git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@794 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/08/25 20:44:57... | ... |
@@ -470,6 +470,13 @@ Changes |
470 | 470 |
reported by "Sergey Y. Afonin" <asy@kraft-s.ru> |
471 | 471 |
0.75k 13/8/04 Single thread through tcp_wrappers, reported by |
472 | 472 |
David Champion <dgc@uchicago.edu> |
473 |
+0.75l 24/8/04 Give hint about what do to if the running as root warning |
|
474 |
+ appears |
|
475 |
+ Optimise the sending of the To and From headers to clamd |
|
476 |
+ Give better SMTP status message when asking for retransmit |
|
477 |
+ when --dont-wait is set |
|
478 |
+ Quarantine files, now handle operating system filename |
|
479 |
+ restrictions |
|
473 | 480 |
|
474 | 481 |
BUG REPORTS |
475 | 482 |
|
... | ... |
@@ -26,6 +26,9 @@ |
26 | 26 |
* |
27 | 27 |
* Change History: |
28 | 28 |
* $Log: clamav-milter.c,v $ |
29 |
+ * Revision 1.120 2004/08/25 11:44:56 nigelhorne |
|
30 |
+ * Tidy |
|
31 |
+ * |
|
29 | 32 |
* Revision 1.119 2004/08/13 10:21:38 nigelhorne |
30 | 33 |
* Single thread through tcp_wrappers |
31 | 34 |
* |
... | ... |
@@ -368,9 +371,9 @@ |
368 | 368 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
369 | 369 |
* Added -f flag use MaxThreads if --max-children not set |
370 | 370 |
*/ |
371 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.119 2004/08/13 10:21:38 nigelhorne Exp $"; |
|
371 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.120 2004/08/25 11:44:56 nigelhorne Exp $"; |
|
372 | 372 |
|
373 |
-#define CM_VERSION "0.75k" |
|
373 |
+#define CM_VERSION "0.75l" |
|
374 | 374 |
|
375 | 375 |
/*#define CONFDIR "/usr/local/etc"*/ |
376 | 376 |
|
... | ... |
@@ -445,7 +448,6 @@ typedef unsigned short in_port_t; |
445 | 445 |
* to get messages on the system console, see syslog.conf(5), also you |
446 | 446 |
* can use wall(1) in the VirusEvent entry in clamav.conf |
447 | 447 |
* TODO: build with libclamav.so rather than libclamav.a |
448 |
- * TODO: bounce message should optionally be read from a file |
|
449 | 448 |
* TODO: Support LogTime and Logfile from the conf file |
450 | 449 |
* TODO: Warn if TCPAddr doesn't allow connection from us |
451 | 450 |
* TODO: Decide action (bounce, discard, reject etc.) based on the virus |
... | ... |
@@ -651,7 +653,7 @@ static const char *from = "MAILER-DAEMON"; |
651 | 651 |
/* |
652 | 652 |
* NULL terminated whitelist of target ("to") addresses that we do NOT scan |
653 | 653 |
* TODO: read in from a file |
654 |
- * TODO: add white list of target e-mail addresses that we do NOT scan |
|
654 |
+ * TODO: add white list of source e-mail addresses that we do NOT scan |
|
655 | 655 |
* TODO: items in the list should be regular expressions |
656 | 656 |
*/ |
657 | 657 |
static const char *ignoredEmailAddresses[] = { |
... | ... |
@@ -1006,7 +1008,7 @@ main(int argc, char **argv) |
1006 | 1006 |
cli_dbgmsg("Running as user %s (UID %d, GID %d)\n", |
1007 | 1007 |
cpt->strarg, user->pw_uid, user->pw_gid); |
1008 | 1008 |
} else |
1009 |
- fprintf(stderr, "%s: running as root is not recommended\n", argv[0]); |
|
1009 |
+ fprintf(stderr, "%s: running as root is not recommended (check \"User\" in clamav.conf)\n", argv[0]); |
|
1010 | 1010 |
} |
1011 | 1011 |
if(advisory && quarantine) { |
1012 | 1012 |
fprintf(stderr, "%s: Advisory mode doesn't work with quarantine mode\n", argv[0]); |
... | ... |
@@ -1393,7 +1395,7 @@ pingServer(int serverNumber) |
1393 | 1393 |
* |
1394 | 1394 |
* TODO: When connecting to more than one server, give a warning |
1395 | 1395 |
* if they're running different versions, or if the virus DBs |
1396 |
- * are out of date |
|
1396 |
+ * are out of date (say more than a month old) |
|
1397 | 1397 |
*/ |
1398 | 1398 |
snprintf(clamav_version, sizeof(clamav_version), |
1399 | 1399 |
"%s, clamav-milter version %s", |
... | ... |
@@ -1696,10 +1698,7 @@ clamfi_envfrom(SMFICTX *ctx, char **argv) |
1696 | 1696 |
|
1697 | 1697 |
if(dont_wait) { |
1698 | 1698 |
pthread_mutex_unlock(&n_children_mutex); |
1699 |
- /* |
|
1700 |
- * TODO: use smfi_setreply to send a useful |
|
1701 |
- * message to the remote SMTP client |
|
1702 |
- */ |
|
1699 |
+ smfi_setreply(ctx, "451", "4.7.1", "AV system temporarily overloaded - please try later"); |
|
1703 | 1700 |
return SMFIS_TEMPFAIL; |
1704 | 1701 |
} |
1705 | 1702 |
/* |
... | ... |
@@ -2132,10 +2131,6 @@ clamfi_eom(SMFICTX *ctx) |
2132 | 2132 |
if(!nflag) |
2133 | 2133 |
smfi_addheader(ctx, "X-Virus-Status", "Clean"); |
2134 | 2134 |
|
2135 |
- /* |
|
2136 |
- * TODO: if privdata->from is NULL it's probably SPAM, and |
|
2137 |
- * me might consider bouncing it... |
|
2138 |
- */ |
|
2139 | 2135 |
if(use_syslog && logClean) |
2140 | 2136 |
/* Include the sendmail queue ID in the log */ |
2141 | 2137 |
syslog(LOG_NOTICE, "%s: clean message from %s", |
... | ... |
@@ -2237,7 +2232,8 @@ clamfi_eom(SMFICTX *ctx) |
2237 | 2237 |
* messages at once. It'll still be scanned, but |
2238 | 2238 |
* not at the same time as the incoming message |
2239 | 2239 |
* |
2240 |
- * FIXME: there is a race condition here. If the |
|
2240 |
+ * FIXME: there is a race condition here when sendmail |
|
2241 |
+ * and clamav-milter run on the same machine. If the |
|
2241 | 2242 |
* system is very overloaded this sendmail can |
2242 | 2243 |
* take a long time to start - and may even fail |
2243 | 2244 |
* is the LA is > REFUSE_LA. In all the time we're |
... | ... |
@@ -2254,10 +2250,6 @@ clamfi_eom(SMFICTX *ctx) |
2254 | 2254 |
sendmail = popen(cmd, "w"); |
2255 | 2255 |
|
2256 | 2256 |
if(sendmail) { |
2257 |
- /* |
|
2258 |
- * TODO: Make this e-mail message customisable |
|
2259 |
- * perhaps by means of a template |
|
2260 |
- */ |
|
2261 | 2257 |
fprintf(sendmail, "From: %s\n", from); |
2262 | 2258 |
if(bflag) { |
2263 | 2259 |
/* |
... | ... |
@@ -2815,6 +2807,8 @@ static int |
2815 | 2815 |
connect2clamd(struct privdata *privdata) |
2816 | 2816 |
{ |
2817 | 2817 |
char **to; |
2818 |
+ char *msg; |
|
2819 |
+ int length; |
|
2818 | 2820 |
|
2819 | 2821 |
assert(privdata != NULL); |
2820 | 2822 |
assert(privdata->dataSocket == -1); |
... | ... |
@@ -3014,17 +3008,39 @@ connect2clamd(struct privdata *privdata) |
3014 | 3014 |
} |
3015 | 3015 |
|
3016 | 3016 |
/* |
3017 |
- * TODO: |
|
3018 |
