dino at tuxweb
Oct 22, 2009, 10:57 AM
Post #1 of 1
(269 views)
Permalink
|
|
GPLv2 clamdscan mail frontend named scandalo
|
|
Sorry if this is a OT for clamav-users, but may be someone will consider
this useful.
I wrote a simple GPLv2 clamdscan frontend (in C, for linux) that can be
mail piped from an external MTA or MUA to create a very fast and efficient
mail virus filtering solution.
It's a fast, simple and sysadmin friendly mailfilter that pipes your
incoming mail to clamdscan, uses clamd daemon to check your mail from
viruses and adds mail headers that you can check (for example with
maildrop) to see if the mail contains a virus (or phishing signatures).
You can download "scandalo 1.0 stable" from here:
http://www.tuxweb.it/?section=progetti/scandalo&user_lang=en
Install automake, then:
# ./configure
# make
# make install
Now lets do it a try:
Feed it with a virus...
# cat "test/test_virus.eml | /usr/local/bin/scandalo"
From: <dino [at] test>
To: <dino [at] test>
Subject: Test
X-VirScanBy: scandalo 1.0 Stable
X-Virus-Ret: 1
X-Virus-stream: Eicar-Test-Signature FOUND
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Now, feed it with a normal email:
# cat "test/test_novirus.eml | /usr/local/bin/scandalo"
From: <dino [at] test>
To: <dino [at] test>
Subject: Test
X-VirScanBy: scandalo 1.0 Stable
X-Virus-Ret: 0
X-Virus-stream: OK
This is not a virus mail.
Please let me know if it can be useful to someone.
Sorry for the OT, hope this help.
This is an example of maildrop rules I use:
VIRUSDIR='Virus'
# Scan the mail message for viruses
xfilter "/usr/bin/scandalo"
if ((/^X-Virus-Ret: 1/) && (/^X-Virus-stream: !.*/))
{
echo "Virus found: $MATCH2."
`test -d ./Maildir/.$VIRUSDIR` # make sure .Virus folder exists if(
$RETURNCODE == 1 )
{
echo "Virus maildir does not exist"
echo "Creating Maildir/.$VIRUSDIR "
# This is used to create the virus maildir if it does not exists.
DIRMAKE=`/opt/courier/bin/maildirmake -f $VIRUSDIR ./Maildir` `echo
"INBOX.$VIRUSDIR" >> ./Maildir/courierimapsubscribed`
}
to "./Maildir/.$VIRUSDIR/."
}
Ciao, Dino.
-----------------
TuxWeb S.r.l. - InfoServices EveryWhere - http://www.tuxweb.it
Soluzioni informatiche, sviluppo, applicazioni web, consulenze sistemistiche e su prodotti opensource, corsi Linux e molto altro ancora! Per maggiori informazioni scrivi a info [at] tuxweb
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
|
