@@ -1,3 +1,7 @@

+Wed Nov  3 13:38:47 CET 2010 (tk)

+---------------------------------

+ * clamd: add new commands DETSTATS and DETSTATSCLEAR (part of bb#2312)

+

 Tue Nov  2 13:01:14 EET 2010 (edwin)

 ------------------------------------

  * libclamav/7z.c: fix file descriptor leak (bb #2347)

@@ -426,9 +426,8 @@ int main(int argc, char **argv)

 	}

     }

-    if(optget(opts, "ExtendedDetectionInfo")->enabled)

-	cl_engine_set_clcb_hash(engine, hash_callback);

-

+    cl_engine_set_clcb_hash(engine, hash_callback);

+    detstats_clear();

     if(optget(opts, "LeaveTemporaryFiles")->enabled)

 	cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);

@@ -189,6 +189,8 @@ static void *clamukolegacyth(void *arg)

 	    context.virsize = 0;

 	    if(scan && cl_scanfile_callback(acc->filename, &virname, NULL, tharg->engine, tharg->options, &context) == CL_VIRUS) {

 		if(context.virsize)

+		    detstats_add(virname, acc->filename, context.virsize, context.virhash);

+		if(extinfo && context.virsize)

 		    logg("Clamuko: %s: %s(%s:%llu) FOUND\n", acc->filename, virname, context.virhash, context.virsize);

 		else

 		    logg("Clamuko: %s: %s FOUND\n", acc->filename, virname);

@@ -163,6 +163,8 @@ static void *clamuko_scanth(void *arg)

 			      tharg->options, &context) == CL_VIRUS) {

 	    dazukofs_get_filename(&acc, filename, sizeof(filename));

 	    if(context.virsize)

+		detstats_add(virname, filename, context.virsize, context.virhash);

+	    if(extinfo && context.virsize)

 		logg("Clamuko: %s: %s(%s:%llu) FOUND\n", filename, virname, context.virhash, context.virsize);

 	    else

 		logg("Clamuko: %s: %s FOUND\n", filename, virname);

@@ -87,6 +87,7 @@ void virusaction(const char *filename, const char *virname, const struct optstru

 #define VE_VIRUSNAME "CLAM_VIRUSEVENT_VIRUSNAME"

 static pthread_mutex_t virusaction_lock = PTHREAD_MUTEX_INITIALIZER;

+static pthread_mutex_t detstats_lock = PTHREAD_MUTEX_INITIALIZER;

 void virusaction(const char *filename, const char *virname, const struct optstruct *opts)

 {

@@ -670,3 +671,54 @@ void fds_free(struct fd_data *data)

     data->nfds = 0;

     fds_unlock(data);

 }

+

+struct detstats_s {

+    char virname[128];

+    char fname[128];

+    char md5[33];

+    unsigned int fsize;

+    unsigned int time;

+};

+#define DETSTATS_MAX 50

+static struct detstats_s detstats_data[DETSTATS_MAX];

+static unsigned int detstats_idx = 0, detstats_total = 0;

+

+void detstats_clear(void)

+{

+    pthread_mutex_lock(&detstats_lock);

+    detstats_idx = detstats_total = 0;

+    pthread_mutex_unlock(&detstats_lock);

+}

+

+void detstats_add(const char *virname, const char *fname, unsigned int fsize, const char *md5)

+{

+    pthread_mutex_lock(&detstats_lock);

+

+    strncpy(detstats_data[detstats_idx].virname, virname, sizeof(detstats_data[detstats_idx].virname));

+    detstats_data[detstats_idx].virname[sizeof(detstats_data[detstats_idx].virname) - 1] = 0;

+

+    if((fname = strrchr(fname, *PATHSEP)))

+	fname++;

+    strncpy(detstats_data[detstats_idx].fname, (fname || !strlen(fname)) ? "NOFNAME" : fname, sizeof(detstats_data[detstats_idx].fname));

+    detstats_data[detstats_idx].fname[sizeof(detstats_data[detstats_idx].fname) - 1] = 0;

+

+    strncpy(detstats_data[detstats_idx].md5, md5, sizeof(detstats_data[detstats_idx].md5));

+    detstats_data[detstats_idx].md5[sizeof(detstats_data[detstats_idx].md5) - 1] = 0;

+

+    detstats_data[detstats_idx].fsize = fsize;

+    detstats_data[detstats_idx++].time = time(NULL);

+    if(detstats_idx == DETSTATS_MAX)

+	detstats_idx = 0;

+    detstats_total++;

+    pthread_mutex_unlock(&detstats_lock);

+}

+

+void detstats_print(int desc, char term)

+{

+	unsigned int i;

+

+    pthread_mutex_lock(&detstats_lock);

+    for(i = 0; i < DETSTATS_MAX && i < detstats_total; i++)

