Hello,

 

We are using a remote mail server by a 3rd party who don’t have the best A/V detection, so we want to scan incoming mails via the OTRS system. From a look at the docs, I believe we want to use the technique used by spam assassin  at the bottom of this page: http://doc.otrs.org/3.0/en/html/email-receiving.html

 

The problem is, I cannot get clamdscan to return whatever OTRS expects for it to ignore the email. Here is my setup from Config.pm:

 

        $Self->{'PostMaster::PreFilterModule'}->{'1-ClamAV'} = {

          Module => 'Kernel::System::PostMaster::Filter::CMD',

          CMD => '/usr/bin/clamdscan --stdout -| grep “FOUND”',

          Set => {

          'X-OTRS-Ignore' => 'yes',

        },

    };

 

Assuming it is a stream, the output of the command is:

$ cat eicar.com.txt | clamdscan --stdout - | grep FOUND

stream: Eicar-Test-Signature FOUND

 

Unfortunately, nothing happens and the mails make it into OTRS with a test-virus attached. I have tried changing the ‘CMD’ to a few different things (e.g. using clamscan instead), but no luck so far. I am sure OTRS is passing something to this command, as if I change it to “CMD => '/usr/bin/clamdscan”, then no tickets are created and I see this in the logs:

 

Sep 27 11:50:02 <server> OTRS-CGI-10[29783]: [Notice][Kernel::System::PostMaster::Filter::CMD::Run] Set param 'X-OTRS-Ignore' to 'yes' because of '/files/otrs/bin/cgi-bin: OK ' (Message-ID: <12345@host>)

 

Has anyone done anything like this before? Any ideas what syntax I can use in the CMD? Any help is appreciated.

 

Regards,

Pierce.

 

 

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.