Posted by Steve on Wed 29 Sep 2004 at 19:13
Viruses are a fact of life nowadays, be they real viruses or worms which require manual intervention on the half of a user to propogate. Unix systems tend to be immune from the viruses themselves, but they still have mail queues full of viral messages. Read on to learn how to remove them safely.
There are several virus scanners available for GNU/Linux systems, ClamAV is the only one which is licensed under the terms of the GNU General Public license.
This is available for Debian systems, either in the official Debian archives, or as a backport for Woody.
Installing the software you'll be prompted for a frequency to update your signatures - these must be updated regularly to allow the scanner to recognise new threats, choose 'Hourly' when prompted.
Once you've installed the clamav package you will discover that you have a binary installed called clamscan. This is used to scan files for Windows viruses.
To scan your mail automatically is a simple process if you're using procmail to sort your mail after it is delivered.
Most of the work is writing a small snippet of code to invoke the scanner on incoming messages.
Once such script is called clamfilter, and it can be invoked by a procmail recipe as follows:
# # Scan for Viral emails # :0fw | /usr/local/bin/clamfilter.pl :0 H: * X-Virus-Found: yes $HOME/Mail/virus
This will invoke the script on all incoming mail, and if any of the messages contain a known virus then the will be moved into a local folder called virus.
From there you can do as you wish.
This article can be found online at the Debian Administration website at the following bookmarkable URL:
This article is copyright 2004 Steve - please ask for permission to republish or translate.