Hauri (http://www.globalhauri.com/) is an antivirus South-Korean company. It sells some antivirus products which runs under Linux and Solaris, and it happens that my current employer uses them.
I've tested two of their products: GatewayWall and AdvanceServer. By default, both products are installed in /usr/local/ViRobot. At this directory, it is also installed a command line utility, named 'virobot'.
This utility returns the following values when it checks for virus:
0 - No virus found
1 - Virus found
255 - Suspicious file(s) found OR temporary failure. Yes, I know, it sucks.
This patch adds support for MIMEDefang 2.49 to use 'virobot' to filter virus. It modifies two files: configure.in, which adds the '--disable-hauri' option to configure; and mimedefang.pl.in, including three routines: entity_contains_virus_hauri(), message_contains_virus_hauri(), and interpret_hauri_code(). These routines are based on *_contains_virus_trend() and interpret_trend_code().
Please, CC'd me if you have any comments about this patch, because I'm not subscribed to this list.
Best regards -- __(o< | Nombres/Names: Cristian Othón | [EMAIL PROTECTED] \/|/ | Apellidos/Last Names: Martínez Vera | http://cfuga.net/ /_/_ | | http://linuxppp.com/ | "Pulchrum est paucorum hominum" - Horace
diff -uNr mimedefang-2.49.orig/configure.in mimedefang-2.49/configure.in --- mimedefang-2.49.orig/configure.in 2004-10-29 09:56:52.000000000 -0500 +++ mimedefang-2.49/configure.in 2004-12-02 17:17:03.772481387 -0600 @@ -518,8 +518,9 @@ AC_ARG_ENABLE(nvcc, [ --disable-nvcc Do not include support for Nvcc], ac_cv_nvcc=$enableval, ac_cv_nvcc=yes) AC_ARG_ENABLE(clamd, [ --disable-clamd Do not include support for clamd], ac_cv_clamd=$enableval, ac_cv_clamd=yes) AC_ARG_ENABLE(trophie, [ --disable-trophie Do not include support for Trophie], ac_cv_trophie=$enableval, ac_cv_trophie=yes) +AC_ARG_ENABLE(hauri, [ --disable-hauri Do not include support for Hauri GatewayWall/AdvanceServer], ac_cv_hauri=$enableval, ac_cv_hauri=yes)
-ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin" +ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin:/usr/local/ViRobot"
if test "$ac_cv_antivirus" = "yes"; then
if test "$ac_cv_antivir" = yes; then
@@ -596,6 +597,10 @@
if test "$ac_cv_trophie" = yes; then
AC_PATH_PROG(TROPHIE, trophie, /bin/false, $ANTIVIR_PATH)
fi
+
+ if test "$ac_cv_hauri" = yes; then
+ AC_PATH_PROG(HAURI, virobot, /bin/false, $ANTIVIR_PATH)
+ fi
fitest -z "$HBEDV" && HBEDV=/bin/false @@ -616,6 +621,7 @@ test -z "$NVCC" && NVCC=/bin/false test -z "$CLAMD" && CLAMD=/bin/false test -z "$TROPHIE" && TROPHIE=/bin/false +test -z "$HAURI" && HAURI=/bin/false
if test "$ac_cv_debugging" = yes ; then
ENABLE_DEBUGGING=-DENABLE_DEBUGGING
@@ -956,6 +962,17 @@
GOT_VIRUS_SCANNER=1
fi+ if test "$HAURI" = "/bin/false" ; then + if test "$ac_cv_hauri" != "yes" ; then + echo "HAURI 'hauri' NO (Disabled by configure command)" + else + echo "HAURI 'hauri' NO (not found)" + fi + else + echo "HAURI 'hauri' YES - $HAURI" + GOT_VIRUS_SCANNER=1 + fi + fi
if test "$GOT_VIRUS_SCANNER" = "0" ; then
diff -uNr mimedefang-2.49.orig/mimedefang.pl.in mimedefang-2.49/mimedefang.pl.in
--- mimedefang-2.49.orig/mimedefang.pl.in 2004-11-29 08:27:08.000000000
-0600
+++ mimedefang-2.49/mimedefang.pl.in 2004-12-02 17:07:15.435203225 -0600
@@ -120,6 +120,7 @@
$Features{'Virus:TREND'} = ('@TREND@' ne '/bin/false' ? '@TREND@' : 0);
$Features{'Virus:TROPHIE'} = ('@TROPHIE@' ne '/bin/false' ? '@TROPHIE@' : 0);
$Features{'Virus:CSAV'} = ('@CSAV@' ne '/bin/false' ? '@CSAV@' : 0);
+$Features{'Virus:HAURI'} = ('@HAURI@' ne '/bin/false' ? '@HAURI@' : 0); $Features{'Path:SENDMAIL'} = '@SENDMAILPROG@';
$Features{'Path:QUARANTINEDIR'} = '@QDIR@';
@@ -4641,6 +4642,85 @@
return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
}+#***********************************************************************
+# %PROCEDURE: entity_contains_virus_hauri
+# %ARGUMENTS:
+# entity -- a MIME entity
+# %RETURNS:
+# 1 if entity contains a virus as reported by Hauri virobot
+# %DESCRIPTION:
+# Runs the hauri program on the entity.
+#***********************************************************************
+sub entity_contains_virus_hauri ($) {
+ unless ($Features{'Virus:HAURI'}) {
+ md_syslog('err', "$MsgID: HAURI virobot not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ my($entity) = @_;
+ my($body) = $entity->bodyhandle;
+
+ if (!defined($body)) {
+ return (wantarray ? (0, 'ok', 'ok') : 0);
+ }
+
+ # Get filename
+ my($path) = $body->path;
+ if (!defined($path)) {
+ return (wantarray ? (999, 'swerr', 'tempfail') : 1);
+ }
+
+ # Run virobot
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d $path
2>&1", "Detected ");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_hauri_code($code) : $code);
+}
+
+#***********************************************************************
+# %PROCEDURE: message_contains_virus_hauri
+# %ARGUMENTS:
+# Nothing
+# %RETURNS:
+# 1 if any file in the working directory contains a virus
+# %DESCRIPTION:
+# Runs the Hauri virobot program on the working directory
+#***********************************************************************
+sub message_contains_virus_hauri () {
+ unless ($Features{'Virus:HAURI'}) {
+ md_syslog('err', "$MsgID: HAURI virobot not installed on this system");
+ return (wantarray ? (1, 'not-installed', 'tempfail') : 1);
+ }
+
+ # Run virobot
+ my($code, $category, $action) =
+ run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d ./Work/
2>&1", "Detected ");
+ if ($action ne 'proceed') {
+ return (wantarray ? ($code, $category, $action) : $code);
+ }
+ return (wantarray ? interpret_hauri_code($code) : $code);
+}
+
+sub interpret_hauri_code ($) {
+ my($code) = @_;
+
+ # OK
+ return ($code, 'ok', 'ok') if ($code == 0);
+
+ # virus found
+ if ($code == 1) {
+ $VirusName = $1
+ if ($CurrentVirusScannerMessage =~ m/Detected \[(\S+)\]/);
+ $VirusName = "unknown-Hauri-virus" if $VirusName eq "";
+ return ($code, 'virus', 'quarantine');
+ }
+
+ # Anything else shouldn't happen
+ return ($code, 'swerr', 'tempfail');
+}
+#*********************************************************************** # %PROCEDURE: run_virus_scanner
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
