User Tools

Site Tools


doc:appunti:linux:sa:procmail_sanitizer_clamav

This is an old revision of the document!


Scansione antivirus con procmail, sanitizer e clamav

Se si utilizza procmail come local delivery agent, è sufficiente aggiungere questa regola in $HOME/.procmailrc per abilitare il filtro antivirus con il programma sanitizer:

PATH=/usr/local/bin:/usr/bin:/bin
SHELL=/bin/bash
MAILDIR=$HOME/Maildir/
ORGMAIL=$MAILDIR
DEFAULT=$MAILDIR
#LOGFILE=$HOME/procmail.log
#VERBOSE=yes
#-------------------------------------------------------------------------
# Filter the mail with ClamAV
#-------------------------------------------------------------------------
:0 fw
| /usr/bin/sanitizer /etc/sanitizer.cfg

Il programma sanitizer si configura tramite /etc/sanitizer.cfg:

#-------------------------------------------------------------------------
# Create saved files using this template. The directory must exist and
# be writable by the user running the sanitizer.
#-------------------------------------------------------------------------
file_name_tpl = /home/quarantine/$Y$m$d-$T-$F.$$

#-------------------------------------------------------------------------
# Message used to replace attachments saved and removed.
#-------------------------------------------------------------------------
msg_file_save  = *****ANTIVIRUS*****\n
msg_file_save += ATTENZIONE:\n
msg_file_save += Questa mail conteneva in allegato il file "%FILENAME"\n
msg_file_save += che e' risultato infetto da virus o potenzialmente dannoso.\n
msg_file_save += Il file e' stato rimosso al fine di evitarne la diffusione involontaria.\n
msg_file_save += %SAVEDNAME\n
msg_file_save += *******************\n

# Virus scanner command line. The three exit codes represent the
# following scan conditions: clean, disinfected, infected.
file_list_1_scanner = 0:1:1:/usr/bin/clamdscan --fdpass --quiet %FILENAME

# What policy to apply for each exit code, plus a catch-all default.
#   unknown  Indeterminate result, check the next policy.
#   save     Remove the attachment from the message, replace it with a
#            text message and save the attachment into a local file.
file_list_1_policy  = unknown:save:save:save

#-------------------------------------------------------------------------
# String used to mangle file names.
#-------------------------------------------------------------------------
msg_defanged = ANTIVIRUS

Cosa succede se clamd è fermo

Questi sono gli exit code del prorgamma clamdscan:

0 File OK.
1 Infected file.
2 Could not connect to clamd on LocalSocket.
doc/appunti/linux/sa/procmail_sanitizer_clamav.1592305974.txt.gz · Last modified: 2020/06/16 13:12 by niccolo