Overwhelming Viruses
I'm really quite sick and tired of viruses.
This morning, I opened my email and found 80 viruses in my inbox. Gross. So, I started setting up some new rules to catch the current virus, but after a bit I decided that it would just be easier to install ClamAV. And it was. I have a perl script using Mail::Audit handling most of the sorting and delivering functions, so I was a little hesitant to try the virus thing (I've had trouble in the past with new email filters), but I figured out how to do it without too much trouble. (And now, I discover Matt Seargent's Clamd. Guess I'll have to build that into the yet-to-be written Mail::Audit::Virus.)
So I just checked my spam folder and virus folder. I'm getting more viruses now than spam. Gross. People: please stop using Outlook.
By the way, if you've already installed spam scanning using SpamAssassin in procmail, here's a script that you might find useful for blocking viruses.
#!/bin/sh
tempfile=`tempfile`
cat - >> $tempfile
mkdir ${tempfile}-check
cd ${tempfile}-check
cat $tempfile | reformime -xpart-
clamscan --threads=1 --disable-summary --quiet
virus=$?
if [ $virus -eq 1 ]; then
cat $tempfile | formail -a "X-Virus-Found: YES"
else
cat $tempfile
fi
rm -rf $tempfile ${tempfile}-*
You'll want to have clamscan installed on the machine (you can install it in your directory if you only have a shell account) and you want to run freshclam regularly (hopefully in cron, but manually if necessary). Then, you just put the following lines at the start of your .procmailrc file:
:0fw
| /path/to/script
:0:
* ^X-Virus-Found:.*YES
Virus
Note that the script doesn't do anything to the email except add a header. It doesn't send anyone a notice saying "You sent an infected email" nor does it tell the user that someone sent them a virus. You can check your virus folder periodically and clean it out, or you could just change that last Virus to /dev/null and all detected viruses would go the way of the dodo.