${MATCH}" }
:0E fhw | formail -a"X-ClamAV: clean"
:0 * ^X-ClamAV: \/.* * ! MATCH ?? ^^clean^^ /dev/null
Wow, so I just need to forge a mail with a header 'X-ClamAV: clean' to pass your virusblocker.
Don't add these things to the header. Just keep the X-ClamAV: $(MATCH)
and test for is absence.
And here is a receipe for auto-reply, if you really really want to backscatter innocent people.
#############################################################
:0 h c
* !^FROM_DAEMON
* !^X-Loop: virusnotification
| (formail -rt -I"Precedence: junk" \
-A"X-Loop: virusnotification" ; \
cat /your/friendly/message ) | $SENDMAIL -oi -t#############################################################
-- Paul Bijnens, Xplanation Tel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *********************************************************************** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... * * ... "Are you sure?" ... YES ... Phew ... I'm out * ***********************************************************************
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
