b151ef55 |
/* |
4bed6861 |
* Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net> |
b151ef55 |
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
|
29ca066f |
|
8b242bb9 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
b151ef55 |
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h> |
d09e8c7c |
#include <errno.h> |
29ca066f |
#include <signal.h> |
f91f55e0 |
#include <time.h> |
b151ef55 |
#include <sys/types.h> |
622a7127 |
#include <sys/wait.h> |
b151ef55 |
#include <sys/stat.h>
#include <fcntl.h>
#include <pwd.h>
#include <grp.h>
|
36f2038b |
#if defined(USE_SYSLOG) && !defined(C_AIX) |
5aad82e2 |
#include <syslog.h>
#endif
|
b151ef55 |
#include "options.h"
#include "manager.h"
#include "defaults.h"
#include "freshclam.h" |
36f2038b |
#include "output.h" |
819c7c41 |
#include "target.h" |
e441c102 |
#include "misc.h" |
622a7127 |
#include "execute.h" |
b151ef55 |
|
d09e8c7c |
static short terminate = 0; |
622a7127 |
extern int active_children; |
d09e8c7c |
static void daemon_sighandler(int sig) {
switch(sig) { |
622a7127 |
case SIGCHLD:
waitpid(-1, NULL, WNOHANG);
active_children--;
break;
|
4f21daf4 |
case SIGALRM: |
d09e8c7c |
case SIGUSR1: |
f331499e |
terminate = -1; |
d09e8c7c |
break;
case SIGHUP: |
ff8a5bd1 |
terminate = -2; |
d09e8c7c |
break;
default:
terminate = 1;
break;
} |
ff8a5bd1 |
|
d09e8c7c |
return;
}
static void writepid(char *pidfile) {
FILE *fd;
int old_umask;
old_umask = umask(0006);
if((fd = fopen(pidfile, "w")) == NULL) {
logg("!Can't save PID to file %s: %s\n", pidfile, strerror(errno));
} else { |
d927f46c |
fprintf(fd, "%d", (int) getpid()); |
d09e8c7c |
fclose(fd);
}
umask(old_umask);
}
|
e8217f5a |
int freshclam(struct optstruct *opt) |
b151ef55 |
{ |
d927f46c |
int ret = 52; |
0d98d74c |
char *newdir, *cfgfile; |
d09e8c7c |
char *pidfile = NULL; |
0d98d74c |
struct cfgstruct *copt, *cpt; |
d09e8c7c |
struct sigaction sigact;
struct sigaction oldact; |
4bed6861 |
#if !defined(C_CYGWIN) && !defined(C_OS2) |
e3f00f7e |
char *unpuser; |
0d98d74c |
struct passwd *user;
#endif |
f4f0e68d |
struct stat statbuf; |
b151ef55 |
|
50099661 |
if(optc(opt, 'h')) {
free_opt(opt);
help();
} |
b151ef55 |
|
0d98d74c |
/* parse the config file */ |
ae1f747c |
if((cfgfile = getargl(opt, "config-file"))) { |
819c7c41 |
copt = parsecfg(cfgfile, 1); |
0d98d74c |
} else {
/* TODO: force strict permissions on freshclam.conf */ |
819c7c41 |
if((copt = parsecfg((cfgfile = CONFDIR"/freshclam.conf"), 1)) == NULL) |
09b431f0 |
copt = parsecfg((cfgfile = CONFDIR"/clamd.conf"), 1); |
0d98d74c |
}
if(!copt) {
mprintf("!Can't parse the config file %s\n", cfgfile);
return 56;
}
|
026ebd88 |
if(optl(opt, "http-proxy") || optl(opt, "proxy-user"))
mprintf("WARNING: Proxy settings are now only configurable in the config file.\n");
|
f4f0e68d |
if(cfgopt(copt, "HTTPProxyPassword")) {
if(stat(cfgfile, &statbuf) == -1) { |
955e8e42 |
mprintf("@Can't stat %s (critical error)\n", cfgfile); |
f4f0e68d |
return 56;
} |
89a917da |
#ifndef C_CYGWIN |
f4f0e68d |
if(statbuf.st_mode & (S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH)) {
mprintf("@Insecure permissions (for HTTPProxyPassword): %s must have no more than 0700 permissions.\n", cfgfile);
return 56;
} |
89a917da |
#endif |
f4f0e68d |
} |
026ebd88 |
|
4bed6861 |
#if !defined(C_CYGWIN) && !defined(C_OS2) |
f4f0e68d |
/* freshclam shouldn't work with root privileges */ |
026ebd88 |
if(optc(opt, 'u')) {
unpuser = getargc(opt, 'u'); |
ff28b69c |
} else if((cpt = cfgopt(copt, "DatabaseOwner"))) { |
0d98d74c |
unpuser = cpt->strarg; |
026ebd88 |
} else {
unpuser = UNPUSER;
} |
0d98d74c |
|
a6c3fdb9 |
if(!geteuid()) { |
b151ef55 |
if((user = getpwnam(unpuser)) == NULL) {
mprintf("@Can't get information about user %s.\n", unpuser);
exit(60); /* this is critical problem, so we just exit here */
}
|
a3bc3260 |
if(cfgopt(copt, "AllowSupplementaryGroups")) {
#ifdef HAVE_INITGROUPS
if(initgroups(unpuser, user->pw_gid)) {
mprintf("@initgroups() failed.\n");
exit(61);
}
#endif
} else { |
819bbe1f |
#ifdef HAVE_SETGROUPS |
a3bc3260 |
if(setgroups(1, &user->pw_gid)) {
mprintf("@setgroups() failed.\n");
exit(61);
} |
819bbe1f |
#endif |
a3bc3260 |
} |
eeb69538 |
if(setgid(user->pw_gid)) {
mprintf("@setgid(%d) failed.\n", (int) user->pw_gid);
exit(61);
}
if(setuid(user->pw_uid)) {
mprintf("@setuid(%d) failed.\n", (int) user->pw_uid);
exit(61);
} |
b151ef55 |
}
#endif
/* initialize some important variables */
|
0d98d74c |
if(optl(opt, "debug") || cfgopt(copt, "Debug")) |
442d8407 |
cl_debug();
|
7fbb6473 |
if(optc(opt, 'v'))
mprintf_verbose = 1; |
b151ef55 |
|
7fbb6473 |
if(optl(opt, "quiet"))
mprintf_quiet = 1; |
b151ef55 |
|
7fbb6473 |
if(optl(opt, "stdout"))
mprintf_stdout = 1; |
b151ef55 |
if(optc(opt, 'V')) { |
e441c102 |
print_version(); |
7fbb6473 |
exit(0); |
b151ef55 |
}
/* initialize logger */
|
5aad82e2 |
if(cfgopt(copt, "LogVerbose")) |
36f2038b |
logg_verbose = 1; |
5aad82e2 |
|
026ebd88 |
if(optc(opt, 'l')) { |
36f2038b |
logg_file = getargc(opt, 'l'); |
026ebd88 |
if(logg("--------------------------------------\n")) {
mprintf("!Problem with internal logger.\n"); |
e483f51a |
exit(62); |
026ebd88 |
}
} else if((cpt = cfgopt(copt, "UpdateLogFile"))) { |
36f2038b |
logg_file = cpt->strarg; |
b151ef55 |
if(logg("--------------------------------------\n")) {
mprintf("!Problem with internal logger.\n"); |
e483f51a |
exit(62); |
b151ef55 |
} |
0d98d74c |
} else |
36f2038b |
logg_file = NULL; |
b151ef55 |
|
36f2038b |
#if defined(USE_SYSLOG) && !defined(C_AIX) |
096e5bbd |
if(cfgopt(copt, "LogSyslog")) {
int fac = LOG_LOCAL6;
if((cpt = cfgopt(copt, "LogFacility"))) {
if((fac = logg_facility(cpt->strarg)) == -1) {
mprintf("!LogFacility: %s: No such facility.\n", cpt->strarg); |
e483f51a |
exit(62); |
096e5bbd |
}
}
openlog("freshclam", LOG_PID, fac); |
36f2038b |
logg_syslog = 1; |
096e5bbd |
syslog(LOG_INFO, "Daemon started.\n"); |
7fbb6473 |
} |
5aad82e2 |
#endif
|
0d98d74c |
/* change the current working directory */
if(optl(opt, "datadir")) { |
b151ef55 |
newdir = getargl(opt, "datadir"); |
0d98d74c |
} else {
if((cpt = cfgopt(copt, "DatabaseDirectory")))
newdir = cpt->strarg;
else
