[Mimedefang] Perl Mail::ClamAV
John Rudd
john at rudd.cc
Sat Sep 17 09:06:27 EDT 2005
Here's the code I have added to my mimedefang-filter, which appears to
be working. If someone else wouldn't mind, a) checking to be sure it's
working, b) look for obvious optimization things I've overlooked, and
c) testing it for speed against the existing CLAMAV and CLAMD features,
I would appreciate it.
If it develops into a feature, I would recommend calling it "CLAMMOD"
for "perl CLAMav MODule".
Here's what to add:
(before "detect_and_load_perl_modules")
$Features{"Virus:CLAMAV"} = 0;
$Features{"Virus:CLAMD"} = 0;
(after that; note, my indentation style is a little unorthodox; sorry)
use Mail::ClamAV qw/:all/;
my $clamscanner = new Mail::ClamAV(retdbdir());
$clamscanner->buildtrie;
sub clamav_module_scan_message {
my $file = "./INPUTMSG";
my ($code, $category, $action);
my ($status, $errtxt, $errcode, $msg);
if ($clamscanner->statchkdir) { # if new signatures, re-load
$clamscanner = new Mail::ClamAV(retdbdir());
$clamscanner->buildtrie;
}
$CurrentVirusScannerMessage = "";
$status = $clamscanner->scan($file,
(CL_SCAN_MAIL|CL_SCAN_HTML|CL_SCAN_BLOCKENCRYPTED) );
if ($status->clean) {
$msg = "ClamAV CLEAN $status";
$CurrentVirusScannerMessage = $msg;
$VirusScannerMessages .= $msg . "\n";
#md_syslog('info', "$MsgID: $msg");
$VirusName = "";
$code = 0;
$category = "ok";
$action = "ok";
}
elsif ($status->virus) {
$VirusName = "$status";
$VirusName = "unknown-Clamav-virus" if $VirusName eq "";
$msg = "ClamAV Module Found $VirusName\n";
$CurrentVirusScannerMessage = $msg;
$VirusScannerMessages .= $msg . "\n";
md_syslog('warning', "$MsgID: $msg");
$code = 1;
$category = "virus";
$action = "quarantine";
}
else { # if it's not clean, and not a virus, must be an error
$errcode = $status->errno;
if ($errcode == CL_EMAXREC) {
$errtxt = "($errcode) Maximum Scan Depth Recursion Limit
Exceeded";
}
elsif ($errcode == CL_EMAXSIZE) {
$errtxt = "($errcode) Maximum Scan Size Limit Exceeded";
}
elsif ($errcode == CL_EMAXFILES) {
$errtxt = "($errcode) Maximum Scan Number of Files Exceeded";
}
elsif ($errcode == CL_ERAR) {
$errtxt = "($errcode) RAR Handler Error";
}
elsif ($errcode == CL_EZIP) {
$errtxt = "($errcode) Zip Handler Error";
}
elsif ($errcode == CL_EMALFZIP) {
$errtxt = "($errcode) Malformed Zip File";
}
elsif ($errcode == CL_EGZIP) {
$errtxt = "($errcode) Gzip Hanlder Error";
}
elsif ($errcode == CL_EBZIP) {
$errtxt = "($errcode) BZIP2 Hanlder Error";
}
elsif ($errcode == CL_EOLE2) {
$errtxt = "($errcode) OLE2 Handler Error";
}
elsif ($errcode == CL_EMSCOMP) {
$errtxt = "($errcode) MS Compress.exe Hanlder Error";
}
elsif ($errcode == CL_EMSCAB) {
$errtxt = "($errcode) MS CAB Module Error";
}
elsif ($errcode == CL_EACCES) {
$errtxt = "($errcode) Access Denied";
}
elsif ($errcode == CL_ENULLARG) {
$errtxt = "($errcode) Null Argument Error";
}
elsif ($errcode == CL_CLEAN) { # shouldn't happen
$errtxt = "($errcode) Clean, but not caught in clean code";
}
elsif ($errcode == CL_VIRUS) { # shouldn't happen
$errtxt = "($errcode) Virus, but not caught in virus code";
}
else { # shouldn't happen
$errtxt = "($errcode) Unknown ClamAV Module Error";
}
$VirusName = "";
$msg = "ClamAV Module Returned Error '$errtxt' '$status'\n";
$CurrentVirusScannerMessage = $msg;
$VirusScannerMessages .= $msg . "\n";
md_syslog('err', "$MsgID: $msg");
$code = 999;
$category = "swerr";
$action = "tempfail";
}
return (wantarray ? ($code, $category, $action) : $code);
}
More information about the MIMEDefang
mailing list