debian/0000755000000000000000000000000012153155706007173 5ustar debian/prerm0000644000000000000000000000203211756462762010253 0ustar #! /bin/sh # prerm script for p3scan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|deconfigure) if [ -x /usr/sbin/invoke-rc.d ] ; then invoke-rc.d p3scan stop || true else /etc/init.d/p3scan stop || true fi ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/rules0000755000000000000000000000614111756462632010264 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 CFLAGS = -Wall -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 else CFLAGS += -O2 endif ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) INSTALL_PROGRAM += -s endif configure: configure-stamp configure-stamp: dh_testdir touch configure-stamp build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: configure-stamp dh_testdir $(MAKE) touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp $(MAKE) clean -rm -f CHANGELOG.gz -(cd ripmime/ripOLE && make clean) dh_clean install: build dh_testdir dh_testroot dh_clean dh_installdirs $(MAKE) install PREFIX=$(CURDIR)/debian/p3scan/usr \ MANDIR=$(CURDIR)/debian/p3scan/usr/share/man/man8 \ piddir=$(CURDIR)/debian/p3scan/run/p3scan \ userdir=$(CURDIR)/debian/p3scan/etc/p3scan \ datadir=$(CURDIR)/debian/p3scan/var/spool/p3scan \ notify=$(CURDIR)/debian/p3scan/var/spool/p3scan/notify \ docdir=$(CURDIR)/debian/p3scan/usr/share/doc/p3scan # etc/p3scan/p3scan.mail is a symlink, replace with the english version # this will make sure dpkg handles the file as a config file rm debian/p3scan/etc/p3scan/p3scan.mail cp debian/p3scan/etc/p3scan/p3scan-en.mail debian/p3scan/etc/p3scan/p3scan.mail cp debian/init.d $(CURDIR)/debian/p3scan/etc/init.d/p3scan chmod 755 $(CURDIR)/debian/p3scan/etc/init.d/p3scan rm -f $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/LICENSE rm -f $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/NEWS rm -f $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/README-rpm rm -f $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/spamfaq.txt mv $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/CHANGELOG \ $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/changelog for FILE in AUTHORS changelog CONTRIBUTERS README README-ripmime TODO.list \ spamfaq.html; do \ gzip -9 $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/$$FILE; \ done # replace with our fixed man pages cat p3scan.8 | gzip -9 - \ > $(CURDIR)/debian/p3scan/usr/share/man/man8/p3scan.8.gz cat p3scan_readme.8 | gzip -9 - \ > $(CURDIR)/debian/p3scan/usr/share/man/man8/p3scan_readme.8.gz # remove extra license file - information is in package copyright rm -f $(CURDIR)/debian/p3scan/usr/share/doc/p3scan/LICENSE.OpenSSL* # remove the pid directory - this is automatically generated in init.d rm -rf $(CURDIR)/debian/p3scan/run # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installexamples dh_installman dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure debian/README.Debian0000644000000000000000000000547711756456644011266 0ustar p3scan for Debian ----------------- See the author's README for full information. ----------------------------------------------------------------------- Setting up the iptables rules ----------------------------------------------------------------------- p3scan depends on redirecting outgoing pop3 connections to port 8110 on the firewall/nat machine. The most common way to do this is to add a iptables PREROUTING rule for the _incoming_ interface (the one the connection is made from, the "safe" side of the firewall). Example: you have a firewall using nat. eth0 is the internet side and eth1 is the protected network. The PREROUTING rule should be for eth1 in this case and look something like: # iptables -t nat -A PREROUTING -p tcp -i eth1 \ --dport pop3 -j REDIRECT --to 8110 An alternative to using the nat PREROUTING is to use the UID matching support in iptables. This is a little bit harder to set up but can be useful if you are not using a standard NAT setup. The Debian package adds a system user called p3scan when the package is installed. You need the UID, which running 'id p3scan' will give you. Example: # id p3scan uid=109(p3scan) gid=109(p3scan) groups=109(p3scan) Now, add the following iptables rules, substituting with the uid from the previous command. # iptables -t nat -A OUTPUT -p tcp --dport pop3 \ -m owner --uid-owner -j ACCEPT # iptables -t nat -A OUTPUT -p tcp --dport pop3 \ -j REDIRECT --to 8110 ----------------------------------------------------------------------- Using Clam Antivirus with p3scan ----------------------------------------------------------------------- Clam antivirus is a nice Open Source virus scanner which is included with Debian. Run 'apt-cache search clamav' for available Clam packages. Note: is you are using clamav-daeamon, you have to add the clamav user to the p3scan group in order to read the p3scan temporary files. The command to use is: # adduser clamav p3scan Also add the option 'AllowSupplementaryGroups' to the file clamd.conf file. This is not a problem if you are using clamscan instead of clamdscan. Example rules for p3scan (/etc/p3scan/p3scan.conf): scannertype = basic scanner = /usr/bin/clamscan --no-summary -i virusregexp = .*: (.*) FOUND ----------------------------------------------------------------------- Debugging p3scan ----------------------------------------------------------------------- p3scan can be debugged using the --debug command line switch. Note that p3scan will not daemonize and output debugging statements to stdout/stderr. The right way to use this feature is to stop the daemon with # /etc/init.d/p3scan stop and then run it from the shell # p3scan --debug ----------------------------------------------------------------------- -- Mats Rynge debian/init.d0000644000000000000000000000345211756462231010311 0ustar #! /bin/sh # ### BEGIN INIT INFO # Provides: p3scan # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO # # Written by Miquel van Smoorenburg . # Modified for Debian by Ian Murdock . # Modified for p3scan by Mats Rynge # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/p3scan NAME=p3scan DESC="transparent pop3 virus- and spam-scanner" PIDFILE=/run/$NAME/$NAME.pid test -x $DAEMON || exit 0 set -e # Read config DEFAULTFILE=/etc/default/p3scan DAEMON_OPTS= if [ -f $DEFAULTFILE ]; then . $DEFAULTFILE fi check_running() { start-stop-daemon --test --start --quiet \ --pidfile $PIDFILE \ --exec $DAEMON -- $DAEMON_OPTS return $? } case "$1" in start) if check_running; then echo -n "Starting $DESC: " if [ ! -e /run/$NAME ]; then mkdir /run/$NAME chown p3scan: /run/$NAME fi rm -rf /var/spool/p3scan/children/* start-stop-daemon --start --quiet \ --pidfile $PIDFILE \ --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." else echo "$NAME is already running." fi ;; stop) if check_running; then echo "$NAME is not running." rm -f $PIDFILE else echo -n "Stopping $DESC: " start-stop-daemon --stop --retry 3 --quiet \ --pidfile $PIDFILE \ --exec $DAEMON || /bin/true echo "$NAME." rm -f $PIDFILE fi ;; restart|force-reload) $0 stop $0 start ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0 debian/p3scan-default0000644000000000000000000000015111756456644011741 0ustar # # This is a POSIX shell fragment # # Additional options that are passed to the Daemon. DAEMON_OPTS="" debian/copyright0000644000000000000000000000213511756456644011144 0ustar This package was debianized by Mats Rynge on Sun, 04 Jan 2004 18:15:11 -0800 It was downloaded from http://p3scan.sourceforge.net/ Upstream Author: Jack S. Lai Copyright: GPL, Jack S. Lai, 2004 See /usr/share/common-licenses/GPL-2, and the OpenSSL exception: /* * (C) 2005 by Jack S. Lai * * This program is released under the GPL with the additional exemption that * compiling, linking, and/or using OpenSSL is allowed. * (http://www.openssl.org/support/faq.html#LEGAL2) * * This program is released under the GPL with the additional exemption that * compiling, linking, and/or using OpenSSL is allowed." * (http://www.openssl.org/support/faq.html#LEGAL2) * */ LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. debian/postrm0000644000000000000000000000177111756463000010445 0ustar #! /bin/sh # postrm script for p3scan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' overwrit>r> # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; purge) update-rc.d p3scan remove >/dev/null deluser p3scan || true ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/preinst0000644000000000000000000000150711756456644010622 0ustar #! /bin/sh # preinst script for p3scan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in install) adduser --system --home /var/spool/p3scan --no-create-home \ --group --disabled-login p3scan ;; upgrade) ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/docs0000644000000000000000000000000711756456644010060 0ustar README debian/source/0000755000000000000000000000000011756456725010510 5ustar debian/source/format0000644000000000000000000000001411756456725011716 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012153155540010616 5ustar debian/patches/quilt-transition0000644000000000000000000007776611756460652014131 0ustar Index: p3scan-2.3.2/p3scan.c =================================================================== --- p3scan-2.3.2.orig/p3scan.c 2012-05-21 08:38:32.000000000 -0700 +++ p3scan-2.3.2/p3scan.c 2012-05-21 08:38:32.000000000 -0700 @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include @@ -742,7 +743,7 @@ /* Only rename non-infected attachments */ len=strlen(config->virusdir)+strlen(NEWMSG); snprintf(newmsg, len, "%s%s", config->virusdir,NEWMSG); - if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR))<0){ + if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP))<0){ p->errmsg=1; do_log(LOG_ALERT, "ERR: Can't create newmsg!"); return SCANNER_RET_CRIT; @@ -799,7 +800,7 @@ if (config->demime){ /* extract MIME Parts into maildir */ do_log(LOG_DEBUG, "DeMIMEing to %s", p->maildir); - viret = mkdir(p->maildir, S_IRWXU); + viret = mkdir(p->maildir, S_IRWXU | S_IRGRP | S_IXGRP); if ((viret == -1)&&(errno != EEXIST)){ do_log(LOG_CRIT, "ERR: Cannot create directory '%s' (%s). Can't scan mail.\n", p->maildir, strerror(errno)); @@ -876,7 +877,7 @@ do_log(LOG_DEBUG, "Checking for spam"); len=strlen(config->virusdir)+strlen(NEWMSG); snprintf(newmsg, len, "%s%s", config->virusdir,NEWMSG); - if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR))<0){ + if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP))<0){ do_log(LOG_ALERT, "ERR: Can't create newmsg!"); p->errmsg=1; return SCANNER_RET_CRIT; @@ -954,7 +955,7 @@ /* Do not parse infected mail as client will not see it anyway. */ len=strlen(config->virusdir)+strlen(NEWMSG); snprintf(newmsg, len, "%s%s", config->virusdir,NEWMSG); - if ((htmlfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR))<0){ + if ((htmlfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR |S_IRGRP | S_IWGRP))<0){ p->errmsg=1; do_log(LOG_ALERT, "ERR: Can't create newmsg!"); return SCANNER_RET_CRIT; @@ -2064,6 +2065,14 @@ /* mail is complete */ error=0; close(scanfd); + /* make the temp file group readable - needed when + * virus scanner is not running as the same user as + * p3scan */ + if (chmod(p->mailfile, S_IRUSR | S_IWUSR | S_IRGRP) < 0) { + do_log(LOG_WARNING, + "Unable to make file '%s' group readable", + p->mailfile); + } do_log(LOG_DEBUG, "got '.\\r\\n', mail is complete."); if (p->ismail==2) closehdrfile(p); p->ismail=4; @@ -2931,7 +2940,8 @@ do_log(LOG_NOTICE, "Changing uid (we are root)"); pws = getpwnam(config->runasuser); if (pws == NULL) do_log(LOG_EMERG,"ERR: Unknown User '%s'",config->runasuser); - setuid(pws->pw_uid); + if (setgid(pws->pw_gid) == -1) do_log(LOG_EMERG, "Can't change to group of user %s (%i.%i)", config->runasuser, pws->pw_uid, pws->pw_gid); + if (setuid(pws->pw_uid) == -1) do_log(LOG_EMERG, "Can't change to user %s (%i)", config->runasuser, pws->pw_uid); } cuid=getuid(); pws = getpwuid(cuid); @@ -3059,7 +3069,7 @@ config->emergency="Error calling clean child directory!"; do_log(LOG_EMERG, "ERR: Error calling clean child directory!"); } - if((mkdir (config->virusdir, S_IRWXU)<0)){ + if((mkdir (config->virusdir, S_IRWXU | S_IRGRP | S_IXGRP)<0)){ config->emergency=make_message("Could not create virusdir %s", config->virusdir); do_log(LOG_EMERG,"ERR: Could not create virusdir %s",config->virusdir); } Index: p3scan-2.3.2/p3scan.8 =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ p3scan-2.3.2/p3scan.8 2012-05-21 08:38:32.000000000 -0700 @@ -0,0 +1,301 @@ +.TH p3scan 8 "November 6, 2005" "v2.3.0" +.SH NAME +p3scan \- fully transparent proxy scanning server for POP3 and SMTP +.SH SYNOPSIS +.nf +.fam C + +\fBp3scan\fP [\fIoptions\fP] +.fam T +.fi +.SH DESCRIPTION +p3scan is a fully transparent proxy scanning server for POP3, SMTP, and limited +POP3S email clients. It runs on a Linux box with iptables (for port redirection). + +It implements a centralized email scanning point, transparently inspecting +messages fetched by internal network hosts from servers "in the wild" +(the Internet) for viruses, worms, trojans, spam and potentially dangerous +attachments. Since HTML email can be used by spammers to validate the recipient +address (via Web Bugs) p3scan can also provide HTML stripping by using the +associated p3pmail (or other) program. + +It can also inspect outgoing SMTP messages for virus's. + +p3scan can help you in protecting your "Other OS" LAN especially if used +synergically with a firewall and other proxy servers. + +.SH OPTIONS +.TP +.B +-a, --renattach=FILE +Specify location of renattach if wanted +.TP +.B +-A, --altvnmsg +Creates a copy of 'template=FILE' for manipulation +prior to use. /var/spool/p3scan/children//vnmsg +.TP +.B +-b, --bytesfree=NUM +Number (in KBytes) that should be available before we +can process messages. If not enough, report it and die. +.TP +.B +-B, --broken +Enable broken processing (some Outlook/Outlook Express clients). +.TP +.B +-c, --viruscode=N[,N] +The code(s) the scanner returns when a virus is found +.TP +.B +-C, --checksize=NUM +Number (in KBytes) of the maximum smtp message size. +.TP +.B +-d, --debug +Turn on debugging. See /etc/p3scan/p3scan.conf for recommended +debug procedure. +.TP +.B +-e, --extra +Extra notification of recipient's email address +.TP +.B +-f, --configfile=FILE +Specify a configfile +Default is /etc/p3scan/p3scan.conf +.TP +.B +-F, --footer=CMD +Specify a command to get the version info of your scanner +if using the smtp footer feature file /etc/p3scan/p3scan.footer +.TP +.B +-g, --virusregexp=RX +Specify a RegularExpression which describes where to +get the name of the virus. The first substring is +used, or if regexp ends with /X the X substring +.TP +.B +-G --goodcode +The codes that enable the message to be delivered without a +warning. For example Kaspersky AV reports code 10 for an +encrypted .zip file +.TP +.B +-h, --help +Prints this text +.TP +.B +-i, --ip=IP +Listen only on IP . Default: ANY +.TP +.B +-I, --targetip=IP +Connect only to IP . Default: use transparent-proxy +.TP +.B +-j, --justdelete +Just delete infected mail after reporting infection +.TP +.B +-k, --checkspam +Turn on Spam Checking +.TP +.B +-K, --emergcon +Emergency Contact email address to be notified in event +of program termination like no disk space. +.TP +.B +-l, --pidfile=FILE +Specify where to write a pid-file +.TP +.B +-L, --sslport=PORT +Use SSL on connections to port . Default 995 +.TP +.B +-m, --maxchilds=NUM +Allow not more then NUM childs +.TP +.B +-M, --ispspam +Specify a line used by your ISP to mark Spam +For example, cox.net uses -- Spam -- +.TP +.B +-n, --notifydir=DIR +Create notification mails in +Default: /var/spool/p3scan/notify +Also used for temporary storage. +.TP +.B +-N, --notify +Change infected file status line +.TP +.B +-o, --overwrite +Specify path to HTML parsing program executable. +Default none +.TP +.B +-O, --timeout=NUM +Specify seconds to use for timeout notification. +.TP +.B +-p, --port=PORT +Listen on port . Default: 8110 +.TP +.B +-P, --targetport=PORT +Connect to port . Default: 8110 +Ignored in transparent proxy mode +.TP +.B +-q, --quiet +Turn off normal reporting +.TP +.B +-r, --virusdir=DIR +Save infected mails in +Default: /var/spool/p3scan +.TP +.B +-R, --smtprset +Change smtp reject message line +.TP +.B +-s, --scanner=FILE +Specify the scanner. Every scannertype handles this +in a specific way. This could be the scanner- +executable or a FIFO, Socket, ... +.TP +.B +-S, --subject=TEXT +Change virus reporting subject line +.TP +.B +-t, --template=FILE +Use virus-notification-template +.TP +.B +-T, --scannertype=T +Define which buildin scanner-frontend to use. +Supported types: + basic: Basic file invocation scanner + avpd: Kaspersky AVPDaemon +trophie: Trophie antivirus daemon (for Trend Antivirus) +.TP +.B +-u, --user=[UID|NAME] +Run as user . Default: mail +Only takes effect when started as superuser +.TP +.B +-U, --useurl +Parse username for destination "username#url:port" vice using iptables redirection. +.TP +.B +-v, --version +Prints version information +.TP +.B +-x, --demime +eXtract all MIME-Parts before scanning +.TP +.B +-X, --Xtra mail program=FILE +Xtra notification reciept mail program. Default: /bin/mail +.TP +.B +-z, --spamcheck=FILE +Specify path to Spam Checking program executable +Default /usr/bin/spamc (Mail::SpamAssassin) +.RE +.PP +.SH DIRECTORIES/FILES + +.nf +.fam C +/etc/p3scan +/var/run/p3scan +/var/spool/p3scan +/var/spool/p3scan/children +/var/spool/p3scan/notify +/usr/doc/p3scan-/AUTHORS +/usr/doc/p3scan-/ChangeLog +/usr/doc/p3scan-/CONTRIBUTERS +/usr/doc/p3scan-/LICENSE +/usr/doc/p3scan-/NEWS +/usr/doc/p3scan-/README +/usr/doc/p3scan-/README-ripmime +/usr/doc/p3scan-/README-rpm +/usr/doc/pscan-/TODO.list +/usr/doc/p3scan-/spamfaq.html +/usr/doc/p3scan-/spamfaq.txt +/usr/man/man8/p3scan.8.gz +/usr/man/man8/p3scan_readme.8.gz + +/etc/p3scan/p3scan.conf + Configuration file +/etc/p3scan/p3scan.mail + Symlink to the email message templates sent to client in event + a virus is found. You can create a symlink, or copy a language + file p3scan-??.mail for any language provided. If you translate + a mail file into your own language, please consider contributing + it to the project so that others may enjoy your work. +/etc/p3scan/p3scan-??.mail +/etc/p3scan/p3scan-??-??.mail + Email templates for specific languages. +/etc/p3scan/p3scan.footer (optional) + This file is used to add the virus definition info from your scanner + to an smtp message. It will only be added as a footer if the message + is not signed cryptographically and is only a text message. + It is used in conjunction with the "footer" option in the + following fashion: + + 1) If file does not exist and "footer" is defined: + No footer information will added to outgoing messages, but the p3scan + version and scanner info will be added to the header. + + 2) If file exists but blank and "footer" is defined: + P3Scan version/host info and scanner info will be added to end of + message and header. + + 3) If file contains information and "footer" is defined: + All lines of this file will be added to the end of the smtp message and + then p3scan version/host info and scanner info will be appended. + + 4) If file does not exist and "footer" is not defined: + P3Scan will only insert p3scan version info into the header. +/usr/sbin/p3scan + Executable program file +/var/run/p3scan/p3scan.pid + This file is written when p3scan is running. +/var/spool/p3scan/children/$FILES + Each email scanned is manipulated in this directory +/var/spool/p3scan/notify/$FILES + When a virus is found, the email sent to the client is generated here. + +.fam T +.fi +.SH SEE ALSO +.TP +.B +p3scan_readme /etc/p3scan/p3scan.conf /etc/p3scan/p3scan.mail dspam spamc spamd renattach p3pmail +.SH BUGS/SUPPORT +.nf +.fam C +Please report any bugs to the \fBp3scan\fP support mailing list accessable through: +http://sourceforge.net/projects/\fBp3scan\fP +.fam T +.fi +.SH AUTHORS +.nf +.fam C +Jack S. Lai +and contributers (see CONTRIBUTERS file). +.fam T +.fi Index: p3scan-2.3.2/p3scan.conf =================================================================== --- p3scan-2.3.2.orig/p3scan.conf 2012-05-21 08:38:32.000000000 -0700 +++ p3scan-2.3.2/p3scan.conf 2012-05-21 08:38:32.000000000 -0700 @@ -7,42 +7,6 @@ # # ########################################################################## -/* - * P3Scan v2.3.2 - * - * (C) 2003-2005 by Jack S. Lai - * - * It's intent is to provide a follow on program to POP3-Virusscan-Proxy 0.4 - * by Folke Ashberg . - * - * It is based upon his program but provides numerous changes to include - * scanning pop3 mail for spam, hardening the program, addaption to todays - * email environment, and many other changes. - * - * The initial release of p3scan includes patches made and submitted to the - * original project but were never incorporated. Please see the README for - * further information. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * This program is released under the GPL with the additional exemption that - * compiling, linking, and/or using OpenSSL is allowed." - * (http://www.openssl.org/support/faq.html#LEGAL2) - * - */ - # # PID File # @@ -50,7 +14,7 @@ # # default: /var/run/p3scan/p3scan.pid # -# pidfile = /var/run/p3scan/p3scan.pid +pidfile = /var/run/p3scan/p3scan.pid # # Max Child's @@ -61,14 +25,14 @@ # # default: 10 # -# maxchilds = 10 +maxchilds = 10 # # IP Address # # The IP Address we listen on default: 0.0.0.0 (any address) # -# ip = 0.0.0.0 +ip = 0.0.0.0 # # Port @@ -80,7 +44,7 @@ # # default: 8110 # -# port = 8110 +port = 8110 # # TargetIP, TargetPort @@ -129,7 +93,7 @@ # # default: mail # -# user = mail +user = p3scan # # Notify Directory @@ -137,7 +101,7 @@ # Create notification mails in . Also used for temporary storage. # # default: /var/spool/p3scan/notify -# notifydir = /var/spool/p3scan/notify +notifydir = /var/spool/p3scan/notify # # Virus Directory @@ -148,7 +112,7 @@ # # default: /var/spool/p3scan # -# virusdir = /var/spool/p3scan +virusdir = /var/spool/p3scan # # Just Delete @@ -292,6 +256,10 @@ # # Un-comment appropriate options below. # Use default scannertype = basic + +scannertype = basic + + # # Clam Anti-Virus: http://www.clamav.net # @@ -355,6 +323,9 @@ # Sample: scannertype bash using p3scan.sh for testing: # scanner = /usr/local/sbin/p3scan.sh +scanner = /usr/bin/clamdscan --no-summary + + # # Scanner Returncode # @@ -402,7 +373,7 @@ # Sample: FRISK F-Prot Antivirus # virusregexp = (?=Infection\:)[[:space:]]*(.*)$ # Sample: ClamAV -# virusregexp = .*: (.*) FOUND +#virusregexp = .*: (.*) FOUND # # deMIME Setting @@ -412,7 +383,7 @@ # natively handle email attachments. # # default: -# demime +#demime # # Broken email clients @@ -509,7 +480,7 @@ # # default: none # -# renattach = /usr/local/bin/renattach +#renattach = /usr/bin/renattach # # Overwrite (disable) HTML @@ -527,18 +498,6 @@ # overwrite = /usr/bin/p3pmail # -# Debug -# -# Turn on debugging. The recommended debug procedure is to -# call p3scan as follows: -# p3scan -d > debug 2>&1 -# This will trap debug information to the file "debug". -# You can then monitor it with a 'tail' command. -# -# default: off -# debug - -# # Quiet # # Disable reporting of normal operating messages. Only report errors Index: p3scan-2.3.2/p3scan_readme.8 =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ p3scan-2.3.2/p3scan_readme.8 2012-05-21 08:38:32.000000000 -0700 @@ -0,0 +1,365 @@ +.TH p3scan_readme 8 "November 6, 2005" "v2.3.0" +.SH NAME +p3scan_readme \- readme for the p3scan tool +.SH DESCRIPTION +This is a fully transparent proxy-server for POP3, SMTP, and limited POP3S +Clients. It runs on a Linux box with iptables (for port re-direction). +.PP +It can be used to provide email scanning from/to the internet, to/from any +internal network and is ideal for helping to protect your "Other OS" LAN from +harm, especially when used synergically with a firewall and other Internet +Proxy servers. +.PP +It is designed to enable scanning of email messages for Viruses, Worms, +Trojans, Spam (read as "Un-solicited Bulk Email"), and harmfull attachments. +Because viewing HTML mail can enable a "Spammer" to validate an email address +(via web bugs), it can also provide dangerous HTML tag stripping. +.SH OVERVIEW +It works typically in situations where the linux box lies between the network +you wish to protect and the "outer world". +.PP +You have to set up a port redirection rule with iptables (see "IP-Tables / Port +redirecting") so that all connections from e.g. inside your office to any POP3, +POP3S, and SMTP server outside in the world will not leave your router, but come +to a local port, on which P3Scan listens. +.PP +P3Scan receives the original destination address of the "outer world" server +from the Linux kernel and connects to that address. +.PP +Anything received from the client will be sent to the server, and vice versa +but with a little enhancement: when a message is sent from the server it's +parsed, stored into a file, and scanned. If a virus is found a virus +notification is sent instead of the original infected message, which can be +quarantined or optionally deleted. If the message is destined for a server and +a virus is found, the client will be notified that the server rejected their +message due to a virus. +.PP +The message can also be scanned for spam, have potentially dangerous +attachments renamed, and have potentially malicious HTML parts +stripped. In the case of incoming messages, this is performed in the following order: + +.nf +.fam C +Attachments are scanned/renamed/deleted (optional) +The message is scanned for virus's +The message is scanned for SPAM (optional) +The message is parsed for web bugs (optional) +.fam T +.fi +.PP +It should be possible to use any virus scanner using the scannertype=basic +configuration option. Known to work with this scanner are FRISK F-Prot and +Clam Anti Virus scanners. +.PP +P3Scan provides other scannertype's for scanning using Kaspersky, Trophie, +Clam (TCP) Anti-Virus Daemon's and also a bash script. Any C programmer can +easily adapt p3scan for other scan-daemons. +.PP +Neither the client nor the server has to be configured. None of them will ever +notice that there's a mail scanner. From the server point of view the incoming +connections are from the linux box IP. From the client point of view the only +evidence of the presence of p3scan are virus notifications and some additional +X-headers. +.SH REQUIREMENTS +.nf +.fam C +iptables - Normally installed by default on major Linux Distributions. + http://www.netfilter.org +libpcre - Normally installed by default on major Linux Distributions. + http://www.pcre.org +ripmime - Needed if your virus scanner does not support email. + http://www.pldaniels.com/ripmime/ +An Anti-Virus program + P3Scan is known to work with: + Kaspersky Anti-Virus for Linux (AVPD) + http://www.kaspersky.com/ + Trophie Anti-Virus Daemon + http://www.vanja.com/tools/trophie/ + FRISK F-Prot Antivirus + http://www.f-prot.com/ + Clam Anti-Virus + http://www.clamav.net/ + F-Secure Anti-Virus + http://www.f-secure.com/ + Any other virus scanner that can output it's report to the console (stdout) so that it can be captured with "2>&1". +DSPAM (optional) - http://www.nuclearelephant.com/projects/dspam/ +Mail::SpamAssassin (optional) - http://www.spamassassin.org +renattach (optional) - http://www.pc-tools.net/unix/renattach/ +p3pmail (optional) - http://p3scan.sourceforge.net/#p3pmail +.fam T +.fi +.PP +Kernel: +The following kernel-parameters have to be enabled to get P3Scan to work. +If you have no clue about kernel-compiling, then here is some good news: +Most of Linux Distributions (with kernel 2.4.x or greater) support what +we need by default. However, if your distribution does not have it, please +read your system documentation on how to add it to your kernel. +.PP +.nf +.fam C + -CONFIG_NETFILTER=y + -CONFIG_IP_NF_IPTABLES=[y/m] + -CONFIG_IP_NF_TARGET_REDIRECT=[y/m] + +.fam T +.fi +.SH COMPILATION + +Change to the directory where you untar'ed the program and make any system +specific changes as needed to the "user options" area of the Makefile, +then as user: +$ make +and as root (su root) +# make install +.PP +The only binary will be copied to /usr/sbin/p3scan. +.PP +Make install will also copy p3scan.conf and the p3scan-xx.mail files into +/etc/p3scan while creating directories /etc/p3scan, /var/run/p3scan, +/var/spool/p3scan, /var/spool/p3scan/children, and /var/spool/p3scan/notify. +It will also create a symbolic link of /etc/p3scan/p3scan.mail to the language +file specified in the Makefile. +.PP +After this, you must prepare your configuration file as described below. +.PP +Preparing / Manual Configuration: +.PP +If you decide not to use "make install" (for example, you don't want gcc on +your firewall machine where p3scan is going to run). Please ensure the +following directories are created and that they are owned and +readable/writable by only the user "mail" (default). +.PP +As root, create the following directories: +# mkdir /etc/p3scan +# mkdir /var/run/p3scan +# mkdir -p /var/spool/p3scan/children +# mkdir -p /var/spool/p3scan/notify +.PP +Make them "owned" by the user "mail" (default): +# chown mail.mail /etc/p3scan +# chown mail.mail /var/run/p3scan +# chown -R mail.mail /var/spool/p3scan +.PP +Then make them read/write by only our user: +# chmod 700 /etc/p3scan +# chmod 700 /var/run/p3scan +# chmod -R 700 /var/spool/p3scan +.PP +If you don't have the user "mail" and do not know how to create this user, +please see your operating systems documentation on how to create a user. +.PP +Change the symlink /etc/p3scan/p3scan.mail if you wish (this points to the +template which is sent instead of a virus). If you use any special character +(like German-umlauts) don't forget to set the charset to "utf8" +(charset="utf8" vice charset="iso-8859-1"). Also, ensure the leading dot at +the end of the file is there and has a carriage return after the dot. +.SH CONFIGURATION + +The configuration file defaults to /etc/p3scan/p3scan.conf +.PP +This file is a mixture of configuration data and documentation and MUST be +modified to work correctly upon initial installation. You must specify +AT LEAST how to call your anti-virus program and how to extract the virus +name (if one is found). +.PP +The purpose of p3scan is to provide virus protection to an internal network. +So, not having a virus scanner is not an option. That being said, if you still +do not want a virus scanner enabled, you can just set the scannertype/scanner +to basic/"/usr/bin/cat". +.PP +Currently, the default configuration is as follows (see p3scan.conf for more +info): +.PP +.nf +.fam C + The PID file is stored in: pidfile = /var/run/p3scan/p3scan.pid + The maximum simultaneous scans is: maxchilds = 10 + We listen to any address: ip = 0.0.0.0 + We listen only on: port = 8110 + targetip and targetport are disabled. + We extract destination url:port from iptables redirected packets. + We run as: user = mail + We create notification mails in: notifydir = /var/spool/p3scan/notify + before sending. + We default to storing infected messages in: virusdir = /var/spool/p3scan + We keep infected mail. + "justdelete" is not set. + We send emergency notification emails to root and postmaster @localhost. + We notify only the email client when a virus is detected. + "extra" is not set. + We use the default /bin/mail to send extra notification email when required. + We do not check remaining disk space before scanning mail. + "bytesfree" is not set + We DO NOT have an Anti-Virus program selected, scanner return code, nor + regular expression on how to extract a virus name. + scannertype=basic + "scanner" is not set + "viruscode" is not set + "virusregexp" is not set + We DO NOT have any "Good" return codes set other than "0" (zero). + "goodcode" is not set + We DO NOT demime the message or separate attachments from the original mail + before scanning. + "demime" is not set + We DO NOT send entire lines of email header while processing to keep the + email client "alive". We send characters instead. + "broken" is not set. + The default timeout is 30 seconds when processing a large email message. + We DO NOT check for email marked as "Spam" by your ISP. + "ispspam" is not set. + We DO NOT check for "Spam". + "checkspam/spamcheck" is not set + We DO NOT rename attachments. + "renattach" is not pointing to any external program. + We DO NOT parse HTML code. + "overwrite" is not pointing to any external program. + We DO NOT have debug messages being displayed. + *"debug" is not set. + * Note: The recommended debug procedure is to call p3scan as such: + p3scan -d > debug 2>&1 + You can then keep track of the debug messages on another terminal + with: tail -n 50 -f debug + We report all program steps to syslog less debug info. + "quiet" is not set. + The Virus Report template defaults to /etc/p3scan/p3scan.mail which is + a symlink to /etc/p3scan/p3scan-xx.mail generated during "make install", + where xx equals the LANG option set in the Makefile. + We do not copy the virus template message for the bash scanner to modify. + "altvnmsg" is not set. + We generate the Virus Report Subject line as: + "[Virus] found in a mail to you:" + you can change this with the "subject" line in p3scan.conf. + We generate the Virus Report file disposition line (when justdelete is set): + notify = Per instruction, the message has been deleted. + When an outgoing message is rejected, the default of "Virus detected! P3scan + rejected message!" is used. + Outgoing message size is not checked before parsing. + The port for SSL messages is 995. + We do not generate Virus Definition data for outgoing/notification messages. + "footer" is not set. + +.fam T +.fi +IP-Tables / Port redirecting: +.PP +.nf +.fam C + Rules like: + +iptables -t nat -A PREROUTING -p tcp -i eth0 --dport pop3 -j REDIRECT --to 8110 +iptables -t nat -A PREROUTING -p tcp -i eth0 --dport smtp -j REDIRECT --to 8110 +iptables -t nat -A PREROUTING -p tcp -i eth0 --dport pop3s -j REDIRECT --to 8110 + + are enough. Change eth0 to your device for the inbound connections (your + office or home network). + + Also, "pop3", "smtp", and/or "pop3s" must be defined in your "services" file. + Normally locate at: /etc/services. + + If it is not defined, enter the definition you have for 110/tcp. IE: pop-3, or + just enter the port number(s). IE: 110, 25, or 995 + +.fam T +.fi +Spam Checking +.PP +.nf +.fam C + The spam checking capability of p3scan has only been tested using + DSPAM >= 3.0.0-rc2 and Mail::SpamAssassin v2.6 >= v3.0.1 + + If using dspam, you need to install the program according to the + documentation found at http://www.nuclearelephant.com/projects/dspam/ + + The recommended procedure is the virtual-users interface of the mysql + driver. + + If you will be scanning for spam using SpamAssassin, you need to install the + program according to the documentation found at http://www.spamassassin.org + + The easiest (as fastest) interface to Mail::SpamAssassin is through it's + daemon program "spamd" using "spamc". + + You can start spamd as follows before running p3scan: + *Note: This example is for using SpamAssassin w/mysql + /usr/bin/spamd -d -u spamd -x -q & + +.fam T +.fi +SSL Message parsing: +.PP +.nf +.fam C + We are able to perform limited checking of messages using SSL. + To use this feature, you must tell your email client NOT to use SSL and just + change the pop3 port from 110 to 995. If p3scan sees a destination port of 995 + (or whatever port "sslport" is set to) it will initiate an SSL conversation. + + NOTE: This is limited support as p3scan will not show you the SSL certificate + and will just accept any certificate as sent by the actual server. + +.fam T +.fi +renattach: +Is used to rename attachments and is totally configurable. +.RS +.PP +Renattach must be compiled, installed, and configured before enabling this +feature. See the renattach documentation INSTALL and README for further +information. +.RE +.PP +HTML Parsing: +The HTML parsing option is now an external program to p3scan. This +facilitates using any program you can find. I have written a separate +program for this function called p3pmail which can be found on the p3scan +web site. +.RS +.PP +P3PMail will obfuscate the tags "href" and "src" the two most dangerous +HTML tags (IMHO) for email. Of course, if your using a non-html email +client, you will not have to worry about "web-bugs". +.RE +.PP +Startup: +Call p3scan without any parameters, it will move into the background. +You can monitor it's operation via your systems log file. +You should also test your installation by sending yourself an eicar test +virus (which will not damage your system). You can get versions of this +file at http://www.eicar.org/anti_virus_test_file.htm +.RS +.PP +If you think too much information is being sent to your system logs, you +can enable the "quiet" option. This will inhibit "normal" messages. +.PP +If p3scan is started by root, it will change it's user to "mail" (default) +after it finishes it's initial startup. +.PP +If you are using Mail::SpamAssassin, start spamd BEFORE running p3scan. +.RE +.PP +RC System / Boot up: +"make install" should determine the correct p3scan startup file and place it +in the proper directory. +.RS +.PP +If for some reason this does not happen, you can add p3scan to your normal +default startup file. For example, in Slackware place p3scan as follows: +.PP +# echo "/usr/sbin/p3scan" >> /etc/rc.d/rc.local +.PP +and please notify the p3scan-main mailing list of this problem. +.RE +.RE +.PP + +.SH SEE ALSO +"p3scan" "p3scan.conf" +.PP +BUGS/SUPPORT +Please report any bugs to the p3scan support mailing list accessable through: +http://sourceforge.net/projects/p3scan +.SH AUTHORS +Jack S. Lai +and contributers (see CONTRIBUTERS file). Index: p3scan-2.3.2/Makefile-ripmime =================================================================== --- p3scan-2.3.2.orig/Makefile-ripmime 2012-05-21 08:38:32.000000000 -0700 +++ p3scan-2.3.2/Makefile-ripmime 2012-05-21 08:38:32.000000000 -0700 @@ -91,12 +91,12 @@ install: p3scan $(SYSINS) -v -m 550 --strip p3scan $(PREFIX)/sbin/ @if [ -f $(DESTDIR)/etc/sysconfig/init ] ; then $(SYSINS) -v -m 755 p3scan-init.d $(DESTDIR)/etc/init.d/p3scan; fi - @if [ -f $(DESTDIR)/etc/rc.d/rc.p3scan ] ; then \ - echo "rc.p3scan already exists, copying to $(DESTDIR)/etc/rc.d/rc.p3scan.new" ; \ - $(SYSINS) -v -m 660 rc.p3scan $(DESTDIR)/etc/rc.d/rc.p3scan.new ; \ - else \ - $(SYSINS) -v -m 755 rc.p3scan $(DESTDIR)/etc/rc.d ; \ - fi + #@if [ -f $(DESTDIR)/etc/rc.d/rc.p3scan ] ; then \ + # echo "rc.p3scan already exists, copying to $(DESTDIR)/etc/rc.d/rc.p3scan.new" ; \ + # $(SYSINS) -v -m 660 rc.p3scan $(DESTDIR)/etc/rc.d/rc.p3scan.new ; \ + #else \ + # $(SYSINS) -v -m 755 rc.p3scan $(DESTDIR)/etc/rc.d ; \ + #fi @if test -d $(DESTDIR)$(piddir); then echo "$(DESTDIR)$(piddir) exists, not creating."; else mkdir -p $(DESTDIR)$(piddir); fi @if test -d $(DESTDIR)$(userdir); then echo "$(DESTDIR)$(userdir) exits, not creating."; \ else mkdir -p $(DESTDIR)$(userdir); chown $(user) $(DESTDIR)$(userdir); fi debian/patches/open-flags0000644000000000000000000000123512153155540012575 0ustar Description: Move O_SYNC to the correct position in open() arguments Author: Marc Deslauriers Bug-Debian: http://bugs.debian.org/684492 Forwarded: no Last-Update: 2012-11-28 Index: b/p3scan.c =================================================================== --- a/p3scan.c +++ b/p3scan.c @@ -367,7 +367,7 @@ XXXXXX[4] = letters[v % 62]; v /= 62; XXXXXX[5] = letters[v % 62]; - fd=open(template, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR | O_SYNC, 0600); + fd=open(template, O_RDWR | O_CREAT | O_EXCL | O_SYNC, S_IRUSR | S_IWUSR); if (fd >= 0){ errno = save_errno; return fd; debian/patches/series0000644000000000000000000000006012153155540012027 0ustar quilt-transition mem-used-after-free open-flags debian/patches/mem-used-after-free0000644000000000000000000002033411756467277014322 0ustar Index: p3scan-2.3.2/p3scan.c =================================================================== --- p3scan-2.3.2.orig/p3scan.c 2012-05-21 