[Avcheck] infected script problem
Ralf Hildebrandt
Ralf.Hildebrandt@charite.de
Fri, 26 Oct 2001 15:52:59 +0200
On Fri, Oct 26, 2001 at 05:33:20PM +0400, Michael Tokarev wrote:
> Avcheck itself can do all this of it's own -- see -c option.
> If you'll read a manpage carefully, you'll notice a section where `infected'
> script environment described, and, in particular, $SENDMAIL variable.
> Avcheck will set it to point to itself when told to use smtp port for
> reinjection, with appropriate options. In the beginning of infected
> script examples, thers is a line that sets $SENDMAIL in case it was
> unset - in fact, just to be able to run that script(s) manually.
Ah yes. But that means I have to use two different invocations:
if mail is NOT infected, pass it on to amavis on localhost:10025 (this works
already):
avcheck_amavisd
unix - n n - 10 pipe
user=avpc argv=/var/spool/avp/avcheck
-d /var/spool/avp/./tst -s AVP:/var/spool/avp/ctl/AvpCtl
-S127.0.0.1:10025 -f ${sender} -- ${recipient}
if mail IS definitely infected, don't use the setting specified with -S, but
instead use:
-S: (localhost:25) to send the infected mail to the admin and a warning to
the sender/recipient/whatever.
> It's somewhat tricky, but this is how it works... ;)
Yup.
--
Ralf Hildebrandt Tel. +49 (0)30-450 570-155
Fax. +49 (0)30-450 570-916
All data leaves a trail. The search for data leaves a trail. The erasure of
data leaves a trail.The absence of data, under the right circumstances, can
leave the clearest trail of all. Dr. Kio Masada