Mailing List Archive: SpamAssassin: users

bringing clamav into the loop?

Index | Next | Previous | View Threaded

gene.heskett at verizon

Oct 31, 2009, 6:16 AM

Post #1 of 19 (1286 views)
Permalink

bringing clamav into the loop?

Greetings;

Does anyone have a procmail recipe that incorporates clamav into the checks,
and one that handles the clamav output to /dev/null the viri etc?

At least I assume clamav doesn't auto-delete, I've not yet studied all the
docs, but do have freshclam running apparently ok.

Thanks everybody.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

If your happiness depends on what somebody else does, I guess you do
have a problem.
-- Richard Bach, "Illusions"

scheidell at secnap

Oct 31, 2009, 6:19 AM

Post #2 of 19 (1256 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

Gene Heskett wrote:
> Greetings;
>
> Does anyone have a procmail recipe that incorporates clamav into the checks,
> and one that handles the clamav output to /dev/null the viri etc?
>
>
amavisd handles both SA and clamav, and unlike SA, can quarantine or
delete the viri.
(but it handles user based scoreing and bayes WAY different)

you could check that out.

> At least I assume clamav doesn't auto-delete, I've not yet studied all the
> docs, but do have freshclam running apparently ok.
>
> Thanks everybody.
>
>

--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

sa-list at alexb

Oct 31, 2009, 6:25 AM

Post #3 of 19 (1249 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On 10/31/2009 2:16 PM, Gene Heskett wrote:
> Greetings;
>
> Does anyone have a procmail recipe that incorporates clamav into the checks,
> and one that handles the clamav output to /dev/null the viri etc?
>
> At least I assume clamav doesn't auto-delete, I've not yet studied all the
> docs, but do have freshclam running apparently ok.

this works for me:

:0cW
|clamdscan --no-summary --stdout -
CLAMAV_CODE=$?

:0
* CLAMAV_CODE ?? 1
/dev/null

gene.heskett at verizon

Oct 31, 2009, 6:29 AM

Post #4 of 19 (1256 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, Michael Scheidell wrote:
>Gene Heskett wrote:
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks, and one that handles the clamav output to /dev/null the viri etc?
>
>amavisd handles both SA and clamav, and unlike SA, can quarantine or
>delete the viri.
>(but it handles user based scoreing and bayes WAY different)
>
>you could check that out.

It seem that I have an amivisd-new already installed. Only html docs, which
I guess I'm gonna have to get used to. I'll take a look at them.

Thanks.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

So far we've managed to avoid turning Perl into APL. :-)
-- Larry Wall in <199702251904.LAA28261 [at] wall>

gene.heskett at verizon

Oct 31, 2009, 6:33 AM

Post #5 of 19 (1251 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, Yet Another Ninja wrote:
>On 10/31/2009 2:16 PM, Gene Heskett wrote:
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks, and one that handles the clamav output to /dev/null the viri etc?
>>
>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>> the docs, but do have freshclam running apparently ok.
>
>this works for me:
>:0cW
>:
>|clamdscan --no-summary --stdout -
>
>CLAMAV_CODE=$?
>
>:0
>
>* CLAMAV_CODE ?? 1
>/dev/null
>
This looks like what I had in mind. But since I don't have that part checked
out yet, would it then delete the mail because clamdscan had an error? I'll
enable the second after the first is working. :)

Many Thanks.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

"`If there's anything more important than my ego around, I
want it caught and shot now.'"

- Zaphod.

sa-list at alexb

Oct 31, 2009, 6:41 AM

Post #6 of 19 (1248 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On 10/31/2009 2:33 PM, Gene Heskett wrote:
> On Saturday 31 October 2009, Yet Another Ninja wrote:
>> On 10/31/2009 2:16 PM, Gene Heskett wrote:
>>> Greetings;
>>>
>>> Does anyone have a procmail recipe that incorporates clamav into the
>>> checks, and one that handles the clamav output to /dev/null the viri etc?
>>>
>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>> the docs, but do have freshclam running apparently ok.
>> this works for me:
>> :0cW
>> :
>> |clamdscan --no-summary --stdout -
>>
>> CLAMAV_CODE=$?
>>
>> :0
>>
>> * CLAMAV_CODE ?? 1
>> /dev/null
>>
> This looks like what I had in mind. But since I don't have that part checked
> out yet, would it then delete the mail because clamdscan had an error? I'll
> enable the second after the first is working. :)

