diff --git a/VERSION b/VERSION index 6c705ba..3c81d6d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.4.1-2 \ No newline at end of file +5.4.1-3 \ No newline at end of file diff --git a/changelog b/changelog index 69e3e1e..7a1a294 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,9 @@ +09/19/2021 Changed in v5.4.1-3 (beta) +================================== + +- Support for F-Secure version 12+ +- Milter queue processing for child-owned queue files + 08/08/2021 Changes in v5.4.1-2 ================================== diff --git a/common/etc/MailScanner/virus.scanners.conf b/common/etc/MailScanner/virus.scanners.conf index f1c92eb..8dcc0af 100644 --- a/common/etc/MailScanner/virus.scanners.conf +++ b/common/etc/MailScanner/virus.scanners.conf @@ -18,18 +18,19 @@ avg /usr/lib/MailScanner/wrapper/avg-wrapper /usr avast /usr/lib/MailScanner/wrapper/avast-wrapper /bin -avastd /bin/false / +avastd /bin/false / bitdefender /usr/lib/MailScanner/wrapper/bitdefender-wrapper /opt/BitDefender clamav /usr/lib/MailScanner/wrapper/clamav-wrapper /usr clamd /bin/false /usr clamavmodule /bin/false /usr/share/perl5/ClamAV esets /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin f-secure /usr/lib/MailScanner/wrapper/f-secure-wrapper /opt/f-secure/fsav -f-secured /bin/false /opt/f-secure/fsav +f-secured /bin/false /opt/f-secure/fsav +f-secure-12 /usr/lib/MailScanner/wrapper/f-secure-12-wrapper /opt/f-secure/linuxsecurity generic /usr/lib/MailScanner/wrapper/generic-wrapper /dev/null sophos /usr/lib/MailScanner/wrapper/sophos-wrapper /opt/sophos-av sophossavi /bin/false /tmp none /bin/false /dev/null drweb /usr/lib/MailScanner/wrapper/drweb-wrapper /usr/bin kaspersky /usr/lib/MailScanner/wrapper/kaspersky-wrapper /opt/kaspersky/klms -kse /bin/false /opt/kaspersky/ScanEngine +kse /bin/false /opt/kaspersky/ScanEngine diff --git a/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper b/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper new file mode 100644 index 0000000..38620e7 --- /dev/null +++ b/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper @@ -0,0 +1,37 @@ +#!/bin/sh + +# f-secure-12-wrapper -- invoke F-Secure AV for use with +# mailscanner +# +# MailScanner - SMTP Email Processor +# Copyright (C) 2021 MailScanner Team +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# https://www.mailscanner.info +# + +Root=$1 +shift + +FS_SCAN=fsanalyze +PackageDir=$Root/bin +ScanOptions="--quiet --scan-archives=yes --detect-encrypted-archives=yes --malware=remove --pua=remove" + +if [ "x$1" = "x-IsItInstalled" ]; then + [ -x ${PackageDir}/${FS_SCAN} ] && exit 0 + exit 1 +fi + +exec ${PackageDir}/${FS_SCAN} $ScanOptions "$@" \ No newline at end of file diff --git a/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm b/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm index 651deb4..29633f7 100644 --- a/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm +++ b/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm @@ -118,6 +118,17 @@ my %Scanners = ( SupportScanning => $S_SUPPORTED, SupportDisinfect => $S_SUPPORTED, }, + "f-secure-12" => { + name => "F-Secure-12", + Lock => 'f-secure12Busy.lock', + CommonOptions => '--quiet --scan-archives=yes', + DisinfectOptions => '--malware=remove --pua=remove', + ScanOptions => '--malware=remove --pua=remove --detect-encrypted-archives=yes', + InitParser => \&InitFSecure12Parser, + ProcessOutput => \&ProcessFSecure12Output, + SupportScanning => $S_SUPPORTED, + SupportDisinfect => $S_SUPPORTED, + }, "f-secure" => { Name => 'F-Secure', Lock => 'f-secureBusy.lock', @@ -262,7 +273,7 @@ my %Scanners = ( SupportDisinfect => $S_NONE, }, "drweb" => { - Name => 'DrWeb', + Name => 'DrWeb', Lock => 'drwebBusy.lock', CommonOptions => '', DisinfectOptions => '-cu', @@ -1227,6 +1238,11 @@ sub InitFSecureParser { %fsecure_Seen = (); } +# Initialise any state variables the F-Secure-12 output parser uses +sub InitFSecure12Parser { + ; +} + # Initialise any state variables the F-Secured output parser uses my (%FSDFiles); @@ -1631,6 +1647,41 @@ sub ProcessSophosOutput { return 1; } +sub ProcessFSecure12Output { + my($line, $infections, $types, $BaseDir, $Name) = @_; + + my($report, $infected, $dot, $id, $part, @rest); + my($logout, $virus, $BeenSeen); + + chomp $line; + + $report = $line; + $logout = $line; + $logout =~ s/%/%%/g; + $logout =~ s/\s{20,}/ /g; + + return 0 unless $line =~ /\sresult=infected\s/; + + $line =~ s/^(.*):\sresult=infected(\sinfection=.*)/$1$2/; + + # Get to the meat or die trying... + $line =~ s/\sinfection=(\S+).*$// + or MailScanner::Log::DieLog("Dodgy things going on in F-Secure-12 output:\n$report\n"); + $virus = $1; + MailScanner::Log::NoticeLog("Virus Scanning: F-Secure found virus %s",$virus); + + ($dot,$id,$part,@rest) = split(/\//, $line); + my $notype = substr($part,1); + $logout =~ s/\Q$part\E/$notype/; + $report =~ s/\Q$part\E/$notype/; + + MailScanner::Log::InfoLog($logout); + $report = $Name . ': ' . $report if $Name; + $infections->{"$id"}{"$part"} .= $report . "\n"; + $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender + return 1; +} + sub ProcessFSecureOutput { my($line, $infections, $types, $BaseDir, $Name) = @_;