summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-11-20 05:59:45 +0000
committerStef Walter <stef@memberwebs.com>2004-11-20 05:59:45 +0000
commit7db7fe89692e4be2802788c678e1b7f38cf5c36d (patch)
tree227a77b6f7c3f36dd7e52b456b69151db90bd1a9 /scripts
parent263b752d211d211f39a094f69e39d29c33ca70b9 (diff)
Added the sample virus_action.sh script to the distribution
Diffstat (limited to 'scripts')
-rw-r--r--scripts/virus_action.sh48
1 files changed, 48 insertions, 0 deletions
diff --git a/scripts/virus_action.sh b/scripts/virus_action.sh
new file mode 100644
index 0000000..b41f993
--- /dev/null
+++ b/scripts/virus_action.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+#
+# By using variables passed in from clamsmtpd in file
+# manipulation commands without escaping their contents
+# you are opening yourself up to REMOTE COMPROMISE. You
+# have been warned. Do NOT do the following unless you
+# want to be screwed big time:
+#
+# mv $EMAIL "$SENDER.eml"
+#
+# An attacker can use the above command to compromise your
+# computer. The only variable that is guaranteed safe in
+# this regard is $EMAIL.
+#
+# The following script does not escape its variables
+# because it only uses them in safe ways.
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+# A sample script for virus actions. When testing make sure
+# everything can run as the clamav (or relevant) user.
+
+file="/path/to/virus.log"
+dir="/path/to/quarantine/"
+
+exec 1>>$file
+exec 2>>$file
+
+
+# Add some fun log lines to the log file
+
+echo "-------------------------------------------------------"
+echo Sender $SENDER
+echo Recipients $RECIPIENTS
+echo Virus $VIRUS
+echo "-------------------------------------------------------"
+
+
+# Move the virus file to another directory
+# This only works if Quarantine is enabled
+
+if [ -n "$EMAIL" ]; then
+ mv "$EMAIL" "$dir"
+fi
+