@@ -1,3 +1,9 @@

+Tue May 11 02:07:55 CEST 2004 (tk)

+----------------------------------

+  * libclamav: scanners: revert to old X-* magic strings

+  * clamd, freshclam: allow facility specification with LogFacility

+  * clamd: do not scan files in /proc under Linux

+

 Mon May 10 12:25:09 BST 2004 (njh)

 ----------------------------------

   * libclamav:		Don't call cli_filetype() so often since the latest

@@ -68,6 +68,9 @@ void clamd(struct optstruct *opt)

 	const char *dbdir, *cfgfile;

 	int ret, virnum = 0, tcpsock;

 	char *var;

+#ifdef C_LINUX

+	struct stat sb;

+#endif

     /* initialize some important variables */

@@ -146,12 +149,20 @@ void clamd(struct optstruct *opt)

 #if defined(USE_SYSLOG) && !defined(C_AIX)

-    if((cpt = cfgopt(copt, "LogSyslog"))) {

-	openlog("clamd", LOG_PID, LOG_LOCAL6);

+    if(cfgopt(copt, "LogSyslog")) {

+	    int fac = LOG_LOCAL6;

+

+	if((cpt = cfgopt(copt, "LogFacility"))) {

+	    if((fac = logg_facility(cpt->strarg)) == -1) {

+		fprintf(stderr, "ERROR: LogFacility: %s: No such facility.\n", cpt->strarg);

+		exit(1);

+	    }

+	}

+

+	openlog("clamd", LOG_PID, fac);

 	logg_syslog = 1;

 	syslog(LOG_INFO, "Daemon started.\n");

-    } else

-	logg_syslog = 0;

+    }

 #endif

     if(logg_size)

@@ -161,6 +172,12 @@ void clamd(struct optstruct *opt)

     logg("*Verbose logging activated.\n");

+#ifdef C_LINUX

+    if(stat("/proc", &sb) == -1)

+	procdev = 0;

+    else

+	procdev = sb.st_dev;

+#endif

     /* check socket type */

@@ -43,6 +43,10 @@

 #include "shared.h"

 #include "output.h"

+#ifdef C_LINUX

+dev_t procdev; /* /proc device */

+#endif

+

 int checksymlink(const char *path)

 {

 	struct stat statbuf;

@@ -102,7 +106,19 @@ int dirscan(const char *dirname, const char **virname, unsigned long int *scanne

 			    }

 			} else {

 			    if(S_ISREG(statbuf.st_mode) || (S_ISLNK(statbuf.st_mode) && (checksymlink(fname) == 2) && cfgopt(copt, "FollowFileSymlinks"))) {

-				if((scanret = cl_scanfile(fname, virname, scanned, root, limits, options)) == CL_VIRUS) {

+

+#ifdef C_LINUX

+				if(procdev) {

+				    if(statbuf.st_dev == procdev)

+					scanret = CL_CLEAN;

+				    else

+					scanret = cl_scanfile(fname, virname, scanned, root, limits, options);

+				}

+#else

+				scanret = cl_scanfile(fname, virname, scanned, root, limits, options);

+#endif

+				if(scanret == CL_VIRUS) {

+

 				    mdprintf(odesc, "%s: %s FOUND\n", fname, *virname);

 				    logg("%s: %s FOUND\n", fname, *virname);

 				    virusaction(*virname, copt);

@@ -115,7 +131,7 @@ int dirscan(const char *dirname, const char **virname, unsigned long int *scanne

 				} else if(scanret != CL_CLEAN) {

 				    mdprintf(odesc, "%s: %s ERROR\n", fname, cl_strerror(scanret));

 				    logg("%s: %s ERROR\n", fname, cl_strerror(scanret));

-				} else if (logok) {

+				} else if(logok) {

 				    logg("%s: OK\n", fname);

 				}

 			    }

@@ -166,7 +182,17 @@ int scan(const char *filename, unsigned long int *scanned, const struct cl_node

 		mdprintf(odesc, "%s: Empty file\n", filename);

 		return 0;

 	    }

+#ifdef C_LINUX

+	    if(procdev) {

+		if(sb.st_dev == procdev)

+		    ret = CL_CLEAN;

