bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

Greetings;

Does anyone have a procmail recipe that incorporates clamav into the checks, 
and one that handles the clamav output to /dev/null the viri etc?

At least I assume clamav doesn't auto-delete, I've not yet studied all the 
docs, but do have freshclam running apparently ok.

Thanks everybody.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

If your happiness depends on what somebody else does, I guess you do
have a problem.
		-- Richard Bach, "Illusions"

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, Michael Scheidell wrote:
>Gene Heskett wrote:
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks, and one that handles the clamav output to /dev/null the viri etc?
>
>amavisd handles both SA and clamav, and unlike SA, can quarantine or
>delete the viri.
>(but it handles user based scoreing and bayes WAY different)
>
>you could check that out.

It seem that I have an amivisd-new already installed.  Only html docs, which 
I guess I'm gonna have to get used to.  I'll take a look at them.

Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

So far we've managed to avoid turning Perl into APL.  :-)
             -- Larry Wall in <19...@wall.org>

Re: bringing clamav into the loop?

[Michael Scheidell <sc...@secnap.net>]

Gene Heskett wrote:
> Greetings;
>
> Does anyone have a procmail recipe that incorporates clamav into the checks, 
> and one that handles the clamav output to /dev/null the viri etc?
>
>   
amavisd handles both SA and clamav, and unlike SA, can quarantine or 
delete the viri.
(but it handles user based scoreing and bayes WAY different)

you could check that out.

> At least I assume clamav doesn't auto-delete, I've not yet studied all the 
> docs, but do have freshclam running apparently ok.
>
> Thanks everybody.
>
>   

-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best Anti-Spam Product 2008, Network Products Guide
    * King of Spam Filters, SC Magazine 2008


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
   

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, Yet Another Ninja wrote:
>On 10/31/2009 2:33 PM, Gene Heskett wrote:
>> On Saturday 31 October 2009, Yet Another Ninja wrote:
>>> On 10/31/2009 2:16 PM, Gene Heskett wrote:
>>>> Greetings;
>>>>
>>>> Does anyone have a procmail recipe that incorporates clamav into the
>>>> checks, and one that handles the clamav output to /dev/null the viri
>>>> etc?
>>>>
>>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>>> the docs, but do have freshclam running apparently ok.
>>>
>>> this works for me:
>>> :0cW
>>> :
>>> |clamdscan --no-summary --stdout -
>>>
>>> CLAMAV_CODE=$?
>>>
>>> :0
>>>
>>> * CLAMAV_CODE ?? 1
>>> /dev/null
>>
>> This looks like what I had in mind.  But since I don't have that part
>> checked out yet, would it then delete the mail because clamdscan had an
>> error?  I'll enable the second after the first is working. :)
>
>it will only delete the msg if clamdscan returns code 1
>if it errors out, it won't return code 1
>
>running only the first part will only show it did something if you
>enable procmail logging

It is enabled, and a tail shows this:

procmail: Executing "clamdscan,--no-summary,--stdout,-"
procmail: Non-zero exitcode (2) from "clamdscan"
procmail: Assigning "LASTFOLDER=clamdscan --no-summary --stdout -"
procmail: Assigning "CLAMAV_CODE=2"

for every msg so far.  Now I need to grok what the error is.  It may be that 
I need to tell clamdscan who it is running as since its is not running as the 
user clamav.

Thanks

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

The F-15 Eagle:  
	If it's up, we'll shoot it down.  If it's down, we'll blow it up.
-- A McDonnel-Douglas ad from a few years ago

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, Adam Katz wrote:
>Yet Another Ninja wrote:
>> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>>> This looks like what I had in mind.  But since I don't have that part
>>> checked out yet, would it then delete the mail because clamdscan had
>>> an error?  I'll enable the second after the first is working. :)
>>
>> my recipe was stolen from this
>>
>> see
>> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail
>
>I like this one better ... it shows the scan results.
>http://wiki.apache.org/spamassassin/FilteringViruses
>
>(Odd that the SA wiki's version is more complete than Clam's...)
>
>There's also an SA plugin that can call ClamAV, see
>http://wiki.apache.org/spamassassin/ClamAVPlugin
>
>However, I highly recommend something that interacts at SMTP-time so
>that a 500-series reject notice can be issued, letting the sender know
>that the message wasn't delivered due to its virus/malware content (I
>also feel this way about spam filtering).

