generated from haraka/haraka-plugin-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
clamd: repackaged from haraka/Haraka
- Loading branch information
0 parents
commit 7f7baaa
Showing
18 changed files
with
991 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
engines: | ||
eslint: | ||
enabled: true | ||
channel: "eslint-8" | ||
config: | ||
config: ".eslintrc.yaml" | ||
|
||
ratings: | ||
paths: | ||
- "**.js" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
env: | ||
node: true | ||
es6: true | ||
mocha: true | ||
es2022: true | ||
|
||
extends: ["@haraka"] | ||
|
||
rules: | ||
no-unused-vars: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
### system info | ||
|
||
Please report your OS, Node version, and Haraka version by running this shell script on your Haraka server and replacing this section with the output. | ||
|
||
echo "Haraka | $(haraka -v)"; echo " --- | :--- "; echo "Node | $(node -v)"; echo "OS | $(uname -a)"; echo "openssl | $(openssl version)" | ||
|
||
### Expected behavior | ||
|
||
### Observed behavior | ||
|
||
### Steps to reproduce |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
Changes proposed in this pull request: | ||
|
||
- | ||
- | ||
|
||
Fixes # | ||
|
||
Checklist: | ||
|
||
- [ ] docs updated | ||
- [ ] tests updated | ||
- [ ] Changes.md updated | ||
- [ ] package.json.version bumped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "npm" | ||
directory: "/" | ||
schedule: | ||
interval: "monthly" | ||
allow: | ||
- dependency-type: production |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
name: CI | ||
|
||
on: [push, pull_request] | ||
|
||
env: | ||
CI: true | ||
|
||
jobs: | ||
lint: | ||
uses: haraka/.github/.github/workflows/lint.yml@master | ||
|
||
# coverage: | ||
# uses: haraka/.github/.github/workflows/coverage.yml@master | ||
# secrets: inherit | ||
|
||
ubuntu: | ||
needs: [lint] | ||
uses: haraka/.github/.github/workflows/ubuntu.yml@master | ||
|
||
windows: | ||
needs: [lint] | ||
uses: haraka/.github/.github/workflows/windows.yml@master |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
name: "CodeQL" | ||
|
||
on: | ||
push: | ||
branches: [master] | ||
pull_request: | ||
branches: [master] | ||
schedule: | ||
- cron: "18 7 * * 4" | ||
|
||
jobs: | ||
codeql: | ||
uses: haraka/.github/.github/workflows/codeql.yml@master |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
name: publish | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
paths: | ||
- package.json | ||
|
||
env: | ||
CI: true | ||
|
||
jobs: | ||
publish: | ||
uses: haraka/.github/.github/workflows/publish.yml@master | ||
secrets: inherit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
# Logs | ||
logs | ||
*.log | ||
npm-debug.log* | ||
|
||
# Runtime data | ||
pids | ||
*.pid | ||
*.seed | ||
|
||
# Directory for instrumented libs generated by jscoverage/JSCover | ||
lib-cov | ||
|
||
# Coverage directory used by tools like istanbul | ||
coverage | ||
|
||
# nyc test coverage | ||
.nyc_output | ||
|
||
# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) | ||
.grunt | ||
|
||
# node-waf configuration | ||
.lock-wscript | ||
|
||
# Compiled binary addons (http://nodejs.org/api/addons.html) | ||
build/Release | ||
|
||
# Dependency directories | ||
node_modules | ||
jspm_packages | ||
|
||
# Optional npm cache directory | ||
.npm | ||
|
||
# Optional REPL history | ||
.node_repl_history | ||
|
||
package-lock.json | ||
bower_components | ||
# Optional npm cache directory | ||
.npmrc | ||
.idea | ||
.DS_Store | ||
haraka-update.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
[submodule ".release"] | ||
path = .release | ||
url = [email protected]:msimerson/.release.git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Changelog | ||
|
||
The format is based on [Keep a Changelog](https://keepachangelog.com/). | ||
|
||
### Unreleased | ||
|
||
### [1.0.0] - 2024-05-08 | ||
|
||
- initial release (repackaged from haraka/Haraka) | ||
|
||
[1.0.0]: https://github.com/haraka/haraka-plugin-template/releases/tag/v1.0.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2017 Haraka | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,164 @@ | ||
[![CI Test Status][ci-img]][ci-url] | ||
[![Code Climate][clim-img]][clim-url] | ||
|
||
[![NPM][npm-img]][npm-url] | ||
|
||
# haraka-plugin-clamd | ||
|
||
This plug-in implements Anti-Virus scanning with ClamAV using the **clamd** daemon. | ||
|
||
The plug-in will reject any message that ClamAV considers to be a virus. If an error occurs (e.g. clamd not running or a timeout), the message will be deferred with a temporary failure. | ||
|
||
## Configuration | ||
|
||
Copy the default clamd.ini into the Haraka config directory: | ||
|
||
``` | ||
cp node_modules/haraka-plugin-clamd/config/clamd.ini config/clamd.ini | ||
$EDITOR config/clamd.ini | ||
``` | ||
|
||
