[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [vps-mail] ClamAV Email Message

Here is my procmailrc

## BEGIN ClamAV Scanning Block: edits inside this block may be
## reverted at upgrade. Edit at your own risk!

TMPLOGFILE=$LOGFILE
TMPLOGABSTRACT=$LOGABSTRACT
TMPVERBOSE=$VERBOSE

LOGFILE=/var/log/procmail.clamav
LOGABSTRACT=all
VERBOSE=off
NL="
"

:0
CLAMAV=|/usr/local/bin/clamscan --disable-summary --stdout --mbox -

:0
* CLAMAV ?? .*: \/.* FOUND
{
  LOG="Possible virus ${MATCH}${NL}"
  
  :0 fhw
  | formail -a"X-ClamAV: ${MATCH}"
}

:0E fhw
| formail -a"X-ClamAV: clean"

:0
* ^X-ClamAV: \/.*
* ! MATCH ?? ^^clean^^
{
  DROPPRIVS=yes
  
  :0:
  $HOME/quarantine
}

LOGFILE=$TMPLOGFILE
LOGABSTRACT=$TMPLOGABSTRACT
VERBOSE=$TMPVERBOSE

## END ClamAV Scanning Block
## begin spamassassin vinstall (do not remove these comments)
TMPLOGFILE=$LOGFILE
TMPLOGABSTRACT=$LOGABSTRACT
TMPVERBOSE=$VERBOSE

#DROPPRIVS=yes
LOGFILE=/var/log/procmail
LOGABSTRACT=yes
VERBOSE=yes

:0fw
|/usr/local/bin/spamassassin

:0:
* ^X-Spam-Status: Yes
/var/mail/spam

LOGFILE=$TMPLOGFILE
LOGABSTRACT=$TMPLOGABSTRACT
VERBOSE=$TMPVERBOSE
## end spamassassin vinstall (do not remove these comments)



 

-----Original Message-----
From: owner-vps-mail@xxxxxxxxxxxx [mailto:owner-vps-mail@xxxxxxxxxxxx] On
Behalf Of Scott Wiersdorf
Sent: Wednesday, March 17, 2004 4:48 PM
To: vps-mail@xxxxxxxxxxxx
Subject: Re: [vps-mail] ClamAV Email Message

On Wed, Mar 17, 2004 at 04:04:55PM -0500, John Oligario wrote:
> Hello,
> 
> Last week I installed the updated ClamAV onto my VPS2, which works 
> great by the way.  However I now have the problem of every single time 
> a virus is caught, I get notified as well as the enduser.

This, I think, is not the default behavior. Have you modified your
procmailrc file to send a notice to the recipient? We discussed this last
week (or maybe two weeks ago) on this list I believe. Maybe you're using one
of the recipes that was floated.

> Is there anyway to reroute
> the virus email to one specific per domain on the VPS2?  Ie, at one 
> company, the CFO wants to get the list of emails containing virus' but 
> does not want the rest of the people to get the email.

Your responder, which might look something like this:

<snip>
    :0
    * ^Subject: infected!
    {
      :0c:
      $HOME/quarantine

      SUBJECT=`formail -zxSubject:`
      :0 h
      | (formail -i"From: Virus Scanner <root@xxxxxxxxxx>" \
        -I"Subject: VIRUS FOUND (was: $SUBJECT)"; \
        cat virus_message.txt;) | $SENDMAIL -t
    }
</snip>

should be modified to look more like this (notice the '-i"To: ..."'
line):

<snip>
    :0
    * ^Subject: infected!
    {
      :0c:
      $HOME/quarantine

      SUBJECT=`formail -zxSubject:`
      :0 h
      | (formail -i"To: CEO Joe Schmoe <joe@xxxxxxxxxx>" \
        -i"From: Virus Scanner <root@xxxxxxxxxx>" \
        -I"Subject: VIRUS FOUND (was: $SUBJECT)"; \
        cat virus_message.txt;) | $SENDMAIL -t
    }
</snip>

Scott
--
Scott Wiersdorf
scottw@xxxxxxxxxxxx
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).


======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).
Main Index | Thread Index
Match: Format: Sort by:
Search: