X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8e669ac162fe3b1040297f1d021de10778dce9d9..96c065cb7bcdfc0965fb111e1eab6e9180e9e186:/src/src/malware.c diff --git a/src/src/malware.c b/src/src/malware.c index 1cc6aea5c..fddb19add 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/malware.c,v 1.7 2005/02/17 11:58:26 ph10 Exp $ */ +/* $Cambridge: exim/src/src/malware.c,v 1.15 2006/07/06 14:19:50 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -20,6 +20,10 @@ int mksd_scan_packed(int sock); #define SHUT_WR 1 #endif + +#define MALWARE_TIMEOUT 120 + + #define DRWEBD_SCAN_CMD (1) /* scan file, buffer or diskfile */ #define DRWEBD_RETURN_VIRUSES (1<<0) /* ask daemon return to us viruses names from report */ #define DRWEBD_IS_MAIL (1<<19) /* say to daemon that format is "archive MAIL" */ @@ -69,7 +73,7 @@ int malware(uschar **listptr) { }; /* none of our current scanners need the mbox file as a stream, so we can close it right away */ - fclose(mbox_file); + (void)fclose(mbox_file); /* extract the malware regex to match against from the option list */ if ((malware_regex = string_nextinlist(&list, &sep, @@ -135,273 +139,273 @@ int malware(uschar **listptr) { return DEFER; }; - /* "drweb" scanner type ----------------------------------------------- */ - /* v0.1 - added support for tcp sockets */ - /* v0.0 - initial release -- support for unix sockets */ - if (strcmpic(scanner_name,US"drweb") == 0) { - uschar *drweb_options; - uschar drweb_options_buffer[1024]; - uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock"; - struct sockaddr_un server; - int sock, result, ovector[30]; - unsigned int port, fsize; - uschar tmpbuf[1024], *drweb_fbuf; - uschar scanrequest[1024]; - uschar drweb_match_string[128]; - int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd, - drweb_vnum, drweb_slen, drweb_fin = 0x0000; - unsigned long bread; - uschar hostname[256]; - struct hostent *he; - struct in_addr in; - pcre *drweb_re; - - if ((drweb_options = string_nextinlist(&av_scanner_work, &sep, - drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) { - /* no options supplied, use default options */ - drweb_options = drweb_options_default; - }; - - if (*drweb_options != '/') { - - /* extract host and port part */ - if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) { - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: invalid socket '%s'", drweb_options); - return DEFER; - } - - /* Lookup the host */ - if((he = gethostbyname(CS hostname)) == 0) { - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: failed to lookup host '%s'", hostname); - return DEFER; - } - - in = *(struct in_addr *) he->h_addr_list[0]; - - /* Open the drwebd TCP socket */ - if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) { - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to acquire socket (%s)", - strerror(errno)); - return DEFER; - } - - if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) { - close(sock); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: connection to %s, port %u failed (%s)", - inet_ntoa(in), port, strerror(errno)); - return DEFER; - } - - /* prepare variables */ - drweb_cmd = htonl(DRWEBD_SCAN_CMD); - drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL); - snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", - spool_directory, message_id, message_id); - - /* calc file size */ - drweb_fd = open(CS scanrequest, O_RDONLY); - if (drweb_fd == -1) { - close(sock); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: can't open spool file %s: %s", - scanrequest, strerror(errno)); - return DEFER; - } - fsize = lseek(drweb_fd, 0, SEEK_END); - if (fsize == -1) { - close(sock); - close(drweb_fd); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: can't seek spool file %s: %s", - scanrequest, strerror(errno)); - return DEFER; - } - drweb_slen = htonl(fsize); - lseek(drweb_fd, 0, SEEK_SET); - - /* send scan request */ - if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) || - (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) || - (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) || - (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) { - close(sock); - close(drweb_fd); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options); - return DEFER; - } - - drweb_fbuf = (uschar *) malloc (fsize); - if (!drweb_fbuf) { - close(sock); - close(drweb_fd); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to