1. clamav-devel
  2. Commit 87620def4a69f892fef057314befd48795109489
Browse code

add tempdir, some fixes

git-svn: trunk@4531

aCaB authored on 2008/12/05 01:27:16
Showing 11 changed files
clamav-milter/Makefile.am
History View file @ 87620de
... ... 
@@ -16,7 +16,6 @@
16 16 
 #  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
17 17 
 #  MA 02110-1301, USA.
18 18
19 
-# FIXME: check automake for 'and' (&&)
20 19 
 if BUILD_CLAMD
21 20 
 if HAVE_MILTER
22 21
... ... 
@@ -51,6 +50,3 @@ LIBS = $(top_builddir)/libclamav/libclamav.la @CLAMAV_MILTER_LIBS@ @THREAD_LIBS@
51 51 
 AM_CPPFLAGS = -I$(top_srcdir)/clamd -I$(top_srcdir)/libclamav -I$(top_srcdir)/shared -I$(top_srcdir)
52 52 
 EXTRA_DIST = clamav-milter.c INSTALL
53 53 
 CLEANFILES=*.gcda *.gcno
54 
-CFLAGS=`echo "@CFLAGS@" | sed -e 's/-Werror[^-]//'`
55 
-
56 
-
clamav-milter/Makefile.in
History View file @ 87620de
... ... 
@@ -124,7 +124,7 @@ AWK = @AWK@
124 124 
 CC = @CC@
125 125 
 CCDEPMODE = @CCDEPMODE@
126 126 
 CFGDIR = @CFGDIR@
127 
-CFLAGS = `echo "@CFLAGS@" | sed -e 's/-Werror[^-]//'`
127 
+CFLAGS = @CFLAGS@
128 128 
 CHECK_CPPFLAGS = @CHECK_CPPFLAGS@
129 129 
 CHECK_LIBS = @CHECK_LIBS@
130 130 
 CLAMAVGROUP = @CLAMAVGROUP@
clamav-milter/clamav-milter.c
History View file @ 87620de
... ... 
@@ -208,6 +208,9 @@ int main(int argc, char **argv) {
208 208 
     }
209 209 
 #endif
210 210
211 
+    if((cpt = cfgopt(copt, "TemporaryDirectory"))->enabled)
212 
+	tempdir = cpt->strarg;
213 
+
211 214 
     if(localnets_init(copt) || init_actions(copt)) {
212 215 
 	logg_close();
213 216 
 	freecfg(copt);
... ... 
@@ -223,7 +226,6 @@ int main(int argc, char **argv) {
223 223
224 224 
     /* FIXME: find a place for these:
225 225 
      * maxthreads = cfgopt(copt, "MaxThreads")->numarg;
226 
-     * logclean = cfgopt(copt, "LogClean")->numarg;
227 226 
      */
228 227
229 228 
     if(cfgopt(copt, "AddHeader")->enabled) {
... ... 
@@ -242,7 +244,7 @@ int main(int argc, char **argv) {
242 242 
 	addxvirus = 1;
243 243 
     }
244 244
245 
-    umask(0007);
245 
+    umask(0007); /* FIXME */
246 246 
     if(!(my_socket = cfgopt(copt, "MilterSocket")->strarg)) {
247 247 
 	logg("!Please configure the MilterSocket directive\n");
248 248 
 	localnets_free();
... ... 
@@ -297,12 +299,27 @@ int main(int argc, char **argv) {
297 297 
 	    whitelist_free();
298 298 
 	    cpool_free();
299 299 
 	    logg_close();
300 
+	    freecfg(copt);
300 301 
 	    return 1;
301 302 
 	}
302 303 
 	if(chdir("/") == -1)
303 304 
 	    logg("^Can't change current working directory to root\n");
304 305 
     }
305 306
307 
+    if((cpt = cfgopt(copt, "PidFile"))->enabled) {
308 
+	FILE *fd;
309 
+	mode_t old_umask = umask(0006);
310 
+
311 
+	if((fd = fopen(cpt->strarg, "w")) == NULL) {
312 
+	    logg("!Can't save PID in file %s\n", cpt->strarg);
313 
+	} else {
314 
+	    if (fprintf(fd, "%u", (unsigned int)getpid())<0) {
315 
+	    	logg("!Can't save PID in file %s\n", cpt->strarg);
316 
+	    }
317 
+	    fclose(fd);
318 
+	}
319 
+	umask(old_umask);
320 
+    }
306 321
307 322 
     ret = smfi_main();
308 323
clamav-milter/clamav-milter.po
History View file @ 87620de
309 324 
deleted file mode 100644
... ... 
@@ -1,1122 +0,0 @@
1 
-# SOME DESCRIPTIVE TITLE.
2 
-# Copyright (C) YEAR njh@bandsman.co.uk
3 
-# This file is distributed under the same license as the PACKAGE package.
4 
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5 
-#
6 
-#, fuzzy
7 
-msgid ""
8 
-msgstr ""
9 
-"Project-Id-Version: PACKAGE VERSION\n"
10 
-"Report-Msgid-Bugs-To: bugs@clamav.net\n"
11 
-"POT-Creation-Date: 2007-10-24 09:05+0100\n"
12 
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13 
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14 
-"Language-Team: LANGUAGE <LL@li.org>\n"
15 
-"MIME-Version: 1.0\n"
16 
-"Content-Type: text/plain; charset=CHARSET\n"
17 
-"Content-Transfer-Encoding: 8bit\n"
18 
-
19 
-#: clamav-milter.c:585
20 
-msgid "\t--advisory\t\t-A\tFlag viruses rather than deleting them."
21 
-msgstr ""
22 
-
23 
-#: clamav-milter.c:586
24 
-msgid "\t--blacklist-time=SECS\t-k\tTime (in seconds) to blacklist an IP."
25 
-msgstr ""
26 
-
27 
-#: clamav-milter.c:587
28 
-msgid "\t--black-hole-mode\t\tDon't scan messages aliased to /dev/null."
29 
-msgstr ""
30 
-
31 
-#: clamav-milter.c:589
32 
-msgid "\t--bounce\t\t-b\tSend a failure message to the sender."
33 
-msgstr ""
34 
-
35 
-#: clamav-milter.c:591
36 
-msgid ""
37 
-"\t--broadcast\t\t-B [IFACE]\tBroadcast to a network manager when a virus is "
38 
-"found."
39 
-msgstr ""
40 
-
41 
-#: clamav-milter.c:592
42 
-msgid "\t--chroot=DIR\t\t-C DIR\tChroot to dir when starting."
43 
-msgstr ""
44 
-
45 
-#: clamav-milter.c:593
46 
-msgid "\t--config-file=FILE\t-c FILE\tRead configuration from FILE."
47 
-msgstr ""
48 
-
49 
-#: clamav-milter.c:594
50 
-msgid "\t--debug\t\t\t-D\tPrint debug messages."
51 
-msgstr ""
52 
-
53 
-#: clamav-milter.c:595
54 
-msgid ""
55 
-"\t--detect-forged-local-address\t-L\tReject mails that claim to be from us."
56 
-msgstr ""
57 
-
58 
-#: clamav-milter.c:596
59 
-msgid "\t--dont-blacklist\t-K\tDon't blacklist a given IP."
60 
-msgstr ""
61 
-
62 
-#: clamav-milter.c:597
63 
-msgid ""
64 
-"\t--dont-scan-on-error\t-d\tPass e-mails through unscanned if a system error "
65 
-"occurs."
66 
-msgstr ""
67 
-
68 
-#: clamav-milter.c:598
69 
-msgid "\t--dont-wait\t\t\tAsk remote end to resend if max-children exceeded."
70 
-msgstr ""
71 
-
72 
-#: clamav-milter.c:599
73 
-msgid "\t--external\t\t-e\tUse an external scanner (usually clamd)."
74 
-msgstr ""
75 
-
76 
-#: clamav-milter.c:600
77 
-msgid ""
78 
-"\t--freshclam-monitor=SECS\t-M SECS\tHow often to check for database update."
79 
-msgstr ""
80 
-
81 
-#: clamav-milter.c:601
82 
-msgid "\t--from=EMAIL\t\t-a EMAIL\tError messages come from here."
83 
-msgstr ""
84 
-
85 
-#: clamav-milter.c:602
86 
-msgid "\t--force-scan\t\t-f\tForce scan all messages (overrides (-o and -l)."
87 
-msgstr ""
88 
-
89 
-#: clamav-milter.c:603
90 
-msgid "\t--help\t\t\t-h\tThis message."
91 
-msgstr ""
92 
-
93 
-#: clamav-milter.c:604
94 
-msgid "\t--headers\t\t-H\tInclude original message headers in the report."
95 
-msgstr ""
96 
-
97 
-#: clamav-milter.c:605
98 
-msgid ""
99 
-"\t--ignore IPaddr\t\t-I IPaddr\tAdd IPaddr to LAN IP list (see --local)."
