1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
|
#!/bin/sh
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# WARNING WARNING WARNING WARNING WARNING WARNING WARNING
#
# By using variables passed in from clamsmtpd in file
# manipulation commands without escaping their contents
# you are opening yourself up to REMOTE COMPROMISE. You
# have been warned. Do NOT do the following unless you
# want to be screwed big time:
#
# mv $EMAIL "$SENDER.eml"
#
# An attacker can use the above command to compromise your
# computer. The only variable that is guaranteed safe in
# this regard is $EMAIL.
#
# The following script does not escape its variables
# because it only uses them in safe ways.
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# A sample script for virus actions. When testing make sure
# everything can run as the clamav (or relevant) user.
file="/path/to/virus.log"
dir="/path/to/quarantine/"
exec 1>>$file
exec 2>>$file
# Add some fun log lines to the log file
echo "-------------------------------------------------------"
echo Sender $SENDER
echo Recipients $RECIPIENTS
echo Virus $VIRUS
echo "-------------------------------------------------------"
# Move the virus file to another directory
# This only works if Quarantine is enabled
if [ -n "$EMAIL" ]; then
mv "$EMAIL" "$dir"
fi
|