Import from our internal VCS

.gitignore

@@ -1,101 +1,26 @@
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-env/
+*.log
+*.pyc
+chown2me
+# eclipse stuff
+.project
+.pydevproject
+.settings/
+# PyCharm stuff
+.idea/
+# backup files from gedit etc.
+*~
+# runtime files
+*.pid
+*.sock
+*.db
+# config files
+*.conf
+# chown2me binary
+bin/chown2me
+# Sphinx output
+docs/build
+# build files
+Peekaboo.egg-info/
 build/
-develop-eggs/
 dist/
-downloads/
-eggs/
 .eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-.hypothesis/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# pyenv
-.python-version
-
-# celery beat schedule file
-celerybeat-schedule
-
-# SageMath parsed files
-*.sage.py
-
-# dotenv
-.env
-
-# virtualenv
-.venv
-venv/
-ENV/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/

LICENSE → LICENSE.txt

@@ -631,8 +631,8 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
-    {one line to give the program's name and a brief idea of what it does.}
-    Copyright (C) {year}  {name of author}
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    {project}  Copyright (C) {year}  {fullname}
+    <program>  Copyright (C) <year>  <name of author>
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.

README.md

@@ -1 +1,65 @@
-# PeekabooAV
+# Peekaboo #
+
+Peekaboo Extended Email Attachment Behavior Observation Owl  
+
+Currently, the main use case of Peekaboo is to listen for connections from
+AMaViSd, which supplies a path in file system for every e-mail
+processed.
+Peekaboo will check the files using cuckoo sandbox and
+supply analysis results back to AMaViSd (bad | checked | good | ignored).
+Also, Peekaboo will run a static analysis using its own ruleset before
+submitting any files to Cuckoo.
+
+* bad - for files that match any of the configured signature rules
+* good - for files that are manually marked as good
+* ignored - for files that file type does not match file types for analysis
+* checked - for every file that has been analyzed and is not bad
+
+
+## Requirements ##
+
+* [Python 2.7](https://www.python.org/downloads/)
+* [Cuckoo 2.0](https://github.com/cuckoosandbox/cuckoo)
+* Our patched version of AMaViSd 2.11.0
+
+
+## Installation ##
+
+### Get Peekaboo ###
+Use the following commands to clone the Peekaboo repositories to your system:
+
+```shell
+git clone https://github.com/scVENUS/PeekabooAV.git
+```
+
+### Install Dependencies ###
+```shell
+pip install -r requirements.txt
+```
+
+#### Compile ``chown2me`` ####
+```shell
+cd bin/
+make chown2me
+sudo setcap cap_chown+ep chown2me
+chown cuckoo:cuckoo chown2me
+```
+
+### Configuration ###
+Simply copy ``peekaboo.conf.sample`` to ``peekaboo.conf`` and edit it to fit your requirements.
+
+### Startup ###
+Now, you can run Peekaboo with
+```shell
+python peekaboo_debug.py -c /path/to/your/peekaboo.conf
+```
+
+**Note:** If you put your ``peekaboo.conf`` in the base directory
+of the repository you can ommit the ``-c`` option.
+Also, for detailed command line options run
+```shell
+python peekaboo_debug.py --help
+```
+
+### Advanced Installations ###
+For a more advanced installation, please refer to our documentation located in the ``docs`` folder.

amavis/README.md

@@ -0,0 +1,29 @@
+# AMaViSd for Peekaboo # 
+
+## Download Upstream Version ##
+
+```shell
+curl https://www.ijs.si/software/amavisd/amavisd-new-2.11.0.tar.xz -o amavisd-new-2.11.0.tar.xz
+```
+
+## Extract Necessary Files ##
+
+```shell
+tar xvf amavisd-new-2.11.0.tar.xz  amavisd-new-2.11.0/amavisd.conf-default
+tar xvf amavisd-new-2.11.0.tar.xz  amavisd-new-2.11.0/amavisd
+```
+
+## Apply the Patch ##
+
+```shell
+cd amavisd-new-2.11.0/
+
+patch -p4 < ../../peekaboo-amavisd.patch
+patch -p1 < ../../debian-find_config_files.patch
+```
+
+## Use ##
+
+```shell
+configure and run
+```

amavis/debian-find_config_files.patch

@@ -0,0 +1,41 @@
+diff --git a/amavisd b/amavisd
+index 7f93194..8e3f39d 100755
+--- a/amavisd
++++ b/amavisd
+@@ -4332,14 +4332,14 @@ sub read_l10n_templates($;$) {
+
+ # # attempt to read a list of config files to use instead of the default one,
+ # # using an external helper script. Used by the Debian/Ubuntu distribution.
+-# sub find_config_files(@) {
+-#   my(@dirs) = @_;
+-#   local $ENV{PATH} = '/bin:/usr/bin';
+-#   my(@config_files) = map { `run-parts --list "$_"` } @dirs;
+-#   chomp(@config_files);
+-#   # untaint - this data is secure as we check the files themselves later
+-#   map { untaint($_) } @config_files;
+-# }
++sub find_config_files(@) {
++  my(@dirs) = @_;
++  local $ENV{PATH} = '/bin:/usr/bin';
++  my(@config_files) = map { `run-parts --list "$_"` } @dirs;
++  chomp(@config_files);
++  # untaint - this data is secure as we check the files themselves later
++  map { untaint($_) } @config_files;
++}
+
+ #use CDB_File;
+ #sub tie_hash($$) {
+@@ -19081,10 +19081,10 @@ $Amavis::Conf::map_full_type_to_short_type_re =
+
+ # default location of the config file if none specified
+ if (!@config_files) {
+-  @config_files = ( '/etc/amavisd.conf' );
++# @config_files = ( '/etc/amavisd.conf' );
+ # # Debian/Ubuntu specific:
+-# @config_files = Amavis::Util::find_config_files('/usr/share/amavis/conf.d',
+-#                                                 '/etc/amavis/conf.d');
++  @config_files = Amavis::Util::find_config_files('/usr/share/amavis/conf.d',
++                                                  '/etc/amavis/conf.d');
+ }
+
+ # Read and evaluate config files, which may override default settings

amavis/peekaboo-amavisd.patch

@@ -0,0 +1,86 @@
+diff --git a/amavis/bin/amavisd-new-2.11.0/amavisd b/amavis/bin/amavisd-new-2.11.0/amavisd
+index 7f93194..d6ab174 100755
+--- a/amavis/bin/amavisd-new-2.11.0/amavisd
++++ b/amavis/bin/amavisd-new-2.11.0/amavisd
+@@ -407,6 +407,7 @@ BEGIN {
+       %dkim_signing_keys_by_domain
+       @dkim_signing_keys_list @dkim_signing_keys_storage
+       $file $altermime $enable_anomy_sanitizer
++      $enable_dump_info $dump_info_tempdir
+     )],
+     'sa' =>  # global SpamAssassin settings
+     [qw(
+@@ -31596,6 +31597,44 @@ sub determine_file_types_fileutility($$) {
+   1;
+ }
+
++# please refer to README.dump-info
++sub dump_info {
++    #do_log(0,"dump_info");
++    my ($part, $tempdir) = @_;
++    my $full_name = $part->full_name;
++    my $base_name = $part->base_name;
++    my $dir_name  = $part->dir_name;
++    my $own_tempdir = '/tmp';
++    $own_tempdir = $dump_info_tempdir if defined $dump_info_tempdir;
++    $tempdir =~ s|/+[^/]+$||;
++    $dir_name =~ s|^$tempdir/|$own_tempdir/|;
++    $dir_name =~ s|/parts||;
++    mkdir $dir_name, 0770 or warn "couldn't create $dir_name: $!" unless -d $dir_name;
++    my $info_file = "$dir_name/$base_name.info";
++    if (open my $info_fh, ">", $info_file) {
++        printf $info_fh "[attachment]\n";
++        for my $field (qw(
++                       full_name
++                       name_declared
++                       type_declared
++                       type_long
++                       type_short
++                       size
++                       digest
++                       attributes
++                       queue_id
++                      )) {
++            printf $info_fh "%-15s: %s\n", "$field", $part->can($field) ? $part->$field() : $Amavis::MSGINFO->$field();
++        }
++        close $info_fh;
++
++        system 'cp', $full_name, $dir_name if -w $dir_name;
++
++    } else {
++        warn "couldn't create $info_file: $!";
++    }
++}
++
+ sub decompose_mail($$) {
+   my($tempdir,$file_generator_object) = @_;
+
+@@ -31655,6 +31694,12 @@ TIER:
+     for my $part (@parts) {
+       if ($part->exists && !defined($hold)) {
+         my($hold_tmp, $over_levels_tmp) = decompose_part($part, $tempdir);
++
++        # create p*.info files in /tmp/<hash>/...
++        if ($enable_dump_info) {
++            dump_info($part, $tempdir);
++        }
++
+         $hold = $hold_tmp if $hold_tmp;
+         $over_levels ||= $over_levels_tmp;
+       }
+diff --git a/amavis/bin/amavisd-new-2.11.0/amavisd.conf-default b/amavis/bin/amavisd-new-2.11.0/amavisd.conf-default
+index 716bcd0..b8fa0c5 100644
+--- a/amavis/bin/amavisd-new-2.11.0/amavisd.conf-default
++++ b/amavis/bin/amavisd-new-2.11.0/amavisd.conf-default
+@@ -944,4 +944,11 @@ use strict;
+     ##   @addr_extension_virus_maps  @addr_extension_spam_maps
+     ##   @addr_extension_banned_maps @addr_extension_bad_header_maps
+
++
++## dump-info, please see file README.dump-info for more info.
++
++# $enable_dump_info  = 0;       # set to 1 to enable dump_info feature
++# $dump_info_tempdir = '/tmp';  # base directory where dump_info() will put its stuff
++
++
+ 1;  # insure a defined return value