100 
-msgstr ""
101 
-
102 
-#: clamav-milter.c:606
103 
-msgid "\t--local\t\t\t-l\tScan messages sent from machines on our LAN."
104 
-msgstr ""
105 
-
106 
-#: clamav-milter.c:607
107 
-msgid "\t--max-childen\t\t-m\tMaximum number of concurrent scans."
108 
-msgstr ""
109 
-
110 
-#: clamav-milter.c:608
111 
-msgid "\t--outgoing\t\t-o\tScan outgoing messages from this machine."
112 
-msgstr ""
113 
-
114 
-#: clamav-milter.c:609
115 
-msgid "\t--noreject\t\t-N\tDon't reject viruses, silently throw them away."
116 
-msgstr ""
117 
-
118 
-#: clamav-milter.c:610
119 
-msgid "\t--noxheader\t\t-n\tSuppress X-Virus-Scanned/X-Virus-Status headers."
120 
-msgstr ""
121 
-
122 
-#: clamav-milter.c:611
123 
-msgid "\t--pidfile=FILE\t\t-i FILE\tLocation of pidfile."
124 
-msgstr ""
125 
-
126 
-#: clamav-milter.c:612
127 
-msgid "\t--postmaster\t\t-p EMAIL\tPostmaster address [default=postmaster]."
128 
-msgstr ""
129 
-
130 
-#: clamav-milter.c:613
131 
-msgid "\t--postmaster-only\t-P\tSend notifications only to the postmaster."
132 
-msgstr ""
133 
-
134 
-#: clamav-milter.c:614
135 
-msgid "\t--quiet\t\t\t-q\tDon't send e-mail notifications of interceptions."
136 
-msgstr ""
137 
-
138 
-#: clamav-milter.c:615
139 
-msgid "\t--quarantine=USER\t-Q EMAIL\tQuarantine e-mail account."
140 
-msgstr ""
141 
-
142 
-#: clamav-milter.c:616
143 
-msgid "\t--report-phish=EMAIL\t-r EMAIL\tReport phish to this email address."
144 
-msgstr ""
145 
-
146 
-#: clamav-milter.c:617
147 
-msgid ""
148 
-"\t--report-phish-false-positives=EMAIL\t-R EMAIL\tReport phish false "
149 
-"positves to this email address."
150 
-msgstr ""
151 
-
152 
-#: clamav-milter.c:618
153 
-msgid "\t--quarantine-dir=DIR\t-U DIR\tDirectory to store infected emails."
154 
-msgstr ""
155 
-
156 
-#: clamav-milter.c:619
157 
-msgid ""
158 
-"\t--server=SERVER\t\t-s SERVER\tHostname/IP address of server(s) running "
159 
-"clamd (when using TCPsocket)."
160 
-msgstr ""
161 
-
162 
-#: clamav-milter.c:620
163 
-msgid "\t--sendmail-cf=FILE\t\tLocation of the sendmail.cf file to verify"
164 
-msgstr ""
165 
-
166 
-#: clamav-milter.c:621
167 
-msgid "\t--sign\t\t\t-S\tAdd a hard-coded signature to each scanned message."
168 
-msgstr ""
169 
-
170 
-#: clamav-milter.c:622
171 
-msgid "\t--signature-file=FILE\t-F FILE\tLocation of signature file."
172 
-msgstr ""
173 
-
174 
-#: clamav-milter.c:623
175 
-msgid "\t--template-file=FILE\t-t FILE\tLocation of e-mail template file."
176 
-msgstr ""
177 
-
178 
-#: clamav-milter.c:624
179 
-msgid ""
180 
-"\t--template-headers=FILE\t\tLocation of e-mail headers for template file."
181 
-msgstr ""
182 
-
183 
-#: clamav-milter.c:625
184 
-msgid "\t--timeout=SECS\t\t-T SECS\tTimeout waiting to childen to die."
185 
-msgstr ""
186 
-
187 
-#: clamav-milter.c:626
188 
-msgid ""
189 
-"\t--whitelist-file=FILE\t-W FILE\tLocation of the file of whitelisted "
190 
-"addresses"
191 
-msgstr ""
192 
-
193 
-#: clamav-milter.c:627
194 
-msgid "\t--version\t\t-V\tPrint the version number of this software."
195 
-msgstr ""
196 
-
197 
-#: clamav-milter.c:629
198 
-msgid "\t--debug-level=n\t\t-x n\tSets the debug level to 'n'."
199 
-msgstr ""
200 
-
201 
-#: clamav-milter.c:631
202 
-msgid ""
203 
-"\n"
204 
-"For more information type \"man clamav-milter\"."
