Re: [Clamav-devel] Patch for sender host name and IP address in report template
Hmm... Really. But not mail_host - ${client_name}$ and ${client_addr}$ work fine. It seems that my patch is not needed. There is a big difference though. With my patch, the client host name and IP address are always known. No matter what variables to pass to clamav-milter are configured in sendmail.cf. And they can (and should) be included in the default notification message. ___ Best wishes, Serge ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
[Clamav-devel] Re: Patch for sender host name and IP address in report template
Serge Vakulenko wrote: There is a big difference though. With my patch, the client host name and IP address are always known. No matter what variables to pass to clamav-milter are configured in sendmail.cf. Some time ago I ask about add third type variable in template: clamav-milter specific... :-) Patch in attach make avaliable using template === The message $i$ sent from ${mail_addr}$ to ${rcpt_addr}$ contained a virus and has not been delivered. %v found. Scanning engine: full_version - The original (infected) message headers were: localreceived header === Some variables in this patch can be removed (v and header), but localreceived RFC-style addons for header... I think what this patch will be include in Alt Linux Sisyphus in next update of ClamAV package. -- Regards, Sergey --- clamav-milter/clamav-milter.c.orig 2004-09-18 01:06:32 +0500 +++ clamav-milter/clamav-milter.c 2004-09-18 13:40:33 +0500 @@ -3517,6 +3517,64 @@ ptr = end; break; } + case '': /* clamav-milter variables */ { +char *end = strchr(++ptr, ''); + +if(end == NULL) { + syslog(LOG_ERR, + _(%s: Unterminated clamav-milter variable \%s\\n), + filename, ptr); + continue; +} +*end = '\0'; + +/* begin variables definitions */ +// Virus name, replacement for %v, may be not need +if ( strcmp(ptr, v) == 0 ) { +fputs(virusname, sendmail); +} // end of v +// Header, , replacement for %h, may be not need +else if ( strcmp(ptr, header) == 0) { +struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx); +header_list_print(privdata-headers, sendmail); +} // end of header +// ClamAV/clamav-milter version +else if ( strcmp(ptr, full_version) == 0) { +fputs(clamav_version, sendmail); +} // end of clamav_version +// Local Received aadons for header +else if ( strcmp(ptr, localreceived) == 0) { +char *s_relay, *helo; +char timestring[128]; +time_t systime; + +s_relay = smfi_getsymval(ctx, {_}); +if (!s_relay) s_relay = ; +helo = smfi_getsymval(ctx, s); +if (!helo) { + helo = NOHELO; + if(use_syslog) + syslog(LOG_WARNING, _(Variable \s\ isn't defined in Milter.macros.eom\n)); +} + +systime = time(NULL); +strftime(timestring, sizeof(timestring) -1, %a, %d %b %Y %T %z (%Z), + localtime(systime)); + +fprintf(sendmail, Received: from %s (%s), helo, s_relay); +fprintf(sendmail, \n\tby %s (clamav-milter %s) with id %s;, + smfi_getsymval(ctx, j), CM_VERSION, smfi_getsymval(ctx, i)); +fprintf(sendmail, \n\t%s, timestring); + +} // localreceived +else { +fprintf(sendmail, [unknown clamav-milter's variable: %s], ptr); + if(use_syslog) + syslog(LOG_ERR, _(%s: Unknown clamav-milter's variable \%s\\n), + filename, ptr); +} // end variables definitions +ptr = end; + } break; case '\\': if(*++ptr == '\0') { --ptr; ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Re: [Clamav-devel] [patch] freshclam patternupdates via proxy (0.80rc3)
On Tue, 05 Oct 2004 02:40:01 +0200 Alexander Marx [EMAIL PROTECTED] wrote: http://www.madness.at/~mad/projects/clamav/freshclam_proxyfix.patch Applied in CVS. Thanks! -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Oct 6 20:51:03 CEST 2004 pgpfAJRVrXqsB.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Re: [Clamav-devel] PATCH: file descriptor passing
