mirror of
https://github.com/MailScanner/v5.git
synced 2024-09-20 07:16:10 +08:00
parent
9dfdbd8638
commit
f0253be06d
|
@ -24,6 +24,7 @@ clamav /usr/lib/MailScanner/wrapper/clamav-wrapper /usr
|
|||
clamd /bin/false /usr
|
||||
clamavmodule /bin/false /usr/share/perl5/ClamAV
|
||||
esets /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin
|
||||
esetsefs /usr/lib/MailScanner/wrapper/esetsefs-wrapper /opt/eset/efs/bin
|
||||
f-secure /usr/lib/MailScanner/wrapper/f-secure-wrapper /opt/f-secure/fsav
|
||||
f-secured /bin/false /opt/f-secure/fsav
|
||||
f-secure-12 /usr/lib/MailScanner/wrapper/f-secure-12-wrapper /opt/f-secure/linuxsecurity
|
||||
|
|
67
common/usr/lib/MailScanner/wrapper/esetsefs-wrapper
Executable file
67
common/usr/lib/MailScanner/wrapper/esetsefs-wrapper
Executable file
|
@ -0,0 +1,67 @@
|
|||
#!/bin/bash
|
||||
|
||||
# esetsefs-wrapper -- invoke esets efs for use with mailscanner
|
||||
#
|
||||
# MailScanner - SMTP Email Processor
|
||||
# Copyright (C) 2021 MailScanner Team <https://mailscanner.info>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
# https://www.mailscanner.info
|
||||
#
|
||||
#
|
||||
PackageDir=$1
|
||||
shift
|
||||
Prog=odscan
|
||||
Log=lslog
|
||||
Epoch=$(date +%s)
|
||||
|
||||
if [ "x$1" = "x-IsItInstalled" ]; then
|
||||
[ -x ${PackageDir}/$Prog ] && exit 0
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sudo ${PackageDir}/$Prog "$@"
|
||||
if [ $? -eq 50 -o $? -eq 1 ]; then
|
||||
# Threat(s) found
|
||||
LogFile=$(mktemp) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
|
||||
umask 077
|
||||
rm -f $LogFile
|
||||
# Grab just the end of the log to save on parsing
|
||||
sudo ${PackageDir}/$Log -c -s --with-log-name | tail -n1000 >$LogFile 2>&1
|
||||
# Output detections in current path on or after timestamp
|
||||
Dir=$@
|
||||
oldIFS="$IFS"
|
||||
IFS=''
|
||||
while read -r p || [ -n "$p" ]
|
||||
do
|
||||
if [[ $p =~ ^[0-9] ]]; then
|
||||
Date=$(echo $p | awk -F',' '{print $1}')
|
||||
Epoch2=$(date --date="$Date" +%s)
|
||||
if [ $Epoch2 -ge $Epoch ]; then
|
||||
# Grab detections and filter to scan directory
|
||||
logID=$(echo ${p##*,} | tr -d '\r')
|
||||
sudo ${PackageDir}/$Log -c --ods-detections=$logID | grep ${Dir##*\ } 2>&1
|
||||
fi
|
||||
fi
|
||||
done < $LogFile
|
||||
IFS=$oldIFS
|
||||
rm -f $LogFile
|
||||
elif [ $? -eq 100 ]; then
|
||||
# Scan failed
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,9 @@
|
|||
ESETS EFS requires root to scan
|
||||
|
||||
Add to sudoers:
|
||||
|
||||
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/odscan
|
||||
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/lslog
|
||||
|
||||
where /opt/eset/efs/sbin/ is the real path to your esets scan binary
|
||||
and postfix is the real Run As user for MailScanner
|
|
@ -261,6 +261,17 @@ my %Scanners = (
|
|||
SupportScanning => $S_SUPPORTED,
|
||||
SupportDisinfect => $S_SUPPORTED,
|
||||
},
|
||||
"esetsefs" => {
|
||||
Name => 'esetsefs',
|
||||
Lock => 'esetsefsBusy.lock',
|
||||
CommonOptions => '-s --profile="@In-depth scan"',
|
||||
DisinfectOptions => '',
|
||||
ScanOptions => '--readonly',
|
||||
InitParser => \&InitEsetsEFSParser,
|
||||
ProcessOutput => \&ProcessEsetsEFSOutput,
|
||||
SupportScanning => $S_SUPPORTED,
|
||||
SupportDisinfect => $S_SUPPORTED,
|
||||
},
|
||||
"kse" => {
|
||||
Name => 'KSE',
|
||||
Lock => 'kseBusy.lock',
|
||||
|
@ -955,6 +966,13 @@ sub TryOneCommercial {
|
|||
} elsif ( $scanner eq 'savid' ) {
|
||||
SAVIDScan( $subdir, $disinfect, $batch );
|
||||
exit;
|
||||
} elsif ( $scanner eq 'esetsefs' ) {
|
||||
# Pass entire $BaseDir instead of $subdir so that lslog
|
||||
# can identify full path of threats in wrapper
|
||||
exec "$sweepcommand $instdir $voptions $BaseDir";
|
||||
MailScanner::Log::WarnLog("Cannot run esetsefs AV $scanner " .
|
||||
"(\"$sweepcommand\"): $!");
|
||||
exit 1;
|
||||
} else {
|
||||
exec "$sweepcommand $instdir $voptions $subdir";
|
||||
MailScanner::Log::WarnLog("Cannot run commercial AV $scanner " .
|
||||
|
@ -1318,6 +1336,11 @@ sub InitEsetsParser {
|
|||
;
|
||||
}
|
||||
|
||||
# Initialise any state variables the esets output parser uses
|
||||
sub InitEsetsEFSParser {
|
||||
;
|
||||
}
|
||||
|
||||
# Initialise any state variables the DrWeb output parser uses
|
||||
sub InitDrwebParser {
|
||||
;
|
||||
|
@ -2134,6 +2157,35 @@ sub ProcessEsetsOutput {
|
|||
return 1;
|
||||
}
|
||||
|
||||
sub ProcessEsetsEFSOutput {
|
||||
use File::Basename;
|
||||
|
||||
my ($line, $infections, $types, $BaseDir, $Name) = @_;
|
||||
chomp $line;
|
||||
|
||||
# return if line does not had threat
|
||||
return 0 if $line !~ m/(?:retained|cleaned)/i;
|
||||
|
||||
my ($a, $b, $c, $d, $e, $f, $g, $h) = split(/,/, $line);
|
||||
|
||||
my ($fileuri) = $c;
|
||||
my ($threat) = $d;
|
||||
my ($info) = $e;
|
||||
my ($action) = $f;
|
||||
|
||||
$fileuri =~ s/file:\/\/$BaseDir/\./;
|
||||
|
||||
my ($dot, $id, $part, @rest) = split(/\//, $fileuri);
|
||||
my $file = substr($part,1);
|
||||
|
||||
my $report = "Esets: found $threat in $file";
|
||||
$infections->{"$id"}{"$part"} .= $report . "\n";
|
||||
$types->{"$id"}{"$part"} .= "v"; # it's a real virus
|
||||
MailScanner::Log::InfoLog("Esets::INFECTED::$threat");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
# Parse the output of the DrWeb output.
|
||||
# Konrad Madej <kmadej@nask.pl>
|
||||
# Modified 2018-09-28 - Alan Urquhart <alan@asuweb.co.uk>
|
||||
|
|
Loading…
Reference in a new issue