Clamd as scan option [patches included]

Julian Field MailScanner at ecs.soton.ac.uk
Fri Apr 27 15:54:00 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just released a beta with this functionality included.

Mike Tremaine wrote:
>
> Overview: So I starting thinking about what it would take to get 
> clamdscan working with MailScanner. The results are included below. 
> First and foremost you must have clamd running, if you run as root 
> then you don't have to worry about any permission problems. If you run 
> clamd as "clamav" then you need to set
>
> ######  IF YOU ARE RUNNING MAILSCANNER AS ROOT ######
> # You need to set the following in MailScanner.conf so that external
> # unpackers can be used...
> #   Incoming Work Group = clamav
> #   Incoming Work Permissions = 0640
>
> So that clamd can scan in the directories. Otherwise here goes.
>
> Steps:
>
> 1) Install clamd-wrapper in your MailScanner/lib/ directory
>
> 2) Patch MailScanner/lib/MailScanner/SweepViruses.pm
>
> 3) In MailScanner.conf set
> Virus Scanners = clamd
>
> 4) In virus.scanners.conf set [This is on a Solaris 10 host so do the 
> right thing with your OWN PATH Options!]
> clamd           /opt/MailScanner/lib/clamd-wrapper      /usr/local
>
>
> Notes:
>
> Internally this approach uses most of the clamav [aka clamscan] 
> options,  if it turns out there are major differences then a new parse 
> function can easily be added to SweepViruses.pm, otherwise my biggest 
> concern would be what happens if clamd dies, perhaps the clamd-wrapper 
> can have some processes/error checking that can restart clamd.
>
> I only tested this out on a development box but it did scan txt zip 
> and tar.gz as attachments with no problem. The speed difference is 
> pretty good here is an example on my spoolfile [1.77MB]
>
> [root at neutron ~]# clamscan /var/mail/mgt
> /var/mail/mgt: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 108394
> Engine version: 0.90.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 1.77 MB
> Time: 25.755 sec (0 m 25 s)
>
> [root at neutron ~]# clamdscan /var/mail/mgt
> /var/mail/mgt: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 10.260 sec (0 m 10 s)
>
> -Mike
> ------------------------------------------------------------------------
>
> #!/bin/sh
>
> # clamd-wrapper --      invoke ClamAV for use with mailscanner
> #
> #   MailScanner - SMTP E-Mail Virus Scanner
> #   Copyright (C) 2001  Julian Field
> #
> #   $Id: clamd-wrapper 3184 2005-09-28 11:13:40Z jkf $
> #
> #   This program is free software; you can redistribute it and/or modify
> #   it under the terms of the GNU General Public License as published by
> #   the Free Software Foundation; either version 2 of the License, or
> #   (at your option) any later version.
> #
> #   This program is distributed in the hope that it will be useful,
> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> #   GNU General Public License for more details.
> #
> #   You should have received a copy of the GNU General Public License
> #   along with this program; if not, write to the Free Software
> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
> #
> #   The author, Julian Field, can be contacted by email at
> #      Jules at JulianField.net
> #   or by paper mail at
> #      Julian Field
> #      Dept of Electronics & Computer Science
> #      University of Southampton
> #      Southampton
> #      SO17 1BJ
> #      United Kingdom
> #
> #
> ######  IF YOU ARE RUNNING MAILSCANNER AS ROOT ######
> # You need to set the following in MailScanner.conf so that external
> # unpackers can be used...
> #   Incoming Work Group = clamav
> #   Incoming Work Permissions = 0640
>
> #ClamUser="clamav"
> #ClamGroup="clamav"
>
> ScanOptions=""
>
> ClamdScan=$1/bin/clamdscan
> shift
>
> if [ ! -x $ClamdScan ]; then
>   ClamdScan=/usr/bin/clamdscan
> fi
>
> if [ "x$1" = "x-IsItInstalled" ]; then
>   [ -x $ClamdScan ] && exit 0
>   exit 1
> fi
>
> # Add this for Solaris users so they can find whoami
> PATH=$PATH:/usr/ucb
> export PATH
>
> $ClamdScan $ScanOptions "$@"
>
> retval=$?
>
> exit $retval
>
>   
> ------------------------------------------------------------------------
>
> [root at neutron MailScanner]# diff -u SweepViruses.pm SweepViruses.pm.OLD
> --- SweepViruses.pm     Sun Apr 15 06:38:56 2007
> +++ SweepViruses.pm.OLD Sat Apr 14 19:19:26 2007
> @@ -301,17 +301,6 @@
>      SupportScanning     => $S_SUPPORTED,
>      SupportDisinfect    => $S_NONE,
>    },
> -  "clamd"  => {
> -    Name               => 'ClamAV',
> -    Lock                => 'ClamAVBusy.lock',
> -    CommonOptions       => '--disable-summary --stdout',
> -    DisinfectOptions    => '',
> -    ScanOptions         => '',
> -    InitParser          => \&InitClamAVParser,
> -    ProcessOutput       => \&ProcessClamAVOutput,
> -    SupportScanning     => $S_SUPPORTED,
> -    SupportDisinfect    => $S_NONE,
> -  },
>    "trend"   => {
>      Name               => 'Trend',
>      Lock                => 'TrendBusy.lock',
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1

wj8DBQFGMg8CEfZZRxQVtlQRAno5AKC/amRvxWFhceCpGbNLqMPKePy0OQCdHz8q
2K11bOpvPNS+ugVlx/F11zw=
=nVcJ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list