allocate memory %u for file (%s)", - fsize, scanrequest); - return DEFER; - } - - result = read (drweb_fd, drweb_fbuf, fsize); - if (result == -1) { - close(sock); - close(drweb_fd); - free(drweb_fbuf); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: can't read spool file %s: %s", - scanrequest, strerror(errno)); - return DEFER; - } - close(drweb_fd); - - /* send file body to socket */ - if (send(sock, drweb_fbuf, fsize, 0) < 0) { - close(sock); - free(drweb_fbuf); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options); - return DEFER; - } - close(drweb_fd); - } - else { - /* open the drwebd UNIX socket */ - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: can't open UNIX socket"); - return DEFER; - } - server.sun_family = AF_UNIX; - Ustrcpy(server.sun_path, drweb_options); - if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { - close(sock); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno); - return DEFER; - } - - /* prepare variables */ - drweb_cmd = htonl(DRWEBD_SCAN_CMD); - drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL); - snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id); - drweb_slen = htonl(Ustrlen(scanrequest)); - - /* send scan request */ - if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) || - (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) || - (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) || - (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) || - (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) { - close(sock); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options); - return DEFER; - } - } - - /* wait for result */ - if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) { - close(sock); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to read return code"); - return DEFER; - } - drweb_rc = ntohl(drweb_rc); - - if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) { - close(sock); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: unable to read the number of viruses"); - return DEFER; - } - drweb_vnum = ntohl(drweb_vnum); - - /* "virus(es) found" if virus number is > 0 */ - if (drweb_vnum) - { - int i; - uschar pre_malware_nb[256]; - - malware_name = malware_name_buffer; - - /* setup default virus name */ - Ustrcpy(malware_name_buffer,"unknown"); - - /* read and concatenate virus names into one string */ - for (i=0;i= 2) { - pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255); - } - /* the first name we just copy to malware_name */ - if (i==0) - Ustrcpy(CS malware_name_buffer, CS pre_malware_nb); - else { - /* concatenate each new virus name to previous */ - int slen = Ustrlen(malware_name_buffer); - if (slen < (slen+Ustrlen(pre_malware_nb))) { - Ustrcat(malware_name_buffer, "/"); - Ustrcat(malware_name_buffer, pre_malware_nb); - } - } - } - } - else { - char *drweb_s = NULL; - - if (drweb_rc & DERR_READ_ERR) drweb_s = "read error"; - if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory"; - if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout"; - if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command"; - /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED. - * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM, - * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR - * and others are ignored */ - if (drweb_s) { - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s); - close(sock); - return DEFER; - } - /* no virus found */ - malware_name = NULL; - }; - close(sock); - } - /* ----------------------------------------------------------------------- */ + /* "drweb" scanner type ----------------------------------------------- */ + /* v0.1 - added support for tcp sockets */ + /* v0.0 - initial release -- support for unix sockets */ + if (strcmpic(scanner_name,US"drweb") == 0) { + uschar *drweb_options; + uschar drweb_options_buffer[1024]; + uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock"; + struct sockaddr_un server; + int sock, result, ovector[30]; + unsigned int port, fsize; + uschar tmpbuf[1024], *drweb_fbuf; + uschar scanrequest[1024]; + uschar drweb_match_string[128]; + int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd, + drweb_vnum, drweb_slen, drweb_fin = 0x0000; + unsigned long bread; + uschar hostname[256]; + struct hostent *he; + struct in_addr in; + pcre *drweb_re; + + if ((drweb_options = string_nextinlist(&av_scanner_work, &sep, + drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) { + /* no