On 04 Oct 2004 12:50:05 +1000 Richard Lyons [EMAIL PROTECTED] wrote: The environment I'm integrating clamav into passes file descriptors around rather than file names. Currently using clamd means writing the contents of the file descriptor to a temporary file and then passing the name to clamd. I'd prefer to avoid the extra disk IO, so the attached patch allows passing the file descriptor on platforms that support file descriptor passing. It also allows us to run clamd at a reduced privilege. The patch looks OK. Are you the original author of the whole its code? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Oct 6 21:01:49 CEST 2004 pgp3jI542Cf6q.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Re: [Clamav-devel] zip file that ClamAV does not like
On Wed, 06 Oct 2004 14:02:15 -0400 Rick Fiore [EMAIL PROTECTED] wrote: This file is a zip file that contains a data file that is used by proprietary software as a Gamma for an Image. Clamscan and clamdscan both report: blockhead.zip: Zip modules failure blockhead.zip: OK This is killing the email as MIME-Defang doesn't get a straight answer that the file is ok. The zip was created with an older version of zip on Sun OS 4.1.4. I am using ClamAV 0.80rc3. The archive contains a file compressed with the old implode method (it's still patented IIRC). You can use clamscan to scan such archives: [EMAIL PROTECTED]:/tmp$ clamscan --unzip blockhead.zip /tmp/blockhead.zip: Zip module failure Archive: /tmp/blockhead.zip exploding: GAMMA.666.6483 /tmp/clamav-69cef89e89618389/GAMMA.666.6483: OK (raw) /tmp/blockhead.zip: OK --- SCAN SUMMARY --- Known viruses: 24839 Scanned directories: 1 Scanned files: 2 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 5.832 sec (0 m 5 s) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Oct 6 21:03:35 CEST 2004 pgpGsvXY8QUi7.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
[Clamav-devel] Re: zip file that ClamAV does not like
Tomasz Kojm wrote: On Wed, 06 Oct 2004 15:51:00 -0400 Rick Fiore [EMAIL PROTECTED] wrote: Any sugestions on how to deal with it from within MIME-Defange so that it does want to reject it? Please ask on the MIMEDefang mailing list, I'm sure they will help you. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel Just thought there might be a quick fix with ClamAV. Thanks for your help. Rick ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Re: [Clamav-devel] PATCH: file descriptor passing
On Thu, 2004-10-07 at 06:20, Reini Urban wrote: Richard Lyons schrieb: In the case of cygwin, while the environment has the appropriate control structures, the OS doesn't support fd passing, so the code falls back to using read/write. Note that cygwin supports limited file descriptor passing, but suggests to use better/different schemes instead. I'm not really familiar with cygwin. To test fd passing on a cygwin system I wrote a simple test program; when the fd passing didn't work, I added the exclusion to the clamav patch. (Frankly, I was pleasantly surprised that socketpair and fork worked - I remember when piping meant writing the output of the first process to a temp file and then running the second process with stdin redirected from the file.) Like passing MapViewOfFile handles or using IPC shared memory (or the fd only of course). There are also other efficient ways. I assume that the cygwin team will hide this behind the sendmsg/recvmsg interface, I'm not interested in adding win32 hacks to work around deficiencies in the current libraries. Thinking about it, it could be argued that the cygwin exclusion is not required. The code will still work, if somebody tries to send a file descriptor on a cygwin system then clamd will send back UNKNOWN COMMAND. clamdscan reports OK in such a case, so maybe clamd should send UNKNOWN COMMAND: ERROR, or clamdscan should detect when a response doesn't contain ERROR or FOUND. Removing the cygwin exclusion would mean that when the cygwin team get fd passing working via sendmsg/recvmsg, clamav will automatically be able to use it. Rick. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Re: [Clamav-devel] PATCH: file descriptor passing
On Thu, 2004-10-07 at 05:01, Tomasz Kojm wrote: The patch looks OK. Are you the original author of the whole its code? Most of the configure stuff is derived from configure.ac in openssh, the rest was written by me. Rick. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel