Clamassassin wrapper script for Evolution and Sylpheed
While viruses on Linux are rare, I have always found it a sensible precaution to scan incoming messages for malware. It helps me weed out the occasional Windows virus that gets sent my way and keeps me from forwarding malicious attachments to friends. A common feature to most antivirus software for Windows, email scanning can be easily set up for most email clients on Linux. Plugins for ClamAV are available for Thunderbird (here) and Claws Mail (here), so set-up is fairly straightforward here, but the same functionality can be added to Evolution and Sylpheed by use of a simple bash script.
Note that you will need to have the necessary packages installed (sudo apt-get install clamtk clamassassin clamav-daemon clamav-testfiles clamav-docs
) in all cases. Experts may also want to configure the ClamAV daemon (sudo dpkg-reconfigure clamav-base
) for faster access to ClamAV, but this is beyond the scope of this post. Note that you can test the filter by sending yourself a ClamAV test file, which can be found in /usr/share/clamav-testfiles
.
Evolution
Create a file clamassassin-wrapper.sh
with the following content in your home directory and make it executable:
#!/bin/sh
RESULT=$(clamassassin - | grep "X-Virus-Status")
if [ "$RESULT" = "X-Virus-Status: Yes" ]
then
zenity --warning --title="Threat detected" --text="Threat detected:\n$RESULT"
exit 1 #return 1
fi
exit 0 #return 0
Open Evolution and set up the filter: Edit –> Message Filters –> Incoming: Add
Name: clamassassin-wrapper
If all conditions are met: Pipe to programme: ~/clamassassin-wrapper.sh
does not return: 0
Then: Define what you want to do with an infected message here, e.g. move it to the Trash
Sylpheed
Things work pretty much the same with Sylpheed. Create a file clamassassin-wrapper.sh
in your home directory with the following content and make it executable:
#!/bin/sh
if [ $# -eq 1 ]
then
RESULT=$(clamassassin < $1 | grep "X-Virus-Status")
if [ "$RESULT" = "X-Virus-Status: Yes" ]
then
zenity --warning --title="Threat detected" --text="Threat detected:\n$RESULT"
exec false #return 1
fi
fi
exec true #return 0
Open Sylpheed and set up a new filter: Configuration –> Filters, choose to add a new filter with the following parameters:
Name: clamassassin-wrapper
If all of the following conditions match: Result of command: /home/<your user name>/clamassassin-wrapper.sh
Perform the following actions: Define what you want to do with an infected message