- * Put from and to data into a buffer and call clamfi_send once |
|
3019 |
- * to save bandwidth when using TCP/IP to connect with a remote clamd |
|
3017 |
+ * Combine the To and From into one clamfi_send to save bandwidth |
|
3018 |
+ * when sending using TCP/IP to connect to a remote clamd, by band |
|
3019 |
+ * width here I mean number of packets |
|
3020 | 3020 |
*/ |
3021 |
- clamfi_send(privdata, 0, |
|
3022 |
- "Received: by clamav-milter\nFrom: %s\n", |
|
3023 |
- privdata->from); |
|
3024 |
- |
|
3021 |
+ length = strlen(privdata->from) + 34; |
|
3025 | 3022 |
for(to = privdata->to; *to; to++) |
3026 |
- if(clamfi_send(privdata, 0, "To: %s\n", *to) <= 0) |
|
3023 |
+ length += strlen(*to) + 4; |
|
3024 |
+ |
|
3025 |
+ msg = cli_malloc(length + 1); |
|
3026 |
+ |
|
3027 |
+ if(msg) { |
|
3028 |
+ sprintf(msg, "Received: by clamav-milter\nFrom: %s\n", |
|
3029 |
+ privdata->from); |
|
3030 |
+ |
|
3031 |
+ for(to = privdata->to; *to; to++) { |
|
3032 |
+ char *eom = strchr(msg, '\0'); |
|
3033 |
+ |
|
3034 |
+ sprintf(eom, "To: %s\n", *to); |
|
3035 |
+ } |
|
3036 |
+ if(clamfi_send(privdata, length, msg) != length) { |
|
3037 |
+ free(msg); |
|
3027 | 3038 |
return 0; |
3039 |
+ } |
|
3040 |
+ free(msg); |
|
3041 |
+ } else { |
|
3042 |
+ clamfi_send(privdata, 0, |
|
3043 |
+ "Received: by clamav-milter\nFrom: %s\n", |
|
3044 |
+ privdata->from); |
|
3045 |
+ |
|
3046 |
+ for(to = privdata->to; *to; to++) |
|
3047 |
+ if(clamfi_send(privdata, 0, "To: %s\n", *to) <= 0) |
|
3048 |
+ return 0; |
|
3049 |
+ } |
|
3028 | 3050 |
|
3029 | 3051 |
cli_dbgmsg("connect2clamd OK\n"); |
3030 | 3052 |
|
... | ... |
@@ -3162,13 +3178,11 @@ sendtemplate(SMFICTX *ctx, const char *filename, FILE *sendmail, const char *vir |
3162 | 3162 |
|
3163 | 3163 |
/* |
3164 | 3164 |
* Keep the infected file in quarantine, return success (0) or failure |
3165 |
- * |
|
3166 |
- * FIXME: handle '/' etc. in virus name, see blobSetFilename |
|
3167 | 3165 |
*/ |
3168 | 3166 |
static int |
3169 | 3167 |
qfile(struct privdata *privdata, const char *virusname) |
3170 | 3168 |
{ |
3171 |
- char *newname; |
|
3169 |
+ char *newname, *ptr; |
|
3172 | 3170 |
|
3173 | 3171 |
assert(privdata != NULL); |
3174 | 3172 |
|
... | ... |
@@ -3181,6 +3195,22 @@ qfile(struct privdata *privdata, const char *virusname) |
3181 | 3181 |
return -1; |
3182 | 3182 |
|
3183 | 3183 |
sprintf(newname, "%s.%s", privdata->filename, virusname); |
3184 |
+ |
|
3185 |
+ /* |
|
3186 |
+ * Strip out funnies that may be in the name of the virus, such as '/' |
|
3187 |
+ * that would cause the quarantine to fail to save since the name |
|
3188 |
+ * of the virus is included in the filename |
|
3189 |
+ */ |
|
3190 |
+ for(ptr = newname; *ptr; ptr++) { |
|
3191 |
+#if defined(MSDOS) || defined(C_CYGWIN) || defined(WIN32) |
|
3192 |
+ if(strchr("/*?<>|\"+=,;: ", *ptr)) |
|
3193 |
+#elif defined(C_DARWIN) |
|
3194 |
+ if((*ptr == '/') || (*ptr >= '\200')) |
|
3195 |
+#else |
|
3196 |
+ if(*ptr == '/') |
|
3197 |
+#endif |
|
3198 |
+ *ptr = '_'; |
|
3199 |
+ } |
|
3184 | 3200 |
if(link(privdata->filename, newname) < 0) { |
3185 | 3201 |
perror(newname); |
3186 | 3202 |
if(use_syslog) |