#!/bin/sh # clamav-wrapper -- invoke ClamAV for use with mailscanner # # Adrian Bridgett , 14/12/01 # # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2001 Julian Field # # $Id: clamav-wrapper 3184 2005-09-28 11:13:40Z jkf $ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # Jules@JulianField.net # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # United Kingdom # # # Modifications by Kevin Spicer to get # external unpackers working correctly. 9 Nov 2003 # Removed --unzip from ScanOptions, as its already in ExtraScanOptions # (Clam usually uses own unzipper, -unzip just allows it to use external # program so should be in ExtraScanOptions as it could cause a failure) # Separate all unpackers and add missing ones. # Add tmpdir (and check for it) in MailScanner incoming dir # (to take advantage of ramdisk) - needed by external unpacker ###### IF YOU ARE RUNNING MAILSCANNER AS ROOT ###### # You need to set the following in MailScanner.conf so that external # unpackers can be used... # Incoming Work Group = clamav # Incoming Work Permissions = 0640 # You may want to check this script for bash-isms PATH=$PATH:/usr/local/bin export PATH TempDir="/tmp/clamav.$$" ClamUser="clamav" ClamGroup="clamav" ScanOptions="" ExtraScanOptions="" # Extra options we try to pass to clam but we handle it failing # For each option there are two alternatives... # --option # if the required program is in the PATH # --option=/path/to/program # If its in a non standard location # If you use the second option make sure you set the correct path in each case # Note that clam internally supports Zip, Gzip and Rar (v2.0) files, # so for these the extra options are just a fallback should the internal # unpacker fail (the internal unzipper should also support .jar files). # Common external unpackers you probably have installed (hence # enabled by default) # Uncomment ONE of the following lines if you have unzip installed ExtraScanOptions="$ExtraScanOptions --unzip" #ExtraScanOptions="$ExtraScanOptions --unzip=/path/to/unzip" # Uncomment ONE of the following lines if you have unzip installed # And want to be able to use it to scan jar files should the internal # unzipper fail ExtraScanOptions="$ExtraScanOptions --jar" #ExtraScanOptions="$ExtraScanOptions --jar=/path/to/unzip" # Uncomment ONE of the following lines if you have tar installed ExtraScanOptions="$ExtraScanOptions --tar" #ExtraScanOptions="$ExtraScanOptions --tar=/path/to/tar" # Uncomment ONE of the following lines if you have tar installed # AND it is GNU tar with gzip support ExtraScanOptions="$ExtraScanOptions --tgz" #ExtraScanOptions="$ExtraScanOptions --tgz=/path/to/tar" # Uncomment ONE of the following lines if you have tar installed and # want to scan debian .deb packages # Must be GNU tar with gzip support ExtraScanOptions="$ExtraScanOptions --deb" #ExtraScanOptions="$ExtraScanOptions --deb=/path/to/tar" # LESS COMMON unpackers, which probably aren't installed by default # (hence disabled) # Uncomment ONE of the following lines if you have unrar installed ExtraScanOptions="$ExtraScanOptions --unrar" #ExtraScanOptions="$ExtraScanOptions --unrar=/path/to/unrar" # Uncomment ONE of the following lines if you have unarj installed ExtraScanOptions="$ExtraScanOptions --arj" #ExtraScanOptions="$ExtraScanOptions --unarj=/path/to/unarj" # Uncomment ONE of the following lines if you have lha installed ExtraScanOptions="$ExtraScanOptions --lha" #ExtraScanOptions="$ExtraScanOptions --lha=/path/to/lha" # Uncomment ONE of the following lines if you have zoo installed ExtraScanOptions="$ExtraScanOptions --unzoo" #ExtraScanOptions="$ExtraScanOptions --zoo=/path/to/unzoo" # Now increase the allowed expansion size of zip files ExtraScanOptions="$ExtraScanOptions --max-ratio=500" # Uncomment next line if you need to disable Clam's DoS protection #ExtraScanOptions="--max-files=0 --max-space=0 --max-recursion=0 $ExtraScanOptions" ClamScan=$1/bin/clamscan shift if [ ! -x $ClamScan ]; then ClamScan=/usr/local/bin/clamscan fi if [ "x$1" = "x-IsItInstalled" ]; then [ -x $ClamScan ] && exit 0 exit 1 fi # Add this for Solaris users so they can find whoami PATH=$PATH:/usr/ucb export PATH # Check if the tmpdir exists, if so delete so we start with a clean slate if [ -x "${TempDir}" ]; then rm -rf ${TempDir} >/dev/null 2>&1 fi # Make the Temp dir umask 0077 mkdir "${TempDir}" >/dev/null 2>&1 # In case we get interupted.... trap "rm -rf ${TempDir}" EXIT if [ $? ]; then ExtraScanOptions="$ExtraScanOptions --tempdir=${TempDir}" # If we are root chown it to the clamav user/group if [ `whoami` = "root" ]; then chown ${ClamUser}:${ClamGroup} "${TempDir}" fi fi $ClamScan $ExtraScanOptions $ScanOptions "$@" retval=$? #Clean up the temp directory if [ -x "${TempDir}" ]; then rm -rf ${TempDir} fi trap '' EXIT if [ "$retval" = "40" ]; then # Clam complained we passed an illegal command-line option # (As this calls without external unpackers the temp dir isn't used) exec $ClamScan $ScanOptions "$@" else exit $retval fi