[Mimedefang] Patch against MIMEDefang 2.49 to support Hauri antivirus
Cristian Othon Martinez Vera
cfuga at itam.mx
Thu Dec 2 18:37:07 EST 2004
Hauri (http://www.globalhauri.com/) is an antivirus South-Korean company.
It sells some antivirus products which runs under Linux and Solaris, and
it happens that my current employer uses them.
I've tested two of their products: GatewayWall and AdvanceServer. By
default, both products are installed in /usr/local/ViRobot. At this
directory, it is also installed a command line utility, named 'virobot'.
This utility returns the following values when it checks for virus:
0 - No virus found
1 - Virus found
255 - Suspicious file(s) found OR temporary failure. Yes, I know, it
sucks.
This patch adds support for MIMEDefang 2.49 to use 'virobot' to
filter virus. It modifies two files: configure.in, which adds the
'--disable-hauri' option to configure; and mimedefang.pl.in, including
three routines: entity_contains_virus_hauri(),
message_contains_virus_hauri(), and interpret_hauri_code(). These routines
are based on *_contains_virus_trend() and interpret_trend_code().
Please, CC'd me if you have any comments about this patch, because I'm
not subscribed to this list.
Best regards
--
__(o< | Nombres/Names: Cristian Othón | cfuga at itam.mx
\/|/ | Apellidos/Last Names: Martínez Vera | http://cfuga.net/
/_/_ | | http://linuxppp.com/
| "Pulchrum est paucorum hominum" - Horace
diff -uNr mimedefang-2.49.orig/configure.in mimedefang-2.49/configure.in
--- mimedefang-2.49.orig/configure.in 2004-10-29 09:56:52.000000000 -0500
+++ mimedefang-2.49/configure.in 2004-12-02 17:17:03.772481387 -0600
@@ -518,8 +518,9 @@
AC_ARG_ENABLE(nvcc, [ --disable-nvcc Do not include support for Nvcc], ac_cv_nvcc=$enableval, ac_cv_nvcc=yes)
AC_ARG_ENABLE(clamd, [ --disable-clamd Do not include support for clamd], ac_cv_clamd=$enableval, ac_cv_clamd=yes)
AC_ARG_ENABLE(trophie, [ --disable-trophie Do not include support for Trophie], ac_cv_trophie=$enableval, ac_cv_trophie=yes)
+AC_ARG_ENABLE(hauri, [ --disable-hauri Do not include support for Hauri GatewayWall/AdvanceServer], ac_cv_hauri=$enableval, ac_cv_hauri=yes)
-ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin"
+ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin:/usr/local/ViRobot"
if test "$ac_cv_antivirus" = "yes"; then
if test "$ac_cv_antivir" = yes; then
@@ -596,6 +597,10 @@
if test "$ac_cv_trophie" = yes; then
AC_PATH_PROG(TROPHIE, trophie, /bin/false, $ANTIVIR_PATH)
fi
+
+ if test "$ac_cv_hauri" = yes; then
+ AC_PATH_PROG(HAURI, virobot, /bin/false, $ANTIVIR_PATH)
+ fi
fi
test -z "$HBEDV" && HBEDV=/bin/false
@@ -616,6 +621,7 @@
test -z "$NVCC" && NVCC=/bin/false
test -z "$CLAMD" && CLAMD=/bin/false
test -z "$TROPHIE" && TROPHIE=/bin/false
+test -z "$HAURI" && HAURI=/bin/false
if test "$ac_cv_debugging" = yes ; then
ENABLE_DEBUGGING=-DENABLE_DEBUGGING
@@ -956,6 +962,17 @@
GOT_VIRUS_SCANNER=1
fi
+ if test "$HAURI" = "/bin/false" ; then
+ if test "$ac_cv_hauri" != "yes" ; then
+ echo "HAURI 'hauri' NO (Disabled by configure command)"
+ else
+ echo "HAURI 'hauri' NO (not found)"
+ fi
+ else
+ echo "HAURI 'hauri' YES - $HAURI"
+ GOT_VIRUS_SCANNER=1
+ fi
+
fi
if test "$GOT_VIRUS_SCANNER" = "0" ; then
diff -uNr mimedefang-2.49.orig/mimedefang.pl.in mimedefang-2.49/mimedefang.pl.in
--- mimedefang-2.49.orig/mimedefang.pl.in 2004-11-29 08:27:08.000000000 -0600
+++ mimedefang-2.49/mimedefang.pl.in 2004-12-02 17:07:15.435203225 -0600
@@ -120,6 +120,7 @@
$Features{'Virus:TREND'} = ('@TREND@' ne '/bin/false' ? '@TREND@' : 0);
$Features{'Virus:TROPHIE'} = ('@TROPHIE@' ne '/bin/false' ? '@TROPHIE@' : 0);
$Features{'Virus:CSAV'} = ('@CSAV@' ne '/bin/false' ? '@CSAV@' : 0);
+$Features{'Virus:HAURI'} = ('@HAURI@' ne '/bin/false' ? '@HAURI@' : 0);
$Features{'Path:SENDMAIL'} = '@SENDMAILPROG@';
$Features{'Path:QUARANTINEDIR'} = '@QDIR@';
@@ -4641,6 +4642,85 @@
return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
}
+#***********************************************************************
+# %PROCEDURE: entity_contains_virus_hauri
+# %ARGUMENTS:
+# entity -- a MIME entity
+# %RETURNS:
+# 1 if entity contains a virus as reported by Hauri virobot
+# %DESCRIPTION:
+# Runs the hauri program on the entity.
+#***********************************************************************
+sub entity_contains_virus_hauri ($) {
+ unless ($Features{'Virus:HAURI'}) {
+ md_syslog('err', "$MsgID: HAURI virobot not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ my($entity) = @_;
+ my($body) = $entity->bodyhandle;
+
+ if (!defined($body)) {
+ return (wantarray ? (0, 'ok', 'ok') : 0);
+ }
+
+ # Get filename
+ my($path) = $body->path;
+ if (!defined($path)) {
+ return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+ }
+
+ # Run virobot
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d $path 2>&1", "Detected ");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_hauri_code($code) : $code);
+}
+
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_hauri
+# %ARGUMENTS:
+# Nothing
+# %RETURNS:
+# 1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+# Runs the Hauri virobot program on the working directory
+#***********************************************************************
+sub message_contains_virus_hauri () {
+ unless ($Features{'Virus:HAURI'}) {
+ md_syslog('err', "$MsgID: HAURI virobot not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ # Run virobot
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d ./Work/ 2>&1", "Detected ");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_hauri_code($code) : $code);
+}
+
+sub interpret_hauri_code ($) {
+ my($code) = @_;
+
+ # OK
+ return ($code, 'ok', 'ok') if ($code == 0);
+
+ # virus found
+ if ($code == 1) {
+ $VirusName = $1
+ if ($CurrentVirusScannerMessage =~ m/Detected \[(\S+)\]/);
+ $VirusName = "unknown-Hauri-virus" if $VirusName eq "";
+ return ($code, 'virus', 'quarantine');
+ }
+
+ # Anything else shouldn't happen
+ return ($code, 'swerr', 'tempfail');
+}
+
#***********************************************************************
# %PROCEDURE: run_virus_scanner
More information about the MIMEDefang
mailing list