Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Spamfilter and Virusfilter for your desktop (without Amavis)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
ddanier
Tux's lil' helper
Tux's lil' helper


Joined: 19 May 2002
Posts: 87

PostPosted: Thu Sep 25, 2003 11:07 am    Post subject: Spamfilter and Virusfilter for your desktop (without Amavis) Reply with quote

Because I search to get help installing a mailfilter and did not fint anything I'm now going to write a little manual for everyone who wants to use this an home.
I don't use Amavis, because i saw the config of amavis, with over 1000 lines I thought: "Why that can not be easier??"..so I did it my own way.

First, what programms do I use:
* Spamassassin for Spamfilter
* ClamAV for Virusfilter

I combined that with a home Mailserver with fetchmail and stuff, but it is possibe to pipe the Mails through the script with Kmail (or other mailclients? Please give me feedback if it is working with other clients.), too.
I will describe both, Kmail and procmail to filter the Emails ;)

Ok, let's start over!


1. Spamassassin:

Spamassassin is startet as a daemon on my homecomputer, means all my spamtests start with "spamc". If you don't want that daemon just replace "spamc" with "spamassassin"....

First we need to pipe the emails through spamassassin, the procmail rule looks like this:
Code:
 :0fw
| /usr/bin/spamc -f


Without the smapd i think it would look like this:
Code:
 :0fw
| /usr/bin/spamassassin


In Kmail you can configure that the Emails are piped throu spamassassin, too. Here the options are under:
Settings -> Configure Filters -> New Rule -> Filter Actions -> "pipe through" -> put "/usr/bin/spamc -f" in there
(the conditions must fit every email)

After that we must test the Header for the Spamassassin code:

procmail:
Code:
SPAMFOLDER="spamfolder/"

:0
* ^X-Spam-Status: Yes
$SPAMFOLDER

(you have to change your spamfolder!)

Kmail:
Settings -> Configure Filters -> New Rule ->
1. put "X-Spam-Status" in the left condition-field
2. "contains" -> "Yes"
3. select what have to be done with the Emails

That should filter all spamemails...


2. ClamAV:

ClamAV does only check a file (/Email) for a virus, but will not return any Content, so we have to write a own script to pipe the Email through that.
(You find a script in the sourcedirectory of ClamAV under support/trashscan but I don't want to use that)
!!! Don't forget to edit the config in /etc/clamav.conf and do a frashclam to get the latest virusdatabase. !!!

First the script:
(save it to /usr/local/bin/virusscan or /home/<username>/bin/virusscan
I use /usr/local/bin/virusscan)
Code:
#!/bin/bash

HEADER_SCAN="X-Virus-Scan:"
HEADER_VIRUS="X-Virus:"
HEADER_VIRUS_NAME="X-Virus-Name:"
TEMP="/tmp/`whoami`"

if [ ! -d $TEMP ]
then
        mkdir -p $TEMP
fi

if [ -f $TEMP/email ]
then
        cat $1 | formail -I "$HEADER_SCAN failed (temp dir locked up)"
        exit 0
fi

cat $1 > $TEMP/email
CLAMDOUT=`clamdscan --stdout --verbose $TEMP/email`
FOUND=`echo $CLAMDOUT | grep -c FOUND`

if [ "$FOUND" -ge 1 ]
then
        VIRUS=`echo $CLAMDOUT | grep FOUND | awk '{print $2}'`
        cat $TEMP/email | formail -I "$HEADER_SCAN scanned" -I "$HEADER_VIRUS YES ($FOUND)" -I "$HEADER_VIRUS_NAME $VIRUS"
else
        cat $TEMP/email | formail -I "$HEADER_SCAN scanned"
fi

rm -f $TEMP/email

exit 0

(If you think you have a better way to do this, just let me know ;) )
!!! You need procmail installed for this script, even if you only use Kmail (to have formail)!!!

The Script just executes clamdscan (Here same as above, I use the clamd..if you don't want that daemon running just replace "clamdscan" with "clamscan") and checks the output of that if there were viruses "FOUND".
In this Output is the Virusname, too. So we want to put this into the header :D
(You can tune the header-fields on top of that file...perhapts there are "official" names for those fields, but I don't know them)

Ok, now lets pipe the Email through this script:

procmail:
Code:
:0fw:virusscan.lock
| /usr/local/bin/virusscan


Kmail:
Same as with Spamassassin, but the program is /usr/local/bin/virusscan....

Now lets check the output, the script sets the headerfield "X-Virus" (by default).

procmail:
Code:
VIRUSFOLDER="virusfolder/"

:0
* ^X-Virus: YES
$VIRUSFOLDER

(change the code for the virusfolder here!)

Kmail:
Same as above, but fieldname is "X-Virus" and you can select another folder if you want.


Hope I did not miss anything, feedback is welcome ;)
_________________
My Box said: "Install Win95 or better ..." So I installed Linux.


Last edited by ddanier on Sun Sep 28, 2003 12:33 pm; edited 1 time in total
Back to top
View user's profile Send private message
tacki
Guru
Guru


Joined: 29 Jun 2002
Posts: 418
Location: Germany

PostPosted: Thu Sep 25, 2003 1:27 pm    Post subject: Reply with quote

hehe, i doubt this one was easier to configure than a simple amavis :)

seriously, i didn't had any problems installing amavis (amavisd-new, of course) and amavis runs without any problems.

btw. nice tutorial, good work
Back to top
View user's profile Send private message
Lovechild
Advocate
Advocate


Joined: 17 May 2002
Posts: 2858
Location: Århus, Denmark

PostPosted: Thu Sep 25, 2003 1:40 pm    Post subject: Reply with quote

I first thought was... email viruses... but I'm on Linux...

then I recalled that the world is insane and worships Outlook Express.

Nice tutorial btw... all these fine tutorials are making me look bad, I should write something but I can't really think of anything.
Back to top
View user's profile Send private message
ddanier
Tux's lil' helper
Tux's lil' helper


Joined: 19 May 2002
Posts: 87

PostPosted: Thu Sep 25, 2003 9:14 pm    Post subject: Reply with quote

Lovechild wrote:
I first thought was... email viruses... but I'm on Linux...


I thougt that way a long time, but the actual flood of "gibe"..........
_________________
My Box said: "Install Win95 or better ..." So I installed Linux.
Back to top
View user's profile Send private message
Deever
Veteran
Veteran


Joined: 06 Jul 2002
Posts: 1354
Location: Zürich / Switzerland

PostPosted: Sat Sep 27, 2003 1:21 pm    Post subject: Re: Spamfilter and Virusfilter for your desktop (without Ama Reply with quote

ddanier wrote:
I will describe both, Kmail and procmail to filter the Emails ;)

No.
You don't really want to use procmail...take maildrop instead.;)

greetings,
dev
Back to top
View user's profile Send private message
ddanier
Tux's lil' helper
Tux's lil' helper


Joined: 19 May 2002
Posts: 87

PostPosted: Sun Sep 28, 2003 12:34 pm    Post subject: Reply with quote

did some updates ;)
_________________
My Box said: "Install Win95 or better ..." So I installed Linux.
Back to top
View user's profile Send private message
neenee
Veteran
Veteran


Joined: 20 Jul 2003
Posts: 1786

PostPosted: Mon Mar 08, 2004 7:55 pm    Post subject: Reply with quote

i had to add --mbox to the clam(d)scan line
to make it use my mutt folders, but now it
works like a charm.

thanks for this guide :wink:
_________________
proud to be a scout and a chronic penguin hugger
Legion of Lore - site
Back to top
View user's profile Send private message
arlequin
l33t
l33t


Joined: 16 Nov 2002
Posts: 707
Location: grep $USER /etc/passwd | cut -d':' -f6

PostPosted: Sat Apr 24, 2004 12:54 pm    Post subject: Reply with quote

Ok, nice script... but, I had to change :

Code:
cat $1 | formail (...)

for
Code:
cat | formail (...)


in order to make it works (just remove $1 after 'cat').

In fact, procmail pipe the mail to the script instead of sending it in argument ($1).

Thanx :wink:
_________________
J'vous dis ciao !
Au fait, ciao ça veut dire bye en anglais.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum