b151ef55 |
/* |
ace125c7 |
* Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net> |
4775d04e |
* Trog <trog@clamav.net> |
b151ef55 |
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
|
e6b842b3 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
b151ef55 |
#include <pthread.h> |
4775d04e |
#include <errno.h> |
b151ef55 |
#include <signal.h> |
4775d04e |
#include <stdio.h> |
521b19b4 |
#include <string.h> |
4775d04e |
#include <time.h> |
521b19b4 |
#include <sys/types.h>
#include <sys/socket.h> |
828266a0 |
#include <unistd.h> |
b151ef55 |
#include "server.h" |
4775d04e |
#include "thrmgr.h" |
ace125c7 |
#include "session.h" |
4775d04e |
#include "defaults.h"
#include "clamuko.h"
#include "others.h" |
36f2038b |
#include "memory.h"
#include "shared.h"
#include "output.h" |
b151ef55 |
|
4775d04e |
#define BUFFSIZE 1024
#define FALSE (0)
#define TRUE (1) |
b151ef55 |
|
4775d04e |
int progexit = 0;
pthread_mutex_t exit_mutex;
int reload = 0; |
538a6756 |
time_t reloaded_time = 0; |
4775d04e |
pthread_mutex_t reload_mutex; |
98cd56f8 |
int sighup = 0; |
90e447be |
|
4775d04e |
typedef struct client_conn_tag {
int sd;
int options;
const struct cfgstruct *copt; |
538a6756 |
struct cl_node *root;
time_t root_timestamp; |
4775d04e |
const struct cl_limits *limits; |
e0c86955 |
pid_t mainpid; |
4775d04e |
} client_conn_t; |
ace125c7 |
|
4775d04e |
void scanner_thread(void *arg) |
b151ef55 |
{ |
4775d04e |
client_conn_t *conn = (client_conn_t *) arg; |
b151ef55 |
sigset_t sigset; |
85c4356a |
int ret, timeout, session=FALSE; |
6fab5766 |
struct cfgstruct *cpt; |
b151ef55 |
|
4775d04e |
|
b151ef55 |
/* ignore all signals */
sigfillset(&sigset);
pthread_sigmask(SIG_SETMASK, &sigset, NULL);
|
6fab5766 |
if((cpt = cfgopt(conn->copt, "ReadTimeout"))) {
timeout = cpt->numarg;
} else {
timeout = CL_DEFAULT_SCANTIMEOUT;
}
if(!timeout)
timeout = -1;
|
85c4356a |
do {
ret = command(conn->sd, conn->root, conn->limits, conn->options, conn->copt, timeout); |
55b1a5f8 |
if (ret < 0) { |
85c4356a |
break; |
4775d04e |
} |
b151ef55 |
|
85c4356a |
switch(ret) {
case COMMAND_SHUTDOWN:
pthread_mutex_lock(&exit_mutex);
progexit = 1;
kill(conn->mainpid, SIGTERM);
pthread_mutex_unlock(&exit_mutex);
break;
case COMMAND_RELOAD:
pthread_mutex_lock(&reload_mutex);
reload = 1;
pthread_mutex_unlock(&reload_mutex);
break;
case COMMAND_SESSION:
session = TRUE;
break;
case COMMAND_END:
session = FALSE;
break; |
2437a101 |
}
if (session) {
pthread_mutex_lock(&exit_mutex);
if(progexit) {
session = FALSE;
}
pthread_mutex_unlock(&exit_mutex);
pthread_mutex_lock(&reload_mutex); |
538a6756 |
if (conn->root_timestamp != reloaded_time) { |
2437a101 |
session = FALSE;
}
pthread_mutex_unlock(&reload_mutex);
} |
85c4356a |
} while (session);
|
4775d04e |
close(conn->sd); |
538a6756 |
cl_free(conn->root); |
4775d04e |
free(conn);
return; |
b151ef55 |
}
|
4775d04e |
void sighandler_th(int sig) |
b151ef55 |
{ |
4775d04e |
switch(sig) {
case SIGINT:
case SIGTERM:
progexit = 1; |
828266a0 |
break; |
b151ef55 |
|
828266a0 |
case SIGSEGV:
logg("Segmentation fault :-( Bye..\n");
_exit(11); /* probably not reached at all */
break; /* not reached */ |
b151ef55 |
|
828266a0 |
case SIGHUP:
sighup = 1;
break; |
9e2d6abe |
|
c326f0da |
case SIGUSR2:
reload = 1;
break;
|
9e2d6abe |
default:
break; /* Take no action on other signals - e.g. SIGPIPE */ |
4775d04e |
}
} |
b151ef55 |
|
4775d04e |
static struct cl_node *reload_db(struct cl_node *root, const struct cfgstruct *copt, int do_check)
{ |
5aad82e2 |
const char *dbdir; |
d99b1840 |
int retval;
unsigned int virnum = 0; |
4775d04e |
struct cfgstruct *cpt;
static struct cl_stat *dbstat=NULL; |
b151ef55 |
|
9c1c9007 |
|
4775d04e |
if(do_check) {
if(dbstat == NULL) {
logg("No stats for Database check - forcing reload\n");
return root; |
b151ef55 |
}
|
4775d04e |
if(cl_statchkdir(dbstat) == 1) {
logg("SelfCheck: Database modification detected. Forcing reload.\n");
return root;
} else {
logg("SelfCheck: Database status OK.\n");
return NULL; |
b151ef55 |
} |
4775d04e |
} |
b151ef55 |
|
4775d04e |
/* release old structure */
if(root) { |
f91f55e0 |
cl_free(root); |
4775d04e |
root = NULL;
} |
b151ef55 |
|
4775d04e |
if((cpt = cfgopt(copt, "DatabaseDirectory")) || (cpt = cfgopt(copt, "DataDirectory"))) {
dbdir = cpt->strarg;
} else {
dbdir = cl_retdbdir();
}
logg("Reading databases from %s\n", dbdir); |
b151ef55 |
|
4775d04e |
if(dbstat == NULL) {
dbstat = (struct cl_stat *) mmalloc(sizeof(struct cl_stat));
} else {
cl_statfree(dbstat);
} |
5aad47ca |
|
4775d04e |
memset(dbstat, 0, sizeof(struct cl_stat));
cl_statinidir(dbdir, dbstat);
if((retval = cl_loaddbdir(dbdir, &root, &virnum))) {
logg("!reload db failed: %s\n", cl_strerror(retval));
exit(-1);
} |
5aad47ca |
|
4775d04e |
if(!root) {
logg("!load db failed: %s\n", cl_strerror(retval));
exit(-1);
} |
b151ef55 |
|
f91f55e0 |
if((retval = cl_build(root)) != 0) {
logg("!Database initialization error: can't build engine: %s\n", |
4775d04e |
cl_strerror(retval));
exit(-1); |
b151ef55 |
} |
4775d04e |
logg("Database correctly reloaded (%d viruses)\n", virnum); |
b151ef55 |
|
4775d04e |
return root; |
b151ef55 |
}
|
3c572030 |
int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *copt) |
b151ef55 |
{ |
511eef51 |
int new_sd, max_threads, stdopt;
unsigned int options = 0; |
3afc7c49 |
threadpool_t *thr_pool; |
4775d04e |
struct sigaction sigact;
mode_t old_umask; |
b151ef55 |
struct cl_limits limits;
pthread_attr_t thattr;
sigset_t sigset; |
4775d04e |
client_conn_t *client_conn;
struct cfgstruct *cpt; |
2ce1574c |
#ifdef HAVE_STRERROR_R
char buff[BUFFSIZE + 1];
#endif |
4775d04e |
unsigned int selfchk;
time_t start_time, current_time; |
e0c86955 |
pid_t mainpid; |
a0231a19 |
int idletimeout; |
e0c86955 |
|
b151ef55 |
#if defined(C_BIGSTACK) || defined(C_BSD) |
4775d04e |
size_t stacksize; |
b151ef55 |
#endif
|
4775d04e |
#ifdef CLAMUKO
pthread_t clamuko_pid;
pthread_attr_t clamuko_attr; |
36f2038b |
struct thrarg *tharg = NULL; /* shut up gcc */ |
4775d04e |
#endif
memset(&sigact, 0, sizeof(struct sigaction)); |
b151ef55 |
/* save the PID */ |
e0c86955 |
mainpid = getpid(); |
b151ef55 |
if((cpt = cfgopt(copt, "PidFile"))) {
FILE *fd; |
4775d04e |
old_umask = umask(0006); |
b151ef55 |
if((fd = fopen(cpt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", cpt->strarg);
} else { |
e0c86955 |
fprintf(fd, "%d", (int) mainpid); |
b151ef55 |
fclose(fd);
}
umask(old_umask);
}
logg("*Listening daemon: PID: %d\n", getpid()); |
4775d04e |
if((cpt = cfgopt(copt, "MaxThreads"))) {
max_threads = cpt->numarg;
} else {
max_threads = CL_DEFAULT_MAXTHREADS;
} |
b151ef55 |
|
511eef51 |
if(cfgopt(copt, "DisableDefaultScanOptions")) {
logg("RECOMMENDED OPTIONS DISABLED.\n");
stdopt = 0;
} else {
options |= CL_SCAN_STDOPT;
stdopt = 1;
}
if(stdopt || cfgopt(copt, "ScanArchive") || cfgopt(copt, "ClamukoScanArchive")) { |
b151ef55 |
/* set up limits */ |
18a89742 |
memset(&limits, 0, sizeof(struct cl_limits)); |
b151ef55 |
if((cpt = cfgopt(copt, "ArchiveMaxFileSize"))) { |
4775d04e |
if((limits.maxfilesize = cpt->numarg)) { |
b151ef55 |
logg("Archive: Archived file size limit set to %d bytes.\n", limits.maxfilesize); |
4775d04e |
} else { |
b151ef55 |
logg("^Archive: File size limit protection disabled.\n"); |
4775d04e |
} |
b151ef55 |
} else {
limits.maxfilesize = 10485760; |
511eef51 |
logg("Archive: Archived file size limit set to %d bytes.\n", limits.maxfilesize); |
b151ef55 |
}
if((cpt = cfgopt(copt, "ArchiveMaxRecursion"))) { |
4775d04e |
if((limits.maxreclevel = cpt->numarg)) { |
b151ef55 |
logg("Archive: Recursion level limit set to %d.\n", limits.maxreclevel); |
4775d04e |
} else { |
b151ef55 |
logg("^Archive: Recursion level limit protection disabled.\n"); |
4775d04e |
} |
b151ef55 |
} else { |
6761e1ee |
limits.maxreclevel = 8; |
511eef51 |
logg("Archive: Recursion level limit set to %d.\n", limits.maxreclevel); |
b151ef55 |
}
if((cpt = cfgopt(copt, "ArchiveMaxFiles"))) { |
4775d04e |
if((limits.maxfiles = cpt->numarg)) { |
b151ef55 |
logg("Archive: Files limit set to %d.\n", limits.maxfiles); |
4775d04e |
} else { |
b151ef55 |
logg("^Archive: Files limit protection disabled.\n"); |
4775d04e |
} |
b151ef55 |
} else {
limits.maxfiles = 1000; |
511eef51 |
logg("Archive: Files limit set to %d.\n", limits.maxfiles); |
b151ef55 |
}
|
cf899a29 |
if((cpt = cfgopt(copt, "ArchiveMaxCompressionRatio"))) { |
4775d04e |
if((limits.maxratio = cpt->numarg)) { |
cf899a29 |
logg("Archive: Compression ratio limit set to %d.\n", limits.maxratio); |
4775d04e |
} else { |
cf899a29 |
logg("^Archive: Compression ratio limit disabled.\n"); |
4775d04e |
} |
cf899a29 |
} else { |
511eef51 |
limits.maxratio = 250;
logg("Archive: Compression ratio limit set to %d.\n", limits.maxratio); |
cf899a29 |
}
|
b151ef55 |
if(cfgopt(copt, "ArchiveLimitMemoryUsage")) {
limits.archivememlim = 1; |
9c1c9007 |
logg("Archive: Limited memory usage.\n"); |
4775d04e |
} else { |
b151ef55 |
limits.archivememlim = 0; |
4775d04e |
} |
510c466b |
|
b151ef55 |
}
|
89e1684e |
if(stdopt || cfgopt(copt, "ScanArchive")) { |
b151ef55 |
logg("Archive support enabled.\n"); |
06d4e856 |
options |= CL_SCAN_ARCHIVE; |
4cd4319e |
if(cfgopt(copt, "ScanRAR")) { |
728f8802 |
logg("Archive: RAR support enabled.\n"); |
4cd4319e |
} else { |
728f8802 |
logg("Archive: RAR support disabled.\n"); |
06d4e856 |
options |= CL_SCAN_DISABLERAR; |
4cd4319e |
} |
510c466b |
|
8373a9b0 |
if(cfgopt(copt, "ArchiveBlockEncrypted")) { |
728f8802 |
logg("Archive: Blocking encrypted archives.\n"); |
f852d214 |
options |= CL_SCAN_BLOCKENCRYPTED; |
510c466b |
}
|
728f8802 |
if(cfgopt(copt, "ArchiveBlockMax")) {
logg("Archive: Blocking archives that exceed limits.\n"); |
06d4e856 |
options |= CL_SCAN_BLOCKMAX; |
728f8802 |
}
|
b151ef55 |
} else {
logg("Archive support disabled.\n");
}
|
511eef51 |
if(stdopt || cfgopt(copt, "ScanPE")) { |
c2484690 |
logg("Portable Executable support enabled.\n"); |
06d4e856 |
options |= CL_SCAN_PE; |
f8355d13 |
if(cfgopt(copt, "DetectBrokenExecutables")) {
logg("Detection of broken executables enabled.\n"); |
ac4e01f9 |
options |= CL_SCAN_BLOCKBROKEN; |
f8355d13 |
}
|
c2484690 |
} else {
logg("Portable Executable support disabled.\n");
}
|
511eef51 |
if(stdopt || cfgopt(copt, "ScanMail")) { |
b151ef55 |
logg("Mail files support enabled.\n"); |
06d4e856 |
options |= CL_SCAN_MAIL; |
94da957a |
if(cfgopt(copt, "MailFollowURLs")) {
logg("Mail: URL scanning enabled.\n"); |
06d4e856 |
options |= CL_SCAN_MAILURL; |
94da957a |
}
|
b151ef55 |
} else {
logg("Mail files support disabled.\n");
}
|
511eef51 |
if(stdopt || cfgopt(copt, "ScanOLE2")) { |
90e447be |
logg("OLE2 support enabled.\n"); |
06d4e856 |
options |= CL_SCAN_OLE2; |
90e447be |
} else {
logg("OLE2 support disabled.\n");
}
|
511eef51 |
if(stdopt || cfgopt(copt, "ScanHTML")) { |
2fe19b26 |
logg("HTML support enabled.\n"); |
06d4e856 |
options |= CL_SCAN_HTML; |
2fe19b26 |
} else {
logg("HTML support disabled.\n");
}
|
4775d04e |
if((cpt = cfgopt(copt, "SelfCheck"))) {
selfchk = cpt->numarg;
} else {
selfchk = CL_DEFAULT_SELFCHECK;
}
if(!selfchk) {
logg("Self checking disabled.\n");
} else {
logg("Self checking every %d seconds.\n", selfchk);
} |
b151ef55 |
pthread_attr_init(&thattr);
pthread_attr_setdetachstate(&thattr, PTHREAD_CREATE_DETACHED);
|
b5ad6489 |
if(cfgopt(copt, "ClamukoScanOnLine") || cfgopt(copt, "ClamukoScanOnAccess")) |
b151ef55 |
#ifdef CLAMUKO |
e6b842b3 |
{
pthread_attr_init(&clamuko_attr);
pthread_attr_setdetachstate(&clamuko_attr, PTHREAD_CREATE_JOINABLE); |
4775d04e |
|
e6b842b3 |
tharg = (struct thrarg *) mmalloc(sizeof(struct thrarg));
tharg->copt = copt;
tharg->root = root;
tharg->limits = &limits;
tharg->options = options; |
4775d04e |
|
e6b842b3 |
pthread_create(&clamuko_pid, &clamuko_attr, clamukoth, tharg);
} |
b151ef55 |
#else |
6fa27628 |
logg("Clamuko is not available.\n"); |
b151ef55 |
#endif
/* set up signal handling */
sigfillset(&sigset);
sigdelset(&sigset, SIGINT);
sigdelset(&sigset, SIGTERM); |
8d9739ce |
sigdelset(&sigset, SIGSEGV); |
3df88240 |
sigdelset(&sigset, SIGHUP); |
9e2d6abe |
sigdelset(&sigset, SIGPIPE); |
c326f0da |
sigdelset(&sigset, SIGUSR2); |
b151ef55 |
sigprocmask(SIG_SETMASK, &sigset, NULL); |
4775d04e |
|
8d9739ce |
/* SIGINT, SIGTERM, SIGSEGV */ |
3c572030 |
sigact.sa_handler = sighandler_th; |
b151ef55 |
sigemptyset(&sigact.sa_mask);
sigaddset(&sigact.sa_mask, SIGINT);
sigaddset(&sigact.sa_mask, SIGTERM); |
3df88240 |
sigaddset(&sigact.sa_mask, SIGHUP); |
9e2d6abe |
sigaddset(&sigact.sa_mask, SIGPIPE); |
c326f0da |
sigaddset(&sigact.sa_mask, SIGUSR2); |
b151ef55 |
sigaction(SIGINT, &sigact, NULL);
sigaction(SIGTERM, &sigact, NULL); |
9e2d6abe |
sigaction(SIGHUP, &sigact, NULL);
sigaction(SIGPIPE, &sigact, NULL); |
c326f0da |
sigaction(SIGUSR2, &sigact, NULL);
if(!debug_mode) {
sigaddset(&sigact.sa_mask, SIGHUP); |
4775d04e |
sigaction(SIGSEGV, &sigact, NULL); |
c326f0da |
} |
4775d04e |
|
b151ef55 |
#if defined(C_BIGSTACK) || defined(C_BSD)
/*
* njh@bandsman.co.uk:
* libclamav/scanners.c uses a *huge* buffer
* (128K not BUFSIZ from stdio.h).
* We need to allow for that.
*/
pthread_attr_getstacksize(&thattr, &stacksize); |
e24946ee |
cli_dbgmsg("set stacksize to %u\n", stacksize + SCANBUFF + 64 * 1024);
pthread_attr_setstacksize(&thattr, stacksize + SCANBUFF + 64 * 1024); |
b151ef55 |
#endif
|
4775d04e |
pthread_mutex_init(&exit_mutex, NULL);
pthread_mutex_init(&reload_mutex, NULL); |
b151ef55 |
|
a0231a19 |
if((cpt = cfgopt(copt, "IdleTimeout")))
idletimeout = cpt->numarg;
else
idletimeout = CL_DEFAULT_IDLETIMEOUT;
if((thr_pool=thrmgr_new(max_threads, idletimeout, scanner_thread)) == NULL) { |
50c81a92 |
logg("!thrmgr_new failed\n"); |
4775d04e |
exit(-1);
} |
b151ef55 |
|
4775d04e |
time(&start_time); |
b151ef55 |
|
4775d04e |
for(;;) {
new_sd = accept(socketd, NULL, NULL);
if((new_sd == -1) && (errno != EINTR)) {
/* very bad - need to exit or restart */ |
2ce1574c |
#ifdef HAVE_STRERROR_R |
50c81a92 |
logg("!accept() failed: %s\n", strerror_r(errno, buff, BUFFSIZE)); |
2ce1574c |
#else
logg("!accept() failed\n");
#endif |
b151ef55 |
continue;
}
|
98cd56f8 |
if (sighup) {
logg("SIGHUP caught: re-opening log file.\n");
logg_close();
sighup = 0; |
df4a42fe |
if(!logg_file && (cpt = cfgopt(copt, "LogFile")))
logg_file = cpt->strarg; |
98cd56f8 |
}
|
41d9280e |
if (!progexit && new_sd >= 0) { |
98cd56f8 |
client_conn = (client_conn_t *) mmalloc(sizeof(struct client_conn_tag));
client_conn->sd = new_sd;
client_conn->options = options;
client_conn->copt = copt; |
538a6756 |
client_conn->root = cl_dup(root);
client_conn->root_timestamp = reloaded_time; |
98cd56f8 |
client_conn->limits = &limits; |
e0c86955 |
client_conn->mainpid = mainpid; |
06f64aa7 |
if (!thrmgr_dispatch(thr_pool, client_conn)) {
close(client_conn->sd);
free(client_conn); |
50c81a92 |
logg("!thread dispatch failed\n"); |
06f64aa7 |
} |
98cd56f8 |
} |
4775d04e |
pthread_mutex_lock(&exit_mutex);
if(progexit) { |
41d9280e |
if (new_sd >= 0) {
close(new_sd);
} |
4775d04e |
pthread_mutex_unlock(&exit_mutex);
break; |
b151ef55 |
} |
4775d04e |
pthread_mutex_unlock(&exit_mutex); |
b151ef55 |
|
4775d04e |
if(selfchk) {
time(¤t_time); |
cfa196eb |
if((current_time - start_time) > (time_t)selfchk) { |
4775d04e |
if(reload_db(root, copt, TRUE)) {
pthread_mutex_lock(&reload_mutex);
reload = 1;
pthread_mutex_unlock(&reload_mutex);
}
time(&start_time);
} |
42e6f5a6 |
} |
b151ef55 |
|
4775d04e |
pthread_mutex_lock(&reload_mutex);
if(reload) {
pthread_mutex_unlock(&reload_mutex);
root = reload_db(root, copt, FALSE); |
85c4356a |
pthread_mutex_lock(&reload_mutex);
reload = 0; |
538a6756 |
time(&reloaded_time); |
85c4356a |
pthread_mutex_unlock(&reload_mutex); |
4775d04e |
#ifdef CLAMUKO |
b5ad6489 |
if(cfgopt(copt, "ClamukoScanOnLine") || cfgopt(copt, "ClamukoScanOnAccess")) { |
e6b842b3 |
logg("Stopping and restarting Clamuko.\n");
pthread_kill(clamuko_pid, SIGUSR1);
pthread_join(clamuko_pid, NULL);
tharg->root = root;
pthread_create(&clamuko_pid, &clamuko_attr, clamukoth, tharg);
} |
e8217f5a |
#endif |
4775d04e |
} else {
pthread_mutex_unlock(&reload_mutex);
}
} |
b151ef55 |
|
538a6756 |
/* Destroy the thread manager.
* This waits for all current tasks to end
*/
thrmgr_destroy(thr_pool); |
4775d04e |
#ifdef CLAMUKO |
b5ad6489 |
if(cfgopt(copt, "ClamukoScanOnLine") || cfgopt(copt, "ClamukoScanOnAccess")) { |
e6b842b3 |
logg("Stopping Clamuko.\n");
pthread_kill(clamuko_pid, SIGUSR1);
pthread_join(clamuko_pid, NULL);
} |
c0eb3ceb |
#endif |
538a6756 |
cl_free(root); |
6fa27628 |
logg("*Shutting down the main socket.\n");
shutdown(socketd, 2);
logg("*Closing the main socket.\n");
close(socketd); |
193c72c5 |
#ifndef C_OS2 |
6fa27628 |
if((cpt = cfgopt(copt, "LocalSocket"))) {
if(unlink(cpt->strarg) == -1)
logg("!Can't unlink the socket file %s\n", cpt->strarg);
else
logg("Socket file removed.\n"); |
193c72c5 |
}
#endif |
6fa27628 |
if((cpt = cfgopt(copt, "PidFile"))) {
if(unlink(cpt->strarg) == -1)
logg("!Can't unlink the pid file %s\n", cpt->strarg);
else
logg("Pid file removed.\n");
}
|
4775d04e |
logg("Exiting (clean)\n"); |
828266a0 |
time(¤t_time);
logg("--- Stopped at %s", ctime(¤t_time));
|
4775d04e |
return 0; |
8d9739ce |
} |