@@ -1,3 +1,14 @@

+Wed Jun 16 09:09:45 BST 2004 (njh)

+----------------------------------

+  * clamav-milter:		Added access to sendmail variables in template

+	files

+				Use qualified host name for X-Virus-Scanned

+	header when localSocket is set

+  * docs/man/clamav-milter.8:	Added access to sendmail variables in template

+	files

+  * libclamav:			Added small performance improvements

+  				Added thread safety measures

+

 Tue Jun 15 22:41:03 CEST 2004 (tk)

 ----------------------------------

   * clamscan, clamd, freshclam: call geteuid() instead of getuid() to avoid

@@ -404,6 +404,11 @@ Changes

 0.72a	8/6/04	--from didn't take an option (fix to 0.71a)

 0.73	14/6/04	Up-issued

 0.73a	14/6/04	Added support for Windows SFU 3.5

+0.73b	15/6/04	Use fully qualified host name for X-Virus-Scanned header when

+			localSocket is set

+		In template files support {sendmail-variable} and support \%v

+			to send the %v string

+		Tidyup handling if the quarantine directory can't be created

 BUG REPORTS

@@ -26,6 +26,9 @@

  *

  * Change History:

  * $Log: clamav-milter.c,v $

+ * Revision 1.97  2004/06/16 08:08:47  nigelhorne

+ * Allow access to sendmail variables in the template file

+ *

  * Revision 1.96  2004/06/14 14:34:15  nigelhorne

  * Added support for Windows SFU 3.5

  *

@@ -299,9 +302,9 @@

  * Revision 1.6  2003/09/28 16:37:23  nigelhorne

  * Added -f flag use MaxThreads if --max-children not set

  */

-static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.96 2004/06/14 14:34:15 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.97 2004/06/16 08:08:47 nigelhorne Exp $";

-#define	CM_VERSION	"0.73a"

+#define	CM_VERSION	"0.73b"

 /*#define	CONFDIR	"/usr/local/etc"*/

@@ -447,7 +450,7 @@ static	void	header_list_add(header_list_t list, const char *headerf, const char

 static	void	header_list_print(header_list_t list, FILE *fp);

 static	int	connect2clamd(struct privdata *privdata);

 static	void	checkClamd(void);

-static	int	sendtemplate(const char *filename, FILE *sendmail, const char *clamdMessage);

+static	int	sendtemplate(SMFICTX *ctx, const char *filename, FILE *sendmail, const char *clamdMessage);

 static	char	clamav_version[128];

 static	int	fflag = 0;	/* force a scan, whatever */

@@ -1909,13 +1912,19 @@ clamfi_eom(SMFICTX *ctx)

 		char buf[1024];

 		/*

-		 * Include the hostname where the scan took place:

+		 * Include the hostname where the scan took place

 		 */

-		if(localSocket)

+		if(localSocket) {

+			char hostname[32];

+

+			if(gethostname(hostname, sizeof(hostname)) < 0)

+				strncpy(hostname,

+					smfi_getsymval(ctx, "{j}"),

+					sizeof(hostname) - 1);

+

 			snprintf(buf, sizeof(buf) - 1, "%s\n\ton %s",

-				clamav_version,

-				smfi_getsymval(ctx, "{j}"));

-		else {

+				clamav_version, hostname);

+		} else {

 			char *hostname = cli_strtok(serverHostNames, privdata->serverNumber, ":");

 			if(hostname) {

@@ -2107,7 +2116,7 @@ clamfi_eom(SMFICTX *ctx)

 				fputs("Subject: Virus intercepted\n\n", sendmail);

 				if((templatefile == NULL) ||

-				   (sendtemplate(templatefile, sendmail, mess) < 0)) {

+				   (sendtemplate(ctx, templatefile, sendmail, mess) < 0)) {

 					if(bflag)

 						fputs("A message you sent to\n", sendmail);

 					else if(pflag)

@@ -2273,7 +2282,11 @@ clamfi_free(struct privdata *privdata)

 		}

 		if(privdata->filename != NULL) {

-			if(unlink(privdata->filename) < 0) {

+			/*

+			 * Don't print an error if the file hasn't been created

+			 * yet

+			 */

+			if((unlink(privdata->filename) < 0) && (errno != ENOENT)) {

 				perror(privdata->filename);

 				if(use_syslog)

 					syslog(LOG_ERR,

@@ -2531,7 +2544,8 @@ updateSigFile(void)

 	signatureStamp = statb.st_mtime;

 	signature = cli_realloc(signature, statb.st_size);

