git-svn: trunk@2113
Nigel Horne authored on 2006/07/24 00:49:25... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Sun Jul 23 16:47:58 BST 2006 (njh) |
|
2 |
+--------------------------------- |
|
3 |
+ * clamav-milter: Report phishing code now fully enabled, added |
|
4 |
+ --report-phishing flag |
|
5 |
+ |
|
1 | 6 |
Sun Jul 23 10:23:34 BST 2006 (njh) |
2 | 7 |
---------------------------------- |
3 | 8 |
* clamav-milter: Internal mode wasn't correctly logging |
... | ... |
@@ -23,7 +23,7 @@ |
23 | 23 |
* |
24 | 24 |
* For installation instructions see the file INSTALL that came with this file |
25 | 25 |
*/ |
26 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.268 2006/07/23 09:37:51 njh Exp $"; |
|
26 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.269 2006/07/23 15:49:24 njh Exp $"; |
|
27 | 27 |
|
28 | 28 |
#define CM_VERSION "devel-230706" |
29 | 29 |
|
... | ... |
@@ -151,12 +151,6 @@ typedef unsigned int in_addr_t; |
151 | 151 |
#define VERSION_LENGTH 128 |
152 | 152 |
#define DEFAULT_TIMEOUT 120 |
153 | 153 |
|
154 |
-/* DO NOT ENABLE THIS, it is for my research only */ |
|
155 |
-/*#define REPORT_PHISHING "reportphishing@antiphishing.org"*/ |
|
156 |
-/*#define REPORT_PHISHING "reportphishing" /* use aliases to forward to |
|
157 |
- * antiphishing.org |
|
158 |
- */ |
|
159 |
- |
|
160 | 154 |
/*#define SESSION /* |
161 | 155 |
* Keep one command connection open to clamd, otherwise a new |
162 | 156 |
* command connection is created for each new email |
... | ... |
@@ -476,6 +470,7 @@ static pthread_cond_t watchdog_cond = PTHREAD_COND_INITIALIZER; |
476 | 476 |
static const char *postmaster = "postmaster"; |
477 | 477 |
static const char *from = "MAILER-DAEMON"; |
478 | 478 |
static int quitting; |
479 |
+static const char *report; |
|
479 | 480 |
|
480 | 481 |
static const char *whitelistFile; /* |
481 | 482 |
* file containing destination email |
... | ... |
@@ -562,7 +557,8 @@ help(void) |
562 | 562 |
puts(_("\t--postmaster\t\t-p EMAIL\tPostmaster address [default=postmaster].")); |
563 | 563 |
puts(_("\t--postmaster-only\t-P\tSend warnings only to the postmaster.")); |
564 | 564 |
puts(_("\t--quiet\t\t\t-q\tDon't send e-mail notifications of interceptions.")); |
565 |
- puts(_("\t--quarantine=USER\t-Q EMAIL\tQuanrantine e-mail account.")); |
|
565 |
+ puts(_("\t--quarantine=USER\t-Q EMAIL\tQuarantine e-mail account.")); |
|
566 |
+ puts(_("\t--report-phish=EMAIL\t-r EMAIL\tReport phish to this email address.")); |
|
566 | 567 |
puts(_("\t--quarantine-dir=DIR\t-U DIR\tDirectory to store infected emails.")); |
567 | 568 |
puts(_("\t--server=SERVER\t\t-s SERVER\tHostname/IP address of server(s) running clamd (when using TCPsocket).")); |
568 | 569 |
puts(_("\t--sendmail-cf=FILE\t\tLocation of the sendmail.cf file to verify")); |
... | ... |
@@ -645,9 +641,9 @@ main(int argc, char **argv) |
645 | 645 |
struct cidr_net *net; |
646 | 646 |
struct in_addr ignoreIP; |
647 | 647 |
#ifdef CL_DEBUG |
648 |
- const char *args = "a:AbB:c:dDefF:I:k:lLm:M:nNop:PqQ:hHs:St:T:U:VwW:x:0:1:2"; |
|
648 |
+ const char *args = "a:AbB:c:dDefF:I:k:lLm:M:nNop:PqQ:r:hHs:St:T:U:VwW:x:0:1:2"; |
|
649 | 649 |
#else |
650 |
- const char *args = "a:AbB:c:dDefF:I:k:lLm:M:nNop:PqQ:hHs:St:T:U:VwW:0:1:2"; |
|
650 |
+ const char *args = "a:AbB:c:dDefF:I:k:lLm:M:nNop:PqQ:r:hHs:St:T:U:VwW:0:1:2"; |
|
651 | 651 |
#endif |
652 | 652 |
|
653 | 653 |
static struct option long_options[] = { |
... | ... |
@@ -724,6 +720,9 @@ main(int argc, char **argv) |
724 | 724 |
"quarantine", 1, NULL, 'Q', |
725 | 725 |
}, |
726 | 726 |
{ |
727 |
+ "report-phishing", 1, NULL, 'r' |
|
728 |
+ }, |
|
729 |
+ { |
|
727 | 730 |
"quarantine-dir", 1, NULL, 'U', |
728 | 731 |
}, |
729 | 732 |
{ |
... | ... |
