(Excuse me if you get this twice but the first one appears to have triple
bounced on my end..bad timing of installing the amavis rpm. And the first
patch had a single typo to boot. :P)
I skimmed thru the last six months worth of qmail archives and I did not
see any good method for using a virus checker with qmail. Well, there
was mention of the Star Screening System but all I could find was a white
paper and I haven't bothered converting it from .doc format.
Sven Lankes showed how you can use amavis to scan mails by adding it to
your defaultdelivery/rc file. Unfortunately, that method only checks
locally delivered mail and only works for users who do not have their own
.qmail files.
I've attached the changees I made to amavis-0.2.0-pre4 to allow scanmails
to be qmail-aware. The idea is to have scanmails sit between two qmail
processes to scan each mail that comes across w/o actually hacking on
qmail code. (I got the impression that virus checking specific patches
would be frowned upon.) For simplicity, I choose to replace qmail-remote
& qmail-local with the scanmails script.
Basically, you move qmail-remote to qmail-remote-real and add a link from
scanmails to qmail-remote. When an outgoing message is sent, it will call
scanmails, which will do it's magic and if no virus is found, it will call
qmail-remote-real with the same arguments it was called with. Use the
same procedure with qmail-local to scan all locally delivered mail. If a
virus is found, then the virus will be put into a special virusdir
(specified when configuring amavis) and scanmails will exit without
calling the real qmail program. Amavis will mail the sender, receipient &
local postmaster (also configurable) notifying them of a virus in their
mail. (I did tweak scanmails to not send out mail to the receipient if
invoked as qmail-remote. No need to alarm the recipients if we're not
letting the mail get off of our system.)
Right now, the script assumes that qmail-local-real & qmail-remote-real
are in the path. I was going to just use ${0}-real to invoke the real
qmail programs but qmail-local is called as bin/qmail-local (no idea
why) so that didn't work.
You'll want to make sure that your virusmails directory is mode 1777.
Since qmail calls qmail-local as the uid of the recipient, the infected
mails will be written as that user. Outgoing infected messages are
written by qmailr. Due to this same problem, logging is disabled if you
configure with --enable-qmail.
Regards,
Christopher
--- amavis-0.2.0-pre4/src/scanmails/scanmails.in.cls Wed Mar 31 06:43:49 1999
+++ amavis-0.2.0-pre4/src/scanmails/scanmails.in Mon Jul 5 17:57:59 1999
@@ -36,7 +36,8 @@
#
#####################################################################
-scanscriptname="scanmails"
+#scanscriptname="scanmails"
+scanscriptname=`basename $0`
################################################
# Path to DrSolomon Antivirus #
@@ -77,6 +78,7 @@
# in #
################################################
tmpdir=/var/tmp/${scanscriptname}$$
+usingqmail=@USE_QMAIL@
################################################
# "var_log" indicates the path where statistic #
@@ -84,6 +86,7 @@
# - if "do_log" is set to "yes" #
################################################
var_log=@var_log@
+systemlogdir=${var_log}/scanmails/
do_log=@do_log@
do_syslog=@do_syslog@
syslog_level=@syslog_level@
@@ -120,7 +123,34 @@
arc=@arc@
unfreeze=@unfreeze@
-deliver=@deliver@
+if [ "x${usingqmail}" = "x" ]; then
+ deliver=@deliver@
+else
+ deliver=${scanscriptname}-real
+fi
+
+if [ "x${usingqmail}" != "x" ] ; then
+ if [ "${scanscriptname}" = "qmail-remote" ] ; then
+ SENDER="$2"
+ RECIPIENT="$3"
+ elif [ "${scanscriptname}" = "qmail-local" ] ; then
+ # Sometims qmail-local is called with -- as the first arg
+ # this screws up the arg count so shift everything
+ if [ "$1" = "--" ] ; then
+ RECIPIENT="$4"@"$7"
+ SENDER="$8"
+ else
+ RECIPIENT="$3"@"$6"
+ SENDER="$7"
+ fi
+ else
+ SENDER="$1"
+ RECIPIENT="$2"
+ fi
+else
+ SENDER="$2"
+ RECIPIENT="$7"
+fi
################################################
# main program #
@@ -171,8 +201,8 @@
echo xxxxxxxxxxxxxxxxxx`date`xxxxxxxxxxxxxxxxxxxxxxx >${tmpdir}/logfile
echo ${scanscriptname} called $* >>${tmpdir}/logfile
-echo FROM: $2 >>/${tmpdir}/logfile
-echo TO: $7 >>/${tmpdir}/logfile
+echo FROM: $SENDER >>/${tmpdir}/logfile
+echo TO: $RECIPIENT >>/${tmpdir}/logfile
${metamail} -r -q -x -w ${tmpdir}/receivedmail > /dev/null 2>&1
@@ -588,19 +618,19 @@
mv ${tmpdir}/receivedmail ${virusmailsdir}/virus$$
chmod 400 ${virusmailsdir}/virus$$
echo The attached mail has been found to contain a virus >${tmpdir}/virusmail
- echo Originally $* >>${tmpdir}/virusmail
+ echo Originally $0 "$@" >>${tmpdir}/virusmail
echo The mail has been stored as ${virusmailsdir}/virus$$ >> ${tmpdir}/virusmail
- mkdir -p ${var_log}/${scanscriptname}
- cat ${tmpdir}/logfile >>${var_log}/${scanscriptname}/logfile
+ mkdir -p ${systemlogdir}
+ cat ${tmpdir}/logfile >>${systemlogdir}/logfile
cat ${tmpdir}/virusmail ${tmpdir}/logfile | ${mail} -s "FOUND VIRUS IN MAIL $*"
${mailto}
################### send a mail back to sender ######################
-cat <<EOF| ${mail} -s "VIRUS IN YOUR MAIL TO $7" $2
+cat <<EOF| ${mail} -s "VIRUS IN YOUR MAIL TO $RECIPIENT" $SENDER
V I R U S A L E R T
- Our viruschecker found a VIRUS in your email to "$7".
+ Our viruschecker found a VIRUS in your email to "$RECIPIENT".
We stopped delivery of this email!
Now it is on you to check your system for viruses
@@ -611,14 +641,15 @@
EOF
+if [ "${scanscriptname}" != "qmail-remote" ] ; then
############### send a mail to the addressee ########################
-cat <<EOF| ${mail} -s "VIRUS IN A MAIL FOR YOU FROM $2" $7
+cat <<EOF| ${mail} -s "VIRUS IN A MAIL FOR YOU FROM $SENDER" $RECIPIENT
V I R U S A L E R T
Our viruschecker found a VIRUS in a mail from
- "$2"
+ "$SENDER"
to you.
Delivery of the email was stopped!
@@ -626,11 +657,34 @@
Please contact your system administrator for details
EOF
-##################### No virus, send as usual #######################
+fi
+
+if [ "x${usingqmail}" != "x" ]; then
+ # Stop all other delivery mechanisms
+ cd /var/tmp && rm -rf ${tmpdir} ;
+ if [ "${scanscriptname}" = "scanmails" ] ; then
+ # Assume we were called by qmail-local
+ exit 99 ;
+ else
+ if [ "${scanscriptname}" = "qmail-remote" ] ; then
+ echo "Message was found to contain virus."
+ fi
+ exit 0 ;
+ fi
+fi
+
else
+##################### No virus, send as usual #######################
echo No virus found - good >> ${tmpdir}/logfile
- if [ "x${deliver}" != "x" ] && [ -x ${deliver} ] ; then
+
+ if [ "x${usingqmail}" != "x" ]; then
+ # If invoked as anything other than "scanmails", invoke the real
+ # program else fall thru to exit
+ if [ "${scanscriptname}" != "scanmails" ] ; then
+ ${scanscriptname}-real "$@" < ${tmpdir}/receivedmail
+ fi
+ elif [ "x${deliver}" != "x" ] && [ -x ${deliver} ] ; then
${deliver} "$@" <${tmpdir}/receivedmail
else
pid=$$
@@ -644,8 +698,8 @@
if [ "x${do_log}" = "xyes" ]
then
- mkdir -p ${var_log}/${scanscriptname}
- cat ${tmpdir}/logfile >> ${var_log}/${scanscriptname}/logfile
+ mkdir -p ${systemlogdir}
+ cat ${tmpdir}/logfile >> ${systemlogdir}/logfile
fi
fi
--- amavis-0.2.0-pre4/configure.in.cls Wed Mar 31 06:45:51 1999
+++ amavis-0.2.0-pre4/configure.in Mon Jul 5 17:41:36 1999
@@ -94,6 +94,9 @@
AC_ARG_ENABLE(sendmail,[ --enable-sendmail=PROG set location of sendmail],
[ MTA="$enableval -oi"], [ MTA="" ])
+AC_ARG_ENABLE(qmail, [ --enable-qmail enable use of qmail features
+in scanmails],
+ [USE_QMAIL=1], [USE_QMAIL=])
+
AC_CACHE_CHECK(mail transport agent (MTA),amavis_cv_SYS_MTA,
if test "$MTA" != ""
then
@@ -125,6 +128,7 @@
fi
AC_SUBST(SENDMAIL)
+AC_SUBST(USE_QMAIL)
AC_SUBST(MTA)
AC_CHECKING([*** H+BEDV AntiVir/X ***])
@@ -215,7 +219,13 @@
dnl ### Enable logging ? ###
dnl ########################
AC_MSG_CHECKING([event logging])
-AC_ARG_ENABLE(logging,[ --enable-logging=[yes/no] perform logging
[default=yes]], do_log="$enableval", do_log="yes")
+dnl if using qmail, scanmails will be run a non-root user
+dnl so logging won't work in most cases
+if test -n "$USE_QMAIL"; then
+ do_log=no
+else
+ AC_ARG_ENABLE(logging,[ --enable-logging=[yes/no] perform logging
+[default=yes]], do_log="$enableval", do_log="yes")
+fi
AC_MSG_RESULT([$do_log])
AC_SUBST(do_log)
