... | ... |
@@ -310,7 +310,8 @@ void *onas_ddd_th(void *arg) { |
310 | 310 |
if(onas_ht_add_hierarchy(ddd_ht, pt->strarg)) { |
311 | 311 |
logg("!ScanOnAccess: Can't include path '%s'\n", pt->strarg); |
312 | 312 |
return NULL; |
313 |
- } |
|
313 |
+ } else |
|
314 |
+ logg("ScanOnAccess: Protecting directory '%s' (and all sub-directories)\n", pt->strarg); |
|
314 | 315 |
} |
315 | 316 |
|
316 | 317 |
pt = (struct optstruct *) pt->nextarg; |
... | ... |
@@ -328,7 +329,8 @@ void *onas_ddd_th(void *arg) { |
328 | 328 |
if(onas_ht_rm_hierarchy(ddd_ht, pt->strarg, ptlen, 0)) { |
329 | 329 |
logg("!ScanOnAccess: Can't exclude path '%s'\n", pt->strarg); |
330 | 330 |
return NULL; |
331 |
- } |
|
331 |
+ } else |
|
332 |
+ logg("ScanOnAccess: Excluding directory '%s' (and all sub-directories)\n", pt->strarg); |
|
332 | 333 |
} |
333 | 334 |
|
334 | 335 |
pt = (struct optstruct *) pt->nextarg; |
... | ... |
@@ -144,24 +144,41 @@ void *onas_fan_th(void *arg) |
144 | 144 |
return NULL; |
145 | 145 |
} |
146 | 146 |
|
147 |
- do { |
|
148 |
- if(pthread_attr_init(&ddd_attr)) break; |
|
149 |
- pthread_attr_setdetachstate(&ddd_attr, PTHREAD_CREATE_JOINABLE); |
|
150 |
- |
|
151 |
- if(!(ddd_tharg = (struct ddd_thrarg *) malloc(sizeof(struct ddd_thrarg)))) break; |
|
152 |
- |
|
153 |
- ddd_tharg->fan_fd = onas_fan_fd; |
|
154 |
- ddd_tharg->fan_mask = fan_mask; |
|
155 |
- ddd_tharg->opts = tharg->opts; |
|
156 |
- ddd_tharg->engine = tharg->engine; |
|
157 |
- ddd_tharg->options = tharg->options; |
|
158 |
- |
|
159 |
- if(!pthread_create(&ddd_pid, &ddd_attr, onas_ddd_th, ddd_tharg)) break; |
|
160 |
- |
|
161 |
- free(ddd_tharg); |
|
162 |
- ddd_tharg=NULL; |
|
163 |
- } while(0); |
|
164 |
- if (!tharg) logg("!Unable to start dynamic directory determination.\n"); |
|
147 |
+ if (!optget(tharg->opts, "OnAccessDisableDDD")->enabled) { |
|
148 |
+ do { |
|
149 |
+ if(pthread_attr_init(&ddd_attr)) break; |
|
150 |
+ pthread_attr_setdetachstate(&ddd_attr, PTHREAD_CREATE_JOINABLE); |
|
151 |
+ |
|
152 |
+ if(!(ddd_tharg = (struct ddd_thrarg *) malloc(sizeof(struct ddd_thrarg)))) break; |
|
153 |
+ |
|
154 |
+ ddd_tharg->fan_fd = onas_fan_fd; |
|
155 |
+ ddd_tharg->fan_mask = fan_mask; |
|
156 |
+ ddd_tharg->opts = tharg->opts; |
|
157 |
+ ddd_tharg->engine = tharg->engine; |
|
158 |
+ ddd_tharg->options = tharg->options; |
|
159 |
+ |
|
160 |
+ if(!pthread_create(&ddd_pid, &ddd_attr, onas_ddd_th, ddd_tharg)) break; |
|
161 |
+ |
|
162 |
+ free(ddd_tharg); |
|
163 |
+ ddd_tharg=NULL; |
|
164 |
+ } while(0); |
|
165 |
+ if (!tharg) logg("!Unable to start dynamic directory determination.\n"); |
|
166 |
+ |
|
167 |
+ } else { |
|
168 |
+ if((pt = optget(tharg->opts, "OnAccessIncludePath"))->enabled) { |
|
169 |
+ while(pt) { |
|
170 |
+ if(fanotify_mark(onas_fan_fd, FAN_MARK_ADD, fan_mask, onas_fan_fd, pt->strarg) != 0) { |
|
171 |
+ logg("!ScanOnAccess: Can't include path '%s'\n", pt->strarg); |
|
172 |
+ return NULL; |
|
173 |
+ } else |
|
174 |
+ logg("ScanOnAccess: Protecting directory '%s'\n", pt->strarg); |
|
175 |
+ pt = (struct optstruct *) pt->nextarg; |
|
176 |
+ } |
|
177 |
+ } else { |
|
178 |
+ logg("!ScanOnAccess: Please specify at least one path with OnAccessIncludePath\n"); |
|
179 |
+ return NULL; |
|
180 |
+ } |
|
181 |
+ } |
|
165 | 182 |
|
166 | 183 |
/* Load other options. */ |
167 | 184 |
sizelimit = optget(tharg->opts, "OnAccessMaxFileSize")->numarg; |
... | ... |
@@ -579,6 +579,11 @@ Example |
579 | 579 |
# Default: disabled |
580 | 580 |
#OnAccessExcludeUID 0 |
581 | 581 |
|
582 |
+# Toggles dynamic directory determination. Allows for recursively watching include paths. |
|
583 |
+# (On-access scan only) |
|
584 |
+# Default: no |
|
585 |
+#OnAccessDisableDDD yes |
|
586 |
+ |
|
582 | 587 |
|
583 | 588 |
## |
584 | 589 |
## Bytecode |
... | ... |
@@ -400,6 +400,8 @@ const struct clam_option __clam_options[] = { |
400 | 400 |
|
401 | 401 |
{ "OnAccessMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned in on access.", "5M" }, |
402 | 402 |
|
403 |
+ { "OnAccessDisableDDD", "disable-ddd", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option toggles the dynamic directory determination system for on-access scanning (Linux only)", "no" }, |
|
404 |
+ |
|
403 | 405 |
/* FIXME: mark these as private and don't output into clamd.conf/man */ |
404 | 406 |
{ "DevACOnly", "dev-ac-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, FLAG_HIDDEN, OPT_CLAMD | OPT_CLAMSCAN, "", "" }, |
405 | 407 |
|