def setUp(self):
config = RawConfigParser()
config.add_section('main')
config.add_section('virus')
config.set('main', 'prependaddedheaders', 'X-Fuglu-')
config.set('virus', 'defaultvirusaction', 'DELETE')
config.add_section('SSSPPlugin')
config.set('SSSPPlugin', 'host', '127.0.0.1')
config.set('SSSPPlugin', 'port', '1344')
config.set('SSSPPlugin', 'timeout', '5')
config.set('SSSPPlugin', 'retries', '3')
config.set('SSSPPlugin', 'maxsize', '22000000')
config.set('SSSPPlugin', 'virusaction', 'DEFAULTVIRUSACTION')
config.set('SSSPPlugin', 'problemaction', 'DEFER')
config.set('SSSPPlugin', 'rejectmessage', '')
self.candidate = SSSPPlugin(config)
def test_answer(self, rops, exchgr, acc, rcvmsg, sgb):
"""Test parsing of sophos answer, especially removal of tmp-folder in name"""
rops.return_value = {
u'maxscandata': [u'0'],
u'version': [u'SAV Dynamic Interface 2.6.0'],
u'maxclassificationsize': [u'4096'],
u'method': [
u'QUERY SERVER', u'QUERY SAVI', u'QUERY ENGINE', u'OPTIONS',
u'SCANDATA', u'SCANFILE', u'SCANDIR'
],
u'maxmemorysize': [u'250000']
}
acc.return_value = True
rcvmsg.return_value = \
[b'EVENT FILE /tmp/savid_tmpgMEMBE', b'FILE /tmp/savid_tmpgMEMBE', b'TYPE D0',
b'EVENT ARCHIVE /tmp/savid_tmpgMEMBE/AAAA0001', b'FILE /tmp/savid_tmpgMEMBE/AAAA0001',
b'TYPE D0', b'EVENT ARCHIVE /tmp/savid_tmpgMEMBE/AAAA0001/AAAA0001',
b'FILE /tmp/savid_tmpgMEMBE/AAAA0001/AAAA0001', b'TYPE 80',
b'EVENT ARCHIVE /tmp/savid_tmpgMEMBE/AAAA0001/AAAA0002',
b'FILE /tmp/savid_tmpgMEMBE/AAAA0001/AAAA0002', b'TYPE D9',
b'EVENT ARCHIVE /tmp/savid_tmpgMEMBE/AAAAAAAAA%20AA%20AAAAAAAA.zip',
b'FILE /tmp/savid_tmpgMEMBE/AAAAAAAAA%20AA%20AAAAAAAA.zip', b'TYPE 30',
b'EVENT ARCHIVE /tmp/savid_tmpgMEMBE/AAAAAAAAA%20AA%20AAAAAAAA.zip/AAAAAAAAA%20AA%20AAAAAAAA.exe',
b'FILE /tmp/savid_tmpgMEMBE/AAAAAAAAA%20AA%20AAAAAAAA.zip/AAAAAAAAA%20AA%20AAAAAAAA.exe',
b'TYPE 60', b'TYPE 81', b'TYPE 53', b'TYPE 60', b'TYPE 81',
b'EVENT VIRUS Mal/DummyFlu /tmp/savid_tmpgMEMBE/AAAAAAAAA%20AA%20AAAAAAAA.zip/AAAAAAAAA%20AA%20AAAAAAAA.exe',
b'VIRUS Mal/DummyFlu /tmp/savid_tmpgMEMBE/AAAAAAAAA%20AA%20AAAAAAAA.zip/AAAAAAAAA%20AA%20AAAAAAAA.exe',
b'OK 0203 /tmp/savid_tmpgMEMBE', b'DONE OK 0203 Virus found during virus scan']
candidate = SSSPPlugin(self.config)
candidate.__init_socket__ = MagicMock()
candidate.__init_socket__.return_value = MagicMock()
reply = candidate.scan_stream(b"dummy")
# ideally we don't want the tmp-folder structure in the message
# /tmp/savid_tmpgMEMBE should be removed by the regex sssp.tmpdirsyntax
targetanswer = {
u'AAAAAAAAA%20AA%20AAAAAAAA.zip/AAAAAAAAA%20AA%20AAAAAAAA.exe':
u'Mal/DummyFlu'
}
self.assertEqual(targetanswer, reply)
def setUp(self):
from ConfigParser import RawConfigParser
import os
config = RawConfigParser()
config.add_section('main')
config.add_section('virus')
config.set('main', 'prependaddedheaders', 'X-Fuglu-')
config.set('virus', 'defaultvirusaction', 'DELETE')
config.add_section('SSSPPlugin')
config.set('SSSPPlugin', 'host', '127.0.0.1')
config.set('SSSPPlugin', 'port', '1344')
config.set('SSSPPlugin', 'timeout', '5')
config.set('SSSPPlugin', 'retries', '3')
config.set('SSSPPlugin', 'maxsize', '22000000')
config.set('SSSPPlugin', 'virusaction', 'DEFAULTVIRUSACTION')
config.set('SSSPPlugin', 'problemaction', 'DEFER')
config.set('SSSPPlugin', 'rejectmessage', '')
self.candidate = SSSPPlugin(config)
class SSSPPluginTestCase(unittest.TestCase):
"""Testcases for the Stub Plugin"""
def setUp(self):
from ConfigParser import RawConfigParser
import os
config = RawConfigParser()
config.add_section('main')
config.add_section('virus')
config.set('main', 'prependaddedheaders', 'X-Fuglu-')
config.set('virus', 'defaultvirusaction', 'DELETE')
config.add_section('SSSPPlugin')
config.set('SSSPPlugin', 'host', '127.0.0.1')
config.set('SSSPPlugin', 'port', '1344')
config.set('SSSPPlugin', 'timeout', '5')
config.set('SSSPPlugin', 'retries', '3')
config.set('SSSPPlugin', 'maxsize', '22000000')
config.set('SSSPPlugin', 'virusaction', 'DEFAULTVIRUSACTION')
config.set('SSSPPlugin', 'problemaction', 'DEFER')
config.set('SSSPPlugin', 'rejectmessage', '')
self.candidate = SSSPPlugin(config)
def test_result(self):
"""Test if EICAR virus is detected and message deleted"""
suspect = Suspect('*****@*****.**',
'*****@*****.**', '/dev/null')
stream = """Date: Mon, 08 Sep 2008 17:33:54 +0200
To: [email protected]
From: [email protected]
Subject: test eicar attachment
X-Mailer: swaks v20061116.0 jetmore.org/john/code/#swaks
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_MIME_BOUNDARY_000_12140"
------=_MIME_BOUNDARY_000_12140
Content-Type: text/plain
Eicar test
------=_MIME_BOUNDARY_000_12140
Content-Type: application/octet-stream
Content-Transfer-Encoding: BASE64
Content-Disposition: attachment
UEsDBAoAAAAAAGQ7WyUjS4psRgAAAEYAAAAJAAAAZWljYXIuY29tWDVPIVAlQEFQWzRcUFpYNTQo
UF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCoNClBLAQIU
AAoAAAAAAGQ7WyUjS4psRgAAAEYAAAAJAAAAAAAAAAEAIAD/gQAAAABlaWNhci5jb21QSwUGAAAA
AAEAAQA3AAAAbQAAAAAA
------=_MIME_BOUNDARY_000_12140--"""
suspect.setMessageRep(email.message_from_string(stream))
result = self.candidate.examine(suspect)
if type(result) is tuple:
result, message = result
strresult = actioncode_to_string(result)
if strresult == "DEFER":
import logging
logging.warn(
"SSSP Scan returned DEFER -> daemon is probably not running. treating this as test ok anyway"
)
return
self.assertEqual(strresult, "DELETE")
class SSSPPluginTestCase(unittest.TestCase):
"""Testcases for the Stub Plugin"""
def setUp(self):
from ConfigParser import RawConfigParser
import os
config = RawConfigParser()
config.add_section('main')
config.add_section('virus')
config.set('main', 'prependaddedheaders', 'X-Fuglu-')
config.set('virus', 'defaultvirusaction', 'DELETE')
config.add_section('SSSPPlugin')
config.set('SSSPPlugin', 'host', '127.0.0.1')
config.set('SSSPPlugin', 'port', '1344')
config.set('SSSPPlugin', 'timeout', '5')
config.set('SSSPPlugin', 'retries', '3')
config.set('SSSPPlugin', 'maxsize', '22000000')
config.set('SSSPPlugin', 'virusaction', 'DEFAULTVIRUSACTION')
config.set('SSSPPlugin', 'problemaction', 'DEFER')
config.set('SSSPPlugin', 'rejectmessage', '')
self.candidate = SSSPPlugin(config)
def test_result(self):
"""Test if EICAR virus is detected and message deleted"""
suspect = Suspect(
'*****@*****.**', '*****@*****.**', '/dev/null')
stream = """Date: Mon, 08 Sep 2008 17:33:54 +0200
To: [email protected]
From: [email protected]
Subject: test eicar attachment
X-Mailer: swaks v20061116.0 jetmore.org/john/code/#swaks
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_MIME_BOUNDARY_000_12140"
------=_MIME_BOUNDARY_000_12140
Content-Type: text/plain
Eicar test
------=_MIME_BOUNDARY_000_12140
Content-Type: application/octet-stream
Content-Transfer-Encoding: BASE64
Content-Disposition: attachment
UEsDBAoAAAAAAGQ7WyUjS4psRgAAAEYAAAAJAAAAZWljYXIuY29tWDVPIVAlQEFQWzRcUFpYNTQo
UF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCoNClBLAQIU
AAoAAAAAAGQ7WyUjS4psRgAAAEYAAAAJAAAAAAAAAAEAIAD/gQAAAABlaWNhci5jb21QSwUGAAAA
AAEAAQA3AAAAbQAAAAAA
------=_MIME_BOUNDARY_000_12140--"""
suspect.setMessageRep(email.message_from_string(stream))
result = self.candidate.examine(suspect)
if type(result) is tuple:
result, message = result
strresult = actioncode_to_string(result)
if strresult == "DEFER":
import logging
logging.warn(
"SSSP Scan returned DEFER -> daemon is probably not running. treating this as test ok anyway")
return
self.assertEqual(strresult, "DELETE")
