TechnoToys: scanning for mail viruses with ClamAV under MacOSX
Joseph E. Sacco, Ph.D.
joseph_sacco at comcast.net
Tue May 10 09:26:20 MDT 2005
The Clam AntiVirus software,
runs under MacOSX.
To get a working version there are three choices:
* roll your own,
* download/build using Fink,
* download a package built by Mark Allan
Mail.app, the stock mail program that comes with MacOSX, supports the
creation of mail filters, which Apple calls Rules. One possible action
in a Rule is to invoke an Applescript.
I searched the web for an Applescript that would filter email through
ClamAV, but did not find one. I contacted Mark Allan, the maintainer of
clamXav, and was told that to his knowledge none existed. So..., I wrote
Attached is an Applescript [in text format] that will filter email
through the Clam AntiVirus scanner. Upon detecting infected email:
* subject is prefixed with "***INFECTED***"
* message is tagged as "Junk"
* message is moved to mailbox "Junk"
joseph_sacco [at] comcast [dot] net
-------------- next part --------------
Applescript by Joseph E. Sacco, Ph.D., released under GPL, May 11, 2005
Not responsible for any loss of data or any inaccuracies in processing e-mails.
This is FREEWARE, review and understand the source, use at your own risk!!!
Filter MacOSX email through Clam AntiVirus <http://www.clamav.net> scanner
- subject is prefixed with "***INFECTED***"
- is tagged as "Junk"
- is moved to mailbox "Junk"
- clamAV installed under /usr/local/clamXav
- place clamAVscan.scpt in a known location, e.g. /usr/local/clamXav/bin
- create Rule
Mail -> Preferences->Rules -> Add Rule
If any of the following conditions are met:
Perform the following actions:
Run AppleScript: /usr/local/clamXav/bin/clamAVscan.scpt
This script filters email using the command line utility, clamscan,
which does not communicate with the ClamAV daemon. The tradeoff is
speed verus complexity.
For faster scans:
- configure and run the clamAV daemon
- edit this script, replacing "clamscan" with "clamdscan"
in the "do shell script" command
using terms from application "Mail"
on perform mail action with messages theMessages for rule theRule
tell application "Mail"
repeat with thisMessage in theMessages
set msgSource to source of thisMessage
do shell script "echo " & quoted form of msgSource & "| /usr/local/clamXav/bin/clamscan --quiet --stdout -"
on error errMsg number exitCode
if (exitCode = 1) then
set currentSubject to subject of thisMessage
set subject of thisMessage to "***INFECTED*** " & currentSubject
set junk mail status of thisMessage to true
set accountName to name of account of mailbox of thisMessage
set mailbox of thisMessage to mailbox "Junk" of account accountName
display dialog "Something unexpected has happened to clamAV scan: Exit Code = " & exitCode
display dialog "Error Message:" & errMsg
end perform mail action with messages
end using terms from
More information about the yellowdog-general