The ClamAV Plugin
This plugin submits the entire email to a locally running \[http://www.clamav.net/ Clam AntiVirus\] server for virus detection. If a virus is found, it returns a positive return code to indicate spam and sets the header "X-Spam-Virus: Yes ($virusname)". Wiki Markup
Code
clamav.cf:
No Format |
---|
loadplugin ClamAV clamav.pm full CLAMAV eval:check_clamav() describe CLAMAV Clam AntiVirus detected a virus score CLAMAV 10 |
...
No Format |
---|
package ClamAV; use strict; # our $CLAMD_SOCK = 3310; # for TCP-based usage our $CLAMD_SOCK = "/var/run/clamd.basic/clamd.sock"; # change me use Mail::SpamAssassin; use Mail::SpamAssassin::Plugin; use File::Scan::ClamAV; our @ISA = qw(Mail::SpamAssassin::Plugin); sub new { my ($class, $mailsa) = @_; $class = ref($class) || $class; my $self = $class->SUPER::new($mailsa); bless ($self, $class); $self->register_eval_rule ("check_clamav"); return $self; } sub check_clamav { my ($self, $permsgstatus, $fulltext) = @_; my $clamav = new File::Scan::ClamAV(port => $CLAMD_SOCK); my ($code, $virus) = $clamav->streamscan(${$fulltext}); my $isspam = 0; my $header = ""; if(!$code) { my $errstr = $clamav->errstr(); Mail::SpamAssassin::Plugin::dbg("ClamAV: Error scanning: $errstr"); $header = "Error ($errstr)"; } elsif($code eq 'OK') { Mail::SpamAssassin::Plugin::dbg("ClamAV: No virus detected"); $header = "No"; } elsif($code eq 'FOUND') { Mail::SpamAssassin::Plugin::dbg("ClamAV: Detected virus: $virus"); $header = "Yes ($virus)"; $isspam = 1; # include the virus name in SpamAssassin's report $permsgstatus->test_log($virus); } else { Mail::SpamAssassin::Plugin::dbg("ClamAV: Error, unknown return code: $code"); $header = "Error (Unknown return code from ClamAV: $code)"; } $permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = $header; $permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = $header; # add a metadatum so that rules can match against the result too $permsgstatus->{msg}->put_metadata('X-Spam-Virus',$header); return $isspam; } 1; |
How To Use It
First of all, you need to install \[http://www.clamav.net/ ClamAV\] and ensure that scanning a mail with *clamscan* works.unmigrated-wiki-markup Wiki Markup
Second, you need to install the \[http://search.cpan.org/~cfaber/File-Scan-ClamAV/lib/File/Scan/ClamAV.pm File::Scan::ClamAV\] perl module.
Finally, save the two files above into the /etc/mail/spamassassin/ directory. You can adjust the default score of 10 in clamav.cf if you like. You should edit the clamav.pm file and change the setting for '$CLAMD_SOCK' to match where your ClamAV installation has put its named pipe.
...
If you'd like to sort virus emails to a separate folder, create a rule looking for the "X-Spam-Virus: Yes" header.
To get a different score based on virus type, see \[wiki:ClamAVMultipleScores ClamAVMultipleScores\]. Wiki Markup
Caveats
...
Some find this plugin very useful. However \[http://bugzilla.spamassassin.org/show_bug.cgi?id=2408 others do have a different opinion\] of the safety or logic of such a plugin that you should probably read -- [– AndrewFerrier]
actually, having a plugin that does this, rather than building support directly into the core, is exactly what the "others" in question preferred . So this is good – JustinMason
...