diff --git a/plugins/check_for_hi_virus b/plugins/check_for_hi_virus deleted file mode 100644 index bc9601f..0000000 --- a/plugins/check_for_hi_virus +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/perl -w - -sub register { - my $self = shift; - $self->register_hook('data_post', 'check_for_hi_virus'); -} - -sub check_for_hi_virus { - my ($self, $transaction) = @_; - - # make sure we read from the beginning; - $transaction->body_resetpos; - - my $line_number = 0; - my $seen_file = 0; - my $ct_filename = ''; - my $cd_filename = ''; - - while ($_ = $transaction->body_getline) { - last if $line_number++ > 40; - if (/^Content-Type: (.*)/) { - my $val = $1; - if ($val =~ /name="(.*)"/) { - $seen_file = 1; - $ct_filename = $1; - } - } - if (/^Content-Disposition: (.*)/) { - my $val = $1; - if ($val =~ /filename="(.*)"/) { - $seen_file = 1; - $cd_filename = $1; - } - } - } - - if ($seen_file and $ct_filename and $cd_filename) { - if ($ct_filename ne $cd_filename) { - return (DENY, "Probably the 'Hi' virus"); - } - } - - return DECLINED; -} diff --git a/plugins/clamav b/plugins/clamav deleted file mode 100644 index 0c6f8e0..0000000 --- a/plugins/clamav +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/perl -w -# Clam-AV plugin. - -use File::Temp qw(tempfile); - -sub register { - my ($self, $qp, @args) = @_; - $self->register_hook("data_post", "clam_scan"); - - if (@args > 0) { - # Untaint scanner location - if ($args[0] =~ /^(\/[\/\-\_\.a-z0-9A-Z]*)$/) { - $self->{_clamscan_loc} = $1; - } else { - $self->log(LOGERROR, "FATAL ERROR: Unexpected characters in clamav argument 1"); - exit 3; - } - $self->log(LOGWARN, "WARNING: Ignoring additional arguments.") if (@args > 1); - } else { - $self->{_clamscan_loc} = "/usr/local/bin/clamscan"; - } -} - -sub clam_scan { - my ($self, $transaction) = @_; - - my ($temp_fh, $filename) = tempfile(); - print $temp_fh $transaction->header->as_string; - print $temp_fh "\n"; - $transaction->body_resetpos; - while (my $line = $transaction->body_getline) { - print $temp_fh $line; - } - seek($temp_fh, 0, 0); - - # Now do the actual scanning! - my $cmd = $self->{_clamscan_loc}." --stdout -i --max-recursion=50 --disable-summary $filename 2>&1"; - $self->log(LOGDEBUG, "Running: $cmd"); - my $output = `$cmd`; - - my $result = ($? >> 8); - my $signal = ($? & 127); - - unlink($filename); - chomp($output); - - $output =~ s/^.* (.*) FOUND$/$1 /mg; - - $self->log(LOGDEBUG, "clamscan results: $output"); - - if ($signal) { - $self->log(LOGINFO, "clamscan exited with signal: $signal"); - return (DECLINED); - } - if ($result == 1) { - $self->log(LOGINFO, "Virus(es) found"); - # return (DENY, "Virus Found: $output"); - $transaction->header->add('X-Virus-Found', 'Yes'); - $transaction->header->add('X-Virus-Details', $output); - } - elsif ($result) { - $self->log(LOGWARN, "ClamAV error: $result\n"); - } - $transaction->header->add('X-Virus-Checked', 'Checked'); - return (DECLINED); -} diff --git a/plugins/klez_filter b/plugins/klez_filter deleted file mode 100644 index c169807..0000000 --- a/plugins/klez_filter +++ /dev/null @@ -1,37 +0,0 @@ -sub register { - my ($self, $qp) = @_; - $self->register_hook("data_post", "check_klez"); -} - -sub check_klez { - my ($self, $transaction) = @_; - - # klez files are always sorta big .. how big? Dunno. - return (DECLINED) - if $transaction->body_size < 60_000; - # 220k was too little, so let's just disable the "big size check" - # or $transaction->body_size > 1_000_000; - - # maybe it would be worthwhile to add a check for - # Content-Type: multipart/alternative; here? - - # make sure we read from the beginning; - $transaction->body_resetpos; - - my $line_number = 0; - my $seen_klez_signature = 0; - - while ($_ = $transaction->body_getline) { - last if $line_number++ > 40; - - m/^Content-type:.*(?:audio|application)/i - and ++$seen_klez_signature and next; - - return (DENY, "Klez Virus Detected") - if $seen_klez_signature - and m!^TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQA!; - - } - - return (DECLINED); -}