Mailboxes werden zerstört, wenn ich...

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
crivi
Posts: 104
Joined: 2004-01-27 08:47
Location: Uzwil, Schweiz

Mailboxes werden zerstört, wenn ich...

Post by crivi » 2004-11-23 11:11

dieses in meiner Procmailrc eintrage:

Code: Select all

# --------------------------------------------------------------------------- #
# Virus scan section ...                                                      #
# --------------------------------------------------------------------------- #

# 1. Run TrashScan
:0fw
* multipart
* !^X-Virus-Scan:
| /usr/local/sbin/trashscan
die trashscan sieht folgendermassen aus:

Code: Select all

#! /bin/sh
#
# TrashScan v0.12; Scan email for viruses
# ZapCoded by Trashware; 22.04.2004
# Email: trashware@gmx.de
# Web: http://trashware.mirrorz.com
# ----------------------------------
# modified by mrak@redigy.cz for internal use in redigy s.r.o.
# ------------------------------------------------- Begin Settinx ------------------------------------------------- #
#echo "$HOME">>/tmp/debug
SCANDIR=$HOME
# Temp directory for virus scans.
                                                                                # Security: Don't define public
                                                                                # accessible directories here !!!
                                                                                # $HOME/tmp should be fine.
DECODER=metamail                                                                # Decoder: "metamail" or "uudeview"
DECODPRG=/usr/bin/metamail                                                      # Absolute path to decoder: metamail
#DECODER=uudeview                                                              # Decoder: "metamail" or "uudeview"
#DECODPRG=/usr/local/bin/uudeview                                                    # Absolute path to decoder: uudeview
VSCANNER=clamav                                                               # Scanner: "clamav". If you are using
                                                                                # clamav and you define "clamav" here
                                                                                # then the name of the detected virus
                                                                                # will be reported
VSCANPRG=/usr/bin/clamdscan                                                # Absolute path to the virus scanner
VSCANOPT="--quiet --tempdir=$HOME/tmp --recursive --max-files=500 
        --max-space=30M --unzip=/usr/bin/unzip --unrar=/usr/bin/unrar 
        --unarj=/usr/bin/unarj --lha=/usr/bin/lha --jar=/usr/bin/unzip 
        --tar=/bin/tar --tgz=/bin/tar"                                          # Parameters for the virus scanner.
                                                                                # Security: Don't choose public
                                                                                # accessible directories for the
                                                                                # --tempdir definition !!!
                                                                                # --tempdir=$HOME/tmp should be fine.
VSCANVEX=1                                                                      # Exitcode of the virus scanner if a
                                                                                # virus was found
VSCANSUSP=mail.virus                                                            # File to store suspicious mail (see
                                                                                # procmail.trashscan)
FORMAIL=/usr/bin/formail                                                        # Absolute path to formail
PROCMAIL=/usr/bin/procmail                                                      # Absolute path to procmail
SENDMAIL=/usr/sbin/sendmail                                                     # Absolute path to sendmail
AWK=/usr/bin/awk                                                                # Absolute path to awk
CAT=/bin/cat                                                                    # Absolute path to cat
GREP=/bin/grep                                                                  # Absolute path to grep
LOGGER=/usr/bin/logger                                                          # Absolute path to logger
LOGPRIO=mail.warn                                                               # Log level for logger
MKDIR=/bin/mkdir                                                                # Absolute path to mkdir
RM=/bin/rm                                                                      # Absolute path to rm
SED=/bin/sed                                                                    # Absolute path to sed
ALERT=no


# send alert messages if a virus
                                                                                # was detected (yes | no)
ALERTRCVR=info@crivi.ch
# Receiver of virus alert messages
ALERTSNDR=info@crivi.ch
# Sender of virus alert messages
ALERTCTCT=info@crivi.ch
# Person to contact (appears in the
                                                                                # mail body of the virus alert)
NOTIFY=yes                                                                       # Notify the sender and the receiver
                                                                                # of the original message if a virus
                                                                                # was detected (yes | no).
                                                                                # Warning: Some virii fake the From:
                                                                                # and To: headers !!!
# VKLUDGE="X-My-Very-Own-Kludge:"                                               # Optional: This kludge marks email
                                                                                # as scanned and is needed for
                                                                                # further procmail operation.
                                                                                # See example in procmail.trashscan.
                                                                                # Warning: Don't define this keyword
                                                                                # if you don't know what you are
                                                                                # doing !!!
# -------------------------------------------------- End Settinx -------------------------------------------------- #

# No need to change anything below !!!

INFILE=$1
TSC=TrashScan
TASKDIR=$SCANDIR/$TSC-$$
MSGDIR=$TASKDIR/message
ATTDIR=$TASKDIR/attach
TSCV="$TSC v0.12"
if [ ! $VKLUDGE ]; then
    VKLUDGE="X-Virus-Scan:"
fi

umask 0027

${MKDIR} -p ${TASKDIR}
${MKDIR} ${MSGDIR}
${MKDIR} ${ATTDIR}
${CAT} ${INFILE} > ${MSGDIR}/rec.msg

case ${DECODER} in
    metamail|METAMAIL|Metamail)
        METAMAIL_TMPDIR=$ATTDIR
        export METAMAIL_TMPDIR
        ${DECODPRG} -r -q -x -w ${MSGDIR}/rec.msg &>/dev/null
        ;;
    uudeview|UUDEVIEW|Uudeview)
        ${DECODPRG} -q -i -v -p ${ATTDIR} ${MSGDIR}/rec.msg
        ;;
    *)
        ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Warning, wrong keyword definition: DECODER=${DECODER}"
        ;;
esac

case ${VSCANNER} in
    clamav|CLAMAV|Clamav)
        VSCANREP=${TASKDIR}/VSCANLOG
        VSCANOPT="${VSCANOPT} --log=${VSCANREP}"
        ;;
    *)
        VIRNAME=UNKNOWN
        ;;
esac

${VSCANPRG} ${VSCANOPT} ${ATTDIR} &>/dev/null
VSCANRC=$?
#if [ ${VSCANRC} = $VSCANVEX ]; then

