esets efs support (#558)

* esets efs support

* Set scanner to esetsefs

common/etc/MailScanner/virus.scanners.conf

@@ -24,6 +24,7 @@ clamav			/usr/lib/MailScanner/wrapper/clamav-wrapper			/usr
 clamd			/bin/false											/usr
 clamavmodule	/bin/false											/usr/share/perl5/ClamAV
 esets			/usr/lib/MailScanner/wrapper/esets-wrapper			/opt/eset/esets/sbin
+esetsefs		/usr/lib/MailScanner/wrapper/esetsefs-wrapper		/opt/eset/efs/bin
 f-secure		/usr/lib/MailScanner/wrapper/f-secure-wrapper		/opt/f-secure/fsav
 f-secured		/bin/false											/opt/f-secure/fsav
 f-secure-12		/usr/lib/MailScanner/wrapper/f-secure-12-wrapper	/opt/f-secure/linuxsecurity

common/usr/lib/MailScanner/wrapper/esetsefs-wrapper

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+# esetsefs-wrapper --	invoke esets efs for use with mailscanner
+#
+#   MailScanner - SMTP Email Processor
+#   Copyright (C) 2021 MailScanner Team <https://mailscanner.info>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+#      https://www.mailscanner.info
+#
+#
+PackageDir=$1
+shift
+Prog=odscan
+Log=lslog
+Epoch=$(date +%s)
+
+if [ "x$1" = "x-IsItInstalled" ]; then
+  [ -x ${PackageDir}/$Prog ] && exit 0
+  exit 1
+fi
+
+sudo ${PackageDir}/$Prog "$@"
+if [ $? -eq 50 -o $? -eq 1 ]; then
+  # Threat(s) found
+  LogFile=$(mktemp) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+  umask 077
+  rm -f $LogFile
+  # Grab just the end of the log to save on parsing
+  sudo ${PackageDir}/$Log -c -s --with-log-name | tail -n1000 >$LogFile 2>&1
+  # Output detections in current path on or after timestamp
+  Dir=$@
+  oldIFS="$IFS"
+  IFS=''
+  while read -r p || [ -n "$p" ]
+  do
+    if [[ $p =~ ^[0-9] ]]; then
+      Date=$(echo $p | awk -F',' '{print $1}')
+      Epoch2=$(date --date="$Date" +%s)
+      if [ $Epoch2 -ge $Epoch ]; then
+        # Grab detections and filter to scan directory
+        logID=$(echo ${p##*,} | tr -d '\r')
+        sudo ${PackageDir}/$Log -c --ods-detections=$logID | grep ${Dir##*\ } 2>&1
+      fi
+    fi
+  done < $LogFile
+  IFS=$oldIFS
+  rm -f $LogFile
+elif [ $? -eq 100 ]; then
+  # Scan failed
+  exit 1
+fi
+
+exit 0

common/usr/lib/MailScanner/wrapper/esetsefs-wrapper-README

@@ -0,0 +1,9 @@
+ESETS EFS requires root to scan
+
+Add to sudoers:
+
+postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/odscan
+postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/lslog
+
+where /opt/eset/efs/sbin/ is the real path to your esets scan binary
+and postfix is the real Run As user for MailScanner

common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm

@@ -261,6 +261,17 @@ my %Scanners = (
     SupportScanning	=> $S_SUPPORTED,
     SupportDisinfect	=> $S_SUPPORTED,
   },
+  "esetsefs"		=> {
+    Name		=> 'esetsefs',
+    Lock		=> 'esetsefsBusy.lock',
+    CommonOptions	=> '-s --profile="@In-depth scan"',
+    DisinfectOptions	=> '',
+    ScanOptions		=> '--readonly',
+    InitParser		=> \&InitEsetsEFSParser,
+    ProcessOutput	=> \&ProcessEsetsEFSOutput,
+    SupportScanning	=> $S_SUPPORTED,
+    SupportDisinfect	=> $S_SUPPORTED,
+  },
   "kse" => {
       Name             => 'KSE',
       Lock             => 'kseBusy.lock',
@@ -955,6 +966,13 @@ sub TryOneCommercial {
       } elsif ( $scanner eq 'savid' ) {
         SAVIDScan( $subdir, $disinfect, $batch );
         exit;
+      } elsif ( $scanner eq 'esetsefs' ) {
+        # Pass entire $BaseDir instead of $subdir so that lslog
+        # can identify full path of threats in wrapper
+        exec "$sweepcommand $instdir $voptions $BaseDir";
+        MailScanner::Log::WarnLog("Cannot run esetsefs AV $scanner " .
+                                  "(\"$sweepcommand\"): $!");
+        exit 1;
       } else {
         exec "$sweepcommand $instdir $voptions $subdir";
         MailScanner::Log::WarnLog("Cannot run commercial AV $scanner " .
@@ -1318,6 +1336,11 @@ sub InitEsetsParser {
   ;
 }
 
+# Initialise any state variables the esets output parser uses
+sub InitEsetsEFSParser {
+  ;
+}
+
 # Initialise any state variables the DrWeb output parser uses
 sub InitDrwebParser {
   ;
@@ -2134,6 +2157,35 @@ sub ProcessEsetsOutput {
   return 1;
 }
 
+sub ProcessEsetsEFSOutput {
+  use File::Basename;
+
+  my ($line, $infections, $types, $BaseDir, $Name) = @_;
+  chomp $line;
+
+  # return if line does not had threat
+  return 0 if $line !~ m/(?:retained|cleaned)/i;
+
+  my ($a, $b, $c, $d, $e, $f, $g, $h) = split(/,/, $line);
+ 
+  my ($fileuri) = $c;
+  my ($threat) = $d;
+  my ($info) = $e;
+  my ($action) = $f;
+
+  $fileuri =~ s/file:\/\/$BaseDir/\./;
+
+  my ($dot, $id, $part, @rest) = split(/\//, $fileuri);
+  my $file = substr($part,1);
+
+  my $report = "Esets: found $threat in $file";
+  $infections->{"$id"}{"$part"} .= $report . "\n";
+  $types->{"$id"}{"$part"} .= "v"; # it's a real virus
+  MailScanner::Log::InfoLog("Esets::INFECTED::$threat");
+  return 1;
+}
+
+
 # Parse the output of the DrWeb output.
 # Konrad Madej <kmadej@nask.pl>
 # Modified 2018-09-28 - Alan Urquhart <alan@asuweb.co.uk>