@@ -1,3 +1,7 @@

+Fri Mar  2 19:48:36 CET 2012 (tk)

+---------------------------------

+ * clamd: add support for on-access scanning on OS X with ClamAuth (beta)

+

 Wed Feb 29 17:02:18 EET 2012 (edwin)

 ------------------------------------

  * libclamav/bytecode_api*: Fix Sparc crash (bb #4324)

@@ -12,6 +12,9 @@

 /* "build clamd" */

 #undef BUILD_CLAMD

+/* enable ClamAuth */

+#undef CLAMAUTH

+

 /* name of the clamav group */

 #undef CLAMAVGROUP

@@ -231,4 +231,142 @@ void *clamukoth(void *arg)

     return clamukofsth(arg);

 }

+#elif defined(CLAMAUTH)

+

+#include <stdio.h>

+#include <unistd.h>

+#include <sys/types.h>

+#include <sys/stat.h>

+#include <sys/uio.h>

+#include <fcntl.h>

+#include <signal.h>

+#include <pthread.h>

+#include <string.h>

+#include <errno.h>

+

+#include "libclamav/clamav.h"

+#include "libclamav/scanners.h"

+

+#include "shared/optparser.h"

+#include "shared/output.h"

+

+#include "server.h"

+#include "others.h"

+#include "scanner.h"

+

+#define SUPPORTED_PROTOCOL  2

+

+static int cauth_fd = -1;

+

+struct ClamAuthEvent {

+    unsigned int action;

+    char path[1024];

+    unsigned int pid;

+};

+

+static void cauth_exit(int sig)

+{

+    logg("*ClamAuth: cauth_exit(), signal %d\n", sig);

+    if(cauth_fd > 0)

+	close(cauth_fd);

+    pthread_exit(NULL);

+    logg("ClamAuth: stopped\n");

+}

+

+static int cauth_scanfile(const char *fname, int extinfo, struct thrarg *tharg)

+{

+	struct cb_context context;

+	const char *virname;

+	int ret = 0, fd;

+

+    context.filename = fname;

+    context.virsize = 0;

+

+    fd = open(fname, O_RDONLY);

+    if(fd == -1)

+	return -1;

+

+    if(cl_scandesc_callback(fd, &virname, NULL, tharg->engine, tharg->options, &context) == CL_VIRUS) {

+	if(context.virsize)

+	    detstats_add(virname, fname, context.virsize, context.virhash);

+	if(extinfo && context.virsize)

+	    logg("ClamAuth: %s: %s(%s:%llu) FOUND\n", fname, virname, context.virhash, context.virsize);

+	else

+	    logg("ClamAuth: %s: %s FOUND\n", fname, virname);

+	virusaction(fname, virname, tharg->opts);

+    }

+    close(fd);

+    return ret;

+}

+

+void *clamukoth(void *arg)

+{

+	struct thrarg *tharg = (struct thrarg *) arg;

+	sigset_t sigset;

+        struct sigaction act;

+	int eventcnt = 1, extinfo;

+	char err[128];

+	struct ClamAuthEvent event;

+

+    /* ignore all signals except SIGUSR1 */

+    sigfillset(&sigset);

+    sigdelset(&sigset, SIGUSR1);

+    /* The behavior of a process is undefined after it ignores a 

+     * SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */

+    sigdelset(&sigset, SIGFPE);

+    sigdelset(&sigset, SIGILL);

+    sigdelset(&sigset, SIGSEGV);

+#ifdef SIGBUS    

+    sigdelset(&sigset, SIGBUS);

+#endif

+    pthread_sigmask(SIG_SETMASK, &sigset, NULL);

+    memset(&act, 0, sizeof(struct sigaction));

+    act.sa_handler = cauth_exit;

+    sigfillset(&(act.sa_mask));

+    sigaction(SIGUSR1, &act, NULL);

+    sigaction(SIGSEGV, &act, NULL);

+

+    extinfo = optget(tharg->opts, "ExtendedDetectionInfo")->enabled;

+

+    cauth_fd = open("/dev/clamauth", O_RDONLY);

+    if(cauth_fd == -1) {

+	logg("!ClamAuth: Can't open /dev/clamauth\n");

+	if(errno == ENOENT)

+	    logg("!ClamAuth: Please make sure ClamAuth.kext is loaded\n");

+	else if(errno == EACCES)

+	    logg("!ClamAuth: This application requires root privileges\n");

+	else

+	    logg("!ClamAuth: /dev/clamauth: %s\n", cli_strerror(errno, err, sizeof(err)));

+

+	return NULL;

+    }

+

+    while(1) {

+	if(read(cauth_fd, &event, sizeof(event)) > 0) {

+	    if(eventcnt == 1) {

+		if(event.action != SUPPORTED_PROTOCOL) {

+		    logg("!ClamAuth: Protocol version mismatch (tool: %d, driver: %d)\n", SUPPORTED_PROTOCOL, event.action);

