Hello list,
since the kavdaemon-project seems to be dead (last release in 2003)
and Kaspersky developed an own socket interface for KAV, I decided to
test this one with qmail-scanner.
aveclient communicates with aveserver through a socket, so the virus
databases has not to be loaded for every single check. This involves a
speed gain and reduce CPU- and I/O-load significantly.
In the attachment you find a patch for configure and
qmail-scanner-queue.template as well as the sub-aveclient.pl.
It is tested with Kaspersky Anti-Virus for Linux Mail Servers --
Version 5.5.3 (german) on Debian Sarge.
Test and feedback is appreciated.
--
Grüße,
Alexander Hosfeld
diff --recursive -u qmail-scanner-2.01/configure
qmail-scanner-2.01.PATCH/configure
--- qmail-scanner-2.01/configure 2006-04-04 23:37:03.000000000 +0200
+++ qmail-scanner-2.01.PATCH/configure 2006-08-16 10:25:17.000000000 +0200
@@ -38,7 +38,7 @@
VERSION=`grep '^# Version: ' qmail-scanner-queue.template`
VERSION=`echo $VERSION|awk '{print $NF}'`
-SUPPORTED_SCANNERS="avgd,clamdscan,clamscan,bitdefender,nod32,clamuko,sweep,sophie,vscan,trophie,uvscan,csav,antivir,kavscanner,AvpLinux,kavdaemon,AvpDaemonClient,fsav,fprot,inocucmd,ravlin,vexira,verbose_spamassassin,fast_spamassassin"
+SUPPORTED_SCANNERS="avgd,clamdscan,clamscan,bitdefender,nod32,clamuko,sweep,sophie,vscan,trophie,uvscan,csav,antivir,kavscanner,aveclient,AvpLinux,kavdaemon,AvpDaemonClient,fsav,fprot,inocucmd,ravlin,vexira,verbose_spamassassin,fast_spamassassin"
SILENT_VIRUSES='klez,bugbear,hybris,yaha,braid,nimda,tanatos,sobig,winevar,palyh,fizzer,gibe,cailont,lovelorn,swen,dumaru,sober,hawawi,holar-i,mimail,poffer,bagle,worm.galil,mydoom,worm.sco,tanx,novarg,[EMAIL
PROTECTED]'
@@ -109,6 +109,7 @@
MAX_ZIP_SIZE="1000000000"
MAX_SCAN_SIZE="100000000"
SA_EXAMPLE_QUARANTINE="5"
+AVE_SOCKET="/var/run/aveserver"
while [ -n "$1" ]
do
@@ -149,6 +150,7 @@
--mime-unpacker) if [ "$2" != "" ] ; then shift ; fi ;
MIME_UNPACKER="$1" ;;
--sa-quarantine) if [ "$2" != "" -a "`echo $2|grep '\-'`" = "" ]; then
shift ; fi ; SA_TEMP="$1" ;;
--install) INSTALLIT="1" ; if [ "$2" != "" -a "`echo $2|grep '\-'`" =
"" ] ; then shift ; fi ;;
+ --aveclient-socket) if [ "$2" != "" ]; then shift ; fi ;
AVE_SOCKET="$1" ;;
*) cat <<EOF >&2
valid options:
@@ -341,6 +343,9 @@
binary. This is only EVER set when doing a manual
install.
+ --aveclient-socket Defaults to "/var/run/aveserver". Specifies the
socket to use
+ for aveclient.
+
This script must be run as root so it can detect problems with setuid
perl scripts!
@@ -940,6 +945,22 @@
fi
fi
fi
+ if test -x $dir/aveclient
+ then
+ if [ "`echo $FIND_SCANNERS|grep ' aveclient '`" != "" -a "$AVECLIENT"
= "" ]; then
+ if test -f "sub-aveclient.pl"
+ then
+ #if [ "`setuidgid $QS_USER $dir/aveclient -p $AVE_SOCKET -s
$TMP_DIR/* 2>&1|egrep -i 'virus|test'`" != "" ]; then
+ if [ "`$dir/aveclient -p $AVE_SOCKET -s $TMP_DIR/* 2>&1|egrep
-i 'virus|test'`" != "" ]; then
+ AVPSCAN=""
+ AVPDAEMON=""
+ AVECLIENT="${AVECLIENT:-$dir/aveclient}"
+ INSTALLED_SCANNERS="$INSTALLED_SCANNERS
+aveclient"
+ fi
+ fi
+ fi
+ fi
if test -x $dir/fsav
then
if [ "`echo $FIND_SCANNERS|grep ' fsav '`" != "" -a "$FSECURE" = "" ];
then
@@ -1513,6 +1534,11 @@
SCANNER_ARRAY="$SCANNER_ARRAY,\"avpdaemon_scanner\""
fi
+if [ "$AVECLIENT" != "" ]; then
+ echo "aveclient=$AVECLIENT"
+ SCANNER_ARRAY="$SCANNER_ARRAY,\"aveclient_scanner\""
+fi
+
if [ "$FPROT" != "" ]; then
echo "fprot=$FPROT"
SCANNER_ARRAY="$SCANNER_ARRAY,\"fprot_scanner\""
@@ -1790,6 +1816,8 @@
s?HBEDV?$HBEDV?g;
s?AVPSCAN?$AVPSCAN?g;
s?AVPDAEMON?$AVPDAEMON?g;
+s?AVECLIENT?$AVECLIENT?g;
+s?AVE_SOCKET?$AVE_SOCKET?g;
s?FPROT?$FPROT?g;
s?FSECURE?$FSECURE?g;
s?INOCUCMD?$INOCUCMD?g;
diff --recursive -u qmail-scanner-2.01/qmail-scanner-queue.template
qmail-scanner-2.01.PATCH/qmail-scanner-queue.template
--- qmail-scanner-2.01/qmail-scanner-queue.template 2006-04-04
04:00:17.000000000 +0200
+++ qmail-scanner-2.01.PATCH/qmail-scanner-queue.template 2006-08-16
10:13:01.000000000 +0200
@@ -226,6 +226,8 @@
my $hbedv_options='HBEDV_OPTIONS';
my $avp_binary='AVPSCAN';
my $avpdaemon_binary='AVPDAEMON';
+my $aveclient_binary='AVECLIENT';
+my $aveclient_socket='AVE_SOCKET';
my $fprot_binary='FPROT';
my $fsecure_binary='FSECURE';
my $inocucmd_binary='INOCUCMD';
@@ -1791,6 +1793,15 @@
}
}
close(AVP);
+ } elsif ($scanner eq "aveclient") {
+ open(AVE,"$aveclient_binary -v 2>&1 |")||die "failed to call
$aveclient_binary -v - $!";
+ while (<AVE>) {
+ chomp;
+ if (/server (.*), compiled/){
+ $SCANINFO .= "aveclient: $1. ";
+ }
+ close(AVE);
+ }
} elsif ($scanner eq "ravlin") {
open(RAV,"$ravlin_binary --version 2>&1 |")||die "failed to call
$ravlin_binary --version - $!";
while (<RAV>) {
sub aveclient_scanner {
# Kaspersky aveclient socket-scanner
&debug("aveclient: starting scan of directory \"$ENV{'TMPDIR'}\"...");
my ($start_aveclient_time)=[gettimeofday];
my ($DD,$aveclient_status,$stop_aveclient_time,$aveclient_time,$aveclient_silent);
$aveclient_silent="-q";
$aveclient_silent="" if ($DEBUG);
# Need to scan each file since aveclient doesn't scan directories
opendir(SCAN, $ENV{'TMPDIR'}) || warn "Could not open dir $ENV{'TMPDIR'}: $!\n";
my @files_to_scan = grep { !/^\.+/ && -f } readdir(SCAN);
closedir(SCAN);
foreach my $file (@files_to_scan) {
# Untaint $file
&error_condition("Illegal file: $file") unless ($file =~ /^([\w+|\.|\-]+)$/);
$file = $1;
&debug("run $aveclient_binary $aveclient_silent -p $aveclient_socket -s $ENV{'TMPDIR'}/$file 2>&1");
$DD=`$aveclient_binary $aveclient_silent -p $aveclient_socket -s $ENV{'TMPDIR'}/$file 2>&1`;
$aveclient_status=$? >> 8;
&debug("--output of aveclient was:\n$DD--");
if( $aveclient_status != 0 ){
if( $aveclient_status =~ /^(2|3|4)$/ ) {
while ($DD =~ /(.*)INFECTED\nLINFECTED\s+(.*)/g) {
my $file_description=$1 || "unknown";
my $quarantine_description=$2 || "unknown";
&debug("Virus or suspicious objects found in $file_description ($quarantine_description)");
}
($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="aveclient:".substr($quarantine_event,0,$QE_LEN);
}
elsif( $aveclient_status == 1 ){
&error_condition("Unable to connect to aveserver. Check if aveserver is running " .
"and for right path to aveserver-socket");
}
elsif( $aveclient_status =~ /^(6|8)$/ ){
&error_condition("Scan results unavailable - exit status $aveclient_status");
}
else {
&error_condition("Corrupt or unknown scanner error or memory/resource/perms " .
"problems - exit status $aveclient_status");
}
}
$stop_aveclient_time=[gettimeofday];
$aveclient_time = tv_interval ($start_aveclient_time, $stop_aveclient_time);
&debug("aveclient: finished scan of dir \"$ENV{'TMPDIR'}\" in $aveclient_time secs");
}
}
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
