Hauri (http://www.globalhauri.com/) is an antivirus South-Korean company. It sells some antivirus products which runs under Linux and Solaris, and it happens that my current employer uses them.
I've tested two of their products: GatewayWall and AdvanceServer. By default, both products are installed in /usr/local/ViRobot. At this directory, it is also installed a command line utility, named 'virobot'.
This utility returns the following values when it checks for virus:
0 - No virus found
1 - Virus found
255 - Suspicious file(s) found OR temporary failure. Yes, I know, it sucks.
This patch adds support for MIMEDefang 2.49 to use 'virobot' to filter virus. It modifies two files: configure.in, which adds the '--disable-hauri' option to configure; and mimedefang.pl.in, including three routines: entity_contains_virus_hauri(), message_contains_virus_hauri(), and interpret_hauri_code(). These routines are based on *_contains_virus_trend() and interpret_trend_code().
Please, CC'd me if you have any comments about this patch, because I'm not subscribed to this list.
Best regards -- __(o< | Nombres/Names: Cristian Othón | [EMAIL PROTECTED] \/|/ | Apellidos/Last Names: Martínez Vera | http://cfuga.net/ /_/_ | | http://linuxppp.com/ | "Pulchrum est paucorum hominum" - Horace
diff -uNr mimedefang-2.49.orig/configure.in mimedefang-2.49/configure.in --- mimedefang-2.49.orig/configure.in 2004-10-29 09:56:52.000000000 -0500 +++ mimedefang-2.49/configure.in 2004-12-02 17:17:03.772481387 -0600 @@ -518,8 +518,9 @@ AC_ARG_ENABLE(nvcc, [ --disable-nvcc Do not include support for Nvcc], ac_cv_nvcc=$enableval, ac_cv_nvcc=yes) AC_ARG_ENABLE(clamd, [ --disable-clamd Do not include support for clamd], ac_cv_clamd=$enableval, ac_cv_clamd=yes) AC_ARG_ENABLE(trophie, [ --disable-trophie Do not include support for Trophie], ac_cv_trophie=$enableval, ac_cv_trophie=yes) +AC_ARG_ENABLE(hauri, [ --disable-hauri Do not include support for Hauri GatewayWall/AdvanceServer], ac_cv_hauri=$enableval, ac_cv_hauri=yes)
-ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin" +ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/lib/Vexira:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin:/usr/local/ViRobot"
if test "$ac_cv_antivirus" = "yes"; then if test "$ac_cv_antivir" = yes; then @@ -596,6 +597,10 @@ if test "$ac_cv_trophie" = yes; then AC_PATH_PROG(TROPHIE, trophie, /bin/false, $ANTIVIR_PATH) fi + + if test "$ac_cv_hauri" = yes; then + AC_PATH_PROG(HAURI, virobot, /bin/false, $ANTIVIR_PATH) + fi fi
test -z "$HBEDV" && HBEDV=/bin/false @@ -616,6 +621,7 @@ test -z "$NVCC" && NVCC=/bin/false test -z "$CLAMD" && CLAMD=/bin/false test -z "$TROPHIE" && TROPHIE=/bin/false +test -z "$HAURI" && HAURI=/bin/false
if test "$ac_cv_debugging" = yes ; then ENABLE_DEBUGGING=-DENABLE_DEBUGGING @@ -956,6 +962,17 @@ GOT_VIRUS_SCANNER=1 fi
+ if test "$HAURI" = "/bin/false" ; then + if test "$ac_cv_hauri" != "yes" ; then + echo "HAURI 'hauri' NO (Disabled by configure command)" + else + echo "HAURI 'hauri' NO (not found)" + fi + else + echo "HAURI 'hauri' YES - $HAURI" + GOT_VIRUS_SCANNER=1 + fi + fi
if test "$GOT_VIRUS_SCANNER" = "0" ; then diff -uNr mimedefang-2.49.orig/mimedefang.pl.in mimedefang-2.49/mimedefang.pl.in --- mimedefang-2.49.orig/mimedefang.pl.in 2004-11-29 08:27:08.000000000 -0600 +++ mimedefang-2.49/mimedefang.pl.in 2004-12-02 17:07:15.435203225 -0600 @@ -120,6 +120,7 @@ $Features{'Virus:TREND'} = ('@TREND@' ne '/bin/false' ? '@TREND@' : 0); $Features{'Virus:TROPHIE'} = ('@TROPHIE@' ne '/bin/false' ? '@TROPHIE@' : 0); $Features{'Virus:CSAV'} = ('@CSAV@' ne '/bin/false' ? '@CSAV@' : 0); +$Features{'Virus:HAURI'} = ('@HAURI@' ne '/bin/false' ? '@HAURI@' : 0);
$Features{'Path:SENDMAIL'} = '@SENDMAILPROG@'; $Features{'Path:QUARANTINEDIR'} = '@QDIR@'; @@ -4641,6 +4642,85 @@ return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999); }
+#*********************************************************************** +# %PROCEDURE: entity_contains_virus_hauri +# %ARGUMENTS: +# entity -- a MIME entity +# %RETURNS: +# 1 if entity contains a virus as reported by Hauri virobot +# %DESCRIPTION: +# Runs the hauri program on the entity. +#*********************************************************************** +sub entity_contains_virus_hauri ($) { + unless ($Features{'Virus:HAURI'}) { + md_syslog('err', "$MsgID: HAURI virobot not installed on this system"); + return (wantarray ? (1, 'not-installed', 'tempfail') : 1); + } + + my($entity) = @_; + my($body) = $entity->bodyhandle; + + if (!defined($body)) { + return (wantarray ? (0, 'ok', 'ok') : 0); + } + + # Get filename + my($path) = $body->path; + if (!defined($path)) { + return (wantarray ? (999, 'swerr', 'tempfail') : 1); + } + + # Run virobot + my($code, $category, $action) = + run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d $path 2>&1", "Detected "); + if ($action ne 'proceed') { + return (wantarray ? ($code, $category, $action) : $code); + } + return (wantarray ? interpret_hauri_code($code) : $code); +} + +#*********************************************************************** +# %PROCEDURE: message_contains_virus_hauri +# %ARGUMENTS: +# Nothing +# %RETURNS: +# 1 if any file in the working directory contains a virus +# %DESCRIPTION: +# Runs the Hauri virobot program on the working directory +#*********************************************************************** +sub message_contains_virus_hauri () { + unless ($Features{'Virus:HAURI'}) { + md_syslog('err', "$MsgID: HAURI virobot not installed on this system"); + return (wantarray ? (1, 'not-installed', 'tempfail') : 1); + } + + # Run virobot + my($code, $category, $action) = + run_virus_scanner($Features{'Virus:HAURI'} . " --archive --recovery -d ./Work/ 2>&1", "Detected "); + if ($action ne 'proceed') { + return (wantarray ? ($code, $category, $action) : $code); + } + return (wantarray ? interpret_hauri_code($code) : $code); +} + +sub interpret_hauri_code ($) { + my($code) = @_; + + # OK + return ($code, 'ok', 'ok') if ($code == 0); + + # virus found + if ($code == 1) { + $VirusName = $1 + if ($CurrentVirusScannerMessage =~ m/Detected \[(\S+)\]/); + $VirusName = "unknown-Hauri-virus" if $VirusName eq ""; + return ($code, 'virus', 'quarantine'); + } + + # Anything else shouldn't happen + return ($code, 'swerr', 'tempfail'); +} +
#*********************************************************************** # %PROCEDURE: run_virus_scanner
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang