June 17, 2003

CGVirusscan 1.1


Since it seems John Ray isn't updating CGvirusscan anymore, i finally took the time to do some needed updates to it myself. I do hope that is OK with him.

So here it is.

Changes:
  • Got rid of munpack as it often crashes.
  • Updated it to support CommuniGate's EXT Filter API 2, so you can decide if poisoned mails get bounced or silently discarded.
  • Tweaked a few other bits and pieces and cleaned forking.
  • Added a simple installation script.

THIS Release does NOT contain a threaded version anymore because i am too lazy to maintain two versions and i figured no one has a threaded perl version on osx anyway...

To adjust if virusscan boundes or discards poisoned mails, edit virusscan-fork.pl with BBedit or Pico and modify LINE 16 to:

$bounces=0
(to DELETE)

$bounces=1
(to BOUNCE)

Since i updated the EXT Filter support, i am NOT SURE if this will run on CGP before 4.X Versions. I could only test it on a 4.0.6 Version.

How to install:
Download the Archive from: here

Open a Terminal Window (using Terminal.app).

Assuming you downloaded this archive to your DESKTOP, Type:
    cd ~/Desktop/
    tar -xzf cgvirusscan.tar.gz
    cd cgvirusscan

    READ the README File!!!!
    (more " README")
Feedback welcome via Comments!

Posted in: , by seiz | Comments (16)

Comments

1

Hi there,

it's getting a bit hard to track all feedback here, so i have setup a List for all things CGVirusscan.

If you use CGVirusscan, please subscribe by sending an Email to:
CGVirusscan-on@lists.REMOVEMEimd.net

(above is spamprotected, please remove the string REMOVEME prior to sending your email!)

Comments on this Entry are closed now. Please use the new Email-List.

2

To Patrick:
Then simply modify the rule starting cgvirusscan and include some restriction for instance:

Return Path NOT postmaster@myDomain

Good feedback, thanks will include that in the README!

3

To Steve Linford
EICAR.COM is a very small file. To test it set the message size in the rule to 0k

4

Works like a charm! Thank you again.
Maybe a thing to point out. If the queue settings (Dequeuer) is set to return the body on failure, then the pipe-generated reply message in its turn is rejected by the cgv rule. The virus-sender then gets the postmaster-message that someone tried to send HIM a virus, which is bound to be at least confusing. So best set this to "always headers".

Keep up the good work. Suggest you set up a paypal (or similar) donate account so we can start sending you our money...

Patrick

5

An updated updatevirex.pl script which reflects the new download URLs of the DAT files is available:
http://www.stefanseiz.com/updatevirex.tar.gz

6

Something went wrong for me... it installed OK (although it complained virusscan-thread.pl was missing), but it scans incoming mails containing eicar.com and says they're OK...

7

> From within the "updatevirex.pl" file:
> $daturl="http://www.mcafeeb2b.com/naicommon/download/dats/mcafee_4x.asp";
>
> If I try to manually access this URL, I end up in a 'page not found' area. Is
> this OK?

No it isn't OK. Shit. Unfortunately, McAfee just redesigned their site today, so the URLs to the DAT Updates changed. I'll have to update updatevirex.pl to reflect the changes. I'll probably do that tomorrow.

8

I apologize for being the town idiot (there is one on every list).

Seems like I've installed CGVirusscan correctly on my OSX(10.2.6)/CGP(4.0.6) box, but the errors shown below are cropping-up in the CGP log.

Can anyone suggest a resolution?

14:45:11.50 2 EXTFILTER(cgvirusscan) '/Users/admin/Documents/CGvirusscan/virusscan-fork.pl' launched
14:45:11.53 1 EXTFILTER(cgvirusscan) reading failed: Error Code=external helper output closed
14:45:11.53 2 EXTFILTER(cgvirusscan) receiver finished

9

From within the "updatevirex.pl" file: $daturl="http://www.mcafeeb2b.com/naicommon/download/dats/mcafee_4x.asp";

If I try to manually access this URL, I end up in a 'page not found' area. Is this OK?

10

>Could you provide instructions on how to install your
>cgvirusscan on servers that have never had cgvirusscan
>installed? Will INSTALL.sh actually do this automatically?

Yes it will. It will install and after succesful installation display a Textfile describing how to setup the corresponding rule in CGP.

One thing which it can't do for you is go out and buy Virex7 which is needed!

One thing i never mentioned i guess, that this software will ONLY run on MacOS X or Mac OS X Server!

11

Could you provide instructions on how to install your cgvirusscan on servers that have never had cgvirusscan installed? Will INSTALL.sh actually do this automatically?

12

Comments to Martin's various comments:

> Yup, the target postmaster is hard coded. Not a problem tho.

I'll fix that.

> Why do you use gnutar rather than tar for the update routine? Is it personal
> preference or is gnutar better?

Why do you think i use gnutar?
Didn't i write "tar -xzf ..." ?

> One change I have made is to log the virus updates in the virus log which is
> incidentally CGate visible so I can bring it up in the logs page in admin.
That might only be visible to CGP because you chose to store that log in CGP's Log folder or?

On a standard installation, that log should be stored under /var/log/ which shouldn't be visible by CGP?!

> Just noticed in updatevirex.pl:
>
> print EMAIL "DAT Update: $date\nThe Virex DAT file on x has been upgraded from
> v$version to v$datversion.\n";

No, this is an oversite of me. Actually the host i run it on is simply called x

I should probably replaxe this by a call to hostname.

13

Just noticed in updatevirex.pl:

print EMAIL "DAT Update: $date\nThe Virex DAT file on x has been upgraded from v$version to v$datversion.\n";

Am I right in thinking the ...on x... should really be some reference to a variable or something?

14

Yup, the target postmaster is hard coded. Not a problem tho.

Why do you use gnutar rather than tar for the update routine? Is it personal preference or is gnutar better?

One change I have made is to log the virus updates in the virus log which is incidentally CGate visible so I can bring it up in the logs page in admin.

15

...and I direct store the email to the postmaster with virus#postmaster...

I do that too, but since this is adjustable by setting a variable (or did i forget that option?), i figured i'll leave the default a postmaster, as you can't imagine how many people would ask:
What does the virus#postmaster mean?...

16

As ever a highly useful contribution by Stefan.

The only mods I need to make are to change the path that all the bits are installed under (I prefer to have them all in their own directory (/var/Communigate/Virusscan/ ) and I direct store the email to the postmaster with virus#postmaster rather than merely postmaster.

FYI: http://vil.nai.com/vil/default.asp gives detail on many of the viruses so I include it in my notify message. If you can chomp out the actual string that virex reports you could construct a search string that would lead you to the specific definition explanation (or damn near it). This is on my to do list!