-/* $Cambridge: exim/src/src/malware.c,v 1.6 2005/01/13 10:09:36 ph10 Exp $ */
+/* $Cambridge: exim/src/src/malware.c,v 1.17 2009/11/05 19:40:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#define SHUT_WR 1
#endif
+
+#define MALWARE_TIMEOUT 120
+
+
#define DRWEBD_SCAN_CMD (1) /* scan file, buffer or diskfile */
#define DRWEBD_RETURN_VIRUSES (1<<0) /* ask daemon return to us viruses names from report */
#define DRWEBD_IS_MAIL (1<<19) /* say to daemon that format is "archive MAIL" */
#define DERR_TIMEOUT (1<<9) /* scan timeout has run out */
#define DERR_BAD_CALL (1<<15) /* wrong command */
-/* Routine to check whether a system is big- or litte-endian.
+/* Routine to check whether a system is big- or litte-endian.
Ripped from http://www.faqs.org/faqs/graphics/fileformats-faq/part4/section-7.html
Needed for proper kavdaemon implementation. Sigh. */
#define BIG_MY_ENDIAN 0
int roffset;
const pcre *re;
const uschar *rerror;
-
+
/* make sure the eml mbox file is spooled up */
mbox_file = spool_mbox(&mbox_size);
if (mbox_file == NULL) {
/* error while spooling */
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: error while creating mbox spool file");
- return DEFER;
+ return DEFER;
};
/* none of our current scanners need the mbox
file as a stream, so we can close it right away */
- fclose(mbox_file);
-
+ (void)fclose(mbox_file);
+
/* extract the malware regex to match against from the option list */
if ((malware_regex = string_nextinlist(&list, &sep,
malware_regex_buffer,
sizeof(malware_regex_buffer))) != NULL) {
-
+
/* parse 1st option */
- if ( (strcmpic(malware_regex,US"false") == 0) ||
+ if ( (strcmpic(malware_regex,US"false") == 0) ||
(Ustrcmp(malware_regex,"0") == 0) ) {
/* explicitly no matching */
return FAIL;
};
-
+
/* special cases (match anything except empty) */
- if ( (strcmpic(malware_regex,US"true") == 0) ||
- (Ustrcmp(malware_regex,"*") == 0) ||
+ if ( (strcmpic(malware_regex,US"true") == 0) ||
+ (Ustrcmp(malware_regex,"*") == 0) ||
(Ustrcmp(malware_regex,"1") == 0) ) {
malware_regex = malware_regex_default;
};
"malware acl condition: av_scanner configuration variable is empty");
return DEFER;
};
-
- /* "drweb" scanner type ----------------------------------------------- */
- /* v0.1 - added support for tcp sockets */
- /* v0.0 - initial release -- support for unix sockets */
- if (strcmpic(scanner_name,US"drweb") == 0) {
- uschar *drweb_options;
- uschar drweb_options_buffer[1024];
- uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock";
- struct sockaddr_un server;
- int sock, result, ovector[30];
- unsigned int port, fsize;
- uschar tmpbuf[1024], *drweb_fbuf;
- uschar scanrequest[1024];
- uschar drweb_match_string[128];
- int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
- drweb_vnum, drweb_slen, drweb_fin = 0x0000;
- unsigned long bread;
- uschar hostname[256];
- struct hostent *he;
- struct in_addr in;
- pcre *drweb_re;
-
- if ((drweb_options = string_nextinlist(&av_scanner_work, &sep,
- drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) {
- /* no options supplied, use default options */
- drweb_options = drweb_options_default;
- };
-
- if (*drweb_options != '/') {
-
- /* extract host and port part */
- if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: invalid socket '%s'", drweb_options);
- return DEFER;
- }
-
- /* Lookup the host */
- if((he = gethostbyname(CS hostname)) == 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: failed to lookup host '%s'", hostname);
- return DEFER;
- }
-
- in = *(struct in_addr *) he->h_addr_list[0];
-
- /* Open the drwebd TCP socket */
- if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to acquire socket (%s)",
- strerror(errno));
- return DEFER;
- }
-
- if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: connection to %s, port %u failed (%s)",
- inet_ntoa(in), port, strerror(errno));
- return DEFER;
- }
-
- /* prepare variables */
- drweb_cmd = htonl(DRWEBD_SCAN_CMD);
- drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
- spool_directory, message_id, message_id);
-
- /* calc file size */
- drweb_fd = open(CS scanrequest, O_RDONLY);
- if (drweb_fd == -1) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't open spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- fsize = lseek(drweb_fd, 0, SEEK_END);
- if (fsize == -1) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't seek spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- drweb_slen = htonl(fsize);
- lseek(drweb_fd, 0, SEEK_SET);
-
- /* send scan request */
- if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
- (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
- (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
- (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
- return DEFER;
- }
-
- drweb_fbuf = (uschar *) malloc (fsize);
- if (!drweb_fbuf) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to allocate memory %u for file (%s)",
- fsize, scanrequest);
- return DEFER;
- }
-
- result = read (drweb_fd, drweb_fbuf, fsize);
- if (result == -1) {
- close(sock);
- close(drweb_fd);
- free(drweb_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't read spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- close(drweb_fd);
-
- /* send file body to socket */
- if (send(sock, drweb_fbuf, fsize, 0) < 0) {
- close(sock);
- free(drweb_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options);
- return DEFER;
- }
- close(drweb_fd);
- }
- else {
- /* open the drwebd UNIX socket */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't open UNIX socket");
- return DEFER;
- }
- server.sun_family = AF_UNIX;
- Ustrcpy(server.sun_path, drweb_options);
- if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
- return DEFER;
- }
-
- /* prepare variables */
- drweb_cmd = htonl(DRWEBD_SCAN_CMD);
- drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
- drweb_slen = htonl(Ustrlen(scanrequest));
-
- /* send scan request */
- if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
- (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
- (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
- (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) ||
- (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
- return DEFER;
- }
- }
-
- /* wait for result */
- if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to read return code");
- return DEFER;
- }
- drweb_rc = ntohl(drweb_rc);
-
- if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to read the number of viruses");
- return DEFER;
- }
- drweb_vnum = ntohl(drweb_vnum);
-
- /* "virus(es) found" if virus number is > 0 */
- if (drweb_vnum)
- {
- int i;
- uschar pre_malware_nb[256];
-
- malware_name = malware_name_buffer;
-
- /* setup default virus name */
- Ustrcpy(malware_name_buffer,"unknown");
-
- /* read and concatenate virus names into one string */
- for (i=0;i<drweb_vnum;i++)
- {
- /* read the size of report */
- if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report size");
- return DEFER;
- };
- drweb_slen = ntohl(drweb_slen);
-
- /* read report body */
- if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report string");
- return DEFER;
- };
- tmpbuf[drweb_slen] = '\0';
-
- /* set up match regex, depends on retcode */
- Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
-
- drweb_re = pcre_compile( CS drweb_match_string,
- PCRE_COPT,
- (const char **)&rerror,
- &roffset,
- NULL );
-
- /* try matcher on the line, grab substring */
- result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
- if (result >= 2) {
- pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255);
- }
- /* the first name we just copy to malware_name */
- if (i==0)
- Ustrcpy(CS malware_name_buffer, CS pre_malware_nb);
- else {
- /* concatenate each new virus name to previous */
- int slen = Ustrlen(malware_name_buffer);
- if (slen < (slen+Ustrlen(pre_malware_nb))) {
- Ustrcat(malware_name_buffer, "/");
- Ustrcat(malware_name_buffer, pre_malware_nb);
- }
- }
- }
- }
- else {
- char *drweb_s = NULL;
-
- if (drweb_rc & DERR_READ_ERR) drweb_s = "read error";
- if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory";
- if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout";
- if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command";
- /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED.
- * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM,
- * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
- * and others are ignored */
- if (drweb_s) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
- close(sock);
- return DEFER;
- }
- /* no virus found */
- malware_name = NULL;
- };
- close(sock);
- }
- /* ----------------------------------------------------------------------- */
+
+ /* "f-protd" scanner type ----------------------------------------------- */
+ if (strcmpic(scanner_name, US"f-protd") == 0) {
+ uschar *fp_options, *fp_scan_option;
+ uschar fp_scan_option_buffer[1024];
+ uschar fp_options_buffer[1024];
+ uschar fp_options_default[] = "localhost 10200-10204";
+ uschar hostname[256];
+ unsigned int port, portlow, porthigh, connect_ok=0, detected=0, par_count = 0;
+ struct hostent *he;
+ struct in_addr in;
+ int sock;
+ uschar scanrequest[2048], buf[32768], *strhelper, *strhelper2;
+
+ if ((fp_options = string_nextinlist(&av_scanner_work, &sep,
+ fp_options_buffer, sizeof(fp_options_buffer))) == NULL) {
+ /* no options supplied, use default options */
+ fp_options = fp_options_default;
+ };
+
+ /* extract host and port part */
+ if ( sscanf(CS fp_options, "%s %u-%u", hostname, &portlow, &porthigh) != 3 ) {
+ if ( sscanf(CS fp_options, "%s %u", hostname, &portlow) != 2 ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: invalid socket '%s'", fp_options);
+ return DEFER;
+ }
+ porthigh = portlow;
+ }
+
+ /* Lookup the host */
+ if((he = gethostbyname(CS hostname)) == 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: failed to lookup host '%s'", hostname);
+ return DEFER;
+ }
+
+ in = *(struct in_addr *) he->h_addr_list[0];
+ port = portlow;
+
+
+ /* Open the f-protd TCP socket */
+ if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: unable to acquire socket (%s)",
+ strerror(errno));
+ return DEFER;
+ }
+
+ /* Try to connect to all portslow-high until connection is established */
+ for (port = portlow; !connect_ok && port < porthigh; port++) {
+ if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) >= 0) {
+ connect_ok = 1;
+ }
+ }
+
+ if ( !connect_ok ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: connection to %s, port %u-%u failed (%s)",
+ inet_ntoa(in), portlow, porthigh, strerror(errno));
+ (void)close(sock);
+ return DEFER;
+ }
+
+ (void)string_format(scanrequest, 1024, CS"GET %s/scan/%s/%s.eml",
+ spool_directory, message_id, message_id);
+
+ while ((fp_scan_option = string_nextinlist(&av_scanner_work, &sep,
+ fp_scan_option_buffer, sizeof(fp_scan_option_buffer))) != NULL) {
+ if ( par_count ) {
+ Ustrcat(scanrequest, "%20");
+ } else {
+ Ustrcat(scanrequest, "?");
+ }
+ Ustrcat(scanrequest, fp_scan_option);
+ par_count++;
+ }
+ Ustrcat(scanrequest, " HTTP/1.0\r\n\r\n");
+
+ /* send scan request */
+ if (send(sock, &scanrequest, Ustrlen(scanrequest)+1, 0) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: unable to send command to socket (%s)", scanrequest);
+ return DEFER;
+ }
+
+ /* We get a lot of empty lines, so we need this hack to check for any data at all */
+ while( recv(sock, buf, 1, MSG_PEEK) > 0 ) {
+ if ( recv_line(sock, buf, 32768) > 0) {
+ if ( Ustrstr(buf, US"<detected type=\"") != NULL ) {
+ detected = 1;
+ } else if ( detected && (strhelper = Ustrstr(buf, US"<name>")) ) {
+ if (strhelper2 = (Ustrstr(buf, US"</name>"))) {
+ *strhelper2 = '\0';
+ Ustrcpy(malware_name_buffer, strhelper + 6);
+ }
+ } else if ( Ustrstr(buf, US"<summary code=\"") ) {
+ if ( Ustrstr(buf, US"<summary code=\"11\">") ) {
+ malware_name = malware_name_buffer;
+ } else {
+ malware_name = NULL;
+ }
+ }
+ }
+ }
+ (void)close(sock);
+ }
+ /* "drweb" scanner type ----------------------------------------------- */
+ /* v0.1 - added support for tcp sockets */
+ /* v0.0 - initial release -- support for unix sockets */
+ else if (strcmpic(scanner_name,US"drweb") == 0) {
+ uschar *drweb_options;
+ uschar drweb_options_buffer[1024];
+ uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock";
+ struct sockaddr_un server;
+ int sock, result, ovector[30];
+ unsigned int port, fsize;
+ uschar tmpbuf[1024], *drweb_fbuf;
+ uschar scanrequest[1024];
+ uschar drweb_match_string[128];
+ int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
+ drweb_vnum, drweb_slen, drweb_fin = 0x0000;
+ unsigned long bread;
+ uschar hostname[256];
+ struct hostent *he;
+ struct in_addr in;
+ pcre *drweb_re;
+
+ if ((drweb_options = string_nextinlist(&av_scanner_work, &sep,
+ drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) {
+ /* no options supplied, use default options */
+ drweb_options = drweb_options_default;
+ };
+
+ if (*drweb_options != '/') {
+
+ /* extract host and port part */
+ if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: invalid socket '%s'", drweb_options);
+ return DEFER;
+ }
+
+ /* Lookup the host */
+ if((he = gethostbyname(CS hostname)) == 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: failed to lookup host '%s'", hostname);
+ return DEFER;
+ }
+
+ in = *(struct in_addr *) he->h_addr_list[0];
+
+ /* Open the drwebd TCP socket */
+ if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to acquire socket (%s)",
+ strerror(errno));
+ return DEFER;
+ }
+
+ if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: connection to %s, port %u failed (%s)",
+ inet_ntoa(in), port, strerror(errno));
+ return DEFER;
+ }
+
+ /* prepare variables */
+ drweb_cmd = htonl(DRWEBD_SCAN_CMD);
+ drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml",
+ spool_directory, message_id, message_id);
+
+ /* calc file size */
+ drweb_fd = open(CS scanrequest, O_RDONLY);
+ if (drweb_fd == -1) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't open spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ fsize = lseek(drweb_fd, 0, SEEK_END);
+ if (fsize == -1) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't seek spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ drweb_slen = htonl(fsize);
+ lseek(drweb_fd, 0, SEEK_SET);
+
+ /* send scan request */
+ if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
+ (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
+ return DEFER;
+ }
+
+ drweb_fbuf = (uschar *) malloc (fsize);
+ if (!drweb_fbuf) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to allocate memory %u for file (%s)",
+ fsize, scanrequest);
+ return DEFER;
+ }
+
+ result = read (drweb_fd, drweb_fbuf, fsize);
+ if (result == -1) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ free(drweb_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't read spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ (void)close(drweb_fd);
+
+ /* send file body to socket */
+ if (send(sock, drweb_fbuf, fsize, 0) < 0) {
+ (void)close(sock);
+ free(drweb_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options);
+ return DEFER;
+ }
+ (void)close(drweb_fd);
+ }
+ else {
+ /* open the drwebd UNIX socket */
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't open UNIX socket");
+ return DEFER;
+ }
+ server.sun_family = AF_UNIX;
+ Ustrcpy(server.sun_path, drweb_options);
+ if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
+ return DEFER;
+ }
+
+ /* prepare variables */
+ drweb_cmd = htonl(DRWEBD_SCAN_CMD);
+ drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
+ drweb_slen = htonl(Ustrlen(scanrequest));
+
+ /* send scan request */
+ if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
+ (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) ||
+ (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
+ return DEFER;
+ }
+ }
+
+ /* wait for result */
+ if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to read return code");
+ return DEFER;
+ }
+ drweb_rc = ntohl(drweb_rc);
+
+ if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to read the number of viruses");
+ return DEFER;
+ }
+ drweb_vnum = ntohl(drweb_vnum);
+
+ /* "virus(es) found" if virus number is > 0 */
+ if (drweb_vnum)
+ {
+ int i;
+ uschar pre_malware_nb[256];
+
+ malware_name = malware_name_buffer;
+
+ /* setup default virus name */
+ Ustrcpy(malware_name_buffer,"unknown");
+
+ /* read and concatenate virus names into one string */
+ for (i=0;i<drweb_vnum;i++)
+ {
+ /* read the size of report */
+ if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: cannot read report size");
+ return DEFER;
+ };
+ drweb_slen = ntohl(drweb_slen);
+
+ /* read report body */
+ if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: cannot read report string");
+ return DEFER;
+ };
+ tmpbuf[drweb_slen] = '\0';
+
+ /* set up match regex, depends on retcode */
+ Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
+
+ drweb_re = pcre_compile( CS drweb_match_string,
+ PCRE_COPT,
+ (const char **)&rerror,
+ &roffset,
+ NULL );
+
+ /* try matcher on the line, grab substring */
+ result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
+ if (result >= 2) {
+ pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255);
+ }
+ /* the first name we just copy to malware_name */
+ if (i==0)
+ Ustrcpy(CS malware_name_buffer, CS pre_malware_nb);
+ else {
+ /* concatenate each new virus name to previous */
+ int slen = Ustrlen(malware_name_buffer);
+ if (slen < (slen+Ustrlen(pre_malware_nb))) {
+ Ustrcat(malware_name_buffer, "/");
+ Ustrcat(malware_name_buffer, pre_malware_nb);
+ }
+ }
+ }
+ }
+ else {
+ char *drweb_s = NULL;
+
+ if (drweb_rc & DERR_READ_ERR) drweb_s = "read error";
+ if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory";
+ if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout";
+ if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command";
+ /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED.
+ * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM,
+ * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
+ * and others are ignored */
+ if (drweb_s) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
+ (void)close(sock);
+ return DEFER;
+ }
+ /* no virus found */
+ malware_name = NULL;
+ };
+ (void)close(sock);
+ }
+ /* ----------------------------------------------------------------------- */
else if (strcmpic(scanner_name,US"aveserver") == 0) {
uschar *kav_options;
uschar kav_options_buffer[1024];
uschar buf[32768];
struct sockaddr_un server;
int sock;
-
+ int result;
+
if ((kav_options = string_nextinlist(&av_scanner_work, &sep,
kav_options_buffer,
sizeof(kav_options_buffer))) == NULL) {
/* no options supplied, use default options */
kav_options = kav_options_default;
};
-
+
/* open the aveserver socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: can't open UNIX socket.");
- return DEFER;
+ return DEFER;
}
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, kav_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to aveserver UNIX socket (%s). errno=%d", kav_options, errno);
return DEFER;
}
-
+
/* read aveserver's greeting and see if it is ready (2xx greeting) */
recv_line(sock, buf, 32768);
if (buf[0] != '2') {
/* aveserver is having problems */
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: aveserver is unavailable (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") );
return DEFER;
};
-
+
/* prepare our command */
- snprintf(CS buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id);
-
+ (void)string_format(buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id);
+
/* and send it */
if (send(sock, buf, Ustrlen(buf), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options);
return DEFER;
}
-
+
malware_name = NULL;
+ result = 0;
/* read response lines, find malware name and final response */
while (recv_line(sock, buf, 32768) > 0) {
debug_printf("aveserver: %s\n", buf);
- if (buf[0] == '2') break;
- if (Ustrncmp(buf,"322",3) == 0) {
+ if (buf[0] == '2') {
+ break;
+ } else if (buf[0] == '5') {
+ /* aveserver is having problems */
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: unable to scan file %s/scan/%s/%s.eml (Responded: %s).",
+ spool_directory, message_id, message_id, buf);
+ result = DEFER;
+ break;
+ } else if (Ustrncmp(buf,"322",3) == 0) {
uschar *p = Ustrchr(&buf[4],' ');
*p = '\0';
Ustrcpy(malware_name_buffer,&buf[4]);
malware_name = malware_name_buffer;
- };
+ };
+ }
+
+ /* prepare our command */
+ (void)string_format(buf, 32768, "quit\r\n");
+
+ /* and send it */
+ if (send(sock, buf, Ustrlen(buf), 0) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options);
+ return DEFER;
}
- close(sock);
+ /* read aveserver's greeting and see if it is ready (2xx greeting) */
+ recv_line(sock, buf, 32768);
+
+ if (buf[0] != '2') {
+ /* aveserver is having problems */
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: unable to quit aveserver dialogue (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") );
+ return DEFER;
+ };
+
+ (void)close(sock);
+
+ if (result == DEFER) return DEFER;
}
/* "fsecure" scanner type ------------------------------------------------- */
else if (strcmpic(scanner_name,US"fsecure") == 0) {
US"CONFIGURE\tTIMEOUT\t0\n",
US"CONFIGURE\tMAXARCH\t5\n",
US"CONFIGURE\tMIME\t1\n" };
-
+
malware_name = NULL;
if ((fsecure_options = string_nextinlist(&av_scanner_work, &sep,
fsecure_options_buffer,
- sizeof(fsecure_options_buffer))) == NULL) {
+ sizeof(fsecure_options_buffer))) == NULL) {
/* no options supplied, use default options */
fsecure_options = fsecure_options_default;
};
-
+
/* open the fsecure socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, fsecure_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to fsecure socket %s (%s)",
fsecure_options, strerror(errno));
return DEFER;
}
-
+
/* pass options */
memset(av_buffer, 0, sizeof(av_buffer));
for (i=0; i != 4; i++) {
/* debug_printf("send option \"%s\"",cmdoptions[i]); */
if (write(sock, cmdoptions[i], Ustrlen(cmdoptions[i])) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write fsecure option %d to %s (%s)",
i, fsecure_options, strerror(errno));
- return DEFER;
+ return DEFER;
};
-
- bread = read(sock, av_buffer, sizeof(av_buffer));
+
+ bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT);
if (bread >0) av_buffer[bread]='\0';
if (bread < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read fsecure answer %d (%s)", i, strerror(errno));
return DEFER;
/* debug_printf("read answer %d read=%d \"%s\"\n", i, bread, av_buffer ); */
/* while (Ustrstr(av_buffer, "OK\tServer configured.@") == NULL); */
};
-
+
/* pass the mailfile to fsecure */
- snprintf(CS file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id);
+ (void)string_format(file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id);
/* debug_printf("send scan %s",file_name); */
if (write(sock, file_name, Ustrlen(file_name)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write fsecure scan to %s (%s)",
fsecure_options, strerror(errno));
return DEFER;
};
-
+
/* set up match */
/* todo also SUSPICION\t */
fs_inf = pcre_compile("\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$", PCRE_COPT, (const char **)&rerror, &roffset, NULL);
-
+
/* read report, linewise */
do {
int ovector[30];
i = 0;
memset(av_buffer, 0, sizeof(av_buffer));
do {
- bread=read(sock, &av_buffer[i], 1);
+ bread=ip_recv(sock, &av_buffer[i], 1, MALWARE_TIMEOUT);
if (bread < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read fsecure result (%s)", strerror(errno));
return DEFER;
while ((i < sizeof(av_buffer)-1 ) && (av_buffer[i-1] != '\n'));
av_buffer[i-1] = '\0';
/* debug_printf("got line \"%s\"\n",av_buffer); */
-
+
/* Really search for virus again? */
if (malware_name == NULL) {
/* try matcher on the line, grab substring */
};
}
while (Ustrstr(av_buffer, "OK\tScan ok.") == NULL);
- close(sock);
+ (void)close(sock);
}
/* ----------------------------------------------------------------------- */
int kav_rc;
unsigned long kav_reportlen, bread;
pcre *kav_re;
-
+
if ((kav_options = string_nextinlist(&av_scanner_work, &sep,
kav_options_buffer,
sizeof(kav_options_buffer))) == NULL) {
/* no options supplied, use default options */
kav_options = kav_options_default;
};
-
+
/* open the kavdaemon socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: can't open UNIX socket.");
- return DEFER;
+ return DEFER;
}
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, kav_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to kavdaemon UNIX socket (%s). errno=%d", kav_options, errno);
return DEFER;
}
-
+
/* get current date and time, build scan request */
time(&t);
strftime(CS tmpbuf, sizeof(tmpbuf), "<0>%d %b %H:%M:%S:%%s/scan/%%s", localtime(&t));
- snprintf(CS scanrequest, 1024,CS tmpbuf, spool_directory, message_id);
-
+ (void)string_format(scanrequest, 1024,CS tmpbuf, spool_directory, message_id);
+
/* send scan request */
if (send(sock, scanrequest, Ustrlen(scanrequest)+1, 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to kavdaemon UNIX socket (%s)", kav_options);
return DEFER;
}
-
+
/* wait for result */
if ((bread = recv(sock, tmpbuf, 2, 0) != 2)) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read 2 bytes from kavdaemon socket.");
return DEFER;
}
-
+
/* get errorcode from one nibble */
if (test_byte_order() == LITTLE_MY_ENDIAN) {
kav_rc = tmpbuf[0] & 0x0F;
else {
kav_rc = tmpbuf[1] & 0x0F;
};
-
+
/* improper kavdaemon configuration */
if ( (kav_rc == 5) || (kav_rc == 6) ) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: please reconfigure kavdaemon to NOT disinfect or remove infected files.");
return DEFER;
};
-
+
if (kav_rc == 1) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: kavdaemon reported 'scanning not completed' (code 1).");
return DEFER;
};
-
+
if (kav_rc == 7) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: kavdaemon reported 'kavdaemon damaged' (code 7).");
return DEFER;
};
-
+
/* code 8 is not handled, since it is ambigous. It appears mostly on
bounces where part of a file has been cut off */
-
+
/* "virus found" return codes (2-4) */
if ((kav_rc > 1) && (kav_rc < 5)) {
int report_flag = 0;
-
+
/* setup default virus name */
Ustrcpy(malware_name_buffer,"unknown");
malware_name = malware_name_buffer;
-
+
if (test_byte_order() == LITTLE_MY_ENDIAN) {
report_flag = tmpbuf[1];
}
else {
report_flag = tmpbuf[0];
};
-
+
/* read the report, if available */
if( report_flag == 1 ) {
/* read report size */
if ((bread = recv(sock, &kav_reportlen, 4, 0)) != 4) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: cannot read report size from kavdaemon");
return DEFER;
};
-
+
/* it's possible that avp returns av_buffer[1] == 1 but the
reportsize is 0 (!?) */
if (kav_reportlen > 0) {
Ustrcpy(kav_match_string, "suspicion:\\s*(.+?)\\s*$");
else
Ustrcpy(kav_match_string, "infected:\\s*(.+?)\\s*$");
-
+
kav_re = pcre_compile( CS kav_match_string,
PCRE_COPT,
(const char **)&rerror,
&roffset,
NULL );
-
- /* read report, linewise */
+
+ /* read report, linewise */
while (kav_reportlen > 0) {
int result = 0;
int ovector[30];
-
+
bread = 0;
while ( recv(sock, &tmpbuf[bread], 1, 0) == 1 ) {
kav_reportlen--;
};
bread++;
tmpbuf[bread] = '\0';
-
+
/* try matcher on the line, grab substring */
result = pcre_exec(kav_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
if (result >= 2) {
/* no virus found */
malware_name = NULL;
};
-
- close(sock);
+
+ (void)close(sock);
}
/* ----------------------------------------------------------------------- */
-
-
+
+
/* "cmdline" scanner type ------------------------------------------------ */
else if (strcmpic(scanner_name,US"cmdline") == 0) {
uschar *cmdline_scanner;
int trigger = 0;
int result;
int ovector[30];
-
+
/* find scanner command line */
if ((cmdline_scanner = string_nextinlist(&av_scanner_work, &sep,
cmdline_scanner_buffer,
/* no command line supplied */
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: missing commandline specification for cmdline scanner type.");
- return DEFER;
+ return DEFER;
};
-
+
/* find scanner output trigger */
if ((cmdline_trigger = string_nextinlist(&av_scanner_work, &sep,
cmdline_trigger_buffer,
/* no trigger regex supplied */
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: missing trigger specification for cmdline scanner type.");
- return DEFER;
+ return DEFER;
};
-
+
/* precompile trigger regex */
cmdline_trigger_re = pcre_compile(CS cmdline_trigger, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
if (cmdline_trigger_re == NULL) {
"malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger_re, rerror, roffset);
return DEFER;
};
-
+
/* find scanner name regex */
if ((cmdline_regex = string_nextinlist(&av_scanner_work, &sep,
cmdline_regex_buffer,
/* no name regex supplied */
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: missing virus name regex specification for cmdline scanner type.");
- return DEFER;
+ return DEFER;
};
-
+
/* precompile name regex */
cmdline_regex_re = pcre_compile(CS cmdline_regex, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
if (cmdline_regex_re == NULL) {
"malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex_re, rerror, roffset);
return DEFER;
};
-
+
/* prepare scanner call */
- snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
- snprintf(CS commandline,1024, CS cmdline_scanner,file_name);
+ (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id);
+ (void)string_format(commandline,1024, CS cmdline_scanner,file_name);
/* redirect STDERR too */
Ustrcat(commandline," 2>&1");
-
+
/* store exims signal handlers */
eximsigchld = signal(SIGCHLD,SIG_DFL);
eximsigpipe = signal(SIGPIPE,SIG_DFL);
-
+
scanner_out = popen(CS commandline,"r");
if (scanner_out == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
signal(SIGPIPE,eximsigpipe);
return DEFER;
};
-
- snprintf(CS file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
- scanner_record = fopen(CS file_name,"w");
-
+
+ (void)string_format(file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
+ scanner_record = modefopen(file_name,"wb",SPOOL_MODE);
+
if (scanner_record == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: opening scanner output file (%s) failed: %s.", file_name, strerror(errno));
signal(SIGPIPE,eximsigpipe);
return DEFER;
};
-
+
/* look for trigger while recording output */
while(fgets(CS linebuffer,32767,scanner_out) != NULL) {
if ( Ustrlen(linebuffer) > fwrite(linebuffer, 1, Ustrlen(linebuffer), scanner_record) ) {
if (!trigger && regex_match_and_setup(cmdline_trigger_re, linebuffer, 0, -1))
trigger = 1;
};
-
- fclose(scanner_record);
+
+ (void)fclose(scanner_record);
pclose(scanner_out);
signal(SIGCHLD,eximsigchld);
signal(SIGPIPE,eximsigpipe);
-
+
if (trigger) {
/* setup default virus name */
Ustrcpy(malware_name_buffer,"unknown");
malware_name = malware_name_buffer;
-
+
/* re-open the scanner output file, look for name match */
- scanner_record = fopen(CS file_name,"r");
+ scanner_record = fopen(CS file_name,"rb");
while(fgets(CS linebuffer,32767,scanner_record) != NULL) {
/* try match */
result = pcre_exec(cmdline_regex_re, NULL, CS linebuffer, Ustrlen(linebuffer), 0, 0, ovector, 30);
pcre_copy_substring(CS linebuffer, ovector, result, 1, CS malware_name_buffer, 255);
};
};
- fclose(scanner_record);
+ (void)fclose(scanner_record);
}
else {
/* no virus found */
};
}
/* ----------------------------------------------------------------------- */
-
-
+
+
/* "sophie" scanner type ------------------------------------------------- */
else if (strcmpic(scanner_name,US"sophie") == 0) {
uschar *sophie_options;
int sock;
uschar file_name[1024];
uschar av_buffer[1024];
-
+
if ((sophie_options = string_nextinlist(&av_scanner_work, &sep,
sophie_options_buffer,
sizeof(sophie_options_buffer))) == NULL) {
/* no options supplied, use default options */
sophie_options = sophie_options_default;
};
-
+
/* open the sophie socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: can't open UNIX socket.");
- return DEFER;
+ return DEFER;
}
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, sophie_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to sophie UNIX socket (%s). errno=%d", sophie_options, errno);
return DEFER;
}
-
+
/* pass the scan directory to sophie */
- snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
+ (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id);
if (write(sock, file_name, Ustrlen(file_name)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options);
- return DEFER;
+ return DEFER;
};
-
- write(sock, "\n", 1);
-
+
+ (void)write(sock, "\n", 1);
+
/* wait for result */
memset(av_buffer, 0, sizeof(av_buffer));
- if ((!(bread = read(sock, av_buffer, sizeof(av_buffer))) > 0)) {
- close(sock);
+ if ((!(bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT)) > 0)) {
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options);
return DEFER;
};
-
- close(sock);
-
+
+ (void)close(sock);
+
/* infected ? */
if (av_buffer[0] == '1') {
if (Ustrchr(av_buffer, '\n')) *Ustrchr(av_buffer, '\n') = '\0';
};
}
/* ----------------------------------------------------------------------- */
-
+
/* "clamd" scanner type ------------------------------------------------- */
/* This code was contributed by David Saez */
uschar *p,*vname;
struct sockaddr_un server;
int sock,bread=0;
- unsigned int port;
+ unsigned int port;
uschar file_name[1024];
uschar av_buffer[1024];
uschar hostname[256];
sizeof(clamd_options2_buffer))) == NULL) {
clamd_options2 = clamd_options2_default;
}
-
+
/* socket does not start with '/' -> network socket */
if (*clamd_options != '/') {
-
+
/* extract host and port part */
if( sscanf(CS clamd_options, "%s %u", hostname, &port) != 2 ) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: invalid socket '%s'", clamd_options);
return DEFER;
};
-
+
/* Lookup the host */
if((he = gethostbyname(CS hostname)) == 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: failed to lookup host '%s'", hostname);
return DEFER;
}
-
+
in = *(struct in_addr *) he->h_addr_list[0];
-
+
/* Open the ClamAV Socket */
if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
strerror(errno));
return DEFER;
}
-
+
if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: connection to %s, port %u failed (%s)",
inet_ntoa(in), port, strerror(errno));
if (strcmpic(clamd_options2,US"local") == 0) {
/* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
-
- snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
-
+
+ (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
+
if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
/* Pass the string to ClamAV (7 = "STREAM\n") */
if (send(sock, "STREAM\n", 7, 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
}
memset(av_buffer2, 0, sizeof(av_buffer2));
- bread = read(sock, av_buffer2, sizeof(av_buffer2));
+ bread = ip_recv(sock, av_buffer2, sizeof(av_buffer2), MALWARE_TIMEOUT);
if (bread < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
strerror(errno));
return DEFER;
}
-
+
if (bread == sizeof(av_buffer)) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: buffer too small");
return DEFER;
}
-
+
if (!(*av_buffer2)) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: ClamAV returned null");
return DEFER;
}
-
+
av_buffer2[bread] = '\0';
if( sscanf(CS av_buffer2, "PORT %u\n", &port) != 1 ) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: Expected port information from clamd, got '%s'", av_buffer2);
return DEFER;
};
-
+
if ( (sockData = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: unable to acquire socket (%s)",
strerror(errno));
return DEFER;
}
-
+
if (ip_connect(sockData, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sockData);
+ (void)close(sockData);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: connection to %s, port %u failed (%s)",
inet_ntoa(in), port, strerror(errno));
return DEFER;
}
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
- spool_directory, message_id, message_id);
-
- /* calc file size */
- clam_fd = open(CS scanrequest, O_RDONLY);
- if (clam_fd == -1) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: can't open spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- fsize = lseek(clam_fd, 0, SEEK_END);
- if (fsize == -1) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: can't seek spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- lseek(clam_fd, 0, SEEK_SET);
-
- clamav_fbuf = (uschar *) malloc (fsize);
- if (!clamav_fbuf) {
- close(sockData);
- close(clam_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: unable to allocate memory %u for file (%s)",
- fsize, scanrequest);
- return DEFER;
- }
-
- result = read (clam_fd, clamav_fbuf, fsize);
- if (result == -1) {
- close(sockData);
- close(clam_fd);
- free(clamav_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: can't read spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- close(clam_fd);
-
- /* send file body to socket */
- if (send(sockData, clamav_fbuf, fsize, 0) < 0) {
- close(sockData);
- free(clamav_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: unable to send file body to socket (%s:%u)", hostname, port);
- return DEFER;
- }
- free(clamav_fbuf);
- close(sockData);
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml",
+ spool_directory, message_id, message_id);
+
+ /* calc file size */
+ clam_fd = open(CS scanrequest, O_RDONLY);
+ if (clam_fd == -1) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: can't open spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ fsize = lseek(clam_fd, 0, SEEK_END);
+ if (fsize == -1) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: can't seek spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ lseek(clam_fd, 0, SEEK_SET);
+
+ clamav_fbuf = (uschar *) malloc (fsize);
+ if (!clamav_fbuf) {
+ (void)close(sockData);
+ (void)close(clam_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: unable to allocate memory %u for file (%s)",
+ fsize, scanrequest);
+ return DEFER;
+ }
+
+ result = read (clam_fd, clamav_fbuf, fsize);
+ if (result == -1) {
+ (void)close(sockData);
+ (void)close(clam_fd);
+ free(clamav_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: can't read spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ (void)close(clam_fd);
+
+ /* send file body to socket */
+ if (send(sockData, clamav_fbuf, fsize, 0) < 0) {
+ (void)close(sockData);
+ free(clamav_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: unable to send file body to socket (%s:%u)", hostname, port);
+ return DEFER;
+ }
+ free(clamav_fbuf);
+ (void)close(sockData);
}
}
else {
strerror(errno));
return DEFER;
}
-
+
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, clamd_options);
-
+
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: unable to connect to UNIX socket %s (%s)",
clamd_options, strerror(errno) );
return DEFER;
}
}
-
+
/* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
-
- snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
-
+
+ (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
+
if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
}
-
- /*
+
+ /*
We're done sending, close socket for writing.
-
+
One user reported that clamd 0.70 does not like this any more ...
-
+
*/
-
+
/* shutdown(sock, SHUT_WR); */
-
+
/* Read the result */
memset(av_buffer, 0, sizeof(av_buffer));
- bread = read(sock, av_buffer, sizeof(av_buffer));
- close(sock);
+ bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT);
+ (void)close(sock);
if (!(bread > 0)) {
log_write(0, LOG_MAIN|LOG_PANIC,
strerror(errno));
return DEFER;
}
-
+
if (bread == sizeof(av_buffer)) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: buffer too small");
return DEFER;
}
-
+
/* Check the result. ClamAV Returns
infected: -> "<filename>: <virusname> FOUND"
not-infected: -> "<filename>: OK"
- error: -> "<filename>: <errcode> ERROR */
-
+ error: -> "<filename>: <errcode> ERROR */
+
if (!(*av_buffer)) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: ClamAV returned null");
return DEFER;
}
-
+
+ /* strip newline at the end */
+ p = av_buffer + Ustrlen(av_buffer) - 1;
+ if( *p == '\n' ) *p = '\0';
+
/* colon in returned output? */
if((p = Ustrrchr(av_buffer,':')) == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: ClamAV returned malformed result: %s",
- av_buffer);
+ av_buffer);
return DEFER;
}
-
- /* strip filename strip CR at the end */
+
+ /* strip filename */
++p;
while (*p == ' ') ++p;
vname = p;
- p = vname + Ustrlen(vname) - 1;
- if( *p == '\n' ) *p = '\0';
-
if ((p = Ustrstr(vname, "FOUND"))!=NULL) {
*p=0;
for (--p;p>vname && *p<=32;p--) *p=0;
}
}
/* ----------------------------------------------------------------------- */
-
-
+
+
/* "mksd" scanner type --------------------------------------------------- */
else if (strcmpic(scanner_name,US"mksd") == 0) {
uschar *mksd_options;
struct sockaddr_un server;
int sock;
int retval;
-
+
if ((mksd_options = string_nextinlist(&av_scanner_work, &sep,
mksd_options_buffer,
sizeof(mksd_options_buffer))) != NULL) {
mksd_maxproc = (int) strtol(CS mksd_options, &mksd_options_end, 10);
- if ((*mksd_options == '\0') || (*mksd_options_end != '\0') ||
- (mksd_maxproc < 1) || (mksd_maxproc > 32)) {
+ if ((*mksd_options == '\0') || (*mksd_options_end != '\0') ||
+ (mksd_maxproc < 1) || (mksd_maxproc > 32)) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: mksd: invalid option '%s'", mksd_options);
return DEFER;
}
}
-
+
/* open the mksd socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: can't open UNIX socket.");
- return DEFER;
+ return DEFER;
}
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, "/var/run/mksd/socket");
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to mksd UNIX socket (/var/run/mksd/socket). errno=%d", errno);
return DEFER;
}
-
+
malware_name = NULL;
-
+
retval = mksd_scan_packed(sock);
-
+
if (retval != OK)
return retval;
}
return DEFER;
};
/* ----------------------------------------------------------------------- */
-
+
/* set "been here, done that" marker */
malware_ok = 1;
};
int mksd_writev (int sock, struct iovec *iov, int iovcnt)
{
int i;
-
+
for (;;) {
do
i = writev (sock, iov, iovcnt);
"malware acl condition: unable to write to mksd UNIX socket (/var/run/mksd/socket)");
return -1;
}
-
+
for (;;)
if (i >= iov->iov_len) {
if (--iovcnt == 0)
{
int offset = 0;
int i;
-
+
do {
if ((i = recv (sock, av_buffer+offset, av_buffer_size-offset, 0)) <= 0) {
close (sock);
"malware acl condition: unable to read from mksd UNIX socket (/var/run/mksd/socket)");
return -1;
}
-
+
offset += i;
/* offset == av_buffer_size -> buffer full */
if (offset == av_buffer_size) {
return -1;
}
} while (av_buffer[offset-1] != '\n');
-
+
av_buffer[offset] = '\0';
return offset;
}
int mksd_parse_line (char *line)
{
char *p;
-
+
switch (*line) {
case 'O':
/* OK */
if (((p = strchr (line+4, ' ')) != NULL) && ((p-line) > 4)) {
(*p) = '\0';
Ustrcpy (malware_name_buffer, line+4);
- malware_name = malware_name_buffer;
+ malware_name = malware_name_buffer;
return OK;
}
}
struct iovec iov[7];
char *cmd = "MSQ/scan/.eml\n";
uschar av_buffer[1024];
-
+
iov[0].iov_base = cmd;
iov[0].iov_len = 3;
iov[1].iov_base = CS spool_directory;
iov[4].iov_len = 1;
iov[6].iov_base = cmd + 9;
iov[6].iov_len = 5;
-
+
if (mksd_writev (sock, iov, 7) < 0)
return DEFER;
-
+
if (mksd_read_lines (sock, av_buffer, sizeof (av_buffer)) < 0)
return DEFER;
-
+
close (sock);
-
+
return mksd_parse_line (CS av_buffer);
}