Wednesday, February 08, 2006
postfix re-injection spamassassin+clamav
postfix re-injection spamassassin+clamav
/etc/postfix/master.cf
smtp inet n - - - - smtpd
-o content_filter=spamassassin:dummy
-o receive_override_options=no_address_mappings
spamassassin unix - n n - 10 pipe
-o content_filter=
-o receive_override_options=no_address_mappings
flags=Rq user=spamassassin argv=/usr/local/bin/spamassassin.sh -f
${sender} -- ${recipient}
# cat /usr/local/bin/spamassassin.sh
#!/bin/bash
/usr/bin/spamassassin | /usr/sbin/sendmail -i "$@"
exit $?
you need a clamav.cf and clamav.pm in your /etc/mail/spamassassin
directory, or where ever your local.cf resides. They are easy enough to
find, but I cat'd them below. Adjust spamassassin rules if it is too
slow... the more rules, the slower it goes. If it is still too slow,
consider not using spamassassin.
things to note:
local.cf: turn report_safe 1 to report_safe 0 so it does not package
identified spam mail as an attachments.
use the Bayesian classifier, it works really well.
use_bayes 1
use_bays_rules 1
bayes_auto_learn 1
clamav.cf and .pm are not very large, just put them in your
/etc/mail/spamassassin dir, yes the .pm too.
# cat clamav.cf
loadplugin ClamAV clamav.pm
full CLAMAV eval:check_clamav()
describe CLAMAV Clam AntiVirus detected a virus
score CLAMAV 10
# cat clamav.pm
package ClamAV;
use strict;
use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use File::Scan::ClamAV;
our @ISA = qw(Mail::SpamAssassin::Plugin);
sub new {
my ($class, $mailsa) = @_;
$class = ref($class) || $class;
my $self = $class->SUPER::new($mailsa);
bless ($self, $class);
$self->register_eval_rule ("check_clamav");
return $self;
}
sub check_clamav {
my ($self, $permsgstatus, $fulltext) = @_;
my $clamav = new File::Scan::ClamAV(port => 3310);
my ($code, $virus) = $clamav->streamscan(${$fulltext});
my $isspam = 0;
my $header = "";
if(!$code) {
my $errstr = $clamav->errstr();
Mail::SpamAssassin::Plugin::dbg("ClamAV: Error scanning: $errstr");
$header = "Error ($errstr)";
} elsif($code eq 'OK') {
Mail::SpamAssassin::Plugin::dbg("ClamAV: No virus detected");
$header = "No";
} elsif($code eq 'FOUND') {
Mail::SpamAssassin::Plugin::dbg("ClamAV: Detected virus: $virus");
$header = "Yes ($virus)";
$isspam = 1;
} else {
Mail::SpamAssassin::Plugin::dbg("ClamAV: Error, unknown return code:
$code");
$header = "Error (Unknown return code from ClamAV: $code)";
}
$permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = $header;
$permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = $header;
return $isspam;
}
1;
#
