/*
  * clamav-milter.c
  *	.../clamav-milter/clamav-milter.c
  *

  *  Copyright (C) 2003-2007 Nigel Horne <njh@bandsman.co.uk>

  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software

  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  *  MA 02110-1301, USA.

  *

  * Install into /usr/local/sbin/clamav-milter

  * See http://www.elandsys.com/resources/sendmail/libmilter/overview.html

  *

  * For installation instructions see the file INSTALL that came with this file

  *
  * NOTE: first character of strings to logg():
  *	! Error
  *	^ Warning
  *	* Verbose
  *	# Info, but not logged in foreground
  *	Default Info

  */

 static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.312 2007/02/12 22:24:21 njh Exp $";

 #if HAVE_CONFIG_H
 #include "clamav-config.h"
 #endif
 

 #include "cfgparser.h"

 #include "target.h"

 #include "str.h"

 #include "../libclamav/others.h"

 #include "output.h"

 #include "clamav.h"

 #include "table.h"

 #include "network.h"

 
 #ifndef	CL_DEBUG
 #define	NDEBUG
 #endif
 
 #include <stdio.h>
 #include <sysexits.h>

 #ifdef	HAVE_SYS_STAT_H

 #include <sys/stat.h>

 #endif
 #if	HAVE_STDLIB_H

 #include <stdlib.h>

 #endif

 #if	HAVE_MEMORY_H
 #include <memory.h>
 #endif

 #if	HAVE_STRING_H

 #include <string.h>

 #endif

 #include <sys/wait.h>
 #include <assert.h>

 #include <sys/socket.h>

 #include <netinet/in.h>

 #include <net/if.h>

 #include <arpa/inet.h>
 #include <sys/un.h>
 #include <stdarg.h>
 #include <errno.h>

 #if	HAVE_LIBMILTER_MFAPI_H

 #include <libmilter/mfapi.h>

 #endif

 #include <pthread.h>
 #include <sys/time.h>

 #include <sys/resource.h>

 #include <signal.h>

 #include <fcntl.h>

 #include <pwd.h>

 #include <grp.h>

 #if	HAVE_SYS_PARAM_H

 #include <sys/param.h>

 #endif

 #if	HAVE_RESOLV_H
 #include <arpa/nameser.h>	/* for HEADER */
 #include <resolv.h>
 #endif

 #ifdef	HAVE_UNISTD_H
 #include <unistd.h>
 #endif

 #include <ctype.h>

 #if HAVE_MMAP
 #if HAVE_SYS_MMAN_H
 #include <sys/mman.h>
 #else /* HAVE_SYS_MMAN_H */
 #undef HAVE_MMAP
 #endif
 #endif
 

 #define NONBLOCK_SELECT_MAX_FAILURES	3
 #define NONBLOCK_MAX_ATTEMPTS	10
 #define	CONNECT_TIMEOUT	5	/* Allow 5 seconds to connect */
 

 #ifdef	C_LINUX

 #include <sys/sendfile.h>	/* FIXME: use sendfile on BSD not Linux */

 #include <libintl.h>

 #include <locale.h>

 
 #define	gettext_noop(s)	s
 #define	_(s)	gettext(s)
 #define	N_(s)	gettext_noop(s)
 
 #else
 
 #define	_(s)	s
 #define	N_(s)	s
 
 #endif
 

 #ifdef	USE_SYSLOG
 #include <syslog.h>
 #endif
 

 #ifdef	WITH_TCPWRAP

 #if	HAVE_TCPD_H

 #include <tcpd.h>

 #endif

 
 int	allow_severity = LOG_DEBUG;

 int	deny_severity = LOG_NOTICE;

 #endif

 #ifdef	CL_DEBUG

 static	char	console[] = "/dev/console";

 #endif
 

 #if defined(CL_DEBUG) && defined(C_LINUX)
 #include <sys/resource.h>
 #endif
 

 #define _GNU_SOURCE

 #include <getopt.h>

 #ifndef	SENDMAIL_BIN
 #define	SENDMAIL_BIN	"/usr/lib/sendmail"
 #endif
 

 #ifndef HAVE_IN_PORT_T
 typedef	unsigned short	in_port_t;
 #endif
 

 #ifndef	HAVE_IN_ADDR_T
 typedef	unsigned int	in_addr_t;
 #endif
 

 #ifndef	INET6_ADDRSTRLEN
 #ifdef	AF_INET6
 #define	INET6_ADDRSTRLEN	40
 #else
 #define	INET6_ADDRSTRLEN	16
 #endif
 #endif
 

 #ifndef	EX_CONFIG	/* HP-UX */
 #define	EX_CONFIG	78
 #endif
 

 #define	VERSION_LENGTH	128

 #define	DEFAULT_TIMEOUT	120

 #define	NTRIES	5	/* How many times we try to connect to a clamd */

 /*#define	SESSION*/

 		/* Keep one command connexion open to clamd, otherwise a new
 		 * command connexion is created for each new email

 		 *
 		 * FIXME: When SESSIONS are open, freshclam can hang when
 		 *	notfying clamd of an update. This is most likely to be a
 		 *	problem with the implementation of SESSIONS on clamd.
 		 *	The problem seems worst on BSD.

 		 *
 		 * Note that clamd is buggy and can hang or even crash if you
 		 *	send SESSION command so be aware

 		 */
 

 /*
  * TODO: optional: xmessage on console when virus stopped (SNMP would be real nice!)

  *	Having said that, with LogSysLog you can (on Linux) configure the system
  *	to get messages on the system console, see syslog.conf(5), also you

  *	can use wall(1) in the VirusEvent entry in clamd.conf

  * TODO: Decide action (bounce, discard, reject etc.) based on the virus
  *	found. Those with faked addresses, such as SCO.A want discarding,
  *	others could be bounced properly.

  * TODO: Encrypt mails sent to clamd to stop sniffers. Sending by UNIX domain
  *	sockets is better

  * TODO: Load balancing, allow local machine to talk via UNIX domain socket.

  * TODO: allow each To: line in the whitelist file to specify a quarantine email

  *	address

  * TODO: optionally use zlib to compress data sent to remote hosts

  * TODO: Finish IPv6 support (serverIPs array and SPF are IPv4 only)

  * TODO: Check domainkeys as well as SPF for phish false positives

  */
 

 struct header_node_t {

 	char	*header;
 	struct	header_node_t *next;

 };
 
 struct header_list_struct {

 	struct	header_node_t *first;
 	struct	header_node_t *last;

 };
 
 typedef struct header_list_struct *header_list_t;
 

 /*

  * Local addresses are those not scanned if --local is not set
  * 127.0.0.0 is not in this table since that's goverend by --outgoing

  * Andy Fiddaman <clam@fiddaman.net> added 169.254.0.0/16

  *	(Microsoft default DHCP)

  * TODO: compare this with RFC1918/RFC3330

  */

 #define PACKADDR(a, b, c, d) (((uint32_t)(a) << 24) | ((b) << 16) | ((c) << 8) | (d))

 #define MAKEMASK(bits)	((uint32_t)(0xffffffff << (32 - bits)))

 static struct cidr_net {	/* don't make this const because of -I flag */

 	uint32_t	base;
 	uint32_t	mask;
 } localNets[] = {

 	/*{ PACKADDR(127,   0,   0,   0), MAKEMASK(8) },	/*   127.0.0.0/8 */
 	{ PACKADDR(192, 168,   0,   0), MAKEMASK(16) },	/* 192.168.0.0/16 - RFC3330 */
 	/*{ PACKADDR(192, 18,   0,   0), MAKEMASK(15) },	/* 192.18.0.0/15 - RFC2544 */
 	/*{ PACKADDR(192, 0,   2,   0), MAKEMASK(24) },	/* 192.0.2.0/24 - RFC3330 */

 	{ PACKADDR( 10,   0,   0,   0), MAKEMASK(8) },	/*    10.0.0.0/8 */
 	{ PACKADDR(172,  16,   0,   0), MAKEMASK(12) },	/*  172.16.0.0/12 */

 	{ PACKADDR(169, 254,   0,   0), MAKEMASK(16) },	/* 169.254.0.0/16 */

 	{ 0, 0 },	/* space to put eight more via -I addr */
 	{ 0, 0 },
 	{ 0, 0 },
 	{ 0, 0 },
 	{ 0, 0 },
 	{ 0, 0 },
 	{ 0, 0 },
 	{ 0, 0 },

 	{ 0, 0 }
 };

 #define IFLAG_MAX 8
 

 #ifdef	AF_INET6

 typedef struct cidr_net6 {
 	struct in6_addr	base;
 	int preflen;
 } cidr_net6;
 static	cidr_net6	localNets6[IFLAG_MAX];
 static	int	localNets6_cnt;

 #endif

 
 /*

  * Each libmilter thread has one of these

  */
 struct	privdata {
 	char	*from;	/* Who sent the message */

 	char	*subject;	/* Original subject */
 	char	*sender;	/* Secretary - often used in mailing lists */

 	char	**to;	/* Who is the message going to */

 	char	ip[INET6_ADDRSTRLEN];	/* IP address of the other end */

 	int	numTo;	/* Number of people the message is going to */

 #ifndef	SESSION

 	int	cmdSocket;	/*
 				 * Socket to send/get commands e.g. PORT for
 				 * dataSocket
 				 */

 #endif

 	int	dataSocket;	/* Socket to send data to clamd */

 	char	*filename;	/* Where to store the message in quarantine */

 	u_char	*body;		/* body of the message if Sflag is set */
 	size_t	bodyLen;	/* number of bytes in body */

 	header_list_t headers;	/* Message headers */

 	long	numBytes;	/* Number of bytes sent so far */

 	char	*received;	/* keep track of received from */

 	const	char	*rejectCode;	/* 550 or 554? */

 	unsigned	int	discard:1;	/*

 				 * looks like the remote end is playing ping
 				 * pong with us
 				 */

 #ifdef	HAVE_RESOLV_H

 	unsigned	int	spf_ok:1;
 #endif

 	int	statusCount;	/* number of X-Virus-Status headers */

 	int	serverNumber;	/* Index into serverIPs */

 	struct	cl_node	*root;	/* database of viruses used to scan this one */

 };
 

 #ifdef	SESSION

 static	int		createSession(unsigned int s);

 #else

 static	int		pingServer(int serverNumber);

 static	void		*try_server(void *var);

 static	int		active_servers(int *active);

 struct	try_server_struct {
 	int	sock;
 	int	rc;
 	struct	sockaddr_in *server;
 	int	server_index;
 };

 #endif

 static	int		findServer(void);

 static	sfsistat	clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);

 #ifdef	CL_DEBUG
 static	sfsistat	clamfi_helo(SMFICTX *ctx, char *helostring);
 #endif

 static	sfsistat	clamfi_envfrom(SMFICTX *ctx, char **argv);
 static	sfsistat	clamfi_envrcpt(SMFICTX *ctx, char **argv);
 static	sfsistat	clamfi_header(SMFICTX *ctx, char *headerf, char *headerv);
 static	sfsistat	clamfi_eoh(SMFICTX *ctx);
 static	sfsistat	clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len);
 static	sfsistat	clamfi_eom(SMFICTX *ctx);
 static	sfsistat	clamfi_abort(SMFICTX *ctx);
 static	sfsistat	clamfi_close(SMFICTX *ctx);
 static	void		clamfi_cleanup(SMFICTX *ctx);

 static	void		clamfi_free(struct privdata *privdata, int keep);

 static	int		clamfi_send(struct privdata *privdata, size_t len, const char *format, ...);

 static	long		clamd_recv(int sock, char *buf, size_t len);

 static	off_t		updateSigFile(void);

 static	header_list_t	header_list_new(void);
 static	void	header_list_free(header_list_t list);
 static	void	header_list_add(header_list_t list, const char *headerf, const char *headerv);
 static	void	header_list_print(header_list_t list, FILE *fp);

 static	int	connect2clamd(struct privdata *privdata);

 static	int	sendToFrom(struct privdata *privdata);

 static	int	checkClamd(int log_result);

 static	int	sendtemplate(SMFICTX *ctx, const char *filename, FILE *sendmail, const char *virusname);

 static	int	qfile(struct privdata *privdata, const char *sendmailId, const char *virusname);

 static	int	move(const char *oldfile, const char *newfile);

 static	void	setsubject(SMFICTX *ctx, const char *virusname);

 /*static	int	clamfi_gethostbyname(const char *hostname, struct hostent *hp, char *buf, size_t len);*/

 static	int	add_local_ip(char *address);

 static	int	isLocalAddr(in_addr_t addr);

 static	int	isLocal(const char *addr);

 static	void	clamdIsDown(void);
 static	void	*watchdog(void *a);

 static	int	check_and_reload_database(void);

 static	void	timeoutBlacklist(char *ip_address, int time_of_blacklist, void *v);

 static	void	quit(void);
 static	void	broadcast(const char *mess);

 static	int	loadDatabase(void);

 static	int	increment_connexions(void);
 static	void	decrement_connexions(void);

 static	void	dump_blacklist(char *key, int value, void *v);

 static	int	nonblock_connect(int sock, const struct sockaddr_in *sin, const char *hostname);
 static	int	connect_error(int sock, const char *hostname);

 #ifdef	SESSION

 static	pthread_mutex_t	version_mutex = PTHREAD_MUTEX_INITIALIZER;

 static	char	**clamav_versions;	/* max_children elements in the array */

 #define	clamav_version	(clamav_versions[0])
 #else
 static	char	clamav_version[VERSION_LENGTH + 1];
 #endif

 static	int	fflag = 0;	/* force a scan, whatever */

 static	int	oflag = 0;	/* scan messages from our machine? */
 static	int	lflag = 0;	/* scan messages from our site? */

 static	int	Iflag = 0;	/* Added an IP addr to localNets? */

 static	const	char	*progname;	/* our name - usually clamav-milter */

 /* Variables for --external */
 static	int	external = 0;	/* scan messages ourself or use clamd? */

 static	pthread_mutex_t	root_mutex = PTHREAD_MUTEX_INITIALIZER;

 static	struct	cl_node	*root = NULL;
 static	struct	cl_limits	limits;
 static	struct	cl_stat	dbstat;

 static	int	options = CL_SCAN_STDOPT;

 #ifdef	BOUNCE

 static	int	bflag = 0;	/*
 				 * send a failure (bounce) message to the
 				 * sender. This probably isn't a good idea
 				 * since most reply addresses will be fake

 				 *
 				 * TODO: Perhaps we can have an option to
 				 * bounce outgoing mail, but not incoming?

