Re: [Clamav-users] How to disinfect an mbox file?

Wed, 16 Jun 2004 09:51:10 -0700 

> I read in the FAQ that you don't have an option to
> disinfect files, only to report on or delete them.  I
> would think it wouldn't be too hard to disinfect a
> mailbox file though.


This might help clean out your mailbox.

cc -o clamfilter clamfilter.c
mv /var/mail/mybox mybox
./clamfilter mybox goodmail badmail
cat goodmail >> /var/mail/mybox

(not 100% safe on mailbox locking, you might prefer
to load the output into mail and then save it from there
to take advantage of /usr/bin/mail's locking)

G
--

#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>

#ifndef TRUE
#define TRUE (0==0)
#define FALSE (!TRUE)
#endif

static int suppress_output = (0!=0);

int is_infected(char *command)
{
  FILE *clam = popen(command, "r");

  if (clam == NULL) return(0==1);

  fprintf(stderr, "Command: %s\n", command);

  if (clam != NULL) {
    int rc, c, lastc = -1;
    int suppress_output = (0==0);
    char result[129];
    char *answer = result;
    result[128] = '\0';
    for (;;) {
      // return info is on first line
      c = fgetc(clam);
      if (c == EOF) break;
      if (c == '\n') break;
      if (!suppress_output) *answer++ = c;
      if (c == ' ' && lastc ==  ':') suppress_output = (0!=0);
      lastc = c;
    }
    *answer = '\0';
    if (c != EOF) {
      // drain
      for (;;) {
        c = fgetc(clam); if (c == EOF) break;
      }
    }
    pclose(clam);
    if (strcmp(result, "OK") == 0) {
      // clean.
      return(FALSE);
    }
    if (strcmp(result+strlen(result)-strlen(" FOUND"), " FOUND") == 0) {
      // clean.
      // fprintf(stdout, "X-ClamAV: %s\n", result);
      return(TRUE);
    }
  }
  return (FALSE);
}

void pushchar(int c, FILE *mailfile)
{
  fputc(c, mailfile);
}

int main(int argc, char **argv) {
int c;
FILE *infile, *goodfile, *badfile, *mailfile;
#define shufflebuff {int i; for (i = 0; i < 6; i++) buff[i] = buff[i+1];}
static char buff[8];
char tmpbuff[129];
char filename[129];
static char *From = "\n\nFrom ";
char *savedname;
  tmpbuff[128] = '\0';
  if (argc != 4) {
    fprintf(stderr, "syntax: %s mailfile goodfile badfile\n", argv[0]);
    exit(1);
  }
  infile = fopen(argv[1], "r");
  if (infile == NULL) {
    fprintf(stderr, "%s: cannot open %s\n", argv[0], argv[1]);
    exit(0);
  }
  buff[7] = '\0';
  c = fgetc(infile); buff[0] = c; if (c == EOF) {
    fprintf(stderr, "%s: input file %s is empty\n", argv[0], argv[1]);
  }
  c = fgetc(infile); buff[1] = c; assert (c != EOF);
  c = fgetc(infile); buff[2] = c; assert (c != EOF);
  c = fgetc(infile); buff[3] = c; assert (c != EOF);
  c = fgetc(infile); buff[4] = c; assert (c != EOF);
  c = fgetc(infile); buff[5] = c; assert (c != EOF);
  c = fgetc(infile); buff[6] = c; assert (c != EOF);
  for (;;) {
    mailfile = fopen(savedname = strdup(tmpnam(NULL)), "w");
    for (;;) {
      if (strcmp(buff, From) == 0) {
        /* flush last file, start this file */
        pushchar(buff[0], mailfile); shufflebuff; c = fgetc(infile); buff[6] = c&255;
        if (c == EOF) {
        } else pushchar(buff[0], mailfile); shufflebuff; c = fgetc(infile); buff[6] = 
c&255;
        if (c == EOF) {
          /* shouldn't happen unless mailbox is corrupt */
          break;
        }
        /* Buff is now "From " */
        fclose(mailfile);
        sprintf(tmpbuff, "/usr/local/bin/clamscan --mbox --stdout %s", savedname);
        sprintf(filename, "/bin/cat %s >> %s", savedname, 
                (is_infected(tmpbuff) ? argv[3] : argv[2]));
        fprintf(stderr, "Executing: %s\n", filename);
        system(filename);
        remove(savedname); free(savedname);
        mailfile = fopen(savedname = strdup(tmpnam(NULL)), "w");
      } else {
        pushchar(buff[0], mailfile); shufflebuff;
        c = fgetc(infile);
        if (c == EOF) {
          /* Flush */
          pushchar(buff[0], mailfile); shufflebuff;
          pushchar(buff[0], mailfile); shufflebuff;
          pushchar(buff[0], mailfile); shufflebuff;
          pushchar(buff[0], mailfile); shufflebuff;
          pushchar(buff[0], mailfile); shufflebuff;
          pushchar(buff[0], mailfile); shufflebuff;
          pushchar(buff[0], mailfile); shufflebuff;
          fclose(mailfile);

          sprintf(tmpbuff, "/usr/local/bin/clamscan --stdout --mbox  %s", savedname);
          sprintf(filename, "/bin/cat %s >> %s", savedname, 
                (is_infected(tmpbuff) ? argv[3] : argv[2]));
          fprintf(stderr, "Executing: %s\n", filename);
          system(filename);
          remove(savedname); free(savedname);

          mailfile = fopen(savedname = strdup(tmpnam(NULL)), "w");
          exit(0);
        }
        buff[6] = c&255;
      }
    }
  }
  fclose(mailfile);

  sprintf(tmpbuff, "/usr/local/bin/clamscan --stdout --mbox %s", savedname);
  sprintf(filename, "/bin/cat %s >> %s", savedname, 
          (is_infected(tmpbuff) ? argv[3] : argv[2]));
  fprintf(stderr, "Executing: %s\n", filename);
  system(filename);
  remove(savedname); free(savedname);

  exit(0);
  return(0);
}


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to