Clamassassin wrapper script for Evolution and Sylpheed

April 18, 2013

While viruses on Linux are rare, I have always found it a sensible precaution to scan incoming messages for malware. It helps me weed out the occasional Windows virus that gets sent my way and keeps me from forwarding malicious attachments to friends. A common feature to most antivirus software for Windows, email scanning can be easily set up for most email clients on Linux. Plugins for ClamAV are available for Thunderbird (here) and Claws Mail (here), so set-up is fairly straightforward here, but the same functionality can be added to Evolution and Sylpheed by use of a simple bash script.

Note that you will need to have the necessary packages installed (sudo apt-get install clamtk clamassassin clamav-daemon clamav-testfiles clamav-docs) in all cases. Experts may also want to configure the ClamAV daemon (sudo dpkg-reconfigure clamav-base) for faster access to ClamAV, but this is beyond the scope of this post. Note that you can test the filter by sending yourself a ClamAV test file, which can be found in /usr/share/clamav-testfiles.

Evolution

Create a file clamassassin-wrapper.sh with the following content in your home directory and make it executable:

#!/bin/sh
RESULT=$(clamassassin - | grep "X-Virus-Status")
if [ "$RESULT" = "X-Virus-Status: Yes" ]
then
  zenity --warning --title="Threat detected" --text="Threat detected:\n$RESULT"
  exit 1 #return 1
fi
exit 0 #return 0

Open Evolution and set up the filter: Edit –> Message Filters –> Incoming: Add

Name: clamassassin-wrapper If all conditions are met: Pipe to programme: ~/clamassassin-wrapper.sh does not return: 0 Then: Define what you want to do with an infected message here, e.g. move it to the Trash

Sylpheed

Things work pretty much the same with Sylpheed. Create a file clamassassin-wrapper.sh in your home directory with the following content and make it executable:

#!/bin/sh
if [ $# -eq 1 ]
then
  RESULT=$(clamassassin < $1 | grep "X-Virus-Status")
  if [ "$RESULT" = "X-Virus-Status: Yes" ]
  then
    zenity --warning --title="Threat detected" --text="Threat detected:\n$RESULT"
    exec false #return 1
  fi
fi
exec true #return 0

Open Sylpheed and set up a new filter: Configuration –> Filters, choose to add a new filter with the following parameters:

Name: clamassassin-wrapper If all of the following conditions match: Result of command: /home/<your user name>/clamassassin-wrapper.sh Perform the following actions: Define what you want to do with an infected message