-
- /* "drweb" scanner type ----------------------------------------------- */
- /* v0.1 - added support for tcp sockets */
- /* v0.0 - initial release -- support for unix sockets */
- if (strcmpic(scanner_name,US"drweb") == 0) {
- uschar *drweb_options;
- uschar drweb_options_buffer[1024];
- uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock";
- struct sockaddr_un server;
- int sock, port, result, ovector[30];
- unsigned int fsize;
- uschar tmpbuf[1024], *drweb_fbuf;
- uschar scanrequest[1024];
- uschar drweb_match_string[128];
- int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
- drweb_vnum, drweb_slen, drweb_fin = 0x0000;
- unsigned long bread;
- uschar hostname[256];
- struct hostent *he;
- struct in_addr in;
- pcre *drweb_re;
-
- if ((drweb_options = string_nextinlist(&av_scanner_work, &sep,
- drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) {
- /* no options supplied, use default options */
- drweb_options = drweb_options_default;
- };
-
- if (*drweb_options != '/') {
-
- /* extract host and port part */
- if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: invalid socket '%s'", drweb_options);
- return DEFER;
- }
-
- /* Lookup the host */
- if((he = gethostbyname(CS hostname)) == 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: failed to lookup host '%s'", hostname);
- return DEFER;
- }
-
- in = *(struct in_addr *) he->h_addr_list[0];
-
- /* Open the drwebd TCP socket */
- if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to acquire socket (%s)",
- strerror(errno));
- return DEFER;
- }
-
- if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: connection to %s, port %u failed (%s)",
- inet_ntoa(in), port, strerror(errno));
- return DEFER;
- }
-
- /* prepare variables */
- drweb_cmd = htonl(DRWEBD_SCAN_CMD);
- drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
- spool_directory, message_id, message_id);
-
- /* calc file size */
- drweb_fd = open(CS scanrequest, O_RDONLY);
- if (drweb_fd == -1) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't open spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- fsize = lseek(drweb_fd, 0, SEEK_END);
- if (fsize == -1) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't seek spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- drweb_slen = htonl(fsize);
- lseek(drweb_fd, 0, SEEK_SET);
-
- /* send scan request */
- if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
- (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
- (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
- (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
- return DEFER;
- }
-
- drweb_fbuf = (uschar *) malloc (fsize);
- if (!drweb_fbuf) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to allocate memory %u for file (%s)",
- fsize, scanrequest);
- return DEFER;
- }
-
- result = read (drweb_fd, drweb_fbuf, fsize);
- if (result == -1) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't read spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
-
- /* send file body to socket */
- if (send(sock, drweb_fbuf, fsize, 0) < 0) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options);
- return DEFER;
- }
- close(drweb_fd);
- free(drweb_fbuf);
- }
- else {
- /* open the drwebd UNIX socket */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't open UNIX socket");
- return DEFER;
- }
- server.sun_family = AF_UNIX;
- Ustrcpy(server.sun_path, drweb_options);
- if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
- return DEFER;
- }
-
- /* prepare variables */
- drweb_cmd = htonl(DRWEBD_SCAN_CMD);
- drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
- drweb_slen = htonl(Ustrlen(scanrequest));
-
- /* send scan request */
- if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
- (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
- (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
- (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) ||
- (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
- return DEFER;
- }
- }
-
- /* wait for result */
- if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to read return code");
- return DEFER;
- }
- drweb_rc = ntohl(drweb_rc);
-
- if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to read the number of viruses");
- return DEFER;
- }
- drweb_vnum = ntohl(drweb_vnum);
-
- /* "virus(es) found" if virus number is > 0 */
- if (drweb_vnum)
- {
- int i;
- uschar pre_malware_nb[256];
-
- malware_name = malware_name_buffer;
-
- /* setup default virus name */
- Ustrcpy(malware_name_buffer,"unknown");
-
- /* read and concatenate virus names into one string */
- for (i=0;i<drweb_vnum;i++)
- {
- /* read the size of report */
- if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report size");
- return DEFER;
- };
- drweb_slen = ntohl(drweb_slen);
-
- /* read report body */
- if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report string");
- return DEFER;
- };
- tmpbuf[drweb_slen] = '\0';
-
- /* set up match regex, depends on retcode */
- Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
-
- drweb_re = pcre_compile( CS drweb_match_string,
- PCRE_COPT,
- (const char **)&rerror,
- &roffset,
- NULL );
-
- /* try matcher on the line, grab substring */
- result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
- if (result >= 2) {
- pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255);
- }
- /* the first name we just copy to malware_name */
- if (i==0)
- Ustrcpy(CS malware_name_buffer, CS pre_malware_nb);
- else {
- /* concatenate each new virus name to previous */
- int slen = Ustrlen(malware_name_buffer);
- if (slen < (slen+Ustrlen(pre_malware_nb))) {
- Ustrcat(malware_name_buffer, "/");
- Ustrcat(malware_name_buffer, pre_malware_nb);
- }
- }
- }
- }
- else {
- /* no virus found */
- malware_name = NULL;
- };
- close(sock);
- }
- /* ----------------------------------------------------------------------- */
+
+ /* "f-protd" scanner type ----------------------------------------------- */
+ if (strcmpic(scanner_name, US"f-protd") == 0) {
+ uschar *fp_options, *fp_scan_option;
+ uschar fp_scan_option_buffer[1024];
+ uschar fp_options_buffer[1024];
+ uschar fp_options_default[] = "localhost 10200-10204";
+ uschar hostname[256];
+ unsigned int port, portlow, porthigh, connect_ok=0, detected=0, par_count = 0;
+ struct hostent *he;
+ struct in_addr in;
+ int sock;
+ uschar scanrequest[2048], buf[32768], *strhelper, *strhelper2;
+
+ if ((fp_options = string_nextinlist(&av_scanner_work, &sep,
+ fp_options_buffer, sizeof(fp_options_buffer))) == NULL) {
+ /* no options supplied, use default options */
+ fp_options = fp_options_default;
+ };
+
+ /* extract host and port part */
+ if ( sscanf(CS fp_options, "%s %u-%u", hostname, &portlow, &porthigh) != 3 ) {
+ if ( sscanf(CS fp_options, "%s %u", hostname, &portlow) != 2 ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: invalid socket '%s'", fp_options);
+ return DEFER;
+ }
+ porthigh = portlow;
+ }
+
+ /* Lookup the host */
+ if((he = gethostbyname(CS hostname)) == 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: failed to lookup host '%s'", hostname);
+ return DEFER;
+ }
+
+ in = *(struct in_addr *) he->h_addr_list[0];
+ port = portlow;
+
+
+ /* Open the f-protd TCP socket */
+ if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: unable to acquire socket (%s)",
+ strerror(errno));
+ return DEFER;
+ }
+
+ /* Try to connect to all portslow-high until connection is established */
+ for (port = portlow; !connect_ok && port < porthigh; port++) {
+ if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) >= 0) {
+ connect_ok = 1;
+ }
+ }
+
+ if ( !connect_ok ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: connection to %s, port %u-%u failed (%s)",
+ inet_ntoa(in), portlow, porthigh, strerror(errno));
+ (void)close(sock);
+ return DEFER;
+ }
+
+ DEBUG(D_acl) debug_printf("Malware scan: issuing %s GET\n", scanner_name);
+ (void)string_format(scanrequest, 1024, CS"GET %s", eml_filename);
+
+ while ((fp_scan_option = string_nextinlist(&av_scanner_work, &sep,
+ fp_scan_option_buffer, sizeof(fp_scan_option_buffer))) != NULL) {
+ if ( par_count ) {
+ Ustrcat(scanrequest, "%20");
+ } else {
+ Ustrcat(scanrequest, "?");
+ }
+ Ustrcat(scanrequest, fp_scan_option);
+ par_count++;
+ }
+ Ustrcat(scanrequest, " HTTP/1.0\r\n\r\n");
+
+ /* send scan request */
+ if (send(sock, &scanrequest, Ustrlen(scanrequest)+1, 0) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: unable to send command to socket (%s)", scanrequest);
+ return DEFER;
+ }
+
+ /* We get a lot of empty lines, so we need this hack to check for any data at all */
+ while( recv(sock, buf, 1, MSG_PEEK) > 0 ) {
+ if ( recv_line(sock, buf, 32768) > 0) {
+ if ( Ustrstr(buf, US"<detected type=\"") != NULL ) {
+ detected = 1;
+ } else if ( detected && (strhelper = Ustrstr(buf, US"<name>")) ) {
+ if ((strhelper2 = Ustrstr(buf, US"</name>")) != NULL) {
+ *strhelper2 = '\0';
+ Ustrcpy(malware_name_buffer, strhelper + 6);
+ }
+ } else if ( Ustrstr(buf, US"<summary code=\"") ) {
+ if ( Ustrstr(buf, US"<summary code=\"11\">") ) {
+ malware_name = malware_name_buffer;
+ } else {
+ malware_name = NULL;
+ }
+ }
+ }
+ }
+ (void)close(sock);
+ }
+ /* "drweb" scanner type ----------------------------------------------- */
+ /* v0.1 - added support for tcp sockets */
+ /* v0.0 - initial release -- support for unix sockets */
+ else if (strcmpic(scanner_name,US"drweb") == 0) {
+ uschar *drweb_options;
+ uschar drweb_options_buffer[1024];
+ uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock";
+ struct sockaddr_un server;
+ int sock, result, ovector[30];
+ unsigned int port, fsize;
+ uschar tmpbuf[1024], *drweb_fbuf;
+ uschar drweb_match_string[128];
+ int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
+ drweb_vnum, drweb_slen, drweb_fin = 0x0000;
+ unsigned long bread;
+ uschar hostname[256];
+ struct hostent *he;
+ struct in_addr in;
+ pcre *drweb_re;
+
+ if ((drweb_options = string_nextinlist(&av_scanner_work, &sep,
+ drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) {
+ /* no options supplied, use default options */
+ drweb_options = drweb_options_default;
+ };
+
+ if (*drweb_options != '/') {
+
+ /* extract host and port part */
+ if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: invalid socket '%s'", drweb_options);
+ return DEFER;
+ }
+
+ /* Lookup the host */
+ if((he = gethostbyname(CS hostname)) == 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: failed to lookup host '%s'", hostname);
+ return DEFER;
+ }
+
+ in = *(struct in_addr *) he->h_addr_list[0];
+
+ /* Open the drwebd TCP socket */
+ if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to acquire socket (%s)",
+ strerror(errno));
+ return DEFER;
+ }
+
+ if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: connection to %s, port %u failed (%s)",
+ inet_ntoa(in), port, strerror(errno));
+ return DEFER;
+ }
+
+ /* prepare variables */
+ drweb_cmd = htonl(DRWEBD_SCAN_CMD);
+ drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
+
+ /* calc file size */
+ drweb_fd = open(CS eml_filename, O_RDONLY);
+ if (drweb_fd == -1) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't open spool file %s: %s",
+ eml_filename, strerror(errno));
+ return DEFER;
+ }
+ fsize = lseek(drweb_fd, 0, SEEK_END);
+ if (fsize == -1) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't seek spool file %s: %s",
+ eml_filename, strerror(errno));
+ return DEFER;
+ }
+ drweb_slen = htonl(fsize);
+ lseek(drweb_fd, 0, SEEK_SET);
+
+ DEBUG(D_acl) debug_printf("Malware scan: issuing %s remote scan [%s %u]\n",
+ scanner_name, hostname, port);
+
+ /* send scan request */
+ if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
+ (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
+ return DEFER;
+ }
+
+ drweb_fbuf = (uschar *) malloc (fsize);
+ if (!drweb_fbuf) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to allocate memory %u for file (%s)",
+ fsize, eml_filename);
+ return DEFER;
+ }
+
+ result = read (drweb_fd, drweb_fbuf, fsize);
+ if (result == -1) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ free(drweb_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't read spool file %s: %s",
+ eml_filename, strerror(errno));
+ return DEFER;
+ }
+ (void)close(drweb_fd);
+
+ /* send file body to socket */
+ if (send(sock, drweb_fbuf, fsize, 0) < 0) {
+ (void)close(sock);
+ free(drweb_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options);
+ return DEFER;
+ }
+ (void)close(drweb_fd);
+ }
+ else {
+ /* open the drwebd UNIX socket */
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't open UNIX socket");
+ return DEFER;
+ }
+ server.sun_family = AF_UNIX;
+ Ustrcpy(server.sun_path, drweb_options);
+ if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
+ return DEFER;
+ }
+
+ /* prepare variables */
+ drweb_cmd = htonl(DRWEBD_SCAN_CMD);
+ drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
+ drweb_slen = htonl(Ustrlen(eml_filename));
+
+ DEBUG(D_acl) debug_printf("Malware scan: issuing %s local scan [%s]\n",
+ scanner_name, drweb_options);
+
+ /* send scan request */
+ if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
+ (send(sock, eml_filename, Ustrlen(eml_filename), 0) < 0) ||
+ (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
+ return DEFER;
+ }
+ }
+
+ /* wait for result */
+ if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to read return code");
+ return DEFER;
+ }
+ drweb_rc = ntohl(drweb_rc);
+
+ if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to read the number of viruses");
+ return DEFER;
+ }
+ drweb_vnum = ntohl(drweb_vnum);
+
+ /* "virus(es) found" if virus number is > 0 */
+ if (drweb_vnum)
+ {
+ int i;
+ uschar pre_malware_nb[256];
+
+ malware_name = malware_name_buffer;
+
+ /* setup default virus name */
+ Ustrcpy(malware_name_buffer,"unknown");
+
+ /* read and concatenate virus names into one string */
+ for (i=0;i<drweb_vnum;i++)
+ {
+ /* read the size of report */
+ if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: cannot read report size");
+ return DEFER;
+ };
+ drweb_slen = ntohl(drweb_slen);
+
+ /* read report body */
+ if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: cannot read report string");
+ return DEFER;
+ };
+ tmpbuf[drweb_slen] = '\0';
+
+ /* set up match regex, depends on retcode */
+ Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
+
+ drweb_re = pcre_compile( CS drweb_match_string,
+ PCRE_COPT,
+ (const char **)&rerror,
+ &roffset,
+ NULL );
+
+ /* try matcher on the line, grab substring */
+ result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
+ if (result >= 2) {
+ pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255);
+ }
+ /* the first name we just copy to malware_name */
+ if (i==0)
+ Ustrcpy(CS malware_name_buffer, CS pre_malware_nb);
+ else {
+ /* concatenate each new virus name to previous */
+ int slen = Ustrlen(malware_name_buffer);
+ if (slen < (slen+Ustrlen(pre_malware_nb))) {
+ Ustrcat(malware_name_buffer, "/");
+ Ustrcat(malware_name_buffer, pre_malware_nb);
+ }
+ }
+ }
+ }
+ else {
+ const char *drweb_s = NULL;
+
+ if (drweb_rc & DERR_READ_ERR) drweb_s = "read error";
+ if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory";
+ if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout";
+ if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command";
+ /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED.
+ * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM,
+ * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
+ * and others are ignored */
+ if (drweb_s) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
+ (void)close(sock);
+ return DEFER;
+ }
+ /* no virus found */
+ malware_name = NULL;
+ };
+ (void)close(sock);
+ }
+ /* ----------------------------------------------------------------------- */