SOURCES: qmail-scanner-attach.patch, qmail-scanner-localconf-vars.patch, qm...

Fri May 9 11:20:53 CEST 2008

Author: glen                         Date: Fri May  9 09:20:53 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- updated to 2.04

---- Files affected:
SOURCES:
   qmail-scanner-attach.patch (1.3 -> 1.4) , qmail-scanner-localconf-vars.patch (1.2 -> 1.3) , qmail-scanner-extsub.patch (1.2 -> 1.3) 

---- Diffs:

================================================================
Index: SOURCES/qmail-scanner-attach.patch
diff -u SOURCES/qmail-scanner-attach.patch:1.3 SOURCES/qmail-scanner-attach.patch:1.4

--- SOURCES/qmail-scanner-attach.patch:1.3	Tue Apr 19 18:41:22 2005
+++ SOURCES/qmail-scanner-attach.patch	Fri May  9 11:20:48 2008
@@ -1,139 +1,52 @@
---- a/quarantine-attachments.txt	2004-07-19 01:48:10.000000000 +0300
-+++ b/quarantine-attachments.txt	2004-11-28 21:47:34.000000000 +0200
+--- qmail-scanner-2.03/quarantine-events.txt~	2008-03-26 02:05:23.000000000 +0200
++++ qmail-scanner-2.03/quarantine-events.txt	2008-05-06 07:49:55.575300045 +0300
 @@ -3,7 +3,7 @@
- # This is case-insensitive, and TAB-delimited. 
+ # This is TAB-delimited. 
  #
  # ******
 -# REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after 
-+# REMEMBER: run /var/qmail/bin/qmail-scanner-queue -g after
++# REMEMBER: run /usr/lib/qmail-scanner/qmail-scanner-queue -g after 
  # this file is modified
  # ******
  #
-@@ -92,16 +92,26 @@
+@@ -62,7 +62,7 @@
+ 
+ # NOTE 4: Don't use this to ban any message that's over 
+ # a maximum size  - you should use Qmail's databytes instead
+-# "echo 10000000 > /var/qmail/control/databytes" 
++# "echo 10000000 > /etc/qmail/control/databytes" 
+ # would set the maximum SMTP message size to 10Mb.
+ #
+ # NOTE 5: The second option allows you to match on header. This would allow 
+@@ -199,16 +199,23 @@
  #
  # These are examples of prudent defaults to set for most sites.
  # Commented out by default
--#.vbs	0	VBS files not allowed per Company security policy
--#.lnk	0	LNK files not allowed per Company security policy
--#.scr	0	SCR files not allowed per Company security policy
--#.wsh	0	WSH files not allowed per Company security policy
--#.hta	0	HTA files not allowed per Company security policy
--#.pif	0	PIF files not allowed per Company security policy
--#.cpl	0	CPL files not allowed per Company security policy
-+.vbs	0	VBS files not allowed per Company security policy
-+.vbe	0	VBE files not allowed per Company security policy
-+.lnk	0	LNK files not allowed per Company security policy
-+.scr	0	SCR files not allowed per Company security policy
-+.wsh	0	WSH files not allowed per Company security policy
-+.wsf	0	WSF files not allowed per Company security policy
-+.hta	0	HTA files not allowed per Company security policy
-+.pif	0	PIF files not allowed per Company security policy
-+.cpl	0	CPL files not allowed per Company security policy
-+.exe	0	EXE files not allowed per Company security policy
-+.cmd	0	CMD files not allowed per Company security policy
-+.com	0	COM files not allowed per Company security policy
-+.bat	0	BAT files not allowed per Company security policy
-+.shs	0	SHS files not allowed per Company security policy
-+.jse	0	JSE files not allowed per Company security policy
-+.js	0	JS files not allowed per Company security policy
-+
+-#.vbs	SIZE=-1	VBS files not allowed per Company security policy
+-#.lnk	SIZE=-1	LNK files not allowed per Company security policy
+-#.scr	SIZE=-1	SCR files not allowed per Company security policy
+-#.wsh	SIZE=-1	WSH files not allowed per Company security policy
+-#.hta	SIZE=-1	HTA files not allowed per Company security policy
+-#.pif	SIZE=-1	PIF files not allowed per Company security policy
+-#.cpl	SIZE=-1	CPL files not allowed per Company security policy
++.vbs	SIZE=-1	VBS files not allowed per Company security policy
++.lnk	SIZE=-1	LNK files not allowed per Company security policy
++.scr	SIZE=-1	SCR files not allowed per Company security policy
++.wsh	SIZE=-1	WSH files not allowed per Company security policy
++.hta	SIZE=-1	HTA files not allowed per Company security policy
++.pif	SIZE=-1	PIF files not allowed per Company security policy
++.cpl	SIZE=-1	CPL files not allowed per Company security policy
++.exe	SIZE=-1	EXE files not allowed per Company security policy
++.cmd	SIZE=-1	CMD files not allowed per Company security policy
++.com	SIZE=-1	COM files not allowed per Company security policy
++.bat	SIZE=-1	BAT files not allowed per Company security policy
++.shs	SIZE=-1	SHS files not allowed per Company security policy
++.jse	SIZE=-1	JSE files not allowed per Company security policy
++.js	SIZE=-1	JS files not allowed per Company security policy
  