 				 */

 #endif

 static	const	char	*iface;	/*

 				 * Broadcast a message when a virus is found,
 				 * this allows remote network management
 				 */

 static	int	broadcastSock = -1;

 static	int	pflag = 0;	/*
 				 * Send a warning to the postmaster only,
 				 * this means user's won't be told when someone
 				 * sent them a virus
 				 */
 static	int	qflag = 0;	/*
 				 * Send no warnings when a virus is found,
 				 * this means that the only log of viruses
 				 * found is the syslog, so it's best to

 				 * enable LogSyslog in clamd.conf

 				 */

 static	int	Sflag = 0;	/*
 				 * Add a signature to each message that
 				 * has been scanned
 				 */

 static	const	char	*sigFilename;	/*
 				 * File where the scanned message signature
 				 * can be found
 				 */

 static	char	*quarantine;	/*

 				 * If a virus is found in an email redirect
 				 * it to this account
 				 */

 static	char	*quarantine_dir; /*
 				 * Path to store messages before scanning.
 				 * Infected ones will be left there.
 				 */

 static	int	nflag = 0;	/*
 				 * Don't add X-Virus-Scanned to header. Patch
 				 * from Dirk Meyer <dirk.meyer@dinoex.sub.org>
 				 */

 static	int	rejectmail = 1;	/*
 				 * Send a 550 rejection when a virus is
 				 * found
 				 */

 static	int	hflag = 0;	/*
 				 * Include original message headers in
 				 * report
 				 */

 static	int	cl_error = SMFIS_TEMPFAIL; /*
 				 * If an error occurs, return
 				 * this status. Allows messages
 				 * to be passed through
 				 * unscanned in the event of
 				 * an error. Patch from
 				 * Joe Talbott <josepht@cstone.net>
 				 */

 static	int	readTimeout = DEFAULT_TIMEOUT; /*

 				 * number of seconds to wait for clamd to

 				 * respond, see ReadTimeout in clamd.conf

 				 */

 static	long	streamMaxLength = -1;	/* StreamMaxLength from clamd.conf */

 static	int	logok = 0;	/*

 				 * Add clean items to the log file
 				 */

 static	char	*signature = N_("-- \nScanned by ClamAv - http://www.clamav.net\n");

 static	time_t	signatureStamp;

 static	char	*templateFile;	/* e-mail to be sent when virus detected */
 static	char	*templateHeaders;	/* headers to be added to the above */

 static	const char	*tmpdir;

 
 #ifdef	CL_DEBUG
 static	int	debug_level = 0;
 #endif
 
 static	pthread_mutex_t	n_children_mutex = PTHREAD_MUTEX_INITIALIZER;
 static	pthread_cond_t	n_children_cond = PTHREAD_COND_INITIALIZER;

 static	int	n_children = 0;
 static	int	max_children = 0;

 static	unsigned	int	freshclam_monitor = 10;	/*
 							 * how often, in
 							 * seconds, to scan for
 							 * database updates
 							 */

 static	int	child_timeout = 300;	/* number of seconds to wait for

 					 * a child to die. Set to 0 to
 					 * wait forever
 					 */

 static	int	dont_wait = 0;	/*
 				 * If 1 send retry later to the remote end
 				 * if max_chilren is exceeded, otherwise we
 				 * wait for the number to go down
 				 */

 static	int	dont_sanitise = 0; /*
 				 * Don't check for ";" and "|" chars in 
 				 * email addresses.
 				 */

 static	int	advisory = 0;	/*
 				 * Run clamav-milter in advisory mode - viruses
 				 * are flagged rather than deleted. Incompatible
 				 * with quarantine options
 				 */

 static	int	detect_forged_local_address;	/*
 				 * for incoming only mail servers, drop emails
 				 * claiming to be from us that must be false
 				 * Requires that -o, -l or -f are NOT given
 				 */

 static	const	char	*pidFile;

 static	struct	cfgstruct	*copt;

 static	const	char	*localSocket;	/* milter->clamd comms */
 static	in_port_t	tcpSocket;	/* milter->clamd comms */
 static	char	*port = NULL;	/* sendmail->milter comms */

 static	const	char	*serverHostNames = "127.0.0.1";

 #if	HAVE_IN_ADDR_T

 static	in_addr_t	*serverIPs;	/* IPv4 only, in network byte order */

 #else

 static	long	*serverIPs;	/* IPv4 only, in network byte order */

 #endif

 static	int	numServers;	/* number of elements in serverIPs array */

 #ifndef	SESSION
 #define	RETRY_SECS	300	/* How often to retry a server that's down */

 static	time_t	*last_failed_pings;	/* For servers that are down. NB: not mutexed */

 #endif

 static	char	*rootdir;	/* for chroot */
 

 #ifdef	SESSION

 static	struct	session {
 	int	sock;	/* fd */
 	enum	{ CMDSOCKET_FREE, CMDSOCKET_INUSE, CMDSOCKET_DOWN }	status;

 } *sessions;	/* max_children elements in the array */

 static	pthread_mutex_t sstatus_mutex = PTHREAD_MUTEX_INITIALIZER;

 #endif	/*SESSION*/
 

 static	pthread_cond_t	watchdog_cond = PTHREAD_COND_INITIALIZER;
 

 #ifndef	SHUT_RD
 #define	SHUT_RD		0
 #endif
 #ifndef	SHUT_WR
 #define	SHUT_WR		1
 #endif
 

 static	const	char	*postmaster = "postmaster";

 static	const	char	*from = "MAILER-DAEMON";

 static	int	quitting;

 static	int	reload;	/* reload database when SIGUSR2 is received */

 static	const	char	*report;	/* Report Phishing to this address */

 static	const	char	*report_fps;	/* Report Phish FPs to this address */

 static	const	char	*whitelistFile;	/*
 					 * file containing destination email
 					 * addresses that we don't scan
 					 */
 static	const	char	*sendmailCF;	/* location of sendmail.cf to verify */

 static	const	char	*pidfile;

 static	int	black_hole_mode; /*
 				 * Since sendmail calls its milters before it
 				 * looks in /etc/aliases we can spend time
 				 * looking for malware that's going to be
 				 * thrown away even if the message is clean.
 				 * Enable this to not scan these messages.
 				 * Sadly, because these days sendmail -bv
 				 * only works as root, you can't use this with
 				 * the User directive, which some won't like
 				 * which also may contain the real target name

 				 *
 				 * smfi_getsymval(ctx, "{rcpt_addr}") only
 				 * handles virtuser, it doesn't also deref
 				 * the alias table, so it isn't any help

 				 */

 static	table_t	*blacklist;	/* never freed */
 static	int	blacklist_time;	/* How long to blacklist an IP */
 static	pthread_mutex_t	blacklist_mutex = PTHREAD_MUTEX_INITIALIZER;
 

 #ifdef	CL_DEBUG
 #if __GLIBC__ == 2 && __GLIBC_MINOR__ >= 1
 #define HAVE_BACKTRACE
 #endif
 #endif
 

 static	void	sigsegv(int sig);

 static	void	sighup(int sig);
 static	void	sigusr2(int sig);

 #ifdef HAVE_BACKTRACE
 #include <execinfo.h>
 

 static	void	print_trace(void);

 
 #define	BACKTRACE_SIZE	200
 
 #endif
 

 static	int	verifyIncomingSocketName(const char *sockName);

 static	int	isWhitelisted(const char *emailaddress, int to);

 static	int	isBlacklisted(const char *ip_address);

 static	table_t	*mx(const char *host, table_t *t);

 static	sfsistat	black_hole(const struct privdata *privdata);

 static	int	useful_header(const char *cmd);

 extern	short	logg_foreground;

 #ifdef HAVE_RESOLV_H
 static	table_t	*resolve(const char *host, table_t *t);
 static	int	spf(struct privdata *privdata, table_t *prevhosts);
 static	void	spf_ip(char *ip, int zero, void *v);
 

 pthread_mutex_t	res_pool_mutex = PTHREAD_MUTEX_INITIALIZER;
 
 #ifdef HAVE_LRESOLV_R

 res_state res_pool;
 uint8_t *res_pool_state;
 pthread_cond_t res_pool_cond = PTHREAD_COND_INITIALIZER;

 int safe_res_query(const char *d, int c, int t, u_char *a, int l) {
 	int i = -1, ret;
 
 	pthread_mutex_lock(&res_pool_mutex);
 	while(i==-1) {
 		int j;
 		for(j=0; j<max_children+1; j++) {
 			if(!res_pool_state[j]) continue;
 			i = j;
 			break;
 		}
 		if(i!=-1) break;
 		pthread_cond_wait(&res_pool_cond, &res_pool_mutex);
 	}
 	res_pool_state[i]=0;
 	pthread_mutex_unlock(&res_pool_mutex);
 
 	ret = res_nquery(&res_pool[i], d, c, t, a, l);
   
 	pthread_mutex_lock(&res_pool_mutex);
 	res_pool_state[i]=1;
 	pthread_cond_signal(&res_pool_cond);
 	pthread_mutex_unlock(&res_pool_mutex);
 	return ret;

 }
 
 #else /* !HAVE_LRESOLV_R - non thread safe resolver (old bsd's) */
 
 int safe_res_query(const char *d, int c, int t, u_char *a, int l) {
 	int ret;
 	pthread_mutex_lock(&res_pool_mutex);
 	ret = res_query(d, c, t, a, l);
 	pthread_mutex_unlock(&res_pool_mutex);
 	return ret;
 }
 
 #endif /* HAVE_LRESOLV_R */
 

 #endif /* HAVE_RESOLV_H */

 static void
 help(void)
 {

 	printf("\n\tclamav-milter version %s\n", get_version());

 	puts("\tCopyright (C) 2007 Nigel Horne <njh@clamav.net>\n");

 	puts(_("\t--advisory\t\t-A\tFlag viruses rather than deleting them."));

 	puts(_("\t--blacklist-time=SECS\t-k\tTime (in seconds) to blacklist an IP."));

 	puts(_("\t--black-hole-mode\t\tDon't scan messages aliased to /dev/null."));

 #ifdef	BOUNCE

 	puts(_("\t--bounce\t\t-b\tSend a failure message to the sender."));

 #endif

 	puts(_("\t--broadcast\t\t-B [IFACE]\tBroadcast to a network manager when a virus is found."));

 	puts(_("\t--chroot=DIR\t\t-C DIR\tChroot to dir when starting."));

 	puts(_("\t--config-file=FILE\t-c FILE\tRead configuration from FILE."));
 	puts(_("\t--debug\t\t\t-D\tPrint debug messages."));

 	puts(_("\t--detect-forged-local-address\t-L\tReject mails that claim to be from us."));

 	puts(_("\t--dont-blacklist\t-K\tDon't blacklist a given IP."));

 	puts(_("\t--dont-scan-on-error\t-d\tPass e-mails through unscanned if a system error occurs."));
 	puts(_("\t--dont-wait\t\t\tAsk remote end to resend if max-children exceeded."));

 	puts(_("\t--dont-sanitise\t\t\tAllow semicolon and pipe characters in email addresses."));

 	puts(_("\t--external\t\t-e\tUse an external scanner (usually clamd)."));

 	puts(_("\t--freshclam-monitor=SECS\t-M SECS\tHow often to check for database update."));

 	puts(_("\t--from=EMAIL\t\t-a EMAIL\tError messages come from here."));
 	puts(_("\t--force-scan\t\t-f\tForce scan all messages (overrides (-o and -l)."));
 	puts(_("\t--help\t\t\t-h\tThis message."));
 	puts(_("\t--headers\t\t-H\tInclude original message headers in the report."));

 	puts(_("\t--ignore IPaddr\t\t-I IPaddr\tAdd IPaddr to LAN IP list (see --local)."));

 	puts(_("\t--local\t\t\t-l\tScan messages sent from machines on our LAN."));

 	puts(_("\t--max-childen\t\t-m\tMaximum number of concurrent scans."));

 	puts(_("\t--outgoing\t\t-o\tScan outgoing messages from this machine."));
 	puts(_("\t--noreject\t\t-N\tDon't reject viruses, silently throw them away."));
 	puts(_("\t--noxheader\t\t-n\tSuppress X-Virus-Scanned/X-Virus-Status headers."));
 	puts(_("\t--pidfile=FILE\t\t-i FILE\tLocation of pidfile."));
 	puts(_("\t--postmaster\t\t-p EMAIL\tPostmaster address [default=postmaster]."));

 	puts(_("\t--postmaster-only\t-P\tSend notifications only to the postmaster."));

 	puts(_("\t--quiet\t\t\t-q\tDon't send e-mail notifications of interceptions."));

 	puts(_("\t--quarantine=USER\t-Q EMAIL\tQuarantine e-mail account."));
 	puts(_("\t--report-phish=EMAIL\t-r EMAIL\tReport phish to this email address."));

 	puts(_("\t--report-phish-false-positives=EMAIL\t-R EMAIL\tReport phish false positves to this email address."));

 	puts(_("\t--quarantine-dir=DIR\t-U DIR\tDirectory to store infected emails."));
 	puts(_("\t--server=SERVER\t\t-s SERVER\tHostname/IP address of server(s) running clamd (when using TCPsocket)."));

 	puts(_("\t--sendmail-cf=FILE\t\tLocation of the sendmail.cf file to verify"));

 	puts(_("\t--sign\t\t\t-S\tAdd a hard-coded signature to each scanned message."));
 	puts(_("\t--signature-file=FILE\t-F FILE\tLocation of signature file."));
 	puts(_("\t--template-file=FILE\t-t FILE\tLocation of e-mail template file."));

 	puts(_("\t--template-headers=FILE\t\tLocation of e-mail headers for template file."));

 	puts(_("\t--timeout=SECS\t\t-T SECS\tTimeout waiting to childen to die."));

 	puts(_("\t--whitelist-file=FILE\t-W FILE\tLocation of the file of whitelisted addresses"));

 	puts(_("\t--version\t\t-V\tPrint the version number of this software."));

