[Mimedefang] Trend Micro Filescanner/Interscan support

Stephane Lentz Stephane.Lentz at ansf.alcatel.fr
Mon May 20 17:16:05 EDT 2002


Hi David and other mimedefangers, 

I would like to help to add support for Trend Micro Interscan /
Filescanner (both come with the command scanner /etc/iscan/vscan).
The filescanner is free for personnal use and there is some
evaluation version for Interscan Viruswall which can be 
downloaded at http://www.antivirus.com/download (versions exist
for HP-UX, Linux, Solaris. There is some Milter version available
only for Solaris unfortunately which is called "Sendmail Edition"). 

I started some work to add support for this popular - at least 
in France - antivirus. This is yet alpha code (I need David's
advices on some issue and it's the first time I look at Mimedefang's
internals).

The vscan return codes are a bit tricky (information taken from
the Amavis README.scanners) :

<<
     0: no virus found
     1: virus found
     2: virus found

 I do not have a list of return codes. Consider three files a, b and c.
a and
 b are infected, c is not infected:
 /etc/iscan/vscan /tmp/test/a - return code: 1
 /etc/iscan/vscan -a /tmp/test/* - return code: 2
 /etc/iscan/vscan -a /tmp/test/ - return code: 0 (although two viruses
 were detected)

>>

David, I wonder if I should not use $Work/* instead of $Work in 
mimedefang.pl in the message_contains_virus_trend function, right ? 

I've attached unified diff for mimedefang-2.11 for the configure.in
and mimedefang.pl.in. 


PS : The redhat/sendmail.spec works for Mandrake 8.2 too. It can be 
improved by adding chkconfig comments.
Just one thing that puzzles me : the two directory tests :
if [ -d /var/spool/mimedefang & ! -d /var/spool/MIMEDefang ]; then
if [ -d /var/spool/quarantine & ! -d /var/spool/MD-Quarantine ]; then

shouldn't & be replaced by -a ? 

regards, 

Stephane
---
Stephane Lentz / Alcanet International - Internet Services
-------------- next part --------------
--- configure.in.orig	Mon May 20 21:43:36 2002
+++ configure.in	Mon May 20 22:00:04 2002
@@ -175,9 +175,10 @@
 AC_ARG_ENABLE(antivir,  [  --disable-antivir       Do not include support for H+BEDV antivir], ac_cv_antivir=$enableval, ac_cv_antivir=yes)
 AC_ARG_ENABLE(uvscan,   [  --disable-uvscan        Do not include support for NAI uvscan], ac_cv_uvscan=$enableval, ac_cv_uvscan=yes)
 AC_ARG_ENABLE(sweep,    [  --disable-sweep         Do not include support for Sophos sweep], ac_cv_sweep=$enableval, ac_cv_sweep=yes)
+AC_ARG_ENABLE(trend,    [  --disable-trend         Do not include support for Trend Filescanner/Interscan], ac_cv_trend=$enableval, ac_cv_trend=yes)
 AC_ARG_ENABLE(AvpLinux, [  --disable-AvpLinux      Do not include support for AVP AvpLinux], ac_cv_AvpLinux=$enableval, ac_cv_AvpLinux=yes)
 AC_ARG_ENABLE(fsav, [  --disable-fsav      Do not include support for F-Secure Anti-Virus], ac_cv_fsav=$enableval, ac_cv_fsav=yes)
-ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/local/uvscan:/opt/AVP"
+ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/local/uvscan:/opt/AVP:/etc/iscan"
 if test "$ac_cv_antivir" = yes; then
 	AC_PATH_PROG(HBEDV,  antivir,  /bin/false, $ANTIVIR_PATH)
 else
@@ -196,6 +197,12 @@
 	SOPHOS=/bin/false
 fi
 
+if test "$ac_cv_trend" = yes; then
+	AC_PATH_PROG(TREND, vscan,    /bin/false, $ANTIVIR_PATH)
+else
+	TREND=/bin/false
+fi
+
 if test "$ac_cv_AvpLinux" = yes; then
 	AC_PATH_PROG(AVP,    AvpLinux, /bin/false, $ANTIVIR_PATH)
 else
@@ -357,6 +364,17 @@
     fi
 else
     echo "Sophos 'sweep'       YES - $SOPHOS"
+    GOT_VIRUS_SCANNER=1
+fi
+
+if test "$TREND" = "/bin/false" ; then
+    if test "$ac_cv_trend" != "yes" ; then
+	echo "TREND 'vscan'       NO (Disabled by configure command)"
+    else
+	echo "TREND 'vscan'       NO (not found)"
+    fi
+else
+    echo "TREND 'vscan'       YES - $TREND"
     GOT_VIRUS_SCANNER=1
 fi
 