  # ******
 -# REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after 
-+# REMEMBER: run /var/qmail/bin/qmail-scanner-queue -g after
++# REMEMBER: run /usr/lib/qmail-scanner/qmail-scanner-queue -g after 
  # this file is modified
  # ******
  #
---- ./quarantine-attachments.txt~	2005-04-19 09:42:06.000000000 +0300
-+++ ./quarantine-attachments.txt	2005-04-19 09:46:29.000000000 +0300
-@@ -1,20 +1,20 @@
- # Sample of well-known viruses that perlscan_scanner can use
- #
--# This is case-insensitive, and TAB-delimited. 
-+# This is case-insensitive, and TAB-delimited.
- #
- # ******
--# REMEMBER: run /var/qmail/bin/qmail-scanner-queue -g after
--# this file is modified
-+# REMEMBER: run to run after this file is modified:
-+# /usr/lib/qmail-scanner/qmail-scanner-queue -g
- # ******
- #
- # Format: three columns
--# 
-+#
- # filename<TAB>size (in bytes)<TAB>Description of virus/whatever
- #
- # OR:
- #
- # string<TAB>Header<TAB>Description of virus/whatever
--# 
-+#
- # [this one allows you to match on (e.g.) Subject line.
- #
- # NOTE 1: This is the crudest "virus scanning" you can do - we are
-@@ -28,7 +28,7 @@
- #
- # NOTE 3: Wildcards are supported. This system can also be used to deny
- # Email containing "bad" extensions (e.g. .exe, .mp3, etc). No other
--# wildcard type is supported. Be very careful with this feature. With 
-+# wildcard type is supported. Be very careful with this feature. With
- # wildcards, the size field is ignored (i.e. any size matches).
- #
- # .exe	0	Executable attachment too large
-@@ -40,16 +40,16 @@
- #
- # ...would stop any Email containing MP3 attachments passing.
- #
--# NOTE 4: No you can't use  this to ban any file (i.e. *.*) that's over 
--# a certain size  - you should 
--# "echo 10000000 > /var/qmail/control/databytes" 
-+# NOTE 4: No you can't use this to ban any file (i.e. *.*) that's over
-+# a certain size - you should
-+# "echo 10000000 > /var/qmail/control/databytes"
- # to set the maximum SMTP message size to 10Mb.
- #
--# NOTE 5: The second option allows you to match on header. This would allow 
--# you to block Email viruses when you don't know anything else other than 
--# there's a wierd Subject line (or From line, or X-Spanska: header, ...). 
--# Note that it's a case-sensitive, REGEX string, and the system will 
--# automatically surround it with ^ and $ before matching. i.e. if you 
-+# NOTE 5: The second option allows you to match on header. This would allow
-+# you to block Email viruses when you don't know anything else other than
-+# there's a wierd Subject line (or From line, or X-Spanska: header, ...).
-+# Note that it's a case-sensitive, REGEX string, and the system will
-+# automatically surround it with ^ and $ before matching. i.e. if you
- # want wildcards, explicitly put them in...
- #
- # The string _must_be_ "Virus-" followed by the header you wish to match
-@@ -59,7 +59,7 @@
- #
- # Pickles.*Breakfast	Virus-Subject:	Fake Example Pickles virus
- #
--# will match "Subject: Pickles for Breakfast" - and 
-+# will match "Subject: Pickles for Breakfast" - and
- # not "Subject: Pickles - where did you go?"
- #
- #
-@@ -83,7 +83,7 @@
- #The following matches Date: headers that are over 100 chars in length
- #these are impossible in the wild
- .{100,}			Virus-Date:		MIME Header Buffer Overflow
--.{100,}			Virus-Mime-Version:	MIME Header Buffer Overflow 
-+.{100,}			Virus-Mime-Version:	MIME Header Buffer Overflow
- .{100,}			Virus-Resent-Date:	MIME Header Buffer Overflow
- #
- #Let's stop that nasty BadTrans virus from uploading your keystrokes...
-@@ -111,8 +111,9 @@
- 
- 
- # ******
--# REMEMBER: run /var/qmail/bin/qmail-scanner-queue -g after
--# this file is modified
-+# REMEMBER: run to run after this file is modified:
-+# /usr/lib/qmail-scanner/qmail-scanner-queue -g
- # ******
- #
--# EOF 
-+# vim:ts=8
-+# EOF

================================================================
Index: SOURCES/qmail-scanner-localconf-vars.patch
diff -u SOURCES/qmail-scanner-localconf-vars.patch:1.2 SOURCES/qmail-scanner-localconf-vars.patch:1.3
--- SOURCES/qmail-scanner-localconf-vars.patch:1.2	Fri Dec 10 13:33:47 2004
+++ SOURCES/qmail-scanner-localconf-vars.patch	Fri May  9 11:20:48 2008
@@ -1,12 +1,13 @@
---- ../qmail-scanner-queue.template	2004-12-10 14:24:52.000000000 +0200
-+++ b/qmail-scanner-queue.template	2004-12-10 14:25:44.000000000 +0200
-@@ -92,11 +92,11 @@
- 
+--- qmail-scanner-2.03/qmail-scanner-queue.template~	2008-05-06 07:42:15.000000000 +0300
++++ qmail-scanner-2.03/qmail-scanner-queue.template	2008-05-06 07:45:20.967546473 +0300
+@@ -93,37 +93,37 @@
+ my($qscan_account)='QS_USER';
  
  #From: line  information used when making reports
 -my $V_FROM='USERNAME at MAILDOMAIN';
+-my $V_FROMNAME='ADMIN_DESCRIPTION';
 +our $V_FROM='USERNAME at MAILDOMAIN';
- my $V_FROMNAME='System Anti-Virus Administrator';
++our $V_FROMNAME='ADMIN_DESCRIPTION';
  
  # Address carbon-copied on any virus reports
 -my $QUARANTINE_CC='USERNAME at MAILDOMAIN';
@@ -14,25 +15,46 @@
  
  #Array of local domains that are checked against for
  #deciding whether or not to send recipient alerts to
-@@ -107,10 +107,10 @@
+-my @local_domains_array=(LOCAL_DOMAINS_ARRAY);
++our @local_domains_array=(LOCAL_DOMAINS_ARRAY);
+ 
+ # Array of virus that we don't want to inform the sender of.
+-my @silent_viruses_array=(SILENT_VIRUSES_ARRAY);
++our @silent_viruses_array=(SILENT_VIRUSES_ARRAY);
  
  
  #Array of virus scanners used must point to subroutines
 -my @scanner_array=(SCANNER_ARRAY);
 +our @scanner_array=(SCANNER_ARRAY);
  
+ #Array of virtual headers used within perlscanner 
+-my @virtualheaders_array=("MAILFROM","RCPTTO","REMOTEIPADDR","ZIPPASSWORDPROTECTED","ISSENSITIVEANDNOCRYPTO","CRYPTODETAILS","FILELENGTHTOOLONG","FILEDOUBLEBARRELED","FILECLSID");
++our @virtualheaders_array=("MAILFROM","RCPTTO","REMOTEIPADDR","ZIPPASSWORDPROTECTED","ISSENSITIVEANDNOCRYPTO","CRYPTODETAILS","FILELENGTHTOOLONG","FILEDOUBLEBARRELED","FILECLSID");
+ 
  #Addresses that should be alerted of any quarantined Email
 -my $NOTIFY_ADDRS='NOTIFY_ADDRESSES';
 +our $NOTIFY_ADDRS='NOTIFY_ADDRESSES';
  
