Procmail with clamd and spamassassin

Posted on Wednesday May 4th, 2016

Assuming you have clamav installed (with clamd running) and spamassassin the following can be added to your ~/.procmailrc file to include filtering for spam and virus.

The specifics for spam filtering are as follows

# By using the f and w flags and no condition, spamassassin is going add the
# X-Spam headers to every single mail, and then process other recipes.
# No lockfile is used.
:0fw
| /usr/bin/vendor_perl/spamassassin

# Messages with a 5 stars or higher spam level are going to be deleted
# And since we never touch any inbox, no lockfile is needed.
:0
* ^X-Spam-Level: \*\*\*\*\*
/dev/null

# If a mail with spam-status:yes was not deleted by the previous line, it
# could be a false positive. So its sent to a spam mailbox instead.
# Since we do not want the possibility of one procmail instance messing with
# another procmail instance, we use a lockfile
:0:
* ^X-Spam-Status: Yes
$MAILDIR/Spam

Once the spam has been reduced, we can then scan for viruses (which adds processor overhead) to atttempt to be efficient

# We will scan the mail with clamdscan using the standard input, and saving
# the result in the AV_REPORT variable
AV_REPORT=`clamdscan --stdout --no-summary - | sed 's/^stream: //'`

# The VIRUS variable will store a simple Yes or No dependant upon whether a
# virus was found or not - indicated by the word 'FOUND' in AV_REPORT
VIRUS=`echo $AV_REPORT|sed '/FOUND/ { s/.*/Yes/; q  };  /FOUND/  !s/.*/No/'`

# Use formail to write new email headers to indicate the scan report and if
# a virus was identified
:0fw
| formail -i "X-Virus: $VIRUS" -i "X-Virus-Report: $AV_REPORT" 

# Move the infected email to a seperate location (or delete if preferred)
:0fw
* ^X-Virus: Yes
$MAILDIR/Virus