#!/bin/sh

# Script for the Sanitizer (procmail filter)
# Using either F-PROT, AVP, Sweep or VirusScan antivirus systems
# Version: 1.01, Xavier Roche/Serianet
# Usage: /etc/procmail/check_for_virus <filename> 
# Returns: "CLEAN : OK" | "VIRUS : <information>" | "ERROR"
# Exitcode: 0=OK 2=SUSPICIOUS 3=VIRUS 
# This script is under GPL

##############################################################################
# Instructions (copied from e-mail from Xavier by Bjarni):
#
#  I tested various AV systems (avp, f-prot..) and attached to this mail
#  a simple script which recognizes the four most used av scanners on 
#  linux systems (the script can be freely used and spread, of course).
#
#  The use is simple:  check_for_virus <filename>
#  which will return 0 (OK), 2 (warning), or 3 (danger)
#
#  For example, I use the main policy:
#
#   file_list_1_scanner = 0:2:3:/etc/procmail/check_for_virus %FILENAME
#   file_list_1_policy  = unknown:mangle:save:save
#   file_list_1         = (?i).*
#

logger "check $1"

if test -n "$1"; then
if test -f "$1"; then

RET=0

# F-PROT (FRISK Software F-Prot Antivirus for Linux)
if test -x /usr/local/bin/f-prot; then
	STATUS=
	/usr/local/bin/f-prot -NOBOOT -NOMEM -NOSUB -ARCHIVE -PACKED "$1" 2>/dev/null >/dev/null
	RETURNCODE=$?
	if test $RETURNCODE -eq 3; then
		STATUS="virus found"
		RET=3
	fi
	if test -n "$STATUS"; then
		INFO=`/usr/local/bin/f-prot -NOBOOT -NOMEM -NOSUB -ARCHIVE -PACKED "$1" 2>/dev/null | grep -iE "infection:"|sed -e 's/.*infection:\(.*\)/\1/i' -e 's/^[ \>]*//g' -e 's/[ ]*$//g'`
		logger "virus check for $1: VIRUS FOUND!! - $INFO"
		echo "VIRUS : $INFO"
	else
		logger "virus check for $1: ok"
		echo "CLEAN : OK"	
	fi
# AVP (Kaspersky Anti-Virus for Linux)
elif test -x /usr/bin/kavscanner; then
	STATUS=
	/usr/bin/kavscanner  -LP -I0 "$1" 2>/dev/null >/dev/null
	RETURNCODE=$?
	if test $RETURNCODE -eq 2; then
		STATUS="suspicious file, maybe altered virus"
		RET=2
	elif test $RETURNCODE -eq 3; then
		STATUS="suspicious file"
		RET=2
	elif test $RETURNCODE -eq 4; then
		STATUS="virus found"
		RET=3
	fi
	if test -n "$STATUS"; then
		INFO=`/usr/bin/kavscanner  -LP -I0 "$1" 2>/dev/null | grep -iE "infected:"|sed -e 's/^[ \>]*//g' -e 's/[ ]*$//g'`
		echo "VIRUS : $INFO"
		logger "virus check for $1: VIRUS FOUND!! - $INFO"
	else
		logger "virus check for $1: ok"
		echo "CLEAN : OK"	
	fi
# Sophos Sweep Antivirus (SWEEP virus detection utility 3.47)
elif test -x /usr/local/bin/sweep; then
	/usr/local/bin/sweep -ndi -s -ss -archive --no-follow-symlinks --skip-special --no-quarantine "$1" 2>/dev/null >/dev/null
	if test $? -eq 3; then
		INFO=`/usr/local/bin/sweep -ndi -s -ss -archive --no-follow-symlinks --skip-special --no-quarantine "$1" 2>/dev/null | grep -iE "Found.*virus"|sed -e 's/^[ \>]*//g' -e 's/[ ]*$//g'` 
		echo "VIRUS : test $INFO"
		logger "virus check for $1: VIRUS FOUND!! - $INFO"
		RET=3
	else
		logger "virus check for $1: ok"
		echo "CLEAN : OK"
	fi	
# NAI VirusScan (McAfee VirusScan for Unix Linux 4.14.0)
elif test -x /usr/local/bin/uvscan; then
	/usr/local/bin/uvscan --analyze --noexpire "$1" 2>/dev/null >/dev/null
	if test $? -eq 13; then
		INFO=`/usr/local/bin/uvscan --analyze --noexpire "$1" 2>/dev/null | grep -iE "Found.*virus"|sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'`
		echo "VIRUS : $INFO"
		logger "virus check for $1: VIRUS FOUND!! - $INFO"
		RET=3
	else
		logger "virus check for $1: ok"
		echo "CLEAN : OK"
	fi
fi
exit $RET

fi
fi
echo "ERROR"
exit 0
