[Avcheck] Scan only mails for some domains?

Michael Tokarev mjt@tls.msk.ru
Mon, 05 Nov 2001 22:08:50 +0300


Karsten Dambekalns wrote:
> 
> Hi!
> 
> I got avcheck up and running fairly quick, and it seems to work well
> (detected eicar without problems). Plus the german distributor for
> Kspersky seems quite cooperative.
> 
> So I will go with this: Kaspersky + avcheck + Postfix.
> 
> Only one thing is left: is it possible to scan only mails for selected
> recipients instead of all incoming mail? I guess it is possible,
> postfix can sure do this... Any help/pointers appreciated.

The funny thing -- postfix *can't* do this.  It can route either all
mails into virusscanner or none.  The same is with avcheck -- it will
scan all mails it receives.

If you really want to check mails for only selected recipients, you
can modify infected mail handler.  The "idea" is to scan every message
anyway (if your machine power is sufficient), and then take appropriate
actions only for selected recipients.  You can log a message anyway
(or add a header for example).  Example using bash:

 logger ... "infected by $MSG: from=<$FROM> to=$*"
 nocheck_rcpts=()
 check_rcpts=()
 for i do
   case "$i" in
     rcpt1@to.check|rcpt2@to.check) check_rcpts=("${check_rcpts[@]}" "$i") ;;
     *) nocheck_rcpts=("${nocheck_rcpts[@]}" "$i") ;;
   esac
 done

 if [ $#nocheck_rcpts[*] != 0 ] then
   # send infected mail to all rcpts non-interested to have their mails checked
   $SENDMAIL -f "$FROM" -- "${nocheck_rcpts[@]}" < $MAIL
   if [ $? != 0 ] ; then
     echo "Unable to send mail"
     exit $EX_TEMPFAIL
   fi
 fi

 if [ $#check_rcpts[*] = 0 ] ; then
   # no other recipients
   exit 0
 fi

 ... handle other recpients that wants their mail to be checked

The above example is an example only, to show what can be done.
Note that domain names in addresses are case-insensitive but
shell is case-sensitive, so the case "$i" statement above should
probably be rewritten.

Regards,
 Michael.