View previous topic :: View next topic |
Author |
Message |
ddanier Tux's lil' helper
Joined: 19 May 2002 Posts: 87
|
Posted: Thu Sep 25, 2003 11:07 am Post subject: Spamfilter and Virusfilter for your desktop (without Amavis) |
|
|
Because I search to get help installing a mailfilter and did not fint anything I'm now going to write a little manual for everyone who wants to use this an home.
I don't use Amavis, because i saw the config of amavis, with over 1000 lines I thought: "Why that can not be easier??"..so I did it my own way.
First, what programms do I use:
* Spamassassin for Spamfilter
* ClamAV for Virusfilter
I combined that with a home Mailserver with fetchmail and stuff, but it is possibe to pipe the Mails through the script with Kmail (or other mailclients? Please give me feedback if it is working with other clients.), too.
I will describe both, Kmail and procmail to filter the Emails
Ok, let's start over!
1. Spamassassin:
Spamassassin is startet as a daemon on my homecomputer, means all my spamtests start with "spamc". If you don't want that daemon just replace "spamc" with "spamassassin"....
First we need to pipe the emails through spamassassin, the procmail rule looks like this:
Code: | :0fw
| /usr/bin/spamc -f |
Without the smapd i think it would look like this:
Code: | :0fw
| /usr/bin/spamassassin |
In Kmail you can configure that the Emails are piped throu spamassassin, too. Here the options are under:
Settings -> Configure Filters -> New Rule -> Filter Actions -> "pipe through" -> put "/usr/bin/spamc -f" in there
(the conditions must fit every email)
After that we must test the Header for the Spamassassin code:
procmail:
Code: | SPAMFOLDER="spamfolder/"
:0
* ^X-Spam-Status: Yes
$SPAMFOLDER |
(you have to change your spamfolder!)
Kmail:
Settings -> Configure Filters -> New Rule ->
1. put "X-Spam-Status" in the left condition-field
2. "contains" -> "Yes"
3. select what have to be done with the Emails
That should filter all spamemails...
2. ClamAV:
ClamAV does only check a file (/Email) for a virus, but will not return any Content, so we have to write a own script to pipe the Email through that.
(You find a script in the sourcedirectory of ClamAV under support/trashscan but I don't want to use that)
!!! Don't forget to edit the config in /etc/clamav.conf and do a frashclam to get the latest virusdatabase. !!!
First the script:
(save it to /usr/local/bin/virusscan or /home/<username>/bin/virusscan
I use /usr/local/bin/virusscan)
Code: | #!/bin/bash
HEADER_SCAN="X-Virus-Scan:"
HEADER_VIRUS="X-Virus:"
HEADER_VIRUS_NAME="X-Virus-Name:"
TEMP="/tmp/`whoami`"
if [ ! -d $TEMP ]
then
mkdir -p $TEMP
fi
if [ -f $TEMP/email ]
then
cat $1 | formail -I "$HEADER_SCAN failed (temp dir locked up)"
exit 0
fi
cat $1 > $TEMP/email
CLAMDOUT=`clamdscan --stdout --verbose $TEMP/email`
FOUND=`echo $CLAMDOUT | grep -c FOUND`
if [ "$FOUND" -ge 1 ]
then
VIRUS=`echo $CLAMDOUT | grep FOUND | awk '{print $2}'`
cat $TEMP/email | formail -I "$HEADER_SCAN scanned" -I "$HEADER_VIRUS YES ($FOUND)" -I "$HEADER_VIRUS_NAME $VIRUS"
else
cat $TEMP/email | formail -I "$HEADER_SCAN scanned"
fi
rm -f $TEMP/email
exit 0 |
(If you think you have a better way to do this, just let me know )
!!! You need procmail installed for this script, even if you only use Kmail (to have formail)!!!
The Script just executes clamdscan (Here same as above, I use the clamd..if you don't want that daemon running just replace "clamdscan" with "clamscan") and checks the output of that if there were viruses "FOUND".
