Re: [AMaViS-user] Calling external script upon INFECTED or Spam-score

Thu, 20 Oct 2005 22:03:40 -0700 

Mark, 

On Thu, Oct 20, 2005 at 08:14:22PM +0200, Mark Martinec wrote:
> > Hm, how about patches?
> 
> Something like this?
> 
> --- amavisd.ori Thu Oct 20 20:10:04 2005
> +++ amavisd     Thu Oct 20 20:10:27 2005
> @@ -7730,6 +7730,22 @@
>          do_log(0, $logline)  if $logline ne '';
>        }
>      }
> +    if (@virusname || $spam_level > 10) {
> +      use IO::Socket::UNIX;
> +      my($socketname) = '/var/tmp/some-socket';
> +      my($sock);
> +      $sock = IO::Socket::UNIX->new(Type => SOCK_STREAM)
> +        or die "Can't create UNIX socket: $!";
> +      if (!$sock->connect(pack_sockaddr_un($socketname))) {
> +        do_log(0, "Can't connect to UNIX socket $socketname: $!");
> +      } else {
> +        my($sr) = expand(\'-envelope="%s", -first="%e" -last="%a"',
> +                         \%mybuiltins);
> +        do_log(2, "Sending to $socketname: $$sr");
> +        $sock->print($$sr) or die "Can't write to socket $socketname: $!";
> +        $sock->close or die "Error closing socket $socketname: $!";
> +      }

Sounds not too bad so far. Allthough, I rather was thinking of system().
I'm not sure which ones causes more overhead, creating a UNIX TCP Socket, or
calling a script. Since the variables are tainted it won't raise a security
case.

Also, a script would give more freedom. Drawback is, that it would require
a plugin directory where administrators/developers MUST put their scripts in,
or at least configure a plugin directory with correct permissions and 
group/owner.

Second part is, the level 10 was rather plaintext, of course I meant 
$sa_kill_level_deflt, or even a new level, 
$sa_(report|script|administrativa)_level_deflt; I'm not sure which is most 
convenient and reasonable.


-- 
    Robert Felber (PGP: 896CF30B)
    Munich, Germany
--


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to