[Mimedefang] Trend Micro Filescanner/Interscan support
Stephane Lentz
Stephane.Lentz at ansf.alcatel.fr
Mon May 20 17:16:05 EDT 2002
Hi David and other mimedefangers,
I would like to help to add support for Trend Micro Interscan /
Filescanner (both come with the command scanner /etc/iscan/vscan).
The filescanner is free for personnal use and there is some
evaluation version for Interscan Viruswall which can be
downloaded at http://www.antivirus.com/download (versions exist
for HP-UX, Linux, Solaris. There is some Milter version available
only for Solaris unfortunately which is called "Sendmail Edition").
I started some work to add support for this popular - at least
in France - antivirus. This is yet alpha code (I need David's
advices on some issue and it's the first time I look at Mimedefang's
internals).
The vscan return codes are a bit tricky (information taken from
the Amavis README.scanners) :
<<
0: no virus found
1: virus found
2: virus found
I do not have a list of return codes. Consider three files a, b and c.
a and
b are infected, c is not infected:
/etc/iscan/vscan /tmp/test/a - return code: 1
/etc/iscan/vscan -a /tmp/test/* - return code: 2
/etc/iscan/vscan -a /tmp/test/ - return code: 0 (although two viruses
were detected)
>>
David, I wonder if I should not use $Work/* instead of $Work in
mimedefang.pl in the message_contains_virus_trend function, right ?
I've attached unified diff for mimedefang-2.11 for the configure.in
and mimedefang.pl.in.
PS : The redhat/sendmail.spec works for Mandrake 8.2 too. It can be
improved by adding chkconfig comments.
Just one thing that puzzles me : the two directory tests :
if [ -d /var/spool/mimedefang & ! -d /var/spool/MIMEDefang ]; then
if [ -d /var/spool/quarantine & ! -d /var/spool/MD-Quarantine ]; then
shouldn't & be replaced by -a ?
regards,
Stephane
---
Stephane Lentz / Alcanet International - Internet Services
-------------- next part --------------
--- configure.in.orig Mon May 20 21:43:36 2002
+++ configure.in Mon May 20 22:00:04 2002
@@ -175,9 +175,10 @@
AC_ARG_ENABLE(antivir, [ --disable-antivir Do not include support for H+BEDV antivir], ac_cv_antivir=$enableval, ac_cv_antivir=yes)
AC_ARG_ENABLE(uvscan, [ --disable-uvscan Do not include support for NAI uvscan], ac_cv_uvscan=$enableval, ac_cv_uvscan=yes)
AC_ARG_ENABLE(sweep, [ --disable-sweep Do not include support for Sophos sweep], ac_cv_sweep=$enableval, ac_cv_sweep=yes)
+AC_ARG_ENABLE(trend, [ --disable-trend Do not include support for Trend Filescanner/Interscan], ac_cv_trend=$enableval, ac_cv_trend=yes)
AC_ARG_ENABLE(AvpLinux, [ --disable-AvpLinux Do not include support for AVP AvpLinux], ac_cv_AvpLinux=$enableval, ac_cv_AvpLinux=yes)
AC_ARG_ENABLE(fsav, [ --disable-fsav Do not include support for F-Secure Anti-Virus], ac_cv_fsav=$enableval, ac_cv_fsav=yes)
-ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/local/uvscan:/opt/AVP"
+ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/local/uvscan:/opt/AVP:/etc/iscan"
if test "$ac_cv_antivir" = yes; then
AC_PATH_PROG(HBEDV, antivir, /bin/false, $ANTIVIR_PATH)
else
@@ -196,6 +197,12 @@
SOPHOS=/bin/false
fi
+if test "$ac_cv_trend" = yes; then
+ AC_PATH_PROG(TREND, vscan, /bin/false, $ANTIVIR_PATH)
+else
+ TREND=/bin/false
+fi
+
if test "$ac_cv_AvpLinux" = yes; then
AC_PATH_PROG(AVP, AvpLinux, /bin/false, $ANTIVIR_PATH)
else
@@ -357,6 +364,17 @@
fi
else
echo "Sophos 'sweep' YES - $SOPHOS"
+ GOT_VIRUS_SCANNER=1
+fi
+
