#include "exim.h"
#ifdef WITH_CONTENT_SCAN
+typedef enum {M_FPROTD, M_DRWEB, M_AVES, M_FSEC, M_KAVD, M_CMDL,
+ M_SOPHIE, M_CLAMD, M_SOCK, M_MKSD} scanner_t;
+typedef enum {MC_NONE, MC_TCP, MC_UNIX, MC_STRM} contype_t;
+static struct scan
+{
+ scanner_t scancode;
+ const uschar * name;
+ const uschar * options_default;
+ contype_t conn;
+} m_scans[] =
+{
+ { M_FPROTD, US"f-protd", US"localhost 10200-10204", MC_TCP },
+ { M_DRWEB, US"drweb", US"/usr/local/drweb/run/drwebd.sock", MC_STRM },
+ { M_AVES, US"aveserver", US"/var/run/aveserver", MC_UNIX },
+ { M_FSEC, US"fsecure", US"/var/run/.fsav", MC_UNIX },
+ { M_KAVD, US"kavdaemon", US"/var/run/AvpCtl", MC_UNIX },
+ { M_CMDL, US"cmdline", NULL, MC_NONE },
+ { M_SOPHIE, US"sophie", US"/var/run/sophie", MC_UNIX },
+ { M_CLAMD, US"clamd", US"/tmp/clamd", MC_NONE },
+ { M_SOCK, US"sock", US"/tmp/malware.sock", MC_STRM },
+ { M_MKSD, US"mksd", NULL, MC_NONE },
+ { -1, NULL, NULL, MC_NONE } /* end-marker */
+};
+
/* The maximum number of clamd servers that are supported in the configuration */
#define MAX_CLAMD_SERVERS 32
#define MAX_CLAMD_SERVERS_S "32"
} clamd_address_container;
/* declaration of private routines */
-static int mksd_scan_packed(int sock, uschar *scan_filename);
+static int mksd_scan_packed(struct scan * scanent, int sock, uschar *scan_filename);
static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking);
#ifndef nelements
}
-static void
-malware_errlog(const uschar * str)
-{
- log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: %s", str);
-}
static inline int
malware_errlog_defer(const uschar * str)
{
- malware_errlog(str);
+ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: %s", str);
return DEFER;
}
static int
-m_scanner_errlog_defer(const uschar * scanner, const uschar * str)
-{
- return malware_errlog_defer(string_sprintf("%s: %s", scanner, str));
-}
-
-static int
-fprotd_errlog_defer(const uschar * str)
+m_errlog_defer(struct scan * scanent, const uschar * str)
{
- return m_scanner_errlog_defer(US"f-protd", str);
+ return malware_errlog_defer(string_sprintf("%s: %s", scanent->name, str));
}
static int
-drweb_errlog_defer(const uschar * str, int fd_to_close)
+m_errlog_defer_3(struct scan * scanent, const uschar * str,
+ int fd_to_close)
{
(void) close(fd_to_close);
- return m_scanner_errlog_defer(US"drweb", str);
-}
-static int
-aves_errlog_defer(const uschar * str)
-{
- return m_scanner_errlog_defer(US"aveserver", str);
-}
-static int
-fsec_errlog_defer(const uschar * str)
-{
- return m_scanner_errlog_defer(US"fsecure", str);
-}
-static int
-kavd_errlog_defer(const uschar * str, int fd_to_close)
-{
- if (fd_to_close >= 0) (void) close(fd_to_close);
- return m_scanner_errlog_defer(US"kavdaemon", str);
-}
-static int
-cmdl_errlog_defer(const uschar * str)
-{
- return m_scanner_errlog_defer(US"commandline", str);
-}
-static int
-soph_errlog_defer(const uschar * str, int fd_to_close)
-{
- (void) close(fd_to_close);
- return m_scanner_errlog_defer(US"sophie", str);
-}
-static int
-clmd_errlog_defer(const uschar * str)
-{
- return m_scanner_errlog_defer(US"clamd", str);
-}
-static int
-mksd_errlog_defer(const uschar * str)
-{
- return m_scanner_errlog_defer(US"mksd", str);
-}
-static int
-sock_errlog_defer(const uschar * str, int fd_to_close)
-{
- if (fd_to_close >= 0) (void) close(fd_to_close);
- return m_scanner_errlog_defer(US"sock", str);
-}
-
-static void
-clmd_errlog(const uschar * str)
-{
- log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: %s", str);
