if (!(list_ele = string_nextinlist(list, sep, NULL, 0)))
*errstr = US listerr;
else
+ {
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "RE: ",
+ string_printing(list_ele));
cre = m_pcre_compile(CUS list_ele, errstr);
+ }
return cre;
}
Arguments:
malware_re match condition for "malware="
- eml_filename the file holding the email to be scanned
+ scan_filename the file holding the email to be scanned, if we're faking
+ this up for the -bmalware test, else NULL
timeout if nonzero, non-default timeoutl
- faking whether or not we're faking this up for the -bmalware test
Returns: Exim message processing code (OK, FAIL, DEFER, ...)
where true means malware was found (condition applies)
*/
static int
-malware_internal(const uschar * malware_re, const uschar * eml_filename,
- int timeout, BOOL faking)
+malware_internal(const uschar * malware_re, const uschar * scan_filename,
+ int timeout)
{
int sep = 0;
const uschar *av_scanner_work = av_scanner;
const uschar * scanner_options;
int sock = -1;
time_t tmo;
+uschar * eml_filename, * eml_dir;
+
+if (!malware_re)
+ return FAIL; /* empty means "don't match anything" */
-/* make sure the eml mbox file is spooled up */
-if (!(mbox_file = spool_mbox(&mbox_size, faking ? eml_filename : NULL)))
+/* Ensure the eml mbox file is spooled up */
+
+if (!(mbox_file = spool_mbox(&mbox_size, scan_filename, &eml_filename)))
return malware_errlog_defer(US"error while creating mbox spool file");
-/* none of our current scanners need the mbox
- file as a stream, so we can close it right away */
-(void)fclose(mbox_file);
+/* None of our current scanners need the mbox file as a stream (they use
+the name), so we can close it right away. Get the directory too. */
-if (!malware_re)
- return FAIL; /* empty means "don't match anything" */
+(void) fclose(mbox_file);
+eml_dir = string_copyn(eml_filename, Ustrrchr(eml_filename, '/') - eml_filename);
/* parse 1st option */
- if ( (strcmpic(malware_re, US"false") == 0) ||
- (Ustrcmp(malware_re,"0") == 0) )
+if (strcmpic(malware_re, US"false") == 0 || Ustrcmp(malware_re,"0") == 0)
return FAIL; /* explicitly no matching */
/* special cases (match anything except empty) */
else if (!(re = m_pcre_compile(malware_re, &errstr)))
return malware_errlog_defer(errstr);
-/* Reset sep that is set by previous string_nextinlist() call */
-sep = 0;
-
/* if av_scanner starts with a dollar, expand it first */
if (*av_scanner == '$')
{
scanner_name));
if (strcmpic(scanner_name, US scanent->name) != 0)
continue;
+ DEBUG(D_acl) debug_printf_indent("Malware scan: %s tmo=%s\n",
+ scanner_name, readconf_printtime(timeout));
+
if (!(scanner_options = string_nextinlist(&av_scanner_work, &sep, NULL, 0)))
scanner_options = scanent->options_default;
if (scanent->conn == MC_NONE)
break;
+
+ DEBUG(D_acl) debug_printf_indent("%15s%10s%s\n", "", "socket: ", scanner_options);
switch(scanent->conn)
{
case MC_TCP: sock = ip_tcpsocket(scanner_options, &errstr, 5); break;
return m_errlog_defer(scanent, CUS callout_address, errstr);
break;
}
- DEBUG(D_acl) debug_printf_indent("Malware scan: %s tmo %s\n", scanner_name, readconf_printtime(timeout));
switch (scanent->scancode)
{
if ((fsize = lseek(drweb_fd, 0, SEEK_END)) == -1)
{
- int err = errno;
+ int err;
+badseek: err = errno;
(void)close(drweb_fd);
return m_errlog_defer_3(scanent, NULL,
string_sprintf("can't seek spool file %s: %s",
sock);
}
drweb_slen = htonl(fsize);
- lseek(drweb_fd, 0, SEEK_SET);
+ if (lseek(drweb_fd, 0, SEEK_SET) < 0)
+ goto badseek;
DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s remote scan [%s]\n",
scanner_name, scanner_options);
}
scanner_fd = fileno(scanner_out);
- file_name = string_sprintf("%s/scan/%s/%s_scanner_output",
- spool_directory, message_id, message_id);
+ file_name = string_sprintf("%s/%s_scanner_output", eml_dir, message_id);
if (!(scanner_record = modefopen(file_name, "wb", SPOOL_MODE)))
{
}
if ((fsize = lseek(clam_fd, 0, SEEK_END)) < 0)
{
- int err = errno;
+ int err;
+b_seek: err = errno;
CLOSE_SOCKDATA; (void)close(clam_fd);
return m_errlog_defer_3(scanent, NULL,
string_sprintf("can't seek spool file %s: %s",
eml_filename),
sock);
}
- lseek(clam_fd, 0, SEEK_SET);
+ if (lseek(clam_fd, 0, SEEK_SET) < 0)
+ goto b_seek;
if (!(clamav_fbuf = US malloc(fsize_uint)))
{
const pcre *sockline_name_re;
/* find scanner command line */
- if ((sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
- NULL, 0)))
+ if ( (sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
+ NULL, 0))
+ && *sockline_scanner
+ )
{ /* check for no expansions apart from one %s */
uschar * s = Ustrchr(sockline_scanner, '%');
if (s++)
}
else
sockline_scanner = sockline_scanner_default;
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "cmdline: ",
+ string_printing(sockline_scanner));
/* find scanner output trigger */
sockline_trig_re = m_pcre_nextinlist(&av_scanner_work, &sep,
return m_errlog_defer_3(scanent, NULL, errstr, sock);
/* prepare scanner call - security depends on expansions check above */
- commandline = string_sprintf("%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
- commandline = string_sprintf( CS sockline_scanner, CS commandline);
-
+ commandline = string_sprintf( CS sockline_scanner, CS eml_filename);
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "expanded: ",
+ string_printing(commandline));
/* Pass the command string to the socket */
if (m_sock_send(sock, commandline, Ustrlen(commandline), &errstr) < 0)
US"buffer too small", sock);
av_buffer[bread] = '\0';
linebuffer = string_copy(av_buffer);
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "answer: ",
+ string_printing(linebuffer));
/* try trigger match */
if (regex_match_and_setup(sockline_trig_re, linebuffer, 0, -1))
{
if (!(malware_name = m_pcre_exec(sockline_name_re, av_buffer)))
malware_name = US "unknown";
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "name: ",
+ string_printing(malware_name));
}
else /* no virus found */
malware_name = NULL;
}
else
{
- scanrequest = string_sprintf("SCAN %s/scan/%s\n",
- spool_directory, message_id);
+ scanrequest = string_sprintf("SCAN %s\n", eml_dir);
avast_stage = AVA_RSP; /* just sent command */
}
int
malware(const uschar * malware_re, int timeout)
{
-uschar * scan_filename;
-int ret;
+int ret = malware_internal(malware_re, NULL, timeout);
-scan_filename = string_sprintf("%s/scan/%s/%s.eml",
- spool_directory, message_id, message_id);
-ret = malware_internal(malware_re, scan_filename, timeout, FALSE);
if (ret == DEFER) av_failed = TRUE;
-
return ret;
}
receive_add_recipient(US"malware-victim@example.net", -1);
enable_dollar_recipients = TRUE;
-ret = malware_internal(US"*", eml_filename, 0, TRUE);
+ret = malware_internal(US"*", eml_filename, 0);
Ustrncpy(spooled_message_id, message_id, sizeof(spooled_message_id));
spool_mbox_ok = 1;