Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
f-prot and procmail
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
unstable_geek
Tux's lil' helper
Tux's lil' helper


Joined: 01 Mar 2003
Posts: 102
Location: In my own happy place

PostPosted: Wed Aug 04, 2004 11:06 pm    Post subject: f-prot and procmail Reply with quote

Edit:the fprot= line in the fprot-wrapper script was modified

There are plenty of threads that deal with mail anti-spam and anti-virus configurations.

My setup is loosly based on This excellent thread, but I needed something a little different.

I have postfix -> procmail -> spamassassin -> f-prot.

Relevent parts of various config files follows:

/etc/postfix/main.cf
Code:

home_mailbox = Mail/

This is important so that postfix delivers into a Maildir style delivery.

/home/fred/.forward
Code:

"| /usr/bin/procmail -t"

This tells postfix to deliver to procmail.

/etc/mail/spamassasin/local.cf
(generated with this web page )
Code:

# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits           5.0

# Whether to change the subject of suspected spam
rewrite_subject         1

# Text to prepend to subject if rewrite_subject is used
subject_tag             **SPAM SUSPECT**

# Encapsulate spam in an attachment
report_safe             1

# Use terse version of the spam report
use_terse_report        0

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
auto_learn              1

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages            all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              all


/home/fred/.procmailrc
This is where all the magic happens.
Code:

DEFAULT=$HOME/Mail/
SPAM_FOLDER=$DEFAULT/.spam
VIRUS_FOLDER=$DEFAULT/.Virus

# The following SA config was taken mostly from
# http://forums.gentoo.org/viewtopic.php?t=56633
# run all email below 512k through spam assasin
# spamc is the daemon version.  Change to /usr/sbin/spamassassin to use client program
:0fw: spamassassin.lock
* < 524288
| spamc

#All mail tagged as spam (eg. with a score higher than the set threshold)
#is moved to ".spam".
:0:
* ^X-Spam-Status: Yes
$SPAM_FOLDER

#Work around procmail bug: any output on stderr will cause the "F" in
#"From" to be dropped.  This will re-add it.
#(This is taken directly from the SA example file)
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "

  :0 fhw
  | sed -e '1s/^/F/'
}

:0 fw: fprot.lock
| /home/fred/bin/fprot-wrapper.sh

:0
* ^X-Virus: Yes
$VIRUS_FOLDER


And finally, the fprot-wrapper.sh script:
/home/fred/bin/fprot-wrapper.sh\
Code:

#!/bin/bash
#
# @(#)f-prot-wrapper.sh 1.1 04/13/04
#
# Copyright (c) 2004
#      Ali Onur Cinar &060root&064zdo.com&062
#
# License:
#
#   Permission  to  use,  copy, modify, and  distribute  this software and its
#   documentation for  non-commercial  purposes  and  without  fee  is  hereby
#   granted,  provided  that the  above  copyright notice appear in all copies
#   and  that both  the  copyright  notice  and  this  permission  notice  and
#   warranty  disclaimer appear in supporting documentation, and that the name
#   of Ali Onur Cinar not be  used  in  advertising or publicity pertaining to
#   distribution of the software without specific, written prior permission.
#
# F-Prot Anti-Virus is the registered trademark of FRISK Software International.
#

formail=/usr/bin/formail                              # path to formail
fprot=/usr/bin/f-prot.sh                               # path to f-prot
tmp=/tmp                                              # temporary dir.

pid=$$                                                # get pid
mailFile=${tmp}/fpw-${pid}-mail                       # temp mail file
fprotOut=${tmp}/fpw-${pid}-out                        # temp fprot file

addField ()                                           # adds the given
{                                                     # header to mail
  cat $mailFile | $formail -f -A "$1" > ${mailFile}.1\
   && mv ${mailFile}.1 $mailFile
}

cat > $mailFile                                       # save body

$fprot -server $mailFile > $fprotOut                  # execure f-prot

case "$?" in                                          # based status
 0 ) addField "X-Virus: No"                           # no virus detected
     ;;
 * ) addField "X-Virus: Yes"                          # virus detected

     infection=(`grep Infection: $fprotOut`)          # add information
     addField "X-Virus-Infection: ${infection[@]:2}"  # about the virus
     ;;
esac

programVersion=(`grep 'Program version:' $fprotOut`)  # get program version
engineVersion=(`grep 'Engine version:' $fprotOut`)    # get engine version

addField "X-Virus-AV: F-Prot program\
 ${programVersion[@]:2} / engine\
 ${engineVersion[@]:2}"
addField "X-Virus-FW: f-prot-wrapper.sh\
 1.0 (www.zdo.com/articles/f-prot-wrapper.shtml)"

cat $mailFile                                         # show the mail file

rm $mailFile                                          # clean temporary
rm $fprotOut                                          # files


