Author Topic: Kmail and Avast Scanner for Linux  (Read 9028 times)

0 Members and 1 Guest are viewing this topic.

Culpeper

  • Guest
Kmail and Avast Scanner for Linux
« on: December 07, 2005, 03:44:05 AM »
Current version of Kmail has an antivirus wizard that sets up filters that are piped through to selected AV programs.  They are:

Clam
Sophos
F-Prot
Anti-Vir

If the wizard detects any of the above AV programs installed than it will set up filters to scan using the selecting AV scanner to scan incoming or outgoing email.  This doesn't mean Avast cannot be used in the same manner.  It does mean the proper filtering needs to be set up thus bypassing the antivirus wizard in Kmail.

For example.  If F-prot is installed and selected than the wizard will set up the proper filters to "pipe through" a script called, kmail_fprot.sh, which is as follows:

Code: [Select]
TEMPFILE=`mktemp`
if [ $? != 0 ] ; then
    TEMPFILE=`mktemp /tmp/kmail.XXXXXX`
fi
export TEMPFILE
cat > $TEMPFILE
f-prot -archive 3 $TEMPFILE > /dev/null
RC=$?
if [ $RC -eq 0 ] ; then
    echo "X-Virus-Flag: no"
else
    case $RC in
        1 ) DESC="no - Unrecoverable error" ;;
        2 ) DESC="no - Selftest failed" ;;
        3 ) DESC="yes - Virus-infected object found" ;;
        4 ) DESC="no - Reserved" ;;
        5 ) DESC="no - Abnormal termination" ;;
        6 ) DESC="no - Virus was removed" ;;
        7 ) DESC="no - Error, out of memory" ;;
        8 ) DESC="yes - Something suspicious found" ;;
    esac
    echo "X-Virus-Flag: $DESC"
fi

cat $TEMPFILE
rm $TEMPFILE

And email messages using Clam would be piped through, kmail_clam.sh and looks like this

Code: [Select]
TEMPFILE=`mktemp`
if [ $? != 0 ] ; then
    TEMPFILE=`mktemp /tmp/kmail.XXXXXX`
fi
export TEMPFILE
cat > $TEMPFILE
if clamscan --stdout --no-summary --mbox $TEMPFILE | grep -q FOUND; then
echo "X-Virus-Flag: yes"
else
echo "X-Virus-Flag: no"
fi
cat $TEMPFILE
rm $TEMPFILE

And Anti-Vir is, kmail_antivir.sh

Code: [Select]
MPFILE=`mktemp`
if [ $? != 0 ] ; then
    TEMPFILE=`mktemp /tmp/kmail.XXXXXX`
fi
export TEMPFILE
cat > $TEMPFILE
if antivir --scan-in-archive --scan-in-mbox $TEMPFILE | grep -q ALERT; then
echo "X-Virus-Flag: yes"
else
echo "X-Virus-Flag: no"
fi
cat $TEMPFILE
rm $TEMPFILE

And Sophos is, kmail_sav.sh

Code: [Select]
EMPFILE=`mktemp`
if [ $? != 0 ] ; then
    TEMPFILE=`mktemp /tmp/kmail.XXXXXX`
fi
export TEMPFILE
cat > $TEMPFILE
if sweep -ss -mime $TEMPFILE | grep -q found; then
echo "X-Virus-Flag: yes"
else
echo "X-Virus-Flag: no"
fi
cat $TEMPFILE
rm $TEMPFILE

What we need for Avast to work (I think), is to create a, kmail_avast.sh.  I'm no programmer by any means but as far as I can tell this is what we need to get Avast scanning email using KDE Kmail.  Any suggestions would be productive.

Please see the attached images to view filtering rules using F-Prot.


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Kmail and Avast Scanner for Linux
« Reply #1 on: December 07, 2005, 06:31:48 PM »
It would be nice...
The absence of a GUI to update, run on-demand scannings, etc., makes avast for Linux very unatractive.
If you succeed making this script, it will be a very good thing in my opinion.

Nice to know you're arround Culpeper  8)
The best things in life are free.

Culpeper

  • Guest
Re: Kmail and Avast Scanner for Linux
« Reply #2 on: December 08, 2005, 02:42:03 AM »
We would need someone to write a script like the ones above to fit Avast.   The best person to do this would be one of the Avast staff familar with Linux as well as Avast for Linux commands and syntax.  It might be as simple as copying one of the scripts and changing the appropriate commands and syntax to fit Avast.  I don't know.

Dublin

  • Guest
Re: Kmail and Avast Scanner for Linux
« Reply #3 on: December 30, 2005, 05:31:45 PM »
Here's the script, please try it:

Code: [Select]
TEMPFILE=`mktemp`
if [ $? != 0 ] ; then
    TEMPFILE=`mktemp /tmp/kmail.XXXXXX`
fi
export TEMPFILE
cat > $TEMPFILE
avast -h >/dev/null 2>&1
if [ $? -eq  41 ]; then \
    avast -ai -t=A $TEMPFILE > /dev/null; \
else \
    avastcmd -ai -t=A $TEMPFILE > /dev/null; \
fi
RC=$?
if [ $RC -eq 0 ] ; then
    echo "X-Virus-Flag: no"
else
    case $RC in
        1 | 3 ) DESC="yes" ;;
        2 ) DESC="no - Virus was removed" ;;
        24 ) DESC="no - Encrypted" ;;
        * ) DESC="no - Failed" ;;
    esac
    echo "X-Virus-Flag: $DESC"
fi

cat $TEMPFILE
rm $TEMPFILE

Culpeper

  • Guest
Re: Kmail and Avast Scanner for Linux
« Reply #4 on: December 30, 2005, 09:08:18 PM »
Will do...Thanx!

Culpeper

  • Guest
Re: Kmail and Avast Scanner for Linux
« Reply #5 on: December 31, 2005, 05:19:37 AM »
dublin

Your script works testing with eicar.zip.

Dublin

  • Guest
Re: Kmail and Avast Scanner for Linux
« Reply #6 on: January 02, 2006, 10:33:13 AM »
thx