-/* $Cambridge: exim/src/src/malware.c,v 1.7 2005/02/17 11:58:26 ph10 Exp $ */
+/* $Cambridge: exim/src/src/malware.c,v 1.14 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
};
/* none of our current scanners need the mbox
file as a stream, so we can close it right away */
- fclose(mbox_file);
+ (void)fclose(mbox_file);
/* extract the malware regex to match against from the option list */
if ((malware_regex = string_nextinlist(&list, &sep,
return DEFER;
};
- /* "drweb" scanner type ----------------------------------------------- */
- /* v0.1 - added support for tcp sockets */
- /* v0.0 - initial release -- support for unix sockets */
- if (strcmpic(scanner_name,US"drweb") == 0) {
- uschar *drweb_options;
- uschar drweb_options_buffer[1024];
- uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock";
- struct sockaddr_un server;
- int sock, result, ovector[30];
- unsigned int port, fsize;
- uschar tmpbuf[1024], *drweb_fbuf;
- uschar scanrequest[1024];
- uschar drweb_match_string[128];
- int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
- drweb_vnum, drweb_slen, drweb_fin = 0x0000;
- unsigned long bread;
- uschar hostname[256];
- struct hostent *he;
- struct in_addr in;
- pcre *drweb_re;
-
- if ((drweb_options = string_nextinlist(&av_scanner_work, &sep,
- drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) {
- /* no options supplied, use default options */
- drweb_options = drweb_options_default;
- };
-
- if (*drweb_options != '/') {
-
- /* extract host and port part */
- if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: invalid socket '%s'", drweb_options);
- return DEFER;
- }
-
- /* Lookup the host */
- if((he = gethostbyname(CS hostname)) == 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: failed to lookup host '%s'", hostname);
- return DEFER;
- }
-
- in = *(struct in_addr *) he->h_addr_list[0];
-
- /* Open the drwebd TCP socket */
- if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to acquire socket (%s)",
- strerror(errno));
- return DEFER;
- }
-
- if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: connection to %s, port %u failed (%s)",
- inet_ntoa(in), port, strerror(errno));
- return DEFER;
- }
-
- /* prepare variables */
- drweb_cmd = htonl(DRWEBD_SCAN_CMD);
- drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
- spool_directory, message_id, message_id);
-
- /* calc file size */
- drweb_fd = open(CS scanrequest, O_RDONLY);
- if (drweb_fd == -1) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't open spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- fsize = lseek(drweb_fd, 0, SEEK_END);
- if (fsize == -1) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't seek spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- drweb_slen = htonl(fsize);
- lseek(drweb_fd, 0, SEEK_SET);
-
- /* send scan request */
- if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
- (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
- (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
- (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
- return DEFER;
- }
-
- drweb_fbuf = (uschar *) malloc (fsize);
- if (!drweb_fbuf) {
- close(sock);
- close(drweb_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to allocate memory %u for file (%s)",
- fsize, scanrequest);
- return DEFER;
- }
-
- result = read (drweb_fd, drweb_fbuf, fsize);
- if (result == -1) {
- close(sock);
- close(drweb_fd);
- free(drweb_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't read spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- close(drweb_fd);
-
- /* send file body to socket */
- if (send(sock, drweb_fbuf, fsize, 0) < 0) {
- close(sock);
- free(drweb_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options);
- return DEFER;
- }
- close(drweb_fd);
- }
- else {
- /* open the drwebd UNIX socket */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: can't open UNIX socket");
- return DEFER;
- }
- server.sun_family = AF_UNIX;
- Ustrcpy(server.sun_path, drweb_options);
- if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
- return DEFER;
- }
-
- /* prepare variables */
- drweb_cmd = htonl(DRWEBD_SCAN_CMD);
- drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
- drweb_slen = htonl(Ustrlen(scanrequest));
-
- /* send scan request */
- if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
- (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
- (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
- (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) ||
- (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
- return DEFER;
- }
- }
-
- /* wait for result */
- if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to read return code");
- return DEFER;
- }
- drweb_rc = ntohl(drweb_rc);
-
- if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: unable to read the number of viruses");
- return DEFER;
- }
- drweb_vnum = ntohl(drweb_vnum);
-
- /* "virus(es) found" if virus number is > 0 */
- if (drweb_vnum)
- {
- int i;
- uschar pre_malware_nb[256];
-
- malware_name = malware_name_buffer;
-
- /* setup default virus name */
- Ustrcpy(malware_name_buffer,"unknown");
-
- /* read and concatenate virus names into one string */
- for (i=0;i<drweb_vnum;i++)
- {
- /* read the size of report */
- if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report size");
- return DEFER;
- };
- drweb_slen = ntohl(drweb_slen);
-
- /* read report body */
- if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report string");
- return DEFER;
- };
- tmpbuf[drweb_slen] = '\0';
-
- /* set up match regex, depends on retcode */
- Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
-
- drweb_re = pcre_compile( CS drweb_match_string,
- PCRE_COPT,
- (const char **)&rerror,
- &roffset,
- NULL );
-
- /* try matcher on the line, grab substring */
- result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
- if (result >= 2) {
- pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255);
- }
- /* the first name we just copy to malware_name */
- if (i==0)
- Ustrcpy(CS malware_name_buffer, CS pre_malware_nb);
- else {
- /* concatenate each new virus name to previous */
- int slen = Ustrlen(malware_name_buffer);
- if (slen < (slen+Ustrlen(pre_malware_nb))) {
- Ustrcat(malware_name_buffer, "/");
- Ustrcat(malware_name_buffer, pre_malware_nb);
- }
- }
- }
- }
- else {
- char *drweb_s = NULL;
-
- if (drweb_rc & DERR_READ_ERR) drweb_s = "read error";
- if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory";
- if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout";
- if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command";
- /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED.
- * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM,
- * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
- * and others are ignored */
- if (drweb_s) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
- close(sock);
- return DEFER;
- }
- /* no virus found */
- malware_name = NULL;
- };
- close(sock);
- }
- /* ----------------------------------------------------------------------- */
+ /* "drweb" scanner type ----------------------------------------------- */
+ /* v0.1 - added support for tcp sockets */
+ /* v0.0 - initial release -- support for unix sockets */
+ if (strcmpic(scanner_name,US"drweb") == 0) {
+ uschar *drweb_options;
+ uschar drweb_options_buffer[1024];
+ uschar drweb_options_default[] = "/usr/local/drweb/run/drwebd.sock";
+ struct sockaddr_un server;
+ int sock, result, ovector[30];
+ unsigned int port, fsize;
+ uschar tmpbuf[1024], *drweb_fbuf;
+ uschar scanrequest[1024];
+ uschar drweb_match_string[128];
+ int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
+ drweb_vnum, drweb_slen, drweb_fin = 0x0000;
+ unsigned long bread;
+ uschar hostname[256];
+ struct hostent *he;
+ struct in_addr in;
+ pcre *drweb_re;
+
+ if ((drweb_options = string_nextinlist(&av_scanner_work, &sep,
+ drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) {
+ /* no options supplied, use default options */
+ drweb_options = drweb_options_default;
+ };
+
+ if (*drweb_options != '/') {
+
+ /* extract host and port part */
+ if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: invalid socket '%s'", drweb_options);
+ return DEFER;
+ }
+
+ /* Lookup the host */
+ if((he = gethostbyname(CS hostname)) == 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: failed to lookup host '%s'", hostname);
+ return DEFER;
+ }
+
+ in = *(struct in_addr *) he->h_addr_list[0];
+
+ /* Open the drwebd TCP socket */
+ if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to acquire socket (%s)",
+ strerror(errno));
+ return DEFER;
+ }
+
+ if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: connection to %s, port %u failed (%s)",
+ inet_ntoa(in), port, strerror(errno));
+ return DEFER;
+ }
+
+ /* prepare variables */
+ drweb_cmd = htonl(DRWEBD_SCAN_CMD);
+ drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml",
+ spool_directory, message_id, message_id);
+
+ /* calc file size */
+ drweb_fd = open(CS scanrequest, O_RDONLY);
+ if (drweb_fd == -1) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't open spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ fsize = lseek(drweb_fd, 0, SEEK_END);
+ if (fsize == -1) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't seek spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ drweb_slen = htonl(fsize);
+ lseek(drweb_fd, 0, SEEK_SET);
+
+ /* send scan request */
+ if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
+ (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
+ return DEFER;
+ }
+
+ drweb_fbuf = (uschar *) malloc (fsize);
+ if (!drweb_fbuf) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to allocate memory %u for file (%s)",
+ fsize, scanrequest);
+ return DEFER;
+ }
+
+ result = read (drweb_fd, drweb_fbuf, fsize);
+ if (result == -1) {
+ (void)close(sock);
+ (void)close(drweb_fd);
+ free(drweb_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't read spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ (void)close(drweb_fd);
+
+ /* send file body to socket */
+ if (send(sock, drweb_fbuf, fsize, 0) < 0) {
+ (void)close(sock);
+ free(drweb_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options);
+ return DEFER;
+ }
+ (void)close(drweb_fd);
+ }
+ else {
+ /* open the drwebd UNIX socket */
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: can't open UNIX socket");
+ return DEFER;
+ }
+ server.sun_family = AF_UNIX;
+ Ustrcpy(server.sun_path, drweb_options);
+ if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
+ return DEFER;
+ }
+
+ /* prepare variables */
+ drweb_cmd = htonl(DRWEBD_SCAN_CMD);
+ drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
+ drweb_slen = htonl(Ustrlen(scanrequest));
+
+ /* send scan request */
+ if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
+ (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) ||
+ (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0)) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
+ return DEFER;
+ }
+ }
+
+ /* wait for result */
+ if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to read return code");
+ return DEFER;
+ }
+ drweb_rc = ntohl(drweb_rc);
+
+ if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: unable to read the number of viruses");
+ return DEFER;
+ }
+ drweb_vnum = ntohl(drweb_vnum);
+
+ /* "virus(es) found" if virus number is > 0 */
+ if (drweb_vnum)
+ {
+ int i;
+ uschar pre_malware_nb[256];
+
+ malware_name = malware_name_buffer;
+
+ /* setup default virus name */
+ Ustrcpy(malware_name_buffer,"unknown");
+
+ /* read and concatenate virus names into one string */
+ for (i=0;i<drweb_vnum;i++)
+ {
+ /* read the size of report */
+ if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: cannot read report size");
+ return DEFER;
+ };
+ drweb_slen = ntohl(drweb_slen);
+
+ /* read report body */
+ if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: cannot read report string");
+ return DEFER;
+ };
+ tmpbuf[drweb_slen] = '\0';
+
+ /* set up match regex, depends on retcode */
+ Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
+
+ drweb_re = pcre_compile( CS drweb_match_string,
+ PCRE_COPT,
+ (const char **)&rerror,
+ &roffset,
+ NULL );
+
+ /* try matcher on the line, grab substring */
+ result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
+ if (result >= 2) {
+ pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255);
+ }
+ /* the first name we just copy to malware_name */
+ if (i==0)
+ Ustrcpy(CS malware_name_buffer, CS pre_malware_nb);
+ else {
+ /* concatenate each new virus name to previous */
+ int slen = Ustrlen(malware_name_buffer);
+ if (slen < (slen+Ustrlen(pre_malware_nb))) {
+ Ustrcat(malware_name_buffer, "/");
+ Ustrcat(malware_name_buffer, pre_malware_nb);
+ }
+ }
+ }
+ }
+ else {
+ char *drweb_s = NULL;
+
+ if (drweb_rc & DERR_READ_ERR) drweb_s = "read error";
+ if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory";
+ if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout";
+ if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command";
+ /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED.
+ * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM,
+ * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
+ * and others are ignored */
+ if (drweb_s) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
+ (void)close(sock);
+ return DEFER;
+ }
+ /* no virus found */
+ malware_name = NULL;
+ };
+ (void)close(sock);
+ }
+ /* ----------------------------------------------------------------------- */
else if (strcmpic(scanner_name,US"aveserver") == 0) {
uschar *kav_options;
uschar kav_options_buffer[1024];
uschar buf[32768];
struct sockaddr_un server;
int sock;
+ int result;
if ((kav_options = string_nextinlist(&av_scanner_work, &sep,
kav_options_buffer,
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, kav_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to aveserver UNIX socket (%s). errno=%d", kav_options, errno);
return DEFER;
if (buf[0] != '2') {
/* aveserver is having problems */
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: aveserver is unavailable (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") );
return DEFER;
};
/* prepare our command */
- snprintf(CS buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id);
+ (void)string_format(buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id);
/* and send it */
if (send(sock, buf, Ustrlen(buf), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options);
return DEFER;
}
malware_name = NULL;
+ result = 0;
/* read response lines, find malware name and final response */
while (recv_line(sock, buf, 32768) > 0) {
debug_printf("aveserver: %s\n", buf);
- if (buf[0] == '2') break;
- if (Ustrncmp(buf,"322",3) == 0) {
+ if (buf[0] == '2') {
+ break;
+ } else if (buf[0] == '5') {
+ /* aveserver is having problems */
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: unable to scan file %s/scan/%s/%s.eml (Responded: %s).",
+ spool_directory, message_id, message_id, buf);
+ result = DEFER;
+ break;
+ } else if (Ustrncmp(buf,"322",3) == 0) {
uschar *p = Ustrchr(&buf[4],' ');
*p = '\0';
Ustrcpy(malware_name_buffer,&buf[4]);
malware_name = malware_name_buffer;
- };
+ };
+ }
+
+ /* prepare our command */
+ (void)string_format(buf, 32768, "quit\r\n");
+
+ /* and send it */
+ if (send(sock, buf, Ustrlen(buf), 0) < 0) {
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options);
+ return DEFER;
}
- close(sock);
+ /* read aveserver's greeting and see if it is ready (2xx greeting) */
+ recv_line(sock, buf, 32768);
+
+ if (buf[0] != '2') {
+ /* aveserver is having problems */
+ (void)close(sock);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: unable to quit aveserver dialogue (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") );
+ return DEFER;
+ };
+
+ (void)close(sock);
+
+ if (result == DEFER) return DEFER;
}
/* "fsecure" scanner type ------------------------------------------------- */
else if (strcmpic(scanner_name,US"fsecure") == 0) {
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, fsecure_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to fsecure socket %s (%s)",
fsecure_options, strerror(errno));
for (i=0; i != 4; i++) {
/* debug_printf("send option \"%s\"",cmdoptions[i]); */
if (write(sock, cmdoptions[i], Ustrlen(cmdoptions[i])) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write fsecure option %d to %s (%s)",
i, fsecure_options, strerror(errno));
bread = read(sock, av_buffer, sizeof(av_buffer));
if (bread >0) av_buffer[bread]='\0';
if (bread < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read fsecure answer %d (%s)", i, strerror(errno));
return DEFER;
};
/* pass the mailfile to fsecure */
- snprintf(CS file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id);
+ (void)string_format(file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id);
/* debug_printf("send scan %s",file_name); */
if (write(sock, file_name, Ustrlen(file_name)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write fsecure scan to %s (%s)",
fsecure_options, strerror(errno));
do {
bread=read(sock, &av_buffer[i], 1);
if (bread < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read fsecure result (%s)", strerror(errno));
return DEFER;
};
}
while (Ustrstr(av_buffer, "OK\tScan ok.") == NULL);
- close(sock);
+ (void)close(sock);
}
/* ----------------------------------------------------------------------- */
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, kav_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to kavdaemon UNIX socket (%s). errno=%d", kav_options, errno);
return DEFER;
/* get current date and time, build scan request */
time(&t);
strftime(CS tmpbuf, sizeof(tmpbuf), "<0>%d %b %H:%M:%S:%%s/scan/%%s", localtime(&t));
- snprintf(CS scanrequest, 1024,CS tmpbuf, spool_directory, message_id);
+ (void)string_format(scanrequest, 1024,CS tmpbuf, spool_directory, message_id);
/* send scan request */
if (send(sock, scanrequest, Ustrlen(scanrequest)+1, 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to kavdaemon UNIX socket (%s)", kav_options);
return DEFER;
/* wait for result */
if ((bread = recv(sock, tmpbuf, 2, 0) != 2)) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read 2 bytes from kavdaemon socket.");
return DEFER;
/* improper kavdaemon configuration */
if ( (kav_rc == 5) || (kav_rc == 6) ) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: please reconfigure kavdaemon to NOT disinfect or remove infected files.");
return DEFER;
};
if (kav_rc == 1) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: kavdaemon reported 'scanning not completed' (code 1).");
return DEFER;
};
if (kav_rc == 7) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: kavdaemon reported 'kavdaemon damaged' (code 7).");
return DEFER;
if( report_flag == 1 ) {
/* read report size */
if ((bread = recv(sock, &kav_reportlen, 4, 0)) != 4) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: cannot read report size from kavdaemon");
return DEFER;
malware_name = NULL;
};
- close(sock);
+ (void)close(sock);
}
/* ----------------------------------------------------------------------- */
};
/* prepare scanner call */
- snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
- snprintf(CS commandline,1024, CS cmdline_scanner,file_name);
+ (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id);
+ (void)string_format(commandline,1024, CS cmdline_scanner,file_name);
/* redirect STDERR too */
Ustrcat(commandline," 2>&1");
return DEFER;
};
- snprintf(CS file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
- scanner_record = fopen(CS file_name,"w");
+ (void)string_format(file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
+ scanner_record = modefopen(file_name,"wb",SPOOL_MODE);
if (scanner_record == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
trigger = 1;
};
- fclose(scanner_record);
+ (void)fclose(scanner_record);
pclose(scanner_out);
signal(SIGCHLD,eximsigchld);
signal(SIGPIPE,eximsigpipe);
malware_name = malware_name_buffer;
/* re-open the scanner output file, look for name match */
- scanner_record = fopen(CS file_name,"r");
+ scanner_record = fopen(CS file_name,"rb");
while(fgets(CS linebuffer,32767,scanner_record) != NULL) {
/* try match */
result = pcre_exec(cmdline_regex_re, NULL, CS linebuffer, Ustrlen(linebuffer), 0, 0, ovector, 30);
pcre_copy_substring(CS linebuffer, ovector, result, 1, CS malware_name_buffer, 255);
};
};
- fclose(scanner_record);
+ (void)fclose(scanner_record);
}
else {
/* no virus found */
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, sophie_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to sophie UNIX socket (%s). errno=%d", sophie_options, errno);
return DEFER;
}
/* pass the scan directory to sophie */
- snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
+ (void)string_format(file_name,1024,"%s/scan/%s", spool_directory, message_id);
if (write(sock, file_name, Ustrlen(file_name)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options);
return DEFER;
};
- write(sock, "\n", 1);
+ (void)write(sock, "\n", 1);
/* wait for result */
memset(av_buffer, 0, sizeof(av_buffer));
if ((!(bread = read(sock, av_buffer, sizeof(av_buffer))) > 0)) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options);
return DEFER;
};
- close(sock);
+ (void)close(sock);
/* infected ? */
if (av_buffer[0] == '1') {
}
if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: connection to %s, port %u failed (%s)",
inet_ntoa(in), port, strerror(errno));
/* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
- snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
+ (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
/* Pass the string to ClamAV (7 = "STREAM\n") */
if (send(sock, "STREAM\n", 7, 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
}
if (ip_connect(sockData, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
- close(sockData);
+ (void)close(sockData);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: connection to %s, port %u failed (%s)",
inet_ntoa(in), port, strerror(errno));
return DEFER;
}
- snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
- spool_directory, message_id, message_id);
-
- /* calc file size */
- clam_fd = open(CS scanrequest, O_RDONLY);
- if (clam_fd == -1) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: can't open spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- fsize = lseek(clam_fd, 0, SEEK_END);
- if (fsize == -1) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: can't seek spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- lseek(clam_fd, 0, SEEK_SET);
-
- clamav_fbuf = (uschar *) malloc (fsize);
- if (!clamav_fbuf) {
- close(sockData);
- close(clam_fd);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: unable to allocate memory %u for file (%s)",
- fsize, scanrequest);
- return DEFER;
- }
-
- result = read (clam_fd, clamav_fbuf, fsize);
- if (result == -1) {
- close(sockData);
- close(clam_fd);
- free(clamav_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: can't read spool file %s: %s",
- scanrequest, strerror(errno));
- return DEFER;
- }
- close(clam_fd);
-
- /* send file body to socket */
- if (send(sockData, clamav_fbuf, fsize, 0) < 0) {
- close(sockData);
- free(clamav_fbuf);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: clamd: unable to send file body to socket (%s:%u)", hostname, port);
- return DEFER;
- }
- free(clamav_fbuf);
- close(sockData);
+ (void)string_format(scanrequest, 1024,CS"%s/scan/%s/%s.eml",
+ spool_directory, message_id, message_id);
+
+ /* calc file size */
+ clam_fd = open(CS scanrequest, O_RDONLY);
+ if (clam_fd == -1) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: can't open spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ fsize = lseek(clam_fd, 0, SEEK_END);
+ if (fsize == -1) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: can't seek spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ lseek(clam_fd, 0, SEEK_SET);
+
+ clamav_fbuf = (uschar *) malloc (fsize);
+ if (!clamav_fbuf) {
+ (void)close(sockData);
+ (void)close(clam_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: unable to allocate memory %u for file (%s)",
+ fsize, scanrequest);
+ return DEFER;
+ }
+
+ result = read (clam_fd, clamav_fbuf, fsize);
+ if (result == -1) {
+ (void)close(sockData);
+ (void)close(clam_fd);
+ free(clamav_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: can't read spool file %s: %s",
+ scanrequest, strerror(errno));
+ return DEFER;
+ }
+ (void)close(clam_fd);
+
+ /* send file body to socket */
+ if (send(sockData, clamav_fbuf, fsize, 0) < 0) {
+ (void)close(sockData);
+ free(clamav_fbuf);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: clamd: unable to send file body to socket (%s:%u)", hostname, port);
+ return DEFER;
+ }
+ free(clamav_fbuf);
+ (void)close(sockData);
}
}
else {
Ustrcpy(server.sun_path, clamd_options);
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: unable to connect to UNIX socket %s (%s)",
clamd_options, strerror(errno) );
/* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
- snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
+ (void)string_format(file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
strerror(errno));
return DEFER;
/* Read the result */
memset(av_buffer, 0, sizeof(av_buffer));
bread = read(sock, av_buffer, sizeof(av_buffer));
- close(sock);
+ (void)close(sock);
if (!(bread > 0)) {
log_write(0, LOG_MAIN|LOG_PANIC,
/* Check the result. ClamAV Returns
infected: -> "<filename>: <virusname> FOUND"
not-infected: -> "<filename>: OK"
- error: -> "<filename>: <errcode> ERROR */
+ error: -> "<filename>: <errcode> ERROR */
if (!(*av_buffer)) {
log_write(0, LOG_MAIN|LOG_PANIC,
return DEFER;
}
+ /* strip newline at the end */
+ p = av_buffer + Ustrlen(av_buffer) - 1;
+ if( *p == '\n' ) *p = '\0';
+
/* colon in returned output? */
if((p = Ustrrchr(av_buffer,':')) == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
return DEFER;
}
- /* strip filename strip CR at the end */
+ /* strip filename */
++p;
while (*p == ' ') ++p;
vname = p;
- p = vname + Ustrlen(vname) - 1;
- if( *p == '\n' ) *p = '\0';
-
if ((p = Ustrstr(vname, "FOUND"))!=NULL) {
*p=0;
for (--p;p>vname && *p<=32;p--) *p=0;
mksd_options_buffer,
sizeof(mksd_options_buffer))) != NULL) {
mksd_maxproc = (int) strtol(CS mksd_options, &mksd_options_end, 10);
- if ((*mksd_options == '\0') || (*mksd_options_end != '\0') ||
- (mksd_maxproc < 1) || (mksd_maxproc > 32)) {
+ if ((*mksd_options == '\0') || (*mksd_options_end != '\0') ||
+ (mksd_maxproc < 1) || (mksd_maxproc > 32)) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: mksd: invalid option '%s'", mksd_options);
return DEFER;
server.sun_family = AF_UNIX;
Ustrcpy(server.sun_path, "/var/run/mksd/socket");
if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
- close(sock);
+ (void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to connect to mksd UNIX socket (/var/run/mksd/socket). errno=%d", errno);
return DEFER;
if (((p = strchr (line+4, ' ')) != NULL) && ((p-line) > 4)) {
(*p) = '\0';
Ustrcpy (malware_name_buffer, line+4);
- malware_name = malware_name_buffer;
+ malware_name = malware_name_buffer;
return OK;
}
}