2012-06-22 11:38:01 +02:00
|
|
|
#!perl -w
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
clamdscan
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
A qpsmtpd plugin for virus scanning using the ClamAV scan daemon, clamd.
|
|
|
|
|
|
|
|
=head1 RESTRICTIONS
|
|
|
|
|
2013-12-20 06:22:09 +01:00
|
|
|
If connecting to clamd via TCP/IP host:port, then ignore this restriction.
|
|
|
|
|
2012-06-22 11:38:01 +02:00
|
|
|
The ClamAV scan daemon, clamd, must have at least execute access to the qpsmtpd
|
|
|
|
spool directory in order to sucessfully scan the messages. You can ensure this
|
|
|
|
by running clamd as the same user as qpsmtpd does, or by doing the following:
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item * Change the group ownership of the spool directory to be a group
|
|
|
|
of which clamav is a member or add clamav to the same group as the qpsmtpd
|
|
|
|
user.
|
|
|
|
|
|
|
|
=item * Enable the "AllowSupplementaryGroups" option in clamd.conf.
|
|
|
|
|
|
|
|
=item * Add group-execute permissions to the qpsmtpd spool directory.
|
|
|
|
|
|
|
|
=item * Make sure that all directories above the spool directory (to the
|
|
|
|
root) are g+x so that the group has directory traversal rights; it is not
|
|
|
|
necessary for the group to have any read rights.
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
It may be helpful to temporary grant the clamav user a shell and test to
|
|
|
|
make sure you can cd into the spool directory and read files located there.
|
|
|
|
Remember to remove the shell from the clamav user when you are done
|
|
|
|
testing.
|
|
|
|
|
|
|
|
=head1 INSTALL AND CONFIG
|
|
|
|
|
|
|
|
Place this plugin in the plugin/virus directory beneath the standard
|
|
|
|
qpsmtpd installation. If you installed clamd with the default path, you
|
|
|
|
can use this plugin with default options (nothing specified):
|
|
|
|
|
|
|
|
You must have the ClamAV::Client module installed to use the plugin.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<clamd_socket>
|
|
|
|
|
2013-12-20 06:22:09 +01:00
|
|
|
Full path to the clamd socket, if different from the ClamAV::Client defaults.
|
|
|
|
|
|
|
|
=item B<clamd_host>
|
|
|
|
|
|
|
|
IP address where clamd is listening.
|
|
|
|
|
|
|
|
Default: localhost
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
=item B<clamd_port>
|
|
|
|
|
2013-12-20 06:22:09 +01:00
|
|
|
The TCP port where the clamd service is running, typically 3310.
|
|
|
|
|
|
|
|
Default: disabled. When present, overrides clamd_socket.
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
=item B<deny_viruses>
|
|
|
|
|
|
|
|
Whether the scanner will automatically delete messages which have viruses.
|
2013-12-20 06:22:09 +01:00
|
|
|
Takes either 'yes' or 'no'. If set to 'no', adds a header with the virus name.
|
|
|
|
|
|
|
|
Default: yes
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
=item B<defer_on_error>
|
|
|
|
|
|
|
|
Whether to defer the mail (with a soft-failure error, which will incur a retry)
|
|
|
|
if an unrecoverable error occurs during the scan. The default is to accept
|
|
|
|
the mail under these conditions. This can permit viruses to be accepted when
|
|
|
|
the clamd daemon is malfunctioning or unreadable, but will not allow mail to
|
|
|
|
backlog or be lost if the condition persists.
|
|
|
|
|
|
|
|
=item B<max_size>
|
|
|
|
|
2013-12-20 06:22:09 +01:00
|
|
|
The maximum size, in kilobytes, of messages to scan.
|
|
|
|
|
|
|
|
Default: 1024 (1 MB)
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
=item B<scan_all>
|
|
|
|
|
|
|
|
Scan all messages, even if there are no attachments
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 REQUIREMENTS
|
|
|
|
|
|
|
|
This module requires the ClamAV::Client module, found on CPAN here:
|
|
|
|
|
|
|
|
L<http://search.cpan.org/dist/ClamAV-Client/>
|
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
|
|
|
Originally written for the Clamd module by John Peacock <jpeacock@cpan.org>;
|
|
|
|
adjusted for ClamAV::Client by Devin Carraway <qpsmtpd/@/devin.com>.