205 
-msgstr ""
206 
-
207 
-#: clamav-milter.c:632
208 
-msgid "For bug reports, please refer to http://www.clamav.net/bugs"
209 
-msgstr ""
210 
-
211 
-#: clamav-milter.c:931
212 
-#, c-format
213 
-msgid "%s: %s, -I may only be given %d times\n"
214 
-msgstr ""
215 
-
216 
-#: clamav-milter.c:937
217 
-#, c-format
218 
-msgid "%s: Cannot convert -I%s to IPaddr\n"
219 
-msgstr ""
220 
-
221 
-#: clamav-milter.c:1051
222 
-#, c-format
223 
-msgid "%s: SESSIONS mode requires --external\n"
224 
-msgstr ""
225 
-
226 
-#: clamav-milter.c:1059
227 
-#, c-format
228 
-msgid "%s: No socket-addr given\n"
229 
-msgstr ""
230 
-
231 
-#: clamav-milter.c:1066
232 
-#, c-format
233 
-msgid "%s: socket-addr (%s) doesn't agree with sendmail.cf\n"
234 
-msgstr ""
235 
-
236 
-#: clamav-milter.c:1082
237 
-#, c-format
238 
-msgid "%s: when using inet: connexion to sendmail you must enable --local\n"
239 
-msgstr ""
240 
-
241 
-#: clamav-milter.c:1094
242 
-#, c-format
243 
-msgid "%s: Can't parse the config file %s\n"
244 
-msgstr ""
245 
-
246 
-#: clamav-milter.c:1101
247 
-#, c-format
248 
-msgid "%s: --detect-forged-local-addresses is not compatible with --outgoing\n"
249 
-msgstr ""
250 
-
251 
-#: clamav-milter.c:1105
252 
-#, c-format
253 
-msgid "%s: --detect-forged-local-addresses is not compatible with --local\n"
254 
-msgstr ""
255 
-
256 
-#: clamav-milter.c:1109
257 
-#, c-format
258 
-msgid "%s: --detect-forged-local-addresses is not compatible with --force\n"
259 
-msgstr ""
260 
-
261 
-#: clamav-milter.c:1153
262 
-#, c-format
263 
-msgid ""
264 
-"%s: The iface option to --broadcast is not supported on your operating "
265 
-"system\n"
266 
-msgstr ""
267 
-
268 
-#: clamav-milter.c:1162
269 
-#, c-format
270 
-msgid "%s: Can't get information about user %s\n"
271 
-msgstr ""
272 
-
273 
-#: clamav-milter.c:1173
274 
-#, c-format
275 
-msgid "%s: AllowSupplementaryGroups: initgroups not supported.\n"
276 
-msgstr ""
277 
-
278 
-#: clamav-milter.c:1191
279 
-#, c-format
280 
-msgid "Running as user %s (UID %d, GID %d)\n"
281 
-msgstr ""
282 
-
283 
-#: clamav-milter.c:1247
284 
-#, c-format
285 
-msgid "%s: You cannot use black hole mode unless %s is a TrustedUser\n"
286 
-msgstr ""
287 
-
288 
-#: clamav-milter.c:1253
289 
-#, c-format
290 
-msgid "^%s: running as root is not recommended (check \"User\" in %s)\n"
291 
-msgstr ""
292 
-
293 
-#: clamav-milter.c:1255
294 
-#, c-format
295 
-msgid "%s: Only root can set an interface for --broadcast\n"
296 
-msgstr ""
297 
-
298 
-#: clamav-milter.c:1260
299 
-#, c-format
300 
-msgid "%s: Advisory mode doesn't work with quarantine mode\n"
301 
-msgstr ""
302 
-
303 
-#: clamav-milter.c:1268
304 
-#, c-format
305 
-msgid "%s: Advisory mode doesn't work with quarantine directories\n"
306 
-msgstr ""
307 
-
308 
-#: clamav-milter.c:1274
309 
-#, c-format
310 
-msgid "%s: the quarantine directory must not contain the string 'ERROR'\n"
311 
-msgstr ""
312 
-
313 
-#: clamav-milter.c:1280
314 
-#, c-format
315 
-msgid "%s: the quarantine directory must not contain the string 'FOUND'\n"
316 
-msgstr ""
317 
-
318 
-#: clamav-milter.c:1286
319 
-#, c-format
320 
-msgid "%s: the quarantine directory must not contain the string 'OK'\n"
321 
-msgstr ""
322 
-
323 
-#: clamav-milter.c:1303