+ return m_errlog_defer(scanent, str);
}
/*************************************************/
* Scan content for malware *
*************************************************/
-typedef enum {M_FPROTD, M_DRWEB, M_AVES, M_FSEC, M_KAVD, M_CMDL,
- M_SOPHIE, M_CLAMD, M_SOCK, M_MKSD} scanner_t;
-typedef enum {MC_NONE, MC_TCP, MC_UNIX, MC_STRM} contype_t;
-static struct scan
-{
- scanner_t scancode;
- const uschar * name;
- const uschar * options_default;
- contype_t conn;
-} m_scans[] =
-{
- { M_FPROTD, US"f-protd", US"localhost 10200-10204", MC_TCP },
- { M_DRWEB, US"drweb", US"/usr/local/drweb/run/drwebd.sock", MC_STRM },
- { M_AVES, US"aveserver", US"/var/run/aveserver", MC_UNIX },
- { M_FSEC, US"fsecure", US"/var/run/.fsav", MC_UNIX },
- { M_KAVD, US"kavdaemon", US"/var/run/AvpCtl", MC_UNIX },
- { M_CMDL, US"cmdline", NULL, MC_NONE },
- { M_SOPHIE, US"sophie", US"/var/run/sophie", MC_UNIX },
- { M_CLAMD, US"clamd", US"/tmp/clamd", MC_NONE },
- { M_SOCK, US"sock", US"/tmp/malware.sock", MC_STRM },
- { M_MKSD, US"mksd", NULL, MC_NONE },
- { -1, NULL, NULL, MC_NONE } /* end-marker */
-};
-
/* This is an internal interface for scanning an email; the normal interface
is via malware(), or there's malware_in_file() used for testing/debugging.
case MC_STRM: sock = m_streamsocket(scanner_options, &errstr); break;
}
if (sock < 0)
- return m_scanner_errlog_defer(scanent->name, errstr);
+ return m_errlog_defer(scanent, errstr);
break;
}
/* send scan request */
if (m_sock_send(sock, scanrequest, Ustrlen(scanrequest)+1, &errstr) < 0)
- return fprotd_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
/* We get a lot of empty lines, so we need this hack to check for any data at all */
while( recv(sock, buf, 1, MSG_PEEK) > 0 ) {
/* calc file size */
if ((drweb_fd = open(CS eml_filename, O_RDONLY)) == -1)
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("can't open spool file %s: %s",
eml_filename, strerror(errno)),
sock);
if ((fsize = lseek(drweb_fd, 0, SEEK_END)) == -1) {
int err = errno;
(void)close(drweb_fd);
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("can't seek spool file %s: %s",
eml_filename, strerror(err)),
sock);
(send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
(send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
(void)close(drweb_fd);
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to send commands to socket (%s)", scanner_options),
sock);
}
if (!(drweb_fbuf = (uschar *) malloc (fsize))) {
(void)close(drweb_fd);
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to allocate memory %u for file (%s)",
fsize, eml_filename),
sock);
int err = errno;
(void)close(drweb_fd);
free(drweb_fbuf);
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
sock);
/* send file body to socket */
if (send(sock, drweb_fbuf, fsize, 0) < 0) {
free(drweb_fbuf);
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to send file body to socket (%s)", scanner_options),
sock);
}
(send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
(send(sock, eml_filename, Ustrlen(eml_filename), 0) < 0) ||
(send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0))
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to send commands to socket (%s)", scanner_options),
sock);
}
/* wait for result */
if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc)))
- return drweb_errlog_defer(US"unable to read return code", sock);
+ return m_errlog_defer_3(scanent,
+ US"unable to read return code", sock);
drweb_rc = ntohl(drweb_rc);
if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum)))
- return drweb_errlog_defer(US"unable to read the number of viruses",
- sock);
+ return m_errlog_defer_3(scanent,
+ US"unable to read the number of viruses", sock);
drweb_vnum = ntohl(drweb_vnum);
/* "virus(es) found" if virus number is > 0 */
int size = 0, off = 0, ovector[10*3];
/* read the size of report */
if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen)))
- return drweb_errlog_defer(US"cannot read report size", sock);
+ return m_errlog_defer_3(scanent,
+ US"cannot read report size", sock);
drweb_slen = ntohl(drweb_slen);
tmpbuf = store_get(drweb_slen);
/* read report body */
if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen)
- return drweb_errlog_defer(US"cannot read report string", sock);
+ return m_errlog_defer_3(scanent,
+ US"cannot read report string", sock);
tmpbuf[drweb_slen] = '\0';
/* try matcher on the line, grab substring */
* DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
* and others are ignored */
if (drweb_s)
- return drweb_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s),
sock);
/* read aveserver's greeting and see if it is ready (2xx greeting) */
recv_line(sock, buf, sizeof(buf));
- if (buf[0] != '2') {
- /* aveserver is having problems */
- (void)close(sock);
- return aves_errlog_defer(
+ if (buf[0] != '2') /* aveserver is having problems */
+ return m_errlog_defer_3(scanent,
string_sprintf("unavailable (Responded: %s).",
- ((buf[0] != 0) ? buf : (uschar *)"nothing") ));
- }
+ ((buf[0] != 0) ? buf : (uschar *)"nothing") ),
+ sock);
/* prepare our command */
(void)string_format(buf, sizeof(buf), "SCAN bPQRSTUW %s\r\n",
/* and send it */
if (m_sock_send(sock, buf, Ustrlen(buf), &errstr) < 0)
- return aves_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
malware_name = NULL;
result = 0;
if (buf[0] == '2')
break;
if (buf[0] == '5') { /* aveserver is having problems */
- result = aves_errlog_defer(
+ result = m_errlog_defer(scanent,
string_sprintf("unable to scan file %s (Responded: %s).",
eml_filename, buf));
break;
/* and send it */
if (m_sock_send(sock, US"quit\r\n", 6, &errstr) < 0)
- return aves_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
/* read aveserver's greeting and see if it is ready (2xx greeting) */
recv_line(sock, buf, sizeof(buf));
- if (buf[0] != '2') {
- /* aveserver is having problems */
- (void)close(sock);
- return aves_errlog_defer(
+ if (buf[0] != '2') /* aveserver is having problems */
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to quit dialogue (Responded: %s).",
- ((buf[0] != 0) ? buf : (uschar *)"nothing") ));
- }
+ ((buf[0] != 0) ? buf : (uschar *)"nothing") ),
+ sock);
if (result == DEFER) {
(void)close(sock);
for (i=0; i != nelements(cmdopt); i++) {
if (m_sock_send(sock, cmdopt[i], Ustrlen(cmdopt[i]), &errstr) < 0)
- return fsec_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT);
if (bread >0) av_buffer[bread]='\0';
- if (bread < 0) {
- int err = errno;
- (void)close(sock);
- return fsec_errlog_defer(
- string_sprintf("unable to read answer %d (%s)", i, strerror(err)));
- }
+ if (bread < 0)
+ return m_errlog_defer_3(scanent,
+ string_sprintf("unable to read answer %d (%s)", i, strerror(errno)),
+ sock);
for (j=0;j<bread;j++)
if((av_buffer[j]=='\r')||(av_buffer[j]=='\n'))
av_buffer[j] ='@';
file_name = string_sprintf("SCAN\t%s\n", eml_filename);
if (m_sock_send(sock, file_name, Ustrlen(file_name), &errstr) < 0)
- return fsec_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
/* set up match */
/* todo also SUSPICION\t */
i = 0;
memset(av_buffer, 0, sizeof(av_buffer));
do {
- bread=ip_recv(sock, &av_buffer[i], 1, MALWARE_TIMEOUT);
- if (bread < 0) {
- int err = errno;
- (void)close(sock);
- return fsec_errlog_defer(
- string_sprintf("unable to read result (%s)", strerror(err)));
- }
- i++;
- }
- while ((i < sizeof(av_buffer)-1 ) && (av_buffer[i-1] != '\n'));
+ if ((bread= ip_recv(sock, &av_buffer[i], 1, MALWARE_TIMEOUT)) < 0)
+ return m_errlog_defer_3(scanent,
+ string_sprintf("unable to read result (%s)", strerror(errno)),
+ sock);
+ } while (++i < sizeof(av_buffer)-1 && av_buffer[i-1] != '\n');
av_buffer[i-1] = '\0';
/* Really search for virus again? */
/* send scan request */
if (m_sock_send(sock, scanrequest, Ustrlen(scanrequest)+1, &errstr) < 0)
- return kavd_errlog_defer(errstr, -1);
+ return m_errlog_defer(scanent, errstr);
/* wait for result */
if ((bread = recv(sock, tmpbuf, 2, 0) != 2))
- return kavd_errlog_defer(US"unable to read 2 bytes from socket.", sock);
+ return m_errlog_defer_3(scanent,
+ US"unable to read 2 bytes from socket.", sock);
/* get errorcode from one nibble */
kav_rc = tmpbuf[ test_byte_order()==LITTLE_MY_ENDIAN ? 0 : 1 ] & 0x0F;
switch(kav_rc)
{
case 5: case 6: /* improper kavdaemon configuration */
- return kavd_errlog_defer(US"please reconfigure kavdaemon to NOT disinfect or remove infected files.",
+ return m_errlog_defer_3(scanent,
+ US"please reconfigure kavdaemon to NOT disinfect or remove infected files.",
sock);
case 1:
- return kavd_errlog_defer(US"reported 'scanning not completed' (code 1).",
- sock);
+ return m_errlog_defer_3(scanent,
+ US"reported 'scanning not completed' (code 1).", sock);
case 7:
- return kavd_errlog_defer(US"reported 'kavdaemon damaged' (code 7).",
- sock);
+ return m_errlog_defer_3(scanent,
+ US"reported 'kavdaemon damaged' (code 7).", sock);
}
/* code 8 is not handled, since it is ambigous. It appears mostly on
if( report_flag == 1 ) {
/* read report size */
if ((bread = recv(sock, &kav_reportlen, 4, 0)) != 4)
- return kavd_errlog_defer(US"cannot read report size", sock);
+ return m_errlog_defer_3(scanent,
+ US"cannot read report size", sock);
/* it's possible that avp returns av_buffer[1] == 1 but the
reportsize is 0 (!?) */
uschar *p;
if (!cmdline_scanner)
- return cmdl_errlog_defer(US"missing commandline specification");
+ return m_errlog_defer(scanent, errstr);
/* find scanner output trigger */
cmdline_trigger_re = m_pcre_nextinlist(&av_scanner_work, &sep,
"missing trigger specification", &errstr);
if (!cmdline_trigger_re)
- return cmdl_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
/* find scanner name regex */
cmdline_regex_re = m_pcre_nextinlist(&av_scanner_work, &sep,
"missing virus name regex specification", &errstr);
if (!cmdline_regex_re)
- return cmdl_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
/* prepare scanner call; despite the naming, file_name holds a directory
name which is documented as the value given to %s. */
eximsigchld = signal(SIGCHLD,SIG_DFL);
eximsigpipe = signal(SIGPIPE,SIG_DFL);
- scanner_out = popen(CS commandline,"r");
- if (scanner_out == NULL) {
+ if (!(scanner_out = popen(CS commandline,"r"))) {
int err = errno;
- signal(SIGCHLD,eximsigchld);
- signal(SIGPIPE,eximsigpipe);
- return cmdl_errlog_defer(
+ signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe);
+ return m_errlog_defer(scanent,
string_sprintf("call (%s) failed: %s.", commandline, strerror(err)));
}
if (scanner_record == NULL) {
int err = errno;
pclose(scanner_out);
- signal(SIGCHLD,eximsigchld);
- signal(SIGPIPE,eximsigpipe);
- return cmdl_errlog_defer(
+ signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe);
+ return m_errlog_defer(scanent,
string_sprintf("opening scanner output file (%s) failed: %s.",
file_name, strerror(err)));
}
if ( Ustrlen(linebuffer) > fwrite(linebuffer, 1, Ustrlen(linebuffer), scanner_record) ) {
/* short write */
pclose(scanner_out);
- signal(SIGCHLD,eximsigchld);
- signal(SIGPIPE,eximsigpipe);
- return cmdl_errlog_defer(
+ signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe);
+ return m_errlog_defer(scanent,
string_sprintf("short write on scanner output file (%s).", file_name));
}
/* try trigger match */
(void)fclose(scanner_record);
pclose(scanner_out);
- signal(SIGCHLD,eximsigchld);
- signal(SIGPIPE,eximsigpipe);
+ signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe);
if (trigger) {
uschar * s;
if ( write(sock, file_name, Ustrlen(file_name)) < 0
|| write(sock, "\n", 1) != 1
)
- return soph_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to write to UNIX socket (%s)", scanner_options),
sock);
/* wait for result */
memset(av_buffer, 0, sizeof(av_buffer));
if ((!(bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT)) > 0))
- return soph_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to read from UNIX socket (%s)", scanner_options),
sock);
malware_name = string_copy(&av_buffer[2]);
}
else if (!strncmp(CS av_buffer, "-1", 2))
- return soph_errlog_defer(US"scanner reported error", sock);
+ return m_errlog_defer_3(scanent, US"scanner reported error", sock);
else /* all ok, no virus */
malware_name = NULL;
/* extract host and port part */
if( sscanf(CS address, "%" MAX_CLAMD_ADDRESS_LENGTH_S "s %u",
this_clamd->tcp_addr, &(this_clamd->tcp_port)) != 2 ) {
- clmd_errlog(string_sprintf("invalid address '%s'", address));
+ (void) m_errlog_defer(scanent,
+ string_sprintf("invalid address '%s'", address));
continue;
}
clamd_address_vector[num_servers] = this_clamd;
num_servers++;
if (num_servers >= MAX_CLAMD_SERVERS) {
- clmd_errlog(US"More than " MAX_CLAMD_SERVERS_S " clamd servers "
+ (void) m_errlog_defer(scanent,
+ US"More than " MAX_CLAMD_SERVERS_S " clamd servers "
"specified; only using the first " MAX_CLAMD_SERVERS_S );
break;
}
/* check if we have at least one server */
if (!num_servers)
- return clmd_errlog_defer(US"no useable server addresses in malware configuration option.");
+ return m_errlog_defer(scanent,
+ US"no useable server addresses in malware configuration option.");
}
/* See the discussion of response formats below to see why we really don't
like colons in filenames when passing filenames to ClamAV. */
if (use_scan_command && Ustrchr(eml_filename, ':'))
- return clmd_errlog_defer(
+ return m_errlog_defer(scanent,
string_sprintf("local/SCAN mode incompatible with" \
" : in path to email filename [%s]", eml_filename));
break;
}
- clmd_errlog(errstr);
+ (void) m_errlog_defer(scanent, errstr);
/* Remove the server from the list. XXX We should free the memory */
num_servers--;
}
if ( num_servers == 0 )
- return clmd_errlog_defer(US"all servers failed");
+ return m_errlog_defer(scanent, US"all servers failed");
} else {
if ((sock = m_unixsocket(scanner_options, &errstr)) < 0)
- return clmd_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
}
/* have socket in variable "sock"; command to use is semi-independent of
/* Pass the string to ClamAV (7 = "STREAM\n") */
if (m_sock_send(sock, US"STREAM\n", 7, &errstr) < 0)
- return clmd_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
memset(av_buffer2, 0, sizeof(av_buffer2));
bread = ip_recv(sock, av_buffer2, sizeof(av_buffer2), MALWARE_TIMEOUT);
- if (bread < 0) {
- int err = errno;
- (void)close(sock);
- return clmd_errlog_defer(
+ if (bread < 0)
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to read PORT from socket (%s)",
- strerror(err)));
- }
+ strerror(errno)),
+ sock);
- if (bread == sizeof(av_buffer2)) {
- (void)close(sock);
- return clmd_errlog_defer("buffer too small");
- }
+ if (bread == sizeof(av_buffer2))
+ return m_errlog_defer_3(scanent, "buffer too small", sock);
- if (!(*av_buffer2)) {
- (void)close(sock);
- return clmd_errlog_defer("ClamAV returned null");
- }
+ if (!(*av_buffer2))
+ return m_errlog_defer_3(scanent, "ClamAV returned null", sock);
av_buffer2[bread] = '\0';
- if( sscanf(CS av_buffer2, "PORT %u\n", &port) != 1 ) {
- (void)close(sock);
- return clmd_errlog_defer(
+ if( sscanf(CS av_buffer2, "PORT %u\n", &port) != 1 )
+ return m_errlog_defer_3(scanent,
string_sprintf("Expected port information from clamd, got '%s'",
- av_buffer2));
- }
+ av_buffer2),
+ sock);
sockData = m_tcpsocket(connhost.address, port, NULL, &errstr);
- if (sockData < 0) {
- (void)close(sock);
- return clmd_errlog_defer(errstr);
- }
+ if (sockData < 0)
+ return m_errlog_defer_3(scanent, errstr, sock);
#define CLOSE_SOCKDATA (void)close(sockData)
#else /* WITH_OLD_CLAMAV_STREAM not defined */
scanner_name);
/* Pass the string to ClamAV (10 = "zINSTREAM\0") */
- if (send(sock, "zINSTREAM", 10, 0) < 0) {
- int err = errno;
- (void)close(sock);
- return clmd_errlog_defer(
+ if (send(sock, "zINSTREAM", 10, 0) < 0)
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to send zINSTREAM to socket (%s)",
- strerror(err)));
- }
+ strerror(errno)),
+ sock);
#define CLOSE_SOCKDATA /**/
#endif
/* calc file size */
- clam_fd = open(CS eml_filename, O_RDONLY);
- if (clam_fd == -1) {
+ if ((clam_fd = open(CS eml_filename, O_RDONLY)) < 0) {
int err = errno;
- CLOSE_SOCKDATA; (void)close(sock);
- return clmd_errlog_defer(
+ CLOSE_SOCKDATA;
+ return m_errlog_defer_3(scanent,
string_sprintf("can't open spool file %s: %s",
- eml_filename, strerror(err)));
+ eml_filename, strerror(err)),
+ sock);
}
- fsize = lseek(clam_fd, 0, SEEK_END);
- if (fsize == -1) {
+ if ((fsize = lseek(clam_fd, 0, SEEK_END)) < 0) {
int err = errno;
- CLOSE_SOCKDATA; (void)close(sock); (void)close(clam_fd);
- return clmd_errlog_defer(
+ CLOSE_SOCKDATA; (void)close(clam_fd);
+ return m_errlog_defer_3(scanent,
string_sprintf("can't seek spool file %s: %s",
- eml_filename, strerror(err)));
+ eml_filename, strerror(err)),
+ sock);
}
lseek(clam_fd, 0, SEEK_SET);
- clamav_fbuf = (uschar *) malloc (fsize);
- if (!clamav_fbuf) {
- CLOSE_SOCKDATA; (void)close(sock); (void)close(clam_fd);
- return clmd_errlog_defer(
+ if (!(clamav_fbuf = (uschar *) malloc (fsize))) {
+ CLOSE_SOCKDATA; (void)close(clam_fd);
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to allocate memory %u for file (%s)",
- fsize, eml_filename));
+ fsize, eml_filename),
+ sock);
}
- result = read (clam_fd, clamav_fbuf, fsize);
- if (result == -1) {
+ if ((result = read(clam_fd, clamav_fbuf, fsize)) < 0) {
int err = errno;
- CLOSE_SOCKDATA; (void)close(sock); (void)close(clam_fd);
- free(clamav_fbuf);
- return clmd_errlog_defer(
+ free(clamav_fbuf); CLOSE_SOCKDATA; (void)close(clam_fd);
+ return m_errlog_defer_3(scanent,
string_sprintf("can't read spool file %s: %s",
- eml_filename, strerror(err)));
+ eml_filename, strerror(err)),
+ sock);
}
(void)close(clam_fd);
/* send file body to socket */
#ifdef WITH_OLD_CLAMAV_STREAM
if (send(sockData, clamav_fbuf, fsize, 0) < 0) {
- CLOSE_SOCKDATA; (void)close(sock);
- free(clamav_fbuf);
- return clmd_errlog_defer(
+ free(clamav_fbuf); CLOSE_SOCKDATA;
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to send file body to socket (%s:%u)",
- hostname, port);
+ hostname, port),
+ sock);
}
#else
send_size = htonl(fsize);
(send(sock, clamav_fbuf, fsize, 0) < 0) ||
(send(sock, &send_final_zeroblock, sizeof(send_final_zeroblock), 0) < 0))
{
- (void)close(sock);
free(clamav_fbuf);
- return clmd_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to send file body to socket (%s:%u)",
- hostname, port));
+ hostname, port),
+ sock);
}
#endif
DEBUG(D_acl) debug_printf("Malware scan: issuing %s local-path scan [%s]\n",
scanner_name, scanner_options);
- if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
- int err = errno;
- (void)close(sock);
- return clmd_errlog_defer(
- string_sprintf("unable to write to socket (%s)", strerror(err)));
- }
+ if (send(sock, file_name, Ustrlen(file_name), 0) < 0)
+ return m_errlog_defer_3(scanent,
+ string_sprintf("unable to write to socket (%s)", strerror(errno)),
+ sock);
/* Do not shut down the socket for writing; a user report noted that
* clamd 0.70 does not react well to this. */
sock = -1;
if (!(bread > 0))
- return clmd_errlog_defer(
+ return m_errlog_defer(scanent,
string_sprintf("unable to read from socket (%s)", strerror(errno)));
if (bread == sizeof(av_buffer))
- return clmd_errlog_defer(US"buffer too small");
+ return m_errlog_defer(scanent, US"buffer too small");
/* We're now assured of a NULL at the end of av_buffer */
/* Check the result. ClamAV returns one of two result formats.
passing a filename to clamd). */
if (!(*av_buffer))
- return clmd_errlog_defer(US"ClamAV returned null");
+ return m_errlog_defer(scanent, US"ClamAV returned null");
/* strip newline at the end (won't be present for zINSTREAM)
(also any trailing whitespace, which shouldn't exist, but we depend upon
/* colon in returned output? */
if((p = Ustrchr(av_buffer,':')) == NULL)
- return clmd_errlog_defer(
+ return m_errlog_defer(scanent,
string_sprintf("ClamAV returned malformed result (missing colon): %s",
av_buffer));
DEBUG(D_acl) debug_printf("Malware found, name \"%s\"\n", malware_name);
} else if (Ustrcmp(result_tag, "ERROR") == 0)
- return clmd_errlog_defer(
+ return m_errlog_defer(scanent,
string_sprintf("ClamAV returned: %s", av_buffer));
else if (Ustrcmp(result_tag, "OK") == 0) {
DEBUG(D_acl) debug_printf("Malware not found\n");
} else
- return clmd_errlog_defer(
+ return m_errlog_defer(scanent,
string_sprintf("unparseable response from ClamAV: {%s}", av_buffer));
break;
char * s = index(CS sockline_scanner, '%');
if (s++)
if ((*s != 's' && *s != '%') || index(s+1, '%'))
- return sock_errlog_defer(US"unsafe sock scanner call spec", sock);
+ return m_errlog_defer_3(scanent,
+ US"unsafe sock scanner call spec", sock);
}
else
sockline_scanner = sockline_scanner_default;
sockline_trig_re = m_pcre_nextinlist(&av_scanner_work, &sep,
"missing trigger specification", &errstr);
if (!sockline_trig_re)
- return sock_errlog_defer(errstr, sock);
+ return m_errlog_defer_3(scanent, errstr, sock);
/* find virus name regex */
sockline_name_re = m_pcre_nextinlist(&av_scanner_work, &sep,
"missing virus name regex specification", &errstr);
if (!sockline_name_re)
- return sock_errlog_defer(errstr, sock);
+ return m_errlog_defer_3(scanent, errstr, sock);
/* prepare scanner call - security depends on expansions check above */
commandline = string_sprintf("%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
/* Pass the command string to the socket */
if (m_sock_send(sock, commandline, Ustrlen(commandline), &errstr) < 0)
- return sock_errlog_defer(errstr, -1);
+ return m_errlog_defer(scanent, errstr);
/* Read the result */
memset(av_buffer, 0, sizeof(av_buffer));
bread = read(sock, av_buffer, sizeof(av_buffer));
if (!(bread > 0))
- return sock_errlog_defer(
+ return m_errlog_defer_3(scanent,
string_sprintf("unable to read from socket (%s)", strerror(errno)),
sock);
if (bread == sizeof(av_buffer))
- return sock_errlog_defer(US"buffer too small", sock);
+ return m_errlog_defer_3(scanent, US"buffer too small", sock);
linebuffer = string_copy(av_buffer);
/* try trigger match */
|| mksd_maxproc < 1
|| mksd_maxproc > 32
)
- return mksd_errlog_defer(
+ return m_errlog_defer(scanent,
string_sprintf("invalid option '%s'", scanner_options));
}
if((sock = m_unixsocket(US "/var/run/mksd/socket", &errstr)) < 0)
- return mksd_errlog_defer(errstr);
+ return m_errlog_defer(scanent, errstr);
malware_name = NULL;
DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan\n", scanner_name);
- if ((retval = mksd_scan_packed(sock, eml_filename)) != OK) {
+ if ((retval = mksd_scan_packed(scanent, sock, eml_filename)) != OK) {
close (sock);
return retval;
}
i = writev (sock, iov, iovcnt);
while ((i < 0) && (errno == EINTR));
if (i <= 0) {
- malware_errlog(US"unable to write to mksd UNIX socket (/var/run/mksd/socket)");
+ (void) malware_errlog_defer(US"unable to write to mksd UNIX socket (/var/run/mksd/socket)");
return -1;
}
do {
if ((i = recv (sock, av_buffer+offset, av_buffer_size-offset, 0)) <= 0) {
- malware_errlog(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)");
+ (void) malware_errlog_defer(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)");
return -1;
}
offset += i;
/* offset == av_buffer_size -> buffer full */
if (offset == av_buffer_size) {
- malware_errlog(US"malformed reply received from mksd");
+ (void) malware_errlog_defer(US"malformed reply received from mksd");
return -1;
}
} while (av_buffer[offset-1] != '\n');
}
static inline int
-mksd_parse_line (char *line)
+mksd_parse_line(struct scan * scanent, char *line)
{
char *p;
case 'A': /* ERR */
if ((p = strchr (line, '\n')) != NULL)
*p = '\0';
- return mksd_errlog_defer(string_sprintf("scanner failed: %s", line));
+ return m_errlog_defer(scanent,
+ string_sprintf("scanner failed: %s", line));
default: /* VIR */
if ((p = strchr (line, '\n')) != NULL) {
return OK;
}
}
- return mksd_errlog_defer(
- string_sprintf("malformed reply received from mksd: %s", line));
+ return m_errlog_defer(scanent,
+ string_sprintf("malformed reply received: %s", line));
}
}
static int
-mksd_scan_packed(int sock, uschar *scan_filename)
+mksd_scan_packed(struct scan * scanent, int sock, uschar *scan_filename)
{
struct iovec iov[3];
const char *cmd = "MSQ\n";
if (mksd_read_lines (sock, av_buffer, sizeof (av_buffer)) < 0)
return DEFER;
- return mksd_parse_line (CS av_buffer);
+ return mksd_parse_line (scanent, CS av_buffer);
}
#endif /*WITH_CONTENT_SCAN*/