Is this possible by the users of fetchmail or mpop?

I wasn't aware that a pop client has the rights to issue a 500 reject to a 
pop3 server..  In addition to trying to get clamav running from a procmail 
recipe, I am looking into replacing fetchmail with mpop.

>Also note (and this is a current predicament on my own deployment) that
>clamdscan (as well as clamav-milter, which is what I use) is incapable
>of breaking some attachments out of emails; an EICAR test attached with
>Thunderbird still gets delivered in all three of the above
>implementations on my system.
>


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

What I tell you three times is true.
		-- Lewis Carroll

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, jdow wrote:
>From: "Adam Katz" <an...@khopis.com>
>Sent: Saturday, 2009/October/31 10:50
>
>> Yet Another Ninja wrote:
>>> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>>>> This looks like what I had in mind.  But since I don't have that part
>>>> checked out yet, would it then delete the mail because clamdscan had
>>>> an error?  I'll enable the second after the first is working. :)
>>>
>>> my recipe was stolen from this
>>>
>>> see
>>> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail
>>
>> I like this one better ... it shows the scan results.
>> http://wiki.apache.org/spamassassin/FilteringViruses
>>
>> (Odd that the SA wiki's version is more complete than Clam's...)
>>
>> There's also an SA plugin that can call ClamAV, see
>> http://wiki.apache.org/spamassassin/ClamAVPlugin
>>
>> However, I highly recommend something that interacts at SMTP-time so
>> that a 500-series reject notice can be issued, letting the sender know
>> that the message wasn't delivered due to its virus/malware content (I
>> also feel this way about spam filtering).
>>
>> Also note (and this is a current predicament on my own deployment) that
>> clamdscan (as well as clamav-milter, which is what I use) is incapable
>> of breaking some attachments out of emails; an EICAR test attached with
>> Thunderbird still gets delivered in all three of the above
>> implementations on my system.
>
>Some of us use fetchmail rather than run a real server. That rather moots
>your comment. (I remember helping Gene decouple SpamAssassin from his
>email program. He was getting annoyed at the time it took to load emails.
>With fetchmail, procmail, and dovecot or equivalents, you can do a rather
>creditable job. But you cannot issue a 500. {^_-})

I'd settle for a /dev/null ;-)

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

<knghtbrd> *sigh*  My todo list is like the fucking energizer bunny
<knghtbrd> It keeps growing and growing and growing and ...

Re: bringing clamav into the loop?

[jdow <jd...@earthlink.net>]

From: "Adam Katz" <an...@khopis.com>
Sent: Saturday, 2009/October/31 10:50


> Yet Another Ninja wrote:
>> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>>> This looks like what I had in mind.  But since I don't have that part
>>> checked out yet, would it then delete the mail because clamdscan had
>>> an error?  I'll enable the second after the first is working. :)
>> 
>> my recipe was stolen from this
>> 
>> see
>> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail
> 
> I like this one better ... it shows the scan results.
> http://wiki.apache.org/spamassassin/FilteringViruses
> 
> (Odd that the SA wiki's version is more complete than Clam's...)
> 
> There's also an SA plugin that can call ClamAV, see
> http://wiki.apache.org/spamassassin/ClamAVPlugin
> 
> However, I highly recommend something that interacts at SMTP-time so
> that a 500-series reject notice can be issued, letting the sender know
> that the message wasn't delivered due to its virus/malware content (I
> also feel this way about spam filtering).
> 
> Also note (and this is a current predicament on my own deployment) that
> clamdscan (as well as clamav-milter, which is what I use) is incapable
> of breaking some attachments out of emails; an EICAR test attached with
> Thunderbird still gets delivered in all three of the above
> implementations on my system.

