Initial commit of source code

MANIFEST.in

@@ -0,0 +1,3 @@
+include LICENSE README.md
+recursive-include docs *
+recursive-include misc *

README.md

@@ -0,0 +1,5 @@
+# uvscand
+A python daemon to perform virus scans with uvscan (McAfee) over TCP socket, mainly used in conjunction with the antivirus module of rspamd.
+
+## Developer information
+Everyone who wants to improve or extend this project is very welcome.

docs/uvscand.conf

@@ -0,0 +1,18 @@
+# This is an example /etc/uvscand.conf file.
+# Copy it into place before use.
+#
+# Comments: use '#' for comment lines and ';' (following a space) for inline comments.
+#
+
+[uvscand]
+
+bind_address = 127.0.0.1
+bind_port = 10060
+
+tmpdir = /tmp
+
+# no command line options allowed here
+uvscan_path = /usr/local/bin/uvscan
+
+# 10: DEBUG, 20: INFO, 30: WARNING, 40: ERROR, 50: CRITICAL
+loglevel = 30

misc/openrc/uvscand.confd

@@ -0,0 +1,10 @@
+# /etc/conf.d/uvscand: config file for /etc/init.d/uvscand
+
+# Start the daemon as the user. You can optionally append a group name here also.
+USER="postfix"
+# USER="postfix:nobody"
+
+CONFIG="/etc/uvscand.conf"
+
+# Optional parameters for uvscand
+UVSCAND_OPTS=""

misc/openrc/uvscand.initd

@@ -0,0 +1,36 @@
+#!/sbin/openrc-run
+
+user=${USER:-daemon}
+uvscand_opts="${UVSCAND_OPTS:-}"
+cfg="${CONFIG:-}"
+
+pidfile="/run/${RC_SVCNAME}.pid"
+command="/usr/bin/uvscand"
+command_args="-c ${cfg} ${uvscand_opts}"
+command_background=true
+start_stop_daemon_args="--user ${user}"
+
+
+depend() {
+	need net
+	before mta
+}
+
+checkconfig() {
+	if [ -z "${cfg}" ]; then
+		eerror "No config file specified!"
+	fi
+	return 0
+}
+
+start_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		checkconfig || return $?
+	fi
+}
+
+stop_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		checkconfig || return $?
+	fi
+}

setup.py

@@ -0,0 +1,34 @@
+from setuptools import setup
+
+def read_file(fname):
+    with open(fname, 'r') as f:
+        return f.read()
+
+setup(name = "uvscand",
+    version = "0.0.1",
+    author = "Thomas Oettli",
+    author_email = "spacefreak@noop.ch",
+    description = "A python daemon to perform virus scans with uvscan (McAfee) over TCP socket.",
+    license = "GPL 3",
+    keywords = "rspamd uvscan",
+    url = "https://github.com/spacefreak86/uvscand",
+    packages = ["uvscand"],
+    long_description = read_file("README.md"),
+    classifiers = [
+        #   3 - Alpha
+        #   4 - Beta
+        #   5 - Production/Stable
+        "Development Status :: 3 - Alpha",
+        "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
+        "Operating System :: OS Independent",
+        "Programming Language :: Python",
+        "Programming Language :: Python :: 3",
+        "Topic :: Communications :: Email :: Virus"
+    ],
+    entry_points = {
+        "console_scripts": [
+            "uvscand=uvscand:main"
+        ]
+    },
+    python_requires = ">=3"
+)

uvscand.py

@@ -0,0 +1,165 @@
+#!/usr/bin/env python
+#
+# uvscand is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# 
+# uvscand is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with PyQuarantineMilter.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import argparse
+import asyncio
+import configparser
+import logging
+import logging.handlers
+import os
+import sys
+import time
+
+from subprocess import Popen, PIPE
+
+
+
+
+class AIO(asyncio.Protocol):
+    config = None
+
+    def __init__(self):
+        if not config:
+            raise RuntimeError("configuration not set")
+        self.logger = logging.getLogger(__name__)
+        self.data = bytearray()
+
+    def connection_made(self, transport):
+        self.logger.debug("new connection from {}".format(peer))
+        self.peer = transport.get_extra_info("peername")
+        self.transport = transport
+        self.request_time = str(time.time())
+
+    def data_received(self, data):
+        self.logger.debug("data received from {}".format(self.peer))
+        self.data.extend(request)
+
+    def eof_received(self):
+        protocol_err = False
+        proto_ck = str(self.data[0:2000])
+        if "UVSCAND" in proto_ck:
+            line = proto_ck[12:proto_ck.find("\\n\\n")]
+            self.data = bytearray(self.data[59:len(self.data)])
+            header_lines = olefy_line.split('\\n')
+            for line in header_lines:
+                if line == 'OLEFY/1.0':
+                    olefy_headers['olefy'] = line
+                elif line != '':
+                    kv = line.split(': ')
+                    if kv[0] != '' and kv[1] != '':
+                        olefy_headers[kv[0]] = kv[1]
+            logger.debug('olefy_headers: {}'.format(olefy_headers))
+        else:
+            olefy_protocol_err = True
+
+        lid = 'Rspamd-ID' in olefy_headers and '<'+olefy_headers['Rspamd-ID'][:6]+'>' or '<>'
+
+        tmp_file_name = olefy_tmp_dir+'/'+request_time+'.'+str(self.peer[1])
+        self.logger.debug('{} {} choosen as tmp filename'.format(lid, tmp_file_name))
+
+        self.logger.info('{} {} bytes (stream size)'.format(lid, self.data.__len__()))
+
+        if olefy_protocol_err == True or olefy_headers['olefy'] != 'OLEFY/1.0':
+            self.logger.error('Protocol ERROR: no OLEFY/1.0 found)')
+            out = b'[ { "error": "Protocol error" } ]'
+        elif 'Method' in olefy_headers:
+            if olefy_headers['Method'] == 'oletools':
+                out = oletools(self.data, tmp_file_name, lid)
+        else:
+            self.logger.error('Protocol ERROR: Method header not found')
+            out = b'[ { "error": "Protocol error: Method header not found" } ]'
+
+        self.transport.write(out)
+        self.logger.info('{} response send: {!r}'.format(self.peer, out))
+        self.transport.close()
+
+
+def main():
+    "Run uvscand."
+    # parse command line
+    parser = argparse.ArgumentParser(description="uvscand daemon",
+            formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=45, width=140))
+    parser.add_argument("-c", "--config", help="List of config files to read.", nargs="+",
+            default=["/etc/uvscand.conf"])
+    parser.add_argument("-d", "--debug", help="Log debugging messages.", action="store_true")
+    args = parser.parse_args()
+
+    # setup logging
+    loglevel = logging.INFO
+    logname = "uvscand"
+    syslog_name = logname
+    if args.debug:
+        loglevel = logging.DEBUG
+        logname = "{}[%(name)s]".format(logname)
+        syslog_name = "{}: [%(name)s] %(levelname)s".format(syslog_name)
+
+    root_logger = logging.getLogger()
+    root_logger.setLevel(loglevel)
+
+    # setup console log
+    stdouthandler = logging.StreamHandler(sys.stdout)
+    stdouthandler.setLevel(loglevel)
+    formatter = logging.Formatter("%(asctime)s {}: [%(levelname)s] %(message)s".format(logname), datefmt="%Y-%m-%d %H:%M:%S")
+    stdouthandler.setFormatter(formatter)
+    root_logger.addHandler(stdouthandler)
+
+    # setup syslog
+    sysloghandler = logging.handlers.SysLogHandler(address="/dev/log", facility=logging.handlers.SysLogHandler.LOG_MAIL)
+    sysloghandler.setLevel(loglevel)
+    formatter = logging.Formatter("{}: %(message)s".format(syslog_name))
+    sysloghandler.setFormatter(formatter)
+    root_logger.addHandler(sysloghandler)
+
+    logger = logging.getLogger(__name__)
+
+    # parse config file
+    parser = configparser.ConfigParser()
+    parser.read(args.config)
+
+    # check config
+    if "uvscand" not in parser.sections():
+        logger.error("section 'uvscand' is missing in config file")
+        sys.exit(1)
+    config = dict(parser.items("uvscand"))
+    for option in ["bind_address", "bind_port", "tmpdir", "uvscan_path", "loglevel"]:
+        if option not in config.keys():
+            logger.error("option '{}' not present in config section 'uvscand'".format(option))
+            sys.exit(1)
+
+    # check if uvscan binary exists and is executable
+    if not os.path.isfile(config["uvscan_path"]) or not os.access(config["uvscan_path"], os.X_OK):
+        logger.error("uvscan binary '{}' does not exist or is not executable".format(config["uvscan_path"]))
+        sys.exit(1)
+
+    loop = asyncio.get_event_loop()
+    AIO.config = config
+    coro = loop.create_server(AIO, config.listen_addr, config.listen_port)
+    server = loop.run_until_complete(coro)
+    logger.info("uvscand started")
+
+    try:
+        loop.run_forever()
+    except KeyboardInterrupt:
+        pass
+
+    server.close()
+    loop.run_until_complete(server.wait_closed())
+    loop.close()
+    logger.info("uvscand stopped")
+
+
+if __name__ == "__main__":
+    main()

