Content scan: Remove support for the 7-year deprecated ClamAV "STREAM" method

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 4390cd4fb7ef1cb11fd1c5509ca305558b3e68a9..43446d8c27a475ad39a038a2e0d0140fae4fc3a6 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -50,8 +50,10 @@ JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
 JH/08 The "support for" informational output now, which built with Content
       Scanning support, has a line for the malware scanner interfaces compiled
       in.  Interface can be individually included or not at build time.
-      The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
-      by the template makefile "src/EDITME".
+
+JH/09 The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
+      by the template makefile "src/EDITME".  The "STREAM" support for an older
+      ClamAV interface method is removed.
 
 
 Exim version 4.90

diff --git a/src/src/EDITME b/src/src/EDITME
index 933f1ac18068382e2ec30e56b71c288458e7660b..3a57fab11951cb351a46f6f4592267d18e13dc65 100644 (file)
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -418,17 +418,6 @@ DISABLE_MAL_KAV=yes
 DISABLE_MAL_MKS=yes
 
 
-#------------------------------------------------------------------------------
-# If you're using ClamAV and are backporting fixes to an old version, instead
-# of staying current (which is the more usual approach) then you may need to
-# use an older API which uses a STREAM command, now deprecated, instead of
-# zINSTREAM.  If you need to set this, please let the Exim developers know, as
-# if nobody reports a need for it, we'll remove this option and clean up the
-# code.  zINSTREAM was introduced with ClamAV 0.95.
-#
-# WITH_OLD_CLAMAV_STREAM=yes
-
-
 #------------------------------------------------------------------------------
 # If built with TLS, Exim includes code to support DKIM (DomainKeys Identified
 # Mail, RFC4871) signing and verification.  Verification of signatures is

diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults
index 08dc446f69b19be9ea9a23fd9f2c61e1f352baf5..a9d071765fa5656febe025d7293c45037f63b340 100644 (file)
--- a/src/src/config.h.defaults
+++ b/src/src/config.h.defaults
@@ -186,7 +186,6 @@ Do not put spaces between # and the 'define'.
 #define DISABLE_MAL_AVAST
 #define DISABLE_MAL_SOCK
 #define DISABLE_MAL_CMDLINE
-#define WITH_OLD_CLAMAV_STREAM
 
 /* EXPERIMENTAL features */
 #define EXPERIMENTAL_BRIGHTMAIL

diff --git a/src/src/malware.c b/src/src/malware.c
index fa1a7aabaa1f0da13309e4d6b5965b13cb4518c7..27bcc92255c6a94afb87b4017fed585dcceec7ad 100644 (file)
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -1361,8 +1361,7 @@ badseek:  err = errno;
 * The zINSTREAM command was introduced with ClamAV 0.95, which marked
 * STREAM deprecated; see: http://wiki.clamav.net/bin/view/Main/UpgradeNotes095
 * In Exim, we use SCAN if using a Unix-domain socket or explicitly told that
-* the TCP-connected daemon is actually local; otherwise we use zINSTREAM unless
-* WITH_OLD_CLAMAV_STREAM is defined.
+* the TCP-connected daemon is actually local; otherwise we use zINSTREAM
 * See Exim bug 926 for details.  */
 
       uschar *p, *vname, *result_tag;
@@ -1377,13 +1376,7 @@ badseek:  err = errno;
       BOOL use_scan_command = FALSE;
       clamd_address * cv[MAX_CLAMD_SERVERS];
       int num_servers = 0;
-#ifdef WITH_OLD_CLAMAV_STREAM
-      unsigned int port;
-      uschar av_buffer2[1024];
-      int sockData;
-#else
       uint32_t send_size, send_final_zeroblock;
-#endif
       blob cmd_str;
 
       /*XXX if unixdomain socket, only one server supported. Needs fixing;
@@ -1482,11 +1475,7 @@ badseek:  err = errno;
 
       /* Set up the very first data we will be sending */
       if (!use_scan_command)
-#ifdef WITH_OLD_CLAMAV_STREAM
-       { cmd_str.data = US"STREAM\n"; cmd_str.len = 7; }
-#else
        { cmd_str.data = US"zINSTREAM"; cmd_str.len = 10; }
-#endif
       else
        {
        cmd_str.data = string_sprintf("SCAN %s\n", eml_filename);
@@ -1557,50 +1546,6 @@ badseek:  err = errno;
 
       if (!use_scan_command)
        {
-#ifdef WITH_OLD_CLAMAV_STREAM
-       /* "STREAM\n" command, get back a "PORT <N>\n" response, send data to
-        * that port on a second connection; then in the scan-method-neutral
-        * part, read the response back on the original connection. */
-
-       DEBUG(D_acl) debug_printf_indent(
-           "Malware scan: issuing %s old-style remote scan (PORT)\n",
-           scanner_name);
-
-       /* Pass the string to ClamAV (7 = "STREAM\n"), if not already sent */
-       if (cmd_str.len)
-         if (m_sock_send(sock, cmd_str.data, cmd_str.len, &errstr) < 0)
-           return m_errlog_defer(scanent, CUS callout_address, errstr);
-
-       memset(av_buffer2, 0, sizeof(av_buffer2));
-       bread = ip_recv(sock, av_buffer2, sizeof(av_buffer2), tmo-time(NULL));
-
-       if (bread < 0)
-         return m_errlog_defer_3(scanent, CUS callout_address,
-           string_sprintf("unable to read PORT from socket (%s)",
-               strerror(errno)),
-           sock);
-
-       if (bread == sizeof(av_buffer2))
-         return m_errlog_defer_3(scanent, CUS callout_address,
-                 "buffer too small", sock);
-
-       if (!(*av_buffer2))
-         return m_errlog_defer_3(scanent, CUS callout_address,
-                 "ClamAV returned null", sock);
-
-       av_buffer2[bread] = '\0';
-       if(sscanf(CS av_buffer2, "PORT %u\n", &port) != 1)
-         return m_errlog_defer_3(scanent, CUS callout_address,
-           string_sprintf("Expected port information from clamd, got '%s'",
-             av_buffer2),
-           sock);
-
-       sockData = m_tcpsocket(connhost.address, port, NULL, &errstr, NULL);
-       if (sockData < 0)
-         return m_errlog_defer_3(scanent, CUS callout_address, errstr, sock);
-
-# define CLOSE_SOCKDATA (void)close(sockData)
-#else /* WITH_OLD_CLAMAV_STREAM not defined */
        /* New protocol: "zINSTREAM\n" followed by a sequence of <length><data>
        chunks, <n> a 4-byte number (network order), terminated by a zero-length
        chunk. */
@@ -1617,14 +1562,10 @@ badseek:  err = errno;
                strerror(errno)),
              sock);
 
-# define CLOSE_SOCKDATA /**/
-#endif
-
        /* calc file size */
        if ((clam_fd = open(CS eml_filename, O_RDONLY)) < 0)
          {
          int err = errno;
-         CLOSE_SOCKDATA;
          return m_errlog_defer_3(scanent, NULL,
            string_sprintf("can't open spool file %s: %s",
              eml_filename, strerror(err)),
@@ -1634,7 +1575,7 @@ badseek:  err = errno;
          {
          int err;
 b_seek:   err = errno;
-         CLOSE_SOCKDATA; (void)close(clam_fd);
+         (void)close(clam_fd);
          return m_errlog_defer_3(scanent, NULL,
            string_sprintf("can't seek spool file %s: %s",
              eml_filename, strerror(err)),
@@ -1643,7 +1584,7 @@ b_seek:   err = errno;
        fsize_uint = (unsigned int) fsize;
        if ((off_t)fsize_uint != fsize)
          {
-         CLOSE_SOCKDATA; (void)close(clam_fd);
+         (void)close(clam_fd);
          return m_errlog_defer_3(scanent, NULL,
            string_sprintf("seeking spool file %s, size overflow",
              eml_filename),
@@ -1654,7 +1595,7 @@ b_seek:   err = errno;
 
        if (!(clamav_fbuf = US malloc(fsize_uint)))
          {
-         CLOSE_SOCKDATA; (void)close(clam_fd);
+         (void)close(clam_fd);
          return m_errlog_defer_3(scanent, NULL,
            string_sprintf("unable to allocate memory %u for file (%s)",
              fsize_uint, eml_filename),
@@ -1664,7 +1605,7 @@ b_seek:   err = errno;
        if ((result = read(clam_fd, clamav_fbuf, fsize_uint)) < 0)
          {
          int err = errno;
-         free(clamav_fbuf); CLOSE_SOCKDATA; (void)close(clam_fd);
+         free(clamav_fbuf); (void)close(clam_fd);
          return m_errlog_defer_3(scanent, NULL,
            string_sprintf("can't read spool file %s: %s",
              eml_filename, strerror(err)),
@@ -1673,16 +1614,6 @@ b_seek:   err = errno;
        (void)close(clam_fd);
 
        /* send file body to socket */
-#ifdef WITH_OLD_CLAMAV_STREAM
-       if (send(sockData, clamav_fbuf, fsize_uint, 0) < 0)
-         {
-         free(clamav_fbuf); CLOSE_SOCKDATA;
-         return m_errlog_defer_3(scanent, NULL,
-           string_sprintf("unable to send file body to socket (%s:%u)",
-             hostname, port),
-           sock);
-         }
-#else
        send_size = htonl(fsize_uint);
        send_final_zeroblock = 0;
        if ((send(sock, &send_size, sizeof(send_size), 0) < 0) ||
@@ -1694,12 +1625,8 @@ b_seek:   err = errno;
            string_sprintf("unable to send file body to socket (%s)", hostname),
            sock);
          }
-#endif
 
        free(clamav_fbuf);
-
-       CLOSE_SOCKDATA;
-#undef CLOSE_SOCKDATA
        }
       else
        { /* use scan command */