[Avcheck] Announce: avcheck-0.91

Michael Tokarev mjt@tls.msk.ru
Thu, 10 Oct 2002 02:43:24 +0400


I've just uploaded avcheck-0.91.tar.gz to
ftp://ftp.corpit.ru/pub/avcheck/.  This new version has
very minor changes and intended mostly as a preparation
for a WIP (work-in-progress) postfix's content_inspector
interface available at
ftp://ftp.corpit.ru/pub/content_inspector/.

Changes are:

  - fixed a small formatting error when printing a warning
    about possible KAV's unrecognized return code to
    syslog, thanks to Varadi Gabor.
  - added BugBear (tanatos in KAV's unique world) to a list
    of $FAKERS
  - added Spanish translation by Dani Pardo.  I don't know
    what's the country code for Spain (aka TLD) and used "sp"
    which seems to be incorrect, and converted Dani's script
    to be a translation-only file like others in ex2/??.
    Any Spanish users here - please review the resulting file
    (ex2/sp) and tell me which country code to use...
  - added yet another option, `-g okcode', to tell avcheck
    which exit code to use for non-infected mails.   If anyone
    knows a better option, please let me know before it's too
    late.  -g stands for "good" in my mind; -o (as ok) seems to
    be too confusing with traditional usage (as output).  -e
    seems to be ok too (as exit).

There is no reason for upgrades - this release is mostly for
testing only, testing of postfix's content_{filter|inspector}
model I'm working with currently.

The main change (what is of no use for most of you) is an
additional of the new -g option.  The whole thing expected
to be used this way:

# =======================================================================
# service       type private unpriv chroot wakeup  maxproc command + args
#                    (yes)   (yes)  (yes)  (never) (50)
# =======================================================================
localhost:10025  inet n       -      n      -       - smtpd -o content_filter=
avcheck    unix -       n      n      -       5      pipe
         -o pipe_safetodeliver_code=10
         flags=q user=avclient argv=/var/spool/avp/avcheck
         -d /var/spool/avp/./tst -s AVP:/var/spool/avp/ctl/AvpCtl
         -f ${sender} -S :10025 -n -g 10 -- ${recipient}

I.e. all is usual except of new pipe_safetodeliver_code=NN option for
pipe(8) agent and -n and -gNN (yes, the same NN!) for avcheck.  When set
up this way, pipe(8) agent will notice avcheck's exit code 10 when email
does not contain any viruses, and will NOT remove recipients from original
queue file, and delivery will be continued as there was no content_filter
setting at all.  Avcheck's -n option is needed to stop it from reinjecting
good mails back to postfix as in this case mail will be duplicated.
Note that non-filtering smtpd transport is still needed in order to send
virus alerts etc.  Note also that `infected' script should not be modified
(all the changes are in master.cf only) - it will return 0 after all the
processing will be done, and 0 here means usual "delivered", just like
it was always with pipe(8) transport and content_filter (i.e. our
command took responsibility for a message).

Here is a fragment from a logfile from my test machine:

Oct 10 00:50:15 gandalf postfix/pickup[3482]: 5B9E1D1AA: uid=1000 from=<mjt>
Oct 10 00:50:15 gandalf postfix/cleanup[3488]: 5B9E1D1AA: message-id=<20021009205015.5B9E1D1AA@gandalf.tls.msk.ru>
Oct 10 00:50:15 gandalf postfix/qmgr[3483]: 5B9E1D1AA: from=<mjt@gandalf.tls.msk.ru>, size=371, nrcpt=3 (queue active)
Oct 10 00:50:15 gandalf postfix/pipe[3490]: 5B9E1D1AA: to=<helen@gandalf.tls.msk.ru>, relay=avcheck, delay=0, status=sent (DrWeb)
Oct 10 00:50:15 gandalf postfix/pipe[3490]: 5B9E1D1AA: to=<mjt@gandalf.tls.msk.ru>, relay=avcheck, delay=0, status=sent (DrWeb)
Oct 10 00:50:15 gandalf postfix/pipe[3490]: 5B9E1D1AA: to=<root@gandalf.tls.msk.ru>, relay=avcheck, delay=0, status=sent (DrWeb)
Oct 10 00:50:15 gandalf postfix/local[3494]: 5B9E1D1AA: to=<mjt@gandalf.tls.msk.ru>, relay=local, delay=0, status=sent (mailbox)
Oct 10 00:50:15 gandalf postfix/local[3493]: 5B9E1D1AA: to=<helen@gandalf.tls.msk.ru>, relay=local, delay=0, status=sent (mailbox)
Oct 10 00:50:15 gandalf postfix/local[3493]: 5B9E1D1AA: to=<root@gandalf.tls.msk.ru>, relay=local, delay=0, status=sent (mailbox)

And that's all for the whole delivery.  As you see, the same queueID
used for both checking for viruses and final delivery.  (Status=sent
in avhceck lines is somewhat misleading but has nothing to do with
avhceck - this is a TODO item for postfix).

(addresses used in above log fragment does not exists and never will --
you're welcome, spammers!..)

/mjt