uvscand/__init__.py

@@ -0,0 +1,184 @@
+#!/usr/bin/env python
+#
+# uvscand is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# 
+# uvscand is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with PyQuarantineMilter.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import argparse
+import asyncio
+import configparser
+import logging
+import logging.handlers
+import os
+import re
+import struct
+import sys
+import time
+
+from subprocess import Popen, PIPE
+
+
+uvscan_regex = re.compile(r"Found(?: the |: | )(.+)(?: .*|\.)", re.MULTILINE)
+
+
+async def run(uvscan, filename):
+    proc = await asyncio.create_subprocess_exec(uvscan, "--secure", "--mime", "--noboot", "--panalyse", "--manalyse", filename, stdout=asyncio.subprocess.PIPE)
+    stdout, _ = await proc.communicate()
+    os.remove(filename)
+    if proc.returncode == 13:
+        match = uvscan_regex.search(stdout.decode())
+        name = match.group(1) if match else "UNKNOWN"
+        result = "stream: {} FOUND".format(name)
+    else:
+        result = "stream: OK"
+    return result
+
+
+class AIO(asyncio.Protocol):
+    config = None
+    separator = b"\x00"
+
+    def __init__(self):
+        if not AIO.config:
+            raise RuntimeError("configuration not set")
+        self.logger = logging.getLogger(__name__)
+        self.data = bytearray()
+
+    def connection_made(self, transport):
+        self.peer = transport.get_extra_info("peername")
+        self.logger.debug("new connection from {}".format(self.peer))
+        self.transport = transport
+        self.request_time = str(time.time())
+
+    def data_received(self, data):
+        self.logger.debug("data received from {}".format(self.peer))
+        self.data.extend(data)
+        if self.data[-4:] == b"\x00\x00\x00\x00":
+            self.logger.debug("last data chunk received from {}".format(self.peer))
+            self.process_request()
+        else:
+            self.logger.debug("received data chunk from {}".format(self.peer))
+
+    def process_request(self):
+        try:
+            if self.data[0] != ord(b"z"):
+                raise RuntimeError("protocol error")
+            pos = self.data.index(ord(AIO.separator))
+            # parse command
+            command = self.data[0:pos].decode()
+            pos += 1
+            if command == "zINSTREAM":
+                # save data chunks to temporary file
+                tmpfile = os.path.join(AIO.config["tmpdir"], "uvscan_{}_{}".format(self.request_time, str(self.peer[1])))
+                self.logger.debug("save data from {} in temporary file {}".format(self.peer, tmpfile))
+                with open(tmpfile, "wb") as f:
+                    while True:
+                        length = struct.unpack(">I", self.data[pos:pos + 4])[0]
+                        if length == 0: break
+                        pos += 4
+                        f.write(self.data[pos:pos + length])
+                        pos += length
+                self.logger.debug("starting uvscan for file {}".format(tmpfile))
+                task = asyncio.async(run(AIO.config["uvscan_path"], tmpfile))
+                task.add_done_callback(self.handle_uvscan_result)
+            else:
+                raise RuntimeError("unknown command")