324 
-#, c-format
325 
-msgid "%s: insecure quarantine directory %s (mode 0%o)\n"
326 
-msgstr ""
327 
-
328 
-#: clamav-milter.c:1344
329 
-#, c-format
330 
-msgid "%s: ReadTimeout must not be negative in %s\n"
331 
-msgstr ""
332 
-
333 
-#: clamav-milter.c:1353
334 
-#, c-format
335 
-msgid "%s: StreamMaxLength must not be negative in %s\n"
336 
-msgstr ""
337 
-
338 
-#: clamav-milter.c:1386
339 
-#, c-format
340 
-msgid ""
341 
-"%s: (-q && !LogSyslog): warning - all interception message methods are off\n"
342 
-msgstr ""
343 
-
344 
-#: clamav-milter.c:1402
345 
-#, c-format
346 
-msgid "%s: --max-children must be given if --external is not given\n"
347 
-msgstr ""
348 
-
349 
-#: clamav-milter.c:1406
350 
-#, c-format
351 
-msgid "%s: --freshclam_monitor must be at least one second\n"
352 
-msgstr ""
353 
-
354 
-#: clamav-milter.c:1420
355 
-#, c-format
356 
-msgid "%s: --timeout must not be given if --external is not given\n"
357 
-msgstr ""
358 
-
359 
-#: clamav-milter.c:1433
360 
-#, c-format
361 
-msgid "%s: No emails will be scanned"
362 
-msgstr ""
363 
-
364 
-#: clamav-milter.c:1444
365 
-#, c-format
366 
-msgid "%s: You can select one server type only (local/TCP) in %s\n"
367 
-msgstr ""
368 
-
369 
-#: clamav-milter.c:1449
370 
-#, c-format
371 
-msgid "%s: You cannot use the --server option when using LocalSocket in %s\n"
372 
-msgstr ""
373 
-
374 
-#: clamav-milter.c:1459
375 
-#, c-format
376 
-msgid "The connexion from sendmail to %s (%s) must not\n"
377 
-msgstr ""
378 
-
379 
-#: clamav-milter.c:1461
380 
-#, c-format
381 
-msgid "be the same as the connexion to clamd (%s) in %s\n"
382 
-msgstr ""
383 
-
384 
-#: clamav-milter.c:1471 clamav-milter.c:1498
385 
-#, c-format
386 
-msgid "Can't talk to clamd server via %s\n"
387 
-msgstr ""
388 
-
389 
-#: clamav-milter.c:1473 clamav-milter.c:1500
390 
-#, c-format
391 
-msgid "Check your entry for LocalSocket in %s\n"
392 
-msgstr ""
393 
-
394 
-#: clamav-milter.c:1510
395 
-msgid "!Can't create a clamd session"
396 
-msgstr ""
397 
-
398 
-#: clamav-milter.c:1527
399 
-#, c-format
400 
-msgid "%s: --quarantine-dir not supported for TCPSocket - use --quarantine\n"
401 
-msgstr ""
402 
-
403 
-#: clamav-milter.c:1542
404 
-#, c-format
405 
-msgid "%s: hostname %s is longer than %d characters\n"
406 
-msgstr ""
407 
-
408 
-#: clamav-milter.c:1561 clamav-milter.c:1694
409 
-#, c-format
410 
-msgid "%s: --max-children must be given in sessions mode\n"
411 
-msgstr ""
412 
-
413 
-#: clamav-milter.c:1567
414 
-#, c-format
415 
-msgid ""
416 
-"%1$s: --max-children (%2$d) is lower than the number of servers you have (%3"
417 
-"$d)\n"
418 
-msgstr ""
419 
-
420 
-#: clamav-milter.c:1594
421 
-#, c-format
422 
-msgid "%s: Unknown host %s\n"
423 
-msgstr ""
424 
-
425 
-#: clamav-milter.c:1624
426 
-msgid "Waiting for clamd to come up\n"
427 
-msgstr ""
428 
-
429 
-#: clamav-milter.c:1638
430 
-#, c-format
431 
-msgid "Can't talk to clamd server %s on port %d\n"
432 
-msgstr ""
433 
-
434 
-#: clamav-milter.c:1642
435 
-#, c-format
436 
-msgid "Check the value for TCPAddr in %s\n"
437 
-msgstr ""
438 
-
439 
-#: clamav-milter.c:1644
440 
-#, c-format
441 
-msgid "Check the value for TCPAddr in clamd.conf on %s\n"
442 
-msgstr ""
443 
-
444 
