TechnoToys: scanning for mail viruses with ClamAV under MacOSX
[O.T.]
Joseph E. Sacco, Ph.D.
joseph_sacco at comcast.net
Tue May 10 09:26:20 MDT 2005
The Clam AntiVirus software,
http://www.clamav.net
runs under MacOSX.
To get a working version there are three choices:
* roll your own,
* download/build using Fink,
* download a package built by Mark Allan
http://www.markallan.co.uk/clamXav/
Mail.app, the stock mail program that comes with MacOSX, supports the
creation of mail filters, which Apple calls Rules. One possible action
in a Rule is to invoke an Applescript.
I searched the web for an Applescript that would filter email through
ClamAV, but did not find one. I contacted Mark Allan, the maintainer of
clamXav, and was told that to his knowledge none existed. So..., I wrote
one.
Attached is an Applescript [in text format] that will filter email
through the Clam AntiVirus scanner. Upon detecting infected email:
* subject is prefixed with "***INFECTED***"
* message is tagged as "Junk"
* message is moved to mailbox "Junk"
-Joseph
--
joseph_sacco [at] comcast [dot] net
-------------- next part --------------
(*
clamAVscan.scpt
Applescript by Joseph E. Sacco, Ph.D., released under GPL, May 11, 2005
Not responsible for any loss of data or any inaccuracies in processing e-mails.
This is FREEWARE, review and understand the source, use at your own risk!!!
Filter MacOSX email through Clam AntiVirus <http://www.clamav.net> scanner
Infected mail:
- subject is prefixed with "***INFECTED***"
- is tagged as "Junk"
- is moved to mailbox "Junk"
Assumptions:
- clamAV installed under /usr/local/clamXav
Setup:
- place clamAVscan.scpt in a known location, e.g. /usr/local/clamXav/bin
- create Rule
Mail -> Preferences->Rules -> Add Rule
Description: virus-scan
If any of the following conditions are met:
Every Message
Perform the following actions:
Run AppleScript: /usr/local/clamXav/bin/clamAVscan.scpt
Note:
This script filters email using the command line utility, clamscan,
which does not communicate with the ClamAV daemon. The tradeoff is
speed verus complexity.
For faster scans:
- configure and run the clamAV daemon
- edit this script, replacing "clamscan" with "clamdscan"
in the "do shell script" command
*)
using terms from application "Mail"
on perform mail action with messages theMessages for rule theRule
tell application "Mail"
repeat with thisMessage in theMessages
set msgSource to source of thisMessage
try
do shell script "echo " & quoted form of msgSource & "| /usr/local/clamXav/bin/clamscan --quiet --stdout -"
on error errMsg number exitCode
if (exitCode = 1) then
set currentSubject to subject of thisMessage
set subject of thisMessage to "***INFECTED*** " & currentSubject
set junk mail status of thisMessage to true
set accountName to name of account of mailbox of thisMessage
set mailbox of thisMessage to mailbox "Junk" of account accountName
else
display dialog "Something unexpected has happened to clamAV scan: Exit Code = " & exitCode
display dialog "Error Message:" & errMsg
end if
end try
end repeat
end tell
end perform mail action with messages
end using terms from
More information about the yellowdog-general
mailing list