Kaspersky (#256)

Fix Issue #142

common/usr/lib/MailScanner/wrapper/kaspersky-wrapper

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# kaspersky-wrapper --	invoke Kaspersky AV for use with mailscanner
+#
+#   MailScanner - SMTP E-Mail Virus Scanner
+#   Copyright (C) 2018 MailScanner Project <https://mailscanner.info>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+PackageDir=$1   # This may vary depending on your OS
+shift
+
+Scanner=bin/kavscanner
+
+# pass this in from mailscanner's config
+
+# I'm only listing ones which we may find useful...
+
+ScanOptions=""
+ScanOptions="$ScanOptions -eP"		# scan packed files
+ScanOptions="$ScanOptions -eA"		# scan archive files
+ScanOptions="$ScanOptions -eS"		# scan self-extractors
+ScanOptions="$ScanOptions -eM"		# to check "plain mail format" files 
+ScanOptions="$ScanOptions -eB"		# to check "mail databases"
+ScanOptions="$ScanOptions -ee"		# disable heuristic "code analyser"
+ScanOptions="$ScanOptions -eP"		# enable unpacking of executables
+ScanOptions="$ScanOptions -eA"		# enable archive extracting
+ScanOptions="$ScanOptions -R"		# do recurse
+ScanOptions="$ScanOptions -mn"		# report nothing for OK files.
+ScanOptions="$ScanOptions -l"		# stay on filesystem
+ScanOptions="$ScanOptions -s"		# skip all symlinks
+ScanOptions="$ScanOptions -xn"		# do not display clean files
+ScanOptions="$ScanOptions -xp"		# do not display progress
+
+if [ "x$1" = "x-IsItInstalled" ]; then
+  [ -x ${PackageDir}/$Scanner ] && exit 0
+  exit 1
+fi
+
+exec ${PackageDir}/$Scanner $ScanOptions "$@"
+

common/usr/share/MailScanner/perl/MailScanner/SweepViruses.pm

@@ -217,6 +217,17 @@ my %Scanners = (
       SupportScanning     => $S_SUPPORTED,
       SupportDisinfect    => $S_NONE,
   },
+  "kaspersky"   => {
+    Name                => 'Kaspersky',
+    Lock                => 'kasperskyBusy.lock',
+    CommonOptions       => '',
+    DisinfectOptions    => '-i2',
+    ScanOptions         => '-i0',
+    InitParser          => \&InitKasperskyParser,
+    ProcessOutput       => \&ProcessKasperskyOutput,
+    SupportScanning     => $S_SUPPORTED,
+    SupportDisinfect    => $S_SUPPORTED,
+  },
 );
 
 # Initialise the Sophos SAVI library if we are using it.
@@ -2305,4 +2316,66 @@ sub ConnectToClamd {
   return $sock;
 } # EO ConnectToClamd
 
+# If you use Kaspersky, look at this code carefully
+# and then be very grateful you didn't have to write it.
+# Note that Kaspersky will now change long paths so they have "..."
+# in the middle of them, removing the middle of the path.
+# *WHY* do people have to do dumb things like this?
+#
+sub ProcessKasperskyOutput {
+  my($line, $infections, $types, $BaseDir, $Name) = @_;
+  #my($line) = @_;
+
+  my($report, $infected, $dot, $id, $part, @rest);
+  my($logout);
+
+  # Don't know what kaspersky means by "object" yet...
+
+  # Lose trailing cruft
+  return 0 unless defined $kaspersky_CurrentObject;
+
+  if ($line =~ /^Current\sobject:\s(.*)$/) {
+    $kaspersky_CurrentObject = $1;
+  }
+  elsif ($kaspersky_CurrentObject eq "") {
+    # Lose leading cruft
+    return 0;
+  }
+  else {
+    chomp $line;
+    $line =~ s/^\r//;
+    # We can rely on BaseDir not having trailing slash.
+    # Prefer s/// to m// as less likely to do unpredictable things.
+    if ($line =~ / infected: /) {
+      $line =~ s/.* \.\.\. (.*)/\.$1/; # Kav will now put ... in long paths
+      $report = $line;
+      $logout = $line;
+      $logout =~ s/%/%%/g;
+      $logout =~ s/\s{20,}/ /g;
+      $line =~ s/^$BaseDir//;
+      $line =~ s/(.*) infected:.*/\.$1/; # To handle long paths again
+      ($dot,$id,$part,@rest) = split(/\//, $line);
+      my $notype = substr($part,1);
+      $logout =~ s/\Q$part\E/$notype/;
+      $report =~ s/\Q$part\E/$notype/;
+
+      MailScanner::Log::InfoLog($logout);
+      $report = $Name . ': ' . $report if $Name;
+      $infections->{"$id"}{"$part"} .= $report . "\n";
+      $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender
+      return 1;
+    }
+    # see commented code below if you think this regexp looks fishy
+    if ($line =~ /^([\r ]*)Scan\sprocess\scompleted\.\s*$/) {
+      undef $kaspersky_CurrentObject;
+      # uncomment this to see just one reason why I hate kaspersky AVP -- nwp
+      # foreach(split //, $1) {
+      #   print ord($_) . "\n";
+      # }
+    }
+  }
+  return 0;
+}
+
 1;
+