 #ifdef	CL_DEBUG

 	puts(_("\t--debug-level=n\t\t-x n\tSets the debug level to 'n'."));

 #endif

 	puts(_("\nFor more information type \"man clamav-milter\"."));

 	puts(_("For bug reports, please refer to http://www.clamav.net/bugs"));

 }
 
 int
 main(int argc, char **argv)
 {
 	extern char *optarg;

 	int i, Bflag = 0, server = 0;

 	char *cfgfile = NULL;

 	const char *wont_blacklist = NULL;

 	const struct cfgstruct *cpt;

 	char version[VERSION_LENGTH + 1];

 	pthread_t tid;

 	struct rlimit rlim;

 #ifdef	CL_DEBUG

 	int consolefd;
 #endif

 	/*
 	 * The SMFI_VERSION checks are for Sendmail 8.14, which I don't have
 	 * yet, so I can't verify them
 	 * Patch from Andy Fiddaman <clam@fiddaman.net>
 	 */

 	struct smfiDesc smfilter = {
 		"ClamAv", /* filter name */
 		SMFI_VERSION,	/* version code -- leave untouched */

 		SMFIF_ADDHDRS|SMFIF_CHGHDRS,	/* flags - we add and delete headers */

 		clamfi_connect, /* connexion callback */

 #ifdef	CL_DEBUG
 		clamfi_helo,	/* HELO filter callback */
 #else
 		NULL,
 #endif

 		clamfi_envfrom, /* envelope sender filter callback */
 		clamfi_envrcpt, /* envelope recipient filter callback */

 		clamfi_header,	/* header filter callback */
 		clamfi_eoh,	/* end of header callback */
 		clamfi_body,	/* body filter callback */
 		clamfi_eom,	/* end of message callback */
 		clamfi_abort,	/* message aborted callback */

 		clamfi_close,	/* connexion cleanup callback */

 #if	SMFI_VERSION > 2
 		NULL,		/* Unrecognised command */
 #endif
 #if	SMFI_VERSION > 3
 		NULL,		/* DATA command callback */
 #endif
 #if	SMFI_VERSION >= 0x01000000
 		NULL,		/* Negotiation callback */
 #endif

 	};
 

 #if defined(CL_DEBUG) && defined(C_LINUX)
 	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
 	if(setrlimit(RLIMIT_CORE, &rlim) < 0)
 		perror("setrlimit");
 #endif

 	/*

 	 * Temporarily enter guessed value into version, will

 	 * be overwritten later by the value returned by clamd
 	 */

 	snprintf(version, sizeof(version) - 1,

 		"ClamAV version %s, clamav-milter version %s",

 		cl_retver(), get_version());

 	progname = strrchr(argv[0], '/');
 	if(progname)
 		progname++;
 	else
 		progname = "clamav-milter";
 

 #ifdef	C_LINUX
 	setlocale(LC_ALL, "");

 	bindtextdomain(progname, DATADIR"/clamav-milter/locale");
 	textdomain(progname);

 #endif
 

 	for(;;) {
 		int opt_index = 0;

 #ifdef	BOUNCE

 #ifdef	CL_DEBUG

 		const char *args = "a:AbB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:z0:1:2";

 #else

 		const char *args = "a:AbB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:z0:1:2";

 #endif

 #else	/*!BOUNCE*/
 #ifdef	CL_DEBUG

 		const char *args = "a:AB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:z0:1:2";

 #else

 		const char *args = "a:AB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:z0:1:2";

 #endif
 #endif	/*BOUNCE*/

 		static struct option long_options[] = {
 			{

 				"from", 2, NULL, 'a'

 			},
 			{

 				"advisory", 0, NULL, 'A'
 			},

 #ifdef	BOUNCE

 			{

 				"bounce", 0, NULL, 'b'
 			},

 #endif

 			{

 				"broadcast", 2, NULL, 'B'

 			},
 			{

 				"config-file", 1, NULL, 'c'
 			},
 			{

 				"chroot", 1, NULL, 'C'
 			},
 			{

 				"detect-forged-local-address", 0, NULL, 'L'
 			},
 			{

 				"dont-blacklist", 1, NULL, 'K'
 			},
 			{

 				"dont-scan-on-error", 0, NULL, 'd'
 			},
 			{

 				"dont-wait", 0, NULL, 'w'
 			},
 			{

 				"dont-sanitise", 0, NULL, 'z'
 			},
 			{

 				"debug", 0, NULL, 'D'
 			},
 			{

 				"external", 0, NULL, 'e'
 			},
 			{

 				"force-scan", 0, NULL, 'f'

 			},
 			{

 				"headers", 0, NULL, 'H'

 			},
 			{

 				"help", 0, NULL, 'h'
 			},
 			{

 				"ignore", 1, NULL, 'I'
 			},

 			{

 				"pidfile", 1, NULL, 'i'
 			},
 			{

 				"blacklist-time", 1, NULL, 'k'

 			},
 			{

 				"local", 0, NULL, 'l'
 			},
 			{

 				"noreject", 0, NULL, 'N'
 			},
 			{

 				"noxheader", 0, NULL, 'n'
 			},
 			{

 				"outgoing", 0, NULL, 'o'
 			},
 			{

 				"postmaster", 1, NULL, 'p'

 			},
 			{

 				"postmaster-only", 0, NULL, 'P',
 			},
 			{
 				"quiet", 0, NULL, 'q'
 			},
 			{

 				"quarantine", 1, NULL, 'Q',
 			},
 			{

 				"report-phish", 1, NULL, 'r'
 			},
 			{
 				"report-phish-false-positives", 1, NULL, 'R'

 			},
 			{

 				"quarantine-dir", 1, NULL, 'U',
 			},
 			{

 				"max-children", 1, NULL, 'm'
 			},

 			{

 				"freshclam-monitor", 1, NULL, 'M'
 			},
 			{
 				"sendmail-cf", 1, NULL, '0'
 			},

 			{
 				"server", 1, NULL, 's'
 			},
 			{

 				"sign", 0, NULL, 'S'
 			},
 			{
 				"signature-file", 1, NULL, 'F'

 			},
 			{

 				"template-file", 1, NULL, 't'
 			},
 			{

 				"template-headers", 1, NULL, '1'
 			},
 			{

 				"timeout", 1, NULL, 'T'
 			},
 			{

 				"whitelist-file", 1, NULL, 'W'
 			},
 			{

 				"version", 0, NULL, 'V'
 			},

 			{
 				"black-hole-mode", 0, NULL, '2'
 			},

 #ifdef	CL_DEBUG
 			{
 				"debug-level", 1, NULL, 'x'
 			},
 #endif
 			{
 				NULL, 0, NULL, '\0'
 			}
 		};
 
 		int ret = getopt_long(argc, argv, args, long_options, &opt_index);
 
 		if(ret == -1)
 			break;
 		else if(ret == 0)
 			ret = long_options[opt_index].val;
 
 		switch(ret) {

 			case 'a':	/* e-mail errors from here */

 				/*
 				 * optarg is optional - if you give --from
 				 * then the --from is set to the orginal,
 				 * probably forged, email address
 				 */

 				from = optarg;
 				break;

 			case 'A':
 				advisory++;
 				break;

 #ifdef	BOUNCE

 			case 'b':	/* bounce worms/viruses */
 				bflag++;
 				break;

 #endif

 			case 'B':	/* broadcast */
 				Bflag++;

 				if(optarg)
 					iface = optarg;

 				break;

 			case 'c':	/* where is clamd.conf? */

 				cfgfile = optarg;
 				break;

 			case 'C':	/* chroot */
 				rootdir = optarg;
 				break;

 			case 'd':	/* don't scan on error */
 				cl_error = SMFIS_ACCEPT;
 				break;

 			case 'D':	/* enable debug messages */
 				cl_debug();
 				break;

 			case 'e':	/* use clamd */
 				external++;
 				break;

 			case 'f':	/* force the scan */
 				fflag++;
 				break;

 			case 'h':
 				help();
 				return EX_OK;

 			case 'H':
 				hflag++;
 				break;

 			case 'i':	/* pidfile */
 				pidfile = optarg;
 				break;

 			case 'k':	/* blacklist time */
 				blacklist_time = atoi(optarg);
 				break;

 			case 'K':	/* don't black list given IP */
 				wont_blacklist = optarg;
 				break;

 			case 'I':	/* --ignore, -I hostname */
 				/*
 				 * Based on patch by jpd@louisiana.edu
 				 */

 				if(Iflag == IFLAG_MAX) {

 					fprintf(stderr,

 						_("%s: %s, -I may only be given %d times\n"),
 							argv[0], optarg, IFLAG_MAX);

 					return EX_USAGE;

 				}

 				if(!add_local_ip(optarg)) {

 					fprintf(stderr,

 						_("%s: Cannot convert -I%s to IPaddr\n"),

 							argv[0], optarg);

 					return EX_USAGE;
 				}
 				Iflag++;
 				break;

 			case 'l':	/* scan mail from the lan */
 				lflag++;
 				break;

 			case 'L':	/* detect forged local addresses */
 				detect_forged_local_address++;
 				break;

 			case 'm':	/* maximum number of children */
 				max_children = atoi(optarg);
 				break;

 			case 'M':	/* how often to monitor for freshclam */
 				freshclam_monitor = atoi(optarg);
 				break;

 			case 'n':	/* don't add X-Virus-Scanned */
 				nflag++;

 				smfilter.xxfi_flags &= ~(SMFIF_ADDHDRS|SMFIF_CHGHDRS);

 				break;

 			case 'N':	/* Do we reject mail or silently drop it */
 				rejectmail = 0;
 				break;

 			case 'o':	/* scan outgoing mail */
 				oflag++;
 				break;

 			case 'p':	/* postmaster e-mail address */
 				postmaster = optarg;

 				break;

 			case 'P':	/* postmaster only */
 				pflag++;
 				break;
 			case 'q':	/* send NO notification email */
 				qflag++;
 				break;

 			case 'Q':	/* quarantine e-mail address */
 				quarantine = optarg;
 				smfilter.xxfi_flags |= SMFIF_CHGHDRS|SMFIF_ADDRCPT|SMFIF_DELRCPT;
 				break;

 			case 'r':	/* report phishing here */
 				/* e.g. reportphishing@antiphishing.org */
 				report = optarg;
 				break;

 			case 'R':	/* report phishing false positives here */
 				report_fps = optarg;
 				break;

 			case 's':	/* server running clamd */

 				server++;

 				serverHostNames = optarg;

 				break;

 			case 'F':	/* signature file */
 				sigFilename = optarg;
 				signature = NULL;
 				/* fall through */

 			case 'S':	/* sign */
 				smfilter.xxfi_flags |= SMFIF_CHGBODY;
 				Sflag++;
 				break;

 			case 't':	/* e-mail template file */

 				templateFile = optarg;
 				break;
 			case '1':	/* headers for the template file */
 				templateHeaders = optarg;

 				break;

 			case '2':
 				black_hole_mode++;
 				break;

 			case 'T':	/* time to wait for child to die */
 				child_timeout = atoi(optarg);
 				break;

 			case 'U':	/* quarantine path */
 				quarantine_dir = optarg;
 				break;

 			case 'V':

 				puts(version);

 				return EX_OK;

 			case 'w':
 				dont_wait++;
 				break;

 			case 'W':
 				whitelistFile = optarg;
 				break;

 			case 'z':
 				dont_sanitise=1;
 				break;

 			case '0':
 				sendmailCF = optarg;
 				break;

 #ifdef	CL_DEBUG
 			case 'x':
 				debug_level = atoi(optarg);
 				break;
 #endif
 			default:
 #ifdef	CL_DEBUG

 				fprintf(stderr, "Usage: %s [-b] [-c FILE] [-F FILE] [--max-children=num] [-e] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-s SERVER] [-S] [-x#] [-U PATH] [-M#] socket-addr\n", argv[0]);

 #else

 				fprintf(stderr, "Usage: %s [-b] [-c FILE] [-F FILE] [--max-children=num] [-e] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-s SERVER] [-S] [-U PATH] [-M#] socket-addr\n", argv[0]);

 #endif
 				return EX_USAGE;
 		}
 	}
 

 	/*
 	 * Check sanity of --external and --server arguments
 	 */
 	if(server && !external) {
 		fprintf(stderr,
 			"%s: --server can only be used with --external\n",
 			argv[0]);
 		return EX_USAGE;
 	}