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
2013-04-30 05:49:22 +02:00
|
|
|
Copyright (c) 2005 John Peacock,
|
|
|
|
Copyright (c) 2007 Devin Carraway
|
2013-12-20 06:22:09 +01:00
|
|
|
Copyright (c) 2013 Matt Simerson
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
Based heavily on the clamav plugin
|
|
|
|
|
|
|
|
This plugin is licensed under the same terms as the qpsmtpd package itself.
|
|
|
|
Please see the LICENSE file included with qpsmtpd for details.
|
|
|
|
|
|
|
|
=cut
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
#use ClamAV::Client; # eval'ed in $self->register
|
2013-12-20 06:22:09 +01:00
|
|
|
use Socket qw(:DEFAULT :crlf);
|
|
|
|
|
2012-06-22 11:38:01 +02:00
|
|
|
use Qpsmtpd::Constants;
|
|
|
|
|
|
|
|
sub register {
|
2013-12-20 06:22:09 +01:00
|
|
|
my $self = shift;
|
|
|
|
my $qp = shift;
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
$self->log(LOGERROR, "Bad parameters for the clamdscan plugin") if @_ % 2;
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->{'_args'} = {@_};
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2014-09-16 08:41:31 +02:00
|
|
|
eval 'use ClamAV::Client'; ## no critic (Stringy)
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($@) {
|
2012-06-22 11:38:01 +02:00
|
|
|
$self->log(LOGERROR, "unable to load ClamAV::Client");
|
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2014-09-16 08:41:31 +02:00
|
|
|
# Set sensible defaults
|
|
|
|
$self->{_args}{max_size} ||= 1024;
|
2014-09-16 19:03:49 +02:00
|
|
|
if ( ! defined $self->{_args}{deny_viruses} ) {
|
|
|
|
$self->{_args}{deny_viruses} = 'yes';
|
|
|
|
}
|
2014-09-16 20:51:19 +02:00
|
|
|
if ( ! defined $self->{_args}{scan_all} ) {
|
2014-09-16 19:03:49 +02:00
|
|
|
$self->{_args}{scan_all} = 1;
|
|
|
|
}
|
|
|
|
for my $setting (qw( deny_viruses defer_on_error scan_all )) {
|
2012-06-22 11:38:01 +02:00
|
|
|
next unless $self->{'_args'}{$setting};
|
2013-04-21 06:50:39 +02:00
|
|
|
if (lc $self->{'_args'}{$setting} eq 'no') {
|
2012-06-22 11:38:01 +02:00
|
|
|
$self->{'_args'}{$setting} = 0;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$self->register_hook('data_post', 'data_post_handler');
|
|
|
|
}
|
|
|
|
|
|
|
|
sub data_post_handler {
|
2013-04-21 06:50:39 +02:00
|
|
|
my ($self, $transaction) = @_;
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($self->connection->notes('naughty')) {
|
|
|
|
$self->log(LOGINFO, "skip, naughty");
|
2014-09-16 20:51:19 +02:00
|
|
|
return DECLINED;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2014-09-16 20:48:19 +02:00
|
|
|
return DECLINED if ! $self->should_scan($transaction);
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
my $clamd = $self->get_clamd()
|
2013-04-21 06:50:39 +02:00
|
|
|
or return $self->err_and_return("Cannot instantiate ClamAV::Client");
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
unless (eval { $clamd->ping() }) {
|
|
|
|
return $self->err_and_return("Cannot ping clamd server: $@");
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
my ($version) = split(/\//, $clamd->version);
|
|
|
|
$version ||= 'ClamAV';
|
|
|
|
|
2013-12-20 06:22:09 +01:00
|
|
|
my ($path, $found);
|
|
|
|
if ( $self->{_args}{clamd_port} ) {
|
|
|
|
my $message = $self->assemble_message($transaction);
|
|
|
|
$found = eval { $clamd->scan_scalar(\$message) }; # pass scalar ref
|
|
|
|
# $found = eval { $clamd->scan_stream() }; # pass IO handle
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
my $filename = $self->get_filename($transaction) or return DECLINED;
|
|