-	read(fd, signature, statb.st_size);

+	if(signature)

+		read(fd, signature, statb.st_size);

 	close(fd);

 	return statb.st_size;

@@ -2653,7 +2667,12 @@ connect2clamd(struct privdata *privdata)

 		sprintf(privdata->filename, "%s/%02d%02d%02d", quarantine_dir,

 			YY, MM, DD);

-		(void)mkdir(privdata->filename, 0700);

+		if(mkdir(privdata->filename, 0700) < 0) {

+			perror(privdata->filename);

+			if(use_syslog)

+				syslog(LOG_ERR, "mkdir %s failed", privdata->filename);

+			return 0;

+		}

 		do {

 			sprintf(privdata->filename,

@@ -2866,18 +2885,20 @@ checkClamd(void)

 /*

  * Send a templated message about an intercepted message. Very basic for

  * now, just to prove it works, will enhance the flexability later, only

- * supports %v at present. And only one instance of %v at that

+ * supports %v and {sendmail_variables} at present. And only one instance of

+ * %v at that.

  *

  * TODO: more template features

  * TODO: allow filename to start with a '|' taken to mean the output of

  *	a program

+ * TODO: allow { to be escaped with a \ character

  */

 static int

-sendtemplate(const char *filename, FILE *sendmail, const char *clamdMessage)

+sendtemplate(SMFICTX *ctx, const char *filename, FILE *sendmail, const char *clamdMessage)

 {

 	FILE *fin = fopen(filename, "r");

 	struct stat statb;

-	char *buf, *ptr;

+	char *buf, *ptr, *ptr2;

 	int rc;

 	if(fin == NULL) {

@@ -2899,22 +2920,43 @@ sendtemplate(const char *filename, FILE *sendmail, const char *clamdMessage)

 	}

 	buf = cli_malloc(statb.st_size + 1);

 	if(buf == NULL) {

+		fclose(fin);

 		if(use_syslog)

 			syslog(LOG_ERR, "Out of memory");

-		fclose(fin);

 		return -1;

 	}

 	fread(buf, sizeof(char), statb.st_size, fin);

 	fclose(fin);

 	buf[statb.st_size] = '\0';

-	if((ptr = strstr(buf, "%v")) != NULL) {

+	/* FIXME: \%v should be %%v */

+	if(((ptr = strstr(buf, "%v")) != NULL) && (strstr(buf, "\\%v") == NULL)) {

 		*ptr = '\0';

 		ptr = &ptr[2];

 		fputs(buf, sendmail);

 		/* Need to peel out the virus name and just send that */

 		fputs(clamdMessage, sendmail);

 		rc = (fputs(ptr, sendmail) == EOF) ? -1 : 0;

+	} else if((ptr = strchr(buf, '{')) && (ptr2 = strchr(ptr, '}'))) {

+		char *var;

+

+		*ptr++ = '\0';

+		fputs(buf, sendmail);

+		*ptr2++ = '\0';

+

+		if((var = cli_malloc(strlen(ptr) + 3)) != NULL) {

+			sprintf(var, "{%s}", ptr);

+			if((ptr = smfi_getsymval(ctx, var)) != NULL)

+				fputs(ptr, sendmail);

+			else if(use_syslog) {

+				fputs(var, sendmail);

+				syslog(LOG_ERR,

+					"%s: Unknown sendmail variable \"%s\"\n",

+					filename, var);

+			}

+			free(var);

+		}

+		fputs(ptr2, sendmail);

 	} else

 		rc = (fputs(buf, sendmail) == EOF) ? -1 : 0;

@@ -146,7 +146,7 @@ maximum time a pending thread will be held up is 1 minute, so the number

 of threads can exceed this number for short periods of time.

 There is no default, if this argument is not \fBclamav\-milter\fR will

 spawn as many children as is necessary.

-.TP

+.LP

 Most users will not need this option, if in doubt do not set it.

 .TP

 \fB\-\-template\-file=file \-t file\fR

@@ -154,6 +154,9 @@ File points to a file whose contents is sent as the warning message whenever a

 virus is intercepted.

 The first occurance of %v within the file is replaced with the message

 returned from clamd, which includes the name of the virus.

+The %v string can be escaped, thus \\%v, to send the string %v.

+Any occurance of strings in braces are replaced with the appropriate

+{sendmail-variable}.

 If the \-t option is not given, clamav\-milter defaults to a hardcoded message.

 .SH "EXAMPLES"

 .LP