Disclaimer

trig · Postby **trig** » Fri Jul 28, 2006 4:53 am

do you think its worth me installing the mimedefang rpm instead of the soure tarball?

btisdall · Postby **btisdall** » Fri Jul 28, 2006 4:55 am

trig wrote:Empty...

I also ran it against the startup script in /etc/init.d/.. empty

The only file to contain information about Clam, is the mimedefang.pl file, but that brings out a lot

Well, since the error message in your log references mimdefang.pl that makes a lot of sense, better post that output.

trig · Postby **trig** » Fri Jul 28, 2006 4:58 am

This is going to be a very long post.. I would have installed the RPM but DAG ins't showing an FC4 build.. :(

Code: Select all

       $MessageID $Rebuild $QuarantineCount
       $QuarantineSubdir $QueueID $MsgID
       $RelayAddr $WasResent $RelayHostname
       $RealRelayAddr $RealRelayHostname
       $ReplacementEntity $Sender $ServerMode $Subject $SubjectCount
       $ClamdSock $SophieSock $TrophieSock
       $SuspiciousCharsInHeaders
       $SuspiciousCharsInBody $Helo @ESMTPArgs
       @SenderESMTPArgs %RecipientESMTPArgs
       $TerminateAndDiscard $URL $OpenAVHost $VirusName
       $CurrentVirusScannerMessage @AddedParts
--
$DoStatusTags = 0;

$Features{'Virus:AVP'}      = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:AVP5'}      = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:KAVSCANNER'} = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:CLAMAV'}   = ('/usr/local/bin/clamscan' ne '/bin/false' ? '/usr/local/bin/clamscan' : 0);
$Features{'Virus:CLAMD'}    = ('/usr/local/sbin/clamd' ne '/bin/false' ? '/usr/local/sbin/clamd' : 0);
$Features{'Virus:FPROT'}    = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:FSAV'}     = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:FileScan'} = 0; # Will be set by detect_and_load_perl_modules
$Features{'Virus:HBEDV'}    = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
$Features{'Virus:VEXIRA'}   = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);
--
$OpenAVHost = "127.0.0.1:8127";
$CSSHost    = "127.0.0.1:7777:local";
$FprotdHost = "127.0.0.1:10200";

$SophieSock = "/var/spool/MIMEDefang/sophie";
$ClamdSock  = "/var/spool/MIMEDefang/clamd.sock";
$TrophieSock = "/var/spool/MIMEDefang/trophie";

package MIME::Parser::ParanoidFiler;

use vars qw(@ISA);
--
    # Unknown code
    return ($code, 'swerr', 'tempfail');
}

#***********************************************************************
# %PROCEDURE: entity_contains_virus_clamav
# %ARGUMENTS:
#  entity -- a MIME entity
# %RETURNS:
#  1 if entity contains a virus as reported by clamav
# %DESCRIPTION:
#  Runs the clamav program on the entity.
#***********************************************************************
sub entity_contains_virus_clamav ($) {
    unless ($Features{'Virus:CLAMAV'}) {
   md_syslog('err', "$MsgID: clamav not installed on this system");
   return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
    }

    my($entity) = @_;
    my($body) = $entity->bodyhandle;
--
    my($path) = $body->path;
    if (!defined($path)) {
   return (wantarray ? (999, 'swerr', 'tempfail') : 1);
    }

    # Run clamscan
    my($code, $category, $action) =
   run_virus_scanner($Features{'Virus:CLAMAV'} . " --mbox --stdout --disable-summary --infected $path 2>&1");
    if ($action ne 'proceed') {
   return (wantarray ? ($code, $category, $action) : $code);
    }
    return (wantarray ? interpret_clamav_code($code) : $code);
}

#***********************************************************************
# %PROCEDURE: message_contains_virus_clamav
# %ARGUMENTS:
#  Nothing
# %RETURNS:
#  1 if any file in the working directory contains a virus
# %DESCRIPTION:
#  Runs the clamscan program on the working directory
#***********************************************************************
sub message_contains_virus_clamav () {
    unless ($Features{'Virus:CLAMAV'}) {
   md_syslog('err', "$MsgID: clamav not installed on this system");
   return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
    }

    # Run clamscan
    my($code, $category, $action) =
   run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --mbox --stdout --disable-summary --infected ./Work 2>&1");
    if ($action ne 'proceed') {
   return (wantarray ? ($code, $category, $action) : $code);
    }
    return (wantarray ? interpret_clamav_code($code) : $code);
}

sub interpret_clamav_code ($) {
    my($code) = @_;
    # From info obtained from:
    # clamscan(1)

    # OK
    return ($code, 'ok', 'ok') if ($code == 0);

    # virus found
    if ($code == 1) {
   $VirusName = $1 if ($CurrentVirusScannerMessage =~ m/: (.+) FOUND/);
   $VirusName = "unknown-Clamav-virus" if $VirusName eq "";
   return ($code, 'virus', 'quarantine');
    }

    # other codes
    return ($code, 'swerr', 'tempfail');
--
    md_syslog('err', "$MsgID: Could not connect to Sophie Daemon at $sophie_sock");
    return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
}

#***********************************************************************
# %PROCEDURE: entity_contains_virus_clamd
# %ARGUMENTS:
#  entity -- a MIME entity
#  clamd_sock (optional) -- clamd socket path
# %RETURNS:
#  1 if entity contains a virus as reported by clamd
# %DESCRIPTION:
#  Invokes the clamd daemon (http://www.clamav.net/)
#  on the entity.
#***********************************************************************
sub entity_contains_virus_clamd ($;$) {
    my ($entity) = shift;
    my ($clamd_sock) = $ClamdSock;
    $clamd_sock = shift if (@_ > 0);
    $clamd_sock = "/var/spool/MIMEDefang/clamd.sock" if (!defined($clamd_sock));
    if (!defined($entity->bodyhandle)) {
   return (wantarray ? (0, 'ok', 'ok') : 0);
    }
    if (!defined($entity->bodyhandle->path)) {
   return (wantarray ? (999, 'swerr', 'tempfail') : 1);
    }
    my $sock = IO::Socket::UNIX->new(Peer => $clamd_sock);
    if (defined $sock) {
   my $path = $entity->bodyhandle->path;
   # If path is not absolute, add cwd
   if (! ($path =~ m+^/+)) {
       $path = $CWD . "/" . $path;
--
   $sock->close;
   if (!defined($ans) || !$ans) {
       return (wantarray ? (999, 'swerr', 'tempfail') : 1);
   }
   if ($output =~ /: (.+) FOUND/) {
       $VirusScannerMessages .= "clamd found the $1 virus.\n";
       $VirusName = $1;
       return (wantarray ? (1, 'virus', 'quarantine') : 1);
   } elsif ($output =~ /: (.+) ERROR/) {
       my $err_detail = $1;
       md_syslog('err', "$MsgID: Clamd returned error: $err_detail");
       # If it's a zip module failure, try falling back on clamscan.
       # This is despicable, but it might work
       if ($err_detail =~ /zip module failure/i &&
      $Features{'Virus:CLAMAV'}) {
      my ($code, $category, $action) =
      run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --unzip --mbox --stdout --disable-summary --infected $CWD/Work 2>&1");
      if ($action ne 'proceed') {
         return (wantarray ? ($code, $category, $action) : $code);
      }
      md_syslog('info', "$MsgID: Falling back on clamscan --unzip because of Zip module failure in clamd");
      return (wantarray ? interpret_clamav_code($code) : $code);
       }
       return (wantarray ? (999, 'swerr', 'tempfail') : 1);
   }
   return (wantarray ? (0, 'ok', 'ok') : 0);
    }
    # Could not connect to daemon
    md_syslog('err', "$MsgID: Could not connect to clamd Daemon at $clamd_sock");
    return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
}

#***********************************************************************
# %PROCEDURE: message_contains_virus_clamd
# %ARGUMENTS:
#  clamd_sock (optional) -- clamd socket path
# %RETURNS:
#  1 if any file in the working directory contains a virus
# %DESCRIPTION:
#  Invokes the clamd daemon (http://www.clamav.net/)
#  on the entire message.
#***********************************************************************
sub message_contains_virus_clamd (;$) {
    my ($clamd_sock) = $ClamdSock;
    $clamd_sock = shift if (@_ > 0);
    $clamd_sock = "/var/spool/MIMEDefang/clamd.sock" if (!defined($clamd_sock));
    my ($output,$sock);

    # PING/PONG test to make sure clamd is alive
    $sock = IO::Socket::UNIX->new(Peer => $clamd_sock);

    if (!defined($sock)) {
   md_syslog('err', "$MsgID: Could not connect to clamd daemon at $clamd_sock");
   return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
    }

    my $s = IO::Select->new();
    $s->add($sock);
    if (!$s->can_write(30)) {
   $sock->close;
   md_syslog('err', "$MsgID: Timeout writing to clamd daemon at $clamd_sock");
   return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
    }

    $sock->print("PING");
    $sock->flush;

    if (!$s->can_read(60)) {
   $sock->close;
   md_syslog('err', "$MsgID: Timeout reading from clamd daemon at $clamd_sock");
   return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
    }

    # Free up memory used by IO::Select object
    undef $s;

    $sock->sysread($output,256);
    $sock->close;
    chomp($output);
    if (! defined($output) || $output ne "PONG") {
   md_syslog('err', "$MsgID: clamd is not responding");
   return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
    }

    # open up a socket and scan each file in ./Work
    $sock = IO::Socket::UNIX->new(Peer => $clamd_sock);
    if (defined $sock) {
   if (!$sock->print("SCAN $CWD/Work\n")) {
       $sock->close;
       return (wantarray ? (999, 'swerr', 'tempfail') : 999);
   }
--
   $sock->close;
   if (!defined($ans) || !$ans) {
       return (wantarray ? (999, 'swerr', 'tempfail') : 999);
   }
   if ($output =~ /: (.+) FOUND/) {
       $VirusScannerMessages .= "clamd found the $1 virus.\n";
       $VirusName = $1;
       return (wantarray ? (1, 'virus', 'quarantine') : 1);
   } elsif ($output =~ /: (.+) ERROR/) {
       my $err_detail = $1;
       md_syslog('err', "$MsgID: Clamd returned error: $err_detail");
       # If it's a zip module failure, try falling back on clamscan.
       # This is despicable, but it might work
       if ($err_detail =~ /zip module failure/i &&
      $Features{'Virus:CLAMAV'}) {
      my ($code, $category, $action) =
          run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --unzip --mbox --stdout --disable-summary --infected $CWD/Work 2>&1");
      if ($action ne 'proceed') {
         return (wantarray ? ($code, $category, $action) : $code);
      }
      md_syslog('info', "$MsgID: Falling back on clamscan --unzip because of Zip module failure in clamd");
      return (wantarray ? interpret_clamav_code($code) : $code);
       }
       return (wantarray ? (999, 'swerr', 'tempfail') : 999);
   }
    }
    else {
   # Could not connect to daemon
   md_syslog('err', "$MsgID: Could not connect to clamd daemon at $clamd_sock");
   return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
    }
    # No errors, no infected files were found
    return (wantarray ? (0, 'ok', 'ok') : 0);
}
--
   push @VirusScannerMessageRoutines, \&message_contains_virus_filescan;
   push @VirusScannerEntityRoutines, \&entity_contains_virus_filescan;
    }

    # Then the Daemonized scanners
    if ($Features{'Virus:CLAMD'}) {
   push @VirusScannerMessageRoutines, \&message_contains_virus_clamd;
   push @VirusScannerEntityRoutines, \&entity_contains_virus_clamd;
    }

    if ($Features{'Virus:SOPHIE'}) {
   push @VirusScannerMessageRoutines, \&message_contains_virus_sophie;
   push @VirusScannerEntityRoutines, \&entity_contains_virus_sophie;
--
   push @VirusScannerMessageRoutines, \&message_contains_virus_openantivirus;
   push @VirusScannerEntityRoutines, \&entity_contains_virus_openantivirus;
    }

    # Finally the command-line scanners
    if ($Features{'Virus:CLAMAV'} && ! $Features{'Virus:CLAMD'}) {
   push @VirusScannerMessageRoutines, \&message_contains_virus_clamav;
   push @VirusScannerEntityRoutines, \&entity_contains_virus_clamav;
    }

    if ($Features{'Virus:AVP'}) {
   push @VirusScannerMessageRoutines, \&message_contains_virus_avp;
   push @VirusScannerEntityRoutines, \&entity_contains_virus_avp;

trig · Postby **trig** » Fri Jul 28, 2006 5:01 am

I think I found it.. clamav is installed but not configured.. removing it now

trig · Postby **trig** » Fri Jul 28, 2006 6:20 am

weeeeeeeeeeeeeeee. it works..

thank you so much

I'll write this up if thats ok with you and put it in the wiki and credit you obviously

btisdall · Postby **btisdall** » Fri Jul 28, 2006 6:46 am

trig wrote:weeeeeeeeeeeeeeee. it works..

thank you so much

I'll write this up if thats ok with you and put it in the wiki and credit you obviously

Of course, that's great.

Some more info I acquired since your previous post:

Although the FC3 package runs happily on FC5 & so will almost certainly do so on FC4, the dries repo actually has an FC4 package:

http://mirrors.ircam.fr/pub/dag/dries/p ... /fc4-i386/

Although of course building from source has its advantages.

Re. your clamd error message, you can get mimedefang to ignore an installed AV executable/daemon by editing the '$Features' line in /usr/bin/mimedefang.pl

For example to ignore clamd find the the following line in /usr/bin/mimedefang.pl:

Code: Select all

$Features{'Virus:CLAMD'} = ('/usr/local/sbin/clamd' ne '/bin/false' ? '/usr/local/sbin/clamd' : 0);

Replace it with:

Code: Select all

$Features{'Virus:CLAMD'} = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);

(Doing the reverse of the above duplicated your error on my system).

Alternatively if you're building from source you can do so without AV support by doing:

./configure --without-antivirus

btisdall · Postby **btisdall** » Fri Jul 28, 2006 6:46 am

trig wrote:weeeeeeeeeeeeeeee. it works..

thank you so much

I'll write this up if thats ok with you and put it in the wiki and credit you obviously

No problem & of course, that's great.

Some more info I acquired since your previous post:

Although the FC3 package runs happily on FC5 & so will almost certainly do so on FC4, the dries repo actually has an FC4 package:

http://mirrors.ircam.fr/pub/dag/dries/p ... /fc4-i386/

Although of course building from source has its advantages.

Re. your clamd error message, you can get mimedefang to ignore an installed AV executable/daemon by editing the '$Features' line in /usr/bin/mimedefang.pl

For example to ignore clamd find the the following line in /usr/bin/mimedefang.pl:

Code: Select all

$Features{'Virus:CLAMD'} = ('/usr/local/sbin/clamd' ne '/bin/false' ? '/usr/local/sbin/clamd' : 0);

Replace it with:

Code: Select all

$Features{'Virus:CLAMD'} = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0);

(Doing the reverse of the above duplicated your error on my system).

Alternatively if you're building from source you can do so without AV support by doing:

./configure --without-antivirus

trig · Postby **trig** » Fri Jul 28, 2006 6:57 am

mate, your a star!

rlshepard · Postby **rlshepard** » Sat Mar 28, 2009 12:56 pm

Hi,

I know this is an old thread... but I feel this is the right place to ask this.

The steps described to add the disclaimer work... but does any one have any suggestions on how to tweek this so it only adds the footer to outgoing messages?

I know it's SMP (simple matter of programming) but a programmer I'm not....

Thanks
Ralph

rlshepard · Postby **rlshepard** » Sat Mar 28, 2009 1:18 pm

rlshepard wrote:Hi,

I know this is an old thread... but I feel this is the right place to ask this.

The steps described to add the disclaimer work... but does any one have any suggestions on how to tweek this so it only adds the footer to outgoing messages?

I know it's SMP (simple matter of programming) but a programmer I'm not....

Thanks
Ralph

I just found it my self and now I'm embarrassed that I even asked... :oops:

Scalix Forums

Disclaimer

Only outgoing messages?

Re: Only outgoing messages?

Who is online