[Mimedefang] Patch against MIMEDefang 2.49 to support Hauri antivirus

Cristian Othon Martinez Vera cfuga at itam.mx
Thu Dec 2 18:37:07 EST 2004 

  Hauri (http://www.globalhauri.com/) is an antivirus South-Korean company. 
It sells some antivirus products which runs under Linux and Solaris, and 
it happens that my current employer uses them.

  I've tested two of their products: GatewayWall and AdvanceServer. By 
default, both products are installed in /usr/local/ViRobot. At this 
directory, it is also installed a command line utility, named 'virobot'.

  This utility returns the following values when it checks for virus:

  0 - No virus found
  1 - Virus found
  255 - Suspicious file(s) found OR temporary failure. Yes, I know, it 
sucks.

  This patch adds support for MIMEDefang 2.49 to use 'virobot' to 
filter virus. It modifies two files: configure.in, which adds the 
'--disable-hauri' option to configure; and mimedefang.pl.in, including 
three routines: entity_contains_virus_hauri(), 
message_contains_virus_hauri(), and interpret_hauri_code(). These routines 
are based on *_contains_virus_trend() and interpret_trend_code().

  Please, CC'd me if you have any comments about this patch, because I'm 
not subscribed to this list.

 					Best regards
-- 
__(o< | Nombres/Names:        Cristian Othón  | cfuga at itam.mx
\/|/  | Apellidos/Last Names: Martínez Vera   | http://cfuga.net/
/_/_  |                                       | http://linuxppp.com/
       |    "Pulchrum est paucorum hominum"    - Horace


diff -uNr mimedefang-2.49.orig/configure.in mimedefang-2.49/configure.in
--- mimedefang-2.49.orig/configure.in	2004-10-29 09:56:52.000000000 -0500
+++ mimedefang-2.49/configure.in	2004-12-02 17:17:03.772481387 -0600
@@ -518,8 +518,9 @@
  AC_ARG_ENABLE(nvcc,   [  --disable-nvcc          Do not include support for Nvcc], ac_cv_nvcc=$enableval, ac_cv_nvcc=yes)
  AC_ARG_ENABLE(clamd,   [  --disable-clamd         Do not include support for clamd], ac_cv_clamd=$enableval, ac_cv_clamd=yes)
  AC_ARG_ENABLE(trophie, [  --disable-trophie       Do not include support for Trophie], ac_cv_trophie=$enableval, ac_cv_trophie=yes)
+AC_ARG_ENABLE(hauri, [  --disable-hauri       Do not include support for Hauri GatewayWall/AdvanceServer], ac_cv_hauri=$enableval, ac_cv_hauri=yes)

-ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin"
+ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin:/usr/local/ViRobot"

  if test "$ac_cv_antivirus" = "yes"; then
      if test "$ac_cv_antivir" = yes; then
@@ -596,6 +597,10 @@
      if test "$ac_cv_trophie" = yes; then
          AC_PATH_PROG(TROPHIE, trophie, /bin/false, $ANTIVIR_PATH)
      fi
+
+    if test "$ac_cv_hauri" = yes; then
+        AC_PATH_PROG(HAURI, virobot, /bin/false, $ANTIVIR_PATH)
+    fi
  fi

  test -z "$HBEDV" && HBEDV=/bin/false
@@ -616,6 +621,7 @@
  test -z "$NVCC" && NVCC=/bin/false
  test -z "$CLAMD" && CLAMD=/bin/false
  test -z "$TROPHIE" && TROPHIE=/bin/false
+test -z "$HAURI" && HAURI=/bin/false

  if test "$ac_cv_debugging" = yes ; then
      ENABLE_DEBUGGING=-DENABLE_DEBUGGING
@@ -956,6 +962,17 @@
  	GOT_VIRUS_SCANNER=1
      fi

