Scanning email as it arrives

Discussions relating to ClamXav

Moderator: Mark

Scanning email as it arrives

Postby jow » Mon 11 Jul 2005 6:00 pm

Using Sentry in the preferences and in the Menu Bar, the path to scan emails as they arrive in your inbox is as follows:-
Users/YOUR NAME/Library/Mail/YOUR EMAIL ADDRESS/INBOX.mbox/Messages. Make sure you select the right email address usually it is preceded by POP-. This is using Mac/Apple Mail on a G4/5 RUNNING TIGER 10.4.1. (PLEASE NOTE THIS IS FOR TIGER ONLY).
I have run out of complements for Mark with this programme. There are a few minor teething troubles with version 1.0 but it is an excellent piece of work!!!!!!!!!!
Last edited by jow on Wed 13 Jul 2005 8:27 pm, edited 1 time in total.
jow
 
Posts: 120
Joined: Sat 28 May 2005 9:46 pm

Postby Mark » Wed 13 Jul 2005 12:41 am

Thanks, Jow. Not just for your compliments, but for your help on these forums too. I'm snowed under at the moment, so this is a huge help.
Mark
Site Admin
 
Posts: 1458
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Postby jow » Wed 13 Jul 2005 1:01 pm

No problem Mark, happy to help. What you need is a couple of secretaries!!!!!!
As I said, there are a few minor glitches in version 1.0 but I thought I had better wait until it stops snowing before telling you!!!!!
The "abort scan" not working is probably the biggest, as I found out last weekend, you just have to remember to go to "stop watching" in the sentry menu bar before inserting a disk with a lot of data on it or deselect it in Sentry prefs or wait (2 light years) till it stops scanning (until you fix it) that is.
I'll tell you about the other glitches later, although someone will probably do it for me, before it stops snowing!!!!
I was thinking, with the advent of ClamXav Sentry (brilliant), providing you set the right folders to watch (in my case I have 12), a scheduled scan is probably not needed now, unless I have missed something.
PS. Tiger Cache Cleaner seems to be promoting your ClamXav and so it should.
jow
 
Posts: 120
Joined: Sat 28 May 2005 9:46 pm

Can't get there from here?

Postby bobcollard » Wed 13 Jul 2005 6:17 pm

I tried your way to enter the folder to watch for E-mails and get stopped at my E-mail address. I've tried to open INBOX.mbox to get to Messages and failed. I did a search for Messages and cannot find one cannected to MAIL anywhere. Is it possible to edit the "Folders Being Watched?" I tried that and it would not save.
Bob
Robert Collard
Springfield, IL
bobcollard
 
Posts: 14
Joined: Thu 07 Jul 2005 10:42 pm
Location: Springfield, IL

Postby jow » Wed 13 Jul 2005 7:07 pm

Bob
Sorry but I don't know why you can't find the folder "messages" in the INBOX.mbox as I have just removed that path using "add/remove folders" from the "Sentry Menu Bar". I then added it again using "add/remove folders" in the "Sentry Menu Bar" and then scrolled to "restart watching". No problem, it's working fine. Are you running Tiger 10.4.1 or 2 and using Mac/Apple Mail. If not you may have to use a different path, of that I'm not sure about.
Also double check to make sure it is definitely your current and correct email address you are going to and not an old email address or server, as there is no message folder in them. The INBOX.mbox is a folder under the correct email address and when you open it there are 5 items:-
content_index
Info.plist
mbox
Messages (which is the only folder)
Table_of_contents

:?: :?: :?:
Let me know how you get on.
PS. Just done a search for "Messages" using the apple+f key and about 200 came up. Found the one which is in the path (INBOX.mbox) eventually.
jow
 
Posts: 120
Joined: Sat 28 May 2005 9:46 pm

Different OS, different way it's listed?

Postby bobcollard » Wed 13 Jul 2005 7:54 pm

Sorry, should have designated my OS. I'm running OS 10.3.9 Using Safari Mail and it shows this past my E-mail address:

Deleted Messages.mbox
Drafts.mbox
INBOX.mbox
Junk.mbox
MessageUidsAlreadyDownloaded
Sent Messages.mbox

Anyway, these are not folders, rather they are shown as an "mbox" in kind when looked up using "Get Info", not as folders. My mistake for not paying attention to your OS. Hope this does not confuse other users.
Bob
Robert Collard
Springfield, IL
bobcollard
 
Posts: 14
Joined: Thu 07 Jul 2005 10:42 pm
Location: Springfield, IL

Postby Mark » Wed 13 Jul 2005 8:07 pm

Bob, it might be worth you having a look at this script for scanning mail as it comes in under OS 10.3.9. It wasn't written by me and I've never used it so can't comment on its efficacy, or indeed how to use it, but you may as well give it a shot and see if it helps you.
Mark
Site Admin
 
Posts: 1458
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Postby jow » Wed 13 Jul 2005 8:30 pm

I have edited and made it more clearer in this post that it is FOR TIGER 10.4x ONLY.
Good old 10.3.9, those were the days when everything ran much smoother and less trouble than Tiger.
jow
 
Posts: 120
Joined: Sat 28 May 2005 9:46 pm

Mark and jow, thanks for your patience.

Postby bobcollard » Wed 13 Jul 2005 8:43 pm

Mark I entered the script and it took it without a hitch. Now let's see if it works, I should get another E-mail telling me the last message from jow is in, so I will try it: Yes, it works for me! Thanks guys, another satisfied customer, if it were so easy for them all, hey?
Bob
Robert Collard
Springfield, IL
bobcollard
 
Posts: 14
Joined: Thu 07 Jul 2005 10:42 pm
Location: Springfield, IL

Postby Moldarin » Fri 22 Jul 2005 2:35 am

:!: Sentry sometimes abort regular scans.