 #ifdef	SESSION
 	if(!external) {
 		fprintf(stderr,

 			_("%s: SESSIONS mode requires --external\n"), argv[0]);

 		return EX_USAGE;
 	}
 #endif

 	/* TODO: support freshclam's daemon notify if --external is not given */
 

 	if(optind == argc) {

 		fprintf(stderr, _("%s: No socket-addr given\n"), argv[0]);

 		return EX_USAGE;
 	}
 	port = argv[optind];
 

 	if(rootdir == NULL)	/* FIXME: Handle CHROOT */
 		if(verifyIncomingSocketName(port) < 0) {
 			fprintf(stderr, _("%s: socket-addr (%s) doesn't agree with sendmail.cf\n"), argv[0], port);
 			return EX_CONFIG;
 		}
 

 	if(strncasecmp(port, "inet:", 5) == 0)
 		if(!lflag) {
 			/*
 			 * Barmy but true. It seems that clamfi_connect will,
 			 * in this case, get the IP address of the machine
 			 * running sendmail, not of the machine sending the
 			 * mail, so the remote end will be a local address so
 			 * we must scan by enabling --local

 			 *
 			 * TODO: this is probably not needed if the remote
 			 * machine is localhost, need to check though

 			 */

 			fprintf(stderr, _("%s: when using inet: connexion to sendmail you must enable --local\n"), argv[0]);

 			return EX_USAGE;
 		}

 	/*
 	 * Sanity checks on the clamav configuration file
 	 */

 	if(cfgfile == NULL) {

 		cfgfile = cli_malloc(strlen(CONFDIR) + 12);	/* leak */

 		sprintf(cfgfile, "%s/clamd.conf", CONFDIR);
 	}
 	if((copt = getcfg(cfgfile, 1)) == NULL) {

 		fprintf(stderr, _("%s: Can't parse the config file %s\n"),

 			argv[0], cfgfile);
 		return EX_CONFIG;
 	}
 

 	if(detect_forged_local_address) {
 		if(oflag) {
 			fprintf(stderr, _("%s: --detect-forged-local-addresses is not compatible with --outgoing\n"), argv[0]);
 			return EX_CONFIG;
 		}
 		if(lflag) {
 			fprintf(stderr, _("%s: --detect-forged-local-addresses is not compatible with --local\n"), argv[0]);
 			return EX_CONFIG;
 		}
 		if(fflag) {
 			fprintf(stderr, _("%s: --detect-forged-local-addresses is not compatible with --force\n"), argv[0]);
 			return EX_CONFIG;
 		}
 	}
 

 	if(Bflag) {
 		int on;
 
 		broadcastSock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
 		/*
 		 * SO_BROADCAST doesn't sent to all NICs on Linux, it only
 		 * broadcasts on eth0, which is why there's an optional argument
 		 * to --broadcast to say which NIC to broadcast on. You can use
 		 * SO_BINDTODEVICE to get around that, but you need to have
 		 * uid == 0 for that
 		 */
 		on = 1;
 		if(setsockopt(broadcastSock, SOL_SOCKET, SO_BROADCAST, (int *)&on, sizeof(on)) < 0) {
 			perror("setsockopt");
 			return EX_UNAVAILABLE;
 		}
 		shutdown(broadcastSock, SHUT_RD);
 	}
 

 	/*
 	 * Drop privileges
 	 */

 #ifdef	CL_DEBUG

 	/* Save the fd for later, open while we can */
 	consolefd = open(console, O_WRONLY);
 #endif
 

 	if(getuid() == 0) {

 		if(iface) {

 #ifdef	SO_BINDTODEVICE

 			struct ifreq ifr;
 
 			memset(&ifr, '\0', sizeof(struct ifreq));
 			strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name) - 1);

 			ifr.ifr_name[sizeof(ifr.ifr_name)-1]='\0';

 			if(setsockopt(broadcastSock, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) < 0) {
 				perror(iface);

 				return EX_CONFIG;

 			}

 #else

 			fprintf(stderr, _("%s: The iface option to --broadcast is not supported on your operating system\n"), argv[0]);
 			return EX_CONFIG;

 #endif

 		}

 		if(((cpt = cfgopt(copt, "User")) != NULL) && cpt->enabled) {

 			const struct passwd *user;
 

 			if((user = getpwnam(cpt->strarg)) == NULL) {

 				fprintf(stderr, _("%s: Can't get information about user %s\n"), argv[0], cpt->strarg);

 				return EX_CONFIG;
 			}

 			if(cfgopt(copt, "AllowSupplementaryGroups")->enabled) {

 #ifdef HAVE_INITGROUPS
 				if(initgroups(cpt->strarg, user->pw_gid) < 0) {
 					perror(cpt->strarg);
 					return EX_CONFIG;
 				}
 #else

 				fprintf(stderr, _("%s: AllowSupplementaryGroups: initgroups not supported.\n"),

 					argv[0]);
 				return EX_CONFIG;
 #endif
 			} else {
 #ifdef	HAVE_SETGROUPS
 				if(setgroups(1, &user->pw_gid) < 0) {
 					perror(cpt->strarg);
 					return EX_CONFIG;
 				}
 #endif
 			}

 
 			setgid(user->pw_gid);

 			if(setuid(user->pw_uid) < 0)
 				perror(cpt->strarg);

 #ifdef	CL_DEBUG

 			else

 				printf(_("Running as user %s (UID %d, GID %d)\n"),

 					cpt->strarg, (int)user->pw_uid,
 					(int)user->pw_gid);

 #endif

 			/*
 			 * Note, some O/Ss (e.g. OpenBSD/Fedora Linux) FORCE
 			 * you to run as root in black-hole-mode because
 			 * /var/spool/mqueue is mode 700 owned by root!
 			 * Flames to them, not to me, please.
 			 */

 			if(black_hole_mode && (user->pw_uid != 0)) {
 				int are_trusted;
 				FILE *sendmail;
 				char cmd[128];
 
 				/*
 				 * Determine if we're a "trusted user"
 				 */
 				snprintf(cmd, sizeof(cmd) - 1, "%s -bv root</dev/null 2>&1",
 					SENDMAIL_BIN);
 
 				sendmail = popen(cmd, "r");
 
 				if(sendmail == NULL) {
 					perror(SENDMAIL_BIN);
 					are_trusted = 0;
 				} else {

 					int status;

 					char buf[BUFSIZ];
 
 					while(fgets(buf, sizeof(buf), sendmail) != NULL)
 						;

 					/*
 					 * Can't do
 					 * switch(WEXITSTATUS(pclose(sendmail)))
 					 * because that fails to compile on
 					 * NetBSD2.0
 					 */
 					status = pclose(sendmail);
 					switch(WEXITSTATUS(status)) {

 						case EX_NOUSER:
 							/*
 							 * No root? But at least
 							 * we're trusted enough
 							 * to find out!
 							 */
 							are_trusted = 1;
 							break;
 						default:
 							are_trusted = 0;
 							break;
 						case EX_OK:
 							are_trusted = 1;
 					}
 				}
 				if(!are_trusted) {

 					fprintf(stderr, _("%s: You cannot use black hole mode unless %s is a TrustedUser\n"),
 						argv[0], cpt->strarg);

 					return EX_CONFIG;
 				}
 			}
 		} else

 			printf(_("^%s: running as root is not recommended (check \"User\" in %s)\n"), argv[0], cfgfile);

 	} else if(iface) {
 		fprintf(stderr, _("%s: Only root can set an interface for --broadcast\n"), argv[0]);
 		return EX_USAGE;

 	}

 	if(advisory && quarantine) {

 		fprintf(stderr, _("%s: Advisory mode doesn't work with quarantine mode\n"), argv[0]);

 		return EX_USAGE;
 	}

 	if(quarantine_dir) {
 		struct stat statb;
 

 		if(advisory) {

 			fprintf(stderr,
 				_("%s: Advisory mode doesn't work with quarantine directories\n"),
 				argv[0]);
 			return EX_USAGE;
 		}
 		if(strstr(quarantine_dir, "ERROR") != NULL) {
 			fprintf(stderr,
 				_("%s: the quarantine directory must not contain the string 'ERROR'\n"),
 				argv[0]);
 			return EX_USAGE;
 		}
 		if(strstr(quarantine_dir, "FOUND") != NULL) {
 			fprintf(stderr,
 				_("%s: the quarantine directory must not contain the string 'FOUND'\n"),
 				argv[0]);
 			return EX_USAGE;
 		}
 		if(strstr(quarantine_dir, "OK") != NULL) {
 			fprintf(stderr,
 				_("%s: the quarantine directory must not contain the string 'OK'\n"),
 				argv[0]);

 			return EX_USAGE;
 		}

 		if(access(quarantine_dir, W_OK) < 0) {
 			perror(quarantine_dir);

 			return EX_USAGE;

 		}
 		if(stat(quarantine_dir, &statb) < 0) {
 			perror(quarantine_dir);

 			return EX_USAGE;

 		}
 		/*
 		 * Quit if the quarantine directory is publically readable
 		 * or writeable
 		 */
 		if(statb.st_mode & 077) {

 			fprintf(stderr, _("%s: insecure quarantine directory %s (mode 0%o)\n"),

 				argv[0], quarantine_dir, (int)statb.st_mode & 0777);

 			return EX_CONFIG;
 		}

 	}

 	if(sigFilename && !updateSigFile())
 		return EX_USAGE;
 

 	if(templateFile && (access(templateFile, R_OK) < 0)) {
 		perror(templateFile);

 		return EX_CONFIG;

 	}

 	if(templateHeaders) {
 		if(templateFile == NULL) {
 			fputs(("%s: --template-headers requires --template-file\n"),
 				stderr);
 			return EX_CONFIG;
 		}
 		if(access(templateHeaders, R_OK) < 0) {
 			perror(templateHeaders);
 			return EX_CONFIG;
 		}
 	}

 	if(whitelistFile && (access(whitelistFile, R_OK) < 0)) {

 		perror(whitelistFile);

 		return EX_CONFIG;
 	}

 	/*

 	 * If the --max-children flag isn't set, see if MaxThreads

 	 * is set in the config file. Based on an idea by "Richard G. Roberto"
 	 * <rgr@dedlegend.com>

 	 */

 	if((max_children == 0) && ((cpt = cfgopt(copt, "MaxThreads")) != NULL))
 		max_children = cfgopt(copt, "MaxThreads")->numarg;

 #ifdef HAVE_LRESOLV_R

 	/* allocate a pool of resolvers */
 	if(!(res_pool=cli_calloc(max_children+1, sizeof(*res_pool))))
 		return EX_OSERR;
 	if(!(res_pool_state=cli_malloc(max_children+1)))
 		return EX_OSERR;
 	memset(res_pool_state, 1, max_children+1);
 	for(i = 0; i < max_children+1; i++)
 		res_ninit(&res_pool[i]);

 #endif

 	if((cpt = cfgopt(copt, "ReadTimeout")) != NULL) {

 		readTimeout = cpt->numarg;

 		if(readTimeout < 0) {

 			fprintf(stderr, _("%s: ReadTimeout must not be negative in %s\n"),

 				argv[0], cfgfile);

 			return EX_CONFIG;

 		}

 	}

 	if((cpt = cfgopt(copt, "StreamMaxLength")) != NULL) {
 		streamMaxLength = (long)cpt->numarg;
 		if(streamMaxLength < 0L) {

 			fprintf(stderr, _("%s: StreamMaxLength must not be negative in %s\n"),

 			argv[0], cfgfile);

 			return EX_CONFIG;
 		}
 	}

 	if(((cpt = cfgopt(copt, "LogSyslog")) != NULL) && cpt->enabled) {

 #if defined(USE_SYSLOG) && !defined(C_AIX)

 		int fac = LOG_LOCAL6;

 #endif

 		if(cfgopt(copt, "LogVerbose")->enabled) {
 			logg_verbose = 1;

 #ifdef	CL_DEBUG

 #if	((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) && (SENDMAIL_VERSION_B >= 13)))

 			if(debug_level >= 15)

 				smfi_setdbg(6);

 #endif

 #endif

 		}

 #if defined(USE_SYSLOG) && !defined(C_AIX)
 		logg_syslog = 1;

 		if(((cpt = cfgopt(copt, "LogFacility")) != NULL) && cpt->enabled)

 			if((fac = logg_facility(cpt->strarg)) == -1) {
 				fprintf(stderr, "%s: LogFacility: %s: No such facility\n",
 					argv[0], cpt->strarg);
 				return EX_CONFIG;
 			}

 		openlog(progname, LOG_CONS|LOG_PID, fac);

 #endif

 	} else {
 		if(qflag)
 			fprintf(stderr, _("%s: (-q && !LogSyslog): warning - all interception message methods are off\n"),
 				argv[0]);

 #if defined(USE_SYSLOG) && !defined(C_AIX)
 		logg_syslog = 0;
 #endif

 	}

 	/*

 	 * Get the outgoing socket details - the way to talk to clamd, unless
 	 * we're doing the scanning internally

 	 */

 	if(!external) {

 #ifdef	C_LINUX
 		const char *lang;
 #endif
 

 		if(max_children == 0) {

 			fprintf(stderr, _("%s: --max-children must be given if --external is not given\n"), argv[0]);

 			return EX_CONFIG;
 		}

 		if(freshclam_monitor <= 0) {
 			fprintf(stderr, _("%s: --freshclam_monitor must be at least one second\n"), argv[0]);
 			return EX_CONFIG;
 		}

 #ifdef	C_LINUX

 		lang = getenv("LANG");
 
 		if(lang && (strstr(lang, "UTF-8") != NULL)) {

 			fprintf(stderr, "Your LANG environment variable is set to '%s'\n", lang);

 			fprintf(stderr, "This is known to cause problems for some %s installations.\n", argv[0]);
 			fputs("If you get failures with temporary files, please try again with LANG unset.\n", stderr);
 		}
 #endif

 #if	0

 		if(child_timeout) {

 			fprintf(stderr, _("%s: --timeout must not be given if --external is not given\n"), argv[0]);

 			return EX_CONFIG;
 		}

 #endif

 		if(loadDatabase() != 0) {
 			/*
 			 * Handle the dont-scan-on-error option, which says
 			 * that we pass on emails, unscanned, if an error has
 			 * occurred
 			 */
 			if(cl_error != SMFIS_ACCEPT)
 				return EX_CONFIG;
 
 			fprintf(stderr, _("%s: No emails will be scanned"),
 				argv[0]);
 		}

 		numServers = 1;