+		else

+		    ret = cl_scanfile(filename, &virname, scanned, root, limits, options);

+	    }

+#else

 	    ret = cl_scanfile(filename, &virname, scanned, root, limits, options);

+#endif

+

 	    if(ret == CL_VIRUS) {

 		mdprintf(odesc, "%s: %s FOUND\n", filename, virname);

 		logg("%s: %s FOUND\n", filename, virname);

@@ -21,4 +21,9 @@

 extern short debug_mode, logok;

+#ifdef C_LINUX

+#include <sys/types.h>

+extern dev_t procdev;

+#endif

+

 #endif

@@ -36,6 +36,10 @@ Example

 # Use system logger (can work together with LogFile).

 #LogSyslog

+# Specify the type of syslog messages - please refer to 'man syslog'

+# for facility names. Default is LOG_LOCAL6.

+#LogFacility LOG_MAIL

+

 # Enable verbose logging.

 #LogVerbose

@@ -17,6 +17,10 @@

 # Use system logger (can work together with UpdateLogFile).

 #LogSyslog

+# Specify the type of syslog messages - please refer to 'man syslog'

+# for facility names. Default is LOG_LOCAL6.

+#LogFacility LOG_MAIL

+

 # By default when freshclam is started by root it drops privileges and

 # switches to the "clamav" user. You can change this behaviour here.

 #DatabaseOwner clamav

@@ -197,10 +197,19 @@ int freshclam(struct optstruct *opt)

 	logg_file = NULL;

 #if defined(USE_SYSLOG) && !defined(C_AIX)

-    if((cpt = cfgopt(copt, "LogSyslog"))) {

-	openlog("freshclam", LOG_PID, LOG_LOCAL6);

+    if(cfgopt(copt, "LogSyslog")) {

+	    int fac = LOG_LOCAL6;

+

+	if((cpt = cfgopt(copt, "LogFacility"))) {

+	    if((fac = logg_facility(cpt->strarg)) == -1) {

+		mprintf("!LogFacility: %s: No such facility.\n", cpt->strarg);

+		exit(1);

+	    }

+	}

+

+	openlog("freshclam", LOG_PID, fac);

 	logg_syslog = 1;

-	syslog(LOG_INFO, "Freshclam started.\n");

+	syslog(LOG_INFO, "Daemon started.\n");

     }

 #endif

@@ -81,22 +81,26 @@ static const struct cli_magic_s cli_magic[] = {

     /* Mail */

-    {0,  "From ",			5,  "MBox",		  CL_MAILFILE},

-    {0,  "Received",			8,  "Raw mail",		  CL_MAILFILE},

+    {0,  "From ",			 5, "MBox",		  CL_MAILFILE},

+    {0,  "Received",			 8, "Raw mail",		  CL_MAILFILE},

     {0,  "Return-Path: ",		13, "Maildir",		  CL_MAILFILE},

     {0,  "Return-path: ",		13, "Maildir",		  CL_MAILFILE},

     {0,  "Delivered-To: ",		14, "Mail",		  CL_MAILFILE},

-    {0,  "X-",				2,  "Mail",		  CL_MAILFILE},

-    {0,  ">From ",			6,  "Mail",		  CL_MAILFILE},

-    {0,  "Date: ",			6,  "Mail",		  CL_MAILFILE},

+    {0,  "X-UIDL: ",			 8, "Mail",		  CL_MAILFILE},

+    {0,  "X-Apparently-To: ",		17, "Mail",		  CL_MAILFILE},

+    {0,  "X-Envelope-From: ",		17, "Mail",		  CL_MAILFILE},

+    {0,  "X-Symantec-",			11, "Symantec",		  CL_MAILFILE},

+    {0,  "X-EVS",			 5, "EVS mail",		  CL_MAILFILE},

+    {0,  ">From ",			 6, "Mail",		  CL_MAILFILE},

+    {0,  "Date: ",			 6, "Mail",		  CL_MAILFILE},

     {0,  "Message-Id: ",		12, "Mail",		  CL_MAILFILE},

     {0,  "Message-ID: ",		12, "Mail",		  CL_MAILFILE},

     {0,  "Envelope-to: ",		13, "Mail",		  CL_MAILFILE},

     {0,  "Delivery-date: ",		15, "Mail",		  CL_MAILFILE},

-    {0,  "To: ",			4,  "Mail",		  CL_MAILFILE},

-    {0,  "Subject: ",			9,  "Mail",		  CL_MAILFILE},

-    {0,  "For: ",			5,  "Eserv mail",	  CL_MAILFILE},

-    {0,  "From: ",			6,  "Exim mail",	  CL_MAILFILE},

+    {0,  "To: ",			 4, "Mail",		  CL_MAILFILE},

+    {0,  "Subject: ",			 9, "Mail",		  CL_MAILFILE},

+    {0,  "For: ",			 5, "Eserv mail",	  CL_MAILFILE},

+    {0,  "From: ",			 6, "Exim mail",	  CL_MAILFILE},

     {0,  "v:\015\012Received: ",	14, "VPOP3 Mail (DOS)",	  CL_MAILFILE},

     {0,  "v:\012Received: ",		13, "VPOP3 Mail (UNIX)",  CL_MAILFILE},

     {0,  "Hi. This is the qmail-send",  26, "Qmail bounce",	  CL_MAILFILE},

@@ -58,6 +58,7 @@ struct cfgstruct *parsecfg(const char *cfgfile)

 	    {"LogClean", OPT_NOARG},

 	    {"LogVerbose", OPT_NOARG}, /* clamd + freshclam */

 	    {"LogSyslog", OPT_NOARG},

+	    {"LogFacility", OPT_STR},

 	    {"PidFile", OPT_STR},

 	    {"TemporaryDirectory", OPT_STR},

 	    {"MaxFileSize", OPT_COMPSIZE},

@@ -186,6 +186,8 @@ int logg(const char *str, ...)

 	/* due to a problem with superfluous control characters (which

 	 * vsnprintf() handles correctly) in (v)syslog we have to remove

 	 * them in a final string

+	 *

+	 * FIXME: substitute %% instead of _

 	 */

 	vsnprintf(vbuff, 1024, str, args);

 	vbuff[1024] = 0;

@@ -282,3 +284,46 @@ void mprintf(const char *str, ...)

 	fflush(stdout);

 }

+

+struct facstruct {

+    const char *name;

+    int code;

+};

+

+#if defined(USE_SYSLOG) && !defined(C_AIX)

+static const struct facstruct facilitymap[] = {

+    { "LOG_AUTH",	LOG_AUTH },

+    { "LOG_AUTHPRIV",	LOG_AUTHPRIV },

+    { "LOG_CRON",	LOG_CRON },

+    { "LOG_DAEMON",	LOG_DAEMON },

+    { "LOG_FTP",	LOG_FTP },

+    { "LOG_KERN",	LOG_KERN },

+    { "LOG_LPR",	LOG_LPR },

+    { "LOG_MAIL",	LOG_MAIL },

+    { "LOG_NEWS",	LOG_NEWS },

+    { "LOG_AUTH",	LOG_AUTH },

+    { "LOG_SYSLOG",	LOG_SYSLOG },

+    { "LOG_USER",	LOG_USER },

+    { "LOG_UUCP",	LOG_UUCP },

+    { "LOG_LOCAL0",	LOG_LOCAL0 },

+    { "LOG_LOCAL1",	LOG_LOCAL1 },

+    { "LOG_LOCAL2",	LOG_LOCAL2 },

+    { "LOG_LOCAL3",	LOG_LOCAL3 },

+    { "LOG_LOCAL4",	LOG_LOCAL4 },

+    { "LOG_LOCAL5",	LOG_LOCAL5 },

+    { "LOG_LOCAL6",	LOG_LOCAL6 },

+    { "LOG_LOCAL7",	LOG_LOCAL7 },

+    { NULL,		-1 }

+};

+

+int logg_facility(const char *name)

+{

+	int i;

+

+    for(i = 0; facilitymap[i].name; i++)

+	if(!strcmp(facilitymap[i].name, name))

+	    return facilitymap[i].code;

+

+    return -1;

+}

+#endif

@@ -36,6 +36,7 @@ extern const char *logg_file;

 #if defined(USE_SYSLOG) && !defined(C_AIX)

 extern short logg_syslog;

+int logg_facility(const char *name);

 #endif

 void mprintf(const char *str, ...);