+	mdprintf(desc, "%u:%s:%u:%s:%s%c", detstats_data[i].time, detstats_data[i].md5, detstats_data[i].fsize, detstats_data[i].virname, detstats_data[i].fname, term);

+    pthread_mutex_unlock(&detstats_lock);

+}

@@ -82,4 +82,8 @@ void fds_cleanup(struct fd_data *data);

 int fds_poll_recv(struct fd_data *data, int timeout, int check_signals, void *event);

 void fds_free(struct fd_data *data);

+void detstats_clear(void);

+void detstats_add(const char *virname, const char *fname, unsigned int fsize, const char *md5);

+void detstats_print(int desc, char term);

+

 #endif

@@ -244,6 +244,8 @@ int scan_callback(struct stat *sb, char *filename, const char *msg, enum cli_ftw

 	    return CL_ETIMEOUT;

 	}

 	if(context.virsize)

+	    detstats_add(virname, filename, context.virsize, context.virhash);

+	if(context.virsize && optget(scandata->opts, "ExtendedDetectionInfo")->enabled)

 	    logg("~%s: %s(%s:%llu) FOUND\n", filename, virname, context.virhash, context.virsize);

 	else

 	    logg("~%s: %s FOUND\n", filename, virname);

@@ -338,6 +340,8 @@ int scanfd(const int fd, const client_conn_t *conn, unsigned long int *scanned,

 		if (conn_reply_virus(conn, fdstr, virname, context.virhash, context.virsize) == -1)

 		    ret = CL_ETIMEOUT;

 		if(context.virsize)

+		    detstats_add(virname, "NOFNAME", context.virsize, context.virhash);

+		if(context.virsize && optget(opts, "ExtendedDetectionInfo")->enabled)

 		    logg("%s: %s(%s:%llu) FOUND\n", fdstr, virname, context.virhash, context.virsize);

 		else

 		    logg("%s: %s FOUND\n", fdstr, virname);

@@ -509,7 +513,9 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *en

     closesocket(sockfd);

     if(ret == CL_VIRUS) {

-	if(context.virsize) {

+	if(context.virsize)

+	    detstats_add(virname, "NOFNAME", context.virsize, context.virhash);

+	if(context.virsize && optget(opts, "ExtendedDetectionInfo")->enabled) {

 	    mdprintf(odesc, "stream: %s(%s:%llu) FOUND%c", virname, context.virhash, context.virsize, term);

 	    logg("stream(%s@%u): %s(%s:%llu) FOUND\n", peer_addr, port, virname, context.virhash, context.virsize);

 	} else {

@@ -92,10 +92,11 @@ static struct {

     {CMD14, sizeof(CMD14)-1,	COMMAND_FILDES,	    0,	1, FEATURE_FDPASSING},

     {CMD15, sizeof(CMD15)-1,	COMMAND_STATS,	    0,	0, 1},

     {CMD16, sizeof(CMD16)-1,	COMMAND_IDSESSION,  0,	0, 1},

-    {CMD17, sizeof(CMD17)-1,	COMMAND_INSTREAM,   0,	0, 1}

+    {CMD17, sizeof(CMD17)-1,	COMMAND_INSTREAM,   0,	0, 1},

+    {CMD19, sizeof(CMD19)-1,	COMMAND_DETSTATSCLEAR,	0, 1, 1},

+    {CMD20, sizeof(CMD20)-1,	COMMAND_DETSTATS,   0, 1, 1}

 };

-

 enum commands parse_command(const char *cmd, const char **argument, int oldstyle)

 {

     size_t i;

@@ -571,6 +572,16 @@ int execute_or_dispatch_command(client_conn_t *conn, enum commands cmd, const ch

 		print_commands(desc, conn->term, engine);

 		return conn->group ? 0 : 1;

 	    }

+	case COMMAND_DETSTATSCLEAR:

+	    {

+		detstats_clear();

+		return 1;

+	    }

+	case COMMAND_DETSTATS:

+	    {

+		detstats_print(desc, conn->term);

+		return 1;

+	    }

 	case COMMAND_INSTREAM:

 	    {

 		int rc = cli_gentempfd(optget(conn->opts, "TemporaryDirectory")->strarg, &conn->filename, &conn->scanfd);

@@ -40,6 +40,8 @@

 #define CMD16 "IDSESSION"

 #define CMD17 "INSTREAM"

 #define CMD18 "VERSIONCOMMANDS"

+#define CMD19 "DETSTATSCLEAR"

+#define CMD20 "DETSTATS"

 #include "libclamav/clamav.h"

 #include "shared/optparser.h"

@@ -64,6 +66,8 @@ enum commands {

     COMMAND_IDSESSION,

     COMMAND_INSTREAM,

     COMMAND_COMMANDS,

+    COMMAND_DETSTATSCLEAR,

+    COMMAND_DETSTATS,

     /* internal commands */

     COMMAND_MULTISCANFILE,

     COMMAND_INSTREAMSCAN