 	} else if(((cpt = cfgopt(copt, "LocalSocket")) != NULL) && cpt->enabled) {

 #ifdef	SESSION

 		struct sockaddr_un sockun;

 #endif

 		char *sockname = NULL;

 		if(cfgopt(copt, "TCPSocket")->enabled) {

 			fprintf(stderr, _("%s: You can select one server type only (local/TCP) in %s\n"),

 				argv[0], cfgfile);
 			return EX_CONFIG;
 		}

 		if(server) {
 			fprintf(stderr, _("%s: You cannot use the --server option when using LocalSocket in %s\n"),
 				argv[0], cfgfile);
 			return EX_USAGE;
 		}

 		if(strncasecmp(port, "unix:", 5) == 0)
 			sockname = &port[5];
 		else if(strncasecmp(port, "local:", 6) == 0)
 			sockname = &port[6];
 
 		if(sockname && (strcmp(sockname, cpt->strarg) == 0)) {

 			fprintf(stderr, _("The connexion from sendmail to %s (%s) must not\n"),

 				argv[0], sockname);

 			fprintf(stderr, _("be the same as the connexion to clamd (%s) in %s\n"),

 				cpt->strarg, cfgfile);
 			return EX_CONFIG;
 		}

 		/*
 		 * TODO: check --server hasn't been set
 		 */
 		localSocket = cpt->strarg;

 #ifndef	SESSION

 		if(!pingServer(-1)) {

 			fprintf(stderr, _("Can't talk to clamd server via %s\n"),

 				localSocket);

 			fprintf(stderr, _("Check your entry for LocalSocket in %s\n"),

 				cfgfile);
 			return EX_CONFIG;
 		}

 #endif

 		/*if(quarantine_dir == NULL)

 			fprintf(stderr, _("When using Localsocket in %s\nyou may improve performance if you use the --quarantine-dir option\n"), cfgfile);*/

 		umask(077);

 		serverIPs = (in_addr_t *)cli_malloc(sizeof(in_addr_t));
 #ifdef	INADDR_LOOPBACK

 		serverIPs[0] = htonl(INADDR_LOOPBACK);

 #else

 		serverIPs[0] = inet_addr("127.0.0.1");

 #endif

 
 #ifdef	SESSION

 		memset((char *)&sockun, 0, sizeof(struct sockaddr_un));
 		sockun.sun_family = AF_UNIX;
 		strncpy(sockun.sun_path, localSocket, sizeof(sockun.sun_path));

 		sockun.sun_path[sizeof(sockun.sun_path)-1]='\0';

 		sessions = (struct session *)cli_malloc(sizeof(struct session));
 		if((sessions[0].sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {

 			perror(localSocket);
 			fprintf(stderr, _("Can't talk to clamd server via %s\n"),
 				localSocket);
 			fprintf(stderr, _("Check your entry for LocalSocket in %s\n"),
 				cfgfile);
 			return EX_CONFIG;
 		}

 		if(connect(sessions[0].sock, (struct sockaddr *)&sockun, sizeof(struct sockaddr_un)) < 0) {

 			perror(localSocket);
 			return EX_UNAVAILABLE;
 		}

 		if(send(sessions[0].sock, "SESSION\n", 8, 0) < 8) {

 			perror("send");

 			fputs(_("!Can't create a clamd session"), stderr);

 			return EX_UNAVAILABLE;
 		}

 		sessions[0].status = CMDSOCKET_FREE;

 #endif

 		/*

 		 * FIXME: Allow connexion to remote servers by TCP/IP whilst

 		 * connecting to the localserver via a UNIX domain socket
 		 */

 		numServers = 1;

 	} else if(((cpt = cfgopt(copt, "TCPSocket")) != NULL) && cpt->enabled) {

 		int activeServers;

 		/*
 		 * TCPSocket is in fact a port number not a full socket
 		 */

 		if(quarantine_dir) {

 			fprintf(stderr, _("%s: --quarantine-dir not supported for TCPSocket - use --quarantine\n"), argv[0]);

 			return EX_CONFIG;
 		}
 

 		tcpSocket = (in_port_t)cpt->numarg;

 		/*

 		 * cli_strtok's fieldno counts from 0

 		 */

 		for(;;) {

 			char *hostname = cli_strtok(serverHostNames, numServers, ":");

 			if(hostname == NULL)
 				break;

 #ifdef	MAXHOSTNAMELEN
 			if(strlen(hostname) > MAXHOSTNAMELEN) {
 				fprintf(stderr, _("%s: hostname %s is longer than %d characters\n"),
 					argv[0], hostname, MAXHOSTNAMELEN);
 				return EX_CONFIG;
 			}
 #endif

 			numServers++;
 			free(hostname);

 		}
 

 #ifdef	CL_DEBUG
 		printf("numServers: %d\n", numServers);
 #endif

 		serverIPs = (in_addr_t *)cli_malloc(numServers * sizeof(in_addr_t));

 		if(serverIPs == NULL)
 			return EX_OSERR;

 		activeServers = 0;

 #ifdef	SESSION
 		/*

 		 * We need to know how many connexion to establish to clamd

 		 */
 		if(max_children == 0) {

 			fprintf(stderr, _("%s: --max-children must be given in sessions mode\n"), argv[0]);

 			return EX_CONFIG;
 		}
 #endif
 

 		if(numServers > max_children) {
 			fprintf(stderr, _("%1$s: --max-children (%2$d) is lower than the number of servers you have (%3$d)\n"),
 				argv[0], max_children, numServers);
 			return EX_CONFIG;
 		}
 

 		for(i = 0; i < numServers; i++) {

 #ifdef	MAXHOSTNAMELEN
 			char hostname[MAXHOSTNAMELEN + 1];
 
 			if(cli_strtokbuf(serverHostNames, i, ":", hostname) == NULL)
 				break;
 #else

 			char *hostname = cli_strtok(serverHostNames, i, ":");

 #endif

 
 			/*
 			 * Translate server's name to IP address
 			 */
 			serverIPs[i] = inet_addr(hostname);

 #ifdef	INADDR_NONE

 			if(serverIPs[i] == INADDR_NONE) {

 #else
 			if(serverIPs[i] == (in_addr_t)-1) {
 #endif

 				const struct hostent *h = gethostbyname(hostname);
 
 				if(h == NULL) {

 					fprintf(stderr, _("%s: Unknown host %s\n"),

 						argv[0], hostname);
 					return EX_USAGE;
 				}
 
 				memcpy((char *)&serverIPs[i], h->h_addr, sizeof(serverIPs[i]));
 			}
 

 #if	defined(NTRIES) && ((NTRIES > 1))

 #ifndef	SESSION

 #ifdef	INADDR_LOOPBACK
 			if(serverIPs[i] == htonl(INADDR_LOOPBACK)) {
 #else

 #if	HAVE_IN_ADDR_T
 			if(serverIPs[i] == (in_addr_t)inet_addr("127.0.0.1")) {
 #else
 			if(serverIPs[i] == (long)inet_addr("127.0.0.1")) {
 #endif

 #endif
 				int tries;
 

 				/*
 				 * Fudge to allow clamd to come up on
 				 * our local machine
 				 */

 				for(tries = 0; tries < NTRIES - 1; tries++) {
 					if(pingServer(i))

 						break;

 					if(checkClamd(1))	/* will try all servers */

 						break;

 					puts(_("Waiting for clamd to come up"));

 					/*
 					 * something to do as the system starts
 					 */
 					sync();
 					sleep(1);
 				}
 				/* Will try one more time */

 			}

 #endif	/* NTRIES > 1 */

 			if(pingServer(i))
 				activeServers++;
 			else {

 				printf(_("Can't talk to clamd server %s on port %d\n"),

 					hostname, tcpSocket);

 				if(serverIPs[i] == htonl(INADDR_LOOPBACK)) {

 					if(cfgopt(copt, "TCPAddr")->enabled)

 						printf(_("Check the value for TCPAddr in %s\n"), cfgfile);

 				} else

 					printf(_("Check the value for TCPAddr in clamd.conf on %s\n"), hostname);

 			}

 #endif

 
 #ifndef	MAXHOSTNAMELEN

 			free(hostname);

 #endif

 		}

 #ifdef	SESSION
 		activeServers = numServers;

 		sessions = (struct session *)cli_calloc(max_children, sizeof(struct session));

 		for(i = 0; i < (int)max_children; i++)

 			if(createSession(i) < 0)
 				return EX_UNAVAILABLE;

 		if(activeServers == 0) {

 			fprintf(stderr, _("Check your entry for TCPSocket in %s\n"),

 				cfgfile);
 		}

 #else

 		if(activeServers == 0) {

 			fprintf(stderr, _("Check your entry for TCPSocket in %s\n"),

 				cfgfile);

 			fputs(_("Can't find any clamd server\n"), stderr);

 			return EX_CONFIG;
 		}

 		last_failed_pings = (time_t *)cli_calloc(numServers, sizeof(time_t));

 #endif

 	} else {

 		fprintf(stderr, _("%s: You must select server type (local/TCP) in %s\n"),

 			argv[0], cfgfile);
 		return EX_CONFIG;
 	}
 

 #ifdef	SESSION

 	if(!external) {

 		if(clamav_versions == NULL) {
 			clamav_versions = (char **)cli_malloc(sizeof(char *));
 			if(clamav_versions == NULL)
 				return EX_TEMPFAIL;

 			clamav_version = cli_strdup(version);

 		}

 	} else {

 		unsigned int session;
 

 		/*

 		 * We need to know how many connexions to establish to clamd

 		 */
 		if(max_children == 0) {
 			fprintf(stderr, _("%s: --max-children must be given in sessions mode\n"), argv[0]);
 			return EX_CONFIG;
 		}
 

 		clamav_versions = (char **)cli_malloc(max_children * sizeof(char *));

 		if(clamav_versions == NULL)

 			return EX_TEMPFAIL;

 		for(session = 0; session < max_children; session++) {

 			clamav_versions[session] = cli_strdup(version);

 			if(clamav_versions[session] == NULL)

 				return EX_TEMPFAIL;
 		}
 	}

 #else
 	strcpy(clamav_version, version);
 #endif

 	if(((quarantine_dir == NULL) && localSocket) || !external) {

 		/* set the temporary dir */

 		if((cpt = cfgopt(copt, "TemporaryDirectory")) && cpt->enabled) {

 			tmpdir = cpt->strarg;

 			cl_settempdir(tmpdir, (short)(cfgopt(copt, "LeaveTemporaryFiles")->enabled));

 		} else if((tmpdir = getenv("TMPDIR")) == (char *)NULL)

 			if((tmpdir = getenv("TMP")) == (char *)NULL)
 				if((tmpdir = getenv("TEMP")) == (char *)NULL)
 #ifdef	P_tmpdir
 					tmpdir = P_tmpdir;
 #else
 					tmpdir = "/tmp";
 #endif
 

 		/*
 		 * TODO: investigate mkdtemp on LINUX and possibly others
 		 */

 		tmpdir = cli_gentemp(NULL);

 		cli_dbgmsg("Making %s\n", tmpdir);
 

 		if(mkdir(tmpdir, 0700)) {
 			perror(tmpdir);
 			return EX_CANTCREAT;
 		}
 	} else
 		tmpdir = NULL;
 

 	if(report) {

 		if(!cfgopt(copt, "PhishingSignatures")->enabled) {

 			fprintf(stderr, "%s: You have chosen --report-phish, but PhishingSignatures is off in %s\n",

 				argv[0], cfgfile);
 			return EX_USAGE;
 		}

 		if((quarantine_dir == NULL) && (tmpdir == NULL)) {
 			/*
 			 * Limitation: doesn't store message in a temporary
 			 * file, so we won't be able to use mail < file
 			 */
 			fprintf(stderr, "%s: when using --external, --report-phish cannot be used without either LocalSocket or --quarantine\n",
 				argv[0]);
 			return EX_USAGE;
 		}
 		if(lflag) {
 			/*
 			 * Naturally, if you attempt to scan the phish you've
 			 * just reported, it'll be blocked!
 			 */
 			fprintf(stderr, "%s: --report-phish cannot be used with --local\n",
 				argv[0]);
 			return EX_USAGE;
 		}
 	}

 	if(report_fps)
 		if(!cfgopt(copt, "PhishingSignatures")->enabled) {
 			fprintf(stderr, "%s: You have chosen --report-phish-false-positives, but PhishingSignatures is off in %s\n",
 				argv[0], cfgfile);
 			return EX_USAGE;
 		}

 	if(cfgopt(copt, "Foreground")->enabled)
 		logg_foreground = 1;
 	else {

 		logg_foreground = 0;

 #ifdef	CL_DEBUG

 		printf(_("When debugging it is recommended that you use Foreground mode in %s\n"), cfgfile);

 		puts(_("\tso that you can see all of the messages"));

 #endif
 

 		switch(fork()) {
 			case -1:
 				perror("fork");

 				return EX_OSERR;

 			case 0:	/* child */
 				break;
 			default:	/* parent */
 				return EX_OK;
 		}

 		close(0);

 		open("/dev/null", O_RDONLY);
 

 		/* initialize logger */
 		logg_lock = cfgopt(copt, "LogFileUnlock")->enabled;
 		logg_time = cfgopt(copt, "LogTime")->enabled;
 		logok = cfgopt(copt, "LogClean")->enabled;
 		logg_size = cfgopt(copt, "LogFileMaxSize")->numarg;
 		logg_verbose = mprintf_verbose = cfgopt(copt, "LogVerbose")->enabled;

 		if(cfgopt(copt, "Debug")->enabled) /* enable debug messages in libclamav */

 			cl_debug();

 
 		if((cpt = cfgopt(copt, "LogFile"))->enabled) {
 			time_t currtime;
 
 			logg_file = cpt->strarg;
 			if((strlen(logg_file) < 2) ||
 			   ((logg_file[0] != '/') && (logg_file[0] != '\\') && (logg_file[1] != ':'))) {
 				fprintf(stderr, "ERROR: LogFile requires full path.\n");
 				logg_close();
 				freecfg(copt);
 				return 1;

