Procmail can use external tools to match a condition or to execute the action. The condition can match on the standard output of the tool or on the exit code:
CLAMAV= 'clamdscan --no-summary --stdout -' EXIT_CODE=$? :0: * −1^0 * $EXIT_CODE^0 ! clamav-error@domain.net
The command clamdscan --mbox --disable-summary --stdout - is first executed and the exit code is stored in the variable EXIT_CODE. If the exit code is greater than 1, meaning that an error occurred, the final score is greater than 1 and the email is redirected to clamav-error@domain.net.
To check whether clamdscan detects email, use the following rule:
:0w
CLAMAV= | clamdscan --no-summary --stdout -
:0 fwh
* CLAMAV ?? : \/.* FOUND
| formail -I "X-ClamAV: $MATCH" -I"Subject: virus ${MATCH} found"Now we can put both rules together. The rule can be configured to scan emails that have attachments only and to not scan emails that are too big (more than 10 MB):
:0
* > 10485760
! no-scan@domain.net
:0
* ^Content-Type:.*(attachment|multipart)
{
CLAMAV= 'clamdscan --no-summary --stdout -'
EXIT_CODE=$?
#any issue?
:0:
* −1^0
* $EXIT_CODE^0
! clamav-error@domain.net
# any virus?
:0 fwh
* CLAMAV ?? : \/.* FOUND
| formail -I "X-ClamAV: $MATCH" -I"Subject: virus ${MATCH} found"
}