# procmail rule just isnt working ? [solved]

## GenTimJS

From a users .procmailrc

```

#Use ClamAV to scan for viruses

:0

* multipart

{

VIRUS=`clamscan --disable-summary --stdout -`

:0 Di

* VIRUS ?? FOUND

$HOME/.maildir/.spam/new

#/dev/null

#mail/virus

}

#:0fw

#/usr/bin/spamc -s 256000

:0fw

* < 256000

| spamassassin

# Mails with a score of 15 or higher are almost certainly spam (with 0.05%

# false positives according to rules/STATISTICS.txt). Let's put them in a

# different mbox. (This one is optional.)

:0:

* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

/dev/null

:0:

* ^X-Spam-Status: Yes

$HOME/.maildir/.spam/new

:0:

* ^X-Spam-Flag: YES

$HOME/.maildir/.spam/new

:0c

* ^X-Spam-Status: No

! user@mycingular.blackberry.net

# Work around procmail bug: any output on stderr will cause the "F" in "From"

# to be dropped.  This will re-add it.

:0 H

* ! ^From[ ]

* ^rom[ ]

{

  LOG="*** Dropped F off From_ header! Fixing up. "

  :0 fhw

  | sed -e 's/^rom /From /'

}

:0 h c

* !^FROM_DAEMON

* !^X-Loop: user@domain.com | (formail -r -I"Precedence: junk" \

 -A"From: user@domain.com" ; \

 -A"X-Loop: user@domain.com" ; \

 echo "Out of office message here") | /usr/sbin/sendmail  -t

MAILDIR=$HOME/.maildir

DEFAULT=$HOME/.maildir/new

LOGFILE=$HOME/.maildir/proc.log

```

Its the last argument starting with :0 h c , the out of office responder, which isnt working.

Mail is delivered to user mailbox, proc.log confirms it, but sender gets no reply.

THoughts?

EDIT: needed to put a new-line before the pipe in the last argument.

----------

## Cr0t

I added this to my .promailrc file, however I want the .spam folder to be visible. I renamed the folder to SPAM and changed the config file accordingly.

```
 Subject: test check

  Folder: /home/ebay/.maildir/new/1164616204.13738_0.fileserver            1100

From ebay  Mon Nov 27 00:33:49 2006

 Subject: test clean

  Folder: /home/ebay/.maildir/SPAM/new/msg.chE                             1620
```

However how do I add this folder so that I can see it in the mail folder?

----------

## figueroa

I was looking through the forums looking for an elegant way to call clamav from procmail before submitting mail to spamassassin.  I found this here:

```
#Use ClamAV to scan for viruses

:0

* multipart

{

VIRUS=`clamscan --disable-summary --stdout -`

:0 Di

* VIRUS ?? FOUND

$HOME/.maildir/.spam/new

#/dev/null

#mail/virus

} 
```

I copied this, concerned that I hadn't found anything quite like this elsewhere.  But, I emerged clamav and tried it, modifying the procmail entry to read:

```

MAILDIR=$HOME/.maildir/

##Use ClamAV to scan for viruses

:0

* multipart

{

VIRUS=`clamscan --disable-summary --stdout -`

:0 Di

* VIRUS ?? FOUND

.viruses/

#/dev/null

#mail/virus

}
```

Mainly where the home maildir is defined at the head of the .procmail and the defined action is ".viruses/" maildir under the home maildir.  That seemed to me to be a more elegant and possibly correct solution than defining the entire path for delivery of mail where a virus is detected than calling out the entire path, i.e. "$HOME/.maildir/.spam/new"

I also tested other parts of the script, since I didn't find things like --disable-summary in the documentation.  Finally, I also tested clamscan and clamdscan, noting that from the commandline that clamdscan was a quantum leap faster than clamscan.

Finally, I tested the new procmail entry as written and with clamdscan substituting for clamscan (after starting clamd) and found that they both seemed functionally identical except that using clamdscan mail was processed faster when sending myself email with known viruses attached, so that is what is in my resulting script.  I did not test the two commented out lines, leaving  them there as is for future reference.

Bottom line, used this way, clamav seems to be a sound antivirus scanner in conjuction with spamassassin.

----------

## mimosinnet

I have found this suggestion for clamav + procmail:

```
Steven Boger's simple interface to clamdscan 

 Using clamdscan directly from /etc/procmailrc without a special tool like amavis: 

#######################################

# /etc/procmailrc 11/25/2005 Steven S. Boger

# Scan all incoming mail, add the virus name to the subject if

# one is found. make sure you have ScanMail, ScanArchive

# added to your clamd.conf

:0

VIRUS=| clamdscan --no-summary --stdout - | cut -d' ' -f2 -

:0

* VIRUS ?? !^OK

{

  :0

  SUBJECT=| egrep '^Subject:' - | sed -e 's/Subject: //' -

  :0 fw

  | formail -i"Subject: [VIRUS: ${VIRUS}] ${SUBJECT}"

}

#######################################
```

----------

