knowledgebase/linux/miscapplications/clamav __ClamAV with Procmail__ Using procmail is an easy way to use ClamAV with Postfix, or Sendmail (although the Sendmail milter below is probably better for Sendmail users). {code:none} SHELL=/bin/sh DROPPRIVS=yes AV_REPORT=`clamscan --stdout --disable-summary - | cut -d: -f 2` VIRUS=`if [ "$AV_REPORT" != " OK" ]; then echo Yes; else echo No;fi` :0fw | formail -i "X-Virus: $VIRUS" :0: * ^X-Virus: Yes $HOME/mail/junkbox {code} __ClamAV with Sendmail Milter__ Download the Clam AV RPMs from http://dag.wieers.com/packages/clamav/ Install the RPMs {code} rpm -Uvh clam* {code} Check Sendmail supports MILTER {code} sendmail -d0 < /dev/null | grep MILTER MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 {code} Change clamd to run with a socket {code} vi /etc/clamd.conf {code} Uncomment: #LocalSocket /var/run/clamav/clmilter.socket Comment out TCPSocket Configure Sendmail to use the milter {code} vi /etc/mail/sendmail.mc {code} Add: (one line) INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.socket, F=T, T=S:4m;R:4m') Make sure ClamAV and Sendmail are using the same socket. {code} vi /etc/sysconfig/clamav-milter {code} Change the socket location to "/var/run/clamav/clmilter.socket" Restart all the services {code} /etc/init.d/clamd start /etc/init.d/clam-av-milter start /etc/init.d/sendmail restart {code} Send a test email and check for the ClamAV headers. __Clam AV and Procmail__ Add this to /etc/procmailrc to have the suspicious emails go elsewhere: {code} :0: * ^X-Virus-Scan: Suspicious virus {code} 2006-08-22 20:45:23.0 2005-08-25 23:35:38.0