In this Output is the Virusname, too. So we want to put this into the header
(You can tune the header-fields on top of that file...perhapts there are "official" names for those fields, but I don't know them)
Ok, now lets pipe the Email through this script:
procmail:
Code: | :0fw:virusscan.lock
| /usr/local/bin/virusscan |
Kmail:
Same as with Spamassassin, but the program is /usr/local/bin/virusscan....
Now lets check the output, the script sets the headerfield "X-Virus" (by default).
procmail:
Code: | VIRUSFOLDER="virusfolder/"
:0
* ^X-Virus: YES
$VIRUSFOLDER |
(change the code for the virusfolder here!)
Kmail:
Same as above, but fieldname is "X-Virus" and you can select another folder if you want.
Hope I did not miss anything, feedback is welcome _________________ My Box said: "Install Win95 or better ..." So I installed Linux.
Last edited by ddanier on Sun Sep 28, 2003 12:33 pm; edited 1 time in total |
|
Back to top |
|
|
tacki Guru
Joined: 29 Jun 2002 Posts: 418 Location: Germany
|
Posted: Thu Sep 25, 2003 1:27 pm Post subject: |
|
|
hehe, i doubt this one was easier to configure than a simple amavis
seriously, i didn't had any problems installing amavis (amavisd-new, of course) and amavis runs without any problems.
btw. nice tutorial, good work |
|
Back to top |
|
|
Lovechild Advocate
Joined: 17 May 2002 Posts: 2858 Location: Århus, Denmark
|
Posted: Thu Sep 25, 2003 1:40 pm Post subject: |
|
|
I first thought was... email viruses... but I'm on Linux...
then I recalled that the world is insane and worships Outlook Express.
Nice tutorial btw... all these fine tutorials are making me look bad, I should write something but I can't really think of anything. |
|
Back to top |
|
|
ddanier Tux's lil' helper
Joined: 19 May 2002 Posts: 87
|
Posted: Thu Sep 25, 2003 9:14 pm Post subject: |
|
|
Lovechild wrote: | I first thought was... email viruses... but I'm on Linux... |
I thougt that way a long time, but the actual flood of "gibe".......... _________________ My Box said: "Install Win95 or better ..." So I installed Linux. |
|
Back to top |
|
|
Deever Veteran
Joined: 06 Jul 2002 Posts: 1354 Location: Zürich / Switzerland
|
Posted: Sat Sep 27, 2003 1:21 pm Post subject: Re: Spamfilter and Virusfilter for your desktop (without Ama |
|
|
ddanier wrote: | I will describe both, Kmail and procmail to filter the Emails |
No.
You don't really want to use procmail...take maildrop instead.
greetings,
dev |
|
Back to top |
|
|
ddanier Tux's lil' helper
Joined: 19 May 2002 Posts: 87
|
Posted: Sun Sep 28, 2003 12:34 pm Post subject: |
|
|
did some updates _________________ My Box said: "Install Win95 or better ..." So I installed Linux. |
|
Back to top |
|
|
neenee Veteran
Joined: 20 Jul 2003 Posts: 1786
|
Posted: Mon Mar 08, 2004 7:55 pm Post subject: |
|
|
i had to add --mbox to the clam(d)scan line
to make it use my mutt folders, but now it
works like a charm.
thanks for this guide |
|
Back to top |
|
|
arlequin l33t
Joined: 16 Nov 2002 Posts: 707 Location: grep $USER /etc/passwd | cut -d':' -f6
|
Posted: Sat Apr 24, 2004 12:54 pm Post subject: |
|
|
Ok, nice script... but, I had to change :
Code: | cat $1 | formail (...) |
for
Code: | cat | formail (...) |
in order to make it works (just remove $1 after 'cat').
In fact, procmail pipe the mail to the script instead of sending it in argument ($1).
Thanx _________________ J'vous dis ciao !
Au fait, ciao ça veut dire bye en anglais. |
|
Back to top |
|
|
|