Browse code
clamdscan: respect ExcludePath in --fdpass mode (bb#1923)
Tomasz Kojm authored on 2010/05/08 04:14:34Showing 5 changed files
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Fri May 7 21:12:35 CEST 2010 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * clamdscan: respect ExcludePath in --fdpass mode (bb#1923) |
|
| 4 |
+ |
|
| 1 | 5 |
Fri Apr 9 17:01:07 EEST 2010 (edwin) |
| 2 | 6 |
------------------------------------- |
| 3 | 7 |
* libclamav/c++/llvm/test: Fix make check failure on x86-32 (bb #1942) |
| ... | ... |
@@ -44,6 +44,7 @@ |
| 44 | 44 |
void help(void); |
| 45 | 45 |
|
| 46 | 46 |
extern int printinfected; |
| 47 |
+struct optstruct *clamdopts = NULL; |
|
| 47 | 48 |
|
| 48 | 49 |
static void print_server_version(const struct optstruct *opt) |
| 49 | 50 |
{
|
| ... | ... |
@@ -69,6 +70,11 @@ int main(int argc, char **argv) |
| 69 | 69 |
return 2; |
| 70 | 70 |
} |
| 71 | 71 |
|
| 72 |
+ if((clamdopts = optparse(optget(opts, "config-file")->strarg, 0, NULL, 1, OPT_CLAMD, 0, NULL)) == NULL) {
|
|
| 73 |
+ logg("!Can't parse clamd configuration file %s\n", optget(opts, "config-file")->strarg);
|
|
| 74 |
+ return 2; |
|
| 75 |
+ } |
|
| 76 |
+ |
|
| 72 | 77 |
if(optget(opts, "verbose")->enabled) {
|
| 73 | 78 |
mprintf_verbose = 1; |
| 74 | 79 |
logg_verbose = 1; |
| ... | ... |
@@ -83,11 +89,13 @@ int main(int argc, char **argv) |
| 83 | 83 |
if(optget(opts, "version")->enabled) {
|
| 84 | 84 |
print_server_version(opts); |
| 85 | 85 |
optfree(opts); |
| 86 |
+ optfree(clamdopts); |
|
| 86 | 87 |
exit(0); |
| 87 | 88 |
} |
| 88 | 89 |
|
| 89 | 90 |
if(optget(opts, "help")->enabled) {
|
| 90 | 91 |
optfree(opts); |
| 92 |
+ optfree(clamdopts); |
|
| 91 | 93 |
help(); |
| 92 | 94 |
} |
| 93 | 95 |
|
| ... | ... |
@@ -101,6 +109,7 @@ int main(int argc, char **argv) |
| 101 | 101 |
if(logg("--------------------------------------\n")) {
|
| 102 | 102 |
mprintf("!Problem with internal logger.\n");
|
| 103 | 103 |
optfree(opts); |
| 104 |
+ optfree(clamdopts); |
|
| 104 | 105 |
exit(2); |
| 105 | 106 |
} |
| 106 | 107 |
} else |
| ... | ... |
@@ -110,12 +119,14 @@ int main(int argc, char **argv) |
| 110 | 110 |
if(optget(opts, "reload")->enabled) {
|
| 111 | 111 |
ret = reload_clamd_database(opts); |
| 112 | 112 |
optfree(opts); |
| 113 |
+ optfree(clamdopts); |
|
| 113 | 114 |
logg_close(); |
| 114 | 115 |
exit(ret); |
| 115 | 116 |
} |
| 116 | 117 |
|
| 117 | 118 |
if(actsetup(opts)) {
|
| 118 | 119 |
optfree(opts); |
| 120 |
+ optfree(clamdopts); |
|
| 119 | 121 |
logg_close(); |
| 120 | 122 |
exit(2); |
| 121 | 123 |
} |
| ... | ... |
@@ -134,6 +145,7 @@ int main(int argc, char **argv) |
| 134 | 134 |
gettimeofday(&t1, NULL); |
| 135 | 135 |
|
| 136 | 136 |
ret = client(opts, &infected, &err); |
| 137 |
+ optfree(clamdopts); |
|
| 137 | 138 |
|
| 138 | 139 |
/* TODO: Implement STATUS in clamd */ |
| 139 | 140 |
if(!optget(opts, "no-summary")->enabled) {
|
| ... | ... |
@@ -73,21 +73,16 @@ unsigned long int maxstream; |
| 73 | 73 |
static struct sockaddr_un nixsock; |
| 74 | 74 |
#endif |
| 75 | 75 |
static struct sockaddr_in tcpsock; |
| 76 |
- |
|
