MailScanner + kaspersky-4.5/5.5 problem

Sun Aug 27 16:53:03 IST 2006

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Paul Tenfjord
> Sent: August 25, 2006 1:44 PM
> To: MailScanner discussion
> Subject: MailScanner + kaspersky-4.5/5.5 problem
> 
> Evening all.
> 
> I've been trying to get MailScanner use Kaspersky virus 
> scanner without success. 
> I downloaded a trial version (kav5.5trial) and installed the 
> deb file. The deb file installed Kaspersky to 
> /opt/kav/5.5/kav4mailservers/. 
> The wrapper script runs successfully, yet the log file never 
> shows kaspersky scan the email, I can however see Clamav and 
> Mailscanner entries in the detailed report. 
> I have edited the installation directory in 
> virus.scanners.conf to point to /opt/kav/5.5/kav4mailservers . 
> 
> 
> thin# /opt/MailScanner/lib/kaspersky-wrapper 
> /opt/kav/5.5/kav4mailservers
> [25/08/06 20:38:25 I] Kaspersky Anti-Virus On-Demand Scanner 
> for Linux. 
> Version 5.5.10/RELEASE build #115, compiled Mar 29 2006, 
> 14:17:08 .....
> [25/08/06 20:38:25 I] License file 001BEE74.key, serial 
> 0038-000413-001BEE74, "Kaspersky Anti-Virus BO for SendMail / 
> Qmail / Postfix International Edition. 50-MailAddress 1 month 
> Trial Download Pack", expires 24-09-2006 in
> 28 days
> [25/08/06 20:38:27 I] There are 205521 records loaded, the 
> latest update
> 25-08-2006
> [25/08/06 20:38:27 I] The scan path: 
> /opt/MailScanner-4.55.10/etc ......
> [25/08/06 20:38:29 I] Scan summary: Files=432 Folders=20 
> Archives=181 Packed=0 Infected=0 Warnings=0 Suspicios=0 
> Cured=0 CureFailed=0 Corrupted=0 Protected=0 Error=0 
> ScanTime=00:00:02 ScanSpeed=1642.812 Kb/s
> 
> 
> thin#  grep -ri kasper mail.log
> Aug 25 19:42:01 mx11 update.virus.scanners: Found 
> kaspersky-4.5 installed Aug 25 19:42:01 mx11 
> update.virus.scanners: Running autoupdate for
> kaspersky-4.5
> Aug 25 19:42:10 mx11 kaspersky-autoupdate[5949]: Kaspersky-5.0 updated
> 
> MailScanner.conf : 
> Virus Scanners = clamav kaspersky-4.5
> 
> virus.scanners.conf : 
> kaspersky-4.5   /opt/MailScanner/lib/kaspersky-wrapper  
> /opt/kav/5.5/kav4mailservers
> 
> MailScanner -lint : 
> MailScanner.conf says "Virus Scanners = clamav kaspersky-4.5"
> Found these virus scanners installed: clamav, kaspersky-4.5
> 
> Vitals : 
> MailScanner 4.55.10
> Kaspersky 5.5trial installed in default location. 
> 
> 
> Any suggestions or hints would be highly appreciated.
> 
> 
> 
> Best Regards Paul. 
> 
> 
> 
> 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 

I got kaspersky-5.5 to work for me, but I had to add some lines to a few
files to make it happen.
This works for me.

/etc/MailScanner/virus.scanners.conf
# Kaspersky 5.5
kaspersky-5.5   /usr/lib/MailScanner/kaspersky-wrapper  /opt/kav/5.5

/usr/lib/MailScanner/kaspery-wrapper
# For KAV 5.5
Scanner=kav4unix/bin/kavscanner
if [ -x ${PackageDir}/$Scanner ]; then
    Report=/tmp/kavoutput.tmp.$$
    ScanOptions="-xp -i0" # Don't report progress, don't attempt to clean

    if [ "x$1" = "x-IsItInstalled" ]; then
        exit 0
    fi

    Args=`echo "$@" | sed -e 's/ -I/ -i/g; s/^-I/-i/g; s/-- / /g;'`
    rm -f $Report
    ${PackageDir}/$Scanner $ScanOptions -q -o$Report "$@"
    cat $Report
    rm -f $Report
    exit
fi

/usr/lib/MailScanner/kaspery-wrapper

# Code for Kasperkey 5.5
if (-x "$PackageDir/kav4unix/bin/keepup2date") {
  &Lock();
  system("$PackageDir/kav4unix/bin/keepup2date");
  &Unlock();
  Sys::Syslog::syslog('info', "Kaspersky-5.5 updated");
  Sys::Syslog::closelog();
  exit 0;
}

/usr/lib/MailScanner/MailScanner/SweepViruses.pm
Following lines were added above the similar place where kaspersky4.5 code
is.

--> Around line 170

  "kaspersky-5.5"   => {
    Name        => 'Kaspersky',
    Lock        => 'KasperskyBusy.lock',
    CommonOptions   => '',
    DisinfectOptions    => '-i2',
    ScanOptions     => '-i0',
    InitParser      => \&InitKaspersky_5_5Parser,
    ProcessOutput   => \&ProcessKaspersky_5_5Output,
    SupportScanning => $S_SUPPORTED,
    SupportDisinfect    => $S_SUPPORTED,
  },

--> Around line 1190

# Initialise any state variables the Kaspersky 5.5 output parser uses
my ($kaspersky_5_5Version);
sub InitKaspersky_5_5Parser {
  $kaspersky_5_5Version = 0;
}

--> Around line 1730

# Kaspersky 5.5 onwards is different to its predecessors.
sub ProcessKaspersky_5_5Output {
  my($line, $infections, $types, $BaseDir, $Name) = @_;
  my($logout, $report, $infected, $id, $part, @rest);

  chomp $line;

  if (!$kaspersky_5_5Version) {
    # Version is on a line before any files are scanned
    $kaspersky_5_5Version = $1 if $line =~ /version\D+([\d.]+)/i;
    return 0;
  }

  return 0 unless $line =~ /\sINFECTED\s/i;
  $line =~ s/^\[[^\]]+\] //;
  $logout = "$line";
  $logout =~ s/%/%%/g;
  $logout =~ s/\s{20,}/ /g;
#  MailScanner::Log::InfoLog($logout);

  $report = $line; # Save a copy
  $line =~ s/^$BaseDir\///; # Remove basedir/ off the front
  # Now have id/part followed possibly by /rest
  $line =~ /^(.+)\sINFECTED\s[^\s]+$/;
  $infected = $1;
  my ( $foo, $virusname ) = split(/INFECTED\s+/, $line);
  ($id, $part, @rest) = split(/\//, $infected);
  MailScanner::Log::InfoLog("Kaspersky5.5::INFECTED:: $virusname:
$infected");
  $report = $Name . ': ' if $Name;
  $infections->{"$id"}{"$part"} .= "$report$part is infected: $virusname\n";
  $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender
    system("/usr/local/bin/virus.pl", $virusname);
  return 1;
}

YMMV but this did work for me.

regards,
-dan