Browse code

config

git-svn-id: file:///var/lib/svn/clamav-devel/branches/newlimits@3592 77e5149b-7576-45b1-b177-96237e5ba77b

aCaB authored on 2008/02/07 11:00:21
Showing 6 changed files
... ...
@@ -309,27 +309,36 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne
309 309
     logg("*Listening daemon: PID: %u\n", (unsigned int) mainpid);
310 310
     max_threads = cfgopt(copt, "MaxThreads")->numarg;
311 311
 
312
-    if(cfgopt(copt, "ScanArchive")->enabled) {
312
+    if(cfgopt(copt, "ScanArchive")->enabled) { /* FIXMELIMITS: unparsed if archives disabled! */
313 313
 
314 314
 	/* set up limits */
315 315
 	memset(&limits, 0, sizeof(struct cl_limits));
316 316
 
317
-	if((limits.maxfilesize = cfgopt(copt, "ArchiveMaxFileSize")->numarg)) {
318
-	    logg("Archive: Archived file size limit set to %lu bytes.\n", limits.maxfilesize);
317
+	logg("Archive support enabled.\n");
318
+	options |= CL_SCAN_ARCHIVE;
319
+
320
+	if((limits.maxfilesize = cfgopt(copt, "MaxScanSize")->numarg)) {
321
+	    logg("Limits: Global size limit set to %lu bytes.\n", limits.maxscansize);
322
+	} else {
323
+	    logg("^Limits: Global size limit protection disabled.\n");
324
+	}
325
+
326
+	if((limits.maxfilesize = cfgopt(copt, "MaxFileSize")->numarg)) {
327
+	    logg("Limits: File size limit set to %lu bytes.\n", limits.maxfilesize);
319 328
 	} else {
320
-	    logg("^Archive: File size limit protection disabled.\n");
329
+	    logg("^Limits: File size limit protection disabled.\n");
321 330
 	}
322 331
 
323
-	if((limits.maxreclevel = cfgopt(copt, "ArchiveMaxRecursion")->numarg)) {
324
-	    logg("Archive: Recursion level limit set to %u.\n", limits.maxreclevel);
332
+	if((limits.maxreclevel = cfgopt(copt, "MaxRecursion")->numarg)) {
333
+	    logg("Limits: Recursion level limit set to %u.\n", limits.maxreclevel);
325 334
 	} else {
326
-	    logg("^Archive: Recursion level limit protection disabled.\n");
335
+	    logg("^Limits: Recursion level limit protection disabled.\n");
327 336
 	}
328 337
 
329
-	if((limits.maxfiles = cfgopt(copt, "ArchiveMaxFiles")->numarg)) {
330
-	    logg("Archive: Files limit set to %u.\n", limits.maxfiles);
338
+	if((limits.maxfiles = cfgopt(copt, "MaxFiles")->numarg)) {
339
+	    logg("Limits: Files limit set to %u.\n", limits.maxfiles);
331 340
 	} else {
332
-	    logg("^Archive: Files limit protection disabled.\n");
341
+	    logg("^Limits: Files limit protection disabled.\n");
333 342
 	}
334 343
 
335 344
 	if(cfgopt(copt, "ArchiveLimitMemoryUsage")->enabled) {
... ...
@@ -338,22 +347,12 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne
338 338
 	} else {
339 339
 	    limits.archivememlim = 0;
340 340
 	}
341
-    }
342
-
343
-    if(cfgopt(copt, "ScanArchive")->enabled) {
344
-	logg("Archive support enabled.\n");
345
-	options |= CL_SCAN_ARCHIVE;
346 341
 
347 342
 	if(cfgopt(copt, "ArchiveBlockEncrypted")->enabled) {
348 343
 	    logg("Archive: Blocking encrypted archives.\n");
349 344
 	    options |= CL_SCAN_BLOCKENCRYPTED;
350 345
 	}
351 346
 
352
-	if(cfgopt(copt, "ArchiveBlockMax")->enabled) {
353
-	    logg("Archive: Blocking archives that exceed limits.\n");
354
-	    options |= CL_SCAN_BLOCKMAX;
355
-	}
356
-
357 347
     } else {
358 348
 	logg("Archive support disabled.\n");
359 349
     }
... ...
@@ -144,11 +144,22 @@ int main(int argc, char **argv)
144 144
 