it will only delete the msg if clamdscan returns code 1
if it errors out, it won't return code 1

running only the first part will only show it did something if you
enable procmail logging

sa-list at alexb

Oct 31, 2009, 6:43 AM

Post #7 of 19 (1250 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On 10/31/2009 2:33 PM, Gene Heskett wrote:
> On Saturday 31 October 2009, Yet Another Ninja wrote:
>> On 10/31/2009 2:16 PM, Gene Heskett wrote:
>>> Greetings;
>>>
>>> Does anyone have a procmail recipe that incorporates clamav into the
>>> checks, and one that handles the clamav output to /dev/null the viri etc?
>>>
>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>> the docs, but do have freshclam running apparently ok.
>> this works for me:
>> :0cW
>> :
>> |clamdscan --no-summary --stdout -
>>
>> CLAMAV_CODE=$?
>>
>> :0
>>
>> * CLAMAV_CODE ?? 1
>> /dev/null
>>
> This looks like what I had in mind. But since I don't have that part checked
> out yet, would it then delete the mail because clamdscan had an error? I'll
> enable the second after the first is working. :)

my recipe was stolen from this

see
http://wiki.clamav.net/bin/view/Main/ClamAndProcmail

gene.heskett at verizon

Oct 31, 2009, 6:52 AM

Post #8 of 19 (1257 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, Yet Another Ninja wrote:
>On 10/31/2009 2:33 PM, Gene Heskett wrote:
>> On Saturday 31 October 2009, Yet Another Ninja wrote:
>>> On 10/31/2009 2:16 PM, Gene Heskett wrote:
>>>> Greetings;
>>>>
>>>> Does anyone have a procmail recipe that incorporates clamav into the
>>>> checks, and one that handles the clamav output to /dev/null the viri
>>>> etc?
>>>>
>>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>>> the docs, but do have freshclam running apparently ok.
>>>
>>> this works for me:
>>> :0cW
>>> :
>>> |clamdscan --no-summary --stdout -
>>>
>>> CLAMAV_CODE=$?
>>>
>>> :0
>>>
>>> * CLAMAV_CODE ?? 1
>>> /dev/null
>>
>> This looks like what I had in mind. But since I don't have that part
>> checked out yet, would it then delete the mail because clamdscan had an
>> error? I'll enable the second after the first is working. :)
>
>it will only delete the msg if clamdscan returns code 1
>if it errors out, it won't return code 1
>
>running only the first part will only show it did something if you
>enable procmail logging

It is enabled, and a tail shows this:

procmail: Executing "clamdscan,--no-summary,--stdout,-"
procmail: Non-zero exitcode (2) from "clamdscan"
procmail: Assigning "LASTFOLDER=clamdscan --no-summary --stdout -"
procmail: Assigning "CLAMAV_CODE=2"

for every msg so far. Now I need to grok what the error is. It may be that
I need to tell clamdscan who it is running as since its is not running as the
user clamav.

Thanks

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

The F-15 Eagle:
If it's up, we'll shoot it down. If it's down, we'll blow it up.
-- A McDonnel-Douglas ad from a few years ago

support-spamassassin at oeko

Oct 31, 2009, 9:56 AM

Post #9 of 19 (1255 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

Hi,

On Sat, 31.10.2009 at 09:16:07 -0400, Gene Heskett <gene.heskett [at] verizon> wrote:
> Does anyone have a procmail recipe that incorporates clamav into the checks,
> and one that handles the clamav output to /dev/null the viri etc?

which mail system do you use?

I'm using this setup together with qmail-ldap and qmail-scanner, and it
works like a charm, but of course, your requirements might be vastly
different.

Kind regards,
--Toni++

antispam at khopis

Oct 31, 2009, 10:50 AM

Post #10 of 19 (1250 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

Yet Another Ninja wrote:
> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>> This looks like what I had in mind. But since I don't have that part
>> checked out yet, would it then delete the mail because clamdscan had
>> an error? I'll enable the second after the first is working. :)
>
> my recipe was stolen from this
>
> see
> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail

I like this one better ... it shows the scan results.
http://wiki.apache.org/spamassassin/FilteringViruses

(Odd that the SA wiki's version is more complete than Clam's...)

