#!/bin/bash
#

MY_PUBLIC_KEY="/path/to/my/public_key.pem"

FILENAME=$1
TMPDIR=$(dirname $FILENAME)
TEMPLATE=${TMPDIR}/vnmsg
SAVEDIR=/var/spool/p3scan
SAVEFILE=$SAVEDIR/$(basename $FILENAME)

function try()
{
	$* || exit 2
}

function is_multipart()
{
	grep -qi "^Content-type:[[:blank:]]multipart/"
}

function is_mime()
{
	grep -qi "^MIME-Version:"
}

# Print everything but MIME headers
# usage : strip_mime822 < header
function strip_mime822()
{
	grep -P -vie "^Content-[^\n;]+(;\n?[^=]+=[^\n;]+)*|^MIME-Version"
}

# Print MIME headers, only MIME headers...
# if not MIME, create MIME header as text/plain
# usage : extract_mime822 < header
function extract_mime822()
{
	# We insert MIME headers here
	if grep -P -ie "^Content-[^\n;]+(;\n?[^=]+=[^\n;]+)*|^MIME-Version";
	then
		# and we add a newline to finish
	 	echo;
	else
		# Not MIME ? We create header
		echo -e \
"MIME-Version: 1.0
Content-type: text/plain
";
	fi
}

# Print RFC822 header and strip "Content-*", "MIME-Version:" lines.
# usage : print_header message > header
function print_header()
{
        cd $TMPDIR
        csplit -s -z $1 /"^$"/
	strip_mime822 < xx00
	rm xx00 xx01
}

# Take content and encapsulate it as multipart message
# usage : encapsulate_multipart < content > encapsulated_content
function encapsulate_multipart()
{
	BOUNDARY="=$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM="
	echo -e \
"MIME-Version: 1.0
Content-type: multipart/mixed;
	boundary=\"$BOUNDARY\";
        charset=\"ISO-8859-1\"
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format

--$BOUNDARY"

	grep -P -vie "^MIME-Version[^\n]+"

	echo -e \
"--$BOUNDARY--
"
	
}

# Print content including MIME Header
# ready to be encrypted
# usage : print_content < message > content
function print_content()
{
	cd $TMPDIR
	csplit -s -z - /"^$"/1
	extract_mime822 < xx00 
	head -n -1 xx01
	rm xx00 xx01
}

# Print msgid
# usage : print_msgid mime822.txt > msgid
function print_msgid()
{
	822header < $1 | grep -i "^Message-I[dD]:"
}

# generate Message-ID
# usage : generate_msgid < header > new_header
function generate_msgid()
{
	sed -e "s/^\(Message-I[dD]:\s<\)[^>]*>/\1$(date +%s)$(basename $FILENAME)@already_ciphered>/i"
}

# Encrypt input using S/MIME format
# usage : encrypt_content < clear_content > crypted_content
function encrypt_content()
{
	try openssl smime -encrypt ${MY_PUBLIC_KEY}
}

if print_msgid $FILENAME | grep -qv "@already_ciphered"; then
	# We never saw this message before
	# We prepare header
	print_header $FILENAME | generate_msgid > $FILENAME.crypted_multipart

	if is_multipart <$FILENAME || ! is_mime <$FILENAME;
	then
		# multipart message or not MIME ? we encrypt...
		print_content <$FILENAME | encrypt_content >> $FILENAME.crypted_multipart;
	else
		# otherwise we encapsulate as multipart before encrypting
		print_content <$FILENAME | encapsulate_multipart | encrypt_content >> $FILENAME.crypted_multipart;
	fi

	# Good, we can replace message by encrypted version
	mv $FILENAME.crypted_multipart $FILENAME
fi

#
# for use with "virusregexp = .*: (.*) FOUND"
#
#   If response contains "FOUND" then there is a virus
#echo "Eicar-Test-Signature FOUND"
#   If response contains "OK" then there is no virus */
echo "OK"
#
# exit 1 if virus found.
exit 0