#!/usr/bin/perl
#
################################################################################
#                                                                              #
# clamscan-procfilter.pl, v. 0.2                                               #
#                                                                              #
#  A G Basile <blueness@virtualblueness.net> : April 1, 2004                   #
#  Released under the GPL                                                      #
#                                                                              #
# A procmail filter for clamscan to work in conjunction with /etc/procmailrc.  #
# A new email field, X-CLAMAV, with all the viruses found is generated in the  #
# email header.                                                                #
#                                                                              #
# The following two recipes show how you might use this code with procmail     #
#                                                                              #
#   :0fw: virus1.lock                                                          #
#   |/usr/local/bin/clamscan-procfilter.pl                                     #
#                                                                              # 
#   :0fw: virus2.lock                                                          # 
#   * ^X-CLAMAV                                                                #
#   |/usr/bin/formail -i "Subject: [CLAMAV VIRUS ALERT]"                       #
#                                                                              #
# The first recipe marks the email with the X-CLAMAV field if a virus is       #
# found.  This recipe is necessry. The second recipe acts if the email is      #
# marked.  You can choose the action you like.  The above just rewrites the    #
# subject line so the user knows a virus was found.                            #
#                                                                              #
# Note: the recipees assume you've copied this file to /usr/local/bin          #
#                                                                              #
################################################################################
#
# Where are your binaries?
#
$MKTEMP='/bin/mktemp' ;
$CLAMSCAN='/usr/local/bin/clamscan' ;
$FORMAIL='/usr/bin/formail' ;

#
# Read in the email from stdin
#
@file = <> ;

#
# Create/open a temp file for the output of clamscan
#
$TMPFILE=`$MKTEMP /tmp/clamtemp.XXXXXX` ;
chomp $TMPFILE ;
open  CLAM, "|$CLAMSCAN --stdout - > $TMPFILE" ;
print CLAM @file ;
close CLAM ;

#
# See if a virus was reported in the output of clamscan
# If so, then create a $virusline
#
open TMP1, "<$TMPFILE" ;
while ( <TMP1> ) {
	if ( $_ =~ /FOUND/ ) {
		@columns = split( / /, $_ ) ;
		if ( $virusline ) {
			$virusline .= " $columns[1]" ;
		} else {
			$virusline = "X-CLAMAV: $columns[1]" ;
		}
	}
}
close TMP ;
unlink $TMPFILE ;

#
# Rewrite the email with the virusline, if it exists
# Otherwise, just print out the file as it was received
#
if ( $virusline ) {
	$TMPFILE=`$MKTEMP /tmp/mailtemp.XXXXXX` ;
	chomp $TMPFILE ;
	open  FORM, "|$FORMAIL -a \"$virusline\" > $TMPFILE" ;
	print FORM @file ;
	close FORM ;

	open TMP2, "<$TMPFILE" ;
	@file=<TMP2> ;
	close TMP2 ;
	unlink $TMPFILE ;
}

print @file ;