 			}

 			time(&currtime);

 			close(1);

 			if(logg("#ClamAV-milter started at %s", ctime(&currtime))) {
 				fprintf(stderr, "ERROR: Problem with internal logger. Please check the permissions on the %s file.\n", logg_file);
 				logg_close();
 				freecfg(copt);
 				return 1;

 			}
 		} else {

 #ifdef	CL_DEBUG

 			close(1);

 			logg_file = console;

 			if(consolefd < 0) {
 				perror(console);

 				return EX_OSFILE;
 			}

 			dup(consolefd);

 #else
 			logg_file = NULL;
 #endif

 		}

 		close(2);
 		dup(1);

 
 #ifdef	CL_DEBUG

 		if(consolefd >= 0)
 			close(consolefd);

 #endif

 #ifdef HAVE_SETPGRP
 #ifdef SETPGRP_VOID

 		setpgrp();

 #else
 		setpgrp(0,0);
 #endif
 #else
 #ifdef HAVE_SETSID

 		setsid();

 #endif
 #endif

 	}

 	if(cfgopt(copt, "Debug")->enabled)
 		/*
 		 * enable debug messages in libclamav, --debug also does this
 		 */
 		cl_debug();

 	atexit(quit);
 

 	if(!external) {

 		/* TODO: read the limits from clamd.conf */
 

 		if(!cfgopt(copt, "ScanMail")->enabled)
 			printf(_("%s: ScanMail not defined in %s (needed without --external), enabling\n"),
 				argv[0], cfgfile);
 

 		options |= CL_SCAN_MAIL;	/* no choice */

 		/*if(!cfgopt(copt, "ScanRAR")->enabled)
 			options |= CL_SCAN_DISABLERAR;*/
 		if(cfgopt(copt, "ArchiveBlockEncrypted")->enabled)

 			options |= CL_SCAN_BLOCKENCRYPTED;

 		if(cfgopt(copt, "ScanPE")->enabled)

 			options |= CL_SCAN_PE;

 		if(cfgopt(copt, "DetectBrokenExecutables")->enabled)

 			options |= CL_SCAN_BLOCKBROKEN;

 		if(cfgopt(copt, "MailFollowURLs")->enabled)

 			options |= CL_SCAN_MAILURL;

 		if(cfgopt(copt, "ScanOLE2")->enabled)

 			options |= CL_SCAN_OLE2;

 		if(cfgopt(copt, "ScanHTML")->enabled)

 			options |= CL_SCAN_HTML;
 
 		memset(&limits, '\0', sizeof(struct cl_limits));
 

 		if(((cpt = cfgopt(copt, "MaxScanSize")) != NULL) && cpt->enabled)
 			limits.maxscansize = cpt->numarg;
 		else
 			limits.maxscansize = 104857600;
 		if(((cpt = cfgopt(copt, "MaxFileSize")) != NULL) && cpt->enabled)
 			limits.maxfilesize = cpt->numarg;
 		else
 			limits.maxfilesize = 10485760;
 

 		if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
 			if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize))
 				logg("^System limit for file size is lower than maxfilesize or maxscansize\n");
 		} else {
 			logg("^Cannot obtain resource limits for file size\n");
 		}
 

 		if(((cpt = cfgopt(copt, "MaxRecursion")) != NULL) && cpt->enabled)
 			limits.maxreclevel = cpt->numarg;
 		else
 			limits.maxreclevel = 8;
 
 		if(((cpt = cfgopt(copt, "MaxFiles")) != NULL) && cpt->enabled)
 			limits.maxfiles = cpt->numarg;
 		else
 			limits.maxfiles = 1000;

 		if(cfgopt(copt, "ScanArchive")->enabled) {

 			options |= CL_SCAN_ARCHIVE;

 			if(cfgopt(copt, "ArchiveLimitMemoryUsage")->enabled)

 				limits.archivememlim = 1;
 			else
 				limits.archivememlim = 0;
 		}
 	}
 

 	pthread_create(&tid, NULL, watchdog, NULL);

 	if(((cpt = cfgopt(copt, "PidFile")) != NULL) && cpt->enabled)

 		pidFile = cpt->strarg;
 

 	broadcast(_("Starting clamav-milter"));

 	if(rootdir) {
 		if(getuid() == 0) {
 			if(chdir(rootdir) < 0) {
 				perror(rootdir);

 				logg("!chdir %s failed\n", rootdir);

 				return EX_CONFIG;
 			}
 			if(chroot(rootdir) < 0) {
 				perror(rootdir);

 				logg("!chroot %s failed\n", rootdir);

 				return EX_CONFIG;
 			}
 			logg("Chrooted to %s\n", rootdir);
 		} else {
 			logg("!chroot option needs root\n");
 			return EX_CONFIG;
 		}
 	}
 

 	if(pidfile) {
 		/* save the PID */

 		char *p, *q;

 		FILE *fd;
 		const mode_t old_umask = umask(0006);
 

 		if(pidfile[0] != '/') {

 			logg(_("!pidfile: '%s' must be a full pathname"),
 				pidfile);

 
 			return EX_CONFIG;
 		}

 		p = cli_strdup(pidfile);

 		q = strrchr(p, '/');
 		*q = '\0';
 

 		if(rootdir == NULL)
 			if(chdir(p) < 0)	/* safety */
 				perror(p);
 

 		free(p);
 

 		if((fd = fopen(pidfile, "w")) == NULL) {

 			logg(_("!Can't save PID in file %s\n"), pidfile);

 			return EX_CONFIG;

 		}

 #ifdef	C_LINUX

 		/* Ensure that all threads are kill()ed */
 		fprintf(fd, "-%d\n", (int)getpgrp());

 #else

 		fprintf(fd, "%d\n", (int)getpid());

 #endif

 		fclose(fd);

 		umask(old_umask);

 	} else if(tmpdir) {
 		if(rootdir == NULL)
 			chdir(tmpdir);	/* safety */
 	} else
 		if(rootdir == NULL)

 #ifdef	P_tmpdir

 			chdir(P_tmpdir);

 #else

 			chdir("/tmp");

 #endif

 	if(cfgopt(copt, "FixStaleSocket")->enabled) {

 		/*
 		 * Get the incoming socket details - the way sendmail talks to
 		 * us
 		 *

 		 * TODO: There's a security problem here that'll need fixing if

 		 * the User entry of clamd.conf is not used

 		 */
 		if(strncasecmp(port, "unix:", 5) == 0) {
 			if(unlink(&port[5]) < 0)

 				if(errno != ENOENT)
 					perror(&port[5]);

 		} else if(strncasecmp(port, "local:", 6) == 0) {
 			if(unlink(&port[6]) < 0)

 				if(errno != ENOENT)
 					perror(&port[6]);

 		} else if(port[0] == '/') {
 			if(unlink(port) < 0)
 				if(errno != ENOENT)
 					perror(port);

 		}
 	}

 	if(smfi_setconn(port) == MI_FAILURE) {

 		cli_errmsg("smfi_setconn failure\n");

 		return EX_SOFTWARE;
 	}
 

 	if(smfi_register(smfilter) == MI_FAILURE) {

 		fprintf(stderr, "smfi_register failure, ensure that you have linked against the correct version of sendmail\n");

 		return EX_UNAVAILABLE;
 	}
 

 #if	((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) && (SENDMAIL_VERSION_B >= 13)))

 	if(smfi_opensocket(1) == MI_FAILURE) {

 		perror(port);

 		fprintf(stderr, "Can't open/create %s\n", port);

 		return EX_CONFIG;
 	}
 #endif

 	signal(SIGPIPE, SIG_IGN);	/* libmilter probably does this as well */

 	signal(SIGXFSZ, SIG_IGN); /* TODO: check if it's safe to call signal() here */

 #ifdef	SESSION

 	pthread_mutex_lock(&version_mutex);

 #endif

 	logg(_("Starting %s\n"), clamav_version);
 	logg(_("*Debugging is on\n"));

 #ifdef HAVE_RESOLV_H

 	if(!(_res.options&RES_INIT))
 		if(res_init() < 0) {
 			fprintf(stderr, "%s: Can't initialise the resolver\n",
 				argv[0]);
 			return EX_UNAVAILABLE;
 		}
 

 	if(blacklist_time) {

 		char name[MAXHOSTNAMELEN + 1];
 
 		if(gethostname(name, sizeof(name)) < 0) {
 			perror("gethostname");
 			return EX_UNAVAILABLE;
 		}
 
 		blacklist = mx(name, NULL);

 		if(blacklist)
 			/* We must never blacklist ourself */
 			tableInsert(blacklist, "127.0.0.1", 0);

 
 		if(wont_blacklist) {

 			char *w;

 
 			i = 0;
 			while((w = cli_strtok(wont_blacklist, i++, ",")) != NULL) {
 				(void)tableInsert(blacklist, w, 0);
 				free(w);
 			}

 		}

 		tableIterate(blacklist, dump_blacklist, NULL);

 	}

 #endif /* HAVE_RESOLV_H */

 #ifdef	SESSION

 	pthread_mutex_unlock(&version_mutex);

 #endif

 	(void)signal(SIGSEGV, sigsegv);

 	if(!logg_foreground)
 		(void)signal(SIGHUP, sighup);

 	if(!external)
 		(void)signal(SIGUSR2, sigusr2);

 	return smfi_main();
 }
 

 #ifdef	SESSION
 /*
  * Use the SESSION command of clamd.
  * Returns -1 for terminal failure, 0 for OK, 1 for nonterminal failure

  * The caller must take care of locking the sessions array

  */
 static int

 createSession(unsigned int s)

 {

 	int ret = 0, fd;

 	const int serverNumber = s % numServers;
 	struct session *session = &sessions[s];

 	const struct protoent *proto;

 	struct sockaddr_in server;

 	cli_dbgmsg("createSession session %d, server %d\n", s, serverNumber);

 	assert(s < max_children);
 

 	memset((char *)&server, 0, sizeof(struct sockaddr_in));
 	server.sin_family = AF_INET;
 	server.sin_port = (in_port_t)htons(tcpSocket);
 
 	server.sin_addr.s_addr = serverIPs[serverNumber];
 

 	session->sock = -1;

 	proto = getprotobyname("tcp");

 	if(proto == NULL) {
 		fputs("Unknown prototol tcp, check /etc/protocols\n", stderr);

 		fd = ret = -1;

 	} else if((fd = socket(AF_INET, SOCK_STREAM, proto->p_proto)) < 0) {

 		perror("socket");

 		ret = -1;

 	} else if(connect(fd, (struct sockaddr *)&server, sizeof(struct sockaddr_in)) < 0) {

 		perror("connect");

 		ret = 1;

 	} else if(send(fd, "SESSION\n", 8, 0) < 8) {

 		perror("send");
 		ret = 1;

 	}

 
 	if(ret != 0) {

 #ifdef	MAXHOSTNAMELEN
 		char hostname[MAXHOSTNAMELEN + 1];
 
 		cli_strtokbuf(serverHostNames, serverNumber, ":", hostname);

 		if(strcmp(hostname, "127.0.0.1") == 0)
 			gethostname(hostname, sizeof(hostname));

 #else

 		char *hostname = cli_strtok(serverHostNames, serverNumber, ":");

 #endif
 

 		session->status = CMDSOCKET_DOWN;
 
 		if(fd >= 0)
 			close(fd);

 		cli_warnmsg(_("Check clamd server %s - it may be down\n"), hostname);

 #ifndef	MAXHOSTNAMELEN

 		free(hostname);

 #endif

 		broadcast(_("Check clamd server - it may be down"));
 	} else
 		session->sock = fd;

 	return ret;

 }
 
 #else
 

 /*
  * Verify that the server is where we think it is
  * Returns true or false

  *

  * serverNumber counts from 0, but is only used for TCPSocket

  */
 static int

 pingServer(int serverNumber)

 {

 	char *ptr;

 	int sock;
 	long nbytes;

 	char buf[128];

 	if(localSocket) {
 		struct sockaddr_un server;

 		memset((char *)&server, 0, sizeof(struct sockaddr_un));
 		server.sun_family = AF_UNIX;

 		strncpy(server.sun_path, localSocket, sizeof(server.sun_path));

 		server.sun_path[sizeof(server.sun_path)-1]='\0';

 
 		if((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {

 			perror(localSocket);

 			return 0;
 		}

 		checkClamd(1);

 		if(connect(sock, (struct sockaddr *)&server, sizeof(struct sockaddr_un)) < 0) {
 			perror(localSocket);

 			close(sock);

 			return 0;
 		}
 	} else {
 		struct sockaddr_in server;

 		char *hostname;

 
 		memset((char *)&server, 0, sizeof(struct sockaddr_in));
 		server.sin_family = AF_INET;

 		server.sin_port = (in_port_t)htons(tcpSocket);
 

 		assert(serverIPs != NULL);

 #ifdef	INADDR_NONE

 		assert(serverIPs[0] != INADDR_NONE);

 #else
 		assert(serverIPs[0] != (in_addr_t)-1);
 #endif

 		server.sin_addr.s_addr = serverIPs[serverNumber];

 
 		if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 			perror("socket");
 			return 0;
 		}

 		hostname = cli_strtok(serverHostNames, serverNumber, ":");

 		/*

 		 * FIXME: use non-blocking connect, once the code is
 		 * amalgomated

 		 */

 		if(nonblock_connect(sock, &server, hostname) < 0) {

 			int is_connected = 0;
 

