Overwhelming Viruses

I’m really quite sick and tired of viruses.

This morning, I opened my email and found 80 viruses in my inbox. Gross. So, I started setting up some new rules to catch the current virus, but after a bit I decided that it would just be easier to install ClamAV. And it was. I have a perl script using Mail::Audit handling most of the sorting and delivering functions, so I was a little hesitant to try the virus thing (I’ve had trouble in the past with new email filters), but I figured out how to do it without too much trouble. (And now, I discover Matt Seargent’s Clamd. Guess I’ll have to build that into the yet-to-be written Mail::Audit::Virus.)

So I just checked my spam folder and virus folder. I’m getting more viruses now than spam. Gross. People: please stop using Outlook.

By the way, if you’ve already installed spam scanning using SpamAssassin in procmail, here’s a script that you might find useful for blocking viruses.

  #!/bin/sh    tempfile=`tempfile`  cat - >> $tempfile    mkdir ${tempfile}-check  cd ${tempfile}-check    cat $tempfile | reformime -xpart-  clamscan --threads=1 --disable-summary --quiet  virus=$?    if [ $virus -eq 1 ]; then    cat $tempfile | formail -a "X-Virus-Found: YES"  else    cat $tempfile  fi    rm -rf $tempfile ${tempfile}-*  

You’ll want to have clamscan installed on the machine (you can install it in your directory if you only have a shell account) and you want to run freshclam regularly (hopefully in cron, but manually if necessary). Then, you just put the following lines at the start of your .procmailrc file:

  :0fw  | /path/to/script    :0:  * ^X-Virus-Found:.*YES  Virus    

Note that the script doesn’t do anything to the email except add a header. It doesn’t send anyone a notice saying “You sent an infected email” nor does it tell the user that someone sent them a virus. You can check your virus folder periodically and clean it out, or you could just change that last Virus to /dev/null and all detected viruses would go the way of the dodo.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.