options supplied, use default options */ + drweb_options = drweb_options_default; + }; + + if (*drweb_options != '/') { + + /* extract host and port part */ + if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: invalid socket '%s'", drweb_options); + return DEFER; + } + + /* Lookup the host */ + if((he = gethostbyname(CS hostname)) == 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: failed to lookup host '%s'", hostname); + return DEFER; + } + + in = *(struct in_addr *) he->h_addr_list[0]; + + /* Open the drwebd TCP socket */ + if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to acquire socket (%s)", + strerror(errno)); + return DEFER; + } + + if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) { + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: connection to %s, port %u failed (%s)", + inet_ntoa(in), port, strerror(errno)); + return DEFER; + } + + /* prepare variables */ + drweb_cmd = htonl(DRWEBD_SCAN_CMD); + drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL); + (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml", + spool_directory, message_id, message_id); + + /* calc file size */ + drweb_fd = open(CS scanrequest, O_RDONLY); + if (drweb_fd == -1) { + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: can't open spool file %s: %s", + scanrequest, strerror(errno)); + return DEFER; + } + fsize = lseek(drweb_fd, 0, SEEK_END); + if (fsize == -1) { + (void)close(sock); + (void)close(drweb_fd); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: can't seek spool file %s: %s", + scanrequest, strerror(errno)); + return DEFER; + } + drweb_slen = htonl(fsize); + lseek(drweb_fd, 0, SEEK_SET); + + /* send scan request */ + if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) || + (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) || + (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) || + (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) { + (void)close(sock); + (void)close(drweb_fd); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options); + return DEFER; + } + + drweb_fbuf = (uschar *) malloc (fsize); + if (!drweb_fbuf) { + (void)close(sock); + (void)close(drweb_fd); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to allocate memory %u for file (%s)", + fsize, scanrequest); + return DEFER; + } + + result = read (drweb_fd, drweb_fbuf, fsize); + if (result == -1) { + (void)close(sock); + (void)close(drweb_fd); + free(drweb_fbuf); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: can't read spool file %s: %s", + scanrequest, strerror(errno)); + return DEFER; + } + (void)close(drweb_fd); + + /* send file body to socket */ + if (send(sock, drweb_fbuf, fsize, 0) < 0) { + (void)close(sock); + free(drweb_fbuf); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options); + return DEFER; + } + (void)close(drweb_fd); + } + else { + /* open the drwebd UNIX socket */ + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: can't open UNIX socket"); + return DEFER; + } + server.sun_family = AF_UNIX; + Ustrcpy(server.sun_path, drweb_options); + if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno); + return DEFER; + } + + /* prepare variables */ + drweb_cmd = htonl(DRWEBD_SCAN_CMD); + drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL); + (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id); + drweb_slen = htonl(Ustrlen(scanrequest)); + + /* send scan request */ + if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) || + (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) || + (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) || + (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) || + (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) { + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options); + return DEFER; + } + } + + /* wait for result */ + if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) { + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to read return code"); + return DEFER; + } + drweb_rc = ntohl(drweb_rc); + + if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) { + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: unable to read the number of viruses"); + return DEFER; + } + drweb_vnum = ntohl(drweb_vnum); + + /* "virus(es) found" if virus number is > 0 */ + if (drweb_vnum) + { + int i; + uschar pre_malware_nb[256]; + + malware_name = malware_name_buffer; + + /* setup default