amavis-notify-parser README
What is it ?
This program parses incoming mails from Amavis to the hostmaster for information on the virus, that was detected. It writes a log of these data, which then can be used for statistics.
Where came it from ?
http://sourceforge.net/projects/amavis-n-parser/
What do i need ?
- php-cgi (4.x) binary (testet with 4.1.2)
- mailserver with amavis (so fra amavis-notify-parser only supports McAfee uvscan, but that will change rapidly)
- a statistics utility (right now only the logformat of the qmail scanner is supportet. A suitable utility for statistics on that is qss - http://sourceforge.net/projects/qss)
Installation
- move the script somewhere on your system, where you want it
- create a directory where it can put it's log in (e.g. /var/log/virus) and modify the rights, that it is allowed to write to that log (postfix runs scripts as nobody)
- edit the script and change the location of your php4 binary and the location for the logfile.
- add an alias to your aliases table for the script ex.: virusalert: "|/usr/local/scripts/amavis-notify-parser" or : virusalert: root,"|/usr/local/scripts/amavis-notify-parser" and update your aliases table (postmap /etc/aliases for postfix, newaliases for sendmail.)
- configure your amavis to deliver hostmaster, notifies to that mailadress.
What about my existing notify-messages
Actually, you are able to import your existing messages to the logfile. By running the script on the commandline with the following syntax:
./amavis-notify-parser <Maildir>|<mbox-file>
Where <Maildir> is the directory where you have stored your notify mails in Maildir style of <mbox-file> is the mbox-style file, where you've stored your notify mails.
Stuff
This script is still evolving. You may send input to me and evt. samples of notifies for other virus-scanners for implementation.