clamd: repackaged from haraka/Haraka

.codeclimate.yml

@@ -0,0 +1,10 @@
+engines:
+  eslint:
+    enabled: true
+    channel: "eslint-8"
+    config:
+      config: ".eslintrc.yaml"
+
+ratings:
+  paths:
+    - "**.js"

.eslintrc.yaml

@@ -0,0 +1,10 @@
+env:
+  node: true
+  es6: true
+  mocha: true
+  es2022: true
+
+extends: ["@haraka"]
+
+rules:
+  no-unused-vars: 1

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,11 @@
+### system info
+
+Please report your OS, Node version, and Haraka version by running this shell script on your Haraka server and replacing this section with the output.
+
+echo "Haraka | $(haraka -v)"; echo " --- | :--- "; echo "Node | $(node -v)"; echo "OS | $(uname -a)"; echo "openssl | $(openssl version)"
+
+### Expected behavior
+
+### Observed behavior
+
+### Steps to reproduce

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,13 @@
+Changes proposed in this pull request:
+
+-
+-
+
+Fixes #
+
+Checklist:
+
+- [ ] docs updated
+- [ ] tests updated
+- [ ] Changes.md updated
+- [ ] package.json.version bumped

.github/dependabot.yml

@@ -0,0 +1,10 @@
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    allow:
+      - dependency-type: production

.github/workflows/ci.yml

@@ -0,0 +1,22 @@
+name: CI
+
+on: [push, pull_request]
+
+env:
+  CI: true
+
+jobs:
+  lint:
+    uses: haraka/.github/.github/workflows/lint.yml@master
+
+  # coverage:
+  #   uses: haraka/.github/.github/workflows/coverage.yml@master
+  #   secrets: inherit
+
+  ubuntu:
+    needs: [lint]
+    uses: haraka/.github/.github/workflows/ubuntu.yml@master
+
+  windows:
+    needs: [lint]
+    uses: haraka/.github/.github/workflows/windows.yml@master

.github/workflows/codeql.yml

@@ -0,0 +1,13 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+  schedule:
+    - cron: "18 7 * * 4"
+
+jobs:
+  codeql:
+    uses: haraka/.github/.github/workflows/codeql.yml@master

.github/workflows/publish.yml

@@ -0,0 +1,16 @@
+name: publish
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - package.json
+
+env:
+  CI: true
+
+jobs:
+  publish:
+    uses: haraka/.github/.github/workflows/publish.yml@master
+    secrets: inherit

.gitignore

@@ -0,0 +1,45 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules
+jspm_packages
+
+# Optional npm cache directory
+.npm
+
+# Optional REPL history
+.node_repl_history
+
+package-lock.json
+bower_components
+# Optional npm cache directory
+.npmrc
+.idea
+.DS_Store
+haraka-update.sh

.gitmodules

@@ -0,0 +1,3 @@
+[submodule ".release"]
+	path = .release
+	url = [email protected]:msimerson/.release.git

CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/).
+
+### Unreleased
+
+### [1.0.0] - 2024-05-08
+
+- initial release (repackaged from haraka/Haraka)
+
+[1.0.0]: https://github.com/haraka/haraka-plugin-template/releases/tag/v1.0.0

