#!/bin/sh
#
# ClamAV script;
#
# original by Deives Michellis "thefallen" - dmichellis@yahoo.com | thefallen@unitednerds.org
# report like DrWEB by gonza@techline.ru
#
# set "ScanMail no" in clamav.conf
#
# chmod 0755 clamav-filter.sh
# mkdir /var/spool/clamav/queue
# chown clamav:clamav /var/spool/clamav/queue
#
# master.cf
# smtp inet n - n - - smtpd
# -o content_filter=clamav:clamav
#
#clamav unix - n n - - pipe
# flags=Rq user=clamav argv=/usr/local/bin/clamav-filter.sh -f ${sender} -- ${recipient}
#
#
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
#
# Config
#
MYHOSTNAME="techline.ru"
INSPECT_DIR=/var/spool/clamav/queue
SENDMAIL="/usr/sbin/sendmail -i "
AVCMD="/usr/local/bin/clamdscan --disable-summary --stdout"
#
NOTIFY_RCPT=yes
NOTIFY_POSTMASTER=yes
NOTIFY_SENDER=no
#
# Exit codes <sysexits.h>
#
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
EX_DENIED=77
#
# Definicoes dos nomes temporarios
#
nome_arquivo=`date +%Y%m%d%H%M%S`
nome_arquivo=in.$$.$nome_arquivo
viruscan() {
VIRUS=`$AVCMD $nome_arquivo`
SAIDA=$?
VIRUS=`echo $VIRUS | cut -d" " -f2-`
if [ $SAIDA -eq 1 ]; then
postlog -t postfix/clamav-filter message-id=$msgid reject: VIRUS $VIRUS from=\<$from\> to=\<$rcpts\> 2>/dev/null
if [ "$NOTIFY_RCPT" = "yes" ]; then
echo "From: ClamAV-DAEMON <MAILER-DAEMON@$MYHOSTNAME>
Subject: Undelivered mail:$subj
To: $rcpts
Dear User,
the message sent to you by $from (may be forged) with following
attributes has not been delivered, because contains an infected object.
Antivirus filter report:
--- ClamAV report ---
VIRUS $VIRUS
--- ClamAV report ---
---
Antivirus service provided by Clam AntiVirus Daemon for Unix
http://www.clamav.net/
" | $SENDMAIL -f MAILER-DAEMON -- $rcpts
fi
if [ "$NOTIFY_SENDER" = "yes" ]; then
echo "From: ClamAV-DAEMON <MAILER-DAEMON@$MYHOSTNAME>
Subject: Undelivered mail:$subj
To: $from
Dear User,
the message with following attributes has not been delivered,
because contains an infected object.
Sender = $from (may be forged)
Recipients = $rcpts
Subject =$subj
Message-ID = $msgid
Antivirus filter report:
--- ClamAV report ---
VIRUS $VIRUS
--- ClamAV report ---
---
Antivirus service provided by Clam AntiVirus Daemon for Unix
http://www.clamav.net/
" | $SENDMAIL -f MAILER-DAEMON -- $from
fi
if [ "$NOTIFY_POSTMASTER" = "yes" ]; then
echo "From: ClamAV-DAEMON <MAILER-DAEMON@$MYHOSTNAME>
Subject: A VIRUS HAS BEEN DETECTED !!!
To: "AV-Administrator" <postmaster@$MYHOSTNAME>
Dear Postmaster,
the message with following attributes has not been delivered,
because contains an infected object.
Sender = $from (may be forged)
Recipients = $rcpts
Subject =$subj
Message-ID = $msgid
Antivirus filter report:
--- ClamAV report ---
VIRUS $VIRUS
--- ClamAV report ---
---
Antivirus service provided by Clam AntiVirus Daemon for Unix
http://www.clamav.net/
" | $SENDMAIL -f MAILER-DAEMON -- postmaster@$MYHOSTNAME
fi
exit 0;
fi
}
#
# Clean up when done or when aborting.
#
trap "rm -rf $nome_arquivo*" 0 1 2 3 15
#
# Start processing.
#
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
cat >$nome_arquivo || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
from=$2
if [ "$from" != "--" ]; then
shift
else
$from=""
fi
shift ; shift
dominio=`echo $from | cut -d"@" -f2`
email=`echo $from | cut -d"@" -f1`
subj=`head -n 200 $nome_arquivo | grep -i "^Subject:" | cut -d":" -f2- | head -n 1`
msgid=`head -n 200 $nome_arquivo | grep -i "^message-id" | cut -d: -f 2- | sed 's/^ *//' | head -n 1`
saida="-f $from -- $@"
rcpts=$@
viruscan
$SENDMAIL $saida < $nome_arquivo
exit 0