Kaspersky (#256)

Fix Issue #142
This commit is contained in:
Shawn Iverson 2018-10-17 19:28:18 -04:00 committed by GitHub
parent cf7a3ff1fb
commit f1985d29d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 128 additions and 1 deletions

View file

@ -0,0 +1,54 @@
#!/bin/sh
# kaspersky-wrapper -- invoke Kaspersky AV for use with mailscanner
#
# MailScanner - SMTP E-Mail Virus Scanner
# Copyright (C) 2018 MailScanner Project <https://mailscanner.info>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
PackageDir=$1 # This may vary depending on your OS
shift
Scanner=bin/kavscanner
# pass this in from mailscanner's config
# I'm only listing ones which we may find useful...
ScanOptions=""
ScanOptions="$ScanOptions -eP" # scan packed files
ScanOptions="$ScanOptions -eA" # scan archive files
ScanOptions="$ScanOptions -eS" # scan self-extractors
ScanOptions="$ScanOptions -eM" # to check "plain mail format" files
ScanOptions="$ScanOptions -eB" # to check "mail databases"
ScanOptions="$ScanOptions -ee" # disable heuristic "code analyser"
ScanOptions="$ScanOptions -eP" # enable unpacking of executables
ScanOptions="$ScanOptions -eA" # enable archive extracting
ScanOptions="$ScanOptions -R" # do recurse
ScanOptions="$ScanOptions -mn" # report nothing for OK files.
ScanOptions="$ScanOptions -l" # stay on filesystem
ScanOptions="$ScanOptions -s" # skip all symlinks
ScanOptions="$ScanOptions -xn" # do not display clean files
ScanOptions="$ScanOptions -xp" # do not display progress
if [ "x$1" = "x-IsItInstalled" ]; then
[ -x ${PackageDir}/$Scanner ] && exit 0
exit 1
fi
exec ${PackageDir}/$Scanner $ScanOptions "$@"

View file

@ -216,7 +216,18 @@ my %Scanners = (
ProcessOutput => \&ProcessDrwebOutput, ProcessOutput => \&ProcessDrwebOutput,
SupportScanning => $S_SUPPORTED, SupportScanning => $S_SUPPORTED,
SupportDisinfect => $S_NONE, SupportDisinfect => $S_NONE,
}, },
"kaspersky" => {
Name => 'Kaspersky',
Lock => 'kasperskyBusy.lock',
CommonOptions => '',
DisinfectOptions => '-i2',
ScanOptions => '-i0',
InitParser => \&InitKasperskyParser,
ProcessOutput => \&ProcessKasperskyOutput,
SupportScanning => $S_SUPPORTED,
SupportDisinfect => $S_SUPPORTED,
},
); );
# Initialise the Sophos SAVI library if we are using it. # Initialise the Sophos SAVI library if we are using it.
@ -2305,4 +2316,66 @@ sub ConnectToClamd {
return $sock; return $sock;
} # EO ConnectToClamd } # EO ConnectToClamd
# If you use Kaspersky, look at this code carefully
# and then be very grateful you didn't have to write it.
# Note that Kaspersky will now change long paths so they have "..."
# in the middle of them, removing the middle of the path.
# *WHY* do people have to do dumb things like this?
#
sub ProcessKasperskyOutput {
my($line, $infections, $types, $BaseDir, $Name) = @_;
#my($line) = @_;
my($report, $infected, $dot, $id, $part, @rest);
my($logout);
# Don't know what kaspersky means by "object" yet...
# Lose trailing cruft
return 0 unless defined $kaspersky_CurrentObject;
if ($line =~ /^Current\sobject:\s(.*)$/) {
$kaspersky_CurrentObject = $1;
}
elsif ($kaspersky_CurrentObject eq "") {
# Lose leading cruft
return 0;
}
else {
chomp $line;
$line =~ s/^\r//;
# We can rely on BaseDir not having trailing slash.
# Prefer s/// to m// as less likely to do unpredictable things.
if ($line =~ / infected: /) {
$line =~ s/.* \.\.\. (.*)/\.$1/; # Kav will now put ... in long paths
$report = $line;
$logout = $line;
$logout =~ s/%/%%/g;
$logout =~ s/\s{20,}/ /g;
$line =~ s/^$BaseDir//;
$line =~ s/(.*) infected:.*/\.$1/; # To handle long paths again
($dot,$id,$part,@rest) = split(/\//, $line);
my $notype = substr($part,1);
$logout =~ s/\Q$part\E/$notype/;
$report =~ s/\Q$part\E/$notype/;
MailScanner::Log::InfoLog($logout);
$report = $Name . ': ' . $report if $Name;
$infections->{"$id"}{"$part"} .= $report . "\n";
$types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender
return 1;
}
# see commented code below if you think this regexp looks fishy
if ($line =~ /^([\r ]*)Scan\sprocess\scompleted\.\s*$/) {
undef $kaspersky_CurrentObject;
# uncomment this to see just one reason why I hate kaspersky AVP -- nwp
# foreach(split //, $1) {
# print ord($_) . "\n";
# }
}
}
return 0;
}
1; 1;