byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move virus plugins to plugins/virus/

Browse Source 
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@260 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
Ask Bjørn Hansen 2004-07-14 23:56:54 +00:00
parent b82536df19
commit d7eb8673d1
3 changed files with 0 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
plugins/check_for_hi_virus
View File

@ -1,44 +0,0 @@
#!/usr/bin/perl -w
sub register {
my $self = shift;
$self->register_hook('data_post', 'check_for_hi_virus');
}
sub check_for_hi_virus {
my ($self, $transaction) = @_;
# make sure we read from the beginning;
$transaction->body_resetpos;
my $line_number = 0;
my $seen_file = 0;
my $ct_filename = '';
my $cd_filename = '';
while ($_ = $transaction->body_getline) {
last if $line_number++ > 40;
if (/^Content-Type: (.*)/) {
my $val = $1;
if ($val =~ /name="(.*)"/) {
$seen_file = 1;
$ct_filename = $1;
}
}
if (/^Content-Disposition: (.*)/) {
my $val = $1;
if ($val =~ /filename="(.*)"/) {
$seen_file = 1;
$cd_filename = $1;
}
}
}
if ($seen_file and $ct_filename and $cd_filename) {
if ($ct_filename ne $cd_filename) {
return (DENY, "Probably the 'Hi' virus");
}
}
return DECLINED;
}

66
plugins/clamav
View File

@ -1,66 +0,0 @@
#!/usr/bin/perl -w
# Clam-AV plugin.
use File::Temp qw(tempfile);
sub register {
my ($self, $qp, @args) = @_;
$self->register_hook("data_post", "clam_scan");
if (@args > 0) {
# Untaint scanner location
if ($args[0] =~ /^(\/[\/\-\_\.a-z0-9A-Z]*)$/) {
$self->{_clamscan_loc} = $1;
} else {
$self->log(LOGERROR, "FATAL ERROR: Unexpected characters in clamav argument 1");
exit 3;
}
$self->log(LOGWARN, "WARNING: Ignoring additional arguments.") if (@args > 1);
} else {
$self->{_clamscan_loc} = "/usr/local/bin/clamscan";
}
}
sub clam_scan {
my ($self, $transaction) = @_;
my ($temp_fh, $filename) = tempfile();
print $temp_fh $transaction->header->as_string;
print $temp_fh "\n";
$transaction->body_resetpos;
while (my $line = $transaction->body_getline) {
print $temp_fh $line;
}
seek($temp_fh, 0, 0);
# Now do the actual scanning!
my $cmd = $self->{_clamscan_loc}." --stdout -i --max-recursion=50 --disable-summary $filename 2>&1";
$self->log(LOGDEBUG, "Running: $cmd");
my $output = `$cmd`;
my $result = ($? >> 8);
my $signal = ($? & 127);
unlink($filename);
chomp($output);
$output =~ s/^.* (.*) FOUND$/$1 /mg;
$self->log(LOGDEBUG, "clamscan results: $output");
if ($signal) {
$self->log(LOGINFO, "clamscan exited with signal: $signal");
return (DECLINED);
}
if ($result == 1) {
$self->log(LOGINFO, "Virus(es) found");
# return (DENY, "Virus Found: $output");
$transaction->header->add('X-Virus-Found', 'Yes');
$transaction->header->add('X-Virus-Details', $output);
}
elsif ($result) {
$self->log(LOGWARN, "ClamAV error: $result\n");
}
$transaction->header->add('X-Virus-Checked', 'Checked');
return (DECLINED);
}

37
plugins/klez_filter
View File

@ -1,37 +0,0 @@
sub register {
my ($self, $qp) = @_;
$self->register_hook("data_post", "check_klez");
}
sub check_klez {
my ($self, $transaction) = @_;
# klez files are always sorta big .. how big? Dunno.
return (DECLINED)
if $transaction->body_size < 60_000;
# 220k was too little, so let's just disable the "big size check"
# or $transaction->body_size > 1_000_000;
# maybe it would be worthwhile to add a check for
# Content-Type: multipart/alternative; here?
# make sure we read from the beginning;
$transaction->body_resetpos;
my $line_number = 0;
my $seen_klez_signature = 0;
while ($_ = $transaction->body_getline) {
last if $line_number++ > 40;
m/^Content-type:.*(?:audio|application)/i
and ++$seen_klez_signature and next;
return (DENY, "Klez Virus Detected")
if $seen_klez_signature
and m!^TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQA!;
}
return (DECLINED);
}