From f1985d29d549447feab10de3d3afcc5fd4849a2f Mon Sep 17 00:00:00 2001 From: Shawn Iverson Date: Wed, 17 Oct 2018 19:28:18 -0400 Subject: [PATCH] Kaspersky (#256) Fix Issue #142 --- .../lib/MailScanner/wrapper/kaspersky-wrapper | 54 +++++++++++++ .../perl/MailScanner/SweepViruses.pm | 75 ++++++++++++++++++- 2 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 common/usr/lib/MailScanner/wrapper/kaspersky-wrapper diff --git a/common/usr/lib/MailScanner/wrapper/kaspersky-wrapper b/common/usr/lib/MailScanner/wrapper/kaspersky-wrapper new file mode 100644 index 0000000..59701cb --- /dev/null +++ b/common/usr/lib/MailScanner/wrapper/kaspersky-wrapper @@ -0,0 +1,54 @@ +#!/bin/sh + +# kaspersky-wrapper -- invoke Kaspersky AV for use with mailscanner +# +# MailScanner - SMTP E-Mail Virus Scanner +# Copyright (C) 2018 MailScanner Project +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +PackageDir=$1 # This may vary depending on your OS +shift + +Scanner=bin/kavscanner + +# pass this in from mailscanner's config + +# I'm only listing ones which we may find useful... + +ScanOptions="" +ScanOptions="$ScanOptions -eP" # scan packed files +ScanOptions="$ScanOptions -eA" # scan archive files +ScanOptions="$ScanOptions -eS" # scan self-extractors +ScanOptions="$ScanOptions -eM" # to check "plain mail format" files +ScanOptions="$ScanOptions -eB" # to check "mail databases" +ScanOptions="$ScanOptions -ee" # disable heuristic "code analyser" +ScanOptions="$ScanOptions -eP" # enable unpacking of executables +ScanOptions="$ScanOptions -eA" # enable archive extracting +ScanOptions="$ScanOptions -R" # do recurse +ScanOptions="$ScanOptions -mn" # report nothing for OK files. +ScanOptions="$ScanOptions -l" # stay on filesystem +ScanOptions="$ScanOptions -s" # skip all symlinks +ScanOptions="$ScanOptions -xn" # do not display clean files +ScanOptions="$ScanOptions -xp" # do not display progress + +if [ "x$1" = "x-IsItInstalled" ]; then + [ -x ${PackageDir}/$Scanner ] && exit 0 + exit 1 +fi + +exec ${PackageDir}/$Scanner $ScanOptions "$@" + diff --git a/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm b/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm index f147dbf..64bed67 100644 --- a/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm +++ b/common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm @@ -216,7 +216,18 @@ my %Scanners = ( ProcessOutput => \&ProcessDrwebOutput, SupportScanning => $S_SUPPORTED, SupportDisinfect => $S_NONE, - }, + }, + "kaspersky" => { + Name => 'Kaspersky', + Lock => 'kasperskyBusy.lock', + CommonOptions => '', + DisinfectOptions => '-i2', + ScanOptions => '-i0', + InitParser => \&InitKasperskyParser, + ProcessOutput => \&ProcessKasperskyOutput, + SupportScanning => $S_SUPPORTED, + SupportDisinfect => $S_SUPPORTED, + }, ); # Initialise the Sophos SAVI library if we are using it. @@ -2305,4 +2316,66 @@ sub ConnectToClamd { return $sock; } # EO ConnectToClamd +# If you use Kaspersky, look at this code carefully +# and then be very grateful you didn't have to write it. +# Note that Kaspersky will now change long paths so they have "..." +# in the middle of them, removing the middle of the path. +# *WHY* do people have to do dumb things like this? +# +sub ProcessKasperskyOutput { + my($line, $infections, $types, $BaseDir, $Name) = @_; + #my($line) = @_; + + my($report, $infected, $dot, $id, $part, @rest); + my($logout); + + # Don't know what kaspersky means by "object" yet... + + # Lose trailing cruft + return 0 unless defined $kaspersky_CurrentObject; + + if ($line =~ /^Current\sobject:\s(.*)$/) { + $kaspersky_CurrentObject = $1; + } + elsif ($kaspersky_CurrentObject eq "") { + # Lose leading cruft + return 0; + } + else { + chomp $line; + $line =~ s/^\r//; + # We can rely on BaseDir not having trailing slash. + # Prefer s/// to m// as less likely to do unpredictable things. + if ($line =~ / infected: /) { + $line =~ s/.* \.\.\. (.*)/\.$1/; # Kav will now put ... in long paths + $report = $line; + $logout = $line; + $logout =~ s/%/%%/g; + $logout =~ s/\s{20,}/ /g; + $line =~ s/^$BaseDir//; + $line =~ s/(.*) infected:.*/\.$1/; # To handle long paths again + ($dot,$id,$part,@rest) = split(/\//, $line); + my $notype = substr($part,1); + $logout =~ s/\Q$part\E/$notype/; + $report =~ s/\Q$part\E/$notype/; + + MailScanner::Log::InfoLog($logout); + $report = $Name . ': ' . $report if $Name; + $infections->{"$id"}{"$part"} .= $report . "\n"; + $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender + return 1; + } + # see commented code below if you think this regexp looks fishy + if ($line =~ /^([\r ]*)Scan\sprocess\scompleted\.\s*$/) { + undef $kaspersky_CurrentObject; + # uncomment this to see just one reason why I hate kaspersky AVP -- nwp + # foreach(split //, $1) { + # print ord($_) . "\n"; + # } + } + } + return 0; +} + 1; +