SourceFiles.org - Use the Source, Luke

ClamCour 0.3.8

ClamCour is a Courier filter that allow Clam Antivirus to scan incoming mail for viruses, and rejects it if check is positive. Attachments can be "quarantinated" and custom email reports can be sent.

Requirements: - ClamAv 0.7.x or better - Courier-MTA 0.43 or better
Installation: - configure - make - make sure that Courier isn't running and type "make install" - type "filterctl start clamcour" ... check your mail log for clamcour activation. (this step is required if you install ClamCour for the first time).

filterctl is a Courier binary, find it in your installation.

Configuration

Into Courier's etc/clamcour dir, you have to write clamcour's configuration files.

Store viral attachments: Create a "quarantine" text file, with a single text line that sets quarantine path. More lines will be ignored. Quarantine's path MUST BE Courier writable. Only messages are stored (not control files), message is stored unmodified. To add bZip2 compression, just create a "bz2_compression" empty file. To add GZip compression, just create a "gz_compression" empty file. If both are present, bZip2 compression will be used.
Customizable message for destination recipients: You can write a customizable message that is sent to viral message's receiver, so you can advertise him of a lost message (that can be eventually be recovered from quarantine). File message's name is "virmessage", and it has to be formatted in this way:
First line: sysadmin or postmaster email address Second line: notifying message's subject Following lines: user message.
You can use free text, and four tags. Tags must be enclosed between '%' characters, and they are:
%host%: it will be replaced with source host information, it is supplied by Courier-MTA. %sender%: it will be replaced with sender's email address. %date%: it will be replaced with message's date (incoming message file date). %virname%: it will be replaced with virus signature, it is supplied by ClamAV.
To write a '%' character, just double it '%%'.
Maximum size for attachment scanning As default, clamcour won't scan attachments that are bigger than 1Mb, thus avoiding timeout during receiving big messages. You can change the limit writing a "sizelimit" text file, and specifying maximum dimension in bytes. A value of "0" disables any size limit check.

In 0.3.2 version a new feature was added, a FIFO file where you can remotely control ClamCour. Just echo on it, it's located in /tmp directory.

Available commands (case-sensitive):

reloadDB This command refresh internal ClamAV virus database. It has to be called after a freshclam's successful update. Just edit your freshclam.conf, and modify ( obviously uncomment :-) ) this line
OnUpdateExecute /bin/echo reloadDB > /tmp/clamcour.fifo
If there are some mails under scanning, database update will delayed until clamcour gets idle.

More commands may be available in future.

ACKNOWLEDGEMENTS

I'd like to thank:

Flavio Stanchina (flavio@stanchina.net), for suggesting bugs and solutions. Thanks to his debugging, multithreading in this release is more stable.
Federico Baraldi (federico@fbaraldi.it), for "temporary dir" bug and 0.2.1 testing.
Frederik Dannemare (frederik@dannemare.net) for man page and Debian packages.
Christophe Greisberger (greisberger@zenon-media.com) for suggesting maildrop bug resolved in 0.2.2 version.
Marat Bakeev (hawara@hawara.com) for helping me with a bug that sets a wrong size for sockaddr_un type on some platforms (i.e. FreeBSD).
Jerome Blion (jerome@hebergement-pro.org) for helping me with dynamic linking of clamav library and for missing #defines.
Cyrille Vladimirov (kiro@kircho.net) for xBSD platform testing.
Francisco J. Alvarez (fraalv@gmail.com) for Solaris SPARC 64-bit platform testing.
Denis Sorokin (denis@sorokin.net) for 0.3.6 testing and bug fixing.

Any contribution or suggestion will be appreciated. Write me at tony@becrux.com for help.