Some of us use fetchmail rather than run a real server. That rather moots
your comment. (I remember helping Gene decouple SpamAssassin from his
email program. He was getting annoyed at the time it took to load emails.
With fetchmail, procmail, and dovecot or equivalents, you can do a rather
creditable job. But you cannot issue a 500. {^_-})

{^_^}

Re: bringing clamav into the loop?

[Adam Katz <an...@khopis.com>]

Yet Another Ninja wrote:
> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>> This looks like what I had in mind.  But since I don't have that part
>> checked out yet, would it then delete the mail because clamdscan had
>> an error?  I'll enable the second after the first is working. :)
> 
> my recipe was stolen from this
> 
> see
> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail

I like this one better ... it shows the scan results.
http://wiki.apache.org/spamassassin/FilteringViruses

(Odd that the SA wiki's version is more complete than Clam's...)

There's also an SA plugin that can call ClamAV, see
http://wiki.apache.org/spamassassin/ClamAVPlugin

However, I highly recommend something that interacts at SMTP-time so
that a 500-series reject notice can be issued, letting the sender know
that the message wasn't delivered due to its virus/malware content (I
also feel this way about spam filtering).

Also note (and this is a current predicament on my own deployment) that
clamdscan (as well as clamav-milter, which is what I use) is incapable
of breaking some attachments out of emails; an EICAR test attached with
Thunderbird still gets delivered in all three of the above
implementations on my system.

Re: bringing clamav into the loop?

[Yet Another Ninja <sa...@alexb.ch>]

On 10/31/2009 2:33 PM, Gene Heskett wrote:
> On Saturday 31 October 2009, Yet Another Ninja wrote:
>> On 10/31/2009 2:16 PM, Gene Heskett wrote:
>>> Greetings;
>>>
>>> Does anyone have a procmail recipe that incorporates clamav into the
>>> checks, and one that handles the clamav output to /dev/null the viri etc?
>>>
>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>> the docs, but do have freshclam running apparently ok.
>> this works for me:
>> :0cW
>> :
>> |clamdscan --no-summary --stdout -
>>
>> CLAMAV_CODE=$?
>>
>> :0
>>
>> * CLAMAV_CODE ?? 1
>> /dev/null
>>
> This looks like what I had in mind.  But since I don't have that part checked 
> out yet, would it then delete the mail because clamdscan had an error?  I'll 
> enable the second after the first is working. :)

my recipe was stolen from this

see
http://wiki.clamav.net/bin/view/Main/ClamAndProcmail

Re: bringing clamav into the loop?

[Yet Another Ninja <sa...@alexb.ch>]

On 10/31/2009 2:33 PM, Gene Heskett wrote:
> On Saturday 31 October 2009, Yet Another Ninja wrote:
>> On 10/31/2009 2:16 PM, Gene Heskett wrote:
>>> Greetings;
>>>
>>> Does anyone have a procmail recipe that incorporates clamav into the
>>> checks, and one that handles the clamav output to /dev/null the viri etc?
>>>
>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>> the docs, but do have freshclam running apparently ok.
>> this works for me:
>> :0cW
>> :
>> |clamdscan --no-summary --stdout -
>>
>> CLAMAV_CODE=$?
>>
>> :0
>>
>> * CLAMAV_CODE ?? 1
>> /dev/null
>>
> This looks like what I had in mind.  But since I don't have that part checked 
> out yet, would it then delete the mail because clamdscan had an error?  I'll 
> enable the second after the first is working. :)

it will only delete the msg if clamdscan returns code 1
if it errors out, it won't return code 1

running only the first part will only show it did something if you 
enable procmail logging

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, Yet Another Ninja wrote:
>On 10/31/2009 2:16 PM, Gene Heskett wrote:
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks, and one that handles the clamav output to /dev/null the viri etc?
>>
>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>> the docs, but do have freshclam running apparently ok.
>
>this works for me:
>:0cW
>:
>|clamdscan --no-summary --stdout -
>
>CLAMAV_CODE=$?
>
>:0
>
>* CLAMAV_CODE ?? 1
>/dev/null
>
This looks like what I had in mind.  But since I don't have that part checked 
out yet, would it then delete the mail because clamdscan had an error?  I'll 
enable the second after the first is working. :)

Many Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

"`If there's anything more important than my ego around, I 
want it caught and shot now.'" 