To check this all out, send yourself an email, and look at all the headers. For me, it looks like this:
Code:

Return-Path: <sender>
 X-Original-To: <recipient>
 Delivered-To: <recipient>
 Received: from web41208.mail.yahoo.com (web41208.mail.yahoo.com [66.218.93.41])
      by <hostname> (Postfix) with SMTP id 5473458421
      for <recipient>; Wed, 4 Aug 2004 16:40:41 -0600 (MDT)
 Message-ID: <20040804224056.2198.qmail@web41208.mail.yahoo.com>
 Received: from [68.144.22.155] by web41208.mail.yahoo.com via HTTP; Wed, 04 Aug 2004 15:40:56 PDT
 Date: Wed, 4 Aug 2004 15:40:56 -0700 (PDT)
 From: <sender>
 Subject: f-prot test
 To: <recipient>
 MIME-Version: 1.0
 Content-Type: text/plain; charset=us-ascii
 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
      <hostname>
 X-Spam-Level: **
 X-Spam-Status: No, hits=2.0 required=5.0 tests=FROM_ENDS_IN_NUMS,
      MAILTO_TO_SPAM_ADDR,RCVD_IN_SORBS autolearn=no version=2.63
 X-Virus: No
 X-Virus-AV: F-Prot program / engine
 X-Virus-FW: f-prot-wrapper.sh 1.0 (www.zdo.com/articles/f-prot-wrapper.shtml)

_________________
I hate my sig


Last edited by unstable_geek on Fri Sep 10, 2004 10:47 am; edited 1 time in total
Back to top
View user's profile Send private message
HomerSimpson
l33t
l33t


Joined: 25 Jan 2003
Posts: 869
Location: Ohio, USA

PostPosted: Sat Sep 04, 2004 3:19 pm    Post subject: Reply with quote

Thanks!
_________________
The strong must protect the Sweet.
Back to top
View user's profile Send private message
unstable_geek
Tux's lil' helper
Tux's lil' helper


Joined: 01 Mar 2003
Posts: 102
Location: In my own happy place

PostPosted: Fri Sep 10, 2004 11:05 am    Post subject: Reply with quote

Thanks!
Beware, I updated the fprot-wrapper script slightly.
_________________
I hate my sig
Back to top
View user's profile Send private message
HomerSimpson
l33t
l33t


Joined: 25 Jan 2003
Posts: 869
Location: Ohio, USA

PostPosted: Fri Sep 10, 2004 5:02 pm    Post subject: Reply with quote

OK. I made the change.

Thanks again.
_________________
The strong must protect the Sweet.
Back to top
View user's profile Send private message
HomerSimpson
l33t
l33t


Joined: 25 Jan 2003
Posts: 869
Location: Ohio, USA

PostPosted: Fri Oct 22, 2004 11:59 pm    Post subject: Reply with quote

I have been using this now for over a month. I see in the header:
Code:
X-Virus: No
X-Virus-AV: F-Prot program 4.4.2 / engine 3.14.11
X-Virus-FW: f-prot-wrapper.sh 1.0 (www.zdo.com/articles/f-prot-wrapper.shtml)


But the X-virus is always set to No. I can't believe that with all the spam I am getting that none of them are viruses.

Since the headers are in the email it would appear that I am doing this correct. Yes?

Could it have something to do with scanning with spamassassin before scanning for viruses?

Thx
_________________
The strong must protect the Sweet.
Back to top
View user's profile Send private message
JoeG
Apprentice
Apprentice


Joined: 30 Jul 2003
Posts: 179
Location: Kentucky, USA

PostPosted: Thu Oct 28, 2004 9:23 pm    Post subject: Re: f-prot and procmail Reply with quote

unstable_geek wrote:


My setup is loosly based on This excellent thread, but I needed something a little different.


LOL. Dude, you need to edit that link. It opened up a M$ page on me. I was like, wtf? Just about spewed my DrPepper all over my screen. ;)

JoeG
_________________
Linux User#226477
Back to top
View user's profile Send private message
stiwi
Apprentice
Apprentice


Joined: 20 Mar 2003
Posts: 266
Location: hamburg - germany

PostPosted: Wed Dec 29, 2004 11:58 pm    Post subject: Reply with quote

i checked the script, but it did not find virus in mime code in e-mails. i testet it wich the eicar.com testvirus.

