Re: [Clamav-users] clamav-milter received header in notification message
Joe Maimon wrote:
I can probably send a patch if you would like.
Joe
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
This patch still works...can someone tell me whether this is up for
consideration?
#! /bin/sh /usr/share/dpatch/dpatch-run
## 100_clamav-milter.smrcv.patch.dpatch by <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c
/tmp/dpep.qdUNc5/clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c
--- clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c2005-05-12
17:10:27.0 -0400
+++ /tmp/dpep.qdUNc5/clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c
2005-05-20 10:50:03.670473065 -0400
@@ -2267,8 +2267,44 @@
privdata->from = strdup(mailaddr);
- if(hflag)
+ if(hflag) {
+ /* craft a sendmail like header for notifications */
+ char *macro_b, *macro_s, *macro_j, *macro__;
+ char *p;
+ int plen = 0;
+ char *fmt = "from %s (%s) by %s";
+
+
privdata->headers = header_list_new();
+ macro_s = smfi_getsymval(ctx, "s");
+ macro_j = smfi_getsymval(ctx, "j");
+ macro__ = smfi_getsymval(ctx, "_");
+
+ plen += (macro_s) ? strlen(macro_s) : sizeof("unknown");
+ plen += (macro_j) ? strlen(macro_j) : sizeof("localhost");
+ plen += (macro__) ? strlen(macro__) : 0;
+ plen += strlen(fmt);
+
+ p = cli_malloc(plen);
+ if(p) {
+ sprintf(p, fmt,
+ (macro_s) ? macro_s : "unknown",
+ (macro__) ? macro__ : "",
+ (macro_j) ? macro_j : "localhost"
+ );
+#ifdef CL_DEBUG
+ if(debug_level > 5) {
+ char *msg_p = "clamfi_header: created Recieved
header alloclen=%d, len=%d,\"%s\"\n";
+ if(use_syslog)
+ syslog(LOG_NOTICE, msg_p, plen,
strlen(p), p);
+ cli_dbgmsg(msg_p,plen, strlen(p), p);
+ }
+#endif
+
+ header_list_add(privdata->headers, "Received", p);
+ free(p);
+ }
+ }
if(smfi_setpriv(ctx, privdata) == MI_SUCCESS)
return SMFIS_CONTINUE;
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter received header in notification message
Joe Maimon wrote:
I can probably send a patch if you would like.
Here is a rough version that I am testing that seems to work for me.
Joe
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
--- clamav-devel/clamav-milter/clamav-milter.c 2004-11-20 18:02:23.0
-0500
+++ clamav-devel.smrecv/clamav-milter/clamav-milter.c 2004-11-29
22:41:58.0 -0500
@@ -2272,8 +2272,44 @@
privdata->from = strdup(argv[0]);
- if(hflag)
+ if(hflag) {
+ /* craft a sendmail like header for notifications */
+ char *macro_b, *macro_s, *macro_j, *macro__;
+ char *p;
+ int plen = 0;
+ char *fmt = "from %s (%s) by %s\n";
+
+
privdata->headers = header_list_new();
+ macro_s = smfi_getsymval(ctx, "s");
+ macro_j = smfi_getsymval(ctx, "j");
+ macro__ = smfi_getsymval(ctx, "_");
+
+ plen += (macro_s) ? strlen(macro_s) : sizeof("unknown");
+ plen += (macro_j) ? strlen(macro_j) : sizeof("localhost");
+ plen += (macro__) ? strlen(macro__) : 0;
+ plen += strlen(fmt);
+
+ p = cli_malloc(plen);
+ if(p) {
+ sprintf(p, fmt,
+ (macro_s) ? macro_s : "unknown",
+ (macro__) ? macro__ : "",
+ (macro_j) ? macro_j : "localhost"
+ );
+#ifdef CL_DEBUG
+ if(debug_level > 5) {
+ char *msg_p = "clamfi_header: created Recieved
header alloclen=%d, len=%d,\"%s\"\n";
+ if(use_syslog)
+ syslog(LOG_NOTICE, _(msg_p), plen,
strlen(p), p);
+ cli_dbgmsg(_(msg_p),plen, strlen(p), p);
+ }
+#endif
+
+ header_list_add(privdata->headers, "Received", p);
+ free(p);
+ }
+ }
if(smfi_setpriv(ctx, privdata) == MI_SUCCESS)
return SMFIS_CONTINUE;
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamav-milter received header in notification message
Seems like it would be usefull for clamav-milter to craft a sendmail like header in the notification it sends (with --headers arg). amavis-milter does this. Currently only headers sendmail receives are sent to clamav-milter which inserts them into the notification message. Otherwise you tend to be missing the only believable header information. Usefull information would be sending helo name, sender hostname, sender ip address, queueid, rfc time. And, if by some chance we can tell if the virus was submitted by an authenticated user, that should be noteworthy as well. As an example, I would use this to semi-automaticaly blacklist hosts that send viruses by feeding the email into a script to extract the sender ip address. http://spamikaze.nl.linux.org/ I can probably send a patch if you would like. Joe ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