virus name */ + Ustrcpy(malware_name_buffer,"unknown"); + + /* read and concatenate virus names into one string */ + for (i=0;i= 2) { + pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255); + } + /* the first name we just copy to malware_name */ + if (i==0) + Ustrcpy(CS malware_name_buffer, CS pre_malware_nb); + else { + /* concatenate each new virus name to previous */ + int slen = Ustrlen(malware_name_buffer); + if (slen < (slen+Ustrlen(pre_malware_nb))) { + Ustrcat(malware_name_buffer, "/"); + Ustrcat(malware_name_buffer, pre_malware_nb); + } + } + } + } + else { + char *drweb_s = NULL; + + if (drweb_rc & DERR_READ_ERR) drweb_s = "read error"; + if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory"; + if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout"; + if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command"; + /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED. + * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM, + * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR + * and others are ignored */ + if (drweb_s) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s); + (void)close(sock); + return DEFER; + } + /* no virus found */ + malware_name = NULL; + }; + (void)close(sock); + } + /* ----------------------------------------------------------------------- */ else if (strcmpic(scanner_name,US"aveserver") == 0) { uschar *kav_options; uschar kav_options_buffer[1024]; @@ -409,6 +413,7 @@ int malware(uschar **listptr) { uschar buf[32768]; struct sockaddr_un server; int sock; + int result; if ((kav_options = string_nextinlist(&av_scanner_work, &sep, kav_options_buffer, @@ -427,7 +432,7 @@ int malware(uschar **listptr) { server.sun_family = AF_UNIX; Ustrcpy(server.sun_path, kav_options); if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to connect to aveserver UNIX socket (%s). errno=%d", kav_options, errno); return DEFER; @@ -438,37 +443,70 @@ int malware(uschar **listptr) { if (buf[0] != '2') { /* aveserver is having problems */ - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: aveserver is unavailable (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") ); return DEFER; }; /* prepare our command */ - snprintf(CS buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id); + (void)string_format(buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id); /* and send it */ if (send(sock, buf, Ustrlen(buf), 0) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options); return DEFER; } malware_name = NULL; + result = 0; /* read response lines, find malware name and final response */ while (recv_line(sock, buf, 32768) > 0) { debug_printf("aveserver: %s\n", buf); - if (buf[0] == '2') break; - if (Ustrncmp(buf,"322",3) == 0) { + if (buf[0] == '2') { + break; + } else if (buf[0] == '5') { + /* aveserver is having problems */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to scan file %s/scan/%s/%s.eml (Responded: %s).", + spool_directory, message_id, message_id, buf); + result = DEFER; + break; + } else if (Ustrncmp(buf,"322",3) == 0) { uschar *p = Ustrchr(&buf[4],' '); *p = '\0'; Ustrcpy(malware_name_buffer,&buf[4]); malware_name = malware_name_buffer; - }; + }; } - close(sock); + /* prepare our command */ + (void)string_format(buf, 32768, "quit\r\n"); + + /* and send it */ + if (send(sock, buf, Ustrlen(buf), 0) < 0) { + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options); + return DEFER; + } + + /* read aveserver's greeting and see if it is ready (2xx greeting) */ + recv_line(sock, buf, 32768); + + if (buf[0] != '2') { + /* aveserver is having problems */ + (void)close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to quit aveserver dialogue (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") ); + return DEFER; + }; + + (void)close(sock); + + if (result == DEFER) return DEFER; } /* "fsecure" scanner type ------------------------------------------------- */ else if (strcmpic(scanner_name,US"fsecure") == 0) { @@ -504,7 +542,7 @@ int malware(uschar **listptr) { server.sun_family = AF_UNIX; Ustrcpy(server.sun_path, fsecure_options); if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to connect to fsecure socket %s (%s)", fsecure_options, strerror(errno)); @@ -516,17 +554,17 @@ int malware(uschar **listptr) { for (i=0; i != 4; i++) { /* debug_printf("send option \"%s\"",cmdoptions[i]); */ if (write(sock, cmdoptions[i], Ustrlen(cmdoptions[i])) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to