Discussion:
ClamAV with Alpine on Ubuntu
David Prager Branner
2012-02-20 18:27:12 UTC
Permalink
I am using Alpine 2.00 on Ubuntu 10.04.3 to access accounts on
smtp.gmail.com, with great satisfaction. I have two questions.

1. Recently I discovered that the antivirus software ClamAV has identified
a virus — perhaps a false positive — in one of the "folder" files that
Alpine saves messages to on my server. I'm unable to locate the offending
text or code manually, and am wondering if Alpine can be configured to work
with ClamAV to identify a specific message in a "folder" more precisely.

2. A related question is whether it is possible to configure Alpine to scan
incoming mail using ClamAV as it arrives, rather than when it is saved to
disk.

I find no references to "clamav" in the archives of this list.

Thanks for your help.

Sincerely,

David Branner
brannerchinese.com
Ken Mankoff
2012-02-20 18:44:27 UTC
Permalink
Interesting questions. I look forward to the other replies.

You could convert a copy of the mailbox to mbox format - each message gets it's own file on disk I think. This might make identifying the message easier.

-k.
I am using Alpine 2.00 on Ubuntu 10.04.3 to access accounts on smtp.gmail.com, with great satisfaction. I have two questions.
1. Recently I discovered that the antivirus software ClamAV has identified a virus — perhaps a false positive — in one of the "folder" files that Alpine saves messages to on my server. I'm unable to locate the offending text or code manually, and am wondering if Alpine can be configured to work with ClamAV to identify a specific message in a "folder" more precisely.
2. A related question is whether it is possible to configure Alpine to scan incoming mail using ClamAV as it arrives, rather than when it is saved to disk.
I find no references to "clamav" in the archives of this list.
Thanks for your help.
Sincerely,
David Branner
brannerchinese.com
_______________________________________________
Pine-info mailing list
http://mailman2.u.washington.edu/mailman/listinfo/pine-info
Ken Mankoff
2012-02-20 19:53:20 UTC
Permalink
If you are IMAPing doesn't google/gmail do virus scanning? If you are fetching, then the solution is found by linking procmail to clamav, not alpine to clamav.


Or, more specifics would help. Do you want alpine to make clamav scan a remote IMAP message on the gmail servers, or scan a message as it is saved to the local folder but before that folder is modified?

-k.
I am using Alpine 2.00 on Ubuntu 10.04.3 to access accounts on smtp.gmail.com, with great satisfaction. I have two questions.
1. Recently I discovered that the antivirus software ClamAV has identified a virus — perhaps a false positive — in one of the "folder" files that Alpine saves messages to on my server. I'm unable to locate the offending text or code manually, and am wondering if Alpine can be configured to work with ClamAV to identify a specific message in a "folder" more precisely.
2. A related question is whether it is possible to configure Alpine to scan incoming mail using ClamAV as it arrives, rather than when it is saved to disk.
I find no references to "clamav" in the archives of this list.
Thanks for your help.
Sincerely,
David Branner
brannerchinese.com
_______________________________________________
Pine-info mailing list
http://mailman2.u.washington.edu/mailman/listinfo/pine-info
David Prager Branner
2012-02-20 20:03:46 UTC
Permalink
Dear Ken,

Thanks for your replies.

I haven't learned to use procmail yet, but am definitely intent on doing so
when I have some time. At the moment, I simply run Alpine locally and gmail
does everything else. Somehow or other, the messages in question got
through gmail's normally excellent filters, which is why I suspect they may
be false positives. My interest in using ClamAV is that I may not always be
using gmail.

As for the specifics you mention, I suppose it would be less trouble to
scan messages as they are saved locally. I know that gmail isn't always
cooperative about remote access, so this would probably save some
bandwidth. But I'll be glad to follow your suggestions as to the most
efficient thing to do.

- dpb
Post by Ken Mankoff
If you are IMAPing doesn't google/gmail do virus scanning? If you are
fetching, then the solution is found by linking procmail to clamav, not
alpine to clamav.
Or, more specifics would help. Do you want alpine to make clamav scan a
remote IMAP message on the gmail servers, or scan a message as it is saved
to the local folder but before that folder is modified?
-k.
I am using Alpine 2.00 on Ubuntu 10.04.3 to access accounts on
smtp.gmail.com, with great satisfaction. I have two questions.
1. Recently I discovered that the antivirus software ClamAV has identified
a virus — perhaps a false positive — in one of the "folder" files that
Alpine saves messages to on my server. I'm unable to locate the offending
text or code manually, and am wondering if Alpine can be configured to work
with ClamAV to identify a specific message in a "folder" more precisely.
2. A related question is whether it is possible to configure Alpine to
scan incoming mail using ClamAV as it arrives, rather than when it is saved
to disk.
I find no references to "clamav" in the archives of this list.
Thanks for your help.
Sincerely,
David Branner
brannerchinese.com
_______________________________________________
Pine-info mailing list
http://mailman2.u.washington.edu/mailman/listinfo/pine-info
Ken Mankoff
2012-02-20 23:38:58 UTC
Permalink
I think this is a fairly basic use of the alpine 'filter' ability.
Set a filter that runs on all messages (or all New message, or all
New messeages with attachments) that passes the message to your
script. The script should write a tmp file, run clamav, parse the
output, and set its return code based on the clamav output. Either
use a 3rd party app to notify you of a potential virus (Growl?) or
have alpine auto-file the message to a maybe-virus folder.

-k.
Post by David Prager Branner
Dear Ken,
Thanks for your replies.
I haven't learned to use procmail yet, but am definitely intent on doing so
when I have some time. At the moment, I simply run Alpine locally and gmail
does everything else. Somehow or other, the messages in question got
through gmail's normally excellent filters, which is why I suspect they may
be false positives. My interest in using ClamAV is that I may not always be
using gmail.
As for the specifics you mention, I suppose it would be less trouble to
scan messages as they are saved locally. I know that gmail isn't always
cooperative about remote access, so this would probably save some
bandwidth. But I'll be glad to follow your suggestions as to the most
efficient thing to do.
- dpb
Post by Ken Mankoff
If you are IMAPing doesn't google/gmail do virus scanning? If you are
fetching, then the solution is found by linking procmail to clamav, not
alpine to clamav.
Or, more specifics would help. Do you want alpine to make clamav scan a
remote IMAP message on the gmail servers, or scan a message as it is saved
to the local folder but before that folder is modified?
-k.
I am using Alpine 2.00 on Ubuntu 10.04.3 to access accounts on
smtp.gmail.com, with great satisfaction. I have two questions.
1. Recently I discovered that the antivirus software ClamAV has identified
a virus — perhaps a false positive — in one of the "folder" files that
Alpine saves messages to on my server. I'm unable to locate the offending
text or code manually, and am wondering if Alpine can be configured to work
with ClamAV to identify a specific message in a "folder" more precisely.
2. A related question is whether it is possible to configure Alpine to
scan incoming mail using ClamAV as it arrives, rather than when it is saved
to disk.
I find no references to "clamav" in the archives of this list.
Thanks for your help.
Sincerely,
David Branner
brannerchinese.com
_______________________________________________
Pine-info mailing list
http://mailman2.u.washington.edu/mailman/listinfo/pine-info
Loading...