> Just a few comments on this since I tried looking into nod32 just a few > days ago: > > Looking at the website, I'd expect version 2.51 to be most current, not > 1.0.4? On the other hand, trial versions for linux don't seem to be > freely available any longer. > > The manual for 2.5 does list a feature that would make nod32 interesting > for use in scanning email: there's now a scanner daemon and commandline > client for the daemon (/usr/sbin/nod32d, /usr/bin/nod32cli).
I wrote a different patch for NOD32 based on the documentation at http://u4.eset.com/manuals/guide_nod32ls.pdf This patches uses nod32cli to do the scanning and uses different command-line arguments and return code parsing from the previously posted patch. Feedback is welcome. -- Matt
diff -ur ../mimedefang-2.55.orig/README ./README --- ../mimedefang-2.55.orig/README 2005-02-08 11:04:22.000000000 -0500 +++ ./README 2006-01-24 17:13:18.094103000 -0500 @@ -239,6 +239,7 @@ --disable-fprot Do not include support for F-prot Anti-Virus --disable-sophie Do not include support for Sophie --disable-nvcc Do not include support for Nvcc + --disable-nod32 Do not include support for ESET NOD32 5) Add the following line to your Sendmail "m4" configuration file. (You DO use the m4 configuration method, right?) diff -ur ../mimedefang-2.55.orig/configure.in ./configure.in --- ../mimedefang-2.55.orig/configure.in 2006-01-18 13:54:02.000000000 -0500 +++ ./configure.in 2006-01-24 17:16:21.559921000 -0500 @@ -509,6 +509,7 @@ AC_ARG_ENABLE(nvcc, [ --disable-nvcc Do not include support for Nvcc], ac_cv_nvcc=$enableval, ac_cv_nvcc=yes) AC_ARG_ENABLE(clamd, [ --disable-clamd Do not include support for clamd], ac_cv_clamd=$enableval, ac_cv_clamd=yes) AC_ARG_ENABLE(trophie, [ --disable-trophie Do not include support for Trophie], ac_cv_trophie=$enableval, ac_cv_trophie=yes) +AC_ARG_ENABLE(nod32, [ --disable-nod32 Do not include support for Eset NOD32], ac_cv_nod32=$enableval, ac_cv_nod32=yes) ANTIVIR_PATH="$PATH:/usr/lib/AntiVir:/usr/local/uvscan:/opt/AVP:/etc/iscan:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bd7:/usr/local/bd7/bin:/opt/kav/bin:/opt/kav/5.5/kav4unix/bin/" @@ -587,6 +588,10 @@ if test "$ac_cv_trophie" = yes; then AC_PATH_PROG(TROPHIE, trophie, /bin/false, $ANTIVIR_PATH) fi + + if test "$ac_cv_nod32" = yes; then + AC_PATH_PROG(NOD32, nod32cli, /bin/false, $ANTIVIR_PATH) + fi fi test -z "$HBEDV" && HBEDV=/bin/false @@ -607,6 +612,7 @@ test -z "$NVCC" && NVCC=/bin/false test -z "$CLAMD" && CLAMD=/bin/false test -z "$TROPHIE" && TROPHIE=/bin/false +test -z "$NOD32" && NOD32=/bin/false if test "$ac_cv_debugging" = yes ; then ENABLE_DEBUGGING=-DENABLE_DEBUGGING @@ -987,6 +993,17 @@ GOT_VIRUS_SCANNER=1 fi + if test "$NOD32" = "/bin/false" ; then + if test "$ac_cv_nod32" != "yes" ; then + echo "NOD32 'nod32cli' NO (Disabled by configure command)" + else + echo "NOD32 'nod32cli' NO (not found)" + fi + else + echo "NOD32 'nod32cli' YES - $NOD32" + GOT_VIRUS_SCANNER=1 + fi + fi if test "$GOT_VIRUS_SCANNER" = "0" ; then diff -ur ../mimedefang-2.55.orig/mimedefang-filter.5.in ./mimedefang-filter.5.in --- ../mimedefang-2.55.orig/mimedefang-filter.5.in 2006-01-17 18:14:41.000000000 -0500 +++ ./mimedefang-filter.5.in 2006-01-24 17:11:49.302178000 -0500 @@ -784,6 +784,9 @@ $Features{"Virus:TROPHIE"} is the full path to Trophie if it is installed; 0 if it is not. +$Features{"Virus:NOD32"} is the full path to ESET NOD32 if it is installed; +0 if it is not. + \fBNOTE:\fR Perl-module based features (SpamAssassin, HTMLCleaner and Virus:FileScan) are determined at runtime and may change as these are added and removed. Most Virus features are predetermined at the time of @@ -1843,6 +1846,8 @@ .B message_contains_virus_fprot() .TP .B message_contains_virus_fprotd() +.TP +.B message_contains_virus_nod32() These functions should be called in \fBlist context\fR. They use the indicated anti-virus software to scan the message for viruses. These @@ -1880,6 +1885,9 @@ .TP .B f-prot F-RISK F-PROT - http://www.f-prot.com/ +.TP +.B nod32 +ESET "NOD" - http://www.eset.com/ .TP .B message_contains_virus_openantivirus([$host]) @@ -2374,6 +2382,10 @@ Trophie (http://www.vanja.com/tools/trophie/), which uses the libvsapi library from Trend Micro, is supported in daemon-scanning mode. +.TP +.B o +NOD32 (http://www.eset.com/) + .SH AUTHORS \fBmimedefang\fR was written by David F. Skoll <[EMAIL PROTECTED]>. The \fBmimedefang\fR home page is \fIhttp://www.mimedefang.org/\fR. diff -ur ../mimedefang-2.55.orig/mimedefang.pl.in ./mimedefang.pl.in --- ../mimedefang-2.55.orig/mimedefang.pl.in 2006-01-18 13:54:02.000000000 -0500 +++ ./mimedefang.pl.in 2006-01-24 17:04:20.209126000 -0500 @@ -147,6 +147,7 @@ $Features{'Virus:TREND'} = ('@TREND@' ne '/bin/false' ? '@TREND@' : 0); $Features{'Virus:TROPHIE'} = ('@TROPHIE@' ne '/bin/false' ? '@TROPHIE@' : 0); $Features{'Virus:CSAV'} = ('@CSAV@' ne '/bin/false' ? '@CSAV@' : 0); +$Features{'Virus:NOD32'} = ('@NOD32@' ne '/bin/false' ? '@NOD32@' : 0); $Features{'Path:SENDMAIL'} = '@SENDMAILPROG@'; $Features{'Path:QUARANTINEDIR'} = '@QDIR@'; @@ -4809,6 +4810,83 @@ return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999); } +#*********************************************************************** +# %PROCEDURE: entity_contains_virus_nod32 +# %ARGUMENTS: +# entity -- a MIME entity +# %RETURNS: +# 1 if entity contains a virus as reported by NOD32; 0 otherwise. +# %DESCRIPTION: +# Runs the NOD32 program on the entity. (http://www.eset.com) +#*********************************************************************** +sub entity_contains_virus_nod32 ($) { + + unless($Features{'Virus:NOD32'}) { + md_syslog('err', "$MsgID: NOD32 not installed on this system"); + return (wantarray ? (1, 'not-installed', 'tempfail') : 1); + } + + my($entity) = @_; + my($body) = $entity->bodyhandle; + if (!defined($body)) { + return (wantarray ? (0, 'ok', 'ok') : 0); + } + + # Get filename + my($path) = $body->path; + if (!defined($path)) { + return (wantarray ? (999, 'swerr', 'tempfail') : 1); + } + + # Run NOD32 + my($code, $category, $action) = + run_virus_scanner($Features{'Virus:NOD32'} . " --subdir $path 2>&1", "virus=\"([^\"]+)\""); + if ($action ne 'proceed') { + return (wantarray ? ($code, $category, $action) : $code); + } + return (wantarray ? interpret_nod32_code($code) : $code); +} + +#*********************************************************************** +# %PROCEDURE: message_contains_virus_nod32 +# %ARGUMENTS: +# Nothing +# %RETURNS: +# 1 if any file in the working directory contains a virus +# %DESCRIPTION: +# Runs the NOD32 program on the working directory +#*********************************************************************** +sub message_contains_virus_nod32 () { + + unless($Features{'Virus:NOD32'}) { + md_syslog('err', "$MsgID: NOD32 not installed on this system"); + return (wantarray ? (1, 'not-installed', 'tempfail') : 1); + } + + # Run nod32 + my($code, $category, $action) = + run_virus_scanner($Features{'Virus:NOD32'} . " --subdir ./Work 2>&1", "virus=\"([^\"]+)\""); + return (wantarray ? interpret_nod32_code($code) : $code); +} + +sub interpret_nod32_code ($) { + # http://u4.eset.com/manuals/guide_nod32ls.pdf + my($code) = @_; + + # OK + return ($code, 'ok', 'ok') if ($code == 0); + + # Virus + if ($code == 1 or $code == 2) { + $VirusName = $1 if ($CurrentVirusScannerMessage =~ m/virus=\"([^\"]+)\"/); + $VirusName = "unknown-NOD32-virus" if $VirusName eq ""; + return ($code, 'virus', 'quarantine'); + } + + # All other codes should not happen + return ($code, 'swerr', 'tempfail'); +} + #*********************************************************************** # %PROCEDURE: run_virus_scanner @@ -7202,6 +7280,11 @@ push @VirusScannerEntityRoutines, \&entity_contains_virus_trend; } + if ($Features{'Virus:NOD32'}) { + push @VirusScannerMessageRoutines, \&message_contains_virus_nod32; + push @VirusScannerEntityRoutines, \&entity_contains_virus_nod32; + } + } #***********************************************************************
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang