[Qmail-scanner-general]Qmail-Scanner 1.24 Patch for Command Software Scanner

[Robert Sandilands]

Hi,

Attached is a patch to release 1.24 version to allow it to
work with CSAV for Linux/FreeBSD. It does better version detection, adds
a required command-line switch and handles the return codes from the
scanner better.

It also adds support for reporting the infections/risks found.

This patch is not, nor does it imply any official statement or support
of qmail or qmail-scanner.

--  ---------------------------------------------------------------------
Robert Sandilands: Software Engineer
Disclaimer: http://robert.rsa3.com/disclaimer.html
Authentium: Home of Command Software
www.authentium.com

diff -ru qmail-scanner-1.24/qmail-scanner-queue.template 
qmail-scanner-1.24.robert/qmail-scanner-queue.template
--- qmail-scanner-1.24/qmail-scanner-queue.template     Tue Oct 19 21:49:33 2004
+++ qmail-scanner-1.24.robert/qmail-scanner-queue.template      Tue Jan  4 
15:33:03 2005
@@ -1511,7 +1511,7 @@
       open(CS,"$csav_binary -virno|")||die "failed to call $csav_binary -virno 
- $!";
       while (<CS>) {
        chomp;
-       if (/Command Software AntiVirus for Linux (version [0-9\.]+)/) {
+       if (/Command Software AntiVirus for [a-zA-Z]* (version [0-9\.]+)/) {
          $SCANINFO .="csav: $1/";
        } elsif (/^CSA[V]: (.*)/) {
          $SCANINFO .= "$1/";
diff -ru qmail-scanner-1.24/sub-csav.pl qmail-scanner-1.24.robert/sub-csav.pl
--- qmail-scanner-1.24/sub-csav.pl      Mon Apr 19 23:59:50 2004
+++ qmail-scanner-1.24.robert/sub-csav.pl       Wed Feb  9 10:53:23 2005
@@ -3,20 +3,33 @@
   &debug("csav_scanner: starting scan of directory \"$ENV{'TMPDIR'}\"...");
   my ($start_csav_time)=[gettimeofday];
   my 
($DD,$csav_status,$ecsav_status,$stop_csav_time,$csav_time,$csav_verbose,$csav_list);
-  my $options = "-nomem -packed -archive -noboot";
+  my $options = "-all -nomem -packed -archive -noboot";
   $csav_verbose="-silent" if (!$DEBUG);
   $csav_list="-list" if ($DEBUG);
 
   my ($cmd);
   $cmd="$csav_binary $csav_verbose $csav_list $options $ENV{'TMPDIR'} 2>&1";
   &debug("csav_scanner: $cmd");
-  $DD =`$cmd`;
+  my @dd;
+  my $ddx;
+
+  @dd =`$cmd`;
   $csav_status=$?;
   $ecsav_status=($csav_status >> 8);
+## Remove the header
+  splice @dd, 0, 7;
+## Remove the summary
+  splice @dd, -14, 14;
+## Make it into a comma-seperated string
+  $ddx = join(', ', @dd);
+## Remove the newlines
+  $ddx =~ s/\n//g;
+## Remove the last comma
+  $ddx =~ s/,$//g;
 
-  if ($DD =~ / Infection: (.*)/) {
-    $quarantine_description=$1;
-    &debug("There be a virus! ($quarantine_description)");
+  if ( $ecsav_status > 50 && $ecsav_status < 54 ) {
+    $quarantine_description=$ddx;
+    &debug("There is a security risk! ($quarantine_description)");
     ($quarantine_event=$quarantine_description)=~s/\s/_/g;
     $quarantine_event="CSAV:".substr($quarantine_event,0,$QE_LEN);
   }