-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathclamscan-sssp
More file actions
executable file
·86 lines (76 loc) · 2.9 KB
/
clamscan-sssp
File metadata and controls
executable file
·86 lines (76 loc) · 2.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# ClamAV emulator to scan mail via SSSP for viruses
#
# Copyright 2018,2019 Andreas Thienemann <andreas@bawue.net> and
# Copyright 2019 Jan-Jonas Sämann <jan-jonas.saemann@saenet.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
import argparse
import os
import socket
import sys
import syslog
import sssp
import traceback
global args
class ssspPipe():
name = 'clam-scan'
def log(self, msg):
syslog.syslog('{}: {}'.format(self.name, msg))
def file(self, name):
try:
scanner = sssp.sssp(args.sssp_socket)
if not scanner.selftest():
self.log('SAVDI selftest failed. Not scanning.')
return (2,'Unknown: ERROR')
if name == '-':
with sys.stdin as f:
result, msg = scanner.check(f.read())
else:
with open(name, 'r') as f:
result, msg = scanner.check(f.read())
except:
self.log('Unknown SAVDI Error. {}'.format(traceback.format_exc()))
return (2,'Unknown: ERROR')
engine = scanner.query_engine()
server = scanner.query_server()
if result:
self.log('{}, is clean.'.format(name))
else:
self.log('File {} reported infected with {} by SAVDI.'.format(name, msg.split()[-1]))
return (1, 'Infected: {} FOUND'.format(msg.split()[-1]))
return (0,'Data: OK')
def main():
global args
syslog.openlog(ident='clam-scan', logoption=syslog.LOG_PID, facility=syslog.LOG_DAEMON)
syslog.syslog('ClamAV emulator starting using socket {}'.format(args.sssp_socket))
pipe = ssspPipe()
scan_rc, scan_result = pipe.file(args.file)
syslog.syslog('ClamAV emulator stopping')
syslog.closelog()
if scan_result:
print(scan_result)
return scan_rc
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='ClamAV emulator scans files for viruses via Sophos SSSP.')
parser.add_argument('-q', '--quarantine', action='store_true', default=False, help='Not implemented yet')
parser.add_argument('-r', '--remove', action='store_true', default=False, help='Drop original file if ')
parser.add_argument('-S', '--sssp_socket', default='/var/run/savdid/savdid.sock', help='Socket for communicating to sssp interface.')
parser.add_argument('file', help='File to scan or - to read from stdin')
args = parser.parse_args()
rc = main()
sys.exit(rc)