After having many email viruses passing through Clamav undetected on the sme server and not being identified up by Clamav for several days.
I decided to try AVG ANTIVIRUS for Linux.
After scanning the directory /home/e-smith/files on a production server . AVG identified man false positives as other software has identified the same files as suspicious viruses or trojans or just a bad file.
I wanted another one or two more antivirus software to do virus scanning of emails coming in. Mostly some kind of spam.
The command line options are not as good as Clamav and the output is not very human friendly.
Here is a bash script that will be started on our machines at boot up to do a second scan on email that passed through ClamAV. I discovered the all mail comes into the folder under the user's account named "Maildir/new". Any files placed there will get scanned with this script and deleted by AVG if AVG finds the email contains bad stuff.
Hopefully the email will be deleted rapid enough it will not get further on our systems. Nothing is perfect as far as timing goes. Because i do not know how to make AVG plugins or perl script. I had to approach the email scanning in this way.
I would suppose if the mail got delivered into a temporary holding directory until all scanning antivirus scanning software had a chance to scan it. This will be the way for now.
The script can be easily changed.
The scipt makes use of the AVG daemon in memory and the inotifywait program from the inotify-tools rpm. This is the first time that i have used inotifywait so this is new to me and there may be unknown issues. I am not sure how this will work on a heavily used email server. If you have a heavily used email server. Maybe there is a way to save files in directories other than the "new". Then they could be processed.
As far as I can tell, AVG makes use of the /tmp directory to store temporary files and the names seem to be different. So i do not see conflicts of running running the avgscan software with AVG.
You can get the two rpms, AVG and Inotify-tools off my website. I had posted that in another over the last 30 days
You can find all my current bash scripts at the website too including this one.
You may want to play around with avgscan command line options. So far, they are kind of vague and I am still playing around with avgscan.
#!/bin/bash
# avgdeletebademails
# routine created on 03-23-2013 12:58:00
# routine will scan all new emails for viruses with the avg antivirus
####################### variables that must be set
# LOG FILE NAMING
logitdirectory="/home/e-smith/files/ibays/Primary/html/serverstatus"
logitfilename="avgdeletebademails.txt"
# DIRECTORIES TO WATCH
directorytowatch="/home/e-smith/files/users/*/Maildir/new"
# SET THE FLAG TO 1 TO SCAN EMAILS COMING TO MAILLOG ACCOUNT
flagscanmaillog=0
# SET DELAY TIME BEFORE THE PROGRAM STARTS
delayatstartup=0
####################### end of variables
###################### start of functions
function getemailbasefilename() {
fullfilename=""
#emailbasefilename=""
if [ -z $1 ];then return 0;fi
fullfilename=$(echo ${xfilename// CREATE /})
#emailbasefilename=$(echo $1 | rev)
}
function scanthefile {
getemailbasefilename $(echo $xfilename | rev) "$xfilename"
avgscan $fullfilename -a --delete 1>/dev/null 2>/dev/null
if [ ! -f "$fullfilename" ];then
TODAY=$(date +"%Y%m%d %T")
echo "$TODAY avgscan deleted $fullfilename" >> $logit
fi
}
###################### end of functions
mkdir -p $logitdirectory
chmod 755 $logitdirectory
logit=$logitdirectory/$logitfilename
sleep $delayatstartup
# THE NEXT LINE WILL RESTART THE avg service
#/etc/init.d/avgd restart 2>/dev/null 1> /dev/null
sleep 10
inotifywait -m -e create $directorytowatch 2>&1 /dev/null | \
while read xfilename
do
# TEST IF THE EMAILS TO MAILLOG ACCOUNT IS TO SCANNED
tempstring=$(echo ${xfilename/maillog\/Maildir\//})
if [ "$xfilename" != "$tempstring" ]
then
if [ $flagscanmaillog -eq 1 ]
then
scanthefile
fi
else
scanthefile
fi
done
exit 0
6 Replies
2474 Views