Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Clamscan: how to tell which message number in an mbox?

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


q-funk at pp

Aug 21, 2003, 3:23 PM

Post #1 of 6 (823 views)
Permalink
Clamscan: how to tell which message number in an mbox?

Greetings,

I installed clamav to scan mails from work (I telework and the stupid company
doesn't scan emails for possible viruses) and doing a quick run of clamscan
indeed found one virus. The problem is we're dealing with a mailfile (mbox) and
I simply cannot afford to delete the whole inbox file; I need clamscan to be
precise as to which e-mail message contains the virus, so that I can simply
delete that specific message. Giving the offending message's Subject line would
be enough to at least locate it. Is this possible and how? Thanks!

--
Martin-Éric Racine
http://www.pp.fishpool.fi/~q-funk/


kevins at bmrb

Aug 21, 2003, 4:00 PM

Post #2 of 6 (810 views)
Permalink
Re: Clamscan: how to tell which message number in an mbox? [In reply to]

On Wed, 2003-08-20 at 17:12, Martin-Éric Racine wrote:
> Greetings,
>
> I installed clamav to scan mails from work (I telework and the stupid company
> doesn't scan emails for possible viruses) and doing a quick run of clamscan
> indeed found one virus. The problem is we're dealing with a mailfile (mbox) and
> I simply cannot afford to delete the whole inbox file; I need clamscan to be
> precise as to which e-mail message contains the virus, so that I can simply
> delete that specific message. Giving the offending message's Subject line would
> be enough to at least locate it. Is this possible and how? Thanks!
>
I guessing (from its name) that you could use this tool...
http://sageshome.net/oss/mbox2mdir.php
to extract all the messages to seperate files, which you could then scan
with clamscan.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.


ronanl at melim

Aug 22, 2003, 4:45 AM

Post #3 of 6 (809 views)
Permalink
Re: Clamscan: how to tell which message number in an mbox? [In reply to]

Kevin,

> I guessing (from its name) that you could use this tool...
> http://sageshome.net/oss/mbox2mdir.php
> to extract all the messages to seperate files, which you could then scan
> with clamscan.

For all I have understood about the question I think it
don't solve his problem.

mbox2mdir should (probably) just change the location of the
user mail file from /var/mail to /home/user/Mail

I think his question was: How can I remove just one message
from user mail file with many messages?

But, unfortunatly don't know the answer, too.

Ronan


danne at wiberg

Aug 22, 2003, 5:42 AM

Post #4 of 6 (811 views)
Permalink
Re: Clamscan: how to tell which message number in an mbox? [In reply to]

On Fri, Aug 22, 2003 at 08:44:37AM -0300, Ronan Lucio wrote:
>
> > I guessing (from its name) that you could use this tool...
> > http://sageshome.net/oss/mbox2mdir.php
> > to extract all the messages to seperate files, which you could then scan
> > with clamscan.
>
> For all I have understood about the question I think it
> don't solve his problem.
>
> mbox2mdir should (probably) just change the location of the
> user mail file from /var/mail to /home/user/Mail
>
> I think his question was: How can I remove just one message
> from user mail file with many messages?
>
> But, unfortunatly don't know the answer, too.

Delete a mail from a mailfile can be done manually, so that shouldn't be a
problem. As far as I understand it the problem was he had a virusinfected
mail in his mailbox, but didn't know which. As maildir format use separate
files the idea is good, but I don't think ClamAV can handle maildir format
yet.

ClamAV should report the name of the infected attachment, so you could just
search the mbox file for the attachment name, and remove the email
containing that attachment manually.

Hope it helps.

//daniel wiberg

--
www.wiberg.nu


tk at lodz

Aug 22, 2003, 11:58 AM

Post #5 of 6 (812 views)
Permalink
Re: Clamscan: how to tell which message number in an mbox? [In reply to]

On Wed, 20 Aug 2003 19:12:59 +0300 (EEST)
Martin- <q-funk [at] pp> wrote:

> Greetings,
>
> I installed clamav to scan mails from work (I telework and the stupid
> company doesn't scan emails for possible viruses) and doing a quick
> run of clamscan indeed found one virus. The problem is we're dealing
> with a mailfile (mbox) and I simply cannot afford to delete the whole
> inbox file; I need clamscan to be precise as to which e-mail message
> contains the virus, so that I can simply delete that specific message.
> Giving the offending message's Subject line would

Please install some newer clamav version (see clamav.sf.net/snapshot or
CVS) and then turn on the --debug option. This will enable a debug
output in the mbox code and you will be able to localize the infected
message.

Best regards,
Tomasz Kojm
--
oo ..... zolw [at] konarski
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl


jef at math

Aug 23, 2003, 4:13 AM

Post #6 of 6 (813 views)
Permalink
Re: Clamscan: how to tell which message number in an mbox? [In reply to]

On Fri, 22 Aug 2003, Daniel Wiberg wrote:
> Delete a mail from a mailfile can be done manually, so that shouldn't be a
> problem.

I use a nice little utility called "mboxgrep", which you can also use to
remove spam and such once it's already been delivered on your system.

You can do something like this with it:
# mboxgrep -v "spam/virus text you're searching for" mailboxfile > mailboxfile.tmp
# mv mailboxfile.tmp mailboxfile

I have a little script that's a bit safer than that (makes backup copies,
in case mboxgrep bombs or something), but you get the idea. It's really
useful and clean.

Basically, it treats a single message the same way grep treats a single
line of text.

Jeffrey Moskot
System Administrator
jef [at] math

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.