"f-prot.sh eicar.com" find the testvirus

"f-prot.sh testmail.msg" (virus as attachment) did not find it

any idea ?
Back to top
View user's profile Send private message
stiwi
Apprentice
Apprentice


Joined: 20 Mar 2003
Posts: 266
Location: hamburg - germany

PostPosted: Thu Dec 30, 2004 12:59 am    Post subject: Reply with quote

ok, i modified the script and now it find viruses in attachments. but i do not understand the license here. can i post my changes ?
Back to top
View user's profile Send private message
stiwi
Apprentice
Apprentice


Joined: 20 Mar 2003
Posts: 266
Location: hamburg - germany

PostPosted: Thu Dec 30, 2004 12:02 pm    Post subject: Reply with quote

so, i read the license again, and i think i can post my changes with his copyright. i hope thats correct. so, if not, please mail to me.

for my script, you need:

Code:
emerge ripmime


and the modified script:

Code:

#!/bin/bash
#
# @(#)f-prot-wrapper.sh 1.2 12/29/04
#
# Modified by Stiwi based on the original script from Ali Onur Cinar.
#
# Changes:
#  - Extract attachmants and scan the extracted files
#  - Add a list of all found viruses in the mail header
#
# @(#)f-prot-wrapper.sh 1.1 04/13/04
#
# Copyright (c) 2004
#      Ali Onur Cinar &060root&064zdo.com&062
#
# License:
#
#   Permission  to  use,  copy, modify, and  distribute  this software and its
#   documentation for  non-commercial  purposes  and  without  fee  is  hereby
#   granted,  provided  that the  above  copyright notice appear in all copies
#   and  that both  the  copyright  notice  and  this  permission  notice  and
#   warranty  disclaimer appear in supporting documentation, and that the name
#   of Ali Onur Cinar not be  used  in  advertising or publicity pertaining to
#   distribution of the software without specific, written prior permission.
#
# F-Prot Anti-Virus is the registered trademark of FRISK Software International.
#

formail=/usr/bin/formail                              # path to formail
fprot=/usr/bin/f-prot.sh                              # path to f-prot
ripmime=/usr/bin/ripmime                              # path to ripmime
tmp=/tmp                                              # temporary dir.

pid=$$                                                # get pid
mailFile=${tmp}/fpw-${pid}-mail                       # temp mail file
mimeDir=${tmp}/fpw-${pid}-mime/                       # temp dir for attachments
fprotOut=${tmp}/fpw-${pid}-out                        # temp fprot file

addField ()                                           # adds the given
{                                                     # header to mail
  cat $mailFile | $formail -f -A "$1" > ${mailFile}.1\
   && mv ${mailFile}.1 $mailFile
}

cat > $mailFile                                       # save body

mkdir $mimeDir                                        # create mimedir

$ripmime -i $mailFile -d $mimeDir                     # execute attachments to mimedir

$fprot -server $mimeDir > $fprotOut                   # execute f-prot

case "$?" in                                          # based status
 0 ) addField "X-Virus: No"                           # no virus detected
     ;;
 * ) addField "X-Virus: Yes"                          # virus detected

     infection=(`grep Infection: $fprotOut`)          # add information

     for i in `seq 2 3 ${#infection[@]}`; do          # about the viruses
       addField "X-Virus-Infection: ${infection[@]:$i:1}";
     done
     ;;
esac

programVersion=(`grep 'Program version:' $fprotOut`)  # get program version
engineVersion=(`grep 'Engine version:' $fprotOut`)    # get engine version

addField "X-Virus-AV: F-Prot program\
 ${programVersion[@]:2} / engine\
 ${engineVersion[@]:2}"
addField "X-Virus-FW: f-prot-wrapper.sh\
 1.0 (www.zdo.com/articles/f-prot-wrapper.shtml)"

cat $mailFile                                         # show the mail file

rm $mailFile                                          # clean temporary
rm $fprotOut                                          # files
rm -r $mimeDir                                        # mimedir
Back to top
View user's profile Send private message
stiwi
Apprentice
Apprentice


Joined: 20 Mar 2003
Posts: 266
Location: hamburg - germany

PostPosted: Mon Jan 03, 2005 10:24 am    Post subject: Reply with quote

i tested the script and it works also, when there is a mail with a virus is attached to the scanned mail :-)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum