[Mimedefang] patch to add support for Sophos savscan
Adam Lanier
adam at krusty.madoff.com
Fri Sep 21 12:53:42 EDT 2007
Sophos has released version 6 of their anti-virus software for Linux.
With this new release, the on-demand scanning executable has changed
from 'sweep' to 'savscan'. Program command-line options and return
codes seem to be identical between 'sweep' and 'savscan'.
The following patch against mimedefang-2.63 simply adds support for the
new executable. I've also added support for scanning TNEF, MS cab files
and MS Outlook Express mailbox files.
Index: configure
===================================================================
--- configure (revision 1)
+++ configure (working copy)
@@ -309,7 +309,7 @@
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME
PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix
program_transform_name bindir sbindir libexecdir datadir sysconfdir
sharedstatedir localstatedir libdir includedir oldincludedir infodir
mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T
LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT AR
INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PERL NM DEFANGUSER IP_HEADER
CONFSUBDIR CLEANUP_DEFS SETLOGSOCK_NATIVE SETLOGSOCK_UNIX
HAVE_SPAM_ASSASSIN CPP EGREP USE_UNIX_SYSLOG USE_SYS_SYSLOG
EMBPERLCFLAGS EMBPERLLDFLAGS EMBPERLLIBS EMBPERLOBJS EMBPERLDEFS
MINCLUDE SPOOLDIR QDIR HBEDV VEXIRA NAI BDC SOPHOS TREND KAVSCANNER
CLAMSCAN AVP AVP_KAVDAEMON AVP5 CSAV FSAV FPROT SOPHIE NVCC CLAMD
TROPHIE LIBMILTER LIBSM LIBMILTERSO SENDMAILPROG RM ENABLE_DEBUGGING
PTHREAD_FLAG VERSION LIBS_WITHOUT_PTHREAD CONFDIR_EVAL LIBMILTERDIR
PERLPREFIX PERLSITEPREFIX PERLVENDORPREFIX PERLINSTALLARCHLIB
PERLINSTALLPRIVLIB PERLINSTALLBIN PERLINSTALLMAN1DIR PERLINSTALLMAN3DIR
PERLINSTALLSCRIPT PERLINSTALLSITEARCH PERLINSTALLSITELIB PERLINSTALLDATA
PERLINSTALLSITEDATA PERLINSTALLVENDORDATA PERLINSTALLCONF
PERLINSTALLSITECONF PERLINSTALLVENDORCONF LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME
PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix
program_transform_name bindir sbindir libexecdir datadir sysconfdir
sharedstatedir localstatedir libdir includedir oldincludedir infodir
mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T
LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT AR
INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PERL NM DEFANGUSER IP_HEADER
CONFSUBDIR CLEANUP_DEFS SETLOGSOCK_NATIVE SETLOGSOCK_UNIX
HAVE_SPAM_ASSASSIN CPP EGREP USE_UNIX_SYSLOG USE_SYS_SYSLOG
EMBPERLCFLAGS EMBPERLLDFLAGS EMBPERLLIBS EMBPERLOBJS EMBPERLDEFS
MINCLUDE SPOOLDIR QDIR HBEDV VEXIRA NAI BDC SOPHOS SAVSCAN TREND
KAVSCANNER CLAMSCAN AVP AVP_KAVDAEMON AVP5 CSAV FSAV FPROT SOPHIE NVCC
CLAMD TROPHIE LIBMILTER LIBSM LIBMILTERSO SENDMAILPROG RM
ENABLE_DEBUGGING PTHREAD_FLAG VERSION LIBS_WITHOUT_PTHREAD CONFDIR_EVAL
LIBMILTERDIR PERLPREFIX PERLSITEPREFIX PERLVENDORPREFIX
PERLINSTALLARCHLIB PERLINSTALLPRIVLIB PERLINSTALLBIN PERLINSTALLMAN1DIR
PERLINSTALLMAN3DIR PERLINSTALLSCRIPT PERLINSTALLSITEARCH
PERLINSTALLSITELIB PERLINSTALLDATA PERLINSTALLSITEDATA
PERLINSTALLVENDORDATA PERLINSTALLCONF PERLINSTALLSITECONF
PERLINSTALLVENDORCONF LIBOBJS LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
@@ -854,6 +854,7 @@
--disable-uvscan Do not include support for NAI uvscan
--disable-bdc Do not include support for Bitdefender bdc
--disable-sweep Do not include support for Sophos sweep
+ --disable-savscan Do not include support for Sophos savscan
--disable-trend Do not include support for Trend
Filescanner/Interscan
--disable-AvpLinux Do not include support for AVP AvpLinux
--disable-kavscanner Do not include support for Kaspersky
kavscanner
@@ -5188,6 +5189,13 @@
else
ac_cv_sweep=yes
fi;
+# Check whether --enable-savscan or --disable-savscan was given.
+if test "${enable_savscan+set}" = set; then
+ enableval="$enable_savscan"
+ ac_cv_savscan=$enableval
+else
+ ac_cv_savscan=yes
+fi;
# Check whether --enable-trend or --disable-trend was given.
if test "${enable_trend+set}" = set; then
enableval="$enable_trend"
@@ -5490,7 +5498,50 @@
fi
fi
+
+ if test "$ac_cv_savscan" = yes; then
+ # Extract the first word of "savscan", so it can be a program name
with args.
+set dummy savscan; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_SAVSCAN+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $SAVSCAN in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SAVSCAN="$SAVSCAN" # Let the user override the test with a
path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $ANTIVIR_PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_SAVSCAN="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+ test -z "$ac_cv_path_SAVSCAN" && ac_cv_path_SAVSCAN="/bin/false"
+ ;;
+esac
+fi
+SAVSCAN=$ac_cv_path_SAVSCAN
+
+if test -n "$SAVSCAN"; then
+ echo "$as_me:$LINENO: result: $SAVSCAN" >&5
+echo "${ECHO_T}$SAVSCAN" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ fi
+
if test "$ac_cv_trend" = yes; then
# Extract the first word of "vscan", so it can be a program name with
args.
set dummy vscan; ac_word=$2
@@ -7679,6 +7730,17 @@
echo "Sophos 'sweep' YES - $SOPHOS"
GOT_VIRUS_SCANNER=1
fi
+
+ if test "$SAVSCAN" = "/bin/false" ; then
+ if test "$ac_cv_savscan" != "yes" ; then
+ echo "Sophos 'savscan' NO (Disabled by configure command)"
+ else
+ echo "Sophos 'savscan' NO (not found)"
+ fi
+ else
+ echo "Sophos 'savscan' YES - $SAVSCAN"
+ GOT_VIRUS_SCANNER=1
+ fi
if test "$TREND" = "/bin/false" ; then
if test "$ac_cv_trend" != "yes" ; then
Index: configure.in
===================================================================
--- configure.in (revision 1)
+++ configure.in (working copy)
@@ -506,6 +506,7 @@
AC_ARG_ENABLE(uvscan, [ --disable-uvscan Do not include
support for NAI uvscan], ac_cv_uvscan=$enableval, ac_cv_uvscan=yes)
AC_ARG_ENABLE(bdc, [ --disable-bdc Do not include
support for Bitdefender bdc], ac_cv_bdc=$enableval, ac_cv_bdc=yes)
AC_ARG_ENABLE(sweep, [ --disable-sweep Do not include
support for Sophos sweep], ac_cv_sweep=$enableval, ac_cv_sweep=yes)
+AC_ARG_ENABLE(savscan, [ --disable-savscan Do not include
support for Sophos savscan], ac_cv_savscan=$enableval,
ac_cv_savscan=yes)
AC_ARG_ENABLE(trend, [ --disable-trend Do not include
support for Trend Filescanner/Interscan], ac_cv_trend=$enableval,
ac_cv_trend=yes)
AC_ARG_ENABLE(AvpLinux, [ --disable-AvpLinux Do not include
support for AVP AvpLinux], ac_cv_AvpLinux=$enableval,
ac_cv_AvpLinux=yes)
AC_ARG_ENABLE(kavscanner, [ --disable-kavscanner Do not include
support for Kaspersky kavscanner], ac_cv_kavscanner=$enableval,
ac_cv_kavscanner=yes)
@@ -542,6 +543,10 @@
AC_PATH_PROG(SOPHOS, sweep, /bin/false, $ANTIVIR_PATH)
fi
+ if test "$ac_cv_savscan" = yes; then
+ AC_PATH_PROG(SAVSCAN, savscan, /bin/false, $ANTIVIR_PATH)
+ fi
+
if test "$ac_cv_trend" = yes; then
AC_PATH_PROG(TREND, vscan, /bin/false, $ANTIVIR_PATH)
fi
@@ -867,6 +872,17 @@
GOT_VIRUS_SCANNER=1
fi
+ if test "$SAVSCAN" = "/bin/false" ; then
+ if test "$ac_cv_savscan" != "yes" ; then
+ echo "Sophos 'savscan' NO (Disabled by configure command)"
+ else
+ echo "Sophos 'savscan' NO (not found)"
+ fi
+ else
+ echo "Sophos 'savscan' YES - $SAVSCAN"
+ GOT_VIRUS_SCANNER=1
+ fi
+
if test "$TREND" = "/bin/false" ; then
if test "$ac_cv_trend" != "yes" ; then
echo "TREND 'vscan' NO (Disabled by configure command)"
Index: mimedefang-filter.5.in
===================================================================
--- mimedefang-filter.5.in (revision 1)
+++ mimedefang-filter.5.in (working copy)
@@ -743,6 +743,9 @@
$Features{"Virus:SOPHOS"} is the full path to Sophos sweep if it is
installed;
0 if it is not.
+$Features{"Virus:SAVSCAN"} is the full path to Sophos savscan if it is
installed;
+0 if it is not.
+
$Features{"Virus:CLAMAV"} is the full path to Clam AV clamscan if it is
installed;
0 if it is not.
Index: mimedefang.pl.in
===================================================================
--- mimedefang.pl.in (revision 1)
+++ mimedefang.pl.in (working copy)
@@ -3493,6 +3493,42 @@
}
#***********************************************************************
+# %PROCEDURE: entity_contains_virus_savscan
+# %ARGUMENTS:
+# entity -- a MIME entity
+# %RETURNS:
+# 1 if entity contains a virus as reported by Sophos Savscan
+# %DESCRIPTION:
+# Runs the Sophos Savscan program on the entity.
+#***********************************************************************
+sub entity_contains_virus_savscan ($) {
+
+ unless($Features{'Virus:SAVSCAN'}) {
+ md_syslog('err', "$MsgID: Sophos Savscan not installed on this
system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ my($entity) = @_;
+ my($body) = $entity->bodyhandle;
+ if (!defined($body)) {
+ return (wantarray ? (0, 'ok', 'ok') : 0);
+ }
+
+ # Get filename
+ my($path) = $body->path;
+ if (!defined($path)) {
+ return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+ }
+
+ # Run antivir
+ my($code, $category, $action) =
run_virus_scanner($Features{'Virus:SAVSCAN'} . " -f -mime -all -cab -oe
-tnef -archive -ss $path 2>&1", "(>>> Virus)|(Password)|(Could not
check)");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_savscan_code($code) : $code);
+}
+
+#***********************************************************************
# %PROCEDURE: message_contains_virus_sophos
# %ARGUMENTS:
# Nothing
@@ -3516,6 +3552,30 @@
return (wantarray ? interpret_sweep_code($code) : $code);
}
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_savscan
+# %ARGUMENTS:
+# Nothing
+# %RETURNS:
+# 1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+# Runs the Sophos Savscan program on the working directory
+#***********************************************************************
+sub message_contains_virus_savscan () {
+
+ unless($Features{'Virus:SAVSCAN'}) {
+ md_syslog('err', "$MsgID: Sophos Savscan not installed on this
system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ # Run antivir
+ my($code, $category, $action) =
run_virus_scanner($Features{'Virus:SOPHOS'} . " -f -mime -all -cab -oe
-tnef -archive -ss ./Work 2>&1", "(>>> Virus)|(Password)|(Could not
check)");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_savscan_code($code) : $code);
+}
+
sub interpret_sweep_code ($) {
# Based on info from Nicholas Brealey
my($code) = @_;
@@ -3542,6 +3602,32 @@
return ($code, 'swerr', 'tempfail');
}
+sub interpret_savscan_code ($) {
+ # Based on info from Nicholas Brealey
+ my($code) = @_;
+
+ # OK
+ return ($code, 'ok', 'ok') if ($code == 0);
+
+ # Interrupted
+ return ($code, 'interrupted', 'tempfail') if ($code == 1);
+
+ # This is technically an error code, but Sophos chokes
+ # on a lot of M$ docs with this code, so we let it through...
+ return (0, 'ok', 'ok') if ($code == 2);
+
+ # Virus
+ if ($code == 3) {
+ $VirusName = $1
+ if ($CurrentVirusScannerMessage =~ m/^\s*>>> Virus '(\S+)'/);
+ $VirusName = "unknown-Savscan-virus" if $VirusName eq "";
+ return ($code, 'virus', 'quarantine');
+ }
+
+ # Unknown code
+ return ($code, 'swerr', 'tempfail');
+}
+
#***********************************************************************
# %PROCEDURE: entity_contains_virus_clamav
# %ARGUMENTS:
More information about the MIMEDefang
mailing list