-------------- next part --------------
--- mimedefang.pl.in.orig	Mon May 20 22:07:33 2002
+++ mimedefang.pl.in	Mon May 20 22:44:16 2002
@@ -63,6 +63,7 @@
 $Features{'Virus:NAI'}      = ("@NAI@" ne "/bin/false" ? "@NAI@" : 0);
 $Features{'Virus:HBEDV'}    = ("@HBEDV@" ne "/bin/false" ? "@HBEDV@" : 0);
 $Features{'Virus:SOPHOS'}   = ("@SOPHOS@" ne "/bin/false" ? "@SOPHOS@" : 0);
+$Features{'Virus:TREND'}   = ("@TREND@" ne "/bin/false" ? "@TREND@" : 0);
 $Features{'Virus:AVP'}      = ("@AVP@" ne "/bin/false" ? "@AVP@" : 0);
 $Features{'Virus:FSAV'}     = ("@FSAV@" ne "/bin/false" ? "@FSAV@" : 0);
 
@@ -1869,7 +1870,7 @@
 # %RETURNS:
 #  1 if any file in the working directory contains a virus
 # %DESCRIPTION:
-#  Runs the Sophos Sweep program on the working directory
+#  Runs the AVP AvpLinux program on the working directory
 #***********************************************************************
 sub message_contains_virus_avp () {
     unless ($Features{'Virus:AVP'}) {
@@ -1918,6 +1919,82 @@
 
     # Corrupt objects found -- treat as suspicious
     return ($code, 'suspicious', 'quarantine') if ($code == 8);
+
+    # Anything else shouldn't happen
+    return ($code, 'swerr', 'tempfail');
+}
+
+#***********************************************************************
+# %PROCEDURE: entity_contains_virus_trend
+# %ARGUMENTS:
+#  entity -- a MIME entity
+# %RETURNS:
+#  1 if entity contains a virus as reported by AVP AvpLinux
+# %DESCRIPTION:
+#  Runs the uvscan program on the entity.
+#***********************************************************************
+sub entity_contains_virus_trend ($) {
+    unless ($Features{'Virus:TREND'}) {
+	syslog('err', "TREND vscan not installed on this system");
+	return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+    }
+
+    my($entity) = @_;
+    my($body) = $entity->bodyhandle;
+
+    if (!defined($body)) {
+	return (wantarray ? (0, 'ok', 'ok') : 0);
+    }
+
+    # Get filename
+    my($path) = $body->path;
+    if (!defined($path)) {
+	return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+    }
+
+    # Run antivir
+    my($code, $category, $action) =
+	run_virus_scanner($Features{'Virus:TREND'} . " -a $path 2>&1");
+    if ($action ne 'proceed') {
+	return (wantarray ? ($code, $category, $action) : $code);
+    }
+    return (wantarray ? interpret_trend_code($code) : $code);
+}
+
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_trend
+# %ARGUMENTS:
+#  Nothing
+# %RETURNS:
+#  1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+#  Runs the Trend vscan program on the working directory
+#***********************************************************************
+sub message_contains_virus_trend () {
+    unless ($Features{'Virus:TREND'}) {
+	syslog('err', "TREND Filescanner or Interscan  not installed on this system");
+	return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+    }
+
+    # Run vscan
+    my($code, $category, $action) =
+	run_virus_scanner($Features{'Virus:Trend'} . " -a ./Work 2>&1");
+    if ($action ne 'proceed') {
+	return (wantarray ? ($code, $category, $action) : $code);
+    }
+    return (wantarray ? interpret_trend_code($code) : $code);
+}
+
+sub interpret_trend_code ($) {
+    my($code) = @_;
+    # From info obtained from:
+    # http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/amavis/amavis/README.scanners
+
+    # OK
+    return ($code, 'ok', 'ok') if ($code == 0);
+
+    # virus found
+    return ($code, 'virus', 'quarantine') if ( ($code == 2) || ($code == 1));
 
     # Anything else shouldn't happen
     return ($code, 'swerr', 'tempfail');


More information about the MIMEDefang mailing list