09:33:14.606842903 -0700 +++ p3scan-2.3.2/p3scan.c 2012-05-21 09:35:07.867404558 -0700 @@ -475,24 +475,26 @@ char *vi; int vipos = 0; + char *maildir_name = strdup(p->maildir); + /* scan directory */ maildirlen=strlen(p->maildir); if (stat (p->maildir, &s) == -1){ context_uninit(p); - config->emergency=make_message("%s does not exist", p->maildir); - do_log(LOG_EMERG, "ERR: %s does not exist", p->maildir); + config->emergency=make_message("%s does not exist", maildir_name); + do_log(LOG_EMERG, "ERR: %s does not exist", maildir_name); return SCANNER_RET_ERR; } if (!S_ISDIR(s.st_mode)){ context_uninit(p); - config->emergency=make_message("%s is not a directory", p->maildir); - do_log(LOG_EMERG, "ERR: %s is not a directory", p->maildir); + config->emergency=make_message("%s is not a directory", maildir_name); + do_log(LOG_EMERG, "ERR: %s is not a directory", maildir_name); return SCANNER_RET_ERR; } if ((dp = opendir (p->maildir)) == NULL){ context_uninit(p); - config->emergency=make_message("Can't open directory %s", p->maildir); - do_log(LOG_EMERG, "ERR: Can't open directory %s", p->maildir); + config->emergency=make_message("Can't open directory %s", maildir_name); + do_log(LOG_EMERG, "ERR: Can't open directory %s", maildir_name); return SCANNER_RET_ERR; } vi=w_malloc(VISIZE); @@ -831,10 +833,11 @@ do_log(LOG_DEBUG, "Unlinking deMIMEd files", p->maildir); maildirlen=strlen(p->maildir); if ((dp = opendir (p->maildir)) == NULL){ + char *maildir_name = strdup(p->maildir); p->errmsg=1; context_uninit(p); - config->emergency=make_message("Can't open directory %s to erase files", p->maildir); - do_log(LOG_EMERG, "ERR: Can't open directory %s to erase files", p->maildir); + config->emergency=make_message("Can't open directory %s to erase files", maildir_name); + do_log(LOG_EMERG, "ERR: Can't open directory %s to erase files", maildir_name); } else { while ((de = readdir (dp)) != NULL){ if (strcmp (de->d_name, ".") == 0) continue; @@ -1199,7 +1202,7 @@ } pclose(scanner); if (vlen < 512) virdef[vlen-1]='\0'; - else virdef[512]='\0'; + else virdef[511]='\0'; paramlist_set(p->params, "%VDINFO%", virdef); } } else paramlist_set(p->params, "%VDINFO%", NULL); @@ -1284,6 +1287,8 @@ unsigned long len; int readerr=0, bufferr=0, subjfd=-1, extrafd=-1; int ret; + char *vnmsg = strdup(p->vnmsg); + char *mailfile_name = strdup(p->mailfile); #define CHMODCMD "/bin/chmod 0600" if (p->cksmtp){ @@ -1373,8 +1378,8 @@ w_free(mail,"mail0"); if (p->extra) w_free(mailx,"mailx0"); context_uninit(p); - config->emergency=make_message("Critical error opening file '%s', Program aborted.", p->vnmsg); - do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", p->vnmsg); + config->emergency=make_message("Critical error opening file '%s', Program aborted.", vnmsg); + do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", vnmsg); /* should not reach here as we are dead */ } readerr=read(subjfd,comm,4096); @@ -1395,8 +1400,8 @@ config->emergency=make_message("Can't open extra mail notification template %s", EXTRA); do_log(LOG_EMERG, "ERR: Can't open extra mail notification template %s",EXTRA); } else { - config->emergency=make_message("Can't creade extra virus warning mail message %s", p->mailfile); - do_log(LOG_EMERG, "ERR: Can't create extra virus warning mail message %s",p->mailfile); + config->emergency=make_message("Can't creade extra virus warning mail message %s", mailfile_name); + do_log(LOG_EMERG, "ERR: Can't create extra virus warning mail message %s", mailfile_name); } return -1; } @@ -1411,11 +1416,11 @@ w_free(mailx,"mailx2"); } if (ret<0) { - config->emergency=make_message("Can't open alternate mail notification template %s", p->vnmsg); - do_log(LOG_EMERG, "ERR: Can't open alternate mail notification template %s",p->vnmsg); + config->emergency=make_message("Can't open alternate mail notification template %s", vnmsg); + do_log(LOG_EMERG, "ERR: Can't open alternate mail notification template %s", vnmsg); } else { - config->emergency=make_message("Can't create virus warning mail message %s", p->mailfile); - do_log(LOG_EMERG, "ERR: Can't create virus warning mail message %s",p->mailfile); + config->emergency=make_message("Can't create virus warning mail message %s", mailfile_name); + do_log(LOG_EMERG, "ERR: Can't create virus warning mail message %s", mailfile_name); } return -1; } @@ -1433,8 +1438,8 @@ config->emergency=make_message("Can't open mail notification template %s", config->virustemplate); do_log(LOG_EMERG, "ERR: Can't open mail notification template %s",config->virustemplate); } else { - config->emergency=make_message("Can't create virus warning mail message %s", p->mailfile); - do_log(LOG_EMERG, "ERR: Can't create virus warning mail message %s",p->mailfile); + config->emergency=make_message("Can't create virus warning mail message %s", mailfile_name); + do_log(LOG_EMERG, "ERR: Can't create virus warning mail message %s", mailfile_name); } return -1; } @@ -1517,9 +1522,10 @@ p->hdroffset=0; p->header_fd = open(p->p3shdrfile, O_RDONLY); if (p->header_fd<0){ + char *p3shdrfile_name = strdup(p->p3shdrfile); context_uninit(p); - config->emergency=make_message("Critical error opening file '%s', Program aborted.", p->p3shdrfile); - do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", p->p3shdrfile); + config->emergency=make_message("Critical error opening file '%s', Program aborted.", p3shdrfile_name); + do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", p3shdrfile_name); /* should not reach here as we are dead */ } p->now = time(NULL); @@ -1943,18 +1949,20 @@ snprintf(p->mailfile, len, "%sp3scan.XXXXXX", config->virusdir); snprintf(p->p3shdrfile, len, "%sp3shdr.XXXXXX", config->virusdir); if (( scanfd=p3_mkstemp(p->mailfile)) < 0 ){ + char *mailfile_name = strdup(p->mailfile); p->ismail=0; context_uninit(p); - config->emergency=make_message("Critical error opening file '%s', Program aborted.", p->mailfile); - do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", p->mailfile); + config->emergency=make_message("Critical error opening file '%s', Program aborted.", mailfile_name); + do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", mailfile_name); /* Should not reach here as we are dead */ } else { p->filename=right(p->mailfile,14); if (( p->header_fd=p3_mkstemp(p->p3shdrfile)) < 0 ){ + char *p3shdrfile_name = strdup(p->p3shdrfile); p->ismail=0; context_uninit(p); - config->emergency=make_message("Critical error opening file '%s', Program aborted.", p->p3shdrfile); - do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", p->p3shdrfile); + config->emergency=make_message("Critical error opening file '%s', Program aborted.", p3shdrfile_name); + do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", p3shdrfile_name); /* Should