Virus email message randomly scanned multiple times

macli has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks, This is my first post here, I am new to Perl and trying to add virus scann feature to SpamPD (Spam Proxy Daemon) http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm. this is the differences between my version and the original one.

--- spampd      2006-08-25 10:39:39.000000000 -0700
+++ spampd-scan 2006-08-25 14:48:25.000000000 -0700
@@ -75,6 +75,7 @@
 
 use strict;
 use IO::File;
+use File::Temp qw(mkstemp);
 
 #use IO::Socket;
 
@@ -208,7 +209,8 @@
             $self->{data}->truncate(0);
         }
         else {
-            $self->{data} = IO::File->new_tmpfile;
+             ( undef, $self->{datafilename} ) =  mkstemp("/tmp/spampd
+XXXXX");
+             $self->{data} = new IO::File $self->{datafilename}, "r+"
+;
         }
         while ( defined( $_ = $self->_getline ) ) {
             if ( $_ eq ".\r\n" ) {
@@ -521,6 +523,30 @@
         }
 
         $msgid ||= "(unknown)";
+        
+         my $infected = 0;
+         my $infections;
+         my $filename = $self->{smtp_server}->{datafilename};
+         $self->log( 2, "%s",
+            "start message virus scanning $msgid and  for " . $recips
+ . "on datafile $filename");
+            open( CLAMAV, "/usr/local/bin/clamscan $filename|" );
+            while (<CLAMAV>) {
+                if (/^\Q$filename\E:\s(.*)$/) {
+                    $infections = $1;
+                }
+                if (/^Infected\sfiles:\s(\d+)/) {
+                    $infected = $1;
+                }
+            }
+            close CLAMAV;
+         #unlink $filename;
+          
+     if ( $infected > 0 ) {
+         $self->log( 2, "%s%s%s",
+            "Virus $infected $infections in message $msgid for " . $r
+ecips . " and Quit!!!" );
+          exit 1;
+     } 
+     else {
 
         $self->log( 2, "%s", "processing message $msgid for " . $reci
+ps );
 
@@ -635,7 +661,9 @@
             # set the timeout alarm back to wherever it was at
             alarm($previous_alarm);
 
-        };
+        }; #end eval
+    
+    } #end if for virus skip 
 
         if ( $@ ne '' ) {
[download]

The problem is if I send to the proxy server a sample virus email, the virus email will randomly get scanned mutipple times. If I test a spam and non-spam email. it won't happen like that. here is some of my sample log lines:

Aug 25 15:52:16 scanner spampd[25091]: start message virus scanning <2
+0060825215158.64D1B2C44FB@mydomain.com> and  for <test@mydomain.com>o
+n datafile /tmp/spampd5Wqhn
 
Aug 25 15:52:23 scanner spampd[25091]: Virus 1 HTML.Phishing.Bank-380 
+FOUND in message <20060825215158.64D1B2C44FB@mydomain.com> for <test@
+mydomain.com> and Quit!!! 

Aug 25 15:52:23 scanner spampd[25094]: start message virus scanning <2
+0060825214705.6B0582C44F0@mydomain.com> and  for <test@mydomain.com>o
+n datafile /tmp/spampdUOh2w
 
Aug 25 15:52:29 scanner spampd[25094]: Virus 1 HTML.Phishing.Bank-380 
+FOUND in message <20060825214705.6B0582C44F0@mydomain.com> for <test@
+mydomain.com> and Quit!!!
[download]

Edited by planetscape - added code tags, linkified link

( keep:0 edit:8 reap:0 )

Comment on Virus email message randomly scanned multiple times Select or Download Code

Replies are listed 'Best First'.
Re: Virus email message randomly scanned multiple times by madbombX (Hermit) on Aug 26, 2006 at 00:34 UTC
If all you are trying to do is to add virus scanning capability to spampd, you can use amavisd-new (http://www.ijs.si/software/amavisd/). This will hand off the message to clamav and then recieve it back and then hand it off to spampd. Amavisd-new was made to integrate with spamassassin and IIRC, spampd uses Spam Assassin (http://www.spamassassin.org/). Eric	[reply]
Re^2: Virus email message randomly scanned multiple times by macli (Beadle) on Aug 26, 2006 at 02:14 UTC
Hello Eric, I am using amavisd now, but amavisd is calling Mail::SpamAssassin in non standard way , it will ignore spamassassin header tag configuration. I also want to learn some Perl skills from adding the virus scan feature.	[reply]
Re: Virus email message randomly scanned multiple times by Corion (Patriarch) on Aug 26, 2006 at 06:39 UTC
Your sample log lines are for different mails, or at least different `message-id`s. So I don't think your mail is getting randomly scanned multiple times, at least not according to your logfile.	[reply] [d/l]