145 145
     /* validate some numerical options */
146 146
 
147
-    if(opt_check(opt, "max-space")) {
148
-	pt = opt_arg(opt, "max-space");
147
+    if(opt_check(opt, "max-scansize")) {
148
+	pt = opt_arg(opt, "max-scansize");
149 149
 	if(!strchr(pt, 'M') && !strchr(pt, 'm')) {
150 150
 	    if(!isnumb(pt)) {
151
-		logg("!--max-space requires a natural number\n");
151
+		logg("!--max-scansize requires a natural number\n");
152
+		opt_free(opt);
153
+		return 40;
154
+	    }
155
+	}
156
+    }
157
+
158
+    if(opt_check(opt, "max-filesize")) {
159
+	pt = opt_arg(opt, "max-filesize");
160
+	if(!strchr(pt, 'M') && !strchr(pt, 'm')) {
161
+	    if(!isnumb(pt)) {
162
+		logg("!--max-filesize requires a natural number\n");
152 163
 		opt_free(opt);
153 164
 		return 40;
154 165
 	    }
... ...
@@ -311,14 +322,11 @@ void help(void)
311 311
     mprintf("    --block-max                          Block archives that exceed limits\n");
312 312
     mprintf("    --mail-follow-urls                   Download and scan URLs\n");
313 313
     mprintf("\n");
314
-    mprintf("    --max-space=#n                       Only extract first #n kilobytes from\n");
315
-    mprintf("                                         archived files\n");
316
-    mprintf("    --max-files=#n                       Only extract first #n files from\n");
317
-    mprintf("                                         archives\n");
318
-    mprintf("    --max-ratio=#n                       Maximum compression ratio limit\n");
314
+    mprintf("    --max-scansize=#n                    FIXMELIMITS\n");
315
+    mprintf("    --max-filesize=#n                    FIXMELIMITS\n");
316
+    mprintf("    --max-files=#n                       FIXMELIMITS\n");
319 317
     mprintf("    --max-recursion=#n                   Maximum archive recursion level\n");
320 318
     mprintf("    --max-dir-recursion=#n               Maximum directory recursion level\n");
321
-    mprintf("    --max-mail-recursion=#n              Maximum mail recursion level\n");
322 319
     mprintf("    --unzip[=FULLPATH]                   Enable support for .zip files\n");
323 320
     mprintf("    --unrar[=FULLPATH]                   Enable support for .rar files\n");
324 321
     mprintf("    --arj[=FULLPATH]                     Enable support for .arj files\n");
... ...
@@ -54,7 +54,8 @@ static struct option clamscan_longopt[] = {
54 54
     {"include", 1, 0, 0},
55 55
     {"include-dir", 1, 0, 0},
56 56
     {"max-files", 1, 0, 0},
57
-    {"max-space", 1, 0, 0},
57
+    {"max-filesize", 1, 0, 0},
58
+    {"max-scansize", 1, 0, 0},
58 59
     {"max-recursion", 1, 0, 0},
59 60
     {"max-dir-recursion", 1, 0, 0},
60 61
     {"detect-pua", 0, 0, 0},
... ...
@@ -220,9 +220,22 @@ int scanmanager(const struct optstruct *opt)
220 220
     /* set limits */
221 221
     memset(&limits, 0, sizeof(struct cl_limits));
222 222
 
223
-    if(opt_check(opt, "max-space")) {
223
+    if(opt_check(opt, "max-scansize")) {
224 224
 	char *cpy, *ptr;
225
-	ptr = opt_arg(opt, "max-space");
225
+	ptr = opt_arg(opt, "max-scansize");
226
+	if(tolower(ptr[strlen(ptr) - 1]) == 'm') {
227
+	    cpy = calloc(strlen(ptr), 1);
228
+	    strncpy(cpy, ptr, strlen(ptr) - 1);
229
+	    limits.maxfilesize = atoi(cpy) * 1024 * 1024;
230
+	    free(cpy);
231
+	} else
232
+	    limits.maxscansize = atoi(ptr) * 1024;
233
+    } else
234
+	limits.maxscansize = 104857600;  /* FIXMELIMITS */
235
+
236
+    if(opt_check(opt, "max-filesize")) {
237
+	char *cpy, *ptr;
238
+	ptr = opt_arg(opt, "max-filesize");
226 239
 	if(tolower(ptr[strlen(ptr) - 1]) == 'm') {
227 240
 	    cpy = calloc(strlen(ptr), 1);
228 241
 	    strncpy(cpy, ptr, strlen(ptr) - 1);
... ...
@@ -231,7 +244,7 @@ int scanmanager(const struct optstruct *opt)
231 231
 	} else
232 232
 	    limits.maxfilesize = atoi(ptr) * 1024;
233 233
     } else
234
-	limits.maxfilesize = 10485760;
234
+	limits.maxfilesize = 10485760;  /* FIXMELIMITS */
235 235
 
236 236
     if(opt_check(opt, "max-files"))
237 237
 	limits.maxfiles = atoi(opt_arg(opt, "max-files"));
... ...
@@ -412,9 +425,10 @@ static int clamav_unpack(const char *prog, const char **args, const char *tmpdir
412 412
     else
413 413
 	maxfiles = 0;
414 414
 
