LOGFILE=/var/log/procmail.log
DROPPRIVS=yes

# Delete all messages with dangerous attachments, as long as below a certain size
# Note: Whitespace in [   ] in regex below comprises a space and a tab character
:0
* < 256000
* ! ^Content-Type: text/plain
{
   :0B
   * ^(Content-(Type|Disposition):.*|[    ]*(file)?)name=("[^"]*|[^ ]*)\.(bat|cmd|com|exe|js|pif|scr)
   /dev/null
}

# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
#
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
#
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw
* < 256000
| spamc

# Delete messages with very high spam level
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/dev/null

# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "
 
  :0 fhw
  | sed -e '1s/^/F/'
}

# if it wasn't deleted in one of the above rules  Scan everything else for viruses
:0
VIRUS=|clamdscan --disable-summary --stdout -

:0fw
* VIRUS ?? ^.*: \/.* FOUND
| formail -b -f -t -I "X-Clamav-Status: Yes, $MATCH"

:0Efw
| formail -b -f -t -I "X-Clamav-Status: Virus Free"