That looks like it should work, but in case it does not, attached is a file that works on my Q-S-1.20 installation. I get no ffs errors in the smtpd log and my concurrency is running normal. What's more, I actually caught two bagle's with it. :-)
As an aside, this is an object lesson in writing modular code. The
fileformat_scanner subroutine uses lots of global variables. The usage
of many of these variables changed between 1.16 and 1.20 making the
subroutine non-portable. Admittedly, how else are you to write it when
the calling program assumes you are using globals. Strict, my, argument
lists, references and returned values are friends to portability. Of
course implementing those in the 1000s of existing lines of QS would be
a major rewrite for Jason.
Just food for thought.
Philip
Philip Chase * [EMAIL PROTECTED] * 352-273-6190
University of Florida, College of Public Health & Health Professions
>>> "John Narron" <[EMAIL PROTECTED]> 3/3/2004 3:38:04 PM >>>
Again, I wrote this on v1.16, and should've tested it on v1.20 first.
So if this is screwing up people's systems, hey I'm sorry :)
Seems Mr Haar is using $ENV{'TMPDIR'} to indicate where the
to-be-scanned
stuff is. So here's a new one. Praying to god this one works for ya.
I tried to send it, as a joke of course, in an encrypted .ZIP file,
but:
<[EMAIL PROTECTED]>:
66.35.250.206 failed after I sent the message.
Remote host said: 550-For the time being, we are blocking all mail with
the
.zip extentsion. If
550 this this is a problem, please open a Support Request on the
SF.net
webite.
So no joy, just a regular .pl file :)
John Narron | "Sacrifice, they always say
Network Administration | Is a sign of nobility
CDS/CDSinet, LLC | But where does one draw the line
http://www.cdsinet.net | In the face of injury?"
(660) 886 4045 | - Queensryche
----- Original Message -----
From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 03, 2004 1:51 PM
Subject: RE: [Qmail-scanner-general]Bagle-h and password protected ZIP
files
> Ok reapplied and now this.
> error_condition: X-Qmail-Scanner-1.20: ffs: cannot open
>
"/var/spool/qmailscan/working/tmp/server.domain.org107834368651125290"
> I also changed the $scandir to include $wmaildir/tmp that's were the
other
> process are scanning.
>
> -----Original Message-----
> From: John Narron [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 03, 2004 2:35 PM
> To: Jason Staudenmayer; [EMAIL PROTECTED]
> Subject: Re: [Qmail-scanner-general]Bagle-h and password protected
ZIP
files
>
>
> I installed v1.20 on a test server, and I'm not getting this error.
>
> Perhaps there was a problem with saving the attachment. If you just
simple
> cut&paste it, maybe the code got munged. Check like 2352 in
> /var/qmail/bin/qmail-scanner-queue.pl .. its probably missing a _
(probably
> a $ffs_time variable and somehow $ffs got seperated from _time)..
>
> John Narron | "Sacrifice, they always say
> Network Administration | Is a sign of nobility
> CDS/CDSinet, LLC | But where does one draw the line
> http://www.cdsinet.net | In the face of injury?"
> (660) 886 4045 | - Queensryche
>
> ----- Original Message -----
> From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, March 03, 2004 1:06 PM
> Subject: RE: [Qmail-scanner-general]Bagle-h and password protected
ZIP
files
>
>
> > Still no luck
> > Global symbol "$ffs" requires explicit package name at
> > /var/qmail/bin/qmail-scanner-queue.pl line 2352.
> > This is a hard error q-s fails to run.
> > Execution of /var/qmail/bin/qmail-scanner-queue.pl aborted due to
> > compilation errors.
> >
> >
> > -----Original Message-----
> > From: John Narron [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, March 03, 2004 1:03 PM
> > To: Jason Staudenmayer; [EMAIL PROTECTED]
> > Subject: Re: [Qmail-scanner-general]Bagle-h and password protected
ZIP
> files
> >
> >
> > My bad!
> >
> > I seem to forget from time to time that I'm still running QSQ 1.16
> >
> > Attached is a version of FFS that should work with 1.20
> >
> > John Narron | "Sacrifice, they always say
> > Network Administration | Is a sign of nobility
> > CDS/CDSinet, LLC | But where does one draw the line
> > http://www.cdsinet.net | In the face of injury?"