+if test "$TREND" = "/bin/false" ; then
+ if test "$ac_cv_trend" != "yes" ; then
+ echo "TREND 'vscan' NO (Disabled by configure command)"
+ else
+ echo "TREND 'vscan' NO (not found)"
+ fi
+else
+ echo "TREND 'vscan' YES - $TREND"
GOT_VIRUS_SCANNER=1
fi
-------------- next part --------------
--- mimedefang.pl.in.orig Mon May 20 22:07:33 2002
+++ mimedefang.pl.in Mon May 20 22:44:16 2002
@@ -63,6 +63,7 @@
$Features{'Virus:NAI'} = ("@NAI@" ne "/bin/false" ? "@NAI@" : 0);
$Features{'Virus:HBEDV'} = ("@HBEDV@" ne "/bin/false" ? "@HBEDV@" : 0);
$Features{'Virus:SOPHOS'} = ("@SOPHOS@" ne "/bin/false" ? "@SOPHOS@" : 0);
+$Features{'Virus:TREND'} = ("@TREND@" ne "/bin/false" ? "@TREND@" : 0);
$Features{'Virus:AVP'} = ("@AVP@" ne "/bin/false" ? "@AVP@" : 0);
$Features{'Virus:FSAV'} = ("@FSAV@" ne "/bin/false" ? "@FSAV@" : 0);
@@ -1869,7 +1870,7 @@
# %RETURNS:
# 1 if any file in the working directory contains a virus
# %DESCRIPTION:
-# Runs the Sophos Sweep program on the working directory
+# Runs the AVP AvpLinux program on the working directory
#***********************************************************************
sub message_contains_virus_avp () {
unless ($Features{'Virus:AVP'}) {
@@ -1918,6 +1919,82 @@
# Corrupt objects found -- treat as suspicious
return ($code, 'suspicious', 'quarantine') if ($code == 8);
+
+ # Anything else shouldn't happen
+ return ($code, 'swerr', 'tempfail');
+}
+
+#***********************************************************************
+# %PROCEDURE: entity_contains_virus_trend
+# %ARGUMENTS:
+# entity -- a MIME entity
+# %RETURNS:
+# 1 if entity contains a virus as reported by AVP AvpLinux
+# %DESCRIPTION:
+# Runs the uvscan program on the entity.
+#***********************************************************************
+sub entity_contains_virus_trend ($) {
+ unless ($Features{'Virus:TREND'}) {
+ syslog('err', "TREND vscan not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ my($entity) = @_;
+ my($body) = $entity->bodyhandle;
+
+ if (!defined($body)) {
+ return (wantarray ? (0, 'ok', 'ok') : 0);
+ }
+
+ # Get filename
+ my($path) = $body->path;
+ if (!defined($path)) {
+ return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+ }
+
+ # Run antivir
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:TREND'} . " -a $path 2>&1");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_trend_code($code) : $code);
+}
+
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_trend
+# %ARGUMENTS:
+# Nothing
+# %RETURNS:
+# 1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+# Runs the Trend vscan program on the working directory
+#***********************************************************************
+sub message_contains_virus_trend () {
+ unless ($Features{'Virus:TREND'}) {
+ syslog('err', "TREND Filescanner or Interscan not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ # Run vscan
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:Trend'} . " -a ./Work 2>&1");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_trend_code($code) : $code);
+}
+
+sub interpret_trend_code ($) {
+ my($code) = @_;
+ # From info obtained from:
+ # http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/amavis/amavis/README.scanners
+
+ # OK
+ return ($code, 'ok', 'ok') if ($code == 0);
+
+ # virus found
+ return ($code, 'virus', 'quarantine') if ( ($code == 2) || ($code == 1));
# Anything else shouldn't happen
return ($code, 'swerr', 'tempfail');
More information about the MIMEDefang
mailing list