not reach here as we are dead */ } p->ismail=2; debian/compat0000644000000000000000000000000211756460745010403 0ustar 9 debian/control0000644000000000000000000000167111756461047010611 0ustar Source: p3scan Section: mail Priority: optional Maintainer: Mats Rynge Build-Depends: debhelper (>= 9.0.0), libpcre3-dev, libssl-dev Standards-Version: 3.9.3 Package: p3scan Architecture: any Pre-Depends: adduser Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: iptables, spamassassin, clamav, renattach Conflicts: pop3vscan Description: transparent POP3-proxy with virus- and spam-scanning p3scan uses iptables port re-direction to intercept outgoing POP3 connections. It provides different types of email scanning and is ideal for helping to protect your "Other OS" LAN from harm, especially when used in conjunction with a firewall and other Internet Proxy servers. . It is designed to enable scanning of incoming email messages for virus's, worms, trojans, spam, and harmful attachments. Because viewing HTML mail can enable a spammer to validate an email address (via Web bugs), it can also provide HTML stripping. debian/postinst0000644000000000000000000000350711756463025011012 0ustar #! /bin/sh # postinst script for p3scan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. case "$1" in configure) mkdir -p /var/spool/p3scan chown p3scan:p3scan /var/spool/p3scan chmod 750 /var/spool/p3scan mkdir -p /var/spool/p3scan/children chown p3scan:p3scan /var/spool/p3scan/children chmod 750 /var/spool/p3scan/children mkdir -p /var/spool/p3scan/notify chown p3scan:p3scan /var/spool/p3scan/notify chmod 750 /var/spool/p3scan/notify update-rc.d p3scan defaults >/dev/null if [ -x /usr/sbin/invoke-rc.d ] ; then invoke-rc.d p3scan start || true else /etc/init.d/p3scan start || true fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/changelog0000644000000000000000000001215112153155703011042 0ustar p3scan (2:2.3.2-8.1) unstable; urgency=low * Non-maintainer upload. [ Marc Deslauriers ] * p3scan.c: Pass correct arguments to open() (closes: #684492). -- Colin Watson Mon, 03 Jun 2013 19:09:04 +0100 p3scan (2:2.3.2-8) unstable; urgency=low * Switch to dpkg-source 3.0 (quilt) format * Bumped standards version to 3.9.3 * Transistioned from /var/run to /run * Included fix for freeing unalloacted memory. Thanks to Thomas Parmelan. (closes: #491088) * The unallocated memory patch also fixes p3scan dying when misconfigured (closes: #529843) -- Mats Rynge Mon, 21 May 2012 08:23:02 -0700 p3scan (2:2.3.2-7) unstable; urgency=low * Replaced etc/p3scan/p3scan.mail broken symlink with copy of etc/p3scan/p3scan-en.mail. This will make the file be handled as a config file by dpkg. (closes: #484676) -- Mats Rynge Thu, 05 Jun 2008 19:35:00 -0400 p3scan (2:2.3.2-6) unstable; urgency=low * Better fix for bug #475729. The previous fix broke setting daemon user in the p3scan.conf file. This fix set the user and group correctly. Thanks to Thomas Parmelan for the patch. -- Mats Rynge Sun, 01 Jun 2008 22:41:48 -0400 p3scan (2:2.3.2-5) unstable; urgency=low * Included linux/types.h to fix build problem agains netfilter.h from 2.6.25. (Closes: #479306) -- Mats Rynge Sun, 04 May 2008 17:44:31 -0400 p3scan (2:2.3.2-4) unstable; urgency=low * Added user/group to start-stop-daemon start line in order to force what group the daemon is run under. This is important when using p3scan together with clamav. (Closes: #475729) -- Mats Rynge Sat, 03 May 2008 06:38:45 -0400 p3scan (2:2.3.2-3) unstable; urgency=low * Changed clean target to not ignore errors * Moved OpenSSL license excemption from usr/share/doc to copyright file * Updated man pages to take care of some issues Lintian pointed out -- Mats Rynge Sun, 06 Apr 2008 13:00:58 -0400 p3scan (2:2.3.2-2) unstable; urgency=low * Removed bashism from init.d script (closes: #473687) -- Mats Rynge Wed, 02 Apr 2008 17:52:28 -0400 p3scan (2:2.3.2-1) unstable; urgency=low * New upstream release (closes: #355340) * Added LSB info to init.d script (closes: #469763) * Changed logic in init.d script to allow for checking if the daemon is already running. * /var/spool/p3scan/children is now cleaned on startup (closes: #305368) * PID file is now cleaned up correctly on initial failures (closes: #333628)) * Fixed clamdscan information in README.Debian (closes: #363313) * Update copyright file to include OpenSSL exception * Added new dependency: libssl-dev * Updated standards version to 3.7.3 * Fixed chown syntax in postinst * Fixed spelling mistake in package description (closes: #390247) -- Mats Rynge Tue, 11 Mar 2008 20:43:20 -0600 p3scan (2:2.1-3) unstable; urgency=low * Added adduser as a pre-depends (closes: #408274) -- Mats Rynge Tue, 25 Jan 2006 13:50:32 -0500 p3scan (2:2.1-2) unstable; urgency=low * Fixed a symlink problem from /etc/p3scan to build directory * Cleaned up documentaion installation - Removed empty NEWS file from package - Removed extra LICENSE file - Renamed CHANGELOG to changelog - gzip files in /usr/share/doc/p3scan -- Mats Rynge Sun, 09 Jan 2005 12:12:06 -0800 p3scan (2:2.1-1) unstable; urgency=low * New upstream release (closes: #286072) * Made sure scanned files are group readable. Added note to README.Debian on how to make the files readable by clamav-daemon. (closes: #261646) * Added an even better example on the iptables config needed (closes: #280989) * Added documentation describing how to use the debug features (closes: #280985) -- Mats Rynge Sun, 09 Jan 2005 10:25:52 -0800 p3scan (2:1.0-2) unstable; urgency=low * Made README.Debian more specific (closes: #241233) * Added example for using Clam Antivirus with p3scan (closes: #230112) * Added renattach to the suggests -- Mats Rynge Sat, 05 Jun 2004 16:56:56 -0700 p3scan (2:1.0-1) unstable; urgency=low * New upstream release * Upstream is now providing a man page - removed the one I wrote and the docbook-to-man dependency * Fixed typos in package description (closes: #228205) * Bumped the standards version to 3.6.1 -- Mats Rynge Sun, 25 Jan 2004 21:25:42 -0800 p3scan (1:1.0rc7-1) unstable; urgency=low * New upstream release * Added docbook-to-man to dependencies in order to generate man page at build time * Fixed missing tag in p3scan.sgml * Added a explicit clean of ripmime/ripOLE * Cleaned up the start/stop code in the pre/post inst/rm scripts * Removed dash in version to make it look nicer -- Mats Rynge Mon, 12 Jan 2004 19:58:57 -0800 p3scan (1.0-rc6-1) unstable; urgency=low * Initial Release * p3scan replaces pop3vscan, hence the Conflicts: pop3vscan -- Mats Rynge Sun, 4 Jan 2004 18:05:33 -0800 debian/dirs0000644000000000000000000000010311756462107010055 0ustar etc/init.d etc/p3scan usr/sbin usr/share/man/man8 var/spool/p3scan