[vps-mail] Re: BIG THANKS!!!

[Abigail Marshall <abigail@xxxxxxxxxxxx>]

Tim, there is a version of my XVirus.rc file posted here:

http://webfavor.com/XVirus.rc

I haven't bothered to update it for awhile - once I started
running virussnag.rc and ClamAV I stopped seeing any viruses
- but it will get you started. Actually, at this point I'm
not sure it does much different than virussnag.rc would do
on it's own, but its a small file with short recipes, and it
does weed out files with suspicious attachments at the start
-- so I think running it first probably does add to overall
load efficiency. I catch a LOT of email with suspicious
attachments.

Note: It's probably safe to /dev/null everything rather than
send it to a quarantine file -- if you do use a quarantine
file, then you also need to have some sort of archive or
savelogs routine going to periodically refresh or compress
the files, otherwise with a high volume of mail these files
can get very large. You will see that my recipes only send
the headers to the quarantine files -- I don't save the
attachments.

-Abigail

Thursday, September 23, 2004, 1:09:52 PM, you wrote:

> This email below from you to the vps-mail list was the final AHA! I
> needed to get clamscan working with my procmail and spamassassin..
> Thanks so very much!

> I'm curious about your custom file:

> ## My Custom Antivirus File:
> INCLUDERC=/usr/local/etc/XVirus.rc

> Is this something that you would like to share?  Seems like you have a
> good system using a procmail include to catch the popular viruses not to
> overtax ClamScan.. looks like a very good idea to me!

> Thanks a million... I finally got to say eureka! :)

> -Tim Smith


>         From:   Abigail Marshall <abigail@xxxxxxxxxxxx>
> Reply-To:       vps-mail@xxxxxxxxxxxx
> To:     Andy McKell, FOCUS Internet <vps-mail@xxxxxxxxxxxx>
> Subject:        Re[3]: [vps-mail] Separate Mail Server
> Date:   Thu, 23 Sep 2004 02:52:47 -0700 
>> How do you force procmail (and virussnag.rc) to run before ClamAV? I
>> thought procmail was run just before the mail hits the mailbox and
> that's
>> why it doesn't run on mail forwarded off the server to an external
> mailbox?

> I'm running Clamav FROM procmail - the procmail file looks
> like this:

> VERBOSE=off
> LOGABSTRACT=yes
> COMSAT=no
> LOGFILE=/var/log/procmail.log

> # Whitelist - Email that should get always get through:
> :0 H:
> * 1100^0 ^To:.*abuse@
> * 1100^0 ^From:.*root@mydomain\.com
> $DEFAULT

> #####################################
> # Scan Mail for Viruses:
> #####################################

> ## My Custom Antivirus File:
> INCLUDERC=/usr/local/etc/XVirus.rc

> ## Virus Snaggers, ver. 1.6.1
> ## See http://www.spamless.us/pub/procmail/virussnag.rc
> MYVIRUS = /var/mail/quarantine/virussnag
> INCLUDERC=/usr/local/etc/virussnag.rc


> ## BEGIN ClamAV version 0.67-1

> TMPLOGFILE=$LOGFILE
> TMPLOGABSTRACT=$LOGABSTRACT
> TMPLOGABSTRACT=$LOGABSTRACT
> TMPVERBOSE=$VERBOSE

> LOGFILE=/var/log/procmail.clamav
> LOGABSTRACT=yes
> VERBOSE=off
> NL="
> "

> :0
> CLAMAV=|/usr/local/bin/clamscan --disable-summary --stdout --mbox -

> :0
> * CLAMAV ?? .*: \/.* FOUND
> {
>   LOG="Possible virus ${MATCH}${NL}"

>   :0 fhw
>   | formail -a"X-ClamAV: ${MATCH}"
> }

> :0E fhw
> | formail -a"X-ClamAV: clean"

> :0
> * ^X-ClamAV: \/.*
> * ! MATCH ?? ^^clean^^

> /dev/null

> LOGFILE=$TMPLOGFILE
> LOGABSTRACT=$TMPLOGABSTRACT
> VERBOSE=$TMPVERBOSE

> ## END ClamAV version 0.67-1


> ++++++++




======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).