Things were working and for some reason stopped. Incoming mail isn't scanned
but they do have the header x-virus-scan header from trashscan.
Running the mail text through /usr/local/bin/clamdscan eicar_mail.txt works.
How would I test trashscan to see where the problem is?
Thanks for any ideas.
-pbr
I'm using procmailrc:
#Run TrashScan
:0
* ^Subject:
* !^X-Virus-Scan:
| /usr/local/sbin/trashscan
#Flag mail
:0fhw
* ^X-Virus-Scan: Suspicious
* ^Subject: *
#* Any.other.conditions.you.need??
| sed -e 's/^Subject:/Subject: [virus]/'
Traschscan Settinx:
# ------------------------------------------------- Begin Settinx
---------------------------------$
SCANDIR=$HOME/tmp # Temp directory
for virus scans.
# Security:
Don't define public
# accessible
directories here !!!
# $HOME/tmp
should be fine.
#DECODER=metamail # Decoder:
"metamail" or "uudeview"
#DECODPRG=metamail # Absolute path
to decoder: metamail
DECODER=uudeview # Decoder:
"metamail" or "uudeview"
DECODPRG=/usr/bin/uudeview # Absolute path
to decoder: uudeview
VSCANPRG=/usr/local/bin/clamdscan # Absolute path
to the virus scanner
VSCANOPT="--quiet --tempdir=$HOME/tmp --recursive --max-files=500 \
--max-space=30M --unzip=/usr/bin/unzip --unrar=/usr/bin/unrar \
--unarj=/usr/bin/unarj --zoo=/usr/bin/zoo --lha=/usr/bin/lha \
--jar=/usr/bin/unzip --tar=/bin/tar --tgz=/bin/tar" # Parameters for
the virus scanner.
# Security:
Don't choose public
# accessible
directories for the
# --tempdir
definition !!!
#
--tempdir=$HOME/tmp should be fine.
VSCANVEX=1 # Exitcode of
the virus scanner if a
# virus was found
#VSCANSUSP=mail.virus # File to store
suspicious mail (see
#
procmail.trashscan)
FORMAIL=formail # Absolute path
to formail
PROCMAIL=procmail # Absolute path
to procmail
SENDMAIL=sendmail # Absolute path
to sendmail
CAT=cat # Absolute path
to cat
GREP=grep # Absolute path
to grep
LOGGER=logger # Absolute path
to logger
LOGPRIO=mail.warn # Log level for
logger
MKDIR=mkdir # Absolute path
to mkdir
RM=rm # Absolute path
to rm
SED=sed # Absolute path
to sed
[EMAIL PROTECTED] # Receiver of virus alert
messages
[EMAIL PROTECTED] # Sender of virus alert
messages
[EMAIL PROTECTED] # Person to contact
(appears in the
# mail body of
the virus alert)
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
