<div dir="ltr">And this one is the perl fragment:<div><br></div><div>sub analyze_virus_kav {<br><br> my ($queue, $dname, $pmg_cfg) = @_;<br><br> my $timeout = 60*5;<br> my ($csec, $usec) = gettimeofday();<br> my $previous_alarm;<br> my $debug = 0 ;<br> my $av_cmd = "/opt/kaspersky/kesl/bin/kesl-control" ;<br> my $av_scan_cmd = "/var/custom/scripts/kav_scan.sh" ;<br> my $scan_error = 0 ;<br> my $response = '';<br> my %hvinfo = () ;<br> my $vinfo = "none" ;<br> my $i = 0 ;<br> my $size = 0 ;<br> my %hinfo=() ;<br><br> # where to write task file (this is a ramcache)<br> my $work_dir = "/var/custom/work/ramcache" ;<br><br> ## Task conf - Add here your personal settings<br> ## BUT add it BEFORE [ScanScope.item_1]<br> my @task_file_contents = (<br> "FirstAction=Skip",<br> "ScanMailBases=Yes",<br> "ScanPlainMail=Yes",<br> "UseAnalyzer=Yes",<br> "HeuristicLevel=Medium",<br> "[ScanScope.item_1]"<br> ) ;<br><br> # generate uuid for scan task <br> srand( time() ^ ($$ + ($$ << 15)) );<br> my @v = qw ( a e i o u y );<br> my @c = qw ( b c d f g h j k l m n p q r s t v w x z );<br> my ($flip, $uuid) = (0,'');<br> $uuid .= ($flip++ % 2) ? $v[rand(6)] : $c[rand(20)] for 1 .. 9;<br> $uuid =~ s/(....)/$1 . int rand(10)/e;<br> $uuid = ucfirst $uuid if rand() > 0.5;<br> $uuid = "OSD00".$uuid ;<br><br> # scan task settings filename<br> my $task_file = "$work_dir/$uuid.task" ;<br><br> # prepare scan task settings file<br> open my $fh,">>$task_file" ;<br> print $fh join ("\n", @task_file_contents);<br> #append filename to scan<br> print $fh "\nPath=$dname\n" ;<br> close $fh ;<br><br> eval {<br><br> $previous_alarm = alarm($timeout);<br><br> $SIG{ALRM} = sub {<br> die "$queue->{logid}: Maximum time ($timeout sec) exceeded. " .<br> "virus analyze (kaspersky) failed: ERROR";<br> };<br><br> # find in the kesl db the scan task events related to malware (if any virus was found)<br> open(CMD,"-|","$av_scan_cmd $uuid $task_file $dname")<br> || die "$queue->{logid}: problem running query events for kaspersky antivirus engine: $! : ERROR" ;<br><br> # loop tru scan task events output to find out the virus information <br> while (defined(my $line = <CMD>)) {<br> $size++ ;<br> #syslog('info', "line is $line");<br> $response .= $line;<br> chomp $line ;<br><br> if ( $line =~ /^(\S+)=(\S+)\W*$/ ) {<br> my $id = $1 ;<br> my $value = $2 ;<br> chomp $id if ( defined $id );<br> chomp $value if ( defined $value ) ;<br><br> if ( $id eq 'DetectName' ) {<br> $vinfo = $value ;<br> last ;<br> } <br> } elsif ( $line =~ /^KAV_ERROR/ ) {<br> $scan_error = 1 ;<br> last ;<br> }<br> }<br><br> close CMD ;<br> alarm(0); # avoid race conditions<br><br> unlink $task_file if ( -e $task_file ) ;<br> # die in case of scanner error<br> if ( $scan_error ) {<br> die "$queue->{logid}: (kaspersky) got undefined output from " . "virus detector: $response : ERROR";<br> }<br><br> if ( $vinfo ne 'none' ) {<br> syslog('info', "$queue->{logid}: virus detected: $vinfo (kaspersky)");<br> }<br><br> }; # end of eval<br><br> my $err = $@ ;<br> alarm($previous_alarm) if ( defined $previous_alarm );<br><br> my ($csec_end, $usec_end) = gettimeofday();<br> $queue->{ptime_kav} = int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);<br><br> if ($err) {<br> syslog ('err', $err);<br> $vinfo = 'none';<br> $queue->{errors} = 1;<br> }<br><br> $queue->{vinfo_kav} = $vinfo;<br><br> return ( $vinfo ne 'none' ) ? "$vinfo (kaspersky)" : undef;<br><br>} # end of sub<div class="gmail-yj6qo"></div><br class="gmail-Apple-interchange-newline"></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Jan 8, 2019 at 4:38 PM Davide Bozzelli <<a href="mailto:davide.bozzelli@gmail.com">davide.bozzelli@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">As promised the following is some info about kesl (kaspersky enpoint security).<div><br></div><div>The command line utility to interact with the service is: /opt/kaspersky/kesl/bin/kesl-control</div><div>There is no simple way to have a clamdscan like functionality in oder to scan a file and get the virus name.