How to configure File Transfer content check

Introduction

Path to the content check script: /opt/visulox/tools/filecheck.sh

After installation there is no filecheck.sh file available.
There is a template file: /opt/visulox/tools/filecheck.sh.template

This script has to be adjusted and can be used together with an external command line virus scanner.

Permission of this file must be vlx/vlxgroup/0550.

Possible products for Linux are F-Secure Command Line Scanner, F-Prot Antivirus, ClamAV, etc.
(no warranty for operation by amitego engineering).

In the Transit Policy file check can be enabled/disabled for certain files/users
and additional script arguments can be set for the file check script.

File Transfer content check template

filecheck.sh.template

CODE

#!/bin/bash
########################################################################
#  Copyright (c) amitego engineering GmbH, www.amitego.com
########################################################################
#
# Copy this file to filecheck.sh, set permission to vlx:vlxgroup:440
# modify for your purpose
#
# This is the content filtering script for File Transfer by VISULOX.
#
# This script is used for the connection to a virus-scanner to scan the file.
#
# On stdout a text can be displayed, which is used as the "description text".
# Return code: OK == 0 /  ERROR CODE

# If the file contains "THIS IS A VISULOX TEST" the script is triggered (for testing purpos)

# Echo of result on stdout
grep "THIS IS A VISULOX TEST" $1 && echo ": VIRUS TEST"  && exit 1

echo "Check on $*"
true
exit $?

Splitted archives are not supported in Sophos AntiVirus!

Example for F-Secure

F-Secure

CODE

 #!/bin/bash
########################################################################
#  Copyright (c) amitego engineering GmbH, www.amitego.com
########################################################################
#
# Copy this file to filecheck.sh, set permission to vlx:vlxgroup:440
# modify for your purpuse
#
# This is the content filtering script for File Transfer by VISULOX.
#
# This script is used for the connection to a virus-scanner to scan the file.
#
# On stdout a text can be displayed, which is used as the "description text".
# Return code: OK == 0 /  ERROR CODE
 
# if the file contains "THIS IS A VISULOX TEST" the script trigger (for testing purpos)
 
# Echo of result on stdout
#grep "THIS IS A VISULOX TEST" $1 && echo ": VIRUS TEST"  && exit 1
 
#echo "Check on $*"
of1=/tmp/ana1-$$
of2=/tmp/ana2_$$
 
IFS="
"
fsav $* 2>/dev/null > $of1
return=$?
 
# Analyse the output
grep  "file i" $of1 > $of2
egrep -o '.+' $of2 || cat $of2
 
rm $of1 $of2
 
exit $return

Example for F-Prot Antivirus

F-Prot

CODE

#!/bin/bash
########################################################################
#  Copyright (c) amitego engineering GmbH, www.amitego.com
########################################################################
#
# Copy this file to filecheck.sh, set permission to vlx:vlxgroup:440
# modify for your purpuse         
#
# This is the content filtering script for File Transfer by VISULOX.
#
# This script is used for the connection to a virus-scanner to scan the file.
#
# On stdout a text can be displayed, which is used as the "description text".
# Return code: OK == 0 /  ERROR CODE

# if the file contains "THIS IS A VISULOX TEST" the script trigger (for testing purpos)

# Echo of result on stdout

# echo "Check on $*"
of1=/tmp/ana1-$$
of2=/tmp/ana2_$$

IFS="
"
/opt/f-prot/fpscan --report $* 2>/dev/null > $of1
return=$?

# Analyse the output
grep  "Found virus" $of1 > $of2
egrep -o '<.+>' $of2 || cat $of2 

rm $of1 $of2

exit $return

Example for Microsoft Defender

CODE

#######################################################################
#  Copyright (c) amitego engineering GmbH, www.amitego.com
########################################################################
#

# ###############################################
# Microsoft Defender for Endpoint on Linux
# ###############################################

# \
        .  $(dirname $0)/../etc/vlx.profile
# \
        exec tclsh "$0" "$@"

package require Command
package require Tclx

set ::SCANNER /usr/bin/mdatp
set ::SCANOPTION {scan custom --path}

#set ::SCANNER /usr/bin/cat
#set ::SCANOPTION {}

###########################
proc main {} {
    set rtn $::ExitCode::SOFTWARE
    Logger::install virsuscheck
    set file [lindex $::argv 0]
    log::debug start $file
    try {
        check $file beforscan
        scanner
        set answer [scan $file]
        if {$answer ne ""} {
            # remove provided file pattern from answer
            regsub -- $file $answer "CONTENT:" answer
            puts $answer
            set rtn $::ExitCode::DENYVIRUS
        } else {
            set rtn $::ExitCode::SUCCESS
        }

        check $file afterscan

    } trap {CLI} {e} {
        log:::error "SOFTWARE" e
        puts $e
        set rtn $::ExitCode::FAILURE
    } on error {e o} {
        puts "General error"
        log:::error "SOFTWARE" e o
    }
    return $rtn
}
###########################
proc scanner {} {
    if {![file executable $::SCANNER]} {
        return -code error -errorcode {CLI} "$::SCANNER not found"
    }
}
###########################
proc check {file text } {
    if {![file exists $file]} {
        return -code error -errorcode {CLI} "Scanfile not found $text"
    }
    if {![file readable $file]} {
        return -code error -errorcode {CLI} "Scanfile not readable $text"
    }
}
###########################
proc scan {file} {
    set answer ""

    catch { exec $::SCANNER {*}$::SCANOPTION $file } scanData

    foreach line [split $scanData \n] {
        if {[regexp -nocase --  {Password} $line ]} {
            lappend viruslist "Password protected"
        }
        if {[regexp -nocase -- {Name: (.*)} $line dy virusname]} {
            lappend viruslist [string trim $virusname \']
        }
    }
    if {[info exists viruslist]} {
        set answer [join [lrmdups $viruslist] ,]
    }

    return $answer
}
###########################
exit [main]