- Zaphod. 

Re: bringing clamav into the loop?

[Yet Another Ninja <sa...@alexb.ch>]

On 10/31/2009 2:16 PM, Gene Heskett wrote:
> Greetings;
> 
> Does anyone have a procmail recipe that incorporates clamav into the checks, 
> and one that handles the clamav output to /dev/null the viri etc?
> 
> At least I assume clamav doesn't auto-delete, I've not yet studied all the 
> docs, but do have freshclam running apparently ok.

this works for me:

:0cW
|clamdscan --no-summary --stdout -
CLAMAV_CODE=$?

:0
* CLAMAV_CODE ?? 1
/dev/null

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, jdow wrote:
>From: "Gene Heskett" <ge...@verizon.net>
>Sent: Saturday, 2009/October/31 06:16
>
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks,
>> and one that handles the clamav output to /dev/null the viri etc?
>>
>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>> the docs, but do have freshclam running apparently ok.
>>
>> Thanks everybody.
>
>http://wiki.apache.org/spamassassin/ClamAVPlugin
>
>{^_^}
>
Unforch, the dependencies don't seem to be installable, even with a fresh 
cpan on F10. It needs the Net::Ident kit, an apparently deprecated package as 
far as buildability by cpan goes:
===================
cpan[9]> install Net::Ident
Running install for module 'Net::Ident'
Running make for J/JP/JPC/Net-Ident-1.20.tar.gz
  Has already been unwrapped into directory /root/.cpan/build/Net-
Ident-1.20-5nmQuD
  Has already been made
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" 
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/0use.t .... Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/0use.t .... ok
t/apache.t .. Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/apache.t .. skipped: (no reason given)
t/compat.t .. Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/compat.t .. skipped: (no reason given)
t/Ident.t ... Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/Ident.t ... Failed 3/8 subtests

Test Summary Report
-------------------
t/Ident.t (Wstat: 0 Tests: 8 Failed: 3)
  Failed tests:  1-3
Files=4, Tests=9, 112 wallclock secs ( 0.04 usr  0.01 sys +  2.17 cusr  0.47 
csys =  2.69 CPU)
Result: FAIL
Failed 1/4 test programs. 3/9 subtests failed.
make: *** [test_dynamic] Error 255
  JPC/Net-Ident-1.20.tar.gz
  /usr/bin/make test -- NOT OK
//hint// to see the cpan-testers results for installing this module, try:
  reports JPC/Net-Ident-1.20.tar.gz
Warning (usually harmless): 'YAML' not installed, will not store persistent 
state
Running make install
  make test had returned bad status, won't install without force
Failed during this command:
 JPC/Net-Ident-1.20.tar.gz                    : make_test NO

cpan[10]>
====================

Ideas?

Toss in that Fedora's clamav packages are about 4 versions out of date.  
Fedora list Cc:'d

Thanks Joanne.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

Any sufficiently advanced technology is indistinguishable from a rigged demo.

Re: bringing clamav into the loop?

[jdow <jd...@earthlink.net>]

From: "Gene Heskett" <ge...@verizon.net>
Sent: Saturday, 2009/October/31 06:16


> Greetings;
>
> Does anyone have a procmail recipe that incorporates clamav into the 
> checks,
> and one that handles the clamav output to /dev/null the viri etc?
>
> At least I assume clamav doesn't auto-delete, I've not yet studied all the
> docs, but do have freshclam running apparently ok.
>
> Thanks everybody.
>
> -- 
> Cheers, Gene

http://wiki.apache.org/spamassassin/ClamAVPlugin

{^_^} 

Re: bringing clamav into the loop?

