anomy-list

Re: clamav (was: Re: more sanitizer questions)

From: Paolo (129300@xyz.molar.is)
Date: Wed 16 Jun 2004 - 07:18:46 GMT

  • Next message: Paolo: "Re: clamav (was: Re: more sanitizer questions)"

    On Tue, Jun 15, 2004 at 05:55:35PM +0200, Luis Miguel wrote:
    ...
    > Anyone is using the patch to show the virusname with sanitizer? (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=235352), I have patched Sanitizer.pm and created a wrapper for my antivirus (clamav), but dont know how to pass the virus name from the wrapper to sanitizer.

    don't know where Peter's scripts are - have checked archive list but could
    not find any - perhaps his stuff may be more complete.
    Anyway, here's mine - very rough, I'm not interested in doing anything fancy
    with suspect email.
    One note reg. clamav, it may be tricky to run clam[d]scan from anomy script
    as in some distro (eg Debian) clam*scan runs as user clamav, hence is unable
    to read anomy's tempfiles that should be mode 600 - that's why I'm feeding
    clamdscan from stdin.

    8<---[.sanitizer.cfg]-----
    ...
    msg_file_drop += X-Anomy|Eventuale codice maligno rilevato: %VIRUSNAME.\n
    ...
    file_list_3 = (?i)\.(doc|dot|xls|xlw|sxi|sdc|sdw|sxw
    file_list_3 += |zip
    file_list_3 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)$
    file_list_3_policy = unknown:drop:drop:drop
    file_list_3_scanner = 0:1:2:/usr/share/sanitizer/filters/filtro_av.sh %FILENAME
    ...
    8<---[/.sanitizer.cfg]----

    8<---[/usr/share/sanitizer/filters/filtro_av.sh]-----
    #!/bin/sh
    # need anomy with VIRUSNAME patch
    #exit 0
    VN=
    [ -x /usr/bin/clamdscan ] && {
      AVR=`cat $1 | /usr/bin/clamdscan - 2>&1`
      R=$?
      VN=`echo $AVR | grep ": .* FOUND" | sed "s/.*: \([^ ]*\) FOUND.*/\1/"`
      # something went bad
      [ "$VN" ] || [ $R = 0 ] || \
        echo -e "$0:\nR=$R\nAVR=$AVR" | mail -s"clamdscan, errore: $R" root
    }
    [ "$VN" ] && {
      echo Anomy-FileScan-VirusName: $VN
      exit 1
    }
    exit 0
    8<---[//usr/share/sanitizer/filters/filtro_av.sh]----

    e.g.:

    echo "blah blah" | mutt -a eicarsignature.sxw -stest-clamav paolo
    ...
    [-- Allegato #1 --]
    [-- Tipo: text/plain, Codifica: 7bit, Dimensioni: 0,1K --]

    blah blah
    [-- Allegato #2 --]
    [-- Tipo: text/plain, Codifica: 8bit, Dimensioni: 0,4K --]

    X-Anomy|*****
    ...
    X-Anomy|Eventuale codice maligno rilevato: Eicar-Test-Signature.
                                               ^^^^^^^^^^^^^^^^^^^^
    ...
    X-Anomy|*****

    -- 
     paolo
     
     GPG/PGP id:0x21426690 kfp:EDFB 0103 A8D8 4180 8AB5  D59E 9771 0F28 2142 6690
    



    hosted by molar.is