Skip past introduction.


Reflections from a Swede in Norway.

Here you will find my small graffiti board where I write about things I come to think about.

In my blog, I write about the general unfairness of life, about spam mail, vintage computers, board games, Norwegians, current and not-so-current affairs, technology and whatever else occurs to me — in other words, a glorious mess. All opinion expressed here are of course my own, and all similarities with any living people is of course intentional.

These pages are using automatic language selection, if you prefer to read in Swedish, please use this page instead. See the help for info on how to make your web browser select the correct language automatically. A monthly overview is also available.

All text and pictures copyright Peter Krefting, unless otherwise noted. More about the author.

Integrating ClamAV with procmail

Published: Tuesday 2004-03-09.

When I wanted to install Clam Antivirus on my e-mail server I first got stuck in that I wasn’t completely sure on how to get it to work with my setup. Since I do not have the opportunity to configure the actual e-mail server software (sendmail) I have to run it via procmail, and the information I could find about how to do that was either insufficient or bad, but thanks to Mathias Hansson at LysKOM I was able to get on the right track.

My settings look like this:

# Rules for running ClamAV


* > 10000
* multipart
  # Okay, large multipart message run through clamscan
  VIRUS=`$CLAMSCAN --mbox --disable-summary --stdout -`

  :0 Di

First I set the variable CLAMSCAN to point to where my binary is and VIRUSTARGET to where I want the viruses. I do it that way since I share the files between several computers and the files are not always in the same place; you can use both clamscan and clamdscan as the scanner. During a testing period I recommend you to set VIRUSTARGET to a mailbox, later on it can be set to /dev/null to throw everything away.

The next step is checking if the message is large, it almost only large messages that contain viruses. If you want to test all the messages you can remove the lines up to { and the final }.

If the message is big enough, the message will be scanned for viruses, and the result from the program will be stored in the VIRUS variable, which gets a value on the form “stream: Worm.Gibe.F FOUND” if a virus is found, otherwise “stream: OK”. The contents in this variable is then tested by using the ?? operator and if it contains FOUND it is classified as a virus.

Simple, isn’t i? ☺

Categories: Internet, software. Share: Facebook, Google+, email

| | Latest postings | This month | All months and categories

This page is best read on the Internet.