+        except (RuntimeError, IndexError, IOError, struct.error) as e:
+            self.send_response(str(e))
+
+    def handle_uvscan_result(self, task):
+        self.send_response(task.result())
+
+    def send_response(self, response):
+        response = response.encode()
+        response += AIO.separator
+        self.logger.debug("sending response to {}: {}".format(self.peer, response))
+        self.transport.write(response)
+        self.transport.close()
+
+
+def main():
+    "Run uvscand."
+    # parse command line
+    parser = argparse.ArgumentParser(description="uvscand daemon",
+            formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=45, width=140))
+    parser.add_argument("-c", "--config", help="List of config files to read.", nargs="+",
+            default=["/etc/uvscand.conf"])
+    parser.add_argument("-d", "--debug", help="Log debugging messages.", action="store_true")
+    args = parser.parse_args()
+
+    # setup logging
+    loglevel = logging.INFO
+    logname = "uvscand"
+    syslog_name = logname
+    if args.debug:
+        loglevel = logging.DEBUG
+        logname = "{}[%(name)s]".format(logname)
+        syslog_name = "{}: [%(name)s] %(levelname)s".format(syslog_name)
+
+    root_logger = logging.getLogger()
+    root_logger.setLevel(loglevel)
+
+    # setup console log
+    stdouthandler = logging.StreamHandler(sys.stdout)
+    stdouthandler.setLevel(loglevel)
+    formatter = logging.Formatter("%(asctime)s {}: [%(levelname)s] %(message)s".format(logname), datefmt="%Y-%m-%d %H:%M:%S")
+    stdouthandler.setFormatter(formatter)
+    root_logger.addHandler(stdouthandler)
+
+    # setup syslog
+    sysloghandler = logging.handlers.SysLogHandler(address="/dev/log")
+    sysloghandler.setLevel(loglevel)
+    formatter = logging.Formatter("{}: %(message)s".format(syslog_name))
+    sysloghandler.setFormatter(formatter)
+    root_logger.addHandler(sysloghandler)
+
+    logger = logging.getLogger(__name__)
+
+    # parse config file
+    parser = configparser.ConfigParser()
+    parser.read(args.config)
+
+    # check config
+    if "uvscand" not in parser.sections():
+        logger.error("section 'uvscand' is missing in config file")
+        sys.exit(1)
+    config = dict(parser.items("uvscand"))
+    for option in ["bind_address", "bind_port", "tmpdir", "uvscan_path", "loglevel"]:
+        if option not in config.keys():
+            logger.error("option '{}' not present in config section 'uvscand'".format(option))
+            sys.exit(1)
+
+    # check if uvscan binary exists and is executable
+    if not os.path.isfile(config["uvscan_path"]) or not os.access(config["uvscan_path"], os.X_OK):
+        logger.error("uvscan binary '{}' does not exist or is not executable".format(config["uvscan_path"]))
+        sys.exit(1)
+    loop = asyncio.get_event_loop()
+    AIO.config = config
+    coro = loop.create_server(AIO, config["bind_address"], config["bind_port"])
+    server = loop.run_until_complete(coro)
+    logger.info("uvscand started")
+
+    try:
+        loop.run_forever()
+    except KeyboardInterrupt:
+        pass
+
+    server.close()
+    loop.run_until_complete(server.wait_closed())
+    loop.close()
+    logger.info("uvscand stopped")
+
+
+if __name__ == "__main__":
+    main()