clamdscan uses a virus scanner daemon called clamav to check for viruses in emails. If you use Courier-mta, you probably use mailfilter for local delivery in many cases. The easiest way to use clamav is to configure it in the configuration file .mailfilter and use it from there [1].
lstat() failed: Permission denied. ERROR
I get an error like this and it doesn't work. This seems to be because clamd is running with the privileges of the user clamd and cannot read the mail file.
To avoid this, you could use clamscan instead of clamdscan, but this would result in poor performance as the virus database would have to be loaded every time.
In the end, it took me a few hours to research it, but the most useful thing I found was "HOWTO_Install_Courier_with_maildrop_and_ClamAV_and_SpamA"The article was titled "
According to this, first prepare /usr/bin/clamdscan.sh as follows:
#!/bin/bash # Created by Tom Walsh, slim at ala.net # slightly modified by Wolfgang Ziegler, nuppla at gmx.at # RUN=clamscan # Enable this line, if you are using the clamav-daemon. RUN=clamdscan #start MSG=$(< /proc/self/fd/0) # stdin -> $MSG SCAN=$(echo "$MSG" | $RUN - --stdout --disable-summary) EXIT="$?" VIRUS=$(echo "$SCAN" | awk '{print $2}') SUBJECT=$(echo "$MSG" | reformail -x Subject:) if [ "$EXIT" == "1" ]; then SUBJECT="**VIRUS** [$VIRUS] $SUBJECT" MSG=$(echo "$MSG" | reformail -i"X-Virus-Status: INFECTED") MSG=$(echo "$MSG" | reformail -i"Subject: $(echo "$SUBJECT")") else MSG=$(echo "$MSG" | reformail -i"X-Virus-Status: CLEAN") fi echo "$MSG" exit 0
Make this file executable.
chmod +x /usr/bin/clamscan.sh
Then add the following to .mailfilter:
MAILDIR="$HOME/Maildir" DEFAULT="$MAILDIR" FOLDERS="$DEFAULT/." SPAM="${FOLDERS}junk" CLAMDSCAN="/usr/bin/clamdcan.sh" `${CLAMDSCAN}` if ( /^X-Virus-Status:.*INFECTED/ ) { log "Clamdscan: Virus found\n" to $SPAM }
Maybe this is working... Clamav can look at the contents of the zip file, so that's a good thing.
If you just want to remove emails with .exe attachments[2], you don't need to use clamav; you can do something like this:
# attachments are in the body, so :b flag if ( /^Content-type: (audio|application)/:b \ && /name=.*\.(bat|com|exe|hta|pif|scr|shs |vb[es]|ws[fh])/:b ) { xfilter "${REFORMAIL} -a'$SPAMHEADER potential virus attachment'" log "Illegal Extention\n" to $SPAM}
If you absolutely do not want to receive such emails, you can exit without sending to $SPAM, but sometimes you want to read the body of the email. You could also use reformail to remove the attachment section, but I've been lazy and haven't done it yet.
Bye bye
[1] Some people say to put it in the mail server itself, but this is easier for me as an individual. I'll also try using perlmailfilter when I have time to set up a test server.
[2] The pension service's data leak issue has been a hot topic for the past few days.