Clamav milter forward a copy of infected emails

clamavpostfix

I have a working postfix + clamav installation.
How can I configure this to not just quarantene infected emails but if this happens also send a copy of the email to the sysadmins address?

What I found in clamav-milter.conf is:

VirusAction /usr/local/bin/virus.pl
RejectMsg "REJECT - AntiVirus detected: %v"

But virus.pl only generates a virus warning message what's sent back to the client. The script does not get the infected letters message body.

I could easily modify this just to get an alert with the virus-es name to the sysadmins but what I want is that the actual message to be forwarded to us.

Thanks

Best Answer

#clamav-milter.conf
OnInfected Quarantine
VirusAction /usr/local/bin/virus.pl

Extract from clamav-milter.conf man page

  • Quarantine - message is quarantined instead of being delivered. NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ. For Postfix this causes the message to be placed on hold

  • VirusAction /usr/local/bin/virus.pl - Execute a command (possibly searching PATH) when an infected message is found. The following parameters are passed to the invoked program in this order: virus name, queue id, sender,destination, subject, message id, message date.

You can use the queue id passed as an argument in the script to get the actual mail content using postcat -q <queue id> and email the same to your administrator. Hope this helps.

Related Topic