#!/bin/sh ## navrat 10=OK 20=virus ine=ine chyba - temporary odmietnutuie ## vstup = arg = cestasubor a ten obsahuje OBALKA: sender rcpt rcpt ... # pre fest zatazene systemy treba!!!!!!! echo 16000 > /proc/sys/fs/file-max cd /usr/local/inflex logfile=/var/spool/inflex/log/inflex.log # co budem robit scanforvirus=y scanforfiletype=y scanforfilename=y scanfortext=n # ake budu dalsie akcie deliverSenderAVmsg=n deliverReceiverAVmsg=n deliverSenderBLmsg=y deliverReceiverBLmsg=y deliverRootmsg=y # tmp meno s datumom a pidom pre dany mail a katalogy kde budem robit pid=`date +%m%d%H%M`$$ tmpdir=/var/spool/inflex/tmp/inf_${pid} blockdir=/var/spool/inflex/tmp/Binf_${pid} unpackdir=${tmpdir}/unpacked logdatecode=`date +%Y%m%d%H%M` rfcdate=`date "+%a, %d %b %Y %H:%M:%S %z"` if ! test -f $1 ; then echo "ZLY ARGUMENT neexistuje $1" # echo "qq$1qq"> /tmp/blb exit -2; fi ## Ak som pretazeny tak pauza ! # teraz chcem zabezpecit aby sa mi spustil len jeden uvscan a predist pretazeniu ! ## bbo funkcie ZACIATOK MaxCakanie=900 oznamy=/var/spool/inflex/inputtmp function SIGChcem ## sleep, zapis sa do cakajucich, ak nik tak sa uvolni { # echo CHCEM sleep $MaxCakanie & sleepPID=$! echo $! > $oznamy/caka.$$ # if test -f $oznamy/bezim ; then if test -f $oznamy/bezim -a -f /proc/`cat $oznamy/bezim 2>/dev/null`/status ; then wait; else kill -9 $sleepPID; echo kill fi # echo "Docakane" } function SIGIdem { echo $$ > $oznamy/bezim rm -f $oznamy/caka.$$ } function SIGkoncim { bezpid=0`cat $oznamy/bezim` if test $bezpid -eq $$ ; then rm -f $oznamy/bezim oldfile=`cd $oznamy;ls -tr -1 caka.* 2>/dev/null| head -1` if test -f $oznamy/$oldfile ; then oldpid=`cat $oznamy/$oldfile 2>/dev/null` # echo IDEM UVOLNIT $oldpid rm $oznamy/$oldfile if test -L /proc/$oldpid/fd/0; then # echo kill -9 $oldpid kill -9 $oldpid fi fi else echo bezi uz niekto iny; # echo "bezi niekto iny, ja som $$ a on je $bezpid" >> /tmp/debugbbo.txt fi } ## bbo funkcie KONIEC SIGChcem SIGIdem echo "Pracujem" # specificke veci per kazdy mail locallog=${tmpdir}/logfile typebadfileslog=${tmpdir}/typebadfileslog namebadfileslog=${tmpdir}/namebadfileslog textbadfileslog=${tmpdir}/textbadfileslog badfileslog=${tmpdir}/badfileslog fsavlog=${tmpdir}/fsavlog sendermsg=${tmpdir}/sendermsg recvmsg=${tmpdir}/recvmsg blockmsg=${tmpdir}/blockmsg menovira="cisty" # umiestnenie prg cut=/usr/bin/cut grep=/bin/grep grep_flags=-rli file=/usr/bin/file find=/usr/bin/find find_flags=-iname touch=/bin/touch ripmime=/usr/local/inflex/ripmime sendmail=/usr/lib/sendmail mcafee=/usr/local/uvscan/uvscan # Setup Logfile line components lresult=0 filetypescan=0 filenamescan=0 filetextscan=0 detectedvirus=0 adminmaproblem=0 #a uff nacitam hostname a od koho a komu vsetkemu pisem ... hlavicka=`/usr/bin/head --lines=1 $1` receivers=""; ct=1 for i in $hlavicka do if [ $ct -eq 1 ]; then if test "a$i" != "aOBALKA:"; then echo "CHYBNA OBALKA"; SIGkoncim exit -3; fi elif [ $ct -eq 2 ]; then relay=$i elif [ $ct -eq 3 ]; then sender=$i else receivers="$receivers $i" fi ct=$(( $ct + 1 )) done if [ "X$sender" = "X" ]; then sender="<>"; fi if [ "X$receivers" = "X" ]; then receivers="<>"; fi if [ "X$relay" = "X" ]; then relay="[NUL]"; fi # kto je admin administrator=virusmaster # Make the directory mkdir -p ${tmpdir} mkdir ${unpackdir} # presun pre pripadnu uschovu #cat > ${tmpdir}/mailpack mv $1 ${tmpdir}/mailpack # Start a log printf "${pid} from:%s to:%s\n" "${sender}" "${receivers}" >> ${locallog} # Unpack #${ripmime} -i ${tmpdir}/mailpack -d ${unpackdir} -e ${unpackdir}/_headers_ --unique_names ${ripmime} -i ${tmpdir}/mailpack -d ${unpackdir} -e --unique_names ${touch} ${typebadfileslog} ${touch} ${namebadfileslog} ${touch} ${textbadfileslog} ${touch} ${badfileslog} filelist=${tmpdir}/filelist1 ${find} ${unpackdir} | grep "unpacked/" > $filelist fileresults=$tmpdir/fileresults $file -f $filelist > $fileresults # a ideme kontrolovat: if [ "a${scanforfiletype}" != "an" ] then # test na zle suborove typy podla "file" ${cut} -d: -f2 $fileresults | ${grep} -E "(MS-DOS|Windows PE).