date:20041006

Re: [Clamav-devel] Patch for sender host name and IP address in report template

2004-10-06 Thread Serge Vakulenko

 Hmm... Really. But not mail_host - ${client_name}$ and ${client_addr}$
 work fine.
 It seems that my patch is not needed.

There is a big difference though.
With my patch, the client host name and IP address are always known.
No matter what variables to pass to clamav-milter are configured in
sendmail.cf.

And they can (and should) be included in the default notification message.
___
Best wishes,
Serge



___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

[Clamav-devel] Re: Patch for sender host name and IP address in report template

2004-10-06 Thread Sergey

Serge Vakulenko wrote:

 There is a big difference though.
 With my patch, the client host name and IP address are always known.
 No matter what variables to pass to clamav-milter are configured in
 sendmail.cf.

Some time ago I ask about add third type variable in template:
clamav-milter specific... :-) Patch in attach make avaliable 
using template
===
The message $i$ sent from ${mail_addr}$ to
${rcpt_addr}$
contained a virus and has not been delivered.
%v found.

Scanning engine:
full_version

- The original (infected) message headers were:

localreceived
header
===
Some variables in this patch can be removed (v and header), but 
localreceived RFC-style addons for header... I think what this 
patch will be include in Alt Linux Sisyphus in next update of 
ClamAV package.

-- 
Regards,
Sergey
--- clamav-milter/clamav-milter.c.orig	2004-09-18 01:06:32 +0500
+++ clamav-milter/clamav-milter.c	2004-09-18 13:40:33 +0500
@@ -3517,6 +3517,64 @@
 ptr = end;
 break;
 			}
+			case '': /* clamav-milter variables */ {
+char *end = strchr(++ptr, '');
+
+if(end == NULL) {
+	syslog(LOG_ERR,
+		_(%s: Unterminated clamav-milter variable \%s\\n),
+		filename, ptr);
+	continue;
+}
+*end = '\0';
+
+/* begin variables definitions */
+// Virus name, replacement for %v, may be not need
+if ( strcmp(ptr, v) == 0 ) { 
+fputs(virusname, sendmail);
+} // end of v
+// Header, , replacement for %h, may be not need
+else if ( strcmp(ptr, header) == 0) {
+struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
+header_list_print(privdata-headers, sendmail);
+} // end of header
+// ClamAV/clamav-milter version
+else if ( strcmp(ptr, full_version) == 0) {
+fputs(clamav_version, sendmail);
+} // end of clamav_version
+// Local Received aadons for header
+else if ( strcmp(ptr, localreceived) == 0) {
+char *s_relay, *helo;
+char timestring[128];
+time_t systime;
+
+s_relay = smfi_getsymval(ctx, {_});
+if (!s_relay) s_relay = ;
+helo = smfi_getsymval(ctx, s);
+if (!helo) {
+	helo = NOHELO;
+	if(use_syslog)
+		syslog(LOG_WARNING, _(Variable \s\ isn't defined in Milter.macros.eom\n));
+}
+
+systime = time(NULL);
+strftime(timestring, sizeof(timestring) -1, %a, %d %b %Y %T %z (%Z),
+		localtime(systime));
+
+fprintf(sendmail, Received: from %s (%s), helo, s_relay);
+fprintf(sendmail, \n\tby %s (clamav-milter %s) with id %s;,
+	smfi_getsymval(ctx, j), CM_VERSION, smfi_getsymval(ctx, i));
+fprintf(sendmail, \n\t%s, timestring);
+
+} // localreceived
+else {
+fprintf(sendmail, [unknown clamav-milter's variable:  %s], ptr);
+	if(use_syslog)
+		syslog(LOG_ERR, _(%s: Unknown clamav-milter's variable \%s\\n),
+			filename, ptr);
+} // end variables definitions
+ptr = end;
+			} break;
 			case '\\':
 if(*++ptr == '\0') {
 	--ptr;
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Re: [Clamav-devel] [patch] freshclam patternupdates via proxy (0.80rc3)

2004-10-06 Thread Tomasz Kojm

On Tue, 05 Oct 2004 02:40:01 +0200
Alexander Marx [EMAIL PROTECTED] wrote:

 http://www.madness.at/~mad/projects/clamav/freshclam_proxyfix.patch

Applied in CVS. Thanks!

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Oct  6 20:51:03 CEST 2004


pgpfAJRVrXqsB.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Re: [Clamav-devel] PATCH: file descriptor passing

2004-10-06 Thread Tomasz Kojm

On 04 Oct 2004 12:50:05 +1000
Richard Lyons [EMAIL PROTECTED] wrote:

 The environment I'm integrating clamav into passes file descriptors
 around rather than file names.  Currently using clamd means writing
 the contents of the file descriptor to a temporary file and then
 passing the name to clamd.  I'd prefer to avoid the extra disk IO,
 so the attached patch allows passing the file descriptor on platforms
 that support file descriptor passing.  It also allows us to run clamd
 at a reduced privilege.

The patch looks OK. Are you the original author of the whole its code?

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Oct  6 21:01:49 CEST 2004


pgp3jI542Cf6q.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Re: [Clamav-devel] zip file that ClamAV does not like

2004-10-06 Thread Tomasz Kojm

On Wed, 06 Oct 2004 14:02:15 -0400
Rick Fiore [EMAIL PROTECTED] wrote:

 This file is a zip file that contains a data file that is used by 
 proprietary software as a Gamma for an Image.  Clamscan and clamdscan 
 both report:
 
 blockhead.zip: Zip modules failure
 blockhead.zip: OK
 
 This is killing the email as MIME-Defang doesn't get a straight answer
 
 that the file is ok. The zip was created with an older version of zip
 on 
   Sun OS 4.1.4.  I am using ClamAV 0.80rc3.

The archive contains a file compressed with the old implode method
(it's still patented IIRC). You can use clamscan to scan such archives:

[EMAIL PROTECTED]:/tmp$ clamscan --unzip blockhead.zip 
/tmp/blockhead.zip: Zip module failure
Archive:  /tmp/blockhead.zip
  exploding: GAMMA.666.6483  
/tmp/clamav-69cef89e89618389/GAMMA.666.6483: OK
(raw) /tmp/blockhead.zip: OK

--- SCAN SUMMARY ---
Known viruses: 24839
Scanned directories: 1
Scanned files: 2
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 5.832 sec (0 m 5 s)

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Oct  6 21:03:35 CEST 2004


pgpGsvXY8QUi7.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

[Clamav-devel] Re: zip file that ClamAV does not like

2004-10-06 Thread Rick Fiore

Tomasz Kojm wrote:
On Wed, 06 Oct 2004 15:51:00 -0400
Rick Fiore [EMAIL PROTECTED] wrote:

Any sugestions on how to deal with it from within MIME-Defange so that
it does want to reject it?

Please ask on the MIMEDefang mailing list, I'm sure they will help you.


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Just thought there might be a quick fix with ClamAV.  Thanks for your help.
Rick
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Re: [Clamav-devel] PATCH: file descriptor passing

2004-10-06 Thread Richard Lyons

On Thu, 2004-10-07 at 06:20, Reini Urban wrote:
 Richard Lyons schrieb:
  In the case of cygwin, while the environment has the appropriate
  control structures, the OS doesn't support fd passing, so the code
  falls back to using read/write.
 
 Note that cygwin supports limited file descriptor passing,
 but suggests to use better/different schemes instead.

I'm not really familiar with cygwin.  To test fd passing on
a cygwin system I wrote a simple test program; when the fd
passing didn't work, I added the exclusion to the clamav
patch.  (Frankly, I was pleasantly surprised that socketpair
and fork worked - I remember when piping meant writing the
output of the first process to a temp file and then running
the second process with stdin redirected from the file.)

 Like passing MapViewOfFile handles or using IPC shared memory (or the fd 
 only of course). There are also other efficient ways.

I assume that the cygwin team will hide this behind the
sendmsg/recvmsg interface, I'm not interested in adding win32
hacks to work around deficiencies in the current libraries.

Thinking about it, it could be argued that the cygwin exclusion
is not required.  The code will still work, if somebody tries to
send a file descriptor on a cygwin system then clamd will send
back UNKNOWN COMMAND.  clamdscan reports OK in such a case,
so maybe clamd should send UNKNOWN COMMAND: ERROR, or clamdscan
should detect when a response doesn't contain ERROR or FOUND.

Removing the cygwin exclusion would mean that when the cygwin team
get fd passing working via  sendmsg/recvmsg, clamav will automatically
be able to use it.

Rick.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Re: [Clamav-devel] PATCH: file descriptor passing

2004-10-06 Thread Richard Lyons

On Thu, 2004-10-07 at 05:01, Tomasz Kojm wrote:

 The patch looks OK. Are you the original author of the whole its code?

Most of the configure stuff is derived from configure.ac
in openssh, the rest was written by me.

Rick.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Re: [Clamav-devel] Patch for sender host name and IP address in report template

[Clamav-devel] Re: Patch for sender host name and IP address in report template

Re: [Clamav-devel] [patch] freshclam patternupdates via proxy (0.80rc3)

Re: [Clamav-devel] PATCH: file descriptor passing

Re: [Clamav-devel] zip file that ClamAV does not like

[Clamav-devel] Re: zip file that ClamAV does not like

Re: [Clamav-devel] PATCH: file descriptor passing

Re: [Clamav-devel] PATCH: file descriptor passing

8 matches

Site Navigation

Mail list logo

Footer information