bringing clamav into the loop?
|
View:
New views
19 Messages
—
Rating Filter:
Alert me
|
 |
bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
Greetings;
Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. Thanks everybody. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> If your happiness depends on what somebody else does, I guess you do have a problem. -- Richard Bach, "Illusions" |
|
|
Re: bringing clamav into the loop?
by Michael Scheidell
::
Rate this Message:
Some parts of this message have been removed.
Learn more about Nabble's security policy.
Gene Heskett wrote: amavisd handles both SA and clamav, and unlike SA, can quarantine or delete the viri.Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? (but it handles user based scoreing and bayes WAY different) you could check that out. At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. Thanks everybody. --
Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > | SECNAP Network Security Corporation
This email has been scanned and certified safe by SpammerTrap®.
|
|
|
Re: bringing clamav into the loop?
by Yet Another Ninja
::
Rate this Message:
On 10/31/2009 2:16 PM, Gene Heskett wrote:
> Greetings; > > Does anyone have a procmail recipe that incorporates clamav into the checks, > and one that handles the clamav output to /dev/null the viri etc? > > At least I assume clamav doesn't auto-delete, I've not yet studied all the > docs, but do have freshclam running apparently ok. this works for me: :0cW |clamdscan --no-summary --stdout - CLAMAV_CODE=$? :0 * CLAMAV_CODE ?? 1 /dev/null |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, Michael Scheidell wrote:
>Gene Heskett wrote: >> Greetings; >> >> Does anyone have a procmail recipe that incorporates clamav into the >> checks, and one that handles the clamav output to /dev/null the viri etc? > >amavisd handles both SA and clamav, and unlike SA, can quarantine or >delete the viri. >(but it handles user based scoreing and bayes WAY different) > >you could check that out. It seem that I have an amivisd-new already installed. Only html docs, which I guess I'm gonna have to get used to. I'll take a look at them. Thanks. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> So far we've managed to avoid turning Perl into APL. :-) -- Larry Wall in <199702251904.LAA28261@...> |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, Yet Another Ninja wrote:
>On 10/31/2009 2:16 PM, Gene Heskett wrote: >> Greetings; >> >> Does anyone have a procmail recipe that incorporates clamav into the >> checks, and one that handles the clamav output to /dev/null the viri etc? >> >> At least I assume clamav doesn't auto-delete, I've not yet studied all >> the docs, but do have freshclam running apparently ok. > >this works for me: >:0cW >: >|clamdscan --no-summary --stdout - > >CLAMAV_CODE=$? > >:0 > >* CLAMAV_CODE ?? 1 >/dev/null > out yet, would it then delete the mail because clamdscan had an error? I'll enable the second after the first is working. :) Many Thanks. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> "`If there's anything more important than my ego around, I want it caught and shot now.'" - Zaphod. |
|
|
Re: bringing clamav into the loop?
by Yet Another Ninja
::
Rate this Message:
On 10/31/2009 2:33 PM, Gene Heskett wrote:
> On Saturday 31 October 2009, Yet Another Ninja wrote: >> On 10/31/2009 2:16 PM, Gene Heskett wrote: >>> Greetings; >>> >>> Does anyone have a procmail recipe that incorporates clamav into the >>> checks, and one that handles the clamav output to /dev/null the viri etc? >>> >>> At least I assume clamav doesn't auto-delete, I've not yet studied all >>> the docs, but do have freshclam running apparently ok. >> this works for me: >> :0cW >> : >> |clamdscan --no-summary --stdout - >> >> CLAMAV_CODE=$? >> >> :0 >> >> * CLAMAV_CODE ?? 1 >> /dev/null >> > This looks like what I had in mind. But since I don't have that part checked > out yet, would it then delete the mail because clamdscan had an error? I'll > enable the second after the first is working. :) it will only delete the msg if clamdscan returns code 1 if it errors out, it won't return code 1 running only the first part will only show it did something if you enable procmail logging |
|
|
Re: bringing clamav into the loop?
by Yet Another Ninja
::
Rate this Message:
On 10/31/2009 2:33 PM, Gene Heskett wrote:
> On Saturday 31 October 2009, Yet Another Ninja wrote: >> On 10/31/2009 2:16 PM, Gene Heskett wrote: >>> Greetings; >>> >>> Does anyone have a procmail recipe that incorporates clamav into the >>> checks, and one that handles the clamav output to /dev/null the viri etc? >>> >>> At least I assume clamav doesn't auto-delete, I've not yet studied all >>> the docs, but do have freshclam running apparently ok. >> this works for me: >> :0cW >> : >> |clamdscan --no-summary --stdout - >> >> CLAMAV_CODE=$? >> >> :0 >> >> * CLAMAV_CODE ?? 1 >> /dev/null >> > This looks like what I had in mind. But since I don't have that part checked > out yet, would it then delete the mail because clamdscan had an error? I'll > enable the second after the first is working. :) my recipe was stolen from this see http://wiki.clamav.net/bin/view/Main/ClamAndProcmail |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, Yet Another Ninja wrote:
>On 10/31/2009 2:33 PM, Gene Heskett wrote: >> On Saturday 31 October 2009, Yet Another Ninja wrote: >>> On 10/31/2009 2:16 PM, Gene Heskett wrote: >>>> Greetings; >>>> >>>> Does anyone have a procmail recipe that incorporates clamav into the >>>> checks, and one that handles the clamav output to /dev/null the viri >>>> etc? >>>> >>>> At least I assume clamav doesn't auto-delete, I've not yet studied all >>>> the docs, but do have freshclam running apparently ok. >>> >>> this works for me: >>> :0cW >>> : >>> |clamdscan --no-summary --stdout - >>> >>> CLAMAV_CODE=$? >>> >>> :0 >>> >>> * CLAMAV_CODE ?? 1 >>> /dev/null >> >> This looks like what I had in mind. But since I don't have that part >> checked out yet, would it then delete the mail because clamdscan had an >> error? I'll enable the second after the first is working. :) > >it will only delete the msg if clamdscan returns code 1 >if it errors out, it won't return code 1 > >running only the first part will only show it did something if you >enable procmail logging It is enabled, and a tail shows this: procmail: Executing "clamdscan,--no-summary,--stdout,-" procmail: Non-zero exitcode (2) from "clamdscan" procmail: Assigning "LASTFOLDER=clamdscan --no-summary --stdout -" procmail: Assigning "CLAMAV_CODE=2" for every msg so far. Now I need to grok what the error is. It may be that I need to tell clamdscan who it is running as since its is not running as the user clamav. Thanks -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> The F-15 Eagle: If it's up, we'll shoot it down. If it's down, we'll blow it up. -- A McDonnel-Douglas ad from a few years ago |
|
|
Re: bringing clamav into the loop?
by Toni Mueller-17
::
Rate this Message:
Hi, On Sat, 31.10.2009 at 09:16:07 -0400, Gene Heskett <gene.heskett@...> wrote: > Does anyone have a procmail recipe that incorporates clamav into the checks, > and one that handles the clamav output to /dev/null the viri etc? which mail system do you use? I'm using this setup together with qmail-ldap and qmail-scanner, and it works like a charm, but of course, your requirements might be vastly different. Kind regards, --Toni++ |
|
|
Re: bringing clamav into the loop?
