>по подробнее о плагинах расскажи, интересно
Это содержимое arch.pl
#!/usr/bin/perl -U
###########INITIAL################
$ARCH='/var/qmail/arch/';
$QUEUE='/var/qmail/queue/';
#system("set >$ARCH/set 2>\&1");
#system("/bin/ps -auf >>$ARCH/set 2>\&1");
$DAT=`date +%m%d%y`;chomp $DAT;
$FILE=rand(574,33333);
$FILE=rand(1,100);
($w,$d)=split(/\./,$FILE);
$ARCH=$ARCH.$DAT;
chdir($ARCH) or $w="NO";
if ($w eq "NO"){
$ret_code=system("mkdir -m 777 $ARCH")/256;
if ($ret_code) {print "alarm: Don't make $ARCH\n";exit 0}
}
$FILE=`date +%m%d%y%H%M%S-`;chomp $FILE;
$INTDFN=$QUEUE.$ARGV[0];
$MESSFN=$QUEUE.$ARGV[1];
$ret_code=system("cp $INTDFN $ARCH/$FILE$w");
if ($ret_code) {print "alarm: Don't copy $INTDFN\n"}
system("echo \"\n\n\">> $ARCH/$FILE$w");
$ret_code=system("cat $MESSFN >> $ARCH/$FILE$w");
if ($ret_code) {print "alarm: Don't copy $MESSFN\n";exit 0};
exit 0;
Это содержимое avp.pl
#!/usr/bin/perl -U
#use IO::Socket;
#############ERROR CODES################
$AVP_OK=0;
$AVP_INCOMPL=1;
$AVP_SUSPIC=3;
$AVP_DETECT=4;
$AVP_DELETE=5;
$AVP_CORR=7;
$AVP_CORRUPT=8;
$AVP_KILL=15;
########################################
###########INITIAL################
$QROOT='/var/qmail';
$ARCH='/var/qmail/arch/';
$QUEUE='/var/qmail/queue/';
$INTDFN=$QUEUE.$ARGV[0];
$MESSFN=$QUEUE.$ARGV[1];
$FN=$ARGV[1];chomp $FN;
$FN=~s/(.*\/){1,}//;
#print "File=$FN\n";
$rnd=rand(574,33333);
$rnd=rand(1,100);
($w,$d)=split(/\./,$rnd);
##################################
############Emergency timeout close programm
sub sigALRM
{
my $signame = shift;
print "alert: Exit with signal $signame file:$MESSFN\n";
alarm 0;
exit 0
}
$SIG{ALRM} = \&sigALRM;
############################################
$ret_code=system("cp $MESSFN /var/qmail/avp/$FN\.$w >/dev/null 2>&1");
if ($ret_code){print "alert: Can't copy file:$MESSFN\n";exit 0};
alarm 600;
##########RUN AVP#########################################################################
$ret_code=`/usr/local/share/AVP/AvpBSD -MP -Y -Z /var/qmail/avp/$FN\.$w \>/dev/null\;echo \$\?`;
`echo $ret_code>>/tmp/avp.ret.codede`;
print "warning:AVP return code=$ret_code\n";
########ERROR PROCESS
chomp($ret_code);
if($ret_code){err_proc();}
#####################
$ret_code=system("rm /var/qmail/avp/$FN\.$w >/dev/null 2>&1");
if ($ret_code){print "alert: Can't rm file:$FN\n";exit 0};
exit 0;
sub err_proc()
{
print "alert: VIRUS file:$MESSFN\n";
#############FROM DETECT
open (FIL,$INTDFN);$str=<FIL>;chomp $str;close FIL;
$FROM=$str;$TO=$str;
$FROM=~s/^.*\x00F//;$FROM=~s/\x00.*//;
$TO=~s/^.*(?=(\x00T))//;$TO=~s/\x00T/ /;$TO=~s/\x00//;
$str=~s/(\x00T.*\x00){1,}//;
print "warning: Virus in Message from $FROM to $TO\n";
#########################
SWITCH:{
if($ret_code=~/File.*/){print "alert: TEST AVP server\n";return 0}
if($ret_code==$AVP_KILL) {return 0}
if($ret_code>15) {print "alert: TEST AVP server\n";return 0}
# if($ret_code==8) {$inf_say='corrupted';last SWITCH}
if($ret_code==8) {print "alert: Message from $FROM to $TO corrupted\n";return 0}
$inf_say='infected';
}
open (FIL,">$INTDFN");
print FIL "$str\x00T$FROM\x00\n";
close FIL;
open (FIL,">$MESSFN");
print FIL "Received: (qmail invoked from network)\n";
print FIL "Reply-To: orlov\n";
print FIL "Subject: VIRUS WARNING\n";
print FIL "\n";
print FIL "Your message to $TO was $inf_say\.\n";
print FIL " \n";
close FIL;
}