| 76 |
+extern struct optstruct *clamdopts; |
|
| 77 | 77 |
|
| 78 | 78 |
/* Inits the communication layer |
| 79 | 79 |
* Returns 0 if clamd is local, non zero if clamd is remote */ |
| 80 | 80 |
static int isremote(const struct optstruct *opts) {
|
| 81 | 81 |
int s, ret; |
| 82 | 82 |
const struct optstruct *opt; |
| 83 |
- struct optstruct *clamdopts; |
|
| 84 | 83 |
const char *clamd_conf = optget(opts, "config-file")->strarg; |
| 85 | 84 |
static struct sockaddr_in testsock; |
| 86 | 85 |
|
| 87 |
- if((clamdopts = optparse(clamd_conf, 0, NULL, 1, OPT_CLAMD, 0, NULL)) == NULL) {
|
|
| 88 |
- logg("!Can't parse clamd configuration file %s\n", clamd_conf);
|
|
| 89 |
- return 0; |
|
| 90 |
- } |
|
| 91 | 86 |
#ifndef _WIN32 |
| 92 | 87 |
if((opt = optget(clamdopts, "LocalSocket"))->enabled) {
|
| 93 | 88 |
memset((void *)&nixsock, 0, sizeof(nixsock)); |
| ... | ... |
@@ -96,24 +91,20 @@ static int isremote(const struct optstruct *opts) {
|
| 96 | 96 |
nixsock.sun_path[sizeof(nixsock.sun_path)-1]='\0'; |
| 97 | 97 |
mainsa = (struct sockaddr *)&nixsock; |
| 98 | 98 |
mainsasz = sizeof(nixsock); |
| 99 |
- optfree(clamdopts); |
|
| 100 | 99 |
return 0; |
| 101 | 100 |
} |
| 102 | 101 |
#endif |
| 103 |
- if(!(opt = optget(clamdopts, "TCPSocket"))->enabled) {
|
|
| 104 |
- optfree(clamdopts); |
|
| 102 |
+ if(!(opt = optget(clamdopts, "TCPSocket"))->enabled) |
|
| 105 | 103 |
return 0; |
| 106 |
- } |
|
| 104 |
+ |
|
| 107 | 105 |
mainsa = (struct sockaddr *)&tcpsock; |
| 108 | 106 |
mainsasz = sizeof(tcpsock); |
| 109 | 107 |
|
| 110 | 108 |
if (cfg_tcpsock(clamdopts, &tcpsock, INADDR_LOOPBACK) == -1) {
|
| 111 | 109 |
logg("!Can't lookup clamd hostname: %s.\n", strerror(errno));
|
| 112 |
- optfree(clamdopts); |
|
| 113 | 110 |
mainsa = NULL; |
| 114 | 111 |
return 0; |
| 115 | 112 |
} |
| 116 |
- optfree(clamdopts); |
|
| 117 | 113 |
memcpy((void *)&testsock, (void *)&tcpsock, sizeof(testsock)); |
| 118 | 114 |
testsock.sin_port = htons(INADDR_ANY); |
| 119 | 115 |
if(!(s = socket(testsock.sin_family, SOCK_STREAM, 0))) return 0; |
| ... | ... |
@@ -226,16 +217,9 @@ int reload_clamd_database(const struct optstruct *opts) |
| 226 | 226 |
|
| 227 | 227 |
int client(const struct optstruct *opts, int *infected, int *err) |
| 228 | 228 |
{
|
| 229 |
- const char *clamd_conf = optget(opts, "config-file")->strarg; |
|
| 230 |
- struct optstruct *clamdopts; |
|
| 231 | 229 |
int remote, scantype, session = 0, errors = 0, scandash = 0, maxrec, flags = 0; |
| 232 | 230 |
const char *fname; |
| 233 | 231 |
|
| 234 |
- if((clamdopts = optparse(clamd_conf, 0, NULL, 1, OPT_CLAMD, 0, NULL)) == NULL) {
|
|
| 235 |
- logg("!Can't parse clamd configuration file %s\n", clamd_conf);
|
|
| 236 |
- return 2; |
|
| 237 |
- } |
|
| 238 |
- |
|
| 239 | 232 |
scandash = (opts->filename && opts->filename[0] && !strcmp(opts->filename[0], "-") && !optget(opts, "file-list")->enabled && !opts->filename[1]); |
| 240 | 233 |
remote = isremote(opts) | optget(opts, "stream")->enabled; |
| 241 | 234 |
#ifdef HAVE_FD_PASSING |
| ... | ... |
@@ -257,7 +241,6 @@ int client(const struct optstruct *opts, int *infected, int *err) |