[Toni Mueller <su...@oeko.net>]

Hi,

On Sat, 31.10.2009 at 09:16:07 -0400, Gene Heskett <ge...@verizon.net> wrote:
> Does anyone have a procmail recipe that incorporates clamav into the checks, 
> and one that handles the clamav output to /dev/null the viri etc?

which mail system do you use?

I'm using this setup together with qmail-ldap and qmail-scanner, and it
works like a charm, but of course, your requirements might be vastly
different.


Kind regards,
--Toni++

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, jdow wrote:
>From: "Gene Heskett" <ge...@verizon.net>
>Sent: Saturday, 2009/October/31 13:10
>
>> On Saturday 31 October 2009, Karl Pearson wrote:
>>>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
>>>> Greetings;
>>>>
>>>> Does anyone have a procmail recipe that incorporates clamav into the
>>>> checks,
>>>> and one that handles the clamav output to /dev/null the viri etc?
>>>>
>>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>>> the
>>>> docs, but do have freshclam running apparently ok.
>>>>
>>>> Thanks everybody.
>>>
>>>I use ClamAV-milter at MTA level at the gateway. In the new version of
>>>ClamAV, email is not deleted, but is quarantined within sendmail itself.
>>
>> I don't believe the gateway I'm using (x86 version of dd-wrt) has the
>> iron (or storage, its booting from a cf card) to pull that off, even if I
>> could figure out how to make it an email proxy server.
>>
>>>I run a cron job against the sendmail queue and send myself a report on
>>>each quarantined email, then remove them. With sendmail this is done
>>>with these two commands:
>>>
>>>report each:
>>>mailq -qQ
>>>remove from quarantine and delete:
>>>sendmail -qQ
>>>
>>>Very useful and the virus infected emails don't get inside my network
>>>anywhere, which if using procmail/SpamAssassin, they would have to. My
>>>network is protected from both the viruses and the waste of email
>>>traffic.
>>
>> Twould be nice, but I'd settle for a couple of lines in the procmail.log
>> indicating it was sent to /dev/null.
>>
>:0:
>
>* ^X-Spam-Status: .*CLAMAV.*
>/dev/null
>
>But that requires making the clamav plugin work.
>
>{o.o}
>
Which I haven't succeeded in yet my dear.  Too many perl deps can't be found.  
I think, its getting late here. :)

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

You can make it illegal, but you can't make it unpopular.

Re: bringing clamav into the loop?

[jdow <jd...@earthlink.net>]

From: "Gene Heskett" <ge...@verizon.net>
Sent: Saturday, 2009/October/31 13:10


> On Saturday 31 October 2009, Karl Pearson wrote:
>>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
>>> Greetings;
>>>
>>> Does anyone have a procmail recipe that incorporates clamav into the
>>> checks,
>>> and one that handles the clamav output to /dev/null the viri etc?
>>>
>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>> the
>>> docs, but do have freshclam running apparently ok.
>>>
>>> Thanks everybody.
>>
>>I use ClamAV-milter at MTA level at the gateway. In the new version of
>>ClamAV, email is not deleted, but is quarantined within sendmail itself.
>>
> I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron
> (or storage, its booting from a cf card) to pull that off, even if I could
> figure out how to make it an email proxy server.
>
>>I run a cron job against the sendmail queue and send myself a report on
>>each quarantined email, then remove them. With sendmail this is done
>>with these two commands:
>>
>>report each:
>>mailq -qQ
>>remove from quarantine and delete:
>>sendmail -qQ
>>
>>Very useful and the virus infected emails don't get inside my network
>>anywhere, which if using procmail/SpamAssassin, they would have to. My
>>network is protected from both the viruses and the waste of email
>>traffic.
>
> Twould be nice, but I'd settle for a couple of lines in the procmail.log
> indicating it was sent to /dev/null.

