| f4265a5a |
/* |
| e1cbc270 |
* Copyright (C) 2007-2013 Sourcefire, Inc. |
| f4265a5a |
*
* Authors: Selim Menouar, Verene Houdebine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
|
| 102cd430 |
#include "clamav.h"
#include "shared/misc.h"
#include "shared/output.h"
|
| f4265a5a |
#ifndef PRELUDE |
| 288057e9 |
void prelude_logging(const char *filename, const char *virname, const char *virhash, int virsize)
{ |
| 102cd430 |
UNUSEDPARAM(filename);
UNUSEDPARAM(virname);
UNUSEDPARAM(virhash);
UNUSEDPARAM(virsize);
|
| f4265a5a |
logg("You have to compile with libprelude using ./configure --enable-prelude\n");
}
#else
#include <libprelude/prelude.h>
#define ANALYZER_MODEL "ClamAV"
#define ANALYZER_CLASS "AntiVirus"
#define ANALYZER_MANUFACTURER "http://www.sourcefire.com"
static prelude_client_t *prelude_client;
|
| 288057e9 |
int idmef_analyzer_setup(idmef_analyzer_t *analyzer, const char *analyzer_name)
{ |
| f4265a5a |
int ret;
prelude_string_t *str;
/* alert->analyzer->name */
ret = idmef_analyzer_new_name(analyzer, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
prelude_string_set_constant(str, analyzer_name);
/* alert->analyzer->model */
ret = idmef_analyzer_new_model(analyzer, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
|
| 288057e9 |
prelude_string_set_constant(str, ANALYZER_MODEL); |
| f4265a5a |
/* alert->analyzer->class */
ret = idmef_analyzer_new_class(analyzer, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
prelude_string_set_constant(str, ANALYZER_CLASS);
/* alert->analyzer->manufacturer */
ret = idmef_analyzer_new_manufacturer(analyzer, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
prelude_string_set_constant(str, ANALYZER_MANUFACTURER);
/* alert->analyzer->version */
ret = idmef_analyzer_new_version(analyzer, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
prelude_string_set_constant(str, get_version());
return 0;
}
|
| 288057e9 |
int prelude_initialize_client(const char *analyzer_name)
{ |
| f4265a5a |
int ret;
prelude_client = NULL;
ret = prelude_init(0, NULL); |
| 288057e9 |
if (ret < 0) { |
| f4265a5a |
logg("Unable to initialize the prelude library : %s", prelude_strerror(ret));
return -1;
}
ret = prelude_client_new(&prelude_client, analyzer_name); |
| 288057e9 |
if (ret < 0) { |
| f4265a5a |
logg("Unable to create a prelude client object : %s", prelude_strerror(ret));
return -1;
}
ret = idmef_analyzer_setup(prelude_client_get_analyzer(prelude_client), analyzer_name); |
| 288057e9 |
if (ret < 0) { |
| f4265a5a |
logg("%s", prelude_strerror(ret));
return -1;
}
ret = prelude_client_start(prelude_client); |
| 288057e9 |
if (ret < 0 || !prelude_client) { |
| f4265a5a |
logg("Unable to start prelude client : %s", prelude_strerror(ret));
prelude_client_destroy(prelude_client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
return -1;
}
|
| 288057e9 |
ret = prelude_client_set_flags(prelude_client, PRELUDE_CLIENT_FLAGS_ASYNC_SEND | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER);
if (ret < 0) { |
| 7cd9337a |
logg("Unable to send asynchronous send and timer : %s", prelude_strerror(ret)); |
| f4265a5a |
prelude_client_destroy(prelude_client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
return -1;
}
return 0;
}
|
| 288057e9 |
int add_string_additional_data(idmef_alert_t *alert, const char *meaning, const char *ptr)
{ |
| f4265a5a |
int ret;
prelude_string_t *str;
idmef_additional_data_t *ad;
idmef_data_t *data;
ret = idmef_alert_new_additional_data(alert, &ad, IDMEF_LIST_APPEND); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
idmef_additional_data_set_type(ad, IDMEF_ADDITIONAL_DATA_TYPE_STRING);
idmef_additional_data_new_data(ad, &data);
ret = idmef_data_set_char_string_ref(data, ptr); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
ret = idmef_additional_data_new_meaning(ad, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
ret = prelude_string_set_ref(str, meaning); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
return 0;
}
|
| 288057e9 |
int add_int_additional_data(idmef_alert_t *alert, const char *meaning, int data)
{ |
| f4265a5a |
int ret;
prelude_string_t *str;
idmef_additional_data_t *ad;
ret = idmef_alert_new_additional_data(alert, &ad, IDMEF_LIST_APPEND); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
idmef_additional_data_set_integer(ad, data);
ret = idmef_additional_data_new_meaning(ad, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
ret = prelude_string_set_ref(str, meaning); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
return ret;
return 0;
}
|
| 288057e9 |
void prelude_logging(const char *filename, const char *virname, const char *virhash, int virsize)
{ |
| f4265a5a |
int ret;
idmef_message_t *idmef = NULL;
idmef_alert_t *alert;
idmef_classification_t *class;
prelude_string_t *str;
idmef_target_t *target;
idmef_file_t *file;
ret = idmef_message_new(&idmef); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
ret = idmef_message_new_alert(idmef, &alert); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
ret = idmef_alert_new_classification(alert, &class); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
ret = idmef_classification_new_text(class, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
prelude_string_set_constant(str, "Virus Found");
ret = idmef_alert_new_target(alert, &target, 0); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
ret = idmef_target_new_file(target, &file, 0); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
ret = idmef_file_new_path(file, &str); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
prelude_string_set_ref(str, filename);
|
| 288057e9 |
if (virname != NULL) { |
| f4265a5a |
ret = add_string_additional_data(alert, "virname", virname); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
}
|
| 288057e9 |
if (virhash != NULL) { |
| f4265a5a |
ret = add_string_additional_data(alert, "virhash", virhash); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
} |
| 288057e9 |
|
| f4265a5a |
ret = add_int_additional_data(alert, "virsize", virsize); |
| 288057e9 |
if (ret < 0) |
| f4265a5a |
goto err;
logg("le client : %s", prelude_client_get_config_filename(prelude_client));
prelude_client_send_idmef(prelude_client, idmef);
idmef_message_destroy(idmef);
return;
err:
if (idmef != NULL)
idmef_message_destroy(idmef);
logg("%s error: %s", prelude_strsource(ret), prelude_strerror(ret));
return;
}
#endif |