</div><div><br></div><div>HOW TO RUN A SCAN </div><div>--------------------------------</div><div><br></div><div>So after some researching i've found the following steps:</div><div><br></div><div>1) create a task file settings in which i will put the filename to scan, something linke:</div><div><div>FirstAction=Skip</div><div>ScanMailBases=Yes</div><div>ScanPlainMail=Yes</div><div>UseAnalyzer=Yes</div><div>HeuristicLevel=Medium</div><div>[ScanScope.item_1]</div><div>Path=/tmp/eicar_com.zip</div></div><div><br></div><div>2) create a task: /opt/kaspersky/kesl/bin/kesl-control --create-task $task_name --type ODS --file $task_file</div><div><br></div><div>3) run task: /opt/kaspersky/kesl/bin/kesl-control --start-task $task_name -W </div><div> the -W parameter force to wait the end of the task </div><div><br></div><div>4) delete task: /opt/kaspersky/kesl/bin/kesl-control --delete-task $task_name</div><div><br></div><div>5) run a query to find out scan info about filename AND task: </div><div> /opt/kaspersky/kesl/bin/kesl-control -E --query "TaskName=='$task_name' and EventType=='ThreatDetected' and ObjectName=='File' and Filename like '%$scan_file%'"</div><div> </div><div>HOW TO INTEGRATE WITH PMG-SMTP-FILTER </div><div>-------------------------------------------------------------------</div><div><br></div><div>Early i haved used system() to run various command but this leads in a fork() for each command.</div><div>I've prefer then to put all the tasks operation in a shell script and then let run it from perl code.</div><div>In this way the perl code is more or less similar to the other used for avast or clamd.</div><div><br></div><div>I'm going to post perl and shell code in a separate mail on this list under this thread.</div><div><br></div><div>Thx </div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Jan 8, 2019 at 12:48 PM Stoiko Ivanov <<a href="mailto:s.ivanov@proxmox.com" target="_blank">s.ivanov@proxmox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
Thank you for providing the links and the time you spent integrating it!<br>
<br>
I'll give it a look and will try to post my results here this week.<br>
<br>
<br>
<br>
On Fri, 28 Dec 2018 15:53:01 +0100<br>
Davide Bozzelli <<a href="mailto:davide.bozzelli@gmail.com" target="_blank">davide.bozzelli@gmail.com</a>> wrote:<br>
<br>
> Basically the product is one: kaspersky endpoint security for linux,<br>
> sold in two version<br>
> 1) as endpoint product (standalone av)<br>
> 2) as specifically for file server<br>
> <br>
> LINKS:<br>
> 1)<br>
> <a href="https://www.kaspersky.com/small-to-medium-business-security/file-server" rel="noreferrer" target="_blank">https://www.kaspersky.com/small-to-medium-business-security/file-server</a><br>
> 2)<br>
> <a href="https://www.kaspersky.com/small-to-medium-business-security/endpoint-linux" rel="noreferrer" target="_blank">https://www.kaspersky.com/small-to-medium-business-security/endpoint-linux</a><br>
> <br>
> Pricing for 1 license of "kaspersky security for file server" is<br>
> circa 400 euros.<br>
> Price seems to be fair.<br>
> AV is daemonized and performace seems to be good (but more slower than<br>
> avast/clamd).<br>
> Deb package exists for debian and it's easily to download and test.<br>
> There is not a simple command line interface like clamdscan or<br>
> scan/avast but i was able<br>
> to simulate it.<br>
> <br>
> Thx<br>
> <br>
> <br>
> <br>
> On Fri, Dec 28, 2018 at 3:10 PM Dietmar Maurer <<a href="mailto:dietmar@proxmox.com" target="_blank">dietmar@proxmox.com</a>><br>
> wrote:<br>
> <br>
> > > As per topic, I was able to integrate the kaspersky antivirus with<br>
> > > pmg-smtp-filter.<br>
> > > I would'nt give any implementation's details here as don't know<br>
> > > if could <br>
> > be <br>
> > > interesting<br>
> > > for the product.<br>
> > ><br>
> > > Do you think would be useful ? <br>
> ><br>
> > What is the pricing of that product? Do you have a link to the<br>
> > product page?<br>
> ><br>
> > <br>
> <br>
<br>
<br>
_______________________________________________<br>
pmg-devel mailing list<br>
<a href="mailto:pmg-devel@pve.proxmox.com" target="_blank">pmg-devel@pve.proxmox.com</a><br>
<a href="https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel" rel="noreferrer" target="_blank">https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail-m_6923118838849335973gmail_signature">Got problems with Windows? - ReBooT<br>Got problems with Linux? - Be RooT </div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Got problems with Windows? - ReBooT<br>Got problems with Linux? - Be RooT </div>