-#: clamav-milter.c:1660 clamav-milter.c:1668 clamav-milter.c:4773
445 
-msgid "!Can't find any clamd server\n"
446 
-msgstr ""
447 
-
448 
-#: clamav-milter.c:1661 clamav-milter.c:1666
449 
-#, c-format
450 
-msgid "Check your entry for TCPSocket in %s\n"
451 
-msgstr ""
452 
-
453 
-#: clamav-milter.c:1674
454 
-#, c-format
455 
-msgid "%s: You must select server type (local/TCP) in %s\n"
456 
-msgstr ""
457 
-
458 
-#: clamav-milter.c:1777
459 
-#, c-format
460 
-msgid "When debugging it is recommended that you use Foreground mode in %s\n"
461 
-msgstr ""
462 
-
463 
-#: clamav-milter.c:1778
464 
-msgid "\tso that you can see all of the messages"
465 
-msgstr ""
466 
-
467 
-#: clamav-milter.c:1886
468 
-#, c-format
469 
-msgid "%s: ScanMail not defined in %s (needed without --external), enabling\n"
470 
-msgstr ""
471 
-
472 
-#: clamav-milter.c:1946
473 
-msgid "Starting clamav-milter"
474 
-msgstr ""
475 
-
476 
-#: clamav-milter.c:1974
477 
-#, c-format
478 
-msgid "!pidfile: '%s' must be a full pathname"
479 
-msgstr ""
480 
-
481 
-#: clamav-milter.c:1990
482 
-#, c-format
483 
-msgid "!Can't save PID in file %s\n"
484 
-msgstr ""
485 
-
486 
-#: clamav-milter.c:2058
487 
-#, c-format
488 
-msgid "Starting %s\n"
489 
-msgstr ""
490 
-
491 
-#: clamav-milter.c:2059
492 
-msgid "*Debugging is on\n"
493 
-msgstr ""
494 
-
495 
-#: clamav-milter.c:2159
496 
-#, c-format
497 
-msgid "Check clamd server %s - it may be down\n"
498 
-msgstr ""
499 
-
500 
-#: clamav-milter.c:2164
501 
-msgid "Check clamd server - it may be down"
502 
-msgstr ""
503 
-
504 
-#: clamav-milter.c:2374
505 
-msgid "No free clamd sessions\n"
506 
-msgstr ""
507 
-
508 
-#: clamav-milter.c:2495
509 
-msgid "^Couldn't establish a connexion to any clamd server\n"
510 
-msgstr ""
511 
-
512 
-#: clamav-milter.c:2519
513 
-#, c-format
514 
-msgid "^findServer: select failed (maxsock = %d)\n"
515 
-msgstr ""
516 
-
517 
-#: clamav-milter.c:2533
518 
-msgid "^findServer: No response from any server\n"
519 
-msgstr ""
520 
-
521 
-#: clamav-milter.c:2602
522 
-#, c-format
523 
-msgid "^Check clamd server %s - it may be down\n"
524 
-msgstr ""
525 
-
526 
-#: clamav-milter.c:2606
527 
-msgid "Check clamd server - it may be down\n"
528 
-msgstr ""
529 
-
530 
-#: clamav-milter.c:2630
531 
-msgid "!clamfi_connect: ctx is null"
532 
-msgstr ""
533 
-
534 
-#: clamav-milter.c:2634
535 
-msgid "!clamfi_connect: hostname is null"
536 
-msgstr ""
537 
-
538 
-#: clamav-milter.c:2670
539 
-#, c-format
540 
-msgid "clamfi_connect: Unexpected sa_family %d\n"
541 
-msgstr ""
542 
-
543 
-#: clamav-milter.c:2680
544 
-msgid "clamfi_connect: remoteIP is null"
545 
-msgstr ""
546 
-
547 
-#: clamav-milter.c:2688
548 
-#, c-format
549 
-msgid "clamfi_connect: connexion from %s"
550 
-msgstr ""
551 
-
552 
-#: clamav-milter.c:2690
553 
-#, c-format
554 
-msgid "clamfi_connect: connexion from %s [%s]"
555 
-msgstr ""
556 
-
557 
-#: clamav-milter.c:2709
558 
-msgid "Can't get sendmail hostname"
559 
-msgstr ""
560 
-
561 
-#: clamav-milter.c:2717
562 
-#, c-format
563 
-msgid "^Access Denied: Host Unknown (%s)"
564 
-msgstr ""
565 
-
566 
-#: clamav-milter.c:2726
567 
-#, c-format
568 
-msgid "Can't find entry for IP address %s in DNS - check your DNS setting\n"
569 