newdir = VIRUSDBDIR;
} |
b151ef55 |
if(chdir(newdir)) {
mprintf("Can't change dir to %s\n", newdir);
exit(50);
} else |
442d8407 |
mprintf("*Current working dir is %s\n", newdir); |
b151ef55 |
if(optc(opt, 'd')) {
int bigsleep, checks; |
f331499e |
time_t now, wakeup; |
b151ef55 |
|
d09e8c7c |
memset(&sigact, 0, sizeof(struct sigaction));
sigact.sa_handler = daemon_sighandler; |
026ebd88 |
if(optc(opt, 'c')) {
checks = atoi(getargc(opt, 'c')); |
ff28b69c |
} else if((cpt = cfgopt(copt, "Checks"))) { |
0d98d74c |
checks = cpt->numarg; |
026ebd88 |
} else { |
0d98d74c |
checks = CL_DEFAULT_CHECKS; |
026ebd88 |
} |
b151ef55 |
|
881069d7 |
if(checks <= 0) {
mprintf("@Number of checks must be a positive integer.\n"); |
7fbb6473 |
exit(41); |
b151ef55 |
}
|
881069d7 |
if(!cfgopt(copt, "DNSDatabaseInfo")) {
if(checks > 50) {
mprintf("@Number of checks must be between 1 and 50.\n");
exit(41);
}
}
|
0d98d74c |
bigsleep = 24 * 3600 / checks; |
55ae06a5 |
if(!cfgopt(copt, "Foreground"))
daemonize();
|
cb06e8ab |
if (optc(opt, 'p')) {
pidfile = getargc(opt, 'p'); |
d927f46c |
} else if ((cpt = cfgopt(copt, "PidFile"))) { |
d09e8c7c |
pidfile = cpt->strarg;
}
if (pidfile) {
writepid(pidfile);
} |
819c7c41 |
|
622a7127 |
active_children = 0;
|
819c7c41 |
logg("freshclam daemon "VERSION" (OS: "TARGET_OS_TYPE", ARCH: "TARGET_ARCH_TYPE", CPU: "TARGET_CPU_TYPE")\n"); |
b151ef55 |
|
d09e8c7c |
sigaction(SIGTERM, &sigact, NULL);
sigaction(SIGHUP, &sigact, NULL);
sigaction(SIGINT, &sigact, NULL); |
622a7127 |
sigaction(SIGCHLD, &sigact, NULL); |
819c7c41 |
|
d09e8c7c |
while(!terminate) { |
026ebd88 |
ret = download(copt, opt);
|
622a7127 |
if(ret > 1) {
const char *arg = NULL; |
b151ef55 |
|
622a7127 |
if(optl(opt, "on-error-execute"))
arg = getargl(opt, "on-error-execute");
else if((cpt = cfgopt(copt, "OnErrorExecute")))
arg = cpt->strarg; |
026ebd88 |
|
622a7127 |
if(arg)
execute("OnErrorExecute", arg); |
026ebd88 |
} |
b151ef55 |
|
ff8a5bd1 |
logg("--------------------------------------\n"); |
d09e8c7c |
sigaction(SIGALRM, &sigact, &oldact);
sigaction(SIGUSR1, &sigact, &oldact); |
f331499e |
time(&wakeup);
wakeup += bigsleep; |
d09e8c7c |
alarm(bigsleep); |
f331499e |
do {
pause();
time(&now);
} while (!terminate && now < wakeup); |
ff8a5bd1 |
|
f331499e |
if (terminate == -1) { |
08cac58a |
logg("Received signal: wake up\n"); |
f331499e |
terminate = 0; |
ff8a5bd1 |
} else if (terminate == -2) { |
08cac58a |
logg("Received signal: re-opening log file\n"); |
ff8a5bd1 |
terminate = 0;
logg_close(); |
f331499e |
} |
ff8a5bd1 |
|
d09e8c7c |
sigaction(SIGALRM, &oldact, NULL);
sigaction(SIGUSR1, &oldact, NULL); |
b151ef55 |
}
} else |
026ebd88 |
ret = download(copt, opt); |
b151ef55 |
|
026ebd88 |
if(optl(opt, "on-error-execute")) {
if(ret > 1)
system(getargl(opt, "on-error-execute"));
} else if((cpt = cfgopt(copt, "OnErrorExecute"))) { |
c6259ac5 |
if(ret > 1) |
0d98d74c |
system(cpt->strarg); |
026ebd88 |
} |
d09e8c7c |
if (pidfile) {
unlink(pidfile);
} |
b151ef55 |
|
e8217f5a |
return(ret); |
b151ef55 |
}
|
026ebd88 |
int download(const struct cfgstruct *copt, const struct optstruct *opt) |
b151ef55 |
{ |
0d98d74c |
int ret = 0, try = 0, maxattempts = 0;
struct cfgstruct *cpt; |
29ca066f |
|
b151ef55 |
|
0d98d74c |
if((cpt = cfgopt(copt, "MaxAttempts")))
maxattempts = cpt->numarg; |
511eef51 |
else
maxattempts = CL_DEFAULT_MAXATTEMPTS;
|
0d98d74c |
mprintf("*Max retries == %d\n", maxattempts);
if((cpt = cfgopt(copt, "DatabaseMirror")) == NULL) {
mprintf("@You must specify at least one database mirror.\n"); |
1f5be3bf |
return 56; |
0d98d74c |
} else {
while(cpt) { |
026ebd88 |
ret = downloadmanager(copt, opt, cpt->strarg); |
0d98d74c |
alarm(0);
|
97b87d8f |
if(ret == 52 || ret == 54 || ret == 58 || ret == 59) { |
0d98d74c |
if(try < maxattempts - 1) { |
a774f003 |
mprintf("Trying again in 5 secs...\n");
logg("Trying again in 5 secs...\n"); |
0d98d74c |
try++; |
a774f003 |
sleep(5); |
0d98d74c |
continue;
} else { |
a774f003 |
mprintf("Giving up on %s...\n", cpt->strarg);
logg("Giving up on %s...\n", cpt->strarg); |
0d98d74c |
cpt = (struct cfgstruct *) cpt->nextarg; |
a774f003 |
if(!cpt) {
mprintf("@Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.\n");
logg("ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.\n");
} |
0d98d74c |
try = 0;
}
} else {
return ret;
}
} |
b151ef55 |
}
return ret;
}
void daemonize(void)
{
int i;
for(i = 0; i < 3; i++)
close(i);
umask(0);
if(fork())
exit(0);
setsid();
mprintf_disabled = 1;
}
void help(void)
{
mprintf_stdout = 1;
mprintf("\n"); |
8ef2ff6f |
mprintf(" Clam AntiVirus: freshclam "VERSION"\n");
mprintf(" (C) 2002 - 2005 ClamAV Team - http://www.clamav.net/team.html\n\n"); |
a0faaedf |
mprintf(" --help -h show help\n");
mprintf(" --version -V print version number and exit\n");
mprintf(" --verbose -v be verbose\n");
mprintf(" --debug enable debug messages\n"); |
66c64a38 |
mprintf(" --quiet only output error messages\n"); |
a0faaedf |
mprintf(" --stdout write to stdout instead of stderr\n"); |
b151ef55 |
mprintf("\n"); |
d09e8c7c |
mprintf(" --config-file=FILE read configuration from FILE.\n"); |
026ebd88 |
mprintf(" --log=FILE -l FILE log into FILE\n"); |
a0faaedf |
mprintf(" --daemon -d run in daemon mode\n"); |
5aad82e2 |
mprintf(" --pid=FILE -p FILE save daemon's pid in FILE\n"); |
026ebd88 |
mprintf(" --user=USER -u USER run as USER\n"); |
34f1f7dd |
mprintf(" --no-dns force old non-DNS verification method\n"); |
8b1cee14 |
mprintf(" --checks=#n -c #n number of checks per day, 1 <= n <= 50\n"); |
0d98d74c |
mprintf(" --datadir=DIRECTORY download new databases into DIRECTORY\n"); |
026ebd88 |
#ifdef BUILD_CLAMD |
66c64a38 |
mprintf(" --daemon-notify[=/path/clamd.conf] send RELOAD command to clamd\n"); |
026ebd88 |
#endif |
0539b2a8 |
mprintf(" --local-address=IP -a IP bind to IP for HTTP downloads\n"); |
026ebd88 |
mprintf(" --on-update-execute=COMMAND execute COMMAND after successful update\n");
mprintf(" --on-error-execute=COMMAND execute COMMAND if errors occured\n"); |
d18eac06 |
mprintf(" --on-outdated-execute=COMMAND execute COMMAND when software is outdated\n"); |
b151ef55 |
mprintf("\n");
exit(0);
} |