git-svn: trunk@1120
Tomasz Kojm authored on 2004/11/26 02:42:30... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Thu Nov 25 18:38:06 CET 2004 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * clamd: new directives StreamMinPort and StreamMaxPort (allow port range |
|
4 |
+ specification for stream mode). Patch by Alexander Marx |
|
5 |
+ <mad-ml*madness.at>) |
|
6 |
+ |
|
1 | 7 |
Tue Nov 23 23:23:45 CET 2004 (tk) |
2 | 8 |
--------------------------------- |
3 | 9 |
* clamscan: --move: preserve original access and modification times |
... | ... |
@@ -264,9 +264,9 @@ int scan(const char *filename, unsigned long int *scanned, const struct cl_node |
264 | 264 |
int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, const struct cfgstruct *copt) |
265 | 265 |
{ |
266 | 266 |
int ret, portscan = CL_DEFAULT_MAXPORTSCAN, sockfd, port, acceptd; |
267 |
- int tmpd, bread, retval, timeout, btread; |
|
267 |
+ int tmpd, bread, retval, timeout, btread, min_port, max_port; |
|
268 | 268 |
long int size = 0, maxsize = 0; |
269 |
- short bound = 0; |
|
269 |
+ short bound = 0, rnd_port_first = 1; |
|
270 | 270 |
const char *virname; |
271 | 271 |
char buff[FILEBUFF]; |
272 | 272 |
struct sockaddr_in server; |
... | ... |
@@ -275,9 +275,35 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root |
275 | 275 |
FILE *tmp = NULL; |
276 | 276 |
|
277 | 277 |
|
278 |
+ /* get min port */ |
|
279 |
+ if((cpt = cfgopt(copt, "StreamMinPort"))) { |
|
280 |
+ if(cpt->numarg < 1024 || cpt->numarg > 65535) |
|
281 |
+ min_port = 1024; |
|
282 |
+ else |
|
283 |
+ min_port = cpt->numarg; |
|
284 |
+ } else |
|
285 |
+ min_port = 1024; |
|
286 |
+ |
|
287 |
+ /* get max port */ |
|
288 |
+ if((cpt = cfgopt(copt, "StreamMaxPort"))) { |
|
289 |
+ if(cpt->numarg < min_port || cpt->numarg > 65535) |
|
290 |
+ max_port = 65535; |
|
291 |
+ else |
|
292 |
+ max_port = cpt->numarg; |
|
293 |
+ } else |
|
294 |
+ max_port = 65535; |
|
295 |
+ |
|
296 |
+ /* bind to a free port */ |
|
278 | 297 |
while(!bound && portscan--) { |
279 |
- if((port = cli_rndnum(60000)) < 1024) |
|
280 |
- port += 2139; |
|
298 |
+ if(rnd_port_first) { |
|
299 |
+ /* try a random port first */ |
|
300 |
+ port = min_port + cli_rndnum(max_port - min_port + 1); |
|
301 |
+ rnd_port_first = 0; |
|
302 |
+ } else { |
|
303 |
+ /* try the neighbor ports */ |
|
304 |
+ if(--port < min_port) |
|
305 |
+ port=max_port; |
|
306 |
+ } |
|
281 | 307 |
|
282 | 308 |
memset((char *) &server, 0, sizeof(server)); |
283 | 309 |
server.sin_family = AF_INET; |
... | ... |
@@ -303,7 +329,6 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root |
303 | 303 |
close(sockfd); |
304 | 304 |
else |
305 | 305 |
bound = 1; |
306 |
- |
|
307 | 306 |
} |
308 | 307 |
|
309 | 308 |
if((cpt = cfgopt(copt, "ReadTimeout"))) |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
.\" Manual page created by Tomasz Kojm, 20021001. |
2 |
-.TH "clamd.conf" "5" "September 27, 2004" "Tomasz Kojm" "Clam AntiVirus" |
|
2 |
+.TH "clamd.conf" "5" "November 25, 2004" "Tomasz Kojm" "Clam AntiVirus" |
|
3 | 3 |
.SH "NAME" |
4 | 4 |
.LP |
5 | 5 |
\fBclamd.conf\fR \- Configuration file for Clam AntiVirus Daemon |
... | ... |
@@ -160,10 +160,20 @@ Default: disabled |
160 | 160 |
Enable debug messages from libclamav. |
161 | 161 |
.TP |
162 | 162 |
\fBStreamMaxLength SIZE\fR |
163 |
-Close the connection when this limit is exceeded. |
|
163 |
+Clamd uses FTP\-like protocol to receive data from remote clients. If you are using clamav\-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the maximal limit for data transfered to remote daemon when scanning a single file. |
|
164 | 164 |
.br |
165 | 165 |
Default: 10M |
166 | 166 |
.TP |
167 |
+\fBStreamMinPort NUMBER\fR |
|
168 |
+Limit data port range. |
|
169 |
+.br |
|
170 |
+Default: 1024 |
|
171 |
+.TP |
|
172 |
+\fBStreamMaxPort NUMBER\fR |
|
173 |
+Limit data port range. |
|
174 |
+.br |
|
175 |
+Default: 65535 |
|
176 |
+.TP |
|
167 | 177 |
\fBDisableDefaultScanOptions\fR |
168 | 178 |
By default clamd uses scan options recommended by libclamav. This option disables recommended options and allows you to enable selected options. DO NOT ENABLE IT unless you know what you are doing. |
169 | 179 |
.br |
... | ... |
@@ -90,10 +90,20 @@ FixStaleSocket |
90 | 90 |
# Default: 15 |
91 | 91 |
#MaxConnectionQueueLength 30 |
92 | 92 |
|
93 |
-# Close the connection if this limit is exceeded. |
|
93 |
+# Clamd uses FTP-like protocol to receive data from remote clients. |
|
94 |
+# If you are using clamav-milter to balance load between remote clamd daemons |
|
95 |
+# on firewall servers you may need to tune the options below. |
|
96 |
+ |
|
97 |
+# Close the connection when the data size limit is exceeded. |
|
94 | 98 |
# Default: 10M |
95 | 99 |
#StreamMaxLength 20M |
96 | 100 |
|
101 |
+# Limit port range. |
|
102 |
+# Default: 1024 |
|
103 |
+#StreamMinPort 30000 |
|
104 |
+# Default: 65535 |
|
105 |
+#StreamMaxPort 32000 |
|
106 |
+ |
|
97 | 107 |
# Maximal number of threads running at the same time. |
98 | 108 |
# Default: 10 |
99 | 109 |
#MaxThreads 20 |
... | ... |
@@ -84,6 +84,8 @@ struct cfgstruct *parsecfg(const char *cfgfile, int messages) |
84 | 84 |
{"LocalSocket", OPT_STR}, |
85 | 85 |
{"MaxConnectionQueueLength", OPT_NUM}, |
86 | 86 |
{"StreamMaxLength", OPT_COMPSIZE}, |
87 |
+ {"StreamMinPort", OPT_NUM}, |
|
88 |
+ {"StreamMaxPort", OPT_NUM}, |
|
87 | 89 |
{"MaxThreads", OPT_NUM}, |
88 | 90 |
{"ReadTimeout", OPT_NUM}, |
89 | 91 |
{"IdleTimeout", OPT_NUM}, |