[Avcheck] infected script problem

Michael Tokarev mjt@tls.msk.ru
Fri, 26 Oct 2001 18:27:50 +0400


Ralf Hildebrandt wrote:
> 
> On Fri, Oct 26, 2001 at 05:33:20PM +0400, Michael Tokarev wrote:
> 
> > Avcheck itself can do all this of it's own -- see -c option.
> > If you'll read a manpage carefully, you'll notice a section where `infected'
> > script environment described, and, in particular, $SENDMAIL variable.
> > Avcheck will set it to point to itself when told to use smtp port for
> > reinjection, with appropriate options.  In the beginning of infected
> > script examples, thers is a line that sets $SENDMAIL in case it was
> > unset - in fact, just to be able to run that script(s) manually.
> 
> Ah yes. But that means I have to use two different invocations:
> 
> if mail is NOT infected, pass it on to amavis on localhost:10025 (this works
> already):
> 
> avcheck_amavisd
>      unix  -       n       n       -       10      pipe
>      user=avpc argv=/var/spool/avp/avcheck
>      -d /var/spool/avp/./tst -s AVP:/var/spool/avp/ctl/AvpCtl
>      -S127.0.0.1:10025 -f ${sender} -- ${recipient}
> 
> if mail IS definitely infected, don't use the setting specified with -S, but
> instead use:
> -S: (localhost:25) to send the infected mail to the admin and a warning to
> the sender/recipient/whatever.

In this case, just set up $SENDMAIL *inside* `infected' script to read

 SENDMAIL="/path/to/avcheck -c -S:"

or something like that (you can omit -S: -- it's default anyway).
Look down to example scripts -- -f$SENDER etc will be set up
later.

> > It's somewhat tricky, but this is how it works... ;)
> 
> Yup.

I don't know a good alternative for this somewhat ugly way --
only by providing another separate executable.  Note that
things works this way because only in this case you don't
need to configure submission way in two places (in MTA
near avcheck command line and in infected script).  As
of now, things are more or less clean and are in one place
(for postfix, them are in master.cf).

Regards,
 Michael.