-/* $Cambridge: exim/src/src/malware.c,v 1.9 2005/06/06 18:49:35 tom Exp $ */
+/* $Cambridge: exim/src/src/malware.c,v 1.16 2008/03/27 13:16:52 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#define SHUT_WR 1
#endif
+
+#define MALWARE_TIMEOUT 120
+
+
#define DRWEBD_SCAN_CMD (1) /* scan file, buffer or diskfile */
#define DRWEBD_RETURN_VIRUSES (1<<0) /* ask daemon return to us viruses names from report */
#define DRWEBD_IS_MAIL (1<<19) /* say to daemon that format is "archive MAIL" */
};
/* none of our current scanners need the mbox
file as a stream, so we can close it right away */
- fclose(mbox_file);
+ (void)fclose(mbox_file);
/* extract the malware regex to match against from the option list */
if ((malware_regex = string_nextinlist(&list, &sep,
return DEFER;
};
+ /* "f-protd" scanner type ----------------------------------------------- */
+ if (strcmpic(scanner_name, US"f-protd") == 0) {
+ uschar *fp_options, *fp_scan_option;
+ uschar fp_scan_option_buffer[1024];
+ uschar fp_options_buffer[1024];
+ uschar fp_options_default[] = "localhost 10200-10204";
+ uschar hostname[256];
+ unsigned int port, portlow, porthigh, connect_ok=0, detected=0, par_count = 0;
+ struct hostent *he;
+ struct in_addr in;
+ int sock;
+ uschar scanrequest[2048], buf[32768], *strhelper, *strhelper2;
+
+ if ((fp_options = string_nextinlist(&av_scanner_work, &sep,
+ fp_options_buffer, sizeof(fp_options_buffer))) == NULL) {
+ /* no options supplied, use default options */
+ fp_options = fp_options_default;
+ };
+
+ /* extract host and port part */
+ if ( sscanf(CS fp_options, "%s %u-%u", hostname, &portlow, &porthigh) != 3 ) {
+ if ( sscanf(CS fp_options, "%s %u", hostname, &portlow) != 2 ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: invalid socket '%s'", fp_options);
+ return DEFER;
+ }
+ porthigh = portlow;
+ }
+
+ /* Lookup the host */
+ if((he = gethostbyname(CS hostname)) == 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: failed to lookup host '%s'", hostname);
+ return DEFER;
+ }
+
+ in = *(struct in_addr *) he->h_addr_list[0];
+ port = portlow;
+
+
+ /* Open the f-protd TCP socket */
+ if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: unable to acquire socket (%s)",
+ strerror(errno));
+ return DEFER;
+ }
+
+ /* Try to connect to all portslow-high until connection is established */
+ for (port = portlow; !connect_ok && port < porthigh; port++) {
+ if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) >= 0) {
+ connect_ok = 1;
+ }
+ }
+
+ if ( !connect_ok ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: connection to %s, port %u-%u failed (%s)",
+ inet_ntoa(in), portlow, porthigh, strerror(errno));
+ (void)close(sock);
+ return DEFER;
+ }
+
+ (void)string_format(scanrequest, 1024, CS"GET %s/scan/%s/%s.eml",
+ spool_directory, message_id, message_id);
+
+ while ((fp_scan_option = string_nextinlist(&av_scanner_work, &sep,
+ fp_scan_option_buffer, sizeof(fp_scan_option_buffer))) != NULL) {
+ if ( par_count ) {
+ Ustrcat(scanrequest, "%20");
+ } else {
+ Ustrcat(scanrequest, "?");
+ }
+ Ustrcat(scanrequest, fp_scan_option);
+ par_count++;
+ }
+ Ustrcat(scanrequest, " HTTP/1.0\r\n\r\n");
+
+ /* send scan request */
+ if (send(sock, &scanrequest, Ustrlen(scanrequest)+1, 0) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: f-protd: unable to send command to socket (%s)", scanrequest);
+ return DEFER;
+ }
+
+ /* We get a lot of empty lines, so we need this hack to check for any data at all */
+ while( recv(sock, buf, 1, MSG_PEEK) > 0 ) {
+ if ( recv_line(sock, buf, 32768) > 0) {
+ if ( Ustrstr(buf, US"<detected type=\"") != NULL ) {
+ detected = 1;
+ } else if ( detected && (strhelper = Ustrstr(buf, US"<name>")) ) {
+ if (strhelper2 = Ustrstr(buf, US"</name>")) {
+ *strhelper2 = '\0';
+ Ustrcpy(malware_name_buffer, strhelper + 6);
+ }
+ } else if ( Ustrstr(buf, US"<summary code=\"") ) {
+ if ( Ustrstr(buf, US"<summary code=\"11\">") ) {
+ malware_name = malware_name_buffer;
+ } else {
+ malware_name = NULL;
+ }
+ }
+ }
+ }
+ (void)close(sock);
+ }
/* "drweb" scanner type ----------------------------------------------- */
/* v0.1 - added support for tcp sockets */
/* v0.0 - initial release -- support for unix sockets */
- if (strcmpic(scanner_name,US"drweb") == 0) {
+ else if (strcmpic(scanner_name,US"drweb") == 0) {
uschar *drweb_options;
uschar drweb_options_buffer[1024];
uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock";
}
if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: connection to %s, port %u failed (%s)",
