/* * Copyright (C)2008 Sourcefire, Inc. * * Author: aCaB <acab@clamav.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301, USA. */ #if HAVE_CONFIG_H #include "clamav-config.h" #endif #include <stdio.h> #include <sys/types.h> #include <unistd.h> #include <pwd.h> #include <grp.h> #include <string.h> #include <syslog.h> #include <time.h> #include <libmilter/mfapi.h> #include "clamav.h" #include "shared/options.h" #include "shared/output.h" #include "shared/cfgparser.h" #include "shared/misc.h" #include "connpool.h" #include "netcode.h" #include "clamfi.h" struct smfiDesc descr = { "ClamAV", /* filter name */ SMFI_VERSION, /* milter version */ SMFIF_ADDHDRS|SMFIF_ADDRCPT, /* flags */ NULL, /* connection info filter */ NULL, /* SMTP HELO command filter */ NULL, /* envelope sender filter */ NULL, /* envelope recipient filter */ NULL, /* header filter */ NULL, /* end of header */ clamfi_body, /* body block */ clamfi_eom, /* end of message */ NULL, /* message aborted */ NULL, /* connection cleanup */ NULL, /* any unrecognized or unimplemented command filter */ NULL, /* SMTP DATA command filter */ NULL /* negotiation callback */ }; int main(int argc, char **argv) { static struct cfgstruct *copt; char *my_socket; const struct cfgstruct *cpt; struct optstruct *opt; const char *short_options = "c:hV"; static struct option long_options[] = { {"config-file", required_argument, NULL, 'c'}, {"help", no_argument, NULL, 'h'}, {"version", no_argument, NULL, 'V'}, {NULL, 0, NULL, 0} }; const char *my_conf = CONFDIR "/clamav-milter.conf"; int ret; opt = opt_parse(argc, argv, short_options, long_options, NULL, NULL); if (!opt) { mprintf("!Can't parse the command line\n"); return 1; } if(opt_check(opt, "help")) { printf("Usage: %s [-c <config-file>]\n\n", argv[0]); printf(" --help -h Show this help\n"); printf(" --version -V Show version and exit\n"); printf(" --config-file <file> -c Read configuration from file\n\n"); opt_free(opt); return 0; } if(opt->filename) mprintf("^Ignoring option %s\n", opt->filename); if(opt_check(opt, "version")) { printf("clamav-milter %s\n", get_version()); opt_free(opt); return 0; } if(opt_check(opt, "config-file")) my_conf = opt_arg(opt, "config-file"); if((copt = getcfg(my_conf, 1, OPT_MILTER)) == NULL) { printf("%s: cannot parse config file %s\n", argv[0], my_conf); opt_free(opt); return 1; } opt_free(opt); if(geteuid() == 0 && (cpt = cfgopt(copt, "User"))->enabled) { struct passwd *user = NULL; if((user = getpwnam(cpt->strarg)) == NULL) { fprintf(stderr, "ERROR: Can't get information about user %s.\n", cpt->strarg); freecfg(copt); return 1; } if(cfgopt(copt, "AllowSupplementaryGroups")->enabled) { #ifdef HAVE_INITGROUPS if(initgroups(cpt->strarg, user->pw_gid)) { fprintf(stderr, "ERROR: initgroups() failed.\n"); freecfg(copt); return 1; } #else mprintf("!AllowSupplementaryGroups: initgroups() is not available, please disable AllowSupplementaryGroups\n"); freecfg(copt); return 1; #endif } else { #ifdef HAVE_SETGROUPS if(setgroups(1, &user->pw_gid)) { fprintf(stderr, "ERROR: setgroups() failed.\n"); freecfg(copt); return 1; } #endif } if(setgid(user->pw_gid)) { fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid); freecfg(copt); return 1; } if(setuid(user->pw_uid)) { fprintf(stderr, "ERROR: setuid(%d) failed.\n", (int) user->pw_uid); freecfg(copt); return 1; } } logg_lock = !cfgopt(copt, "LogFileUnlock")->enabled; logg_time = cfgopt(copt, "LogTime")->enabled; logg_size = cfgopt(copt, "LogFileMaxSize")->numarg; logg_verbose = mprintf_verbose = cfgopt(copt, "LogVerbose")->enabled; if((cpt = cfgopt(copt, "LogFile"))->enabled) { time_t currtime; logg_file = cpt->strarg; if(strlen(logg_file) < 2 || logg_file[0] != '/') { fprintf(stderr, "ERROR: LogFile requires full path.\n"); logg_close(); freecfg(copt); return 1; } time(&currtime); if(logg("#+++ Started at %s", ctime(&currtime))) { fprintf(stderr, "ERROR: Can't initialize the internal logger\n"); logg_close(); freecfg(copt); return 1; } } else logg_file = NULL; #if defined(USE_SYSLOG) && !defined(C_AIX) if(cfgopt(copt, "LogSyslog")->enabled) { int fac; cpt = cfgopt(copt, "LogFacility"); if((fac = logg_facility(cpt->strarg)) == -1) { logg("!LogFacility: %s: No such facility.\n", cpt->strarg); logg_close(); freecfg(copt); return 1; } openlog("clamd", LOG_PID, fac); logg_syslog = 1; } #endif umask(0007); if(!(my_socket = cfgopt(copt, "MilterSocket")->strarg)) { logg("!Please configure the MilterSocket directive\n"); logg_close(); freecfg(copt); return 1; } if(smfi_setconn(my_socket) == MI_FAILURE) { logg("!smfi_setconn failed\n"); logg_close(); freecfg(copt); return 1; } if(smfi_register(descr) == MI_FAILURE) { logg("!smfi_register failed\n"); logg_close(); freecfg(copt); return 1; } cpt = cfgopt(copt, "FixStaleSocket"); if(smfi_opensocket(cpt->enabled) == MI_FAILURE) { logg("!Failed to create socket %s\n", my_socket); logg_close(); freecfg(copt); return 1; } maxfilesize = cfgopt(copt, "MaxFileSize")->numarg; readtimeout = cfgopt(copt, "ReadTimeout")->numarg; cpool_init(copt); if (!cp) { logg("!Failed to init the socket pool\n"); logg_close(); freecfg(copt); return 1; } if(!cfgopt(copt, "Foreground")->enabled) { if(daemonize() == -1) { logg("!daemonize() failed\n"); cpool_free(); logg_close(); return 1; } if(chdir("/") == -1) logg("^Can't change current working directory to root\n"); } freecfg(copt); ret = smfi_main(); logg_close(); cpool_free(); return ret; } /* * Local Variables: * mode: c * c-basic-offset: 4 * tab-width: 8 * End: * vim: set cindent smartindent autoindent softtabstop=4 shiftwidth=4 tabstop=8: */