> > (660) 886 4045 | - Queensryche
> >
> > ----- Original Message -----
> > From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 03, 2004 11:46 AM
> > Subject: RE: [Qmail-scanner-general]Bagle-h and password protected
ZIP
> files
> >
> >
> > > Looks like the script causes an error over here.
> > > 03/03/2004 12:48:14:22344: error_condition:
X-Qmail-Scanner-1.20:
> > Requeuing:
> > > Undefined subroutine &main::tempfail called at
> > > /var/qmail/bin/qmail-scanner-queue.pl line 2345.
> > >
> > > Any clues?
> > >
> > > -----Original Message-----
> > > From: John Narron [mailto:[EMAIL PROTECTED]
> > > Sent: Tuesday, March 02, 2004 1:35 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [Qmail-scanner-general]Bagle-h and password
protected ZIP
> > files
> > >
> > >
> > > I've been blocking Bagle-H and Bagle-I using the
fileformat-scanner I
> > wrote
> > > and submitted about a week ago. Bagle-H and Bagle-I seem to be
using
> some
> > > off-the-wall ZIP compressor that none of the other ZIP
compressors
(like
> > > InfoZip and WinZip) use, which makes for a somewhat unique header
to
> track
> > > these things. I've attached the PERL code to this e-mail. This
code
> also
> > > blocks UPX compressed binaries as well (I've yet to see any UPX
binary
> > come
> > > through via e-mail that wasn't a virus of some sort).
> > >
> > > It is some crude code, and could be improved. If there's a
demand for
> it,
> > > I'll work to improve it more. To "install", just add this code
to the
> end
> > > of the qmail-scanner-queue.pl and add "fileformat_scanner" to
the
> scanner
> > > array. Eg:
> > >
> > > # cat ffs_scanner.pl >> /var/qmail/bin/qmail-scanner-queue.pl
> > > # vi /var/qmail/bin/qmail-scanner-queue.pl
> > > ...
> > > #Array of virus scanners used must point to subroutines
> > > my @scanner_array=("fileformat_scanner", ... );
> > >
> > >
> > >
> > > John Narron | "Sacrifice, they always say
> > > Network Administration | Is a sign of nobility
> > > CDS/CDSinet, LLC | But where does one draw the line
> > > http://www.cdsinet.net | In the face of injury?"
> > > (660) 886 4045 | - Queensryche
> > >
> > > ----- Original Message -----
> > > From: "CertaintyTech-Ed" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, March 02, 2004 12:17 PM
> > > Subject: [Qmail-scanner-general]Bagle-h and password protected
ZIP
files
> > >
> > >
> > > > Anyone else seeing the Bagle-H virus getting thru? I am using
Q-S
and
> > > > sophie and it is not stopping them. Sophie sees that the ZIP
file
is
> > > > password encrypted so can't check it for viruses and Q-S goes
ahead
> and
> > > > passes it thru. Does anyone know of any way to catch this one?
For
> now
> > > > I am blocking all ZIP attachments...
> > > >
> > > > Thanks,
> > > > ---
> > > > Ed
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> > > > Build and deploy apps & Web services for Linux with
> > > > a free DVD software kit from IBM. Click Now!
> > > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> > > > _______________________________________________
> > > > Qmail-scanner-general mailing list
> > > > [EMAIL PROTECTED]
> > > >
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
> > > >
> > > >
> > >
> > >
> > > -------------------------------------------------------
> > > SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> > > Build and deploy apps & Web services for Linux with
> > > a free DVD software kit from IBM. Click Now!
> > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> > > _______________________________________________
> > > Qmail-scanner-general mailing list
> > > [EMAIL PROTECTED]
> > >
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
> > >
> > >
> >
> >
> > -------------------------------------------------------
> > SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> > Build and deploy apps & Web services for Linux with
> > a free DVD software kit from IBM. Click Now!
> > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> > _______________________________________________
> > Qmail-scanner-general mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
> >
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO
of
> GenToo technologies. Learn everything from fundamentals to system
>
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Qmail-scanner-general mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
>
>
ffs-scanner.pl
Description: Binary data
