clamav

Using procmail is an easy way to use ClamAV with Postfix, or Sendmail (although the Sendmail milter below is probably better for Sendmail users).

SHELL=/bin/sh
DROPPRIVS=yes
AV_REPORT=`clamscan --stdout --disable-summary - | cut -d: -f 2`
VIRUS=`if [ "$AV_REPORT" != " OK" ]; then echo Yes; else echo No;fi`
:0fw
| formail -i "X-Virus: $VIRUS"
:0:
* ^X-Virus: Yes
$HOME/mail/junkbox

ClamAV with Sendmail Milter

Download the Clam AV RPMs from http://dag.wieers.com/packages/clamav/

Install the RPMs

rpm -Uvh clam*

Check Sendmail supports MILTER

sendmail -d0 < /dev/null | grep MILTER MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6

Change clamd to run with a socket

vi /etc/clamd.conf

Configure Sendmail to use the milter

vi /etc/mail/sendmail.mc

Make sure ClamAV and Sendmail are using the same socket.

vi /etc/sysconfig/clamav-milter

Restart all the services

/etc/init.d/clamd start
/etc/init.d/clam-av-milter start
/etc/init.d/sendmail restart

Send a test email and check for the ClamAV headers.

Clam AV and Procmail

Add this to /etc/procmailrc to have the suspicious emails go elsewhere:

:0:
* ^X-Virus-Scan: Suspicious
virus