by Adam Katz-10
::
Rate this Message:
Yet Another Ninja wrote:
> On 10/31/2009 2:33 PM, Gene Heskett wrote: >> This looks like what I had in mind. But since I don't have that part >> checked out yet, would it then delete the mail because clamdscan had >> an error? I'll enable the second after the first is working. :) > > my recipe was stolen from this > > see > http://wiki.clamav.net/bin/view/Main/ClamAndProcmail I like this one better ... it shows the scan results. http://wiki.apache.org/spamassassin/FilteringViruses (Odd that the SA wiki's version is more complete than Clam's...) There's also an SA plugin that can call ClamAV, see http://wiki.apache.org/spamassassin/ClamAVPlugin However, I highly recommend something that interacts at SMTP-time so that a 500-series reject notice can be issued, letting the sender know that the message wasn't delivered due to its virus/malware content (I also feel this way about spam filtering). Also note (and this is a current predicament on my own deployment) that clamdscan (as well as clamav-milter, which is what I use) is incapable of breaking some attachments out of emails; an EICAR test attached with Thunderbird still gets delivered in all three of the above implementations on my system. |
|
|
Re: bringing clamav into the loop?
by jdow
::
Rate this Message:
From: "Gene Heskett" <gene.heskett@...>
Sent: Saturday, 2009/October/31 06:16 > Greetings; > > Does anyone have a procmail recipe that incorporates clamav into the > checks, > and one that handles the clamav output to /dev/null the viri etc? > > At least I assume clamav doesn't auto-delete, I've not yet studied all the > docs, but do have freshclam running apparently ok. > > Thanks everybody. > > -- > Cheers, Gene http://wiki.apache.org/spamassassin/ClamAVPlugin {^_^} |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, Adam Katz wrote:
>Yet Another Ninja wrote: >> On 10/31/2009 2:33 PM, Gene Heskett wrote: >>> This looks like what I had in mind. But since I don't have that part >>> checked out yet, would it then delete the mail because clamdscan had >>> an error? I'll enable the second after the first is working. :) >> >> my recipe was stolen from this >> >> see >> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail > >I like this one better ... it shows the scan results. >http://wiki.apache.org/spamassassin/FilteringViruses > >(Odd that the SA wiki's version is more complete than Clam's...) > >There's also an SA plugin that can call ClamAV, see >http://wiki.apache.org/spamassassin/ClamAVPlugin > >However, I highly recommend something that interacts at SMTP-time so >that a 500-series reject notice can be issued, letting the sender know >that the message wasn't delivered due to its virus/malware content (I >also feel this way about spam filtering). Is this possible by the users of fetchmail or mpop? I wasn't aware that a pop client has the rights to issue a 500 reject to a pop3 server.. In addition to trying to get clamav running from a procmail recipe, I am looking into replacing fetchmail with mpop. >Also note (and this is a current predicament on my own deployment) that >clamdscan (as well as clamav-milter, which is what I use) is incapable >of breaking some attachments out of emails; an EICAR test attached with >Thunderbird still gets delivered in all three of the above >implementations on my system. > -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> What I tell you three times is true. -- Lewis Carroll |
|
|
Re: bringing clamav into the loop?
by jdow
::
Rate this Message:
From: "Adam Katz" <antispam@...>
Sent: Saturday, 2009/October/31 10:50 > Yet Another Ninja wrote: >> On 10/31/2009 2:33 PM, Gene Heskett wrote: >>> This looks like what I had in mind. But since I don't have that part >>> checked out yet, would it then delete the mail because clamdscan had >>> an error? I'll enable the second after the first is working. :) >> >> my recipe was stolen from this >> >> see >> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail > > I like this one better ... it shows the scan results. > http://wiki.apache.org/spamassassin/FilteringViruses > > (Odd that the SA wiki's version is more complete than Clam's...) > > There's also an SA plugin that can call ClamAV, see > http://wiki.apache.org/spamassassin/ClamAVPlugin > > However, I highly recommend something that interacts at SMTP-time so > that a 500-series reject notice can be issued, letting the sender know > that the message wasn't delivered due to its virus/malware content (I > also feel this way about spam filtering). > > Also note (and this is a current predicament on my own deployment) that > clamdscan (as well as clamav-milter, which is what I use) is incapable > of breaking some attachments out of emails; an EICAR test attached with > Thunderbird still gets delivered in all three of the above > implementations on my system. Some of us use fetchmail rather than run a real server. That rather moots your comment. (I remember helping Gene decouple SpamAssassin from his email program. He was getting annoyed at the time it took to load emails. With fetchmail, procmail, and dovecot or equivalents, you can do a rather creditable job. But you cannot issue a 500. {^_-}) {^_^} |
|
|
Re: bringing clamav into the loop?
