Yesterday evening I installed Ask's qpsmtpd because I really really hated qmail-scanner-queue.pl (bad perl4 code, and horribly designed). The same evening I got most of a clamav plugin working. Today I got it working proper (and removed hundreds of lines of code in the process - I didn't realise that clamav had its own email parser in it, so I could discard all of that).
Anyway, if you want to stop (some) viruses at your gateway, here's the code (free software, blah blah - please put this in the distro if you like it, Ask):
#!/usr/bin/perl -w # Clam-AV plugin.Uncomment the "return (DENY,..)" if you never want those nasty viruses in your inbox (though I don't know how accurate clamav is, so you may want to be careful at first).
use File::Temp qw(tempfile);
sub register { my ($self, $qp) = @_; $self->register_hook("data_post", "clam_scan"); }
sub clam_scan { my ($self, $transaction) = @_;
my ($temp_fh, $filename) = tempfile(); print $temp_fh $transaction->header->as_string; print $temp_fh "\n"; while (my $line = $transaction->body_getline) { print $temp_fh $line; } seek($temp_fh, 0, 0);
# Now do the actual scanning! my $cmd = "/usr/local/bin/clamscan --stdout -i --max-recursion=50 --disable-summary $ filename 2>&1"; $self->log(1, "Running: $cmd"); my $output = `$cmd`;
my $result = ($? >> 8); my $signal = ($? & 127);
unlink($filename); chomp($output);
$output =~ s/^.* (.*) FOUND$/$1 /mg;
$self->log(1, "clamscan results: $output");
if ($signal) { $self->log(1, "clamscan exited with signal: $signal"); return (DECLINED); } if ($result == 1) { $self->log(1, "Virus(es) found"); # return (DENY, "Virus Found: $output"); $transaction->header->add('X-Virus-Found', 'Yes'); $transaction->header->add('X-Virus-Details', $output); } elsif ($result) { $self->log(1, "ClamAV error: $result\n"); } $transaction->header->add('X-Virus-Checked', 'Checked'); return (DECLINED); }
