[Mimedefang] Nod32 integration on Mimedefang

Giovanni Mellini mellini at alter.it
Fri Jan 27 13:32:03 EST 2006 

Hi all, guys   :)

Today I wrote a simple patch to mimedefang.pl to run nod32 antivirus on 
my Linux box.
I don't know if someone did the same, but I can't find anything similar 
on the web

My config:
I use sendmail with libmilter, mimedefang2.54 and the last version of 
nod32 (the eval version) for Linux (downloaded from home page)

I installed nod32 in /opt directory and I made a sym link /opt/nod32 to 
/opt/nod32-1.04-1_101 dir

The patch to mimedefang.pl is quite simple; I wrote 3 functions 
(cut&paste & some adjust :)

sub entity_contains_virus_nod32 ()
sub message_contains_virus_nod32 ()
sub interpret_nod32_code ($)

and I did some little adjustment to the perl code in the right places :)

Attached the output of diff beetween my original mimedefang.pl 
(mimedefang.pl.orig) and the patch I wrote.

I hope this is useful for who wants to use nod32 with mimedefang; this 
configuration works for me, in conjunction with clamAV, I have no 
problems until now :P
I hope this is a starting point to include nod32 antivirus support in 
future releases.

Cheers
Giovanni

-- 
Giovanni Mellini - alter.net
  GoogleTalk: giovanni.mellini at gmail.com
  ICQ# 77188394
  Skype id: g.mellini
  MSN: merlos at libero.it
  http://www.scubarda.net
-------------- next part --------------
--- mimedefang.pl.orig  2006-01-27 16:49:36.000000000 +0100
+++ mimedefang.pl       2006-01-27 16:52:10.000000000 +0100
@@ -147,6 +147,7 @@
 $Features{'Virus:TREND'}    = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
 $Features{'Virus:TROPHIE'}  = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
 $Features{'Virus:CSAV'}     = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
+$Features{'Virus:NOD32'}    = ('/opt/nod32/nod32' ne '/bin/false' ? '/opt/nod32/nod32' : 0);

 $Features{'Path:SENDMAIL'}  = '/opt/sendmail/sbin/sendmail';
 $Features{'Path:QUARANTINEDIR'} = '/var/spool/MD-Quarantine';
@@ -4216,6 +4217,87 @@
     return ($code, 'swerr', 'tempfail');
 }

+
+#***********************************************************************
+# %PROCEDURE: entity_contains_virus_nod32
+# %ARGUMENTS:
+#  entity -- a MIME entity
+# %RETURNS:
+#  1 if entity contains a virus as reported by Trend Micro vscan
+# %DESCRIPTION:
+#  Runs the nod32 av on the entity.
+#***********************************************************************
+sub entity_contains_virus_nod32 ($) {
+    md_syslog('info', "Running nod32 on entity");
+    unless ($Features{'Virus:NOD32'}) {
+       md_syslog('err', "$MsgID: NOD32 antivirus not installed on this system");
+       return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+    }
+
+    my($entity) = @_;
+    my($body) = $entity->bodyhandle;
+
+    if (!defined($body)) {
+       return (wantarray ? (0, 'ok', 'ok') : 0);
+    }
+
+    # Get filename
+    my($path) = $body->path;
+    if (!defined($path)) {
+       return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+    }
+
+    # Run antivir
+    my($code, $category, $action) =
+       run_virus_scanner($Features{'Virus:NOD32'} . " -all $path 2>&1", "Found ");
+    md_syslog('info', $Features{'Virus:NOD32'} . " -all $path 2>&1");
+    if ($action ne 'proceed') {
+       return (wantarray ? ($code, $category, $action) : $code);
+    }
+    return (wantarray ? interpret_nod32_code ($code) : $code);
+}
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_nod32
+# %ARGUMENTS:
+#  Nothing
+# %RETURNS:
+#  1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+#  Runs the nod32 av
+#***********************************************************************
+sub message_contains_virus_nod32 () {
+    md_syslog('info', "Running nod32 on message");
+    unless ($Features{'Virus:NOD32'}) {
+       md_syslog('err', "$MsgID: NOD32 Filescanner not installed on this system");
+       return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+    }
+
+    # Run nod32
+    my($code, $category, $action) =
+       run_virus_scanner($Features{'Virus:NOD32'} . " -all ./Work/* 2>&1", "Found ");
+    md_syslog('info', $Features{'Virus:NOD32'} . " -all ./Work/* 2>&1");
+    if ($action ne 'proceed') {
+       return (wantarray ? ($code, $category, $action) : $code);
+    }
+    return (wantarray ? interpret_nod32_code($code) : $code);
+}
+
+sub interpret_nod32_code ($) {
+    my($code) = @_;
+
+    # OK
+    return ($code, 'ok', 'ok') if ($code == 0);
+
+    # virus found
+    if ($code >= 1 and $code < 10) {
+       $VirusName = "NOD32-virus";
+       return ($code, 'virus', 'quarantine');
+    }
+
+    # Anything else shouldn't happen
+    return ($code, 'swerr', 'tempfail');
+}
+
 #***********************************************************************
 # %PROCEDURE: entity_contains_virus_trend
 # %ARGUMENTS:
@@ -7024,6 +7106,11 @@
        push @VirusScannerEntityRoutines, \&entity_contains_virus_trend;
     }

+    if ($Features{'Virus:NOD32'}) {
+       push @VirusScannerMessageRoutines, \&message_contains_virus_nod32;
+       push @VirusScannerEntityRoutines, \&entity_contains_virus_nod32;
+    }
+
 }

 #***********************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mellini.vcf
Type: text/x-vcard
Size: 276 bytes
Desc: not available
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20060127/56f00879/attachment-0002.vcf>

More information about the MIMEDefang mailing list