RE: Anyone here use clamav?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>Two more questions.

>#1 - What do you do with an mbox that is infected? On my scan it said
>there was something infected in evolution. How do I find out what email
>that is?

>#2 - It turned up infected messages in Pan. Is there any way to filter
>these?

>Preston


Hi Preston,

I'm not saying this is the "best" solution, but this is what one of our
people (Brian Young) does for one client:

(Things you need to change are inside square brackets: "[.*]"...

He set up a shell script:

	#!/bin/sh
	# Don't run this in the actual mail directory (/var/spool/mail, for
example!)

	# Get mail box info
	 echo "Enter Users Mailbox Name"
	 read fname

	# Clear any old message files from current directory
	 # rm -f mail* (if you're feeling confident!) (but there shouldn't be any
anyway!)
	 rm mail*

	# copy mailbox to local directory.
	 cp [path-to-mailbox-to-be-scanned]/$fname .

	# Set rights (as you are probably running as root.)
	 chown $fname $fname
	 chgrp mail $fname
	 chmod 660 $fname

	# split the mailbox into individual messages (kludgy)
	# formail comes with procmail, writeit is a Perl program (below)
	 cat $fname|formail -s ./writeit

	# Scan the component messages, remove infected files
	# The log file can go anywhere, make sure it's a valid path you have rw to.
	 clamscan --mbox -r --log=[path-to]/viruses.txt --remove mail*

	# Glue the remaining files together and move back to original location
	 cat mail* > $fname
	 rm -f mail*
	 mv -f $fname [path-to-mailbox-to-be-scanned]

	# Send a note describing the mess to yourself
	 sendmail [youremail@xxxxxxxxxxxxxxx] < [path-to]/viruses.txt
	 rm -f [path-to]/viruses.txt


Writeit "Program"

	#!/usr/bin/perl
	undef $count;
	open (C, "<[path-to]/count");
	while (<C>) {if (! $count) {$count=$_;}}
	close C;
	open (C, ">count");
	$count++;
	print C "$count";
	close C;
	open (OUT, ">mail$count.mbx");   #Leave mail, but replace broker with users
mailbox name
	while (<STDIN>) {print OUT "$_"};
	close OUT;

Count File
	Make a file called [path-to]/count with 0 as the first line

I'd play with this on a *copy* of the mail until you get it working the way
you want it to...

Bob
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux