X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/17427537cf5a55f952bad37067f0801b66bf7c08..9614a79a3fa1dde3f72c92c7638b590457e84240:/src/src/malware.c diff --git a/src/src/malware.c b/src/src/malware.c index a42e39a57..e696f7a49 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -109,7 +109,7 @@ features_malware(void) { const uschar * s; uschar * t; -uschar buf[64]; +uschar buf[EXIM_DRIVERNAME_MAX]; spf(buf, sizeof(buf), US"_HAVE_MALWARE_"); @@ -132,12 +132,6 @@ static const uschar * malware_regex_default = US ".+"; static const pcre * malware_default_re = NULL; -#ifdef TCP_CORK -# define EXIM_TCP_CORK TCP_CORK -#elif defined(TCP_NOPUSH) -# define EXIM_TCP_CORK TCP_NOPUSH -#endif - #ifndef DISABLE_MAL_CLAM /* The maximum number of clamd servers that are supported in the configuration */ # define MAX_CLAMD_SERVERS 32 @@ -286,7 +280,7 @@ if (fd >= 0) { struct timeval tv = {.tv_sec = 5}; fd_set fds; - FD_ZERO(fds); FD_SET(fd, &fds); (void) select(fd+1, NULL, &fds, NULL, &tv); + FD_ZERO(&fds); FD_SET(fd, &fds); (void) select(fd+1, NULL, &fds, NULL, &tv); } #endif return fd; @@ -1459,7 +1453,6 @@ badseek: err = errno; uschar av_buffer[1024]; uschar *hostname = US""; host_item connhost; - uschar *clamav_fbuf; int clam_fd, result; unsigned int fsize_uint; BOOL use_scan_command = FALSE; @@ -1567,8 +1560,9 @@ badseek: err = errno; { cmd_str.data = US"zINSTREAM"; cmd_str.len = 10; } else { - cmd_str.data = string_sprintf("SCAN %s\n", eml_filename); - cmd_str.len = Ustrlen(cmd_str.data); + int n; + cmd_str.data = string_sprintf("SCAN %s\n%n", eml_filename, &n); + cmd_str.len = n; /* .len is a size_t */ } /* We have some network servers specified */ @@ -1590,13 +1584,14 @@ badseek: err = errno; on both connections (as one host could resolve to multiple ips) */ for (;;) { - /*XXX we trust that the cmd_str is ideempotent */ + /*XXX we trust that the cmd_str is idempotent */ if ((malware_daemon_ctx.sock = m_tcpsocket(cd->hostspec, cd->tcp_port, - &connhost, &errstr, &cmd_str)) >= 0) + &connhost, &errstr, + use_scan_command ? &cmd_str : NULL)) >= 0) { /* Connection successfully established with a server */ hostname = cd->hostspec; - cmd_str.len = 0; + if (use_scan_command) cmd_str.len = 0; break; } if (cd->retry <= 0) break; @@ -1637,14 +1632,21 @@ badseek: err = errno; if (!use_scan_command) { struct stat st; +#if defined(EXIM_TCP_CORK) && !defined(OS_SENDFILE) + BOOL corked = TRUE; +#endif /* New protocol: "zINSTREAM\n" followed by a sequence of chunks, a 4-byte number (network order), terminated by a zero-length - chunk. */ + chunk. We only send one chunk. */ DEBUG(D_acl) debug_printf_indent( "Malware scan: issuing %s new-style remote scan (zINSTREAM)\n", scanner_name); +#if defined(EXIM_TCP_CORK) + (void) setsockopt(malware_daemon_ctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, + US &on, sizeof(on)); +#endif /* Pass the string to ClamAV (10 = "zINSTREAM\0"), if not already sent */ if (cmd_str.len) if (send(malware_daemon_ctx.sock, cmd_str.data, cmd_str.len, 0) < 0) @@ -1680,9 +1682,6 @@ badseek: err = errno; } /* send file size */ -#ifdef EXIM_TCP_CORK - (void) setsockopt(clam_fd, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on)); -#endif send_size = htonl(fsize_uint); if (send(malware_daemon_ctx.sock, &send_size, sizeof(send_size), 0) < 0) return m_panic_defer_3(scanent, NULL, @@ -1692,17 +1691,35 @@ badseek: err = errno; /* send file body */ while (fsize_uint) { - unsigned n = MIN(fsize_uint, big_buffer_size); +#ifdef OS_SENDFILE + int n = os_sendfile(malware_daemon_ctx.sock, clam_fd, NULL, (size_t)fsize_uint); + if (n < 0) + return m_panic_defer_3(scanent, NULL, + string_sprintf("unable to send file body to socket (%s): %s", hostname, strerror(errno)), + malware_daemon_ctx.sock); + fsize_uint -= n; +#else + int n = MIN(fsize_uint, big_buffer_size); if ((n = read(clam_fd, big_buffer, n)) < 0) return m_panic_defer_3(scanent, NULL, string_sprintf("can't read spool file %s: %s", eml_filename, strerror(errno)), malware_daemon_ctx.sock); - if ((n = send(malware_daemon_ctx.sock, clamav_fbuf, n, 0)) < 0) + if (send(malware_daemon_ctx.sock, big_buffer, (size_t)n, 0) < 0) return m_panic_defer_3(scanent, NULL, - string_sprintf("unable to send file body to socket (%s)", hostname), + string_sprintf("unable to send file body to socket (%s): %s", hostname, strerror(errno)), malware_daemon_ctx.sock); fsize_uint -= n; +# ifdef EXIM_TCP_CORK + if (corked) + { + corked = FALSE; + (void) setsockopt(malware_daemon_ctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, + US &off, sizeof(off)); + } +# endif +#endif /*!OS_SENDFILE*/ + } send_final_zeroblock = 0; @@ -1710,14 +1727,15 @@ badseek: err = errno; return m_panic_defer_3(scanent, NULL, string_sprintf("unable to send file terminator to socket (%s)", hostname), malware_daemon_ctx.sock); -#ifdef EXIM_TCP_CORK - (void) setsockopt(clam_fd, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off)); +#ifdef OS_SENDFILE + (void) setsockopt(malware_daemon_ctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, + US &off, sizeof(off)); #endif } else { /* use scan command */ /* Send a SCAN command pointing to a filename; then in the then in the - * scan-method-neutral part, read the response back */ + scan-method-neutral part, read the response back */ /* ================================================================= */ @@ -1802,7 +1820,7 @@ badseek: err = errno; if (*p) ++p; /* colon in returned output? */ - if(!(p = Ustrchr(av_buffer,':'))) + if (!(p = Ustrchr(av_buffer,':'))) return m_panic_defer(scanent, CUS callout_address, string_sprintf( "ClamAV returned malformed result (missing colon): %s", av_buffer));