*executable" >> ${typebadfileslog} # ${cut} -d: -f2 $fileresults | ${grep} "PC bitmap data" >> ${typebadfileslog} # ${cut} -d: -f2 $fileresults | ${grep} "AVI" >> ${typebadfileslog} # ${cut} -d: -f2 $fileresults | ${grep} "MPEG" >> ${typebadfileslog} # ${cut} -d: -f2 $fileresults | ${grep} "WAVE" >> ${typebadfileslog} else printf "Type scanning off.\n" >> ${locallog} fi if [ "a${scanforfilename}" != "an" ] then ${find} ${unpackdir} $find_flags '*.vbs' >> ${namebadfileslog} ${find} ${unpackdir} $find_flags 'LOVE-LETTER-FOR-YOU*' >> ${namebadfileslog} # ${find} ${unpackdir} $find_flags '*.mp3' >> ${namebadfileslog} else printf "Name scanning off.\n" >> ${locallog} fi if [ "a${scanfortext}" != "an" ] then # grep $grep_flags "sexx" ${tmpdir}/* >> ${textbadfileslog} grep $grep_flags "Subject: resume" ${tmpdir}/* >> ${textbadfileslog} grep $grep_flags "Kill the boss" ${tmpdir}/* >> ${textbadfileslog} grep $grep_flags "> > > >" ${unpackdir}/* >> ${textbadfileslog} else printf "Text scanning off.\n" >> ${locallog} fi if [ -s ${typebadfileslog} ] then filetypescan=1 lresult=2 cat ${typebadfileslog} >> ${badfileslog} else filetypescan=0 fi if [ -s ${namebadfileslog} ] then filenamescan=1 lresult=2 cat ${namebadfileslog} >> ${badfileslog} else filenamescan=0 fi if [ -s ${textbadfileslog} ] then filetextscan=1 lresult=2 cat ${textbadfileslog} >> ${badfileslog} else filetextscan=0 fi if [ "a${scanforvirus}" != "an" ] then # SCAN for viruses! ulimit -t 60 ${mcafee} --noboot --secure -rv --mime --summary --afc 64 ${unpackdir} > ${fsavlog}.bbo 2>&1 fsavresult=$? #(tomoze len root) ulimit -t unlimited sed -e s/.var.spool.inflex.tmp// < ${fsavlog}.bbo > ${fsavlog} if [ $fsavresult -eq 13 ]; then detectedvirus=1 menovira=`awk 'bol==0 && $0 ~/ +Found the/ {bol=1;a=tolower($3);gsub("[\x1-\x2f]|[[\x3a-\x60]|[\x7b-\xff]","",a);print a}' < ${fsavlog}` if [ "X$menovira" = "X" ]; then menovira="neznamy"; fi elif [ ! $fsavresult -eq 0 ]; then adminmaproblem=1 cp -rf ${tmpdir} ${blockdir}-problem fi if [ $detectedvirus -eq 1 ]; then lresult=1 # aby neposlal dvakrat error hlasku filetypescan=0;filenamescan=0;filetextscan=0 fi else printf "Virus scanning off.\n" >> ${fsavlog} detectedvirus=0 fi ## A VYHODNOTENIE cd ${tmpdir} if [ ${adminmaproblem} -eq 1 ] then printf "\ Date: ${rfcdate}\n\ From: ${administrator}\n\ To: ${administrator},bobovsky\n\ Subject: UVSCAN PROBLEM v maile from %s to %s\n\ \n\ Inflex mal problem lebo uvscan skoncil nestandardne .. mail som ale dorucil\n\ Mail je v ${blockdir}-problem\n\ Kod: ${fsavresult} \n\ \n\ ...\n" "${sender}" "${receivers}" > ${blockmsg} cat ${locallog} >> ${blockmsg} printf "\nEND OF MESSAGE.