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Haraka
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,164 @@
+[![CI Test Status][ci-img]][ci-url]
+[![Code Climate][clim-img]][clim-url]
+
+[![NPM][npm-img]][npm-url]
+
+# haraka-plugin-clamd
+
+This plug-in implements Anti-Virus scanning with ClamAV using the **clamd** daemon.
+
+The plug-in will reject any message that ClamAV considers to be a virus. If an error occurs (e.g. clamd not running or a timeout), the message will be deferred with a temporary failure.
+
+## Configuration
+
+Copy the default clamd.ini into the Haraka config directory:
+
+```
+cp node_modules/haraka-plugin-clamd/config/clamd.ini config/clamd.ini
+$EDITOR config/clamd.ini
+```
+
+The following options can be defined in clamd.ini;
+
+### clamd\_socket (default: localhost:3310)
+
+  N.N.N.N:port, [ipv6::literal]:port, host:port or /path/to/socket of
+  the clamd daemon.
+
+  Multiple hosts can be listed separated by comma, semi-colon or spaces.
+
+  If :port is omitted it defaults to 3310.
+
+  On connection error or timeout the next host in the list will be tried.
+  When the host list is exhausted, the message will be deferred with
+  a temporary failure.
+
+
+### randomize\_host\_order (default: false)
+
+  If this is set then the list of hosts with be randomized before a
+  connection is attempted.
+
+
+### only\_with\_attachments                         (default: false)
+
+  Set this option to only scan messages that contain non-textual
+  attachments.  This is a performance optimization, however it will
+  prevent ClamAV from detecting threats such as Phishing in plain-text
+  or HTML messages.
+
+
+### connect\_timeout                               (default: 10)
+
+  Timeout connection to host after this many seconds.  A timeout will
+  cause the next host in the list to be tried.  Once all hosts have
+  been tried then a temporary failure will be returned.
+
+
+### timeout                                       (default: 30)
+
+  Post-connection timeout if there is no activity on the socket after
+  this many seconds.  A timeout will cause the message to be rejected
+  with a tempoary failure.
+
+
+### max\_size                                      (default: 26214400)
+
+  The maximum size of message that should be sent to clamd in bytes.
+  This option should not be larger than the StreamMaxLength value in
+  clamd.conf as clamd will stop scanning once this limit is reached.
+  If the clamd limit is reached the plug-in will log a notice that
+  this has happened and will allow the message though.
+
+### [reject]
+
+An optional reject section can offer control over when to reject connections.
+The default settings are shown. ClamAV recommends that hits coming from 
+SafeBrowsing / Phishing / Heuristics, Potentially Unwanted Applications, and
+UNOFFICIAL be used only for scoring.
+
+    * virus=true
+    * error=true
+
+The following reject options are disabled by default in clamd.conf. With a
+default ClamAV install, these will have no effect. When an admin enables in
+clamd.conf, Haraka with then, by default, reject such messages. Adjust these
+settings to suit.
+
+    * Broken.Executable=true
+    * Structured=true
+    * Encrypted=true
+    * PUA=true
+    * OLE2=true
+    * Safebrowsing=true
+    * UNOFFICIAL=true
+
+The following options are enabled by default in clamd but ClamAV suggests
+using them only for scoring.
+
+    * Phishing=false
+
+## [check]
+
+The optional check section can allow skipping ClamAV check for remote connection
+meeting following criteria.
+
+- authenticated
+
+    Default: true
+
+    If true, messages from authenticated users will be scanned.
+
+- private\_ip
+
+    Default: true
+
+    If true, messages from private IPs will be scanned.
+
+- local\_ip
+
+    Default: true
+
+    If true, messages from localhost will be scanned.
+
+- relay
+
+    Default: true
+
+    If true, messages that are to be relayed will be scanned.
+
+## clamd.excludes
+
+  This file can contain a list of virus name patterns that when matched, are
+  not rejected by this plugin. An X-Haraka-Virus: header will be inserted
+  containing the virus name. This header can then be used for scoring
+  in other plugins.
+
+  The format of the file is one pattern per line. Comments are prefixed
+  with #. Matches are case-insensitive.
+
+  Patterns are expressed using wildcards (e.g. * and ?) or
+  via regexp by enclosing the pattern in //.
+
+  To negate a match (e.g. reject if it matches), prefix the match with !.
+  Negative matches are always tested first.
+
+  Example:
+
+```
+# Always reject test signatures
+!*.TestSig_*
+# Skip all unofficial signatures
+*.UNOFFICIAL
+# Phishing
+Heuristics.Phishing.*
+```
+
+<!-- leave these buried at the bottom of the document -->
+
+[ci-img]: https://github.com/haraka/haraka-plugin-clamd/actions/workflows/ci.yml/badge.svg
+[ci-url]: https://github.com/haraka/haraka-plugin-clamd/actions/workflows/ci.yml
+[clim-img]: https://codeclimate.com/github/haraka/haraka-plugin-clamd/badges/gpa.svg
+[clim-url]: https://codeclimate.com/github/haraka/haraka-plugin-clamd
+[npm-img]: https://nodei.co/npm/haraka-plugin-clamd.png
+[npm-url]: https://www.npmjs.com/package/haraka-plugin-clamd

config/clamd.ini

@@ -0,0 +1,2 @@
+
+[main]