I use ClamXav Sentry to scann my incomming emails, and have noticed that if I have a regular scainng in ClamXav in progress than the scann in ClamXav sometimes get abortet when Sentry starts scanning.

If I eg. scann a single .rar archive and recives an email at the same time, the regular scann (in ClamXav) aborts. Or, it don't aborts; it's just stops scanning. It don't tell me anything, but the scann clearly have stopped.

I have reproduced it sometimes, butI can't reproduce it everytime I try.
Moldarin
 
Posts: 10
Joined: Sat 09 Jul 2005 7:33 am
Location: Lillehammer, Norway

"Thank You"

Postby Cary » Sat 23 Jul 2005 2:18 pm

Greetings!

Well, I guess you ALL deserve superlative on doing a GREAT job teaching me. I appreciate it.
I was a "johnnie Apple seed" for
Tiger and use the VO feature
occationally when I have the strenght to listen to my computer.

A lot, needs to be automated for me. I am glad to be able to participate. Recently, I e-mail
Mark Allan with the CORRECT update of the address etc. for the
"FREE SOFTWARE FOUNDATION, INC." located in Boston,MA USA/
It is very close to me. I hope he received it by now.

Anyway, here is the e-mail sent
for other to know too. For it appears after you download and execute the clamXav. I am sure
you qualified people undersand what I am talking about. So, here we go. Realize I am only being courteous and hopefully helpful.

Greetings!

Recently, I was on .MAC and decided to download and try clamav as Virex for Tiger 10.4.2 is NOT available.
I like this GNU too as I am learning. As I was performing the necessary tasks I noticed and called the below
place. It is right near me in Boston, Massachusetts. So,
I called and got their NEW address for those wonderful people like you to up-date the address etc. This was done out of courtesy. I hope it helps you.
I DO NOT know how to get this e-mail and information to a Mark Allen, a Scottish Software Engineer who
supposed wrote calamav too. So, your help in informing him would be appreciated.

OLD++++++++++++++++++++++++++++++++++++++

GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.

++++++++++++++++++++++++++++++++++++++++++++++
New location. So, need to update ALL free software too.

Free Software Foundation, Inc.
51 Franklin Street, 5th floor
Boston, MA 02110

telephone: 617.542.5942
Appreciative,
Cary
http://ADAtech.org
Cary
 
Posts: 5
Joined: Sat 23 Jul 2005 1:48 pm
Location: Lowell, MA. USA

Postby Mark » Wed 27 Jul 2005 7:07 pm

Moldarin wrote::!: Sentry sometimes abort regular scans.

I use ClamXav Sentry to scann my incomming emails, and have noticed that if I have a regular scainng in ClamXav in progress than the scann in ClamXav sometimes get abortet when Sentry starts scanning.

If I eg. scann a single .rar archive and recives an email at the same time, the regular scann (in ClamXav) aborts. Or, it don't aborts; it's just stops scanning. It don't tell me anything, but the scann clearly have stopped.

I have reproduced it sometimes, butI can't reproduce it everytime I try.


I haven't managed to reproduce this myself yet, but I'll keep trying and let you know how I get on.
Mark
Site Admin
 
Posts: 1458
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Postby Extensor » Sun 11 Sep 2005 1:45 am

Hi Mark,

First thanks for making this available to us. :)

I'm set up to scan emails as they come in. That seems to work fine. My question is. What do I do when a virus is detected? How do I know which email it is? And if i can't tell which email is infected then what is the purpose?

I have tried the method of using the string to search but I come up with nothing each time.

I am not an OS X programmer (I play one on television) but isn't there a way to at least list the message subject of each infected file?
Extensor
 
Posts: 1
Joined: Sun 11 Sep 2005 1:40 am

Scanning email on arrival - Entourage?

Postby JohnCunningham » Fri 23 Sep 2005 12:29 am

Is there a way to pipe incoming mail through ClamAV before it is received by my mail program?

I use Entourage, and I'd like to scan email as it arrives. As I understand it, all email received goes straight into the Database file. I could tell ClamAV to watch the folder containing that file, but scanning a large database seems an inefficient way to watch incoming mail, plus I gather from other posts that the infected email is not individually identified.

What I'd like to do is to grab a new email, pass it through ClamAV, then through POPFile (my spam filter), before letting Entourage get its hands on the email.

Any ideas how I might approach this?
TIA
John
JohnCunningham
 
Posts: 2
Joined: Fri 23 Sep 2005 12:14 am

Entourage - found a solution...

Postby JohnCunningham » Mon 26 Sep 2005 3:30 am

OK, after a bit of digging & experimenting, I've found a way to get clamav & Entourage playing nicely. I installed Darwinports, and then the darwinports port of POP3proxy.

I then had to mess with the various arguments & port assignments to get Entourage to ask POPFile for mail, and get POPFile to pass on the request to POP3Proxy, which got the mail from my mail server and passed it through clamd (the -z argument) before passing it back to POPFile.

The final step was to get launchd to start clamd and POP3Proxy on login, using launchd .plist files, created with the help of Launchd Editor. I'm running Tiger, but if you're running an earlier OS, you'll need to choose a method appropriate to your system, e.g. StartupItem.

I guess that I'm not technically using ClamXav, so apologies for this being slightly off-topic as a result. I am however using the clamd installed by ClamXav, so I have the solution above running happily alongside ClamXav which is keeping an eye on download folders, etc..

Hope this helps somebody.
John
JohnCunningham
 
Posts: 2
Joined: Fri 23 Sep 2005 12:14 am

Next

Return to ClamXav

Who is online

Users browsing this forum: No registered users

cron