FasdUAS 1.101.10 k l xr************************************************************************************************* Pre-requisites: You need to have the mpack munpack utilities installed. Developer tools are required for this. ./configure; make; sudo make install source from http://ftp.andrew.cmu.edu/pub/mpack/ At the moment of this writing, you should get version 1.6 for Mac OS X. Installation instructions for Mail: - Put this script somewhere in your home, the "~/Library/Scripts/Folder Action Scripts" folder seems a good one, possibly with an alias in "~/Library/Scripts/Mail". - in Mail, open the preferences and go to the "Rules" pane. - Add a rule just after the junk mail filter, and call it "virus scanner" or similar. - Set to "If 'any' of the following conditions are met: 'Every Message', Perform the following actions: 'Run Applescript'." And select this script. - click OK. Installation instructions for an "incoming downloads folder checker": - Make sure you have an alias to this script in "~/Library/Scripts/Folder Action Scripts" or that you have installed it there. - Run the tool "Folder Actions Setup" in the /Applications/AppleScript folder. - Check "Enable Folder Actions" - in the left pane add the folder(s) (Click on hte '+', probably add the Desktop and the folder where your web-browser downlaods to). - Select one of the folders, and in the right pane click on hte '+' button. Select this script from the dialog. Only scripts that are in "~/Library/Scripts/Folder Action Scripts" or have an alias there will show up. You can test by sending yourself the Eicar test message: http://www.eicar.org/anti_virus_test_file.htm Note that if you download it to one of the folders you have just protected, it will be moved to the trash immediately. *************************************************************************************************  ************************************************************************************************* Pre-requisites: You need to have the mpack munpack utilities installed. Developer tools are required for this. ./configure; make; sudo make install source from http://ftp.andrew.cmu.edu/pub/mpack/ At the moment of this writing, you should get version 1.6 for Mac OS X. Installation instructions for Mail: - Put this script somewhere in your home, the "~/Library/Scripts/Folder Action Scripts" folder seems a good one, possibly with an alias in "~/Library/Scripts/Mail". - in Mail, open the preferences and go to the "Rules" pane. - Add a rule just after the junk mail filter, and call it "virus scanner" or similar. - Set to "If 'any' of the following conditions are met: 'Every Message', Perform the following actions: 'Run Applescript'." And select this script. - click OK. Installation instructions for an "incoming downloads folder checker": - Make sure you have an alias to this script in "~/Library/Scripts/Folder Action Scripts" or that you have installed it there. - Run the tool "Folder Actions Setup" in the /Applications/AppleScript folder. - Check "Enable Folder Actions" - in the left pane add the folder(s) (Click on hte '+', probably add the Desktop and the folder where your web-browser downlaods to). - Select one of the folders, and in the right pane click on hte '+' button. Select this script from the dialog. Only scripts that are in "~/Library/Scripts/Folder Action Scripts" or have an alias there will show up. You can test by sending yourself the Eicar test message: http://www.eicar.org/anti_virus_test_file.htm Note that if you download it to one of the folders you have just protected, it will be moved to the trash immediately. ************************************************************************************************* l  l |************************************************************************************************* Disclaimer: this script is supplied as is in the hope that it is useful, but without any support or warranties of any kind. Use at your own risk. It is placed in the public domain. ************************************************************************************************************************************************************************************************** Disclaimer: this script is supplied as is in the hope that it is useful, but without any support or warranties of any kind. Use at your own risk. It is placed in the public domain. *************************************************************************************************  l l ************************************************************************************************* Some properties of the script, edit here if you want to change some behaviour. *************************************************************************************************&************************************************************************************************* Some properties of the script, edit here if you want to change some behaviour. ************************************************************************************************* l 1+ the absolute path of the clamscan command:V the absolute path of the clamscan command: j 0 clamscancmd clamScanCMD c ! m""##0/opt/local/bin/clamdscan !m  TEXT$% $l&' &0* the absolute path of the munpack command:'((T the absolute path of the munpack command:%)* )j + 0 munpackcmd munpackCMD +c,- ,m..//,/opt/local/bin/munpack -m  TEXT*01 0l23 24. the absolute path of the growlnotify command:344\ the absolute path of the growlnotify command:156 5j 7 0growlcmdgrowlCMD 7c 89 8m ::;;4/opt/local/bin/growlnotify 9m  TEXT6<= <l>? >KE name of the mailbox where probably infected mails are transferred to?@@ name of the mailbox where probably infected mails are transferred to=AB AjC "0infectedmailboxinfectedMailbox CcDE DmFFGGInfected Em  TEXTBHI HlJK J use munpack (false) or Stuffit Expander (true) (munpack is faster, Stuffit Expander expands into .sit etc.); requires munpack in your pathKLL use munpack (false) or Stuffit Expander (true) (munpack is faster, Stuffit Expander expands into .sit etc.); requires munpack in your pathIMN MjO 0 usestuffit useStuffit Om  boovfalsNPQ PlRS R2, show growl alert dialog if a virus is foundSTTX show growl alert dialog if a virus is foundQUV UjW "0showalertdialogshowAlertDialog Wm  boovtrueVXY XlZ[ Z}w treat all windows executables as viruses, defaults to no. Set to true if you consider all windows executables a virus.[\\ treat all windows executables as viruses, defaults to no. Set to true if you consider all windows executables a virus.Y]^ ]j_ B0allwindowsexecutablesarevirusesallWindowsExecutablesAreViruses _m  boovtrue^`a `lbc b5/ the attachments are unpacked in this directorycdd^ the attachments are unpacked in this directoryaef ej%g &0theattachmentpaththeAttachmentPath gc$hi hl"j jI"k .earsffdralis afdr km  afdrtemp im"#  TEXTflm llno n*$ show debugging messages using GrowloppH show debugging messages using Growlmqr qj&(s 0 debugging sm&'  boovfalsrtu tlvw vGA show critical error messages as dialog if ignore_errors is falsewxx show critical error messages as dialog if ignore_errors is falseuyz yj)+{ 0 ignore_errors {m)*  boovfalsz|} |l~ ~!************************************************************************************************* This part of the script is run when Mail uses the applescript on the incoming messages *************************************************************************************************6************************************************************************************************* This part of the script is run when Mail uses the applescript on the incoming messages *************************************************************************************************} w k l +% loop over all incoming mail messagesJ loop over all incoming mail messages i,/ I .emalcpmanull@mssg o 0 themessages theMessages  pmbx o 0 themailbox theMailbox  pmar o 0theruletheRule Q# l n I 60scanattachmentsforvirusesscanAttachmentsForViruses o 0 themessages theMessages f  and scan for viruses* and scan for viruses R .ascrerr ******** o 0 error_message  errn o 0 error_number Z# H l o 0 ignore_errors I .sysodlogaskrTEXT mError scanning email! Try turning on debugging to help track down the problem.emalalisD Macintosh HDH+)dMail.app+-Ǝ Applications,wƎ)d"Macintosh HD:Applications:Mail.appMail.app Macintosh HDApplications/Mail.app/ l l ************************************************************************************************* This part of the script is used when items are added dropped from the finder *************************************************************************************************"************************************************************************************************* This part of the script is used when items are added dropped from the finder ************************************************************************************************* i03 I 0 checkitems checkItems o 0theitemstheItems Qm XS ZN I 0 checkfile checkFile o 0 currentfile currentFile kJ Z; l! o! "0showalertdialogshowAlertDialog I$7 .sysoexecTEXTTEXT l$3 b$3 b$1 b$+ o$) 0growlcmdgrowlCMD m)*" -s -m "The file n+0 1.0  psxp l+. c+. o+, 0 currentfile currentFile m,-  alis m12 is probably infected and has been moved to the Trash." "Virus Found!" O<J I@I .coremoveobj obj o@A 0 currentfile currentFile  insh lBE 1BE  trsh m<=MACSalisr Macintosh HDH+)d Finder.app)MƗq CoreServices,wƘK )d)d)d3Macintosh HD:System:Library:CoreServices:Finder.app Finder.app Macintosh HD&System/Library/CoreServices/Finder.app/ 0 currentfile currentFile o 0theitemstheItems R .ascrerr ******** o 0 error_message  errn o 0 error_number Z[m H[a l[` o[` 0 ignore_errors Idi .sysodlogaskrTEXT mdeError scanning files! Try turning on debugging to help track down the problem. l l @: Check files dropped on the target folder (folder action):t Check files dropped on the target folder (folder action): i47 I .facofgetnullalis o 0 targetfolder TargetFolder~  flst o} }0 droppeditems DroppedItems~ I|{ |0 checkitems checkItemsz oy y0 droppeditems DroppedItemsz{ lxwvxwv luu *$ Check files dropped from the finderH Check files dropped from the finder i8; Its t.aevtodocnullalis or r0theitemstheItemss Iqp q0 checkitems checkItemso on n0theitemstheItemsop lmlkmlk lj  j   ************************************************************************************************* Perform the full set of tests on a given file; returns true if the file is suspicious *************************************************************************************************   4************************************************************************************************* Perform the full set of tests on a given file; returns true if the file is suspicious *************************************************************************************************   i<? Iih i0 checkfile checkFileg of f0 currentfile currentFilegh Q kt r  I ed e 0scanforvirusesscanForVirusesc ob b0 currentfile currentFilecd oa a0 isinfected isInfected r  I ` _ `00windowsexecutablefileswindowsExecutableFiles !^ !o ] ]0 currentfile currentFile^_ o\ \0 iswinexec isWinExec"# "r$% $n&' &I[(Z [@0filedoesnotmatchtypeandcreatorfileDoesNotMatchTypeAndCreator()Y )oX X0 currentfile currentFileYZ 'f %oW W0 filemissmatch fileMissMatch#*+ *lVUTVUT+,- ,r!./ .m0011 /oS S0log_msgLog_Msg-23 2Z"/45RQ 4o"#P P0 iswinexec isWinExec 5r&+67 6b&)89 8m&'::;;DBBVScan: found windows executable 9o'(O O0 currentfile currentFile 7oN N0log_msgLog_MsgRQ3<= <Z0A>?ML >o01K K0 isinfected isInfected ?r4=@A @b4;BC Bb49DE Db47FG Fo45J J0log_msgLog_Msg Gm56HHII ClamAV: Eo78I I0 currentfile currentFile Cm9:JJKK, is probably infected! AoH H0log_msgLog_MsgML=LM LZBQNOGF NoBCE E0 filemissmatch fileMissMatch OrFMPQ PbFKRS RbFITU ToFGD D0log_msgLog_Msg UmGHVVWW> BBVScan: file type missmatch: SoIJC C0 currentfile currentFile QoB B0log_msgLog_MsgGFMXY XZReZ[A@ ZlRU\?> \>RU]^ ]oRS= =0log_msgLog_Msg ^mST__``?