+    if test "$HAURI" = "/bin/false" ; then
+	if test "$ac_cv_hauri" != "yes" ; then
+	    echo "HAURI  'hauri'   NO (Disabled by configure command)"
+	else
+	    echo "HAURI  'hauri'   NO (not found)"
+	fi
+    else
+	echo "HAURI  'hauri'   YES - $HAURI"
+	GOT_VIRUS_SCANNER=1
+    fi
+
  fi

  if test "$GOT_VIRUS_SCANNER" = "0" ; then
diff -uNr mimedefang-2.49.orig/mimedefang.pl.in mimedefang-2.49/mimedefang.pl.in
--- mimedefang-2.49.orig/mimedefang.pl.in	2004-11-29 08:27:08.000000000 -0600
+++ mimedefang-2.49/mimedefang.pl.in	2004-12-02 17:07:15.435203225 -0600
@@ -120,6 +120,7 @@
  $Features{'Virus:TREND'}    = ('@TREND@' ne '/bin/false' ? '@TREND@' : 0);
  $Features{'Virus:TROPHIE'}  = ('@TROPHIE@' ne '/bin/false' ? '@TROPHIE@' : 0);
  $Features{'Virus:CSAV'}     = ('@CSAV@' ne '/bin/false' ? '@CSAV@' : 0);
+$Features{'Virus:HAURI'}    = ('@HAURI@' ne '/bin/false' ? '@HAURI@' : 0);

  $Features{'Path:SENDMAIL'}  = '@SENDMAILPROG@';
  $Features{'Path:QUARANTINEDIR'} = '@QDIR@';
@@ -4641,6 +4642,85 @@
      return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
  }

+#***********************************************************************
+# %PROCEDURE: entity_contains_virus_hauri
+# %ARGUMENTS:
+#  entity -- a MIME entity
+# %RETURNS:
+#  1 if entity contains a virus as reported by Hauri virobot
+# %DESCRIPTION:
+#  Runs the hauri program on the entity.
+#***********************************************************************
+sub entity_contains_virus_hauri ($) {
+    unless ($Features{'Virus:HAURI'}) {
+	md_syslog('err', "$MsgID: HAURI virobot not installed on this system");
+	return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+    }
+
+    my($entity) = @_;
+    my($body) = $entity->bodyhandle;
+
+    if (!defined($body)) {
+	return (wantarray ? (0, 'ok', 'ok') : 0);
+    }
+
+    # Get filename
+    my($path) = $body->path;
+    if (!defined($path)) {
+	return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+    }
+
+    # Run virobot
+    my($code, $category, $action) =
+	run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d $path 2>&1", "Detected ");
+    if ($action ne 'proceed') {
+	return (wantarray ? ($code, $category, $action) : $code);
+    }
+    return (wantarray ? interpret_hauri_code($code) : $code);
+}
+
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_hauri
+# %ARGUMENTS:
+#  Nothing
+# %RETURNS:
+#  1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+#  Runs the Hauri virobot program on the working directory
+#***********************************************************************
+sub message_contains_virus_hauri () {
+    unless ($Features{'Virus:HAURI'}) {
+	md_syslog('err', "$MsgID: HAURI virobot not installed on this system");
+	return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+    }
+
+    # Run virobot
+    my($code, $category, $action) =
+	run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d ./Work/ 2>&1", "Detected ");
+    if ($action ne 'proceed') {
+	return (wantarray ? ($code, $category, $action) : $code);
+    }
+    return (wantarray ? interpret_hauri_code($code) : $code);
+}
+
+sub interpret_hauri_code ($) {
+    my($code) = @_;
+
+    # OK
+    return ($code, 'ok', 'ok') if ($code == 0);
+
+    # virus found
+    if ($code == 1) {
+	$VirusName = $1
+	    if ($CurrentVirusScannerMessage =~ m/Detected \[(\S+)\]/);
+	$VirusName = "unknown-Hauri-virus" if $VirusName eq "";
+	return ($code, 'virus', 'quarantine');
+    }
+
+    # Anything else shouldn't happen
+    return ($code, 'swerr', 'tempfail');
+}
+

  #***********************************************************************
  # %PROCEDURE: run_virus_scanner

More information about the MIMEDefang mailing list