[Mimedefang] Nod32 integration on Mimedefang
Giovanni Mellini
mellini at alter.it
Fri Jan 27 13:32:03 EST 2006
Hi all, guys :)
Today I wrote a simple patch to mimedefang.pl to run nod32 antivirus on
my Linux box.
I don't know if someone did the same, but I can't find anything similar
on the web
My config:
I use sendmail with libmilter, mimedefang2.54 and the last version of
nod32 (the eval version) for Linux (downloaded from home page)
I installed nod32 in /opt directory and I made a sym link /opt/nod32 to
/opt/nod32-1.04-1_101 dir
The patch to mimedefang.pl is quite simple; I wrote 3 functions
(cut&paste & some adjust :)
sub entity_contains_virus_nod32 ()
sub message_contains_virus_nod32 ()
sub interpret_nod32_code ($)
and I did some little adjustment to the perl code in the right places :)
Attached the output of diff beetween my original mimedefang.pl
(mimedefang.pl.orig) and the patch I wrote.
I hope this is useful for who wants to use nod32 with mimedefang; this
configuration works for me, in conjunction with clamAV, I have no
problems until now :P
I hope this is a starting point to include nod32 antivirus support in
future releases.
Cheers
Giovanni
--
Giovanni Mellini - alter.net
GoogleTalk: giovanni.mellini at gmail.com
ICQ# 77188394
Skype id: g.mellini
MSN: merlos at libero.it
http://www.scubarda.net
-------------- next part --------------
--- mimedefang.pl.orig 2006-01-27 16:49:36.000000000 +0100
+++ mimedefang.pl 2006-01-27 16:52:10.000000000 +0100
@@ -147,6 +147,7 @@
$Features{'Virus:TREND'} = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:TROPHIE'} = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:CSAV'} = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
+$Features{'Virus:NOD32'} = ('/opt/nod32/nod32' ne '/bin/false' ? '/opt/nod32/nod32' : 0);
$Features{'Path:SENDMAIL'} = '/opt/sendmail/sbin/sendmail';
$Features{'Path:QUARANTINEDIR'} = '/var/spool/MD-Quarantine';
@@ -4216,6 +4217,87 @@
return ($code, 'swerr', 'tempfail');
}
+
+#***********************************************************************
+# %PROCEDURE: entity_contains_virus_nod32
+# %ARGUMENTS:
+# entity -- a MIME entity
+# %RETURNS:
+# 1 if entity contains a virus as reported by Trend Micro vscan
+# %DESCRIPTION:
+# Runs the nod32 av on the entity.
+#***********************************************************************
+sub entity_contains_virus_nod32 ($) {
+ md_syslog('info', "Running nod32 on entity");
+ unless ($Features{'Virus:NOD32'}) {
+ md_syslog('err', "$MsgID: NOD32 antivirus not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ my($entity) = @_;
+ my($body) = $entity->bodyhandle;
+
+ if (!defined($body)) {
+ return (wantarray ? (0, 'ok', 'ok') : 0);
+ }
+
+ # Get filename
+ my($path) = $body->path;
+ if (!defined($path)) {
+ return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+ }
+
+ # Run antivir
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:NOD32'} . " -all $path 2>&1", "Found ");
+ md_syslog('info', $Features{'Virus:NOD32'} . " -all $path 2>&1");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_nod32_code ($code) : $code);
+}
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_nod32
+# %ARGUMENTS:
+# Nothing
+# %RETURNS:
+# 1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+# Runs the nod32 av
+#***********************************************************************
+sub message_contains_virus_nod32 () {
+ md_syslog('info', "Running nod32 on message");
+ unless ($Features{'Virus:NOD32'}) {
+ md_syslog('err', "$MsgID: NOD32 Filescanner not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ # Run nod32
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:NOD32'} . " -all ./Work/* 2>&1", "Found ");
+ md_syslog('info', $Features{'Virus:NOD32'} . " -all ./Work/* 2>&1");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_nod32_code($code) : $code);
+}
+
+sub interpret_nod32_code ($) {
+ my($code) = @_;
+
+ # OK
+ return ($code, 'ok', 'ok') if ($code == 0);
+
+ # virus found
+ if ($code >= 1 and $code < 10) {
+ $VirusName = "NOD32-virus";
+ return ($code, 'virus', 'quarantine');
+ }
+
+ # Anything else shouldn't happen
+ return ($code, 'swerr', 'tempfail');
+}
+
#***********************************************************************
# %PROCEDURE: entity_contains_virus_trend
# %ARGUMENTS:
@@ -7024,6 +7106,11 @@
push @VirusScannerEntityRoutines, \&entity_contains_virus_trend;
}
+ if ($Features{'Virus:NOD32'}) {
+ push @VirusScannerMessageRoutines, \&message_contains_virus_nod32;
+ push @VirusScannerEntityRoutines, \&entity_contains_virus_nod32;
+ }
+
}
#***********************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mellini.vcf
Type: text/x-vcard
Size: 276 bytes
Desc: not available
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20060127/56f00879/attachment-0002.vcf>
More information about the MIMEDefang
mailing list