> [kXaaabc bIX_<d; <.sysoexecTEXTTEXT dlX[e:9 ebX[fg fmXYhhiilogger goYZ8 80log_msgLog_Msg:9;cj7 jl``6kl6 k if (showAlertDialog) then display dialog "The file " & currentFile & " is probably infected and will be moved to the Trash!" buttons {"OK"} default button 1lmm: if (showAlertDialog) then display dialog "The file " & currentFile & " is probably infected and will be moved to the Trash!" buttons {"OK"} default button 17A@Yno nlff543543op2 pLftq qlfsr10 rGfsst sGfmuv uofg/ /0 isinfected isInfected vojk. .0 iswinexec isWinExec topq- -0 filemissmatch fileMissMatch102 R,wx ,.ascrerr ******** wo+ +0 error_messagex*y) * errn yo( (0 error_number) k|zz{| {Z|}~'& }l|%$ o|# # 0 debugging%$ ~I"! ".sysodlogaskrTEXT b m(Error in checkFile: o 0 error_message!'&| L m  boovfals  l l ~************************************************************************************************* Run a file or a directory (recursively) through the virus scanner, in summary mode. If the last item on the line containing "Possibly Infected:" is larger than 0, we have an infection. ************************************************************************************************************************************************************************************************** Run a file or a directory (recursively) through the virus scanner, in summary mode. If the last item on the line containing "Possibly Infected:" is larger than 0, we have an infection. ************************************************************************************************* i@C I  0scanforvirusesscanForViruses o 0theitemtheItem Qa kC r  n  1   psxp l c l c o 0theitemtheItem m  TEXT m  alis o 0 posix_path Posix_path Z ( l  o   0 debugging  I$ .sysoexecTEXTTEXT l  b  b b o 0growlcmdgrowlCMD m( -m "scanning file ' o 0 posix_path Posix_path m' for viruses"   l)) .( do shell script "logger scanForViruses"P do shell script "logger scanForViruses" r)6 b)4 b)2 b)0 o). 0 clamscancmd clamScanCMD m./J --recursive --bell -i --no-summary ' o01 0 posix_path Posix_path m23'; sleep 2 o 0 shell_script Shell_Script r7> I7< .sysoexecTEXTTEXT o78 0 shell_script Shell_Script o 0 scan_result Scan_Result l?C L?C l?B >?B o?@ 0 scan_result Scan_Result m@A  true for a virus" true for a virus R .ascrerr ******** o 0 error_message  errn o 0 error_number kKa ZK^ lKP oKP 0 debugging ISZ .sysodlogaskrTEXT bSV mST2Error in scanForViruses: oTU 0 error_message L_a m_`  boovfals l l ************************************************************************************************* If one of the file in the Mail is a Windows executable, return true ************************************************************************************************************************************************************************************************** If one of the file in the Mail is a Windows executable, return true ************************************************************************************************* iDG I 00windowsexecutablefileswindowsExecutableFiles o 0theitemtheItem Q Zb H  o B0allwindowsexecutablesarevirusesallWindowsExecutablesAreViruses L  m  boovfals kb r n 1  psxp l c l c o 0theitemtheItem  m  TEXT m  alis o 0 posix_path Posix_path   r"   b  b m find ' o 0 posix_path Posix_path m4' -type f -exec file {} \;  o 0 shell_script Shell_Script  r#* I#( .sysoexecTEXTTEXT o#$ 0 shell_script Shell_Script o 0 scan_result Scan_Result r+@ l+> G+> !  l+." "E+.#$ #o+, 0 scan_result Scan_Result $m,-%%&&VMS-DOS executable (EXE), OS/2 or MS Windows !l 1<' 'l1<( (F1<)* )l14+ +E14,- ,o12 0 scan_result Scan_Result -m23..//MS Windows *l7:0 0E7:12 1o78 0 scan_result Scan_Result 2m893344GUI executable o 0ret56 5ZA_78 7lAC9 9HAC: :oAB 0ret 8lF[;<= ;kF[>>?@ ?rFMAB AbFKCD CbFIEF EmFGGGHH find ' FoGH 0 posix_path Posix_path DmIJIIJJP' -name '*.vbs' -or -name '*.pif' -print Bo 0 shell_script Shell_Script@KL KrNUMN MINSO .sysoexecTEXTTEXT OoNO 0 shell_script Shell_Script No 0 scan_result Scan_ResultLP PrV[QR QlVYS S>VYTU ToVW 0 scan_result Scan_Result UmWXVVWW Ro 0ret <! test for illegal extension=XX6 test for illegal extension6Y Yl`bZ[\ ZL`b] ]o`a 0ret [% true for a Windows executable\^^> true for a Windows executable & R_` .ascrerr ******** _o 0 error_message`a  errn ao 0 error_number kjbbcd cZj}ef eljog gojo 0 debugging fIryh .sysodlogaskrTEXT hbruij imrskkllBError in windowsExecutableFiles: jost 0 error_messagedm mL~n nm~  boovfalsop olpqr qlst s_Y************************************************************************************************* Remove the file if the Finder file-tile and the file report do not match. This is to defeat the first known method of getting a Trojan on Mac OS X *************************************************************************************************tuu************************************************************************************************* Remove the file if the Finder file-tile and the file report do not match. This is to defeat the first known method of getting a Trojan on Mac OS X *************************************************************************************************rvw viHKxy xIz @0filedoesnotmatchtypeandcreatorfileDoesNotMatchTypeAndCreatorz{ {o 0theitemtheItem yQ`|}~ |kB r m  boovfals o *0foundsuspiciousfilefoundSuspiciousFile O? Z > =  n  1   asty o 0theitemtheItem mAPPL k: r" I  .sysoexecTEXTTEXT b b m file " n 1  psxp l c o 0theitemtheItem m  alis m" o 0 filereport fileReport L#: l#9 F#9 F#0 H#' E#& o#$ 0 filereport fileReport m$%F: header for PowerPC PEF executable H*. E*- l *+ o*+ 0 filereport fileReport m+,: directory H37 E36 o34~ ~0 filereport fileReport m45: empty mMACSalisr Macintosh HDH+)d Finder.app)MƗq CoreServices,wƘK )d)d)d3Macintosh HD:System:Library:CoreServices:Finder.app Finder.app Macintosh HD&System/Library/CoreServices/Finder.app/} L@B o@A| |*0foundsuspiciousfilefoundSuspiciousFile} }R{ {.ascrerr ******** oz z0 error_messageyx y errn ow w0 error_numberx ~kJ` ZJ]vu lJOts oJOr r 0 debuggingts IRYqp q.sysodlogaskrTEXT bRU mRSRError in fileDoesNotMatchTypeAndCreator: oSTo o0 error_messagepvun L^` m^_m m boovfalsnw llkjlkj lii ************************************************************************************************* Scan a list of messages for attachments and then those attachments for viruses. *************************************************************************************************(************************************************************************************************* Scan a list of messages for attachments and then those attachments for viruses. ************************************************************************************************* iLO Ihg h60scanattachmentsforvirusesscanAttachmentsForVirusesf oe e0 messagelist messageListfg QH X*d Q%c n Iba b$0checkthismessagecheckThisMessage` o_ _0 eachmessage eachMessage`a f R^]\ ^.ascrerr ********]\c d0 eachmessage eachMessage o[ [0 messagelist messageList RZ Z.ascrerr ******** oY Y0 error_messageXW X errn oV V0 error_numberW k2H Z2EUT l27SR o27Q Q 0 debuggingSR I:APO P.sysodlogaskrTEXT b:= m:;HError in scanAttachmentsForViruses: o;= o < < 0 debugging>= I$;: ;.sysoexecTEXTTEXT l 98 b  b b o7 70growlcmdgrowlCMD m* -m "scanning email ' o6 60 thesubject theSubject m' for viruses"98:@? l))5!"5 ! check for attachments "##0 check for attachments  $% $r).&' &n),() (2*,4 4 mhdr )o)*3 30msg 'o2 20 theheaders theHeaders%*+ *r/4,- ,m/0..//multipart/mixed -n01 01131 1 txdl 11010 0 ascr+23 2r5<45 4l5:6/. 6n5:78 7m8:- - nmbr 8n589: 9268, , citm :o56+ +0 theheaders theHeaders/. 5o* *0 partcount partCount3;< ;r=B=> =m=>??@@ >nAB A1?A) ) txdl B1>?( ( ascr<C' CZCkDE&% D?CFFG FoCD$ $0 partcount partCount GmDE## EkIgHHIJ IZI`KL"! KlINM  MoIN  0 debugging  LIQ\N .sysoexecTEXTTEXT NlQXO ObQXPQ PoQV 0growlcmdgrowlCMD QmVWRRSS2 -m "...attachment found""!JT TlagUVW UnagXY XIbgZ 0 expandmessage expandMessageZ[ [obc 0msg Yfab VB< a multipart/mixed message so we might have attachments... W\\x a multipart/mixed message so we might have attachments... &%' m]]emalalisD Macintosh HDH+)dMail.app+-Ǝ Applications,wƎ)d"Macintosh HD:Applications:Mail.appMail.app Macintosh HDApplications/Mail.app/ R^_ .ascrerr ******** ^o 0 error_message_`  errn `o 0 error_number ktaabc bZtde dltyf foty 0 debugging  eI| g .sysodlogaskrTEXT gb|hi hm|jjkk6Error in checkThisMessage: io 0 error_message cl lLm mm  boovfalsno nlopq plrs r ************************************************************************************************* Save the attachments of this message to file and unpack from MIME *************************************************************************************************stt ************************************************************************************************* Save the attachments of this message to file and unpack from MIME *************************************************************************************************quv uiTWwx wIy 0 expandmessage expandMessageyz zo 0msg xQ{|} {kq~~ O  r  n  1  raso o 0msg o 0 thesource theSource memalalisD Macintosh HDH+)dMail.app+-Ǝ Applications,wƎ)d"Macintosh HD:Applications:Mail.appMail.app Macintosh HDApplications/Mail.app/ r mraw_message o 0 tempfilename tempFileName r m@Temporary_Storage_of_Attachments o 0 atempdirname aTempDirName r% l# b# n! 1!  psxp l l c l c o &0theattachmentpaththeAttachmentPath m  TEXT m  alis o!" 0 atempdirname aTempDirName o 0atempdiraTempDir l&& MG remove the old temporary directory. Do not use finder, do it silently. remove the old temporary directory. Do not use finder, do it silently. I&3 .sysoexecTEXTTEXT l&/ b&/ b&- b&+ b&) m&'if test -d ' o'( 0atempdiraTempDir m)* '; then rm -rf ' o+, 0atempdiraTempDir m-. '; fi Z4O l49 o49 0 debugging I<K .sysoexecTEXTTEXT l<G b<G b<E b<C o<A 0growlcmdgrowlCMD mAB2 -m "...removed tempdir: oCD 0atempdiraTempDir mEF" lPP lPP  make a new directory* make a new directory OP kT rTt ITr .corecrel****null  kocl mVW  cfol  insh lZc cZc lZa cZa oZ_ &0theattachmentpaththeAttachmentPath m_`  TEXT mab  alis  prdt Kfl  pnam oij 0 atempdirname aTempDirName o &0attachmenttempdirattachmentTempDir ru bu~ lu| cu| luz cuz lux cux ouv &0attachmenttempdirattachmentTempDir mvw  TEXT mxy  alis mz{  TEXT o|} 0 tempfilename tempFileName o 0tempfiletempFile mPQMACSalisr Macintosh HDH+)d Finder.app)MƗq CoreServices,wƘK )d)d)d3Macintosh HD:System:Library:CoreServices:Finder.app Finder.app Macintosh HD&System/Library/CoreServices/Finder.app/ Z l o 0 debugging I .sysoexecTEXTTEXT l b o 0growlcmdgrowlCMD m8 -m "...made temp directory" l l  % save the whole message to file   > save the whole message to file   I  .rdwropenshorfile  4  file o 0tempfiletempFile  perm m  boovtrue  I .rdwrseofnull**** 4  file o 0tempfiletempFile  set2 m I .rdwrwritnull**** o 0 thesource theSource  refn 4  file o 0tempfiletempFile  as m  TEXT I! .rdwrclosnull**** !4"  file "o 0tempfiletempFile #$ #Z%& %l' 'o 0 debugging &I( .sysoexecTEXTTEXT (l) )b*+ *b,- ,b./ .o 0growlcmdgrowlCMD /m00112 -m "...wrote temp file: -o 0tempfiletempFile +m2233"$45 4l567 6l]89: 8O];< ;k\==>? >l@A @KE if (useStuffit) then -- use StuffIt expander to unpack the raw mailABB if (useStuffit) then -- use StuffIt expander to unpack the raw mail?CD ClEF E0* tell application "StuffIt Expander.app"FGGT tell application "StuffIt Expander.app"DHI Hl~JK~ Jrl event SITxXpnd {(tempFile as alias)} with class dele given class dest:(attachmentTempDir as alias)KLL event SITxXpnd {(tempFile as alias)} with class dele given class dest:(attachmentTempDir as alias)IMN Ml}OP} O delay 1PQQ delay 1NRS Rl|TU| T quitUVV quitSWX Wl{YZ{ Y end tellZ[[ end tellX\] \lz^_z ^jd else -- use the munpack command-line utility to split the message and get the original files back._`` else -- use the munpack command-line utility to split the message and get the original files back.]ab ar cd cb ef emgghhcd fl iyx ic jk jllwv lnmn m1u u psxp nlots ocpq plrrq rcst sop p&0attachmenttempdirattachmentTempDir tmo o TEXTrq qmn n alistswv km m m TEXTyx dol l&0unpackshellscriptunpackShellScriptbuv ur#wx wb!yz yb{| {b}~ }b ok k&0unpackshellscriptunpackShellScript m ; ~oj j0 munpackcmd munpackCMD |m zl ih c  og g0 tempfilename tempFileName mf f TEXTih xoe e&0unpackshellscriptunpackShellScriptv r$/ b$- b$) o$%d d&0unpackshellscriptunpackShellScript m%( ; rm l),cb c), o)*a a0 tempfilename tempFileName m*+` ` TEXTcb o_ _&0unpackshellscriptunpackShellScript O0: I49^] ^.sysoexecTEXTTEXT o45\ \&0unpackshellscriptunpackShellScript] f01 Z;T[Z l;@YX o;@W W 0 debuggingYX ICPVU V.sysoexecTEXTTEXT lCLTS bCL oCHR R0growlcmdgrowlCMD mHK. -m "...unpacked files"TSU[Z lUUQQ  end if end ifP nU\ IV\ON O(0checkexpandedfilescheckExpandedFiles oVWM M&0attachmenttempdirattachmentTempDirL oWXK K0msgLN fUVP <mMACSalisr Macintosh HDH+)d Finder.app)MƗq CoreServices,wƘK )d)d)d3Macintosh HD:System:Library:CoreServices:Finder.app Finder.app Macintosh HD&System/Library/CoreServices/Finder.app/ 9  Finder: Finder7 l^^JJ )# silently delete the expanded filesF silently delete the expanded filesI I^qHG H.sysoexecTEXTTEXT l^mFE b^m b^i m^arm -rf ' nah 1fhD D psxp lafCB caf ladA@ cad oab? ?&0attachmenttempdirattachmentTempDir mbc> > TEXTA@ mde= = alisCB mil'FEGI |R< <.ascrerr ******** o; ;0 error_message:9 : errn o8 80 error_number9 }Zy76 ly~54 oy~3 3 0 debugging54 I21 2.sysodlogaskrTEXT b m0Error in expandMessage: o0 00 error_message176v l/.-/.- l,, ,& check expanded mail files recursivelyL check expanded mail files recursively+ iX[ I*) *(0checkexpandedfilescheckExpandedFiles o( (0theitemtheItem' o& &0msg') Q l O k l%% :4 recursively search through the whole directory treeh recursively search through the whole directory tree$ Z# =  n  1 " " kind o! !0theitemtheItem m  Folder k1 r n 2  cobj o 0theitemtheItem o 0itemlistitemList X1 n%, I&, (0checkexpandedfilescheckExpandedFiles   o&' 0subitemsubItem    o'( 0msg f%& 0subitemsubItem o 0itemlistitemList# Z4    n4: I5: 0 checkfile checkFile o56 0theitemtheItem f45  l=~ O=~ kA} OAK kEJ lEE    set (read status) to true !!4 set (read status) to true" "rEJ#$ #mEF  qqclccre $l% %1FI  mcol   oAB 0msg&' &ZLi() (lLQ* *oLQ "0showalertdialogshowAlertDialog )ITe+ .sysoexecTEXTTEXT +lTa, ,bTa-. -bT_/0 /bT[12 1oTY 0growlcmdgrowlCMD 2mYZ3344& -s -m "The email ' 0n[^56 51\^  subj 6o[\ 0msg .m_`7788' is probably infected and has been moved to the Infected folder." "Virus Found!"'9 9Ij}:; .coremoveobj obj :ojk 0msg;<  insh <5ly=  mbxp =opu "0infectedmailboxinfectedMailbox  kfrmname m=>>>emalalisD Macintosh HDH+)dMail.app+-Ǝ Applications,wƎ)d"Macintosh HD:Applications:Mail.appMail.app Macintosh HDApplications/Mail.app/   Mail?? Mail$ m@@MACSalisr Macintosh HDH+)d Finder.app)MƗq CoreServices,wƘK )d)d)d3Macintosh HD:System:Library:CoreServices:Finder.app Finder.app Macintosh HD&System/Library/CoreServices/Finder.app/  finderAA finder RBC .ascrerr ******** Bo 0 error_messageCD  errn Do 0 error_number ZEF ElG Go 0 debugging FIH .sysodlogaskrTEXT HbIJ ImKKLL:Error in checkExpandedFiles: Jo 0 error_message+M".:FNOPQRSTUVWXYZM 0 clamscancmd clamScanCMD 0 munpackcmd munpackCMD 0growlcmdgrowlCMD "0infectedmailboxinfectedMailbox 0 usestuffit useStuffit "0showalertdialogshowAlertDialog B0allwindowsexecutablesarevirusesallWindowsExecutablesAreViruses &0theattachmentpaththeAttachmentPath 0 debugging 0 ignore_errors .emalcpmanull@mssg 0 checkitems checkItems .facofgetnullalis .aevtodocnullalis 0 checkfile checkFile 0scanforvirusesscanForViruses 00windowsexecutablefileswindowsExecutableFiles @0filedoesnotmatchtypeandcreatorfileDoesNotMatchTypeAndCreator 60scanattachmentsforvirusesscanAttachmentsForViruses $0checkthismessagecheckThisMessage 0 expandmessage expandMessage (0checkexpandedfilescheckExpandedFiles  boovfals  boovtrue  boovtrueN[[Macintosh HD:private:var:folders:Qk:QkFuzDqkEoaLn63ns9aBnU+++TI:TemporaryItems:  boovfals  boovfalsO\] .emalcpmanull@mssg 0 themessages theMessages^  pmbx 0 themailbox theMailbox^  pmar 0theruletheRule\ 0 themessages theMessages 0 themailbox theMailbox 0theruletheRule 0 error_message 0 error_number]_ 60scanattachmentsforvirusesscanAttachmentsForViruses 0 error_message_  errn 0 error_number .sysodlogaskrTEXT$ )k+WXb  j YhP`a 0 checkitems checkItemsbb 0theitemstheItems` 0theitemstheItems 0 currentfile currentFile 0 error_message 0 error_numberac  kocl  cobj .corecnte******** 0 checkfile checkFile  alis  psxp .sysoexecTEXTTEXT  insh  trsh .coremoveobj obj 0 error_messagec  errn 0 error_number .sysodlogaskrTEXTnUO[l kh*k+3bb%&,%%j YhO *,l UYh[OYWX b  j YhQde .facofgetnullalis 0 targetfolder TargetFolder  flst 0 droppeditems DroppedItemsd 0 targetfolder TargetFolder 0 droppeditems DroppedItemse 0 checkitems checkItems*k+Rfg .aevtodocnullalis 0theitemstheItemsf 0theitemstheItemsg 0 checkitems checkItems*k+Shi 0 checkfile checkFilejj 0 currentfile currentFileh 0 currentfile currentFile 0 isinfected isInfected 0 iswinexec isWinExec 0 filemissmatch fileMissMatch 0log_msgLog_Msg 0 error_message 0 error_numberi0:HJV_h~}|k{ 0scanforvirusesscanForViruses 00windowsexecutablefileswindowsExecutableFiles @0filedoesnotmatchtypeandcreatorfileDoesNotMatchTypeAndCreator ~.sysoexecTEXTTEXT } bool |0 error_messagekzyx z errn y0 error_numberx {.sysodlogaskrTEXTv*k+EO*k+EO)k+EOEO %EYhO%%%EYhO %%EYhO%j OPYhO & &WX b %j YhOfTwvulmt w 0scanforvirusesscanForVirusesvsnsnr r0theitemtheItemulqponml q0theitemtheItem p0 posix_path Posix_path o0 shell_script Shell_Script n0 scan_result Scan_Result m0 error_message l0 error_numberm kjihgof k TEXT j alis i psxp h.sysoexecTEXTTEXT g0 error_messageoedc e errn d0 error_numberc f.sysodlogaskrTEXTtbE&&,EObb%%%j YhOb%%%EOj EOWX b %j YhOfUba`pq_ b00windowsexecutablefileswindowsExecutableFilesa^r^r] ]0theitemtheItem`p\[ZYXWV \0theitemtheItem [0 posix_path Posix_path Z0 shell_script Shell_Script Y0 scan_result Scan_Result X0ret W0 error_message V0 error_numberqUTSR%.3QGIVPskO U TEXT T alis S psxp R.sysoexecTEXTTEXT Q bool P0 error_messagesNML N errn M0 error_numberL O.sysodlogaskrTEXT_db fYS&&,EO%%EOj EO  &&EO %%EOj EOEYhOWX b %j YhOfVKyJItuH K@0filedoesnotmatchtypeandcreatorfileDoesNotMatchTypeAndCreatorJGvGvF F0theitemtheItemItEDCBA E0theitemtheItem D*0foundsuspiciousfilefoundSuspiciousFile C0 filereport fileReport B0 error_message A0 error_numberu@?>=<;w: @ asty ? alis > psxp =.sysoexecTEXTTEXT < bool ;0 error_messagew987 9 errn 80 error_number7 :.sysodlogaskrTEXTHaDfEO5,,&,%%j EO  &  &YhUOWX b %j YhOfW654xy3 660scanattachmentsforvirusesscanAttachmentsForViruses52z2z1 10 messagelist messageList4x0/.- 00 messagelist messageList /0 eachmessage eachMessage .0 error_message -0 error_numbery ,+*)('&{% , kocl + cobj *.corecnte******** )$0checkthismessagecheckThisMessage(' &0 error_message{$#" $ errn #0 error_number" %.sysodlogaskrTEXT3I,&[l kh )k+WXh[OYWXb %j YhOfX! |} !$0checkthismessagecheckThisMessage ~~ 0msg| 0msg 0 thesubject theSubject 0 theheaders theHeaders 0 partcount partCount 0 error_message 0 error_number}].?R j  subj .sysoexecTEXTTEXT  mhdr  ascr  txdl  citm  nmbr 0 expandmessage expandMessage 0 error_message  errn 0 error_number .sysodlogaskrTEXTnf,EObb%%%j YhO-EO,FO-,EO,FOk#bb%j YhO)k+ YhUWXba%j YhOfYx 0 expandmessage expandMessage 0msg  0msg 0 thesource theSource 0 tempfilename tempFileName 0 atempdirname aTempDirName 0atempdiraTempDir &0attachmenttempdirattachmentTempDir 0tempfiletempFile &0unpackshellscriptunpackShellScript 0 error_message 0 error_number.02g  raso  TEXT  alis  psxp .sysoexecTEXTTEXT  kocl  cfol  insh  prdt  pnam .corecrel****null  file  perm .rdwropenshorfile  set2 .rdwrseofnull****  refn  as  .rdwrwritnull**** .rdwrclosnull**** (0checkexpandedfilescheckExpandedFiles 0 error_message  errn 0 error_number .sysodlogaskrTEXTs,EUOEOEOb&&,%EO%%%%j Obb%%%j YhO.*ab&&aala EO&&&%EUObba%j YhO*a/ael O*a/ajl Oa*a/aa O*a/j Obba %%a!%j YhO`a"&&,&%EOa#%b%a$%&%EOa%%&%EO)j UObba&%j YhO)l+'UOa(&&,%a)%j WX*+ba,%j -YhZ (0checkexpandedfilescheckExpandedFiles 0theitemtheItem 0msg 0theitemtheItem 0msg 0itemlistitemList 0subitemsubItem 0 error_message 0 error_number@>37K  kind  cobj  kocl .corecnte******** (0checkexpandedfilescheckExpandedFiles 0 checkfile checkFile  qqclccre  mcol  subj .sysoexecTEXTTEXT  insh  mbxp  kfrmname .coremoveobj obj 0 error_message  errn 0 error_number .sysodlogaskrTEXT},'-EO kh)l+[OYYP)k+F>*,FUObb%,%%j YhO*aba0l UYhUWXba%j Yhascr ޭ