-msgstr ""
570 
-
571 
-#: clamav-milter.c:2736
572 
-#, c-format
573 
-msgid "^Access Denied: Can't get IP address for (%s)"
574 
-msgstr ""
575 
-
576 
-#: clamav-milter.c:2752
577 
-#, c-format
578 
-msgid "^Access Denied for %s[%s]"
579 
-msgstr ""
580 
-
581 
-#: clamav-milter.c:2768
582 
-msgid "*clamfi_connect: not scanning outgoing messages"
583 
-msgstr ""
584 
-
585 
-#: clamav-milter.c:2774
586 
-msgid "*clamfi_connect: not scanning local messages\n"
587 
-msgstr ""
588 
-
589 
-#: clamav-milter.c:2787
590 
-msgid "^clamfi_connect: gethostname failed"
591 
-msgstr ""
592 
-
593 
-#: clamav-milter.c:2792
594 
-msgid "Rejected connexion falsely claiming to be from here\n"
595 
-msgstr ""
596 
-
597 
-#: clamav-milter.c:2793
598 
-msgid "You have claimed to be me, but you are not"
599 
-msgstr ""
600 
-
601 
-#: clamav-milter.c:2794 clamav-milter.c:3141
602 
-msgid "Forged local address detected"
603 
-msgstr ""
604 
-
605 
-#: clamav-milter.c:2810
606 
-#, c-format
607 
-msgid "%s is blacklisted because your machine is infected with a virus"
608 
-msgstr ""
609 
-
610 
-#: clamav-milter.c:2812 clamav-milter.c:2924
611 
-msgid "Blacklisted IP detected"
612 
-msgstr ""
613 
-
614 
-#: clamav-milter.c:2868
615 
-msgid "*clamfi_envfrom: ignoring whitelisted message"
616 
-msgstr ""
617 
-
618 
-#: clamav-milter.c:2882
619 
-msgid "Rejected email with empty from field"
620 
-msgstr ""
621 
-
622 
-#: clamav-milter.c:2883
623 
-msgid "You have not said who the email is from"
624 
-msgstr ""
625 
-
626 
-#: clamav-milter.c:2884
627 
-msgid "Reject email with empty from field"
628 
-msgstr ""
629 
-
630 
-#: clamav-milter.c:2902
631 
-msgid "AV system temporarily overloaded - please try later"
632 
-msgstr ""
633 
-
634 
-#: clamav-milter.c:2994
635 
-msgid "Suspicious recipient address blocked"
636 
-msgstr ""
637 
-
638 
-#: clamav-milter.c:2998
639 
-#, c-format
640 
-msgid "Will blacklist %s for %d seconds because of cracking attempt\n"
641 
-msgstr ""
642 
-
643 
-#: clamav-milter.c:3108
644 
-msgid "*clamfi_eoh\n"
645 
-msgstr ""
646 
-
647 
-#: clamav-milter.c:3133
648 
-msgid "clamfi_eoh: gethostname failed"
649 
-msgstr ""
650 
-
651 
-#: clamav-milter.c:3139
652 
-#, c-format
653 
-msgid "Rejected email falsely claiming to be from %s"
654 
-msgstr ""
655 
-
656 
-#: clamav-milter.c:3140
657 
-msgid "You have claimed to be from me, but you are not"
658 
-msgstr ""
659 
-
660 
-#: clamav-milter.c:3187
661 
-msgid "*clamfi_enveoh: ignoring whitelisted message"
662 
-msgstr ""
663 
-
664 
-#: clamav-milter.c:3199
665 
-#, c-format
666 
-msgid "*clamfi_envbody: %lu bytes"
667 
-msgstr ""
668 
-
669 
-#: clamav-milter.c:3256
670 
-#, c-format
671 
-msgid "%s: Message more than StreamMaxLength (%ld) bytes - not scanned\n"
672 
-msgstr ""
673 
-
674 
-#: clamav-milter.c:3259 clamav-milter.c:3585
675 
-msgid "Not Scanned - StreamMaxLength exceeded"
676 
-msgstr ""
677 
-
678 
-#: clamav-milter.c:3322
679 
-#, c-format
680 
-msgid "^Failed to delete X-Virus-Status header %d\n"
681 
-msgstr ""
682 
-
683 
-#: clamav-milter.c:3377
684 
-#, c-format
685 
-msgid "failed to send SCAN %s command to clamd\n"
686 
-msgstr ""
687 
-
688 
-#: clamav-milter.c:3398
689 
-msgid "failed to send SCAN command to clamd\n"
690 
-msgstr ""
