I’m really quite sick and tired of viruses.
This morning, I opened my email and found 80 viruses in my inbox. Gross. So, I started setting up some new rules to catch the current virus, but after a bit I decided that it would just be easier to install ClamAV. And it was. I have a perl script using Mail::Audit handling most of the sorting and delivering functions, so I was a little hesitant to try the virus thing (I’ve had trouble in the past with new email filters), but I figured out how to do it without too much trouble. (And now, I discover Matt Seargent’s Clamd. Guess I’ll have to build that into the yet-to-be written Mail::Audit::Virus.)
So I just checked my spam folder and virus folder. I’m getting more viruses now than spam. Gross. People: please stop using Outlook.
By the way, if you’ve already installed spam scanning using SpamAssassin in procmail, here’s a script that you might find useful for blocking viruses.
#!/bin/sh tempfile=`tempfile` cat - >> $tempfile mkdir ${tempfile}-check cd ${tempfile}-check cat $tempfile | reformime -xpart- clamscan --threads=1 --disable-summary --quiet virus=$? if [ $virus -eq 1 ]; then cat $tempfile | formail -a "X-Virus-Found: YES" else cat $tempfile fi rm -rf $tempfile ${tempfile}-*
You’ll want to have clamscan installed on the machine (you can install it in your directory if you only have a shell account) and you want to run freshclam regularly (hopefully in cron, but manually if necessary). Then, you just put the following lines at the start of your .procmailrc file:
:0fw | /path/to/script :0: * ^X-Virus-Found:.*YES Virus
Note that the script doesn’t do anything to the email except add a header. It doesn’t send anyone a notice saying “You sent an infected email” nor does it tell the user that someone sent them a virus. You can check your virus folder periodically and clean it out, or you could just change that last Virus to /dev/null and all detected viruses would go the way of the dodo.