ZDO Corporation

F-Prot is a great Anti-Virus progam for Windows, Linux, and BSD based systems. It is developed by an Icelandic software company, FRISK Software International (FSI). You can check out their official website at http://www.f-prot.com/.

They recently started to provide F-Prot Workstation version for Linux and BSD systems free of charge for home users. You can find out more about it at www.f-prot.com/products/home_use/linux/.

This article will provide you a way to scan your incoming messages using F-Prot automatically on your Linux system.

We will use Procmail and a shell script to connect F-Prot and your MTA. In order to do so, we will need to add a few lines to your .procmail.rc file. Please replace /home/cinar/bin with the actual path where the f-prot-wrapper.sh file is placed.

VERBOSE=off
DIR="/home/cinar/Maildir/"

:0 wf: fprot.lock
| /home/cinar/bin/f-prot-wrapper.sh

:0:
* ^X-Virus: Yes
${DIR}.virus/

:0:
*
${DIR}

Now each incoming message will be scanned for viruses using F-Prot. If a virus is found, a new header, X-Virus, will be added to the infected mail. Procmail will then place these infected messages into .virus directory.

More detailed information about the virus will also added to the mail using the X-Virus-Infection header.

Here is the source code for f-prot-wrapper.sh, please do not forget to give it executable permission after downloading (chmod 755).

#!/bin/bash
#
# @(#)f-prot-wrapper.sh	1.1 04/13/04
#
# Copyright (c) 2004
#      Ali Onur Cinar &060;cinar(a)zdo.com&062;
#
# License:
#
#   Permission  to  use,  copy, modify, and  distribute  this software and its
#   documentation for  non-commercial  purposes  and  without  fee  is  hereby
#   granted,  provided  that the  above  copyright notice appear in all copies
#   and  that both  the  copyright  notice  and  this  permission  notice  and
#   warranty  disclaimer appear in supporting documentation, and that the name
#   of Ali Onur Cinar not be  used  in  advertising or publicity pertaining to
#   distribution of the software without specific, written prior permission.
#
# F-Prot Anti-Virus is the registered trademark of FRISK Software International.
#

formail=/usr/bin/formail                              # path to formail 
fprot=/usr/local/f-prot/f-prot                        # path to f-prot
tmp=/tmp                                              # temporary dir.

pid=$$                                                # get pid
mailFile=${tmp}/fpw-${pid}-mail                       # temp mail file
fprotOut=${tmp}/fpw-${pid}-out                        # temp fprot file

addField ()                                           # adds the given
{                                                     # header to mail
  cat $mailFile | $formail -f -A "$1" > ${mailFile}.1\
   && mv ${mailFile}.1 $mailFile
}

cat > $mailFile                                       # save body

$fprot -server $mailFile > $fprotOut                  # execure f-prot

case "$?" in                                          # based status
 0 ) addField "X-Virus: No"                           # no virus detected
     ;;
 * ) addField "X-Virus: Yes"                          # virus detected

     infection=(`grep Infection: $fprotOut`)          # add information
     addField "X-Virus-Infection: ${infection[@]:2}"  # about the virus
     ;;
esac

programVersion=(`grep 'Program version:' $fprotOut`)  # get program version
engineVersion=(`grep 'Engine version:' $fprotOut`)    # get engine version

addField "X-Virus-AV: F-Prot program\
 ${programVersion[@]:2} / engine\
 ${engineVersion[@]:2}"
addField "X-Virus-FW: f-prot-wrapper.sh\
 1.0 (www.zdo.com/articles/f-prot-wrapper.shtml)"

cat $mailFile                                         # show the mail file

rm $mailFile                                          # clean temporary
rm $fprotOut                                          # files