Hi,
I'm using postfix and clamav-milter on debian lenny. Unfortunatelly
virus count is not working. I read the changelog, that clamav-milter is
supported since 1.09. I'm using 1.14. Probably the clamav-milter only
works with sendmail, right? In mail-log there is following log:
Sep 16 21:54:37 server postfix/smtpd[6899]: connect from
web.heise.de[193.99.144.71]
Sep 16 21:54:37 server postfix/smtpd[6899]: EB07C23F41:
client=web.heise.de[193.99.144.71]
Sep 16 21:54:38 server postfix/cleanup[6903]: EB07C23F41:
message-id=<E1Mo0aK-0000Yv-Ss{dot}octo09{at}web{dot}heise{dot}de>
Sep 16 21:54:38 server postfix/cleanup[6903]: EB07C23F41: milter-reject:
END-OF-MESSAGE from web.heise.de[193.99.144.71]: 5.7.1 This eMail is
infected by "Eicar-Test-Signature"; from=<emailcheck-robot{at}ct{dot}heise{dot}de>
to=<floh{at}mydomain{dot}org> proto=ESMTP helo=<web.heise.de>
Sep 16 21:54:38 server postfix/smtpd[6899]: disconnect from
web.heise.de[193.99.144.71]
I looked into perl script and found "clamav-milter" but in perl it
checks if $prog=="clamav-milter" actually (if you look my pasted log)
$prog == "cleanup". So I found in perlscript, where $prog == "cleanup".
I added some lines there:
--- mailgraph 2009-09-17 10:01:26.000000000 +0200
+++ mailgraph-modified 2009-09-17 09:58:22.000000000 +0200
@@ -628,7 +628,12 @@
}
}
elsif($prog eq 'cleanup') {
- if($text =~ /^[0-9A-Z]+: (?:reject|discard): /) {
+ if($text =~ /^(?:[0-9A-Z]+: )?milter-reject: /) {
+ if($text =~ /infected/) {
+ event($time, 'virus');
+ }
+ }
+ elsif($text =~ /^[0-9A-Z]+: (?:reject|discard): /) {
event($time, 'rejected');
}
}
Now it works fine. But the following message is written by me in
(/etc/clamav/clamav-milter.log in ) so this text is user-defined, so
if($text =~ /infected/) only works if the custom log-text actually
contains this word:
This eMail is infected by "Eicar-Test-Signature"
1. What is the best way to parse this virus report in mail.log to get
virus-count working? Probably the custom-text must have some (generic)
keywords, maybe like "milter-virusscan". I said generic since I don't
want to "reply"(reject) virus-sender with information which virusscanner
I'm using.
2. @devs: Could you fix mailgraph perlscript, so it works fine with
clamav-milter+postfix in next version?
If you need more information, let me know please and I'll provide this.
And... no... I don't know much about perl-programming. ( it was just my
luck *cough* ;) )
cu Floh
--
Unsubscribe mailto:mailgraph-request@list.ee.ethz.ch?subject=unsubscribe
Help mailto:mailgraph-request@list.ee.ethz.ch?subject=help
Archive http://lists.ee.ethz.ch/mailgraph
WebAdmin http://lists.ee.ethz.ch/lsg2.cgi
|