1

I have a working postfix + clamav installation. How can I configure this to not just quarantene infected emails but if this happens also send a copy of the email to the sysadmins address?

What I found in clamav-milter.conf is:

VirusAction /usr/local/bin/virus.pl
RejectMsg "REJECT - AntiVirus detected: %v"

But virus.pl only generates a virus warning message what's sent back to the client. The script does not get the infected letters message body.

I could easily modify this just to get an alert with the virus-es name to the sysadmins but what I want is that the actual message to be forwarded to us.

Thanks

nokia445
  • 11
  • 2
  • What's the content of `/usr/local/bin/virus.pl`? Is that script just your own-developed script or from some package? – tpml7 Oct 22 '14 at 15:10

1 Answers1

1
#clamav-milter.conf
OnInfected Quarantine
VirusAction /usr/local/bin/virus.pl

Extract from clamav-milter.conf man page

  • Quarantine - message is quarantined instead of being delivered. NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ. For Postfix this causes the message to be placed on hold

  • VirusAction /usr/local/bin/virus.pl - Execute a command (possibly searching PATH) when an infected message is found. The following parameters are passed to the invoked program in this order: virus name, queue id, sender,destination, subject, message id, message date.

You can use the queue id passed as an argument in the script to get the actual mail content using postcat -q <queue id> and email the same to your administrator. Hope this helps.

clement
  • 955
  • 5
  • 9