write fsecure option %d to %s (%s)", i, fsecure_options, strerror(errno)); return DEFER; }; - bread = read(sock, av_buffer, sizeof(av_buffer)); + bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT); if (bread >0) av_buffer[bread]='\0'; if (bread < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to read fsecure answer %d (%s)", i, strerror(errno)); return DEFER; @@ -537,10 +575,10 @@ int malware(uschar **listptr) { }; /* pass the mailfile to fsecure */ - snprintf(CS file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id); + (void)string_format(file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id); /* debug_printf("send scan %s",file_name); */ if (write(sock, file_name, Ustrlen(file_name)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to write fsecure scan to %s (%s)", fsecure_options, strerror(errno)); @@ -557,9 +595,9 @@ int malware(uschar **listptr) { i = 0; memset(av_buffer, 0, sizeof(av_buffer)); do { - bread=read(sock, &av_buffer[i], 1); + bread=ip_recv(sock, &av_buffer[i], 1, MALWARE_TIMEOUT); if (bread < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to read fsecure result (%s)", strerror(errno)); return DEFER; @@ -582,7 +620,7 @@ int malware(uschar **listptr) { }; } while (Ustrstr(av_buffer, "OK\tScan ok.") == NULL); - close(sock); + (void)close(sock); } /* ----------------------------------------------------------------------- */ @@ -618,7 +656,7 @@ int malware(uschar **listptr) { server.sun_family = AF_UNIX; Ustrcpy(server.sun_path, kav_options); if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to connect to kavdaemon UNIX socket (%s). errno=%d", kav_options, errno); return DEFER; @@ -627,11 +665,11 @@ int malware(uschar **listptr) { /* get current date and time, build scan request */ time(&t); strftime(CS tmpbuf, sizeof(tmpbuf), "<0>%d %b %H:%M:%S:%%s/scan/%%s", localtime(&t)); - snprintf(CS scanrequest, 1024,CS tmpbuf, spool_directory, message_id); + (void)string_format(scanrequest, 1024,CS tmpbuf, spool_directory, message_id); /* send scan request */ if (send(sock, scanrequest, Ustrlen(scanrequest)+1, 0) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to write to kavdaemon UNIX socket (%s)", kav_options); return DEFER; @@ -639,7 +677,7 @@ int malware(uschar **listptr) { /* wait for result */ if ((bread = recv(sock, tmpbuf, 2, 0) != 2)) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to read 2 bytes from kavdaemon socket."); return DEFER; @@ -655,21 +693,21 @@ int malware(uschar **listptr) { /* improper kavdaemon configuration */ if ( (kav_rc == 5) || (kav_rc == 6) ) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: please reconfigure kavdaemon to NOT disinfect or remove infected files."); return DEFER; }; if (kav_rc == 1) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: kavdaemon reported 'scanning not completed' (code 1)."); return DEFER; }; if (kav_rc == 7) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: kavdaemon reported 'kavdaemon damaged' (code 7)."); return DEFER; @@ -697,7 +735,7 @@ int malware(uschar **listptr) { if( report_flag == 1 ) { /* read report size */ if ((bread = recv(sock, &kav_reportlen, 4, 0)) != 4) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: cannot read report size from kavdaemon"); return DEFER; @@ -747,7 +785,7 @@ int malware(uschar **listptr) { malware_name = NULL; }; - close(sock); + (void)close(sock); } /* ----------------------------------------------------------------------- */ @@ -820,8 +858,8 @@ int malware(uschar **listptr) { }; /* prepare scanner call */ - snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id); - snprintf(CS commandline,1024, CS cmdline_scanner,file_name); + (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id); + (void)string_format(commandline,1024, CS cmdline_scanner,file_name); /* redirect STDERR too */ Ustrcat(commandline," 2>&1"); @@ -838,8 +876,8 @@ int malware(uschar **listptr) { return DEFER; }; - snprintf(CS file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id); - scanner_record = fopen(CS file_name,"w"); + (void)string_format(file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id); + scanner_record = modefopen(file_name,"wb",SPOOL_MODE); if (scanner_record == NULL) { log_write(0, LOG_MAIN|LOG_PANIC, @@ -866,7 +904,7 @@ int malware(uschar **listptr) { trigger = 1; }; - fclose(scanner_record); + (void)fclose(scanner_record); pclose(scanner_out); signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe); @@ -877,7 +915,7 @@ int malware(uschar **listptr) { malware_name = malware_name_buffer; /* re-open the scanner output file, look for name match */ - scanner_record = fopen(CS file_name,"r"); + scanner_record = fopen(CS file_name,"rb"); while(fgets(CS linebuffer,32767,scanner_record) != NULL) { /* try match */ result = pcre_exec(cmdline_regex_re, NULL, CS linebuffer, Ustrlen(linebuffer), 0, 0, ovector, 30); @@ -885,7 +923,7 @@ int malware(uschar **listptr) { pcre_copy_substring(CS linebuffer, ovector, result, 1, CS malware_name_buffer, 255); }; }; - fclose(scanner_record); + (void)fclose(scanner_record); } else { /* no virus found */ @@ -923,33 +961,33 @@ int malware(uschar **listptr) { server.sun_family = AF_UNIX; Ustrcpy(server.sun_path, sophie_options); if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to connect to sophie UNIX socket (%s). errno=%d", sophie_options, errno); return DEFER; } /* pass the scan directory to sophie */ - snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id); + (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id); if (write(sock, file_name, Ustrlen(file_name)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options); return DEFER; }; - write(sock, "\n", 1); + (void)write(sock, "\n", 1); /* wait for result */ memset(av_buffer, 0, sizeof(av_buffer)); - if ((!(bread = read(sock, av_buffer, sizeof(av_buffer))) > 0)) { - close(sock); + if ((!(bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT)) > 0)) { + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options); return DEFER; }; - close(sock); + (void)close(sock); /* infected ? */ if (av_buffer[0] == '1') { @@ -1034,7 +1072,7 @@ int malware(uschar **listptr) { } if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: connection to %s, port %u failed (%s)", inet_ntoa(in), port, strerror(errno)); @@ -1045,10 +1083,10 @@ int malware(uschar **listptr) { /* Pass the string to ClamAV (7 = "SCAN \n" + \0) */ - snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id); + (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id); if (send(sock, file_name, Ustrlen(file_name), 0) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)", strerror(errno)); return DEFER; @@ -1058,13 +1096,13 @@ int malware(uschar **listptr) { /* Pass the string to ClamAV (7 = "STREAM\n") */ if (send(sock, "STREAM\n", 7, 0) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)", strerror(errno)); return DEFER; } memset(av_buffer2, 0, sizeof(av_buffer2)); - bread = read(sock, av_buffer2, sizeof(av_buffer2)); + bread = ip_recv(sock, av_buffer2, sizeof(av_buffer2), MALWARE_TIMEOUT); if (bread < 0) { log_write(0, LOG_MAIN|LOG_PANIC, @@ -1100,65 +1138,65 @@ int malware(uschar **listptr) { } if (ip_connect(sockData, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) { - close(sockData); + (void)close(sockData); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: connection to %s, port %u failed (%s)", inet_ntoa(in), port, strerror(errno)); return DEFER; } - snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", - spool_directory, message_id, message_id); - - /* calc file size */ - clam_fd = open(CS scanrequest, O_RDONLY); - if (clam_fd == -1) { - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: clamd: can't open spool file %s: %s", - scanrequest, strerror(errno)); - return DEFER; - } - fsize = lseek(clam_fd, 0, SEEK_END); - if (fsize == -1) { - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: clamd: can't seek spool file %s: %s", - scanrequest, strerror(errno)); - return DEFER; - } - lseek(clam_fd, 0, SEEK_SET); - - clamav_fbuf = (uschar *) malloc (fsize); - if (!clamav_fbuf) { - close(sockData); - close(clam_fd); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: clamd: unable to allocate memory %u for file (%s)", - fsize, scanrequest); - return DEFER; - } - - result = read (clam_fd, clamav_fbuf, fsize); - if (result == -1) { - close(sockData); - close(clam_fd); - free(clamav_fbuf); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: clamd: can't read spool file %s: %s", - scanrequest, strerror(errno)); - return DEFER; - } - close(clam_fd); - - /* send file body to socket */ - if (send(sockData, clamav_fbuf, fsize, 0) < 0) { - close(sockData); - free(clamav_fbuf); - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: clamd: unable to send file body to socket (%s:%u)", hostname, port); - return DEFER; - } - free(clamav_fbuf); - close(sockData); + (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml", + spool_directory, message_id, message_id); + + /* calc file size */ + clam_fd = open(CS scanrequest, O_RDONLY); + if (clam_fd == -1) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: clamd: can't open spool file %s: %s", + scanrequest, strerror(errno)); + return DEFER; + } + fsize = lseek(clam_fd, 0, SEEK_END); + if (fsize == -1) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: clamd: can't seek spool file %s: %s", + scanrequest, strerror(errno)); + return DEFER; + } + lseek(clam_fd, 0, SEEK_SET); + + clamav_fbuf = (uschar *) malloc (fsize); + if (!clamav_fbuf) { + (void)close(sockData); + (void)close(clam_fd); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: clamd: unable to allocate memory %u for file (%s)", + fsize, scanrequest); + return DEFER; + } + + result = read (clam_fd, clamav_fbuf, fsize); + if (result == -1) { + (void)close(sockData); + (void)close(clam_fd); + free(clamav_fbuf); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: clamd: can't read spool file %s: %s", + scanrequest, strerror(errno)); + return DEFER; + } + (void)close(clam_fd); + + /* send file body to socket */ + if (send(sockData, clamav_fbuf, fsize, 0) < 0) { + (void)close(sockData); + free(clamav_fbuf); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: clamd: unable to send file body to socket (%s:%u)", hostname, port); + return DEFER; + } + free(clamav_fbuf); + (void)close(sockData); } } else { @@ -1174,7 +1212,7 @@ int malware(uschar **listptr) { Ustrcpy(server.sun_path, clamd_options); if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: unable to connect to UNIX socket %s (%s)", clamd_options, strerror(errno) ); @@ -1184,10 +1222,10 @@ int malware(uschar **listptr) { /* Pass the string to ClamAV (7 = "SCAN \n" + \0) */ - snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id); + (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id); if (send(sock, file_name, Ustrlen(file_name), 0) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)", strerror(errno)); return DEFER; @@ -1204,8 +1242,8 @@ int malware(uschar **listptr) { /* Read the result */ memset(av_buffer, 0, sizeof(av_buffer)); - bread = read(sock, av_buffer, sizeof(av_buffer)); - close(sock); + bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT); + (void)close(sock); if (!(bread > 0)) { log_write(0, LOG_MAIN|LOG_PANIC, @@ -1223,7 +1261,7 @@ int malware(uschar **listptr) { /* Check the result. ClamAV Returns infected: -> ": FOUND" not-infected: -> ": OK" - error: -> ": ERROR */ + error: -> ": ERROR */ if (!(*av_buffer)) { log_write(0, LOG_MAIN|LOG_PANIC, @@ -1231,6 +1269,10 @@ int malware(uschar **listptr) { return DEFER; } + /* strip newline at the end */ + p = av_buffer + Ustrlen(av_buffer) - 1; + if( *p == '\n' ) *p = '\0'; + /* colon in returned output? */ if((p = Ustrrchr(av_buffer,':')) == NULL) { log_write(0, LOG_MAIN|LOG_PANIC, @@ -1239,13 +1281,10 @@ int malware(uschar **listptr) { return DEFER; } - /* strip filename strip CR at the end */ + /* strip filename */ ++p; while (*p == ' ') ++p; vname = p; - p = vname + Ustrlen(vname) - 1; - if( *p == '\n' ) *p = '\0'; - if ((p = Ustrstr(vname, "FOUND"))!=NULL) { *p=0; for (--p;p>vname && *p<=32;p--) *p=0; @@ -1287,8 +1326,8 @@ int malware(uschar **listptr) { mksd_options_buffer, sizeof(mksd_options_buffer))) != NULL) { mksd_maxproc = (int) strtol(CS mksd_options, &mksd_options_end, 10); - if ((*mksd_options == '\0') || (*mksd_options_end != '\0') || - (mksd_maxproc < 1) || (mksd_maxproc > 32)) { + if ((*mksd_options == '\0') || (*mksd_options_end != '\0') || + (mksd_maxproc < 1) || (mksd_maxproc > 32)) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: mksd: invalid option '%s'", mksd_options); return DEFER; @@ -1305,7 +1344,7 @@ int malware(uschar **listptr) { server.sun_family = AF_UNIX; Ustrcpy(server.sun_path, "/var/run/mksd/socket"); if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { - close(sock); + (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to connect to mksd UNIX socket (/var/run/mksd/socket). errno=%d", errno); return DEFER; @@ -1444,7 +1483,7 @@ int mksd_parse_line (char *line) if (((p = strchr (line+4, ' ')) != NULL) && ((p-line) > 4)) { (*p) = '\0'; Ustrcpy (malware_name_buffer, line+4); - malware_name = malware_name_buffer; + malware_name = malware_name_buffer; return OK; } }