@@ -884,6 +883,10 @@ main(int argc, char **argv) |
884 | 884 |
quarantine = optarg; |
885 | 885 |
smfilter.xxfi_flags |= SMFIF_CHGHDRS|SMFIF_ADDRCPT|SMFIF_DELRCPT; |
886 | 886 |
break; |
887 |
+ case 'r': /* report phishing here */ |
|
888 |
+ /* e.g. reportphishing@antiphishing.org */ |
|
889 |
+ report = optarg; |
|
890 |
+ break; |
|
887 | 891 |
case 's': /* server running clamd */ |
888 | 892 |
server++; |
889 | 893 |
serverHostNames = optarg; |
... | ... |
@@ -3406,25 +3409,22 @@ clamfi_eom(SMFICTX *ctx) |
3406 | 3406 |
privdata->filename = NULL; |
3407 | 3407 |
} |
3408 | 3408 |
|
3409 |
-#ifdef REPORT_PHISHING |
|
3410 |
- if((quarantine == NULL) && (!advisory) && |
|
3409 |
+ if(report && (quarantine == NULL) && (!advisory) && |
|
3411 | 3410 |
(strstr(virusname, "Phishing") != NULL)) { |
3412 | 3411 |
for(to = privdata->to; *to; to++) { |
3413 | 3412 |
smfi_delrcpt(ctx, *to); |
3414 | 3413 |
smfi_addheader(ctx, "X-Original-To", *to); |
3415 | 3414 |
} |
3416 |
- if(smfi_addrcpt(ctx, REPORT_PHISHING) == MI_FAILURE) { |
|
3415 |
+ if(smfi_addrcpt(ctx, report) == MI_FAILURE) { |
|
3417 | 3416 |
/* It's a remote site */ |
3418 | 3417 |
if(privdata->filename) { |
3419 | 3418 |
char cmd[128]; |
3420 | 3419 |
|
3421 | 3420 |
snprintf(cmd, sizeof(cmd), "mail -s %s %s < %s", |
3422 |
- virusname, REPORT_PHISHING, |
|
3421 |
+ virusname, report, |
|
3423 | 3422 |
privdata->filename); |
3424 | 3423 |
if(system(cmd) == 0) |
3425 |
- if(use_syslog) |
|
3426 |
- syslog(LOG_INFO, _("Reported phishing to %s"), REPORT_PHISHING); |
|
3427 |
- |
|
3424 |
+ logg(_("#Reported phishing to %s"), report); |
|
3428 | 3425 |
} else { |
3429 | 3426 |
logg(_("^Can't set anti-phish header\n")); |
3430 | 3427 |
rc = (privdata->discard) ? SMFIS_DISCARD : SMFIS_REJECT; |
... | ... |
@@ -3432,12 +3432,9 @@ clamfi_eom(SMFICTX *ctx) |
3432 | 3432 |
} else { |
3433 | 3433 |
setsubject(ctx, "Phishing attempt trapped by ClamAV and redirected"); |
3434 | 3434 |
|
3435 |
- logg("Redirected phish to %s\n", REPORT_PHISHING); |
|
3435 |
+ logg("Redirected phish to %s\n", report); |
|
3436 | 3436 |
} |
3437 |
- } else |
|
3438 |
-#endif |
|
3439 |
- |
|
3440 |
- if(quarantine) { |
|
3437 |
+ } else if(quarantine) { |
|
3441 | 3438 |
for(to = privdata->to; *to; to++) { |
3442 | 3439 |
smfi_delrcpt(ctx, *to); |
3443 | 3440 |
smfi_addheader(ctx, "X-Original-To", *to); |
... | ... |
@@ -3450,13 +3447,10 @@ clamfi_eom(SMFICTX *ctx) |
3450 | 3450 |
logg(_("^Can't set quarantine user %s"), quarantine); |
3451 | 3451 |
rc = (privdata->discard) ? SMFIS_DISCARD : SMFIS_REJECT; |
3452 | 3452 |
} else { |
3453 |
-#ifdef REPORT_PHISHING |
|
3454 |
- if(strstr(virusname, "Phishing") != NULL) { |
|
3455 |
- (void)smfi_addrcpt(ctx, REPORT_PHISHING); |
|
3456 |
- setsubject(ctx, "Blocked Phishing Attempt"); |
|
3457 |
- } else |
|
3458 |
-#endif |
|
3459 |
- setsubject(ctx, virusname); |
|
3453 |
+ if(report && |
|
3454 |
+ strstr(virusname, "Phishing") != NULL) |
|
3455 |
+ (void)smfi_addrcpt(ctx, report); |
|
3456 |
+ setsubject(ctx, virusname); |
|
3460 | 3457 |
|
3461 | 3458 |
logg("Redirected virus to %s", quarantine); |
3462 | 3459 |
} |
... | ... |
@@ -172,6 +172,10 @@ the way to turn off notification to the postmaster. |
172 | 172 |
If this e-mail address is given, messages containing a virus or worm are |
173 | 173 |
redirected to it. |
174 | 174 |
.TP |
175 |
+\fB-r, \-\-report-phish=EMAILADDRESS\fR |
|
176 |
+Report caught phishing to an anti-phish organisation's email address, |
|
177 |
+e.g. reportphishing@antiphishing.org. |
|
178 |
+.TP |
|
175 | 179 |
\fB-U, \-\-quarantine-dir=DIR\fR |
176 | 180 |
If this option is given, infected files are left in this directory. |
177 | 181 |
The directory must not be publicly readable or writable, if it is, |