 #if	(!defined(NTRIES)) || ((NTRIES <= 1))

 			if(errno == ECONNREFUSED) {
 				/*
 				 * During startup there is a race condition:
 				 * clamd can start and fork, then rc will start
 				 * clamav-milter before clamd has run accept(2),
 				 * so we fail to connect.
 				 * In case this is the situation here, we wait
 				 * for a couple of seconds and try again. The
 				 * sync() is because during startup the machine
 				 * won't be doing much for most of the time, so
 				 * we may as well do something constructive!
 				 */
 				sync();
 				sleep(2);

 				if(nonblock_connect(sock, &server, hostname) >= 0)

 					is_connected = 1;
 			}

 #endif

 			if(!is_connected) {

 				if(errno != EINPROGRESS)
 					perror(hostname ? hostname : "connect");

 				close(sock);

 				if(hostname)
 					free(hostname);

 				return 0;
 			}

 		}

 		if(hostname)
 			free(hostname);

 	}

 
 	/*
 	 * It would be better to use PING, check for PONG then issue the
 	 * VERSION command, since that would better validate that we're
 	 * talking to clamd, however clamd closes the session after
 	 * sending PONG :-(
 	 * So this code does not really validate that we're talking to clamd
 	 * Needs a fix to clamd
 	 * Also version command is verbose: says "clamd / ClamAV version"
 	 * instead of "clamAV version"
 	 */

 	cli_dbgmsg("pingServer%d: sending VERSION\n", serverNumber);

 	if(send(sock, "VERSION\n", 8, 0) < 8) {

 		perror("send");

 		return close(sock);

 	}
 
 	shutdown(sock, SHUT_WR);
 

 	nbytes = clamd_recv(sock, buf, sizeof(buf) - 1);

 
 	close(sock);
 
 	if(nbytes < 0) {
 		perror("recv");
 		return 0;
 	}

 	if(nbytes == 0)
 		return 0;
 

 	buf[nbytes] = '\0';

 	/* Remove the trailing new line from the reply */
 	if((ptr = strchr(buf, '\n')) != NULL)
 		*ptr = '\0';
 
 	/*
 	 * No real validation is done here

 	 *
 	 * TODO: When connecting to more than one server, give a warning
 	 *	if they're running different versions, or if the virus DBs

 	 *	are out of date (say more than a month old)

 	 */

 	snprintf(clamav_version, sizeof(clamav_version) - 1,

 		"%s\n\tclamav-milter version %s",

 		buf, get_version());

 	return 1;

 }

 #endif

 /*

  * Find the best server to connect to. No intelligence to this.
  * It is best to weight the order of the servers from most wanted to least
  * wanted

  *

  * Return value is from 0 - index into sessions array

  *
  * If the load balancing fails return the first server in the list, not
  * an error, to be on the safe side

  */

 #ifdef	SESSION
 static int
 findServer(void)
 {

 	unsigned int i, j;

 	struct session *session;

 
 	/*
 	 * FIXME: Sessions code isn't flexible at handling servers

 	 *	appearing and disappearing, e.g. sessions[n_children].sock == -1

 	 */

 	i = 0;

 	pthread_mutex_lock(&n_children_mutex);
 	assert(n_children > 0);
 	assert(n_children <= max_children);

 	j = n_children - 1;

 	pthread_mutex_unlock(&n_children_mutex);
 
 	pthread_mutex_lock(&sstatus_mutex);

 	for(; i < max_children; i++) {

 		const int sess = (j + i) % max_children;
 
 		session = &sessions[sess];
 		cli_dbgmsg("findServer: try server %d\n", sess);

 		if(session->status == CMDSOCKET_FREE) {
 			session->status = CMDSOCKET_INUSE;

 			pthread_mutex_unlock(&sstatus_mutex);

 			return sess;

 		}

 	}

 	pthread_mutex_unlock(&sstatus_mutex);
 

 	/*
 	 * No session free - wait until one comes available. Only
 	 * retries once.
 	 */

 	if(pthread_cond_broadcast(&watchdog_cond) < 0)
 		perror("pthread_cond_broadcast");

 	i = 0;

 	session = sessions;

 	pthread_mutex_lock(&sstatus_mutex);

 	for(; i < max_children; i++, session++) {
 		cli_dbgmsg("findServer: try server %d\n", i);

 		if(session->status == CMDSOCKET_FREE) {
 			session->status = CMDSOCKET_INUSE;

 			pthread_mutex_unlock(&sstatus_mutex);
 			return i;
 		}

 	}

 	pthread_mutex_unlock(&sstatus_mutex);
 
 	cli_warnmsg(_("No free clamd sessions\n"));
 
 	return -1;	/* none available - must fail */
 }
 #else

 /*
  * Return value is from 0 - index into serverIPs
  */

 static int
 findServer(void)
 {
 	struct sockaddr_in *servers, *server;

 	int maxsock, i, j, active;

 	int retval;

 	pthread_t *tids;
 	struct try_server_struct *socks;

 	fd_set rfds;

 
 	assert(tcpSocket != 0);
 	assert(numServers > 0);
 
 	if(numServers == 1)
 		return 0;
 

 	if(active_servers(&active) <= 1)
 		return active;

 	servers = (struct sockaddr_in *)cli_calloc(numServers, sizeof(struct sockaddr_in));

 	if(servers == NULL)
 		return 0;

 	socks = (struct try_server_struct *)cli_malloc(numServers * sizeof(struct try_server_struct));

 	if(max_children > 0) {
 		assert(n_children > 0);
 		assert(n_children <= max_children);
 
 		/*
 		 * Don't worry about no lock - it's doesn't matter if it's
 		 * not really accurate
 		 */

 		j = n_children - 1;	/* look at the next free one */

 		if(j < 0)
 			j = 0;

 	} else

 		/*

 		 * cli_rndnum returns 0..max

 		 */

 		j = cli_rndnum(numServers - 1);

 	for(i = 0; i < numServers; i++)
 		socks[i].sock = -1;
 

 	tids = cli_malloc(numServers * sizeof(pthread_t));
 

 	for(i = 0, server = servers; i < numServers; i++, server++) {
 		int sock;

 		int server_index = (i + j) % numServers;

 
 		server->sin_family = AF_INET;

 		server->sin_port = (in_port_t)htons(tcpSocket);

 		server->sin_addr.s_addr = serverIPs[server_index];

 		logg("*findServer: try server %d\n", server_index);

 		sock = socks[i].sock = socket(AF_INET, SOCK_STREAM, 0);

 		if(sock < 0) {
 			perror("socket");

 			do {

 				pthread_join(tids[i], NULL);

 				if(socks[i].sock >= 0)
 					close(socks[i].sock);
 			} while(--i >= 0);

 			free(socks);
 			free(servers);

 			free(tids);

 			return 0;	/* Use the first server on failure */
 		}
 

 		socks[i].server = server;
 		socks[i].server_index = server_index;

 		if(pthread_create(&tids[i], NULL, try_server, &socks[i]) != 0) {
 			perror("pthread_create");
 			do {

 				pthread_join(tids[i], NULL);

 				if(socks[i].sock >= 0)
 					close(socks[i].sock);
 			} while(--i >= 0);
 			free(socks);
 			free(servers);

 			free(tids);

 			return 0;	/* Use the first server on failure */

 		}

 	}
 
 	maxsock = -1;
 	FD_ZERO(&rfds);

 	for(i = 0; i < numServers; i++) {
 		struct try_server_struct *rc;

 		pthread_join(tids[i], (void **)&rc);

 		assert(rc->sock == socks[i].sock);
 		if(rc->rc == 0) {
 			close(rc->sock);
 			socks[i].sock = -1;
 		} else {
 			shutdown(rc->sock, SHUT_WR);
 			FD_SET(rc->sock, &rfds);
 			if(rc->sock > maxsock)
 				maxsock = rc->sock;
 		}

 	}
 
 	free(servers);

 	free(tids);

 	if(maxsock == -1) {

 		logg(_("^Couldn't establish a connexion to any clamd server\n"));

 		retval = 0;

 	} else {

 		struct timeval tv;
 
 		tv.tv_sec = readTimeout ? readTimeout : DEFAULT_TIMEOUT;
 		tv.tv_usec = 0;
 

 		retval = select(maxsock + 1, &rfds, NULL, NULL, &tv);

 	}

 	if(retval < 0)
 		perror("select");
 
 	for(i = 0; i < numServers; i++)

 		if(socks[i].sock >= 0)
 			close(socks[i].sock);

 
 	if(retval == 0) {
 		free(socks);

 		clamdIsDown();

 		return 0;
 	} else if(retval < 0) {
 		free(socks);

 		logg(_("^findServer: select failed (maxsock = %d)\n"), maxsock);

 		return 0;
 	}
 
 	for(i = 0; i < numServers; i++)

 		if((socks[i].sock >= 0) && (FD_ISSET(socks[i].sock, &rfds))) {

 			const int s = (i + j) % numServers;

 			free(socks);

 			logg("*findServer: use server %d\n", s);

 			return s;

 		}
 
 	free(socks);

 	logg(_("^findServer: No response from any server\n"));

 	return 0;
 }

 
 /*

  * How many servers are up at the moment? If a server is marked as down,
  *	don't keep on flooding it with requests to see if it's now back up

  * If only one server is active, let the caller know, which server is the
  *	active one

  */
 static int

 active_servers(int *active)

 {
 	int server, count;
 	time_t now = (time_t)0;
 
 	for(count = server = 0; server < numServers; server++)

 		if(last_failed_pings[server] == (time_t)0) {
 			*active = server;

 			count++;

 		} else {

 			if(now == (time_t)0)
 				time(&now);
 			if(now - last_failed_pings[server] >= RETRY_SECS)
 				/* Try this server again next time */
 				last_failed_pings[server] = (time_t)0;
 		}
 

 	if(count != 1)
 		*active = 0;

 	return count;
 }
 
 /*

  * Connecting to remote servers can take some time, so let's connect to
  *	them in parallel. This routine is started as a thread
  */
 static void *
 try_server(void *var)
 {
 	struct try_server_struct *s = (struct try_server_struct *)var;
 	int sock = s->sock;
 	struct sockaddr *server = (struct sockaddr *)s->server;
 	int server_index = s->server_index;
 

 	if(last_failed_pings[server_index]) {
 		s->rc = 0;
 		return var;
 	}
 

 	logg("*try_server: sock %d\n", sock);
 

 	if((connect(sock, server, sizeof(struct sockaddr)) < 0) ||

 	   (send(sock, "PING\n", 5, 0) < 5)) {
 		time(&last_failed_pings[server_index]);

 		s->rc = 0;

 	} else

 		s->rc = 1;
 
 	if(s->rc == 0) {
 #ifdef	MAXHOSTNAMELEN
 		char hostname[MAXHOSTNAMELEN + 1];
 
 		cli_strtokbuf(serverHostNames, server_index, ":", hostname);
 		if(strcmp(hostname, "127.0.0.1") == 0)
 			gethostname(hostname, sizeof(hostname));
 #else
 		char *hostname = cli_strtok(serverHostNames, server_index, ":");
 #endif

 		perror(hostname);

 		logg(_("^Check clamd server %s - it may be down\n"), hostname);
 #ifndef	MAXHOSTNAMELEN
 		free(hostname);
 #endif
 		broadcast(_("Check clamd server - it may be down\n"));
 	}
 
 	return var;
 }

 #endif

 /*

  * Sendmail wants to establish a connexion to us

  * TODO: is it possible (desirable?) to determine if the remote machine has been
  *	compromised?

  */

 static sfsistat
 clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)

 {

 #if	defined(HAVE_INET_NTOP) || defined(WITH_TCPWRAP)

 	char ip[INET6_ADDRSTRLEN];

 #endif

 	int t;

 	const char *remoteIP;

 	struct privdata *privdata;

 	if(quitting)
 		return cl_error;
 

 	if(ctx == NULL) {

 		logg(_("!clamfi_connect: ctx is null"));

 		return cl_error;
 	}

 	if(hostname == NULL) {

 		logg(_("!clamfi_connect: hostname is null"));

 		return cl_error;
 	}

 	if(smfi_getpriv(ctx) != NULL) {

 		/* More than one connexion command, "can't happen" */

 		cli_warnmsg("clamfi_connect: called more than once\n");
 		clamfi_cleanup(ctx);
 		return cl_error;
 	}

 #ifdef AF_INET6
 	if((hostaddr == NULL) ||
 	   ((hostaddr->sa_family == AF_INET) && (&(((struct sockaddr_in *)(hostaddr))->sin_addr) == NULL)) ||
 	   ((hostaddr->sa_family == AF_INET6) && (&(((struct sockaddr_in6 *)(hostaddr))->sin6_addr) == NULL)))
 #else

 	if((hostaddr == NULL) || (&(((struct sockaddr_in *)(hostaddr))->sin_addr) == NULL))

 #endif

 		/*
 		 * According to the sendmail API hostaddr is NULL if
 		 * "the type is not supported in the current version". What

 		 * the documentation doesn't say is the type of what.

 		 *

 		 * Possibly the input is not a TCP/IP socket e.g. stdin?

 		 */
 		remoteIP = "127.0.0.1";
 	else {

 #ifdef HAVE_INET_NTOP

 		switch(hostaddr->sa_family) {

 			case AF_INET:
 				remoteIP = (char *)inet_ntop(AF_INET, &((struct sockaddr_in *)(hostaddr))->sin_addr, ip, sizeof(ip));
 				break;
 #ifdef AF_INET6
 			case AF_INET6:
 				remoteIP = (char *)inet_ntop(AF_INET6, &((struct sockaddr_in6 *)(hostaddr))->sin6_addr, ip, sizeof(ip));
 				break;
 #endif
 			default:
 				logg(_("clamfi_connect: Unexpected sa_family %d\n"),
 					hostaddr->sa_family);
 				return cl_error;
 		}
 

 #else

 		remoteIP = inet_ntoa(((struct sockaddr_in *)(hostaddr))->sin_addr);

 #endif

 		if(remoteIP == NULL) {

 			logg(_("clamfi_connect: remoteIP is null"));

 			return cl_error;
 		}

 	}

 #ifdef	CL_DEBUG

 	if(debug_level >= 4) {

 		if(hostname[0] == '[')

 			logg(_("clamfi_connect: connexion from %s"), remoteIP);

 		else

 			logg(_("clamfi_connect: connexion from %s [%s]"), hostname, remoteIP);

 	}

 #endif

 #ifdef	WITH_TCPWRAP
 	/*
 	 * Support /etc/hosts.allow and /etc/hosts.deny
 	 */

 	if(strncasecmp(port, "inet:", 5) == 0) {

 		const char *hostmail;

 		struct hostent hostent;

 		char buf[BUFSIZ];

 		static pthread_mutex_t wrap_mutex = PTHREAD_MUTEX_INITIALIZER;

 		/*

 		 * Using TCP/IP for the sendmail->clamav-milter connexion

 		 */

 		if(((hostmail = smfi_getsymval(ctx, "{if_name}")) == NULL) &&
 		   ((hostmail = smfi_getsymval(ctx, "j")) == NULL)) {

 			logg(_("Can't get sendmail hostname"));

 			return cl_error;

 		}

 		/*
 		 * Use hostmail for error statements, not hostname, suggestion
 		 * by Yar Tikhiy <yar@comp.chem.msu.su>
 		 */

 		if(r_gethostbyname(hostmail, &hostent, buf, sizeof(buf)) != 0) {

 			logg(_("^Access Denied: Host Unknown (%s)"), hostmail);

 			if(hostmail[0] == '[')

 				/*
 				 * A case could be made that it's not clamAV's
 				 * job to check a system's DNS configuration
 				 * and let this message through. However I am
 				 * just too worried about any knock on effects
 				 * to do that...
 				 */
 				cli_warnmsg(_("Can't find entry for IP address %s in DNS - check your DNS setting\n"),

 					hostmail);

 			return cl_error;
 		}

 #ifdef HAVE_INET_NTOP

 		if(hostent.h_addr &&
 		   (inet_ntop(AF_INET, (struct in_addr *)hostent.h_addr, ip, sizeof(ip)) == NULL)) {
 			perror(hostent.h_name);

 			/*strcpy(ip, (char *)inet_ntoa(*(struct in_addr *)hostent.h_addr));*/

 			logg(_("^Access Denied: Can't get IP address for (%s)"), hostent.h_name);

 			return cl_error;
 		}

 #else

 		strncpy(ip, (char *)inet_ntoa(*(struct in_addr *)hostent.h_addr), sizeof(ip));

 		ip[sizeof(ip)-1]='\0';

 #endif

 
 		/*
 		 * Ask is this is a allowed name or IP number

 		 *
 		 * hosts_ctl uses strtok so it is not thread safe, see
 		 * hosts_access(3)

 		 */

 		pthread_mutex_lock(&wrap_mutex);

 		if(!hosts_ctl(progname, hostent.h_name, ip, STRING_UNKNOWN)) {

 			pthread_mutex_unlock(&wrap_mutex);

 			logg(_("^Access Denied for %s[%s]"), hostent.h_name, ip);

 			return SMFIS_TEMPFAIL;
 		}

 		pthread_mutex_unlock(&wrap_mutex);

 	}

 #endif	/*WITH_TCPWRAP*/

 	if(fflag)
 		/*
 		 * Patch from "Richard G. Roberto" <rgr@dedlegend.com>
 		 * Always scan whereever the message is from
 		 */
 		return SMFIS_CONTINUE;
 

 	if(!oflag)
 		if(strcmp(remoteIP, "127.0.0.1") == 0) {

 			logg(_("*clamfi_connect: not scanning outgoing messages"));

 			return SMFIS_ACCEPT;
 		}
 

 	if((!lflag) && isLocal(remoteIP)) {

 #ifdef	CL_DEBUG

 		logg(_("*clamfi_connect: not scanning local messages\n"));

 #endif

 		return SMFIS_ACCEPT;

 	}

 #if	defined(HAVE_INET_NTOP) || defined(WITH_TCPWRAP)

 	if(detect_forged_local_address && !isLocal(ip)) {

 #else

 	if(detect_forged_local_address && !isLocal(remoteIP)) {

 #endif

 		char me[MAXHOSTNAMELEN + 1];
 
 		if(gethostname(me, sizeof(me) - 1) < 0) {

 			logg(_("^clamfi_connect: gethostname failed"));

 			return SMFIS_CONTINUE;
 		}

 		logg("*me '%s' hostname '%s'\n", me, hostname);

 		if(strcasecmp(hostname, me) == 0) {

 			logg(_("Rejected connexion falsely claiming to be from here\n"));

 			smfi_setreply(ctx, "550", "5.7.1", _("You have claimed to be me, but you are not"));
 			broadcast(_("Forged local address detected"));
 			return SMFIS_REJECT;
 		}
 	}

 	if(isBlacklisted(remoteIP)) {

 		char mess[128];

 		/*
 		 * TODO: Option to greylist rather than blacklist, by sending
 		 *	a try again code

 		 * TODO: state *which* virus

 		 * TODO: add optional list of IP addresses that won't be
 		 *	blacklisted

 		 */

 		logg("Rejected connexion from blacklisted IP %s\n", remoteIP);
 
 		snprintf(mess, sizeof(mess), _("%s is blacklisted because your machine is infected with a virus"), remoteIP);
 		smfi_setreply(ctx, "550", "5.7.1", mess);

 		broadcast(_("Blacklisted IP detected"));

 
 		/*
 		 * Keep them blacklisted
 		 */
 		pthread_mutex_lock(&blacklist_mutex);
 		(void)tableUpdate(blacklist, remoteIP, (int)time((time_t *)0));
 		pthread_mutex_unlock(&blacklist_mutex);
 

 		return SMFIS_REJECT;
 	}
 

 	if(blacklist_time == 0)
 		return SMFIS_CONTINUE;	/* allocate privdata per message */
 

 	pthread_mutex_lock(&blacklist_mutex);
 	t = tableFind(blacklist, remoteIP);
 	pthread_mutex_unlock(&blacklist_mutex);
 

 	if(t == 0)

 		return SMFIS_CONTINUE;	/* this IP will never be blacklisted */
 

 	privdata = (struct privdata *)cli_calloc(1, sizeof(struct privdata));
 	if(privdata == NULL)
 		return cl_error;
 

 #ifdef	SESSION
 	privdata->dataSocket = -1;
 #else
 	privdata->dataSocket = privdata->cmdSocket = -1;
 #endif
 

 	if(smfi_setpriv(ctx, privdata) == MI_SUCCESS) {

 		strcpy(privdata->ip, remoteIP);

 		return SMFIS_CONTINUE;
 	}
 

 	free(privdata);

 
 	return cl_error;

 }
 

 /*
  * Since sendmail requires that MAIL FROM is called before RCPT TO, it is
  *	safe to assume that this routine is called first, so the n_children
  *	handler is put here
  */

 static sfsistat
 clamfi_envfrom(SMFICTX *ctx, char **argv)
 {
 	struct privdata *privdata;

 	const char *mailaddr = argv[0];

 	logg("*clamfi_envfrom: %s\n", argv[0]);

 	if(isWhitelisted(argv[0], 0)) {
 		logg(_("*clamfi_envfrom: ignoring whitelisted message"));
 		return SMFIS_ACCEPT;
 	}
 

 	if(strcmp(argv[0], "<>") == 0) {
 		mailaddr = smfi_getsymval(ctx, "{mail_addr}");

 		if(mailaddr == NULL)
 			mailaddr = smfi_getsymval(ctx, "_");
 
 		if(mailaddr && *mailaddr)
 			cli_dbgmsg("Message from \"%s\" has no from field\n", mailaddr);

 		else {
 #if	0
 			if(use_syslog)
 				syslog(LOG_NOTICE, _("Rejected email with empty from field"));
 			smfi_setreply(ctx, "554", "5.7.1", _("You have not said who the email is from"));
 			broadcast(_("Reject email with empty from field"));
 			clamfi_cleanup(ctx);
 			return SMFIS_REJECT;
 #endif

 			mailaddr = "<>";

 		}
 	}

 	privdata = smfi_getpriv(ctx);

 	if(privdata == NULL) {
 		privdata = (struct privdata *)cli_calloc(1, sizeof(struct privdata));
 		if(privdata == NULL)
 			return cl_error;
 		if(smfi_setpriv(ctx, privdata) != MI_SUCCESS) {
 			free(privdata);
 			return cl_error;
 		}

 		if(!increment_connexions()) {

 			smfi_setreply(ctx, "451", "4.3.2", _("AV system temporarily overloaded - please try later"));
 			free(privdata);
 			smfi_setpriv(ctx, NULL);
 			return SMFIS_TEMPFAIL;

 		}

 	} else {

 		/* More than one message on this connexion */
 		char ip[INET6_ADDRSTRLEN];

 		strcpy(ip, privdata->ip);
 		if(isBlacklisted(ip)) {

 			char mess[80 + INET6_ADDRSTRLEN];
 

 			logg("Rejected email from blacklisted IP %s\n", ip);
 
 			/*

 			 * TODO: Option to greylist rather than blacklist, by
 			 *	sending	a try again code

 			 * TODO: state *which* virus
 			 */

 			sprintf(mess, "Your IP (%s) is blacklisted because your machine is infected with a virus", ip);
 			smfi_setreply(ctx, "550", "5.7.1", mess);

 			broadcast(_("Blacklisted IP detected"));
 
 			/*
 			 * Keep them blacklisted
 			 */
 			pthread_mutex_lock(&blacklist_mutex);
 			(void)tableUpdate(blacklist, ip, (int)time((time_t *)0));
 			pthread_mutex_unlock(&blacklist_mutex);
 
 			return SMFIS_REJECT;

 		}

 		clamfi_free(privdata, 1);

 		strcpy(privdata->ip, ip);

 	}
 

 #ifdef	SESSION
 	privdata->dataSocket = -1;
 #else
 	privdata->dataSocket = privdata->cmdSocket = -1;
 #endif
 

 	/*
 	 * Rejection is via 550 until DATA is received. We know that
 	 * DATA has been sent when either we get a header or the end of
 	 * header statement
 	 */
 	privdata->rejectCode = "550";
 

 	privdata->from = cli_strdup(mailaddr);

 	if(hflag) {

 		privdata->headers = header_list_new();

 		if(privdata->headers == NULL) {
 			clamfi_free(privdata, 1);
 			return cl_error;
 		}
 	}
 

 	return SMFIS_CONTINUE;

 }
 

 #ifdef	CL_DEBUG
 static sfsistat
 clamfi_helo(SMFICTX *ctx, char *helostring)
 {

 	logg("HELO '%s'\n", helostring);

 
 	return SMFIS_CONTINUE;
 }
 #endif
 

 static sfsistat
 clamfi_envrcpt(SMFICTX *ctx, char **argv)
 {
 	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);

 	const char *to, *ptr;

 	logg("*clamfi_envrcpt: %s\n", argv[0]);

 	if(privdata == NULL)	/* sanity check */
 		return cl_error;
 

 	if(privdata->to == NULL) {

 		privdata->to = cli_malloc(sizeof(char *) * 2);

 
 		assert(privdata->numTo == 0);
 	} else

 		privdata->to = cli_realloc(privdata->to, sizeof(char *) * (privdata->numTo + 2));

 	if(privdata->to == NULL)

 		return cl_error;

 	to = smfi_getsymval(ctx, "{rcpt_addr}");
 	if(to == NULL)
 		to = argv[0];
 

 	for(ptr = to; !dont_sanitise && *ptr; ptr++)

 		if(strchr("|;", *ptr) != NULL) {
 			smfi_setreply(ctx, "554", "5.7.1", _("Suspicious recipient address blocked"));

 			logg("^Suspicious recipient address blocked: '%s'\n", to);

 			privdata->to[privdata->numTo] = NULL;

 			if(blacklist_time && privdata->ip[0]) {
 				logg(_("Will blacklist %s for %d seconds because of cracking attempt\n"),
 					privdata->ip, blacklist_time);
 				pthread_mutex_lock(&blacklist_mutex);
 				(void)tableUpdate(blacklist, privdata->ip,
 					(int)time((time_t *)0));
 				pthread_mutex_unlock(&blacklist_mutex);
 			}

 			/*
 			 * REJECT rejects this recipient, not the entire email
 			 */

 			return SMFIS_REJECT;
 		}
 

 	privdata->to[privdata->numTo] = cli_strdup(to);

 	privdata->to[++privdata->numTo] = NULL;
 
 	return SMFIS_CONTINUE;
 }
 
 static sfsistat
 clamfi_header(SMFICTX *ctx, char *headerf, char *headerv)
 {
 	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
 
 #ifdef	CL_DEBUG
 	if(debug_level >= 9)

 		logg("*clamfi_header: %s: %s\n", headerf, headerv);

 	else

 		logg("*clamfi_header: %s\n", headerf);

 #else

 	logg("*clamfi_header: %s\n", headerf);

 #endif
 

 	/*
 	 * The DATA instruction from SMTP (RFC2821) must have been sent
 	 */
 	privdata->rejectCode = "554";
 

 	if(hflag)

 		header_list_add(privdata->headers, headerf, headerv);

 	else if((strcasecmp(headerf, "Received") == 0) &&

 		(strncasecmp(headerv, "from ", 5) == 0) &&
 		(strstr(headerv, "localhost") != 0)) {

 		if(privdata->received)

 			free(privdata->received);