by Karl Pearson
::
Rate this Message:
On Sat, October 31, 2009 7:16 am, Gene Heskett wrote: > Greetings; > > Does anyone have a procmail recipe that incorporates clamav into the > checks, > and one that handles the clamav output to /dev/null the viri etc? > > At least I assume clamav doesn't auto-delete, I've not yet studied all > the > docs, but do have freshclam running apparently ok. > > Thanks everybody. > I use ClamAV-milter at MTA level at the gateway. In the new version of ClamAV, email is not deleted, but is quarantined within sendmail itself. I run a cron job against the sendmail queue and send myself a report on each quarantined email, then remove them. With sendmail this is done with these two commands: report each: mailq -qQ remove from quarantine and delete: sendmail -qQ Very useful and the virus infected emails don't get inside my network anywhere, which if using procmail/SpamAssassin, they would have to. My network is protected from both the viruses and the waste of email traffic. HTH, Karl > -- > Cheers, Gene > "There are four boxes to be used in defense of liberty: > soap, ballot, jury, and ammo. Please use in that order." > -Ed Howdershelt (Author) > The NRA is offering FREE Associate memberships to anyone who wants them. > <https://www.nrahq.org/nrabonus/accept-membership.asp> > > If your happiness depends on what somebody else does, I guess you do > have a problem. > -- Richard Bach, "Illusions" > --- Karl Pearson Karlp@... Owner/Administrator of the sites at http://ourldsfamily.com --- "To mess up your Linux PC, you have to really work at it; to mess up a microsoft PC you just have to work on it." --- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. --Benjamin Franklin --- |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, jdow wrote:
>From: "Gene Heskett" <gene.heskett@...> >Sent: Saturday, 2009/October/31 06:16 > >> Greetings; >> >> Does anyone have a procmail recipe that incorporates clamav into the >> checks, >> and one that handles the clamav output to /dev/null the viri etc? >> >> At least I assume clamav doesn't auto-delete, I've not yet studied all >> the docs, but do have freshclam running apparently ok. >> >> Thanks everybody. > >http://wiki.apache.org/spamassassin/ClamAVPlugin > >{^_^} > cpan on F10. It needs the Net::Ident kit, an apparently deprecated package as far as buildability by cpan goes: =================== cpan[9]> install Net::Ident Running install for module 'Net::Ident' Running make for J/JP/JPC/Net-Ident-1.20.tar.gz Has already been unwrapped into directory /root/.cpan/build/Net- Ident-1.20-5nmQuD Has already been made Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/0use.t .... Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/0use.t .... ok t/apache.t .. Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/apache.t .. skipped: (no reason given) t/compat.t .. Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/compat.t .. skipped: (no reason given) t/Ident.t ... Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/Ident.t ... Failed 3/8 subtests Test Summary Report ------------------- t/Ident.t (Wstat: 0 Tests: 8 Failed: 3) Failed tests: 1-3 Files=4, Tests=9, 112 wallclock secs ( 0.04 usr 0.01 sys + 2.17 cusr 0.47 csys = 2.69 CPU) Result: FAIL Failed 1/4 test programs. 3/9 subtests failed. make: *** [test_dynamic] Error 255 JPC/Net-Ident-1.20.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JPC/Net-Ident-1.20.tar.gz Warning (usually harmless): 'YAML' not installed, will not store persistent state Running make install make test had returned bad status, won't install without force Failed during this command: JPC/Net-Ident-1.20.tar.gz : make_test NO cpan[10]> ==================== Ideas? Toss in that Fedora's clamav packages are about 4 versions out of date. Fedora list Cc:'d Thanks Joanne. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> Any sufficiently advanced technology is indistinguishable from a rigged demo. |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, jdow wrote:
>From: "Adam Katz" <antispam@...> >Sent: Saturday, 2009/October/31 10:50 > >> Yet Another Ninja wrote: >>> On 10/31/2009 2:33 PM, Gene Heskett wrote: >>>> This looks like what I had in mind. But since I don't have that part >>>> checked out yet, would it then delete the mail because clamdscan had >>>> an error? I'll enable the second after the first is working. :) >>> >>> my recipe was stolen from this >>> >>> see >>> http://wiki.clamav.net/bin/view/Main/ClamAndProcmail >> >> I like this one better ... it shows the scan results. >> http://wiki.apache.org/spamassassin/FilteringViruses >> >> (Odd that the SA wiki's version is more complete than Clam's...) >> >> There's also an SA plugin that can call ClamAV, see >> http://wiki.apache.org/spamassassin/ClamAVPlugin >> >> However, I highly recommend something that interacts at SMTP-time so >> that a 500-series reject notice can be issued, letting the sender know >> that the message wasn't delivered due to its virus/malware content (I >> also feel this way about spam filtering). >> >> Also note (and this is a current predicament on my own deployment) that >> clamdscan (as well as clamav-milter, which is what I use) is incapable >> of breaking some attachments out of emails; an EICAR test attached with >> Thunderbird still gets delivered in all three of the above >> implementations on my system. > >Some of us use fetchmail rather than run a real server. That rather moots >your comment. (I remember helping Gene decouple SpamAssassin from his >email program. He was getting annoyed at the time it took to load emails. >With fetchmail, procmail, and dovecot or equivalents, you can do a rather >creditable job. But you cannot issue a 500. {^_-}) I'd settle for a /dev/null ;-) -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> <knghtbrd> *sigh* My todo list is like the fucking energizer bunny <knghtbrd> It keeps growing and growing and growing and ... |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, Karl Pearson wrote:
>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote: >> Greetings; >> >> Does anyone have a procmail recipe that incorporates clamav into the >> checks, >> and one that handles the clamav output to /dev/null the viri etc? >> >> At least I assume clamav doesn't auto-delete, I've not yet studied all >> the >> docs, but do have freshclam running apparently ok. >> >> Thanks everybody. > >I use ClamAV-milter at MTA level at the gateway. In the new version of >ClamAV, email is not deleted, but is quarantined within sendmail itself. > (or storage, its booting from a cf card) to pull that off, even if I could figure out how to make it an email proxy server. >I run a cron job against the sendmail queue and send myself a report on >each quarantined email, then remove them. With sendmail this is done >with these two commands: > >report each: >mailq -qQ >remove from quarantine and delete: >sendmail -qQ > >Very useful and the virus infected emails don't get inside my network >anywhere, which if using procmail/SpamAssassin, they would have to. My >network is protected from both the viruses and the waste of email >traffic. Twould be nice, but I'd settle for a couple of lines in the procmail.log indicating it was sent to /dev/null. > >HTH, > >Karl > >> -- >> Cheers, Gene >> "There are four boxes to be used in defense of liberty: >> soap, ballot, jury, and ammo. Please use in that order." >> -Ed Howdershelt (Author) >> The NRA is offering FREE Associate memberships to anyone who wants them. >> <https://www.nrahq.org/nrabonus/accept-membership.asp> >> >> If your happiness depends on what somebody else does, I guess you do >> have a problem. >> -- Richard Bach, "Illusions" > >--- >Karl Pearson >Karlp@... >Owner/Administrator of the sites at >http://ourldsfamily.com >--- >"To mess up your Linux PC, you have to really work at it; > to mess up a microsoft PC you just have to work on it." >--- > Democracy is two wolves and a lamb voting on what to have > for lunch. Liberty is a well-armed lamb contesting the vote. > --Benjamin Franklin >--- > -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> <knghtbrd> *sigh* My todo list is like the fucking energizer bunny <knghtbrd> It keeps growing and growing and growing and ... |
|
|
Re: bringing clamav into the loop?
