#!/bin/bash # # Copyright (C) 2002 Nigel Horne <njh@bandsman.co.uk> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # 28/10/02: # Moved from /etc/smrsh/clamav to /usr/local/etc/mboxscan # Use procmail to deliver the message # Added spamassassin support # 29/10/02: # Fixed problem when spam causes two bounces # FIXME: this adds an unwanted envelope from mail@localhost, which # sends rejections to the wrong place # Use sendmail to filter incoming messages. # Place this in /usr/local/etc/mboxscan # then update /etc/aliases thus: # njh: "|/usr/local/etc/mboxscan njh" # fred: "|/usr/local/etc/mboxscan fred" typeset -r EX_OK=0 typeset -r EX_USAGE=64 typeset -r EX_DATAERR=65 typeset -r EX_UNAVAILABLE=69 if [ $# -ne 1 ]; then echo usage: $0 user exit $EX_USAGE fi set -u typeset -r NAME=$1 # tk: create the temporary file in a safe manner (if it's possible) if [ -x /bin/mktemp ]; then typeset -r INTMPFILE=`/bin/mktemp ${TMPDIR:=/tmp}/${NAME}.XXXXXX` elif [ -x /bin/tempfile ]; then typeset -r INTMPFILE=`/bin/tempfile -d ${TMPDIR:=/tmp}` else typeset -r RND=$RANDOM$RANDOM$RANDOM if [ -x /usr/bin/md5sum ]; then typeset -r RND="echo $RND|/usr/bin/md5sum" fi typeset -r INTMPFILE=${TMPDIR:=/tmp}/${NAME}$$$RND fi cat > $INTMPFILE OUTPUT=`/usr/local/bin/clamscan --disable-summary -i --mbox - 2>&1 <$INTMPFILE` if [ $? -ne 0 ]; then rm $INTMPFILE typeset -r MESS="Virus intercepted by `/usr/local/bin/clamscan --version 2>&1`" echo $MESS echo $OUTPUT echo "Your e-mail has NOT been delivered to ${NAME}" logger \($NAME\) $MESS $OUTPUT exit $EX_DATAERR fi if [ -x /usr/bin/spamc ]; then /usr/bin/spamc -c < $INTMPFILE > /dev/null if [ $? -ne 0 ]; then typeset -r MESS="Spam intercepted by `/usr/bin/spamassassin --version 2>&1`" /usr/bin/spamassassin -r -w MAILER-DAEMON < $INTMPFILE rm $INTMPFILE logger \($NAME\) $MESS # Pretend that it *has* been delivered, since spamassassin -w # will have bounced it anyway exit $EX_OK fi fi # FIXME: Can't use procmail to deliver because that hasn't got the permission # to setuid to ${NAME} to write /var/mail/${NAME} # typeset -r HOSTNAME=`hostname` # OUTPUT=`procmail -t -Y -a $HOSTNAME -d ${NAME} < $INTMPFILE` # This is what adds the annoying mail@localhost OUTPUT=`/usr/lib/sendmail -n ${NAME} < $INTMPFILE` if [ $? -ne 0 ]; then echo $OUTPUT rm $INTMPFILE exit $EX_UNAVAILABLE fi rm $INTMPFILE exit $EX_OK