The following options can be defined in clamd.ini; | ||
|
||
### clamd\_socket (default: localhost:3310) | ||
|
||
N.N.N.N:port, [ipv6::literal]:port, host:port or /path/to/socket of | ||
the clamd daemon. | ||
|
||
Multiple hosts can be listed separated by comma, semi-colon or spaces. | ||
|
||
If :port is omitted it defaults to 3310. | ||
|
||
On connection error or timeout the next host in the list will be tried. | ||
When the host list is exhausted, the message will be deferred with | ||
a temporary failure. | ||
|
||
|
||
### randomize\_host\_order (default: false) | ||
|
||
If this is set then the list of hosts with be randomized before a | ||
connection is attempted. | ||
|
||
|
||
### only\_with\_attachments (default: false) | ||
|
||
Set this option to only scan messages that contain non-textual | ||
attachments. This is a performance optimization, however it will | ||
prevent ClamAV from detecting threats such as Phishing in plain-text | ||
or HTML messages. | ||
|
||
|
||
### connect\_timeout (default: 10) | ||
|
||
Timeout connection to host after this many seconds. A timeout will | ||
cause the next host in the list to be tried. Once all hosts have | ||
been tried then a temporary failure will be returned. | ||
|
||
|
||
### timeout (default: 30) | ||
|
||
Post-connection timeout if there is no activity on the socket after | ||
this many seconds. A timeout will cause the message to be rejected | ||
with a tempoary failure. | ||
|
||
|
||
### max\_size (default: 26214400) | ||
|
||
The maximum size of message that should be sent to clamd in bytes. | ||
This option should not be larger than the StreamMaxLength value in | ||
clamd.conf as clamd will stop scanning once this limit is reached. | ||
If the clamd limit is reached the plug-in will log a notice that | ||
this has happened and will allow the message though. | ||
|
||
### [reject] | ||
|
||
An optional reject section can offer control over when to reject connections. | ||
The default settings are shown. ClamAV recommends that hits coming from | ||
SafeBrowsing / Phishing / Heuristics, Potentially Unwanted Applications, and | ||
UNOFFICIAL be used only for scoring. | ||
|
||
* virus=true | ||
* error=true | ||
|
||
The following reject options are disabled by default in clamd.conf. With a | ||
default ClamAV install, these will have no effect. When an admin enables in | ||
clamd.conf, Haraka with then, by default, reject such messages. Adjust these | ||
settings to suit. | ||
|
||
* Broken.Executable=true | ||
* Structured=true | ||
* Encrypted=true | ||
* PUA=true | ||
* OLE2=true | ||
* Safebrowsing=true | ||
* UNOFFICIAL=true | ||
|
||
The following options are enabled by default in clamd but ClamAV suggests | ||
using them only for scoring. | ||
|
||
* Phishing=false | ||
|
||
## [check] | ||
|
||
The optional check section can allow skipping ClamAV check for remote connection | ||
meeting following criteria. | ||
|
||
- authenticated | ||
|
||
Default: true | ||
|
||
If true, messages from authenticated users will be scanned. | ||
|
||
- private\_ip | ||
|
||
Default: true | ||
|
||
If true, messages from private IPs will be scanned. | ||
|
||
- local\_ip | ||
|
||
Default: true | ||
|
||
If true, messages from localhost will be scanned. | ||
|
||
- relay | ||
|
||
Default: true | ||
|
||
If true, messages that are to be relayed will be scanned. | ||
|
||
## clamd.excludes | ||
|
||
This file can contain a list of virus name patterns that when matched, are | ||
not rejected by this plugin. An X-Haraka-Virus: header will be inserted | ||
containing the virus name. This header can then be used for scoring | ||
in other plugins. | ||
|
||
The format of the file is one pattern per line. Comments are prefixed | ||
with #. Matches are case-insensitive. | ||
|
||
Patterns are expressed using wildcards (e.g. * and ?) or | ||
via regexp by enclosing the pattern in //. | ||
|
||
To negate a match (e.g. reject if it matches), prefix the match with !. | ||
Negative matches are always tested first. | ||
|
||
Example: | ||
|
||
``` | ||
# Always reject test signatures | ||
!*.TestSig_* | ||
# Skip all unofficial signatures | ||
*.UNOFFICIAL | ||
# Phishing | ||
Heuristics.Phishing.* | ||
``` | ||
|
||
<!-- leave these buried at the bottom of the document --> | ||
|
||
[ci-img]: https://github.com/haraka/haraka-plugin-clamd/actions/workflows/ci.yml/badge.svg | ||
[ci-url]: https://github.com/haraka/haraka-plugin-clamd/actions/workflows/ci.yml | ||
[clim-img]: https://codeclimate.com/github/haraka/haraka-plugin-clamd/badges/gpa.svg | ||
[clim-url]: https://codeclimate.com/github/haraka/haraka-plugin-clamd | ||
[npm-img]: https://nodei.co/npm/haraka-plugin-clamd.png | ||
[npm-url]: https://www.npmjs.com/package/haraka-plugin-clamd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
|
||
[main] |
Oops, something went wrong.