move virus plugins to plugins/virus/
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@260 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
b82536df19
commit
d7eb8673d1
@ -1,44 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
|
|
||||||
sub register {
|
|
||||||
my $self = shift;
|
|
||||||
$self->register_hook('data_post', 'check_for_hi_virus');
|
|
||||||
}
|
|
||||||
|
|
||||||
sub check_for_hi_virus {
|
|
||||||
my ($self, $transaction) = @_;
|
|
||||||
|
|
||||||
# make sure we read from the beginning;
|
|
||||||
$transaction->body_resetpos;
|
|
||||||
|
|
||||||
my $line_number = 0;
|
|
||||||
my $seen_file = 0;
|
|
||||||
my $ct_filename = '';
|
|
||||||
my $cd_filename = '';
|
|
||||||
|
|
||||||
while ($_ = $transaction->body_getline) {
|
|
||||||
last if $line_number++ > 40;
|
|
||||||
if (/^Content-Type: (.*)/) {
|
|
||||||
my $val = $1;
|
|
||||||
if ($val =~ /name="(.*)"/) {
|
|
||||||
$seen_file = 1;
|
|
||||||
$ct_filename = $1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (/^Content-Disposition: (.*)/) {
|
|
||||||
my $val = $1;
|
|
||||||
if ($val =~ /filename="(.*)"/) {
|
|
||||||
$seen_file = 1;
|
|
||||||
$cd_filename = $1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($seen_file and $ct_filename and $cd_filename) {
|
|
||||||
if ($ct_filename ne $cd_filename) {
|
|
||||||
return (DENY, "Probably the 'Hi' virus");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return DECLINED;
|
|
||||||
}
|
|
@ -1,66 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# Clam-AV plugin.
|
|
||||||
|
|
||||||
use File::Temp qw(tempfile);
|
|
||||||
|
|
||||||
sub register {
|
|
||||||
my ($self, $qp, @args) = @_;
|
|
||||||
$self->register_hook("data_post", "clam_scan");
|
|
||||||
|
|
||||||
if (@args > 0) {
|
|
||||||
# Untaint scanner location
|
|
||||||
if ($args[0] =~ /^(\/[\/\-\_\.a-z0-9A-Z]*)$/) {
|
|
||||||
$self->{_clamscan_loc} = $1;
|
|
||||||
} else {
|
|
||||||
$self->log(LOGERROR, "FATAL ERROR: Unexpected characters in clamav argument 1");
|
|
||||||
exit 3;
|
|
||||||
}
|
|
||||||
$self->log(LOGWARN, "WARNING: Ignoring additional arguments.") if (@args > 1);
|
|
||||||
} else {
|
|
||||||
$self->{_clamscan_loc} = "/usr/local/bin/clamscan";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sub clam_scan {
|
|
||||||
my ($self, $transaction) = @_;
|
|
||||||
|
|
||||||
my ($temp_fh, $filename) = tempfile();
|
|
||||||
print $temp_fh $transaction->header->as_string;
|
|
||||||
print $temp_fh "\n";
|
|
||||||
$transaction->body_resetpos;
|
|
||||||
while (my $line = $transaction->body_getline) {
|
|
||||||
print $temp_fh $line;
|
|
||||||
}
|
|
||||||
seek($temp_fh, 0, 0);
|
|
||||||
|
|
||||||
# Now do the actual scanning!
|
|
||||||
my $cmd = $self->{_clamscan_loc}." --stdout -i --max-recursion=50 --disable-summary $filename 2>&1";
|
|
||||||
$self->log(LOGDEBUG, "Running: $cmd");
|
|
||||||
my $output = `$cmd`;
|
|
||||||
|
|
||||||
my $result = ($? >> 8);
|
|
||||||
my $signal = ($? & 127);
|
|
||||||
|
|
||||||
unlink($filename);
|
|
||||||
chomp($output);
|
|
||||||
|
|
||||||
$output =~ s/^.* (.*) FOUND$/$1 /mg;
|
|
||||||
|
|
||||||
$self->log(LOGDEBUG, "clamscan results: $output");
|
|
||||||
|
|
||||||
if ($signal) {
|
|
||||||
$self->log(LOGINFO, "clamscan exited with signal: $signal");
|
|
||||||
return (DECLINED);
|
|
||||||
}
|
|
||||||
if ($result == 1) {
|
|
||||||
$self->log(LOGINFO, "Virus(es) found");
|
|
||||||
# return (DENY, "Virus Found: $output");
|
|
||||||
$transaction->header->add('X-Virus-Found', 'Yes');
|
|
||||||
$transaction->header->add('X-Virus-Details', $output);
|
|
||||||
}
|
|
||||||
elsif ($result) {
|
|
||||||
$self->log(LOGWARN, "ClamAV error: $result\n");
|
|
||||||
}
|
|
||||||
$transaction->header->add('X-Virus-Checked', 'Checked');
|
|
||||||
return (DECLINED);
|
|
||||||
}
|
|
@ -1,37 +0,0 @@
|
|||||||
sub register {
|
|
||||||
my ($self, $qp) = @_;
|
|
||||||
$self->register_hook("data_post", "check_klez");
|
|
||||||
}
|
|
||||||
|
|
||||||
sub check_klez {
|
|
||||||
my ($self, $transaction) = @_;
|
|
||||||
|
|
||||||
# klez files are always sorta big .. how big? Dunno.
|
|
||||||
return (DECLINED)
|
|
||||||
if $transaction->body_size < 60_000;
|
|
||||||
# 220k was too little, so let's just disable the "big size check"
|
|
||||||
# or $transaction->body_size > 1_000_000;
|
|
||||||
|
|
||||||
# maybe it would be worthwhile to add a check for
|
|
||||||
# Content-Type: multipart/alternative; here?
|
|
||||||
|
|
||||||
# make sure we read from the beginning;
|
|
||||||
$transaction->body_resetpos;
|
|
||||||
|
|
||||||
my $line_number = 0;
|
|
||||||
my $seen_klez_signature = 0;
|
|
||||||
|
|
||||||
while ($_ = $transaction->body_getline) {
|
|
||||||
last if $line_number++ > 40;
|
|
||||||
|
|
||||||
m/^Content-type:.*(?:audio|application)/i
|
|
||||||
and ++$seen_klez_signature and next;
|
|
||||||
|
|
||||||
return (DENY, "Klez Virus Detected")
|
|
||||||
if $seen_klez_signature
|
|
||||||
and m!^TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQA!;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return (DECLINED);
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user