|
|
$self->set_permission($filename) or return DECLINED;
|
|
|
|
($path, $found) = eval { $clamd->scan_path($filename) };
|
|
|
|
};
|
|
|
|
|
2012-06-22 11:38:01 +02:00
|
|
|
if ($@) {
|
2013-04-21 06:50:39 +02:00
|
|
|
return $self->err_and_return("Error scanning mail: $@");
|
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($found) {
|
|
|
|
$self->log(LOGNOTICE, "fail, found virus $found");
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-30 05:49:22 +02:00
|
|
|
$self->is_naughty(1); # see plugins/naughty
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->adjust_karma(-1);
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($self->{_args}{deny_viruses}) {
|
2014-09-16 20:51:19 +02:00
|
|
|
return DENY, "Virus found: $found";
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$transaction->header->add('X-Virus-Found', 'Yes', 0);
|
|
|
|
$transaction->header->add('X-Virus-Details', $found, 0);
|
2014-09-16 20:51:19 +02:00
|
|
|
return DECLINED;
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGINFO, "pass, clean");
|
|
|
|
$transaction->header->add('X-Virus-Found', 'No', 0);
|
|
|
|
$transaction->header->add('X-Virus-Checked',
|
|
|
|
"by $version on " . $self->qp->config('me'), 0);
|
2014-09-16 20:51:19 +02:00
|
|
|
return DECLINED;
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
2013-12-20 06:22:09 +01:00
|
|
|
sub assemble_message {
|
|
|
|
my ($self, $transaction) = @_;
|
|
|
|
$transaction->body_resetpos;
|
|
|
|
my $message = $transaction->header->as_string . "\n\n";
|
|
|
|
while (my $line = $transaction->body_getline) { $message .= $line; }
|
|
|
|
$message = join(CRLF, split /\n/, $message);
|
|
|
|
return $message . CRLF;
|
|
|
|
}
|
|
|
|
|
2012-06-22 11:38:01 +02:00
|
|
|
sub err_and_return {
|
2013-04-21 06:50:39 +02:00
|
|
|
my $self = shift;
|
2012-06-22 11:38:01 +02:00
|
|
|
my $message = shift;
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($message) {
|
|
|
|
$self->log(LOGERROR, $message);
|
|
|
|
}
|
2014-09-16 20:51:19 +02:00
|
|
|
return DENYSOFT, "Unable to scan for viruses"
|
2013-04-21 06:50:39 +02:00
|
|
|
if $self->{_args}{defer_on_error};
|
2014-09-16 20:51:19 +02:00
|
|
|
return DECLINED, "skip";
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub get_filename {
|
|
|
|
my $self = shift;
|
|
|
|
my $transaction = shift || $self->qp->transaction;
|
|
|
|
|
|
|
|
my $filename = $transaction->body_filename;
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!$filename) {
|
|
|
|
$self->log(LOGWARN, "Cannot process due to lack of filename");
|
2012-06-22 11:38:01 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!-f $filename) {
|
2014-09-16 08:41:31 +02:00
|
|
|
if ($transaction->data_size) {
|
|
|
|
$self->log(LOGERROR, "spool file missing! Attempting to respool");
|
|
|
|
$transaction->body_spool;
|
|
|
|
$filename = $transaction->body_filename;
|
|
|
|
};
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!-f $filename) {
|
|
|
|
$self->log(LOGERROR, "skip: failed spool to $filename! Giving up");
|
2012-06-22 11:38:01 +02:00
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
my $size = (stat($filename))[7];
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGDEBUG, "Spooled $size bytes to $filename");
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return $filename;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub set_permission {
|
|
|
|
my ($self, $filename) = @_;
|
|
|
|
|
|
|
|
# the spool directory must be readable and executable by the scanner;
|
|
|
|
# this generally means either group or world exec; if
|