\n" >> ${blockmsg} cat ${blockmsg} | ${sendmail} -t -f ${administrator} fi if [ "a${deliverRootmsg}" != "an" ] then # # Test to see if we came up with a bad email due # to a BAD FILE [as apposed to a virused file] # if [ ${filetypescan} -eq 1\ -o ${filenamescan} -eq 1\ -o ${filetextscan} -eq 1\ -o ${detectedvirus} -eq 1 ] then # # Create and send an email to INFLEX's operator # printf "\ Date: ${rfcdate}\n\ From: ${administrator}\n\ To: ${administrator}\n\ Subject: Blocked from %s to %s r:${relay}\n\ \n\ Inflex Sent notification to %s and %s\n\ The attached mail has been BLOCKED\n\ The mail has been stored as ${blockdir}\n\ Inflex poslal oznam obom stranam, blokol mail a ulozil \n\ Pre pripadne preposlanie\n\ cd ${blockdir}; ./mail.redeliver\n\ \n\ AntiVirus Results...\n" "${sender}" "${receivers}" "${sender}" "${receivers}" > ${blockmsg} cat ${tmpdir}/fsavlog >> ${blockmsg} printf "\nBadfiles Scan Results\n" >> ${blockmsg} cat ${badfileslog} >> ${blockmsg} printf "\n" >> ${blockmsg} cat ${locallog} >> ${blockmsg} printf "\nEND OF MESSAGE.\n" >> ${blockmsg} cat ${blockmsg} | ${sendmail} -t -f ${administrator} fi fi if [ ${detectedvirus} -eq 1 ] then printf "Mail blocked due to VIRUS\n" >> ${locallog} if [ "a${deliverSenderAVmsg}" != "an" ] then # # Message to the sender # printf "\ Date: ${rfcdate}\n\ From: ${administrator}\n\ To: %s\n\ Subject: Blocked Delivery of email to %s\n\ \n\ BLOCKED DELIVERY OF YOUR EMAIL TO %s\n\ Blokovane dorucenie vasho emailu pre %s\n\ \n\ Our email scanner has detected a VIRUS in your email\n\ Your email has been stopped. The intended recipient will receive\n\ a notification of this message.\n\ Nas email scanner zistil VIRUS vo vasom emaile. Vas email bol\n\ zastaveny a aj prijemca dostal oznamenie o tejto skutocnosti.\n\ \n\ Virus scaner povedal...\n\ The virus scanner revealed...\n" "${sender}" "${receivers}" "${receivers}" "${receivers}" >> ${sendermsg} cat ${fsavlog} >> ${sendermsg} printf "\nEnd.\n" >> ${sendermsg} cat ${sendermsg} | ${sendmail} -t -f ${administrator} fi if [ "a${deliverReceiverAVmsg}" != "an" ] then printf "\ Date: ${rfcdate}\n\ From: ${administrator}\n\ To: %s\n\ Subject: Blocked Delivery of email from %s\n\ \n\ BLOCKED DELIVERY OF EMAIL FROM %s\n\ Bolo blokovane dorucenie mailu od %s\n\ \n\ Our email scanner has detected a VIRUS in an email destined for you.\n\ This email has been stopped. The sender will receive a notification \n\ of this message.\n\ Nas email scanner zistil VIRUS v emaile pre Vas. Tento mail bol zastaveny\n\ Odosielatel ak sa dalo dostal o tom upozornenie.\n\ \n\ This is ONLY a warning. You have not suffered any damage nor received\n\ any problem; ** You can safely ignore this email.** \n\ Toto je len upozornenie a vlastne sa Vas netyka a teda uplne kludne mozte\n\ tuto spravu ignorovat.\n\ \n\ Virus scaner povedal...\n\ The virus scanner revealed...\n" "${receivers}" "${sender}" "${sender}" "${sender}" >> ${recvmsg} cat ${fsavlog} >> ${recvmsg} grep -B1 -A2 Received: ${unpackdir}/_headers_ >> ${recvmsg} printf "\nEnd.\n" >> ${recvmsg} cat ${recvmsg} | ${sendmail} -t -f ${administrator} fi fi if [ ${filetypescan} -eq 1\ -o ${filenamescan} -eq 1\ -o ${filetextscan} -eq 1 ] then printf "Mail blocked due to BAD FILE\n" >> ${locallog} if [ "a${deliverSenderBLmsg}" != "an" ]; then sed -e s/.var.spool.inflex.tmp// $filelist > $filelist.bbo printf "\ Date: ${rfcdate}\n\ From: ${administrator}\n\ To: %s\n\ Subject: Blocked Delivery of email to %s\n\ \n\ BLOCKED DELIVERY OF YOUR EMAIL TO %s\n\ Blokovane dorucenie vasho emailu pre %s\n\ \n\ Our email scanner has detected a file type (or content) which we are not\n\ permitting through our systems. These namely include movies, executables \n\ and large pictures. Your email has been stopped.\n\ The intended recipient will receive a notification of this message.