+		    close(cauth_fd);

+		    return NULL;

+		}

+		if(strncmp(event.path, "ClamAuth", 8)) {

+		    logg("!ClamAuth: Invalid version event\n");

+		    close(cauth_fd);

+		    return NULL;

+		}

+		logg("ClamAuth: Driver version: %s, protocol version: %d\n", &event.path[9], event.action);

+	    } else {

+		cauth_scanfile(event.path, extinfo, tharg);

+	    }

+	    eventcnt++;

+	} else {

+	    if(errno == ENODEV) {

+		printf("^ClamAuth: ClamAuth module deactivated, terminating\n");

+		close(cauth_fd);

+		return NULL;

+	    }

+	}

+	usleep(200);

+    }

+}

 #endif

@@ -709,7 +709,7 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

 	unsigned int selfchk;

 	threadpool_t *thr_pool;

-#ifdef CLAMUKO

+#if defined(CLAMUKO) || defined(CLAMAUTH)

 	pthread_t clamuko_pid;

 	pthread_attr_t clamuko_attr;

 	struct thrarg *tharg = NULL; /* shut up gcc */

@@ -1005,7 +1005,7 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

     acceptdata.max_queue = max_queue;

     if(optget(opts, "ClamukoScanOnAccess")->enabled)

-#ifdef CLAMUKO

+#if defined(CLAMUKO) || defined(CLAMAUTH)

     {

         do {

 	    if(pthread_attr_init(&clamuko_attr)) break;

@@ -1284,8 +1284,8 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

 	pthread_mutex_lock(&reload_mutex);

 	if(reload) {

 	    pthread_mutex_unlock(&reload_mutex);

-#ifdef CLAMUKO

-	    if(optget(opts, "ClamukoScanOnAccess")->enabled && tharg) {

+#if defined(CLAMUKO) || defined(CLAMAUTH)

+	    if((optget(opts, "ClamukoScanOnAccess")->enabled || optget(opts, "ClamAuth")->enabled) && tharg) {

 		logg("Stopping and restarting Clamuko.\n");

 		pthread_kill(clamuko_pid, SIGUSR1);

 		pthread_join(clamuko_pid, NULL);

@@ -1303,8 +1303,8 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

 	    reload = 0;

 	    time(&reloaded_time);

 	    pthread_mutex_unlock(&reload_mutex);

-#ifdef CLAMUKO

-	    if(optget(opts, "ClamukoScanOnAccess")->enabled && tharg) {

+#if defined(CLAMUKO) || defined(CLAMAUTH)

+	    if((optget(opts, "ClamukoScanOnAccess")->enabled || optget(opts, "ClamAuth")->enabled) && tharg) {

 		tharg->engine = engine;

 		pthread_create(&clamuko_pid, &clamuko_attr, clamukoth, tharg);

 	    }

@@ -1330,8 +1330,8 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

      */

     logg("*Waiting for all threads to finish\n");

     thrmgr_destroy(thr_pool);

-#ifdef CLAMUKO

-    if(optget(opts, "ClamukoScanOnAccess")->enabled) {

+#if defined(CLAMUKO) || defined(CLAMAUTH)

+    if(optget(opts, "ClamukoScanOnAccess")->enabled || optget(opts, "ClamAuth")->enabled) {

 	logg("Stopping Clamuko.\n");

 	pthread_kill(clamuko_pid, SIGUSR1);

 	pthread_join(clamuko_pid, NULL);

@@ -16941,6 +16941,9 @@ $as_echo "#define C_DARWIN 1" >>confdefs.h

 $as_echo "#define BIND_8_COMPAT 1" >>confdefs.h

+

+$as_echo "#define CLAMAUTH 1" >>confdefs.h

+

     use_netinfo="yes"

     ;;

 os2*)

@@ -1044,6 +1044,7 @@ darwin*)

     AC_DEFINE([C_BSD],1,[os is bsd flavor])

     AC_DEFINE([C_DARWIN],1,[os is darwin])

     AC_DEFINE([BIND_8_COMPAT],1,[enable bind8 compatibility])

+    AC_DEFINE([CLAMAUTH],1,[enable ClamAuth])

     use_netinfo="yes"

     ;;

 os2*)

@@ -325,6 +325,8 @@ const struct clam_option __clam_options[] = {

     { "MaxFiles", "max-files", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXFILES, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Number of files to be scanned within an archive, a document, or any other\ncontainer file.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage to the system.", "10000" },

+    { "ClamAuth", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables on-access scanning with ClamAuth on OS X (BETA).", "no" },

+

     { "ClamukoScanOnAccess", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables Clamuko. Dazuko needs to be already configured and\nrunning.", "no" },

     { "ClamukoScannerCount", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_CLAMD, "The number of scanner threads that will be started (DazukoFS only).\nHaving multiple scanner threads allows Clamuko to serve multiple\nprocesses simultaneously. This is particularly beneficial on SMP machines.", "3" },