On Fri, 2 Dec 2005, Rob Skedgell announced authoritatively:
> At the moment I have to use a condition in an Exim ACL to exclude
> HTML.Phishing.* "malware" from being discarded so that it can be
> filtered an reported.
Indeed.
You can do the same sort of thing if running sendmail and the
clamav-milter, but it's trickier. I use clamav-milter with the patch
below to put the name of the malware into the X-Virus-Infection-Name:
header, turn on --noreject, and then discard with procmail all mails
with that header present without the word `Phishing' in it.
diff -durN 0.87-orig/clamav-milter/clamav-milter.c
0.87/clamav-milter/clamav-milter.c
--- 0.87-orig/clamav-milter/clamav-milter.c 2005-09-15 23:24:41.000000000
+0100
+++ 0.87/clamav-milter/clamav-milter.c 2005-09-17 00:07:28.000000000 +0100
@@ -261,7 +261,7 @@
static int sendtemplate(SMFICTX *ctx, const char *filename, FILE
*sendmail, const char *virusname);
static int qfile(struct privdata *privdata, const char *sendmailId, const
char *virusname);
static int move(const char *oldfile, const char *newfile);
-static void setsubject(SMFICTX *ctx, const char *virusname);
+static void setinfected(SMFICTX *ctx, const char *virusname);
static int clamfi_gethostbyname(const char *hostname, struct hostent *hp,
char *buf, size_t len);
static int isLocalAddr(in_addr_t addr);
static void clamdIsDown(void);
@@ -747,7 +747,7 @@
break;
case 'n': /* don't add X-Virus-Scanned */
nflag++;
- smfilter.xxfi_flags &=
~(SMFIF_ADDHDRS|SMFIF_CHGHDRS);
+ smfilter.xxfi_flags &= ~(SMFIF_CHGHDRS);
break;
case 'N': /* Do we reject mail or silently drop
it */
rejectmail = 0;
@@ -830,26 +830,6 @@
}
port = argv[optind];
- if(verifyIncomingSocketName(port) < 0) {
- fprintf(stderr, _("%s: socket-addr (%s) doesn't agree with
sendmail.cf\n"), argv[0], port);
- return EX_CONFIG;
- }
- if(strncasecmp(port, "inet:", 5) == 0)
- if(!lflag) {
- /*
- * Barmy but true. It seems that clamfi_connect will,
- * in this case, get the IP address of the machine
- * running sendmail, not of the machine sending the
- * mail, so the remote end will be a local address so
- * we must scan by enabling --local
- *
- * TODO: this is probably not needed if the remote
- * machine is localhost, need to check though
- */
- fprintf(stderr, _("%s: when using inet: connection to
sendmail you must enable --local\n"), argv[0]);
- return EX_USAGE;
- }
-
/*
* Sanity checks on the clamav configuration file
*/
@@ -3050,10 +3030,10 @@
if(use_syslog)
syslog(LOG_DEBUG, "Redirected virus to
%s", quarantine);
cli_dbgmsg("Redirected virus to %s\n",
quarantine);
- setsubject(ctx, virusname);
+ setinfected(ctx, virusname);
}
} else if(advisory)
- setsubject(ctx, virusname);
+ setinfected(ctx, virusname);
else if(rejectmail) {
if(privdata->discard)
rc = SMFIS_DISCARD;
@@ -4240,22 +4220,12 @@
}
/*
- * Store the name of the virus in the subject of the e-mail
+ * Store the name of the virus in the X-Virus-Infection-Name header
*/
static void
-setsubject(SMFICTX *ctx, const char *virusname)
+setinfected(SMFICTX *ctx, const char *virusname)
{
- struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
- char subject[128];
-
- if(privdata->subject)
- smfi_addheader(ctx, "X-Original-Subject", privdata->subject);
-
- snprintf(subject, sizeof(subject) - 1, _("[Virus] %s"), virusname);
- if(privdata->subject)
- smfi_chgheader(ctx, "Subject", 1, subject);
- else
- smfi_addheader(ctx, "Subject", subject);
+ smfi_addheader(ctx, "X-Virus-Infection-Name", virusname);
}
/*
--
`Y'know, London's nice at this time of year. If you like your cities
freezing cold and full of surly gits.' --- David Damerell
