e3aaff8e |
/* |
086eab5c |
* Copyright (C) 2007-2009 Sourcefire, Inc.
*
* Authors: Tomasz Kojm |
e3aaff8e |
*
* This program is free software; you can redistribute it and/or modify |
bb34cb31 |
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. |
e3aaff8e |
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
e3aaff8e |
*/
|
67118e92 |
#ifdef _MSC_VER
#include <winsock.h>
#endif
|
98ac8d19 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
e3aaff8e |
#include <stdio.h>
#include <stdlib.h> |
a9ebff44 |
#include <string.h> |
67118e92 |
#ifdef HAVE_UNISTD_H |
e3aaff8e |
#include <unistd.h>
#include <sys/time.h> |
67118e92 |
#endif |
e3aaff8e |
#include <sys/types.h>
#include <sys/stat.h> |
96b02502 |
#include <fcntl.h> |
e3aaff8e |
#include <time.h> |
a9d3aa14 |
#ifdef C_WINDOWS
#include <direct.h> /* for chdir */
#else |
e3aaff8e |
#include <pwd.h>
#include <grp.h> |
67118e92 |
#endif |
e3aaff8e |
|
afb48b28 |
#if defined(USE_SYSLOG) && !defined(C_AIX) |
e3aaff8e |
#include <syslog.h>
#endif
|
cea858e0 |
#ifdef C_LINUX
#include <sys/resource.h>
#endif
|
bd8603aa |
#include "target.h"
#include "libclamav/clamav.h"
#include "libclamav/others.h" |
3d53538b |
#include "libclamav/matcher-ac.h" |
8cc8f810 |
#include "libclamav/readdb.h" |
bd8603aa |
#include "shared/output.h" |
064b4a0c |
#include "shared/optparser.h" |
bd8603aa |
#include "shared/misc.h"
#include "server.h" |
e3aaff8e |
#include "tcpserver.h"
#include "localserver.h"
#include "others.h" |
afb48b28 |
#include "shared.h" |
6d6e8271 |
|
a9d3aa14 |
#ifndef C_WINDOWS
#define closesocket(s) close(s)
#endif |
e3aaff8e |
|
58bcf502 |
short debug_mode = 0, logok = 0; |
0ae41a2d |
short foreground = 0;
|
fc83da82 |
static void help(void) |
bd8603aa |
{
printf("\n"); |
add738d2 |
printf(" Clam AntiVirus Daemon %s\n", get_version()); |
6670464f |
printf(" By The ClamAV Team: http://www.clamav.net/team\n");
printf(" (C) 2007-2009 Sourcefire, Inc.\n\n"); |
bd8603aa |
printf(" --help -h Show this help.\n");
printf(" --version -V Show version number.\n");
printf(" --debug Enable debug mode.\n");
printf(" --config-file=FILE -c FILE Read configuration from FILE.\n\n");
}
|
064b4a0c |
static struct optstruct *opts; |
dd15bc42 |
/* needs to be global, so that valgrind reports it as reachable, and not
* as definetely/indirectly lost when daemonizing clamd */ |
6e3256f4 |
static struct cl_engine *engine = NULL; |
7b8edc5c |
int main(int argc, char **argv) |
e3aaff8e |
{ |
064b4a0c |
const struct optstruct *opt; |
a9d3aa14 |
#ifndef C_WINDOWS |
ab8d8f52 |
struct passwd *user = NULL; |
a9d3aa14 |
#endif |
e3aaff8e |
time_t currtime;
const char *dbdir, *cfgfile; |
064b4a0c |
char *pua_cats = NULL, *pt; |
949c6fe5 |
int ret, tcpsock = 0, localsock = 0, i, min_port, max_port; |
bd8603aa |
unsigned int sigs = 0; |
57358cc8 |
int lsockets[2], nlsockets = 0; |
d6449522 |
unsigned int dboptions = 0; |
c695dab4 |
#ifdef C_LINUX
struct stat sb;
#endif |