415
-    if(opt_check(opt, "max-space")) {
415
+    /* FIXMELIMITS */
416
+    if(opt_check(opt, "max-filesize")) {
416 417
 	    char *cpy, *ptr;
417
-	ptr = opt_arg(opt, "max-space");
418
+	ptr = opt_arg(opt, "max-filesize");
418 419
 	if(tolower(ptr[strlen(ptr) - 1]) == 'm') { /* megabytes */
419 420
 	    cpy = calloc(strlen(ptr), 1);
420 421
 	    strncpy(cpy, ptr, strlen(ptr) - 1);
... ...
@@ -224,10 +224,6 @@ LocalSocket /tmp/clamd.socket
224 224
 # Default: no
225 225
 #MailFollowURLs no
226 226
 
227
-# Recursion level limit for the mail scanner.
228
-# Default: 64
229
-#MailMaxRecursion 128
230
-
231 227
 # With this option enabled ClamAV will try to detect phishing attempts by using
232 228
 # signatures.
233 229
 # Default: yes
... ...
@@ -270,28 +266,27 @@ LocalSocket /tmp/clamd.socket
270 270
 # The options below protect your system against Denial of Service attacks
271 271
 # using archive bombs.
272 272
 
273
+# FIXMELIMITS
274
+# Value of 0 disables the limit.
275
+# Default: FIXMELIMITS
276
+#MaxScanSize 15M
277
+
273 278
 # Files in archives larger than this limit won't be scanned.
274 279
 # Value of 0 disables the limit.
275 280
 # Default: 10M
276
-#ArchiveMaxFileSize 15M
281
+#MaxFileSize 15M
277 282
 
278 283
 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
279 284
 # file, all files within it will also be scanned. This options specifies how
280 285
 # deeply the process should be continued.
281 286
 # Value of 0 disables the limit.
282 287
 # Default: 8
283
-#ArchiveMaxRecursion 10
288
+#MaxRecursion 10
284 289
 
285 290
 # Number of files to be scanned within an archive.
286 291
 # Value of 0 disables the limit.
287 292
 # Default: 1000
288
-#ArchiveMaxFiles 1500
289
-
290
-# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
291
-# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
292
-# Value of 0 disables the limit.
293
-# Default: 250
294
-#ArchiveMaxCompressionRatio 300
293
+#MaxFiles 1500
295 294
 
296 295
 # Use slower but memory efficient decompression algorithm.
297 296
 # only affects the bzip2 decompressor.
... ...
@@ -302,12 +297,6 @@ LocalSocket /tmp/clamd.socket
302 302
 # Default: no
303 303
 #ArchiveBlockEncrypted no
304 304
 
305
-# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
306
-# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
307
-# reached.
308
-# Default: no
309
-#ArchiveBlockMax no
310
-
311 305
 
312 306
 ##
313 307
 ## Clamuko settings
... ...
@@ -47,7 +47,6 @@ struct cfgoption cfg_options[] = {
47 47
     {"DetectBrokenExecutables", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
48 48
     {"ScanMail", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
49 49
     {"MailFollowURLs", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
50
-    {"MailMaxRecursion", OPT_NUM, 64, NULL, 0, OPT_CLAMD},
51 50
     {"PhishingSignatures", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
52 51
     {"PhishingScanURLs",OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
53 52
     /* these are FP prone options, if default isn't used */
... ...
@@ -61,13 +60,12 @@ struct cfgoption cfg_options[] = {
61 61
     {"ScanOLE2", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
62 62
     {"ScanPDF", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
63 63
     {"ScanArchive", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
64
-    {"ArchiveMaxFileSize", OPT_COMPSIZE, 10485760, NULL, 0, OPT_CLAMD},
65
-    {"ArchiveMaxRecursion", OPT_NUM, 8, NULL, 0, OPT_CLAMD},
66
-    {"ArchiveMaxFiles", OPT_NUM, 1000, NULL, 0, OPT_CLAMD},
67
-    {"ArchiveMaxCompressionRatio", OPT_NUM, 250, NULL, 0, OPT_CLAMD},
64
+    {"MaxScanSize", OPT_COMPSIZE, 104857600, NULL, 0, OPT_CLAMD}, /* FIXMELIMITS */
65
+    {"MaxFileSize", OPT_COMPSIZE, 10485760, NULL, 0, OPT_CLAMD},
66
+    {"MaxRecursion", OPT_NUM, 8, NULL, 0, OPT_CLAMD},
67
+    {"MaxFiles", OPT_NUM, 1000, NULL, 0, OPT_CLAMD},
68 68
     {"ArchiveLimitMemoryUsage", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
69 69
     {"ArchiveBlockEncrypted", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
70
-    {"ArchiveBlockMax", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
71 70
     {"DatabaseDirectory", OPT_QUOTESTR, -1, DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM},
72 71
     {"TCPAddr", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD},
73 72
     {"TCPSocket", OPT_NUM, -1, NULL, 0, OPT_CLAMD},