\n\ \n\ Nas email scan detekoval zakazany obsah mailu (exe priloha,vbs a pod)\n\ a preto Vas mail bol zastaveny a obe strany ked sa dalo dostali toto\n\ upozornenie. Spustitelne kody preto prenasajte nie priamo v emaile ale\n\ zabalene zipom,gz,arj,rar,lzh,pgp,... ci niecim inym tak, aby\n\ NEBOLI PRIAMO SPUSTITELNE.\n\ \n\ The files that were blocked are...\n\n" "${sender}" "${receivers}" "${receivers}" "${receivers}" >> ${sendermsg} cat ${filelist}.bbo ${badfileslog} >> ${sendermsg} printf "\nEnd.\n" >> ${sendermsg} cat ${sendermsg} | ${sendmail} -t -f ${administrator} fi if [ "a${deliverReceiverBLmsg}" != "an" ]; then # # Message to the intended receivers # printf "\ Date: ${rfcdate}\n\ From: ${administrator}\n\ To: %s\n\ Subject: Blocked Delivery of email from %s\n\ \n\ BLOCKED DELIVERY OF EMAIL FROM %s\n\ Bolo blokovane dorucenie mailu od %s\n\ \n\ Our email scanner has detected a file type (or content) which we are not\n\ permitting through our systems. \n\ These namely include movies, executables and large pictures.\n\ Your email has been stopped. The intended sender will receive a \n\ notification of this message.\n\ \n\ Nas email scan detekoval zakazany obsah mailu (exe priloha,vbs a pod)\n\ a preto Vas mail bol zastaveny a obe strany ked sa dalo dostali toto\n\ upozornenie. Spustitelne kody preto prenasajte nie priamo v emaile ale\n\ zabalene zipom,gz,arj,rar,lzh,pgp,... ci niecim inym tak, aby\n\ NEBOLI PRIAMO SPUSTITELNE.\n\ \n\ This is ONLY a warning. You have not suffered any damage nor received any\n\ problem; You can safely ignore this email.\n\ Toto je len upozornenie a vlastne sa Vas netyka a teda uplne kludne mozte\n\ tuto spravu ignorovat.\n\ \n\ The files that were blocked are...\n\n" "${receivers}" "${sender}" "${sender}" "${sender}" >> ${recvmsg} cat ${filelist}.bbo ${badfileslog} >> ${recvmsg} printf "\nEnd.\n" >> ${recvmsg} cat ${recvmsg} | ${sendmail} -t -f ${administrator} fi fi # Store our scanning results... printf "\n________________________________________________\n" >> $locallog printf "\ Bad files details...\n" >> ${locallog} cat ${badfileslog} >> ${locallog} printf "\nAntiVirus details...\n" >> ${locallog} cat ${fsavlog} >> ${locallog} printf "\ncompleted scanning process for ${pid}\n\ FileType blocking status is: ${filetypescan}\n\ FileName blocking status is: ${filenamescan}\n\ FileText blocking status is: ${filetextscan}\n\ AntiVirus status is: ${detectedvirus}\n\ Global result is: ${lresult}\n\n\ Bad files details...\n" >> ${locallog} cat ${badfileslog} >> ${locallog} printf "\nAntiVirus details...\n" >> ${locallog} cat ${fsavlog} >> ${locallog} printf "\n________________________________________________\n" >> $locallog #log printf "${logdatecode}:${lresult}:fr=%s:to=%s:ub=0:tv=${detectedvirus}:\ tt=${filetypescan}:tn=${filenamescan}:tx=${filetextscan}:ts=0:ac=0:te=0:sz=0:cp=0:fp=${tmpdir}:vir=${menovira}:rl=${relay}\n" "${sender}" "${receivers}" >> ${logfile} if [ \ ${filetypescan} -eq 0 \ -a ${filenamescan} -eq 0 \ -a ${filetextscan} -eq 0 \ -a ${detectedvirus} -eq 0 ] then rm -rf ${tmpdir} SIGkoncim exit 10 ## OK else mv ${tmpdir} ${blockdir} # Create the redelivery script printf "#!/bin/sh\n\ cd $blockdir\n\ printf \"Sending email from (%s) to (%s)\"\n\ cat mailpack | $sendmail -i -f \"%s\" \"%s\"\n\ printf \"done.\\n\"" "${sender}" "${receivers}" "${sender}" "${receivers}" > $blockdir/mail.redeliver chmod 700 $blockdir/mail.redeliver if [ ${detectedvirus} -eq 1 ] then rm -rf ${blockdir} fi SIGkoncim exit 20 ## Virus alebo zle prilohy fi