#!/bin/sh

# This is an example script for the AVWRAP interface to MailStripper.

# Permission is hereby granted for anyone to modify this script as they
# see fit for their requirements. It is effectively in the public domain.

FNAME=$1

# We're only interested in content types that have a Win32 executable.
# Many viruses lie about their type, but can't lie about their extension.
LINE=`grep -E -i '^content-type:.*\.(bat|cmd|com|exe|pif|scr|vbs)' $FNAME | head -1`

# If nothing is found, exit cleanly with no output.
if [ "x$LINE" = "x" ]; then
  exit 0
fi

# MailStripper looks for output starting with "Infection:", so supply the
# report appropriately formatted.
echo "Infection: Win32 executable, `echo $LINE | sed 's/.*name=/name=/'`"

# Exit cleanly.
exit 0