| 257 | 257 |
if (optget(clamdopts, "FollowFileSymlinks")->enabled) |
| 258 | 258 |
flags |= CLI_FTW_FOLLOW_FILE_SYMLINK; |
| 259 | 259 |
flags |= CLI_FTW_TRIM_SLASHES; |
| 260 |
- optfree(clamdopts); |
|
| 261 | 260 |
|
| 262 | 261 |
if(!mainsa) {
|
| 263 | 262 |
logg("!Clamd is not configured properly.\n");
|
| ... | ... |
@@ -46,6 +46,7 @@ |
| 46 | 46 |
#include "libclamav/others.h" |
| 47 | 47 |
#include "shared/actions.h" |
| 48 | 48 |
#include "shared/output.h" |
| 49 |
+#include "shared/misc.h" |
|
| 49 | 50 |
|
| 50 | 51 |
#include "proto.h" |
| 51 | 52 |
#include "client.h" |
| ... | ... |
@@ -54,6 +55,7 @@ extern struct sockaddr *mainsa; |
| 54 | 54 |
extern int mainsasz; |
| 55 | 55 |
extern unsigned long int maxstream; |
| 56 | 56 |
int printinfected; |
| 57 |
+extern struct optstruct *clamdopts; |
|
| 57 | 58 |
|
| 58 | 59 |
static const char *scancmd[] = { "CONTSCAN", "MULTISCAN" };
|
| 59 | 60 |
|
| ... | ... |
@@ -244,6 +246,23 @@ static int send_fdpass(int sockd, const char *filename) {
|
| 244 | 244 |
} |
| 245 | 245 |
#endif |
| 246 | 246 |
|
| 247 |
+/* 0: scan, 1: skip */ |
|
| 248 |
+static int chkpath(const char *path) |
|
| 249 |
+{
|
|
| 250 |
+ const struct optstruct *opt; |
|
| 251 |
+ |
|
| 252 |
+ if((opt = optget(clamdopts, "ExcludePath"))->enabled) {
|
|
| 253 |
+ while(opt) {
|
|
| 254 |
+ if(match_regex(path, opt->strarg) == 1) {
|
|
| 255 |
+ logg("~%s: Excluded\n", path);
|
|
| 256 |
+ return 1; |
|
| 257 |
+ } |
|
| 258 |
+ opt = opt->nextarg; |
|
| 259 |
+ } |
|
| 260 |
+ } |
|
| 261 |
+ return 0; |
|
| 262 |
+} |
|
| 263 |
+ |
|
| 247 | 264 |
/* Sends a proper scan request to clamd and parses its replies |
| 248 | 265 |
* This is used only in non IDSESSION mode |
| 249 | 266 |
* Returns the number of infected files or -1 on error */ |
| ... | ... |
@@ -253,6 +272,8 @@ int dsresult(int sockd, int scantype, const char *filename, int *printok, int *e |
| 253 | 253 |
struct RCVLN rcv; |
| 254 | 254 |
struct stat sb; |
| 255 | 255 |
|
| 256 |
+ if(chkpath(filename)) |
|
| 257 |
+ return 0; |
|
| 256 | 258 |
recvlninit(&rcv, sockd); |
| 257 | 259 |
|
| 258 | 260 |
switch(scantype) {
|
| ... | ... |
@@ -501,6 +522,8 @@ static int parallel_callback(struct stat *sb, char *filename, const char *path, |
| 501 | 501 |
struct SCANID *cid; |
| 502 | 502 |
int res; |
| 503 | 503 |
|
| 504 |
+ if(chkpath(filename)) |
|
| 505 |
+ return 0; |
|
| 504 | 506 |
c->files++; |
| 505 | 507 |
switch(reason) {
|
| 506 | 508 |
case error_stat: |
| ... | ... |
@@ -286,7 +286,6 @@ int daemonize(void) |
| 286 | 286 |
#endif |
| 287 | 287 |
} |
| 288 | 288 |
|
| 289 |
-#ifndef CL_NOLIBCLAMAV |
|
| 290 | 289 |
int match_regex(const char *filename, const char *pattern) |
| 291 | 290 |
{
|
| 292 | 291 |
regex_t reg; |
| ... | ... |
@@ -310,7 +309,6 @@ int match_regex(const char *filename, const char *pattern) |
| 310 | 310 |
cli_regfree(®); |
| 311 | 311 |
return match; |
| 312 | 312 |
} |
| 313 |
-#endif |
|
| 314 | 313 |
|
| 315 | 314 |
int cfg_tcpsock(const struct optstruct *opts, struct sockaddr_in *tcpsock, in_addr_t defaultbind) |
| 316 | 315 |
{
|