case "$VSCANRC" in
"$VSCANVEX")
    if [ ! $VIRNAME ]; then
        VIRNAME=`${GREP} -e "FOUND" ${VSCANREP} | ${AWK} -F "FOUND" '{print $1}' | ${AWK} '{print $NF}'`
    fi
    FROM=`${GREP} -e "^From:" ${MSGDIR}/rec.msg | ${SED} -e "s/From: *//" -e "s/.*<//" -e "s/>.*//"`
    TO=`${GREP} -e "^To:" ${MSGDIR}/rec.msg | ${SED} -e "s/To: *//" -e "s/.*<//" -e "s/>.*//"`
    SUBJ=`${GREP} "Subject:" ${MSGDIR}/rec.msg | ${SED} -e "s/Subject: *//" -e "s/.*<//" -e "s/>.*//"`
    DATE=`${GREP} "Date:" ${MSGDIR}/rec.msg | ${SED} -e "s/Date: *//" -e "s/.*<//" -e "s/>.*//"`
    (${FORMAIL} -r -I "From: $ALERTSNDR" -I "Subject: Suspicious Attachment") < ${MSGDIR}/rec.msg > ${TASKDIR}/head.rep
    echo "----------------------------------------------------------------------" > ${TASKDIR}/body.rep
    echo -e "Warning: Message delivery wasn't performed.n" >> ${TASKDIR}/body.rep
    echo "Reason: Our virus scanner detected very suspicious code in" >> ${TASKDIR}/body.rep
    echo -e "the attachment of a mail addressed to a user of our system.n" >> ${TASKDIR}/body.rep
    echo -e "The following message will not be delivered:n" >> ${TASKDIR}/body.rep
    echo "From: $FROM" >> ${TASKDIR}/body.rep
    echo "To: $TO" >> ${TASKDIR}/body.rep
    echo "Subj: $SUBJ" >> ${TASKDIR}/body.rep
    echo "Date: $DATE" >> ${TASKDIR}/body.rep
    echo -e "Virus: $VIRNAMEn" >> ${TASKDIR}/body.rep
    echo "Feel free to contact $ALERTCTCT if you can't cope with it." >> ${TASKDIR}/body.rep
    echo -e "----------------------------------------------------------------------n" >> ${TASKDIR}/body.rep
    echo -e "This mail was automatically generated by $TSCVn" >> ${TASKDIR}/body.rep
    ALERTMSG="Not sent"
    case ${ALERT} in
        yes|YES|Yes)
            (${CAT} ${TASKDIR}/head.rep; ${CAT} ${TASKDIR}/body.rep) | ${FORMAIL} -I "To: $ALERTRCVR" | ${SENDMAIL} -t -oi
            ALERTMSG="Message sent to $ALERTRCVR"
            ;;
        no|NO|No)
            ;;
        *)
            ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Warning, wrong keyword definition: ALERT=${ALERT}"
            ;;
    esac
    NOTIFYMSG="Not sent"
    case ${NOTIFY} in
        yes|YES|Yes)
            case $VIRNAME in
                klez|bugbear|hybris|yaha|braid|nimda|tanatos|sobig|winevar|palyh|fizzer)
                    NOTIFYMSG="Not sent (detected virus fakes From: and To: headers)"
                    ;;
                *)
                    (${CAT} ${TASKDIR}/head.rep; ${CAT} ${TASKDIR}/body.rep) | ${SENDMAIL} -t -oi
                    (${CAT} ${TASKDIR}/head.rep; ${CAT} ${TASKDIR}/body.rep) | ${FORMAIL} -I "To: $TO" | ${SENDMAIL} -t -oi
                    NOTIFYMSG="Messages sent to $FROM and $TO"
                    ;;
            esac
            ;;
        no|NO|No)
            ;;
        *)
            ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Warning, wrong keyword definition: NOTIFY=${NOTIFY}"
            ;;
    esac
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "************************************************************************"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Suspicious code in mail attachment detected !!!"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "From: $FROM"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "To: $TO"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Subj: $SUBJ"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Date: $DATE"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Virus: $VIRNAME"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Alert: $ALERTMSG"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Notification: $NOTIFYMSG"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "Check $VSCANSUSP !!!"
    ${LOGGER} -p ${LOGPRIO} -t "$TSC[$$]" "************************************************************************"
    ${FORMAIL} -I "$VKLUDGE Suspicious" < ${MSGDIR}/rec.msg |cat
#    echo "viroza ${MSGDIR}">>/tmp/debug
    # ${PROCMAIL} -a $FROM -a $TO
;;
"2")
    ${FORMAIL} -I "$VKLUDGE ERROR NOTscanned by $TSCV running on $HOSTNAME rev_val $VSCANRC" < ${MSGDIR}/rec.msg |cat
;;
"0")
    ${FORMAIL} -I "$VKLUDGE Scanned by $TSCV running on $HOSTNAME rev_val $VSCANRC" < ${MSGDIR}/rec.msg |cat
#    echo "neviroza  ${MSGDIR}">>/tmp/debug
    # ${PROCMAIL} -a $FROM -a $TO
;;
esac

${RM} -rf ${TASKDIR}

exit 0
Das ist das einzige was ich habe.

Hat es da irgend ein Fehler drin?

Auf alle fälle wenn das drin ist erschein im Outlook folgenden Fehler:

Code: Select all

Unable to process From lines (envelopes). change recognition modes or check for corrupted mail drop
Dann lösche ich schnell meine Mailbox und dann funktioniert es wieder. Aber sobald wieder eien E-Mail reinkommt, ist es wieder kaputt.
Was ist da falsch?

Danke

Gruss Raffi

crivi
Posts: 104
Joined: 2004-01-27 08:47
Location: Uzwil, Schweiz

Re: Mailboxes werden zerstört, wenn ich...

Post by crivi » 2004-11-23 11:22

so nun bin ich soweit dass er mir meine Postfächer nicht mehr kaputt macht.

Ich hatte zuwenig rechte auf der trashscan datei.

Jetzt kommen allerdings keine Mails mehr an. In der Maillog steht auch nichts.
In der clamd.log steht auch nichts drin. Also hat clamd auch nichts gemacht.

Was ist da noch falsch?

Danke

gruss Raffi