Versions Compared

Old Version 16

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 17

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: converted to 1.6 markup

The ClamAV Plugin

Wiki MarkupThis plugin submits the entire email to a locally running \[http://www.clamav.net/ Clam AntiVirus\] server for virus detection. If a virus is found, it returns a positive return code to indicate spam and sets the header "X-Spam-Virus: Yes ($virusname)".

Code

clamav.cf:

No Format
loadplugin ClamAV clamav.pm
full CLAMAV eval:check_clamav()
describe CLAMAV Clam AntiVirus detected a virus
score CLAMAV 10

...

No Format
package ClamAV;
use strict;

# our $CLAMD_SOCK = 3310;               # for TCP-based usage
our $CLAMD_SOCK = "/var/run/clamd.basic/clamd.sock";   # change me

use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use File::Scan::ClamAV;
our @ISA = qw(Mail::SpamAssassin::Plugin);

sub new {
  my ($class, $mailsa) = @_;
  $class = ref($class) || $class;
  my $self = $class->SUPER::new($mailsa);
  bless ($self, $class);
  $self->register_eval_rule ("check_clamav");
  return $self;
}

sub check_clamav {
  my ($self, $permsgstatus, $fulltext) = @_;
  my $clamav = new File::Scan::ClamAV(port => $CLAMD_SOCK);
  my ($code, $virus) = $clamav->streamscan(${$fulltext});
  my $isspam = 0;
  my $header = "";
  if(!$code) {
    my $errstr = $clamav->errstr();
    Mail::SpamAssassin::Plugin::dbg("ClamAV: Error scanning: $errstr");
    $header = "Error ($errstr)";
  } elsif($code eq 'OK') {
    Mail::SpamAssassin::Plugin::dbg("ClamAV: No virus detected");
    $header = "No";
  } elsif($code eq 'FOUND') {
    Mail::SpamAssassin::Plugin::dbg("ClamAV: Detected virus: $virus");
    $header = "Yes ($virus)";
    $isspam = 1;
    # include the virus name in SpamAssassin's report
    $permsgstatus->test_log($virus);
  } else {
    Mail::SpamAssassin::Plugin::dbg("ClamAV: Error, unknown return code: $code");
    $header = "Error (Unknown return code from ClamAV: $code)";
  }
  $permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = $header;
  $permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = $header;
  # add a metadatum so that rules can match against the result too
  $permsgstatus->{msg}->put_metadata('X-Spam-Virus',$header);
  return $isspam;
}

1;

How To Use It

Wiki MarkupFirst of all, you need to install \[http://www.clamav.net/ ClamAV\] and ensure that scanning a mail with *clamscan* works.unmigrated-wiki-markup

Second, you need to install the \[http://search.cpan.org/~cfaber/File-Scan-ClamAV/lib/File/Scan/ClamAV.pm File::Scan::ClamAV\] perl module.

Finally, save the two files above into the /etc/mail/spamassassin/ directory. You can adjust the default score of 10 in clamav.cf if you like. You should edit the clamav.pm file and change the setting for '$CLAMD_SOCK' to match where your ClamAV installation has put its named pipe.

...

If you'd like to sort virus emails to a separate folder, create a rule looking for the "X-Spam-Virus: Yes" header.

Wiki MarkupTo get a different score based on virus type, see \[wiki:ClamAVMultipleScores ClamAVMultipleScores\].

Caveats

...

Some find this plugin very useful. However \[http://bugzilla.spamassassin.org/show_bug.cgi?id=2408 others do have a different opinion\] of the safety or logic of such a plugin that you should probably read -- [AndrewFerrier]

actually, having a plugin that does this, rather than building support directly into the core, is exactly what the "others" in question preferred (wink). So this is good – JustinMason

...