7b8edc5c |
|
67118e92 |
#ifdef C_WINDOWS
if(!pthread_win32_process_attach_np()) {
mprintf("!Can't start the win32 pthreads layer\n");
return 1;
}
#endif |
7b8edc5c |
|
a68d5e2f |
if((opts = optparse(NULL, argc, argv, 1, OPT_CLAMD, 0, NULL)) == NULL) { |
064b4a0c |
mprintf("!Can't parse command line options\n"); |
7b8edc5c |
return 1;
} |
e3aaff8e |
|
064b4a0c |
if(optget(opts, "help")->enabled) { |
e3aaff8e |
help(); |
064b4a0c |
optfree(opts); |
bd8603aa |
return 0; |
e3aaff8e |
}
|
064b4a0c |
if(optget(opts, "debug")->enabled) { |
cea858e0 |
#if defined(C_LINUX)
/* njh@bandsman.co.uk: create a dump if needed */
struct rlimit rlim;
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
if(setrlimit(RLIMIT_CORE, &rlim) < 0)
perror("setrlimit");
#endif |
c238ac42 |
debug_mode = 1; |
cea858e0 |
} |
c238ac42 |
|
e3aaff8e |
/* parse the config file */ |
064b4a0c |
cfgfile = optget(opts, "config-file")->strarg;
pt = strdup(cfgfile); |
a68d5e2f |
if((opts = optparse(cfgfile, 0, NULL, 1, OPT_CLAMD, 0, opts)) == NULL) { |
064b4a0c |
fprintf(stderr, "ERROR: Can't open/parse the config file %s\n", pt);
free(pt); |
bd8603aa |
return 1; |
e3aaff8e |
} |
064b4a0c |
free(pt); |
0aa3ba06 |
|
064b4a0c |
if(optget(opts, "version")->enabled) {
print_version(optget(opts, "DatabaseDirectory")->strarg);
optfree(opts); |
0aa3ba06 |
return 0;
}
|
3ff40d08 |
umask(0);
|
0ae41a2d |
/* drop privileges */ |
67118e92 |
#if (!defined(C_OS2)) && (!defined(C_WINDOWS)) |
064b4a0c |
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
if((user = getpwnam(opt->strarg)) == NULL) {
fprintf(stderr, "ERROR: Can't get information about user %s.\n", opt->strarg);
optfree(opts); |
bd8603aa |
return 1; |
0ae41a2d |
}
|
064b4a0c |
if(optget(opts, "AllowSupplementaryGroups")->enabled) { |
0ae41a2d |
#ifdef HAVE_INITGROUPS |
064b4a0c |
if(initgroups(opt->strarg, user->pw_gid)) { |
0ae41a2d |
fprintf(stderr, "ERROR: initgroups() failed.\n"); |
064b4a0c |
optfree(opts); |
bd8603aa |
return 1; |
0ae41a2d |
}
#else |
1bf0d5a8 |
mprintf("!AllowSupplementaryGroups: initgroups() is not available, please disable AllowSupplementaryGroups in %s\n", cfgfile); |
064b4a0c |
optfree(opts); |
1bf0d5a8 |
return 1; |
0ae41a2d |
#endif
} else {
#ifdef HAVE_SETGROUPS
if(setgroups(1, &user->pw_gid)) {
fprintf(stderr, "ERROR: setgroups() failed.\n"); |
064b4a0c |
optfree(opts); |
bd8603aa |
return 1; |
0ae41a2d |
}
#endif
}
if(setgid(user->pw_gid)) {
fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid); |
064b4a0c |
optfree(opts); |
bd8603aa |
return 1; |
0ae41a2d |
}
if(setuid(user->pw_uid)) {
fprintf(stderr, "ERROR: setuid(%d) failed.\n", (int) user->pw_uid); |
064b4a0c |
optfree(opts); |
bd8603aa |
return 1; |
0ae41a2d |
}
}
#endif
|
e3aaff8e |
/* initialize logger */ |
064b4a0c |
logg_lock = !optget(opts, "LogFileUnlock")->enabled;
logg_time = optget(opts, "LogTime")->enabled;
logok = optget(opts, "LogClean")->enabled;
logg_size = optget(opts, "LogFileMaxSize")->numarg;