by jdow
::
Rate this Message:
From: "Gene Heskett" <gene.heskett@...>
Sent: Saturday, 2009/October/31 13:10 > On Saturday 31 October 2009, Karl Pearson wrote: >>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote: >>> Greetings; >>> >>> Does anyone have a procmail recipe that incorporates clamav into the >>> checks, >>> and one that handles the clamav output to /dev/null the viri etc? >>> >>> At least I assume clamav doesn't auto-delete, I've not yet studied all >>> the >>> docs, but do have freshclam running apparently ok. >>> >>> Thanks everybody. >> >>I use ClamAV-milter at MTA level at the gateway. In the new version of >>ClamAV, email is not deleted, but is quarantined within sendmail itself. >> > I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron > (or storage, its booting from a cf card) to pull that off, even if I could > figure out how to make it an email proxy server. > >>I run a cron job against the sendmail queue and send myself a report on >>each quarantined email, then remove them. With sendmail this is done >>with these two commands: >> >>report each: >>mailq -qQ >>remove from quarantine and delete: >>sendmail -qQ >> >>Very useful and the virus infected emails don't get inside my network >>anywhere, which if using procmail/SpamAssassin, they would have to. My >>network is protected from both the viruses and the waste of email >>traffic. > > Twould be nice, but I'd settle for a couple of lines in the procmail.log > indicating it was sent to /dev/null. :0: * ^X-Spam-Status: .*CLAMAV.* /dev/null But that requires making the clamav plugin work. {o.o} |
|
|
Re: bringing clamav into the loop?
by Gene Heskett
::
Rate this Message:
On Saturday 31 October 2009, jdow wrote:
>From: "Gene Heskett" <gene.heskett@...> >Sent: Saturday, 2009/October/31 13:10 > >> On Saturday 31 October 2009, Karl Pearson wrote: >>>On Sat, October 31, 2009 7:16 am, Gene Heskett wrote: >>>> Greetings; >>>> >>>> Does anyone have a procmail recipe that incorporates clamav into the >>>> checks, >>>> and one that handles the clamav output to /dev/null the viri etc? >>>> >>>> At least I assume clamav doesn't auto-delete, I've not yet studied all >>>> the >>>> docs, but do have freshclam running apparently ok. >>>> >>>> Thanks everybody. >>> >>>I use ClamAV-milter at MTA level at the gateway. In the new version of >>>ClamAV, email is not deleted, but is quarantined within sendmail itself. >> >> I don't believe the gateway I'm using (x86 version of dd-wrt) has the >> iron (or storage, its booting from a cf card) to pull that off, even if I >> could figure out how to make it an email proxy server. >> >>>I run a cron job against the sendmail queue and send myself a report on >>>each quarantined email, then remove them. With sendmail this is done >>>with these two commands: >>> >>>report each: >>>mailq -qQ >>>remove from quarantine and delete: >>>sendmail -qQ >>> >>>Very useful and the virus infected emails don't get inside my network >>>anywhere, which if using procmail/SpamAssassin, they would have to. My >>>network is protected from both the viruses and the waste of email >>>traffic. >> >> Twould be nice, but I'd settle for a couple of lines in the procmail.log >> indicating it was sent to /dev/null. >> >:0: > >* ^X-Spam-Status: .*CLAMAV.* >/dev/null > >But that requires making the clamav plugin work. > >{o.o} > I think, its getting late here. :) -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> You can make it illegal, but you can't make it unpopular. |
| Free embeddable forum powered by Nabble | Forum Help |