There's also an SA plugin that can call ClamAV, see
http://wiki.apache.org/spamassassin/ClamAVPlugin

However, I highly recommend something that interacts at SMTP-time so
that a 500-series reject notice can be issued, letting the sender know
that the message wasn't delivered due to its virus/malware content (I
also feel this way about spam filtering).

Also note (and this is a current predicament on my own deployment) that
clamdscan (as well as clamav-milter, which is what I use) is incapable
of breaking some attachments out of emails; an EICAR test attached with
Thunderbird still gets delivered in all three of the above
implementations on my system.

jdow at earthlink

Oct 31, 2009, 11:21 AM

Post #11 of 19 (1242 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

From: "Gene Heskett" <gene.heskett [at] verizon>
Sent: Saturday, 2009/October/31 06:16

> Greetings;
>
> Does anyone have a procmail recipe that incorporates clamav into the
> checks,
> and one that handles the clamav output to /dev/null the viri etc?
>
> At least I assume clamav doesn't auto-delete, I've not yet studied all the
> docs, but do have freshclam running apparently ok.
>
> Thanks everybody.
>
> --
> Cheers, Gene

http://wiki.apache.org/spamassassin/ClamAVPlugin

{^_^}

gene.heskett at verizon

Oct 31, 2009, 11:24 AM

Post #12 of 19 (1243 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, Adam Katz wrote:
>Yet Another Ninja wrote:
>> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>>> This looks like what I had in mind. But since I don't have that part
>>> checked out yet, would it then delete the mail because clamdscan had
>>> an error? I'll enable the second after the first is working. :)
>>
>> my recipe was stolen from this
>>
>> see
>> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail
>
>I like this one better ... it shows the scan results.
>http://wiki.apache.org/spamassassin/FilteringViruses
>
>(Odd that the SA wiki's version is more complete than Clam's...)
>
>There's also an SA plugin that can call ClamAV, see
>http://wiki.apache.org/spamassassin/ClamAVPlugin
>
>However, I highly recommend something that interacts at SMTP-time so
>that a 500-series reject notice can be issued, letting the sender know
>that the message wasn't delivered due to its virus/malware content (I
>also feel this way about spam filtering).

Is this possible by the users of fetchmail or mpop?

I wasn't aware that a pop client has the rights to issue a 500 reject to a
pop3 server.. In addition to trying to get clamav running from a procmail
recipe, I am looking into replacing fetchmail with mpop.

>Also note (and this is a current predicament on my own deployment) that
>clamdscan (as well as clamav-milter, which is what I use) is incapable
>of breaking some attachments out of emails; an EICAR test attached with
>Thunderbird still gets delivered in all three of the above
>implementations on my system.
>

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

What I tell you three times is true.
-- Lewis Carroll

jdow at earthlink

Oct 31, 2009, 11:26 AM

Post #13 of 19 (1244 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

From: "Adam Katz" <antispam [at] khopis>
Sent: Saturday, 2009/October/31 10:50

> Yet Another Ninja wrote:
>> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>>> This looks like what I had in mind. But since I don't have that part
>>> checked out yet, would it then delete the mail because clamdscan had
>>> an error? I'll enable the second after the first is working. :)
>>
>> my recipe was stolen from this
>>
>> see
>> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail
>
> I like this one better ... it shows the scan results.
> http://wiki.apache.org/spamassassin/FilteringViruses
>
> (Odd that the SA wiki's version is more complete than Clam's...)
>
> There's also an SA plugin that can call ClamAV, see
> http://wiki.apache.org/spamassassin/ClamAVPlugin
>
> However, I highly recommend something that interacts at SMTP-time so
> that a 500-series reject notice can be issued, letting the sender know
> that the message wasn't delivered due to its virus/malware content (I
> also feel this way about spam filtering).
>
> Also note (and this is a current predicament on my own deployment) that
> clamdscan (as well as clamav-milter, which is what I use) is incapable
> of breaking some attachments out of emails; an EICAR test attached with
> Thunderbird still gets delivered in all three of the above
> implementations on my system.