  #Try to fix bad MIME messages before passing to MIME unpacker
- my $BAD_MIME_CHECKS='FIX_MIME';
-@@ -259,7 +259,7 @@
+-my $BAD_MIME_CHECKS='FIX_MIME';
++our $BAD_MIME_CHECKS='FIX_MIME';
+ 
+ #Block password protected zip files
+-#my $BLOCK_PASSWORD_PROTECTED_ARCHIVES='QUARANTINE_PASSWORD_PROTECTED';
++#our $BLOCK_PASSWORD_PROTECTED_ARCHIVES='QUARANTINE_PASSWORD_PROTECTED';
+ 
+ #Disable just the EOL char check instead of all of BAD_MIME_CHECKS
+-my $IGNORE_EOL_CHECK='DISABLE_EOL_CHECK';
++our $IGNORE_EOL_CHECK='DISABLE_EOL_CHECK';
+ 
+ # The full path to qmail programs we'll need.
+ my $qmailinject = 'QMAILINJECT_BIN';
+@@ -302,7 +302,7 @@
  
  
- #Want debugging? Enable this and read $scandir/qmail-queue.log
+ #Want debugging? Enable this and read $logdir/qmail-queue.log
 -my $DEBUG='DEBUG_LEVEL';
 +our $DEBUG='DEBUG_LEVEL';
  
- my @uufile_list = ();
- my @attachment_list = ();
+ # read site specific overrides.
+ require "/etc/qmail-scanner.conf";

================================================================
Index: SOURCES/qmail-scanner-extsub.patch
diff -u SOURCES/qmail-scanner-extsub.patch:1.2 SOURCES/qmail-scanner-extsub.patch:1.3
--- SOURCES/qmail-scanner-extsub.patch:1.2	Thu Dec 16 01:49:40 2004
+++ SOURCES/qmail-scanner-extsub.patch	Fri May  9 11:20:48 2008
@@ -1,26 +1,21 @@
 load external sub. when you install package without scanner optimized into main
 binary, you will lose performance but still have system up.
 
-diff -u qmail-scanner-1.24.orig/qmail-scanner-queue.template qmail-scanner-1.24/qmail-scanner-queue.template
---- qmail-scanner-1.24.orig/qmail-scanner-queue.template	2004-10-20 04:49:33.000000000 +0300
-+++ qmail-scanner-1.24/qmail-scanner-queue.template	2004-12-16 01:58:13.000000000 +0200
-@@ -1019,10 +1019,18 @@
+--- qmail-scanner-2.03/qmail-scanner-queue.template~	2008-05-06 07:39:32.000000000 +0300
++++ qmail-scanner-2.03/qmail-scanner-queue.template	2008-05-06 07:41:12.329295604 +0300
+@@ -1148,6 +1148,15 @@
    }
    &debug("ini_sc: recursively scan the directory $ENV{'TMPDIR'}/");
  
 +  for (@scanner_array) {
-+	unless (defined &$_) {
++    unless (defined &$_) {
 +      my $s = $_;
 +      $s =~ s/_scanner$//;
-+	  &debug("ini_sc: load $s sub");
-+	  require "/usr/lib/qmail-scanner/sub-$s.pl";
-+	}
++      &debug("ini_sc: load $s sub");
++      require "/usr/lib/qmail-scanner/sub-$s.pl";
++    }
 +  }
 +
    #Run AV scanners - even if the message is already going to be quarantined
    #due to some Policy: this way you get the definitive answer as to what is
-   #a virus...
--
-   &scanloop; #JLH if (!$quarantine_event);
- 
-   #Only run perlscanner if no reason to quarantine found so far
+   #a virus... The exception to this is if it looks like a DoS attack - then
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/qmail-scanner-attach.patch?r1=1.3&r2=1.4&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/qmail-scanner-localconf-vars.patch?r1=1.2&r2=1.3&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/qmail-scanner-extsub.patch?r1=1.2&r2=1.3&f=u

