ClamAV Anti Virus with Maildrop and Postfix

This is the second part of HowTo run ClamAV Anti Virus on a low memory system - and you chose the Courier maildrop based system. Please make sure that you understood and accepted the problems and limitations of this approach before starting.

After installing ClamAV we'll continue to...

Configure Postfix

We need to tell postfix to use maildrop as local delivery agent. Optionally (and highly recommended) is to run only one delivery a time to save ressources. For this we configure in /etc/postfix/main.cf

	mailbox_command = /usr/bin/maildrop
	local_destination_concurrency_limit=1

Configure /etc/maildroprc

This an extremely simple script, calling the wrapper script:

	#!/bin/sh
	# avti-virus filter through maildrop
	
	exception {
	    xfilter "/usr/local/bin/clamscanwrap"
	}

Configure .mailfilter

As maildrop is more paranoid about permissions we won't use the symlink technique we used with .procmailrc. Please copy into each user's home directory (with exception of the virusalert account) and to /etc/skel/.procmailrc the following line into .mailfilter which will have to be CHMODed to 600 and owned by the user.

	include "/etc/maildroprc"

Wrapper script /usr/local/bin/clamscanwrap

Here we're filtering out malicious stuff (or: the mails containing it).

	#!/bin/sh
	ALERTMAIL="root@localhost"
	TMPFILE=/tmp/clamscan.$$
	cat - > ${TMPFILE}.msg
	mkdir ${TMPFILE}.dir
	chmod go+r ${TMPFILE}.*
	
	/usr/bin/clamscan --quiet\
		--no-summary \
	        --tempdir=${TMPFILE}.dir \
	        --recursive --max-files=500 --max-space=500M \
	        --unzip=/usr/bin/unzip --jar=/usr/bin/unzip \
	        --tar=/bin/tar --tgz=/bin/tar \
	        --log=${TMPFILE}.log \
	        ${TMPFILE}.msg
	typeset -i RESULT=$?
	
	if [ $RESULT -gt 0 ]; then
	    VIRUS=`fgrep FOUND ${TMPFILE}.log | cut -d " " -f 2`
	    grep -e "^[0-z-]*: .*" ${TMPFILE}.msg > ${TMPFILE}.header
	    echo "" > ${TMPFILE}.mail
	    echo "" >> ${TMPFILE}.mail
	    echo -n "Virusscanner " >> ${TMPFILE}.mail
	    /usr/bin/clamscan -V 2>> ${TMPFILE}.mail
	    echo -n "        " >> ${TMPFILE}.mail
	    grep -e "^From:" ${TMPFILE}.msg >> ${TMPFILE}.mail
	    echo -n "        " >> ${TMPFILE}.mail
	    grep -e "^To:" ${TMPFILE}.msg >> ${TMPFILE}.mail
	    echo -n "        " >> ${TMPFILE}.mail
	    grep -e "^Subject:" ${TMPFILE}.msg >> ${TMPFILE}.mail
	    echo -n "        " >> ${TMPFILE}.mail
	    grep -e "^Date:" ${TMPFILE}.msg >> ${TMPFILE}.mail
	    echo "        " >> ${TMPFILE}.mail
	    echo "        " >> ${TMPFILE}.mail
	    echo "--------------------------------------------" >> ${TMPFILE}.mail
	    echo "Volle (deaktivierte) Header" >> ${TMPFILE}.mail
	    echo "--------------------------------------------" >> ${TMPFILE}.mail
	    cat ${TMPFILE}.header | awk '{ print ".  " $0 }' >> ${TMPFILE}.mail
	
	    # alert mail to sysadmin
	    cat ${TMPFILE}.mail | mail -s "Virus $VIRUS gefunden" $ALERTMAIL
	
	    # and now alert mail to recipient
	    cat ${TMPFILE}.header | sed -e "s/^Subject: .*/Subject: Virus $VIRUS gefunden/"
	    echo ""
	    cat /usr/local/bin/clamscanwrap.txt
	    cat ${TMPFILE}.mail
	else
	    cat ${TMPFILE}.msg
	    echo " "
	    echo "-------------------------------------------------------------"
	    echo -n "No virus detected by "
	    /usr/bin/clamscan -V 2>&1
	fi
	
	rm -rf ${TMPFILE}*
	
	# exit $RESULT
	exit 0

Enjoy!
Corrections and suggestions are heartly welcome!