> -----Original Message-----
> From: Arno Slatius [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 29, 2003 3:21 AM
> To: [EMAIL PROTECTED]
> Subject: [Qmail-scanner-general]F-prot daemon scanner
>
>
> Hi,
>
> I'm using the qmail scanner with f-prot. The full version of
> f-prot comes with a deamon for the scanning of files. Qmail
> scanner uses the command line f-prot program for scanning the
> email. Has anyone ever tried to get qmailscanner to use the
> daemon? Google couldn't tell me. It could result in a faster
> scan of the email.
>
another bad thing i dont like about the daemon is that it can only scan
a single file. you cannot pass it a directory to scan recursively. so,
what you end up having to do, is let QS unpack (reformime/unzip) the
email into it's working dir, and then call fprotc for each file in that
directory.
i made a fprotc client in perl with all the available options of a
f-prot CLS..... it should be fully exit code complient to the man
f-protd because it pulls the XML data for exit code. It will take 2
additional arguements that the f-prot CLS does not, those being --xml
and -formatted. If you use -xml, it will return the same data that the
f-protd returns. If you use -formatted, it will strip the necessary XML
information out and return it to you nicely formatted so you can regex
it if needed. Or, if all you care about is the exit code ( as
described in man f-prod ), you can use -silent and then do your thing
based on the exit code.
Realize, this is just proof of concept... it is "absolutely no faster"
than scanning using the the f-prot CLS due to the fact that
1) it's perl
2) fprot client/daemon can only scan 1 file at a time.
You would have to invoke this scanner 2,3 or more times for each email,
depending on how many MIME parts reformime split it, not to mention if
you wanted to scan inside a zip file...ugh!
#!/usr/bin/perl
#
# by dallase at nmgi dot com
# use it and abuse it
#
use IO::Socket::INET;
use XML::Simple;
use Getopt::Long;
my ($file);
my $ARGS = "";
my $EOL = "\015\012";
my $BLANK = $EOL x 2;
# get fprot specific options
GetOptions (\%h, 'ai', 'append', 'archive', 'auto',
'collect', 'delete',
'disinf','dumb','ext','follow','help','list','nobreak',
'noheur','nosub','old','onlyheur','packed','page','rename',
'report','type','verno','virlist','virno','wrap',
'nomacro','onlymacro','removeall','removenew','saferemove','silent','for
matted','xml');
$file = shift (@ARGV);
if (defined $h{help}) {
&print_help();
exit;
}
if (!defined $file) {
print "usage: $0 [options] <path to file>\n";
print "for help, run $0 -h\n";
exit;
}
foreach my $key ( sort keys %h ) {
if (($key ne "formatted") && ($key ne "xml")) {
$ARGS .= "-" . $key . "%20";
}
}
my $startport = 10200;
my $count = 0;
my $remote;
while ((!defined $remote) && ($count < 4)) {
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "localhost",
PeerPort => $startport,
);
if (!defined $remote) {
$startport++;
$count++;
}
}
if (!defined $remote) {
if (!defined $h{'silent'}) {
print "Unable to connect to f-protd daemon. Make sure it is
started.\n";
}
exit(1); # not scanned due to I/O error
}
print $remote "GET $file?$ARGS HTTP/1.0" . $BLANK;
my $end_of_header=0;
my $data = "";
while ( <$remote> ) {
if ($end_of_header) { $data .= $_; }
if ($_ =~ m/^\r/) { $end_of_header = 1; }
}
close($remote);
my $config = XMLin("$data",forcearray => [ 'filename' ] );
if ($h{'xml'}) {
print "$data\n";
}
if ($h{'formatted'}) {
while (@{ $config->{'filename'} }) {
print "file=". shift(@{ $config->{'filename'} }) . "\n";
}
print "status=$config->{'summary'}->{'content'}\n" if (defined
$config->{'summary'}->{'content'});
print "code=$config->{'summary'}->{'code'}\n" if (defined
$config->{'summary'}->{'code'});
print "accuracy=$config->{'detected'}->{'accuracy'}\n" if (defined
$config->{'detected'}->{'accuracy'});
print "virus=$config->{'detected'}->{'name'}\n" if (defined
$config->{'detected'}->{'name'});
print "type=$config->{'detected'}->{'type'}\n" if (defined
$config->{'detected'}->{'type'});
print "type=$config->{'detected'}->{'disinfectable'}\n" if (defined
$config->{'detected'}->{'disinfectable'});
print "engine=$config->{'engine'}\n" if (defined $config->{'engine'});
}
if ($h{'silent'}) {
# dont print anything...
}
exit( $config->{'summary'}->{'code'} );
# -------------------------- #
sub print_help {
print <<EOF;
Usage: f-protc [options] <file>
F-Protc Options:
-ai Enable neural-network virus detection.
-append Append to existing report file.
-archive Scan inside .ZIP and .ARJ files.
-auto Automatic virus removal.
-collect Scan a virus collection.
-delete Delete infected files.
-disinf Disinfect whenever possible.
-dumb Do a "dumb" scan of all files.
-ext Scan only files with default extensions.
-follow Follow symbolic links.
-help Display this list.
-list List all files checked.
-nobreak Do not abort scan if ESC is pressed.
-noheur Disable heuristics.
-nosub Do not scan subdirectories.
-old Do not complain when using outdated DEF files.
-onlyheur Only use heuristics, not "normal" scanning.
-packed Unpack compressed executables.
-page Pause after each page.
-rename Rename infected COM/EXE files to VOM/VXE.
Press <ENTER> to continue to view the command-line options.
EOF
getc(STDIN);
print <<EOF;
-report= Send the output to a file.
-silent Do not generate any screen output, exists with F-protd
status code
-formatted Parse XML results and format it human readable
Contains status code in output and also exits with that
status
-xml Send XML output just as f-protd returns it
Contains status code in XML and also exists with that
status
-type Select files by type. (default)
-verno Show version information.
-virlist List the known viruses.
-virno Count the known viruses.
-wrap Wrap text so the report fits in 78 columns.
Special macro virus options:
-nomacro Do not scan for macro viruses.
-onlymacro Only scan for macro viruses.
-removeall Remove all macros from all documents.
-removenew Remove new variants of macro viruses by
removing all macros from infected documents.
-saferemove Remove all macros from documents, if a known
virus is found.
EOF
}
# -------------------------- #
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
