Cumulative ClamAV patch for MIMEDefang

Hi,

Here's a patch that (I believe) includes everything that was
posted
on the list.  Please verify that this patch solves all the
ClamAV
0.90 issues.

Regards,

David.

Index: mimedefang.pl.in
============================================================
=======
--- mimedefang.pl.in	(.../tags/2.61)	(revision 14103)
+++ mimedefang.pl.in	(.../trunk)	(revision 14103)
 -3669,7
+3669,7 
 
     # Run clamscan
     my($code, $category, $action) =
-	run_virus_scanner($Features{'Virus:CLAMAV'} . "
--mbox --stdout --disable-summary --infected $path
2>&1");
+	run_virus_scanner($Features{'Virus:CLAMAV'} . "
--stdout --no-summary --infected $path 2>&1");
     if ($action ne 'proceed') {
 	return (wantarray ? ($code, $category, $action) : $code);
     }
 -3693,7
+3693,7 
 
     # Run clamscan
     my($code, $category, $action) =
-	run_virus_scanner($Features{'Virus:CLAMAV'} . " -r
--mbox --stdout --disable-summary --infected ./Work
2>&1");
+	run_virus_scanner($Features{'Virus:CLAMAV'} . " -r
--stdout --no-summary --infected ./Work 2>&1");
     if ($action ne 'proceed') {
 	return (wantarray ? ($code, $category, $action) : $code);
     }
 -4506,14
+4506,14 
 	    md_syslog('err', "$MsgID: Clamd returned error:
$err_detail");
 	    # If it's a zip module failure, try falling back on
clamscan.
 	    # This is despicable, but it might work
-	    if ($err_detail =~ /zip module failure/i &&
+	    if ($err_detail =~ /(?:zip module failure|not
supported data format)/i &&
 		$Features{'Virus:CLAMAV'}) {
 		my ($code, $category, $action) =
-		run_virus_scanner($Features{'Virus:CLAMAV'} . " -r
--unzip --mbox --stdout --disable-summary --infected
$CWD/Work 2>&1");
+		run_virus_scanner($Features{'Virus:CLAMAV'} . " -r
--unzip --unrar --stdout --no-summary --infected $CWD/Work
2>&1");
 		if ($action ne 'proceed') {
 			return (wantarray ? ($code, $category, $action) :
$code);
 		}
-		md_syslog('info', "$MsgID: Falling back on clamscan
--unzip because of Zip module failure in clamd");
+		md_syslog('info', "$MsgID: Falling back on clamscan
--unzip --unrar because of Zip module failure in
clamd");
 		return (wantarray ? interpret_clamav_code($code) :
$code);
 	    }
 	    return (wantarray ? (999, 'swerr', 'tempfail') : 1);
 -4603,14
+4603,14 
 	    md_syslog('err', "$MsgID: Clamd returned error:
$err_detail");
 	    # If it's a zip module failure, try falling back on
clamscan.
 	    # This is despicable, but it might work
-	    if ($err_detail =~ /zip module failure/i &&
+	    if ($err_detail =~ /(?:zip module failure|not
supported data format)/i &&
 		$Features{'Virus:CLAMAV'}) {
 		my ($code, $category, $action) =
-		    run_virus_scanner($Features{'Virus:CLAMAV'} . "
-r --unzip --mbox --stdout --disable-summary --infected
$CWD/Work 2>&1");
+		    run_virus_scanner($Features{'Virus:CLAMAV'} . "
-r --unzip --unrar --stdout --no-summary --infected
$CWD/Work 2>&1");
 		if ($action ne 'proceed') {
 			return (wantarray ? ($code, $category, $action) :
$code);
 		}
-		md_syslog('info', "$MsgID: Falling back on clamscan
--unzip because of Zip module failure in clamd");
+		md_syslog('info', "$MsgID: Falling back on clamscan
--unzip --unrar because of Zip module failure in
clamd");
 		return (wantarray ? interpret_clamav_code($code) :
$code);
 	    }
 	    return (wantarray ? (999, 'swerr', 'tempfail') :
999);
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in
the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpengu
in.com
MIMEDefang mailing list MIMEDefanglists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mime
defang

Hi,

So far Ok. for the clamd part. But why doesn't you use
--unzip --unrar for those 
users using clamscan too ?

> -	run_virus_scanner($Features{'Virus:CLAMAV'} . "
--mbox --stdout --disable-summary --infected $path
2>&1");
> +	run_virus_scanner($Features{'Virus:CLAMAV'} . "
--stdout --no-summary --infected $path 2>&1");

Martin
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in
the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpengu
in.com
MIMEDefang mailing list MIMEDefanglists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mime
defang

Hi,

On Tue, Feb 20, 2007 at 01:44:36PM -0500, David F. Skoll
wrote:
> Hi,
> 
> Here's a patch that (I believe) includes everything
that was posted
> on the list.  Please verify that this patch solves all
the ClamAV
> 0.90 issues.

I gave up on tempfailing messages which trigger zip
failures, since
the messages tend to be large, and repeatedly re-scanning
broken and 
often massive attachment every 30-60 minutes for several
days is such 
a waste of CPU and bandwidth.

I'd think it would be a desirable option to treat these as
viruses,
at least after trying and failing with clamscan, if not
after the
initial clamd zip module failure.

Why is this considered a temporary failure by default? 
Might it succeed
on some future attempt?

I found this more desirable, at least here:

if ($err_detail =~ /(?:zip module failure|not supported data
format)/i) {
    $VirusScannerMessages .= "clamd failed to scan the
zip/rar archive.n";
    $VirusName = "ZipRarScanFailure";
    return (wantarray ? (1, 'virus', 'quarantine') : 1);
}

Mark


-- 
Mark G. Thomas (MarkMisty.com)
voice: 215-591-3695
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in
the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpengu
in.com
MIMEDefang mailing list MIMEDefanglists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mime
defang