:0:
* ^X-Spam-Status: .*CLAMAV.*
/dev/null

But that requires making the clamav plugin work.

{o.o} 

Re: bringing clamav into the loop?

[Gene Heskett <ge...@verizon.net>]

On Saturday 31 October 2009, Karl Pearson wrote:
>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks,
>> and one that handles the clamav output to /dev/null the viri etc?
>>
>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>> the
>> docs, but do have freshclam running apparently ok.
>>
>> Thanks everybody.
>
>I use ClamAV-milter at MTA level at the gateway. In the new version of
>ClamAV, email is not deleted, but is quarantined within sendmail itself.
>
I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron 
(or storage, its booting from a cf card) to pull that off, even if I could 
figure out how to make it an email proxy server.

>I run a cron job against the sendmail queue and send myself a report on
>each quarantined email, then remove them. With sendmail this is done
>with these two commands:
>
>report each:
>mailq -qQ
>remove from quarantine and delete:
>sendmail -qQ
>
>Very useful and the virus infected emails don't get inside my network
>anywhere, which if using procmail/SpamAssassin, they would have to. My
>network is protected from both the viruses and the waste of email
>traffic.

Twould be nice, but I'd settle for a couple of lines in the procmail.log 
indicating it was sent to /dev/null.
>
>HTH,
>
>Karl
>
>> --
>> Cheers, Gene
>> "There are four boxes to be used in defense of liberty:
>>  soap, ballot, jury, and ammo. Please use in that order."
>> -Ed Howdershelt (Author)
>> The NRA is offering FREE Associate memberships to anyone who wants them.
>> <https://www.nrahq.org/nrabonus/accept-membership.asp>
>>
>> If your happiness depends on what somebody else does, I guess you do
>> have a problem.
>> 		-- Richard Bach, "Illusions"
>
>---
>Karl Pearson
>Karlp@ourldsfamily.com
>Owner/Administrator of the sites at
>http://ourldsfamily.com
>---
>"To mess up your Linux PC, you have to really work at it;
> to mess up a microsoft PC you just have to work on it."
>---
> Democracy is two wolves and a lamb voting on what to have
> for lunch. Liberty is a well-armed lamb contesting the vote.
> --Benjamin Franklin
>---
>


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

<knghtbrd> *sigh*  My todo list is like the fucking energizer bunny
<knghtbrd> It keeps growing and growing and growing and ...

Re: bringing clamav into the loop?

[Karl Pearson <ka...@ourldsfamily.com>]

On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
> Greetings;
>
> Does anyone have a procmail recipe that incorporates clamav into the
> checks,
> and one that handles the clamav output to /dev/null the viri etc?
>
> At least I assume clamav doesn't auto-delete, I've not yet studied all
> the
> docs, but do have freshclam running apparently ok.
>
> Thanks everybody.
>

I use ClamAV-milter at MTA level at the gateway. In the new version of
ClamAV, email is not deleted, but is quarantined within sendmail itself.

I run a cron job against the sendmail queue and send myself a report on
each quarantined email, then remove them. With sendmail this is done
with these two commands:

report each:
mailq -qQ
remove from quarantine and delete:
sendmail -qQ

Very useful and the virus infected emails don't get inside my network
anywhere, which if using procmail/SpamAssassin, they would have to. My
network is protected from both the viruses and the waste of email
traffic.

HTH,

Karl

> --
> Cheers, Gene
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> The NRA is offering FREE Associate memberships to anyone who wants them.
> <https://www.nrahq.org/nrabonus/accept-membership.asp>
>
> If your happiness depends on what somebody else does, I guess you do
> have a problem.
> 		-- Richard Bach, "Illusions"
>


---
Karl Pearson
Karlp@ourldsfamily.com
Owner/Administrator of the sites at
http://ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
 to mess up a microsoft PC you just have to work on it."
---
 Democracy is two wolves and a lamb voting on what to have
 for lunch. Liberty is a well-armed lamb contesting the vote.
 --Benjamin Franklin
---