|
|
|
# neither of these is set, issue a warning but try to proceed anyway
|
2013-04-21 06:50:39 +02:00
|
|
|
my $dir_mode = (stat($self->spool_dir()))[2];
|
|
|
|
$self->log(LOGDEBUG, "spool dir mode: $dir_mode");
|
|
|
|
|
2014-09-16 08:41:31 +02:00
|
|
|
if ($dir_mode & oct('0010') || $dir_mode & oct('0001')) {
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
# match the spool file mode with the mode of the directory -- add
|
|
|
|
# the read bit for group, world, or both, depending on what the
|
|
|
|
# spool dir had, and strip all other bits, especially the sticky bit
|
2013-04-21 06:50:39 +02:00
|
|
|
my $fmode =
|
2014-09-16 08:41:31 +02:00
|
|
|
($dir_mode & oct('0044')) | ($dir_mode & oct('0010') ? oct('0040') : 0) |
|
|
|
|
($dir_mode & oct('0001') ? oct('0004') : 0);
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
unless (chmod $fmode, $filename) {
|
|
|
|
$self->log(LOGERROR, "chmod: $filename: $!");
|
2012-06-22 11:38:01 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGWARN,
|
|
|
|
"spool directory permissions do not permit scanner access");
|
2012-06-22 11:38:01 +02:00
|
|
|
return 1;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub get_clamd {
|
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
my $port = $self->{'_args'}{'clamd_port'};
|
|
|
|
my $host = $self->{'_args'}{'clamd_host'} || 'localhost';
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($port && $port =~ /^(\d+)/) {
|
|
|
|
return new ClamAV::Client(socket_host => $host, socket_port => $1);
|
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
my $socket = $self->{'_args'}{'clamd_socket'};
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($socket) {
|
|
|
|
if ($socket =~ /([\w\/.]+)/) {
|
|
|
|
return new ClamAV::Client(socket_name => $1);
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGERROR, "invalid characters in socket name");
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return new ClamAV::Client;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub is_too_big {
|
|
|
|
my $self = shift;
|
|
|
|
my $transaction = shift || $self->qp->transaction;
|
|
|
|
|
|
|
|
my $size = $transaction->data_size;
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($size > $self->{_args}{max_size} * 1024) {
|
|
|
|
$self->log(LOGINFO, "skip, too big ($size)");
|
2012-06-22 11:38:01 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGDEBUG, "data_size, $size");
|
2014-09-16 20:51:19 +02:00
|
|
|
return 0;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub is_not_multipart {
|
|
|
|
my $self = shift;
|
|
|
|
my $transaction = shift || $self->qp->transaction;
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
return 1 if !$transaction->header;
|
2012-06-23 05:37:42 +02:00
|
|
|
|
2012-06-22 11:38:01 +02:00
|
|
|
# Ignore non-multipart emails
|
|
|
|
my $content_type = $transaction->header->get('Content-Type') or return 1;
|
|
|
|
$content_type =~ s/\s/ /g;
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($content_type !~ m!\bmultipart/.*\bboundary="?([^"]+)!i) {
|
|
|
|
$self->log(LOGNOTICE, "skip, not multipart");
|
2012-06-22 11:38:01 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2014-09-16 20:48:19 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub should_scan {
|
|
|
|
my $self = shift;
|
|
|
|
my $tran = shift;
|
|
|
|
return 0 if $self->is_too_big($tran);
|
|
|
|
return 1 if $self->{_args}{scan_all};
|
|
|
|
return 0 if $self->is_not_multipart($tran);
|
|
|
|
return 1;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|