F-Secure 12 Support (#553)

* F-Secure 12 Support
2024-11-10 09:13:31 +08:00 · 2021-09-25 21:42:53 -04:00 · 2021-09-25 21:42:53 -04:00 · 90288cc696
commit 90288cc696
parent 00006443de
5 changed files with 100 additions and 5 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-5.4.1-2
+5.4.1-3
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+09/19/2021 Changed in    v5.4.1-3 (beta)
+==================================
+
+- Support for F-Secure version 12+
+- Milter queue processing for child-owned queue files
+
 08/08/2021 Changes in    v5.4.1-2
 ==================================

--- a/common/etc/MailScanner/virus.scanners.conf
+++ b/common/etc/MailScanner/virus.scanners.conf
@ -18,18 +18,19 @@

 avg				/usr/lib/MailScanner/wrapper/avg-wrapper			/usr
 avast			/usr/lib/MailScanner/wrapper/avast-wrapper			/bin
-avastd          /bin/false				                            /
+avastd			/bin/false											/
 bitdefender		/usr/lib/MailScanner/wrapper/bitdefender-wrapper 	/opt/BitDefender
 clamav			/usr/lib/MailScanner/wrapper/clamav-wrapper			/usr
 clamd			/bin/false											/usr
 clamavmodule	/bin/false											/usr/share/perl5/ClamAV
 esets			/usr/lib/MailScanner/wrapper/esets-wrapper			/opt/eset/esets/sbin
 f-secure		/usr/lib/MailScanner/wrapper/f-secure-wrapper		/opt/f-secure/fsav
-f-secured       /bin/false                                          /opt/f-secure/fsav
+f-secured		/bin/false											/opt/f-secure/fsav
+f-secure-12		/usr/lib/MailScanner/wrapper/f-secure-12-wrapper	/opt/f-secure/linuxsecurity
 generic			/usr/lib/MailScanner/wrapper/generic-wrapper		/dev/null
 sophos			/usr/lib/MailScanner/wrapper/sophos-wrapper			/opt/sophos-av
 sophossavi		/bin/false											/tmp
 none			/bin/false											/dev/null
 drweb			/usr/lib/MailScanner/wrapper/drweb-wrapper			/usr/bin
 kaspersky		/usr/lib/MailScanner/wrapper/kaspersky-wrapper		/opt/kaspersky/klms
-kse             /bin/false                                          /opt/kaspersky/ScanEngine
+kse				/bin/false											/opt/kaspersky/ScanEngine
--- a/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper
+++ b/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper
@ -0,0 +1,37 @@
+#!/bin/sh
+
+# f-secure-12-wrapper --	invoke F-Secure AV for use with
+# 			mailscanner
+#
+#   MailScanner - SMTP Email Processor
+#   Copyright (C) 2021 MailScanner Team <https://mailscanner.info>
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+#      https://www.mailscanner.info
+#
+
+Root=$1
+shift
+
+FS_SCAN=fsanalyze
+PackageDir=$Root/bin
+ScanOptions="--quiet --scan-archives=yes --detect-encrypted-archives=yes  --malware=remove --pua=remove"
+
+if [ "x$1" = "x-IsItInstalled" ]; then
+  [ -x ${PackageDir}/${FS_SCAN} ] && exit 0
+  exit 1
+fi
+
+exec ${PackageDir}/${FS_SCAN} $ScanOptions "$@"
--- a/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm
+++ b/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm
@ -118,6 +118,17 @@ my %Scanners = (
    SupportScanning	=> $S_SUPPORTED,
    SupportDisinfect	=> $S_SUPPORTED,
  },
+  "f-secure-12" => {
+    name => "F-Secure-12",
+    Lock => 'f-secure12Busy.lock',
+    CommonOptions => '--quiet --scan-archives=yes',
+    DisinfectOptions => '--malware=remove --pua=remove',
+    ScanOptions => '--malware=remove --pua=remove --detect-encrypted-archives=yes',
+    InitParser => \&InitFSecure12Parser,
+    ProcessOutput => \&ProcessFSecure12Output,
+    SupportScanning => $S_SUPPORTED,
+    SupportDisinfect	=> $S_SUPPORTED,
+  },
  "f-secure"	=> {
    Name		=> 'F-Secure',
    Lock		=> 'f-secureBusy.lock',
@ -262,7 +273,7 @@ my %Scanners = (
      SupportDisinfect => $S_NONE,
  },
  "drweb"   => {
-      Name		=> 'DrWeb',
+      Name                => 'DrWeb',
      Lock                => 'drwebBusy.lock',
      CommonOptions       => '',
      DisinfectOptions    => '-cu',
@ -1227,6 +1238,11 @@ sub InitFSecureParser {
  %fsecure_Seen = ();
 }

+# Initialise any state variables the F-Secure-12 output parser uses
+sub InitFSecure12Parser {
+  ;
+}
+
 # Initialise any state variables the F-Secured output parser uses
 my (%FSDFiles);

@ -1631,6 +1647,41 @@ sub ProcessSophosOutput {
  return 1;
 }

+sub ProcessFSecure12Output {
+  my($line, $infections, $types, $BaseDir, $Name) = @_;
+
+  my($report, $infected, $dot, $id, $part, @rest);
+  my($logout, $virus, $BeenSeen);
+
+  chomp $line;
+ 
+  $report = $line;
+  $logout = $line;
+  $logout =~ s/%/%%/g;
+  $logout =~ s/\s{20,}/ /g;
+
+  return 0 unless $line =~ /\sresult=infected\s/;
+
+  $line =~ s/^(.*):\sresult=infected(\sinfection=.*)/$1$2/;
+
+  # Get to the meat or die trying...
+  $line =~ s/\sinfection=(\S+).*$//
+    or MailScanner::Log::DieLog("Dodgy things going on in F-Secure-12 output:\n$report\n");
+  $virus = $1;
+  MailScanner::Log::NoticeLog("Virus Scanning: F-Secure found virus %s",$virus);
+
+  ($dot,$id,$part,@rest) = split(/\//, $line);
+  my $notype = substr($part,1);
+  $logout =~ s/\Q$part\E/$notype/;
+  $report =~ s/\Q$part\E/$notype/;
+
+  MailScanner::Log::InfoLog($logout);
+  $report = $Name . ': ' . $report if $Name;
+  $infections->{"$id"}{"$part"} .= $report . "\n";
+  $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender
+  return 1;
+}
+
 sub ProcessFSecureOutput {
  my($line, $infections, $types, $BaseDir, $Name) = @_;
 @ -1 +1 @@
 .4.1-2
 .4.1-3