logg_verbose = mprintf_verbose = optget(opts, "LogVerbose")->enabled; |
af309677 |
mprintf_send_timeout = optget(opts, "SendBufTimeout")->numarg; |
e3aaff8e |
|
6e3256f4 |
do { /* logger initialized */
|
064b4a0c |
if((opt = optget(opts, "LogFile"))->enabled) { |
9e751804 |
char timestr[32]; |
064b4a0c |
logg_file = opt->strarg; |
75ccac9f |
if(strlen(logg_file) < 2 || (logg_file[0] != '/' && logg_file[0] != '\\' && logg_file[1] != ':')) { |
e3aaff8e |
fprintf(stderr, "ERROR: LogFile requires full path.\n"); |
6e3256f4 |
ret = 1;
break; |
e3aaff8e |
}
time(&currtime); |
9e751804 |
if(logg("#+++ Started at %s", cli_ctime(&currtime, timestr, sizeof(timestr)))) { |
c6677c94 |
fprintf(stderr, "ERROR: Can't initialize the internal logger\n"); |
6e3256f4 |
ret = 1;
break; |
e3aaff8e |
}
} else |
afb48b28 |
logg_file = NULL; |
e3aaff8e |
|
370892d0 |
if((ret = cl_init(CL_INIT_DEFAULT))) {
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret)); |
6e3256f4 |
ret = 1;
break; |
370892d0 |
}
|
fb6fe4f5 |
if(optget(opts, "Debug")->enabled) /* enable debug messages in libclamav */ { |
370892d0 |
cl_debug(); |
fb6fe4f5 |
logg_verbose = 2;
} |
370892d0 |
|
afb48b28 |
#if defined(USE_SYSLOG) && !defined(C_AIX) |
064b4a0c |
if(optget(opts, "LogSyslog")->enabled) { |
c695dab4 |
int fac = LOG_LOCAL6;
|
064b4a0c |
opt = optget(opts, "LogFacility");
if((fac = logg_facility(opt->strarg)) == -1) {
logg("!LogFacility: %s: No such facility.\n", opt->strarg); |
6e3256f4 |
ret = 1;
break; |
c695dab4 |
}
openlog("clamd", LOG_PID, fac); |
afb48b28 |
logg_syslog = 1; |
c695dab4 |
} |
e3aaff8e |
#endif
|
c695dab4 |
#ifdef C_LINUX |
53c7b870 |
procdev = 0;
if(stat("/proc", &sb) != -1 && !sb.st_size) |
c695dab4 |
procdev = sb.st_dev;
#endif |
e3aaff8e |
/* check socket type */
|
064b4a0c |
if(optget(opts, "TCPSocket")->enabled) |
e3aaff8e |
tcpsock = 1; |
57358cc8 |
|
064b4a0c |
if(optget(opts, "LocalSocket")->enabled) |
57358cc8 |
localsock = 1;
if(!tcpsock && !localsock) { |
bd8603aa |
logg("!Please define server type (local and/or TCP).\n"); |
6e3256f4 |
ret = 1;
break; |
e3aaff8e |
}
|
add738d2 |
logg("#clamd daemon %s (OS: "TARGET_OS_TYPE", ARCH: "TARGET_ARCH_TYPE", CPU: "TARGET_CPU_TYPE")\n", get_version()); |
50b26397 |
|
a9d3aa14 |
#ifndef C_WINDOWS |
ab8d8f52 |
if(user) |
e979398c |
logg("#Running as user %s (UID %u, GID %u)\n", user->pw_name, user->pw_uid, user->pw_gid); |
a9d3aa14 |
#endif |
ab8d8f52 |
|
50b26397 |
if(logg_size) |
e979398c |
logg("#Log file size limited to %d bytes.\n", logg_size); |
50b26397 |
else |
e979398c |
logg("#Log file size limit disabled.\n"); |
50b26397 |
|
949c6fe5 |
min_port = optget(opts, "StreamMinPort")->numarg;
max_port = optget(opts, "StreamMaxPort")->numarg;
if (min_port < 1024 || min_port > max_port || max_port > 65535) { |
456e31a3 |
logg("!Invalid StreamMinPort/StreamMaxPort: %d, %d\n", min_port, max_port); |
6e3256f4 |
ret = 1;
break; |
949c6fe5 |
}
|
b8fe70b3 |
if(!(engine = cl_engine_new())) { |
370892d0 |
logg("!Can't initialize antivirus engine\n"); |
6e3256f4 |
ret = 1;
break; |
370892d0 |
}
|
ee039e40 |
/* load the database(s) */ |
064b4a0c |
dbdir = optget(opts, "DatabaseDirectory")->strarg; |
e979398c |
logg("#Reading databases from %s\n", dbdir); |
e3aaff8e |
|
064b4a0c |
if(optget(opts, "DetectPUA")->enabled) { |
70edb085 |
dboptions |= CL_DB_PUA; |
b023c36d |
|
064b4a0c |
if((opt = optget(opts, "ExcludePUA"))->enabled) { |
b023c36d |
dboptions |= CL_DB_PUA_EXCLUDE;
i = 0;
logg("#Excluded PUA categories:"); |
064b4a0c |
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) { |
b023c36d |
logg("!Can't allocate memory for pua_cats\n"); |
370892d0 |
cl_engine_free(engine); |
6e3256f4 |
ret = 1;
break; |
b023c36d |
} |
064b4a0c |
logg("# %s", opt->strarg);
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1; |
b023c36d |
pua_cats[i] = 0; |
064b4a0c |
opt = opt->nextarg; |
b023c36d |
} |
6e3256f4 |
if (ret)
break; |
b023c36d |
logg("#\n");
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
|
064b4a0c |
if((opt = optget(opts, "IncludePUA"))->enabled) { |
b023c36d |
if(pua_cats) {
logg("!ExcludePUA and IncludePUA cannot be used at the same time\n");
free(pua_cats); |
6e3256f4 |
ret = 1;
break; |
b023c36d |
}
dboptions |= CL_DB_PUA_INCLUDE;
i = 0;
logg("#Included PUA categories:"); |
064b4a0c |
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) { |
b023c36d |
logg("!Can't allocate memory for pua_cats\n"); |
6e3256f4 |
ret = 1;
break; |
b023c36d |
} |
064b4a0c |
logg("# %s", opt->strarg);
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1; |
b023c36d |
pua_cats[i] = 0; |
064b4a0c |
opt = opt->nextarg; |
b023c36d |
} |
6e3256f4 |
if (ret)
break; |
b023c36d |
logg("#\n");
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if(pua_cats) { |
2accc66f |
if((ret = cl_engine_set_str(engine, CL_ENGINE_PUA_CATEGORIES, pua_cats))) {
logg("!cli_engine_set_str(CL_ENGINE_PUA_CATEGORIES) failed: %s\n", cl_strerror(ret)); |
b023c36d |
free(pua_cats); |
6e3256f4 |
ret = 1;
break; |
b023c36d |
} |
370892d0 |
free(pua_cats); |
b023c36d |
}
} else { |
e979398c |
logg("#Not loading PUA signatures.\n"); |
b023c36d |
} |
70edb085 |
|
33068e09 |
/* set the temporary dir */ |
064b4a0c |
if((opt = optget(opts, "TemporaryDirectory"))->enabled) { |
2accc66f |
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
logg("!cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret)); |
6e3256f4 |
ret = 1;
break; |
33068e09 |
}
}
|
2accc66f |
if(optget(opts, "LeaveTemporaryFiles")->enabled)
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1); |
33068e09 |
|
064b4a0c |
if(optget(opts, "PhishingSignatures")->enabled) |
9f8098c0 |
dboptions |= CL_DB_PHISHING;
else |
e979398c |
logg("#Not loading phishing signatures.\n"); |
d6449522 |
|
064b4a0c |
if(optget(opts,"PhishingScanURLs")->enabled) |
19b3e182 |
dboptions |= CL_DB_PHISHING_URLS;
else |
e979398c |
logg("#Disabling URL based phishing detection.\n"); |
19b3e182 |
|
064b4a0c |
if(optget(opts,"DevACOnly")->enabled) { |
e979398c |
logg("#Only using the A-C matcher.\n"); |
2accc66f |
cl_engine_set_num(engine, CL_ENGINE_AC_ONLY, 1); |
3d53538b |
}
|
064b4a0c |
if((opt = optget(opts, "DevACDepth"))->enabled) { |
2accc66f |
cl_engine_set_num(engine, CL_ENGINE_AC_MAXDEPTH, opt->numarg); |
a168a378 |
logg("#Max A-C depth set to %u\n", (unsigned int) opt->numarg); |
3d53538b |
}
|
370892d0 |
if((ret = cl_load(dbdir, engine, &sigs, dboptions))) { |
049a18b9 |
logg("!%s\n", cl_strerror(ret)); |
6e3256f4 |
ret = 1;
break; |
e3aaff8e |
}
|
e979398c |
logg("#Loaded %u signatures.\n", sigs); |
370892d0 |
if((ret = cl_engine_compile(engine)) != 0) {
logg("!Database initialization error: %s\n", cl_strerror(ret)); |
6e3256f4 |
ret = 1;
break; |
2d70a403 |
} |
e3aaff8e |
|
bd8603aa |
if(tcpsock) { |
67118e92 |
#ifdef C_WINDOWS
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) {
logg("!Error at WSAStartup(): %d\n", WSAGetLastError()); |
6e3256f4 |
ret = 1;
break; |
67118e92 |
}
#endif |
6e3256f4 |
if ((lsockets[nlsockets] = tcpserver(opts)) == -1) {
ret = 1;
break; |
bd8603aa |
}
nlsockets++;
} |
57358cc8 |
|
bd8603aa |
if(localsock) { |
6e3256f4 |
if ((lsockets[nlsockets] = localserver(opts)) == -1) {
ret = 1;
break; |
bd8603aa |
}
nlsockets++;
} |
57358cc8 |
|
e979398c |
/* fork into background */ |
064b4a0c |
if(!optget(opts, "Foreground")->enabled) { |
9a223418 |
#ifdef C_BSD
/* workaround for OpenBSD bug, see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=885 */
for(ret=0;ret<nlsockets;ret++) {
fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) | O_NONBLOCK);
}
#endif |
e979398c |
if(daemonize() == -1) {
logg("!daemonize() failed\n"); |
6e3256f4 |
ret = 1;
break; |
e979398c |
} |
9a223418 |
#ifdef C_BSD
for(ret=0;ret<nlsockets;ret++) {
fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) & ~O_NONBLOCK);
}
#endif |
e979398c |
if(!debug_mode)
if(chdir("/") == -1)
logg("^Can't change current working directory to root\n");
} else
foreground = 1;
|
949c6fe5 |
ret = recvloop_th(lsockets, nlsockets, engine, dboptions, opts); |
e3aaff8e |
|
6e3256f4 |
} while (0);
logg("*Closing the main socket%s.\n", (nlsockets > 1) ? "s" : "");
for (i = 0; i < nlsockets; i++) { |
7a997ac9 |
closesocket(lsockets[i]); |
6e3256f4 |
}
#ifndef C_OS2 |
7a997ac9 |
if(nlsockets && localsock) {
opt = optget(opts, "LocalSocket"); |
6e3256f4 |
if(unlink(opt->strarg) == -1)
logg("!Can't unlink the socket file %s\n", opt->strarg);
else |
7a997ac9 |
logg("Socket file removed.\n"); |
6e3256f4 |
}
#endif
|
67118e92 |
#ifdef C_WINDOWS
if(tcpsock)
WSACleanup();
if(!pthread_win32_process_detach_np()) {
logg("!Can't stop the win32 pthreads layer\n");
logg_close(); |
064b4a0c |
optfree(opts); |
67118e92 |
return 1;
}
#endif
|
9e431a95 |
logg_close(); |
064b4a0c |
optfree(opts); |
e3aaff8e |
|
bd8603aa |
return ret; |
e3aaff8e |
} |