Some of us use fetchmail rather than run a real server. That rather moots
your comment. (I remember helping Gene decouple SpamAssassin from his
email program. He was getting annoyed at the time it took to load emails.
With fetchmail, procmail, and dovecot or equivalents, you can do a rather
creditable job. But you cannot issue a 500. {^_-})

{^_^}

karlp at ourldsfamily

Oct 31, 2009, 12:03 PM

Post #14 of 19 (1242 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
> Greetings;
>
> Does anyone have a procmail recipe that incorporates clamav into the
> checks,
> and one that handles the clamav output to /dev/null the viri etc?
>
> At least I assume clamav doesn't auto-delete, I've not yet studied all
> the
> docs, but do have freshclam running apparently ok.
>
> Thanks everybody.
>

I use ClamAV-milter at MTA level at the gateway. In the new version of
ClamAV, email is not deleted, but is quarantined within sendmail itself.

I run a cron job against the sendmail queue and send myself a report on
each quarantined email, then remove them. With sendmail this is done
with these two commands:

report each:
mailq -qQ
remove from quarantine and delete:
sendmail -qQ

Very useful and the virus infected emails don't get inside my network
anywhere, which if using procmail/SpamAssassin, they would have to. My
network is protected from both the viruses and the waste of email
traffic.

HTH,

Karl

> --
> Cheers, Gene
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> The NRA is offering FREE Associate memberships to anyone who wants them.
> <https://www.nrahq.org/nrabonus/accept-membership.asp>
>
> If your happiness depends on what somebody else does, I guess you do
> have a problem.
> -- Richard Bach, "Illusions"
>

---
Karl Pearson
Karlp [at] ourldsfamily
Owner/Administrator of the sites at
http://ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---
Democracy is two wolves and a lamb voting on what to have
for lunch. Liberty is a well-armed lamb contesting the vote.
--Benjamin Franklin
---

gene.heskett at verizon

Oct 31, 2009, 1:00 PM

Post #15 of 19 (1239 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, jdow wrote:
>From: "Gene Heskett" <gene.heskett [at] verizon>
>Sent: Saturday, 2009/October/31 06:16
>
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks,
>> and one that handles the clamav output to /dev/null the viri etc?
>>
>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>> the docs, but do have freshclam running apparently ok.
>>
>> Thanks everybody.
>
>http://wiki.apache.org/spamassassin/ClamAVPlugin
>
>{^_^}
>
Unforch, the dependencies don't seem to be installable, even with a fresh
cpan on F10. It needs the Net::Ident kit, an apparently deprecated package as
far as buildability by cpan goes:
===================
cpan[9]> install Net::Ident
Running install for module 'Net::Ident'
Running make for J/JP/JPC/Net-Ident-1.20.tar.gz
Has already been unwrapped into directory /root/.cpan/build/Net-
Ident-1.20-5nmQuD
Has already been made
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/0use.t .... Net::Ident::_export_hooks() called too early to check prototype
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/0use.t .... ok
t/apache.t .. Net::Ident::_export_hooks() called too early to check prototype
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/apache.t .. skipped: (no reason given)
t/compat.t .. Net::Ident::_export_hooks() called too early to check prototype
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/compat.t .. skipped: (no reason given)
t/Ident.t ... Net::Ident::_export_hooks() called too early to check prototype
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/Ident.t ... Failed 3/8 subtests

Test Summary Report
-------------------
t/Ident.t (Wstat: 0 Tests: 8 Failed: 3)
Failed tests: 1-3
Files=4, Tests=9, 112 wallclock secs ( 0.04 usr 0.01 sys + 2.17 cusr 0.47
csys = 2.69 CPU)
Result: FAIL
Failed 1/4 test programs. 3/9 subtests failed.
make: *** [test_dynamic] Error 255
JPC/Net-Ident-1.20.tar.gz
/usr/bin/make test -- NOT OK
//hint// to see the cpan-testers results for installing this module, try:
reports JPC/Net-Ident-1.20.tar.gz
Warning (usually harmless): 'YAML' not installed, will not store persistent
state
Running make install
make test had returned bad status, won't install without force
Failed during this command:
JPC/Net-Ident-1.20.tar.gz : make_test NO

cpan[10]>
====================

Ideas?

Toss in that Fedora's clamav packages are about 4 versions out of date.
Fedora list Cc:'d

Thanks Joanne.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

Any sufficiently advanced technology is indistinguishable from a rigged demo.

gene.heskett at verizon

Oct 31, 2009, 1:06 PM

Post #16 of 19 (1239 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, jdow wrote:
>From: "Adam Katz" <antispam [at] khopis>
>Sent: Saturday, 2009/October/31 10:50
>
>> Yet Another Ninja wrote:
>>> On 10/31/2009 2:33 PM, Gene Heskett wrote:
>>>> This looks like what I had in mind. But since I don't have that part
>>>> checked out yet, would it then delete the mail because clamdscan had
>>>> an error? I'll enable the second after the first is working. :)
>>>
>>> my recipe was stolen from this
>>>
>>> see
>>> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail
>>
>> I like this one better ... it shows the scan results.
>> http://wiki.apache.org/spamassassin/FilteringViruses
>>
>> (Odd that the SA wiki's version is more complete than Clam's...)
>>
>> There's also an SA plugin that can call ClamAV, see
>> http://wiki.apache.org/spamassassin/ClamAVPlugin
>>
>> However, I highly recommend something that interacts at SMTP-time so
>> that a 500-series reject notice can be issued, letting the sender know
>> that the message wasn't delivered due to its virus/malware content (I
>> also feel this way about spam filtering).
>>
>> Also note (and this is a current predicament on my own deployment) that
>> clamdscan (as well as clamav-milter, which is what I use) is incapable
>> of breaking some attachments out of emails; an EICAR test attached with
>> Thunderbird still gets delivered in all three of the above
>> implementations on my system.
>
>Some of us use fetchmail rather than run a real server. That rather moots
>your comment. (I remember helping Gene decouple SpamAssassin from his
>email program. He was getting annoyed at the time it took to load emails.
>With fetchmail, procmail, and dovecot or equivalents, you can do a rather
>creditable job. But you cannot issue a 500. {^_-})

I'd settle for a /dev/null ;-)

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

<knghtbrd> *sigh* My todo list is like the fucking energizer bunny
<knghtbrd> It keeps growing and growing and growing and ...

gene.heskett at verizon

Oct 31, 2009, 1:10 PM

Post #17 of 19 (1244 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, Karl Pearson wrote:
>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
>> Greetings;
>>
>> Does anyone have a procmail recipe that incorporates clamav into the
>> checks,
>> and one that handles the clamav output to /dev/null the viri etc?
>>
>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>> the
>> docs, but do have freshclam running apparently ok.
>>
>> Thanks everybody.
>
>I use ClamAV-milter at MTA level at the gateway. In the new version of
>ClamAV, email is not deleted, but is quarantined within sendmail itself.
>
I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron
(or storage, its booting from a cf card) to pull that off, even if I could
figure out how to make it an email proxy server.

>I run a cron job against the sendmail queue and send myself a report on
>each quarantined email, then remove them. With sendmail this is done
>with these two commands:
>
>report each:
>mailq -qQ
>remove from quarantine and delete:
>sendmail -qQ
>
>Very useful and the virus infected emails don't get inside my network
>anywhere, which if using procmail/SpamAssassin, they would have to. My
>network is protected from both the viruses and the waste of email
>traffic.

Twould be nice, but I'd settle for a couple of lines in the procmail.log
indicating it was sent to /dev/null.
>
>HTH,
>
>Karl
>
>> --
>> Cheers, Gene
>> "There are four boxes to be used in defense of liberty:
>> soap, ballot, jury, and ammo. Please use in that order."
>> -Ed Howdershelt (Author)
>> The NRA is offering FREE Associate memberships to anyone who wants them.
>> <https://www.nrahq.org/nrabonus/accept-membership.asp>
>>
>> If your happiness depends on what somebody else does, I guess you do
>> have a problem.
>> -- Richard Bach, "Illusions"
>
>---
>Karl Pearson
>Karlp [at] ourldsfamily
>Owner/Administrator of the sites at
>http://ourldsfamily.com
>---
>"To mess up your Linux PC, you have to really work at it;
> to mess up a microsoft PC you just have to work on it."
>---
> Democracy is two wolves and a lamb voting on what to have
> for lunch. Liberty is a well-armed lamb contesting the vote.
> --Benjamin Franklin
>---
>