inet_ntoa(in), port, strerror(errno));
/* prepare variables */
drweb_cmd = htonl(DRWEBD_SCAN_CMD);
drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml",
spool_directory, message_id, message_id);
/* calc file size */
drweb_fd = open(CS scanrequest, O_RDONLY);
if (drweb_fd == -1) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: can't open spool file %s: %s",
scanrequest, strerror(errno));
}
fsize = lseek(drweb_fd, 0, SEEK_END);
if (fsize == -1) {
- close(sock);
- close(drweb_fd);
+ (void)close(sock);
+ (void)close(drweb_fd);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: can't seek spool file %s: %s",
scanrequest, strerror(errno));
(send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
(send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
(send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
- close(sock);
- close(drweb_fd);
+ (void)close(sock);
+ (void)close(drweb_fd);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
return DEFER;
drweb_fbuf = (uschar *) malloc (fsize);
if (!drweb_fbuf) {
- close(sock);
- close(drweb_fd);
+ (void)close(sock);
+ (void)close(drweb_fd);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: unable to allocate memory %u for file (%s)",
fsize, scanrequest);
result = read (drweb_fd, drweb_fbuf, fsize);
if (result == -1) {
- close(sock);
- close(drweb_fd);
+ (void)close(sock);
+ (void)close(drweb_fd);
free(drweb_fbuf);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: can't read spool file %s: %s",
scanrequest, strerror(errno));
return DEFER;
}
- close(drweb_fd);
+ (void)close(drweb_fd);
/* send file body to socket */
if (send(sock, drweb_fbuf, fsize, 0) < 0) {
- close(sock);
+ (void)close(sock);
free(drweb_fbuf);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options);
return DEFER;
}
- close(drweb_fd);
+ (void)close(drweb_fd);
}
else {
/* open the drwebd UNIX socket */
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, drweb_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
return DEFER;
/* prepare variables */
drweb_cmd = htonl(DRWEBD_SCAN_CMD);
drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
drweb_slen = htonl(Ustrlen(scanrequest));
/* send scan request */
(send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
(send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) ||
(send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
return DEFER;
/* wait for result */
if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: unable to read return code");
return DEFER;
drweb_rc = ntohl(drweb_rc);
if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: unable to read the number of viruses");
return DEFER;
{
/* read the size of report */
if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: cannot read report size");
return DEFER;
/* read report body */
if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: cannot read report string");
return DEFER;
if (drweb_s) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
- close(sock);
+ (void)close(sock);
return DEFER;
}
/* no virus found */
malware_name = NULL;
};
- close(sock);
+ (void)close(sock);
}
/* ----------------------------------------------------------------------- */
else if (strcmpic(scanner_name,US"aveserver") == 0) {
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, kav_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to aveserver UNIX socket (%s). errno=%d", kav_options, errno);
return DEFER;
if (buf[0] != '2') {
/* aveserver is having problems */
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: aveserver is unavailable (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") );
return DEFER;
};
/* prepare our command */
- snprintf(CS buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id);
+ (void)string_format(buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id);
/* and send it */
if (send(sock, buf, Ustrlen(buf), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options);
return DEFER;
}
/* prepare our command */
- snprintf(CS buf, 32768, "quit\r\n");
+ (void)string_format(buf, 32768, "quit\r\n");
/* and send it */
if (send(sock, buf, Ustrlen(buf), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options);
return DEFER;
if (buf[0] != '2') {
/* aveserver is having problems */
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to quit aveserver dialogue (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") );
return DEFER;
};
- close(sock);
+ (void)close(sock);
if (result == DEFER) return DEFER;
}
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, fsecure_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to fsecure socket %s (%s)",
fsecure_options, strerror(errno));
for (i=0; i != 4; i++) {
/* debug_printf("send option \"%s\"",cmdoptions[i]); */
if (write(sock, cmdoptions[i], Ustrlen(cmdoptions[i])) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write fsecure option %d to %s (%s)",
i, fsecure_options, strerror(errno));
return DEFER;
};
- bread = read(sock, av_buffer, sizeof(av_buffer));
+ bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT);
if (bread >0) av_buffer[bread]='\0';
if (bread < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read fsecure answer %d (%s)", i, strerror(errno));
return DEFER;
};
/* pass the mailfile to fsecure */
- snprintf(CS file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id);
+ (void)string_format(file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id);
/* debug_printf("send scan %s",file_name); */
if (write(sock, file_name, Ustrlen(file_name)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write fsecure scan to %s (%s)",
fsecure_options, strerror(errno));
i = 0;
memset(av_buffer, 0, sizeof(av_buffer));
do {
- bread=read(sock, &av_buffer[i], 1);
+ bread=ip_recv(sock, &av_buffer[i], 1, MALWARE_TIMEOUT);
if (bread < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read fsecure result (%s)", strerror(errno));
return DEFER;
};
}
while (Ustrstr(av_buffer, "OK\tScan ok.") == NULL);
- close(sock);
+ (void)close(sock);
}
/* ----------------------------------------------------------------------- */
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, kav_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to kavdaemon UNIX socket (%s). errno=%d", kav_options, errno);
return DEFER;
/* get current date and time, build scan request */
time(&t);
strftime(CS tmpbuf, sizeof(tmpbuf), "<0>%d %b %H:%M:%S:%%s/scan/%%s", localtime(&t));
- snprintf(CS scanrequest, 1024,CS tmpbuf, spool_directory, message_id);
+ (void)string_format(scanrequest, 1024,CS tmpbuf, spool_directory, message_id);
/* send scan request */
if (send(sock, scanrequest, Ustrlen(scanrequest)+1, 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to kavdaemon UNIX socket (%s)", kav_options);
return DEFER;
/* wait for result */
if ((bread = recv(sock, tmpbuf, 2, 0) != 2)) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read 2 bytes from kavdaemon socket.");
return DEFER;
/* improper kavdaemon configuration */
if ( (kav_rc == 5) || (kav_rc == 6) ) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: please reconfigure kavdaemon to NOT disinfect or remove infected files.");
return DEFER;
};
if (kav_rc == 1) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: kavdaemon reported 'scanning not completed' (code 1).");
return DEFER;
};
if (kav_rc == 7) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: kavdaemon reported 'kavdaemon damaged' (code 7).");
return DEFER;
if( report_flag == 1 ) {
/* read report size */
if ((bread = recv(sock, &kav_reportlen, 4, 0)) != 4) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: cannot read report size from kavdaemon");
return DEFER;
malware_name = NULL;
};
- close(sock);
+ (void)close(sock);
}
/* ----------------------------------------------------------------------- */
};
/* prepare scanner call */
- snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
- snprintf(CS commandline,1024, CS cmdline_scanner,file_name);
+ (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id);
+ (void)string_format(commandline,1024, CS cmdline_scanner,file_name);
/* redirect STDERR too */
Ustrcat(commandline," 2>&1");
return DEFER;
};
- snprintf(CS file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
- scanner_record = fopen(CS file_name,"w");
+ (void)string_format(file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
+ scanner_record = modefopen(file_name,"wb",SPOOL_MODE);
if (scanner_record == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
trigger = 1;
};
- fclose(scanner_record);
+ (void)fclose(scanner_record);
pclose(scanner_out);
signal(SIGCHLD,eximsigchld);
signal(SIGPIPE,eximsigpipe);
malware_name = malware_name_buffer;
/* re-open the scanner output file, look for name match */
- scanner_record = fopen(CS file_name,"r");
+ scanner_record = fopen(CS file_name,"rb");
while(fgets(CS linebuffer,32767,scanner_record) != NULL) {
/* try match */
result = pcre_exec(cmdline_regex_re, NULL, CS linebuffer, Ustrlen(linebuffer), 0, 0, ovector, 30);
pcre_copy_substring(CS linebuffer, ovector, result, 1, CS malware_name_buffer, 255);
};
};
- fclose(scanner_record);
+ (void)fclose(scanner_record);
}
else {
/* no virus found */
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, sophie_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to sophie UNIX socket (%s). errno=%d", sophie_options, errno);
return DEFER;
}
/* pass the scan directory to sophie */
- snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
+ (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id);
if (write(sock, file_name, Ustrlen(file_name)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options);
return DEFER;
};
- write(sock, "\n", 1);
+ (void)write(sock, "\n", 1);
/* wait for result */
memset(av_buffer, 0, sizeof(av_buffer));
- if ((!(bread = read(sock, av_buffer, sizeof(av_buffer))) > 0)) {
- close(sock);
+ if ((!(bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT)) > 0)) {
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options);
return DEFER;
};
- close(sock);
+ (void)close(sock);
/* infected ? */
if (av_buffer[0] == '1') {
}
if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: connection to %s, port %u failed (%s)",
inet_ntoa(in), port, strerror(errno));
/* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
- snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
+ (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
/* Pass the string to ClamAV (7 = "STREAM\n") */
if (send(sock, "STREAM\n", 7, 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
}
memset(av_buffer2, 0, sizeof(av_buffer2));
- bread = read(sock, av_buffer2, sizeof(av_buffer2));
+ bread = ip_recv(sock, av_buffer2, sizeof(av_buffer2), MALWARE_TIMEOUT);
if (bread < 0) {
log_write(0, LOG_MAIN|LOG_PANIC,
}
if (ip_connect(sockData, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sockData);
+ (void)close(sockData);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: connection to %s, port %u failed (%s)",
inet_ntoa(in), port, strerror(errno));
return DEFER;
}
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml",
spool_directory, message_id, message_id);
/* calc file size */
clamav_fbuf = (uschar *) malloc (fsize);
if (!clamav_fbuf) {
- close(sockData);
- close(clam_fd);
+ (void)close(sockData);
+ (void)close(clam_fd);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: unable to allocate memory %u for file (%s)",
fsize, scanrequest);
result = read (clam_fd, clamav_fbuf, fsize);
if (result == -1) {
- close(sockData);
- close(clam_fd);
+ (void)close(sockData);
+ (void)close(clam_fd);
free(clamav_fbuf);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: can't read spool file %s: %s",
scanrequest, strerror(errno));
return DEFER;
}
- close(clam_fd);
+ (void)close(clam_fd);
/* send file body to socket */
if (send(sockData, clamav_fbuf, fsize, 0) < 0) {
- close(sockData);
+ (void)close(sockData);
free(clamav_fbuf);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: unable to send file body to socket (%s:%u)", hostname, port);
return DEFER;
}
free(clamav_fbuf);
- close(sockData);
+ (void)close(sockData);
}
}
else {
Ustrcpy(server.sun_path, clamd_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: unable to connect to UNIX socket %s (%s)",
clamd_options, strerror(errno) );
/* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
- snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
+ (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
/* Read the result */
memset(av_buffer, 0, sizeof(av_buffer));
- bread = read(sock, av_buffer, sizeof(av_buffer));
- close(sock);
+ bread = ip_recv(sock, av_buffer, sizeof(av_buffer), MALWARE_TIMEOUT);
+ (void)close(sock);
if (!(bread > 0)) {
log_write(0, LOG_MAIN|LOG_PANIC,
return DEFER;
}
+ /* strip newline at the end */
+ p = av_buffer + Ustrlen(av_buffer) - 1;
+ if( *p == '\n' ) *p = '\0';
+
/* colon in returned output? */
if((p = Ustrrchr(av_buffer,':')) == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
return DEFER;
}
- /* strip filename strip CR at the end */
+ /* strip filename */
++p;
while (*p == ' ') ++p;
vname = p;
- p = vname + Ustrlen(vname) - 1;
- if( *p == '\n' ) *p = '\0';
-
if ((p = Ustrstr(vname, "FOUND"))!=NULL) {
*p=0;
for (--p;p>vname && *p<=32;p--) *p=0;
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, "/var/run/mksd/socket");
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to mksd UNIX socket (/var/run/mksd/socket). errno=%d", errno);
return DEFER;