Rejected posting to MAILSCANNER@JISCMAIL.AC.UK

Adrian Bridgett adrian at SMOP.CO.UK
Wed Sep 18 22:48:34 IST 2002


Grrr.  This is my fourth attempt to post.  I've followed the various
instructions, however I'm sure it said one link it sent when I clicked on it
"does not correspond to any pending command" - the subscribe command IIRC.

I just one to post one message, please! :-)

Adrian

On Wed, Sep 18, 2002 at 22:46:22 +0100 (+0000), L-Soft list server at JISCMAIL (1.8e) wrote:
> You  are  not  authorized to  send  mail  to  the  MAILSCANNER list  from  your
> adrian at SMOP.CO.UK account.  You might be  authorized to  send to the  list from
> another of  your accounts,  or perhaps  when using  another mail  program which
> generates slightly  different addresses, but  LISTSERV has no way  to associate
> this other account or address with yours. If you need assistance or if you have
> any question regarding  the policy of the MAILSCANNER list,  please contact the
> list owners: MAILSCANNER-request at JISCMAIL.AC.UK.

> Subject: clamav support for mailscanner (patch)
> From: Adrian Bridgett <adrian at smop.co.uk>
> Date: Wed, 18 Sep 2002 22:45:59 +0100
> To: mailscanner at jiscmail.ac.uk
> 
> Here's a basic parser for clamav (clamav.elektrapro.com).  I've unit tested
> it with zip archives only (no rar archives etc).  Maybe "TryOneCommercial"
> should be renamed ;-)
> 
> I havn't actually started using mailscanner yet (I'm about to swap from
> amavisd-new having seen the source code <g>), so this is definitely not
> tested in production.
> 
> Hope this is useful for someone - patch attached is against 3.22.13-1
> (debian package), but should apply pretty cleanly (just an offset problem
> from the original which was against 3.13).
> 
> I must say, I'm not a great fan of the InitParser/ProcessOutput stuff - any
> particular reason why it was done this way (calling it a line at a time -
> you could pass it a file desciptor)?
> 
> Adrian
> 
> Email: adrian at smop.co.uk
> Windows NT - Unix in beta-testing. GPG/PGP keys available on public key servers
> Debian GNU/Linux  -*-  By professionals for professionals  -*-  www.debian.org

> diff -ru 3.22.orig/etc/mailscanner/mailscanner.conf 3.22/etc/mailscanner/mailscanner.conf
> --- 3.22.orig/etc/mailscanner/mailscanner.conf	2002-09-11 23:51:48.000000000 +0100
> +++ 3.22/etc/mailscanner/mailscanner.conf	2002-09-18 22:22:37.000000000 +0100
> @@ -119,6 +119,7 @@
>  # panda     from www.pandasoftware.com, or
>  # rav       from www.ravantivirus.com, or
>  # antivir   from www.antivir.de, or
> +# clamav    from clamav.elektrapro.com or
>  # none
>  #
>  # Note: If you want to use multiple virus scanners, then this should be a
> Only in 3.22/etc/mailscanner: mailscanner.conf~
> Only in 3.22/etc/mailscanner/wrapper: clamavwrapper
> diff -ru 3.22.orig/usr/share/mailscanner/sweep.pl 3.22/usr/share/mailscanner/sweep.pl
> --- 3.22.orig/usr/share/mailscanner/sweep.pl	2002-09-10 09:01:02.000000000 +0100
> +++ 3.22/usr/share/mailscanner/sweep.pl	2002-09-18 22:21:41.000000000 +0100
> @@ -173,6 +173,16 @@
>      SupportScanning	=> $S_UNSUPPORTED,
>      SupportDisinfect	=> $S_UNSUPPORTED,
>    },
> +  clamav              => {
> +    Lock              => 'ClamAV.lock',
> +    CommonOptions     => '-r --disable-summary --stdout',
> +    DisinfectOptions  => '',
> +    ScanOptions               => '',
> +    InitParser                => \&InitClamAVParser,
> +    ProcessOutput     => \&ProcessClamAVOutput,
> +    SupportScanning   => $S_BETA,
> +    SupportDisinfect  => $S_NONE,
> +  },
>    "none"		=> {
>      Lock		=> 'NoneBusy.lock',
>      CommonOptions	=> '',
> @@ -507,6 +517,13 @@
>    ;
>  }
>  
> +# Initialise any state variables the ClamAV output parser uses
> +my ($clamav_archive);
> +sub InitClamAVParser {
> +  $clamav_archive = "";
> +}
> +
> +
>  # These functions must be called with, in order:
>  # * The line of output from the scanner
>  # * A reference to the hash containing problem details
> @@ -1022,6 +1039,63 @@
>    return 0;
>  }
>  
> +# Process ClamAV (v0.22) output
> +sub ProcessClamAVOutput {
> +  my($line, $infections, $types, $BaseDir) = @_;
> +
> +  if ($line =~ /^ERROR:/ or $line =~ /^execv\(p\):/)
> +  {
> +    chomp $line;
> +    Log::WarnLog($line);
> +    return 0;
> +  }
> +
> +  # clamscan currently stops as soon as one virus is found
> +  # therefore there is little point saying which part
> +  # it's still a start mind!
> +
> +  # Only tested with --unzip since only windows boxes get viruses ;-)
> +
> +  if (/^Archive:  (.*)$/)
> +  {
> +    $clamav_archive = $1;
> +    return 0;
> +  }
> +  return 0 if /^  /;  # "  inflating", "  deflating.." from --unzip
> +  if ($clamav_archive && /^$clamav_archive:/)
> +  {
> +    $clamav_archive = "";
> +    return 0;
> +  }
> +
> +  return 0 if /OK$/; 
> +  
> +  if (/^(.*?): (.*) FOUND$/)
> +  {
> +     my ($id, $part, $virus);
> +     $virus = $2;
> +     if ($clamav_archive)
> +     {
> +        $id = $clamav_archive;
> +	($part = $1) =~ s/^.*\///;  # get basename of file
> +     }
> +     else
> +     {
> +	 $id = $1;
> +	 $part = "";
> +     }     
> +     $id =~ s/$BaseDir\///;
> +
> +    $infections->{"$id"}{"$part"} .= "contains $virus\n";
> +    $types->{"$id"}{"$part"} .= "v";
> +    return 1;
> +  }
> +
> +  chomp $line;
> +  Log::WarnLog("ProcessClamAVOutput: unrecognised line \"$line\"");
> +  return 0;
> +}
> +
>  
>  sub CallOwnChecking {
>    my($BaseDir, $mime, $infections, $inftypes) = @_;


Email: adrian at smop.co.uk
Windows NT - Unix in beta-testing. GPG/PGP keys available on public key servers
Debian GNU/Linux  -*-  By professionals for professionals  -*-  www.debian.org



More information about the MailScanner mailing list