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

<knghtbrd> *sigh* My todo list is like the fucking energizer bunny
<knghtbrd> It keeps growing and growing and growing and ...

jdow at earthlink

Oct 31, 2009, 6:28 PM

Post #18 of 19 (1233 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

From: "Gene Heskett" <gene.heskett [at] verizon>
Sent: Saturday, 2009/October/31 13:10

> On Saturday 31 October 2009, Karl Pearson wrote:
>>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
>>> Greetings;
>>>
>>> Does anyone have a procmail recipe that incorporates clamav into the
>>> checks,
>>> and one that handles the clamav output to /dev/null the viri etc?
>>>
>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>> the
>>> docs, but do have freshclam running apparently ok.
>>>
>>> Thanks everybody.
>>
>>I use ClamAV-milter at MTA level at the gateway. In the new version of
>>ClamAV, email is not deleted, but is quarantined within sendmail itself.
>>
> I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron
> (or storage, its booting from a cf card) to pull that off, even if I could
> figure out how to make it an email proxy server.
>
>>I run a cron job against the sendmail queue and send myself a report on
>>each quarantined email, then remove them. With sendmail this is done
>>with these two commands:
>>
>>report each:
>>mailq -qQ
>>remove from quarantine and delete:
>>sendmail -qQ
>>
>>Very useful and the virus infected emails don't get inside my network
>>anywhere, which if using procmail/SpamAssassin, they would have to. My
>>network is protected from both the viruses and the waste of email
>>traffic.
>
> Twould be nice, but I'd settle for a couple of lines in the procmail.log
> indicating it was sent to /dev/null.

:0:
* ^X-Spam-Status: .*CLAMAV.*
/dev/null

But that requires making the clamav plugin work.

{o.o}

gene.heskett at verizon

Oct 31, 2009, 7:56 PM

Post #19 of 19 (1237 views)
Permalink

Re: bringing clamav into the loop? [In reply to]

On Saturday 31 October 2009, jdow wrote:
>From: "Gene Heskett" <gene.heskett [at] verizon>
>Sent: Saturday, 2009/October/31 13:10
>
>> On Saturday 31 October 2009, Karl Pearson wrote:
>>>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
>>>> Greetings;
>>>>
>>>> Does anyone have a procmail recipe that incorporates clamav into the
>>>> checks,
>>>> and one that handles the clamav output to /dev/null the viri etc?
>>>>
>>>> At least I assume clamav doesn't auto-delete, I've not yet studied all
>>>> the
>>>> docs, but do have freshclam running apparently ok.
>>>>
>>>> Thanks everybody.
>>>
>>>I use ClamAV-milter at MTA level at the gateway. In the new version of
>>>ClamAV, email is not deleted, but is quarantined within sendmail itself.
>>
>> I don't believe the gateway I'm using (x86 version of dd-wrt) has the
>> iron (or storage, its booting from a cf card) to pull that off, even if I
>> could figure out how to make it an email proxy server.
>>
>>>I run a cron job against the sendmail queue and send myself a report on
>>>each quarantined email, then remove them. With sendmail this is done
>>>with these two commands:
>>>
>>>report each:
>>>mailq -qQ
>>>remove from quarantine and delete:
>>>sendmail -qQ
>>>
>>>Very useful and the virus infected emails don't get inside my network
>>>anywhere, which if using procmail/SpamAssassin, they would have to. My
>>>network is protected from both the viruses and the waste of email
>>>traffic.
>>
>> Twould be nice, but I'd settle for a couple of lines in the procmail.log
>> indicating it was sent to /dev/null.
>>
>:0:
>
>* ^X-Spam-Status: .*CLAMAV.*
>/dev/null
>
>But that requires making the clamav plugin work.
>
>{o.o}
>
Which I haven't succeeded in yet my dear. Too many perl deps can't be found.
I think, its getting late here. :)

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

You can make it illegal, but you can't make it unpopular.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads