return(byte[0] ? LITTLE_MY_ENDIAN : BIG_MY_ENDIAN);
}
-static uschar * malware_name_internal = NULL;
-int malware_ok = 0;
+BOOL malware_ok = FALSE;
/* Gross hacks for the -bmalware option; perhaps we should just create
the scan directory normally for that case, but look into rigging up the
/*************************************************/
-static int
-m_streamsocket(const uschar * hostname, struct in_addr * inp, uschar ** errstr)
-{
- struct hostent * he;
- int sock;
-
- /* Lookup the host */
- if(!(he = gethostbyname(CS hostname))) {
- *errstr = string_sprintf("failed to lookup host '%s'", hostname);
- return -1;
- }
- *inp = *(struct in_addr *) he->h_addr_list[0];
-
- /* Create the TCP socket */
- if ((sock = ip_socket(SOCK_STREAM, AF_INET)) >= 0)
- return sock;
-
- *errstr = string_sprintf("unable to acquire socket (%s)", strerror(errno));
- return -1;
-}
-
-static int
+/* Only used by the Clamav code, which is working from a list of servers and
+uses the returned in_addr to get a second connection to the same system.
+*/
+static inline int
m_tcpsocket(const uschar * hostname, unsigned int port,
- struct in_addr * inp, uschar ** errstr)
+ host_item * host, uschar ** errstr)
{
- int sock;
-
- if ((sock = m_streamsocket(hostname, inp, errstr)) < 0)
- return -1;
-
- if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(*inp), port, 5) >= 0)
- return sock;
-
- *errstr = string_sprintf("connection to %s, port %u failed (%s)",
- inet_ntoa(*inp), port, strerror(errno));
- (void)close(sock);
- return -1;
+ return ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5, host, errstr);
}
static int
{
int scan;
uschar hostname[256];
- unsigned int port, portlow, porthigh;
- struct hostent * he;
- struct in_addr in;
- int sock;
+ unsigned int portlow, porthigh;
/* extract host and port part */
scan = sscanf(CS hostport, "%255s %u-%u", hostname, &portlow, &porthigh);
porthigh = portlow;
}
- if ((sock = m_streamsocket(hostname, &in, errstr)) < 0)
- return -1;
-
- /* Try to connect to all ports low-high until connection is established */
- for (port = portlow; port <= porthigh; port++)
- if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) >= 0)
- return sock;
-
- *errstr = string_sprintf("connection to %s, port %u-%u failed (%s)",
- inet_ntoa(in), portlow, porthigh, strerror(errno));
- (void)close(sock);
- return -1;
+ return ip_connectedsocket(SOCK_STREAM, hostname, portlow, porthigh,
+ 5, NULL, errstr);
}
static int
return substr;
}
+static const pcre *
+m_pcre_nextinlist(uschar ** list, int * sep, char * listerr, uschar ** errstr)
+{
+ const uschar * list_ele;
+ const pcre * cre = NULL;
+
+ if (!(list_ele = string_nextinlist(list, sep, NULL, 0)))
+ *errstr = US listerr;
+ else
+ cre = m_pcre_compile(CS list_ele, errstr);
+ return cre;
+}
+
/*************************************************
* Scan content for malware *
*************************************************/
const uschar * scanner_options;
/* make sure the eml mbox file is spooled up */
- mbox_file = spool_mbox(&mbox_size, faking ? eml_filename : NULL);
- if (mbox_file == NULL) /* error while spooling */
+ if (!(mbox_file = spool_mbox(&mbox_size, faking ? eml_filename : NULL)))
return malware_errlog_defer("error while creating mbox spool file");
/* none of our current scanners need the mbox
file as a stream, so we can close it right away */
+ /*XXX drweb and clamd do!! */
(void)fclose(mbox_file);
/* extract the malware regex to match against from the option list */
/* parse 1st option */
if ( (strcmpic(malware_regex,US"false") == 0) ||
- (Ustrcmp(malware_regex,"0") == 0) ) {
- /* explicitly no matching */
- return FAIL;
- }
+ (Ustrcmp(malware_regex,"0") == 0) )
+ return FAIL; /* explicitly no matching */
/* special cases (match anything except empty) */
if ( (strcmpic(malware_regex,US"true") == 0) ||
(Ustrcmp(malware_regex,"*") == 0) ||
- (Ustrcmp(malware_regex,"1") == 0) ) {
+ (Ustrcmp(malware_regex,"1") == 0) )
malware_regex = malware_regex_default;
- }
}
else /* empty means "don't match anything" */
return FAIL;
/* if av_scanner starts with a dollar, expand it first */
if (*av_scanner == '$') {
- av_scanner_work = expand_string(av_scanner);
- if (!av_scanner_work)
+ if (!(av_scanner_work = expand_string(av_scanner)))
return malware_errlog_defer(
string_sprintf("av_scanner starts with $, but expansion failed: %s",
expand_string_message));
- else {
- debug_printf("Expanded av_scanner global: %s\n", av_scanner_work);
- /* disable result caching in this case */
- malware_name = NULL;
- malware_ok = 0;
- }
+
+ debug_printf("Expanded av_scanner global: %s\n", av_scanner_work);
+ /* disable result caching in this case */
+ malware_name = NULL;
+ malware_ok = FALSE;
}
/* Do not scan twice. */
- if (malware_ok == 0) {
+ if (!malware_ok) {
/* find the scanner type from the av_scanner option */
if (!(scanner_name = string_nextinlist(&av_scanner_work, &sep, NULL, 0)))
int sock;
uschar * scanrequest;
uschar buf[32768], *strhelper, *strhelper2;
+ uschar * malware_name_internal = NULL;
if ((sock = m_tcpsocket_fromdef(scanner_options, &errstr)) < 0)
return fprotd_errlog_defer(errstr);
/* We get a lot of empty lines, so we need this hack to check for any data at all */
while( recv(sock, buf, 1, MSG_PEEK) > 0 ) {
- if ( recv_line(sock, buf, 32768) > 0) {
+ if ( recv_line(sock, buf, sizeof(buf)) > 0) {
if ( Ustrstr(buf, US"<detected type=\"") != NULL )
detected = 1;
else if ( detected && (strhelper = Ustrstr(buf, US"<name>")) ) {
string_sprintf("unable to send file body to socket (%s)", scanner_options));
}
(void)close(drweb_fd);
- }
- else {
+
+ } else {
+
if((sock = m_unixsocket(scanner_options, &errstr)) < 0)
return drweb_errlog_defer(errstr);
int i;
/* setup default virus name */
- malware_name_internal = "unknown";
- malware_name = malware_name_internal;
+ malware_name = "unknown";
/* set up match regex */
drweb_re = m_pcre_compile( "infected\\swith\\s*(.+?)$", &errstr);
pcre_get_substring(CS tmpbuf, ovector, result, 1, &pre_malware_nb);
- /* the first name we just copy to malware_name */
- if (i==0)
- malware_name_internal = string_append(NULL, &size, &off,
+ if (i==0) /* the first name we just copy to malware_name */
+ malware_name = string_append(NULL, &size, &off,
1, pre_malware_nb);
- else
- /* concatenate each new virus name to previous */
- malware_name_internal = string_append(malware_name_internal,
- &size, &off, 2, "/", pre_malware_nb);
+
+ else /* concatenate each new virus name to previous */
+ malware_name = string_append(malware_name, &size, &off,
+ 2, "/", pre_malware_nb);
pcre_free_substring(pre_malware_nb);
}
debug_printf("aveserver: %s\n", buf);
if (buf[0] == '2')
break;
- if (buf[0] == '5') {
- /* aveserver is having problems */
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: unable to scan file %s (Responded: %s).",
- eml_filename, buf);
- result = DEFER;
+ if (buf[0] == '5') { /* aveserver is having problems */
+ result = aves_errlog_defer(
+ string_sprintf("unable to scan file %s (Responded: %s).",
+ eml_filename, buf));
break;
} else if (Ustrncmp(buf,"322",3) == 0) {
uschar *p = Ustrchr(&buf[4],' ');
*p = '\0';
- malware_name_internal = string_copy(&buf[4]);
- malware_name = malware_name_internal;
+ malware_name = string_copy(&buf[4]);
}
}
- /* prepare our command */
- (void)string_format(buf, sizeof(buf), "quit\r\n");
-
/* and send it */
- if (m_sock_send(sock, buf, Ustrlen(buf), &errstr) < 0)
+ if (m_sock_send(sock, "quit\r\n", 6, &errstr) < 0)
return aves_errlog_defer(errstr);
/* read aveserver's greeting and see if it is ready (2xx greeting) */
int report_flag = 0;
/* setup default virus name */
- malware_name_internal = string_copy("unknown");
- malware_name = malware_name_internal;
+ malware_name = "unknown";
report_flag = tmpbuf[ test_byte_order() == LITTLE_MY_ENDIAN ? 1 : 0 ];
case M_CMDL: /* "cmdline" scanner type ---------------------------------- */
{
const uschar *cmdline_scanner = scanner_options;
- uschar *cmdline_trigger;
const pcre *cmdline_trigger_re;
- uschar *cmdline_regex;
const pcre *cmdline_regex_re;
uschar * file_name;
uschar * commandline;
return cmdl_errlog_defer("missing commandline specification");
/* find scanner output trigger */
- if (!(cmdline_trigger = string_nextinlist(&av_scanner_work, &sep, NULL, 0)))
- return cmdl_errlog_defer("missing trigger specification");
-
- /* precompile trigger regex */
- if (!(cmdline_trigger_re = m_pcre_compile(CS cmdline_trigger, &errstr)))
+ cmdline_trigger_re = m_pcre_nextinlist(&av_scanner_work, &sep,
+ "missing trigger specification", &errstr);
+ if (!cmdline_trigger_re)
return cmdl_errlog_defer(errstr);
/* find scanner name regex */
- if (!(cmdline_regex = string_nextinlist(&av_scanner_work, &sep, NULL, 0)))
- return cmdl_errlog_defer("missing virus name regex specification");
-
- /* precompile name regex */
- if (!(cmdline_regex_re = m_pcre_compile(CS cmdline_regex, &errstr)))
+ cmdline_regex_re = m_pcre_nextinlist(&av_scanner_work, &sep,
+ "missing virus name regex specification", &errstr);
+ if (!cmdline_regex_re)
return cmdl_errlog_defer(errstr);
/* prepare scanner call; despite the naming, file_name holds a directory
}
/* look for trigger while recording output */
- while(fgets(CS linebuffer, sizeof(linebuffer), scanner_out) != NULL) {
+ while(fgets(CS linebuffer, sizeof(linebuffer), scanner_out)) {
if ( Ustrlen(linebuffer) > fwrite(linebuffer, 1, Ustrlen(linebuffer), scanner_record) ) {
/* short write */
pclose(scanner_out);
/* re-open the scanner output file, look for name match */
scanner_record = fopen(CS file_name, "rb");
- while(fgets(CS linebuffer,32767,scanner_record) != NULL) {
+ while(fgets(CS linebuffer, sizeof(linebuffer), scanner_record)) {
/* try match */
if ((s = m_pcre_exec(cmdline_regex_re, linebuffer)))
malware_name = s;
/* infected ? */
if (av_buffer[0] == '1') {
- if (Ustrchr(av_buffer, '\n')) *Ustrchr(av_buffer, '\n') = '\0';
- malware_name_internal = string_copy(&av_buffer[2]);
- malware_name = malware_name_internal;
+ uschar * s = Ustrchr(av_buffer, '\n');
+ if (s)
+ *s = '\0';
+ malware_name = string_copy(&av_buffer[2]);
}
else if (!strncmp(CS av_buffer, "-1", 2))
return soph_errlog_defer("scanner reported error");
uschar * file_name;
uschar av_buffer[1024];
uschar *hostname = "";
- struct in_addr in;
+ host_item connhost;
uschar *clamav_fbuf;
int clam_fd, result;
unsigned int fsize;
* on both connections (as one host could resolve to multiple ips) */
sock= m_tcpsocket(CS clamd_address_vector[current_server]->tcp_addr,
clamd_address_vector[current_server]->tcp_port,
- &in, &errstr);
+ &connhost, &errstr);
if (sock >= 0) {
/* Connection successfully established with a server */
hostname = clamd_address_vector[current_server]->tcp_addr;
av_buffer2));
}
- if ( (sockData = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
- int err = errno;
+ sockData = m_tcpsocket(connhost.address, port, NULL, &errstr);
+ if (sockData < 0) {
(void)close(sock);
- return clmd_errlog_defer(
- string_sprintf("unable to acquire socket (%s)", strerror(err)));
- }
-
- if (ip_connect(sockData, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- int err = errno;
- (void)close(sockData); (void)close(sock);
- return clmd_errlog_defer(
- string_sprintf("connection to %s, port %u failed (%s)",
- inet_ntoa(in), port, strerror(err)));
+ return clmd_errlog_defer(errstr);
}
#define CLOSE_SOCKDATA (void)close(sockData)
if (p)
*p = '\0';
}
- malware_name_internal = string_copy(vname);
- malware_name = malware_name_internal;
+ malware_name = string_copy(vname);
DEBUG(D_acl) debug_printf("Malware found, name \"%s\"\n", malware_name);
} else if (Ustrcmp(result_tag, "ERROR") == 0)
uschar * linebuffer;
uschar *sockline_scanner;
uschar sockline_scanner_default[] = "%s\n";
- uschar *sockline_trigger;
const pcre *sockline_trig_re;
- uschar *sockline_regex;
const pcre *sockline_name_re;
/* find scanner command line */
sockline_scanner = sockline_scanner_default;
/* find scanner output trigger */
- if (!(sockline_trigger = string_nextinlist(&av_scanner_work, &sep,
- NULL, 0)))
- return sock_errlog_defer("missing trigger specification");
-
- /* precompile trigger regex */
- if (!(sockline_trig_re = m_pcre_compile(CS sockline_trigger, &errstr)))
+ sockline_trig_re = m_pcre_nextinlist(&av_scanner_work, &sep,
+ "missing trigger specification", &errstr);
+ if (!sockline_trig_re)
return sock_errlog_defer(errstr);
/* find virus name regex */
- if (!(sockline_regex = string_nextinlist(&av_scanner_work, &sep,
- NULL, 0)))
- return sock_errlog_defer("missing virus name regex specification");
-
- /* precompile name regex */
- if (!(sockline_name_re = m_pcre_compile(CS sockline_regex, &errstr)))
+ sockline_name_re = m_pcre_nextinlist(&av_scanner_work, &sep,
+ "missing virus name regex specification", &errstr);
+ if (!sockline_name_re)
return sock_errlog_defer(errstr);
/* prepare scanner call */
}
}
- /* set "been here, done that" marker */
- malware_ok = 1;
+ malware_ok = TRUE; /* set "been here, done that" marker */
}
/* match virus name against pattern (caseless ------->----------v) */
- if ( (malware_name != NULL) &&
- (regex_match_and_setup(re, malware_name, 0, -1)) ) {
+ if ( malware_name && (regex_match_and_setup(re, malware_name, 0, -1)) ) {
DEBUG(D_acl) debug_printf("Matched regex to malware [%s] [%s]\n", malware_regex, malware_name);
return OK;
}
if (((p-line) > 5) && (line[3] == ' '))
if (((p = strchr (line+4, ' ')) != NULL) && ((p-line) > 4)) {
*p = '\0';
- malware_name_internal = string_copy(line+4);
- malware_name = malware_name_internal;
+ malware_name = string_copy(line+4);
return OK;
}
}
git://git.exim.org / users / jgh / exim.git / blobdiff