691 
-
692 
-#: clamav-milter.c:3415
693 
-#, c-format
694 
-msgid "Waiting to read status from fd %d\n"
695 
-msgstr ""
696 
-
697 
-#: clamav-milter.c:3427
698 
-#, c-format
699 
-msgid "*clamfi_eom: read %s\n"
700 
-msgstr ""
701 
-
702 
-#: clamav-milter.c:3445
703 
-#, c-format
704 
-msgid "clamfi_eom: read nothing from clamd on %s\n"
705 
-msgstr ""
706 
-
707 
-#: clamav-milter.c:3490 clamav-milter.c:3537
708 
-msgid "Error determining host"
709 
-msgstr ""
710 
-
711 
-#: clamav-milter.c:3551
712 
-#, c-format
713 
-msgid "%s: Ignoring %s false positive from %s received from %s\n"
714 
-msgstr ""
715 
-
716 
-#: clamav-milter.c:3567
717 
-#, c-format
718 
-msgid "#Reported phishing false positive to %s"
719 
-msgstr ""
720 
-
721 
-#: clamav-milter.c:3569
722 
-#, c-format
723 
-msgid "^Couldn't report false positive to %s\n"
724 
-msgstr ""
725 
-
726 
-#: clamav-milter.c:3571
727 
-msgid "^Can't set phish FP header\n"
728 
-msgstr ""
729 
-
730 
-#: clamav-milter.c:3582
731 
-#, c-format
732 
-msgid "%s: Message more than StreamMaxLength (%ld) bytes - not scanned"
733 
-msgstr ""
734 
-
735 
-#: clamav-milter.c:3590
736 
-msgid "Not Scanned"
737 
-msgstr ""
738 
-
739 
-#: clamav-milter.c:3618
740 
-msgid "Infected with"
741 
-msgstr ""
742 
-
743 
-#: clamav-milter.c:3640
744 
-#, c-format
745 
-msgid "Intercepted virus from %s to"
746 
-msgstr ""
747 
-
748 
-#: clamav-milter.c:3732
749 
-msgid "Subject: Virus intercepted\n"
750 
-msgstr ""
751 
-
752 
-#: clamav-milter.c:3747
753 
-#, c-format
754 
-msgid "!Can't open e-mail template header file %s"
755 
-msgstr ""
756 
-
757 
-#: clamav-milter.c:3762 clamav-milter.c:3766
758 
-msgid "\n"
759 
-msgstr ""
760 
-
761 
-#: clamav-milter.c:3775
762 
-msgid "A message you sent to\n"
763 
-msgstr ""
764 
-
765 
-#: clamav-milter.c:3785
766 
-#, c-format
767 
-msgid "The message %1$s sent from %2$s to\n"
768 
-msgstr ""
769 
-
770 
-#: clamav-milter.c:3788
771 
-#, c-format
772 
-msgid "A message sent from %s to\n"
773 
-msgstr ""
774 
-
775 
-#: clamav-milter.c:3793
776 
-#, c-format
777 
-msgid "contained %s and has not been accepted for delivery.\n"
778 
-msgstr ""
779 
-
780 
-#: clamav-milter.c:3796
781 
-#, c-format
782 
-msgid ""
783 
-"\n"
784 
-"The message in question has been quarantined as %s\n"
785 
-msgstr ""
786 
-
787 
-#: clamav-milter.c:3799
788 
-#, c-format
789 
-msgid ""
790 
-"\n"
791 
-"The message was received by %1$s from %2$s via %3$s\n"
792 
-"\n"
793 
-msgstr ""
794 
-
795 
-#: clamav-milter.c:3802
796 
-msgid ""
797 
-"For your information, the original message headers were:\n"
798 
-"\n"
799 
-msgstr ""
800 
-
801 
-#: clamav-milter.c:3815
802 
-#, c-format
803 
-msgid ""
804 
-"\n"
805 
-"The infected machine is likely to be here:\n"
806 
-"%s\t\n"
807 
-msgstr ""
808 
-
809 
-#: clamav-milter.c:3822
810 
-#, c-format
811 
-msgid "%s: Failed to notify clamAV interception - see dead.letter\n"
812 
-msgstr ""
813 
-
814 
-#: clamav-milter.c:3824
815 
-#, c-format
816 
-msgid "^Can't execute '%s' to send virus notice"
817 
-msgstr ""
818 
-
819 
-#: clamav-milter.c:3846
820 
-#, c-format
821 
-msgid "#Reported phishing to %s"
822 
-msgstr ""
823 
-
824 
-#: clamav-milter.c:3848
825 
-#, c-format
826 
-msgid "^Couldn't report to %s\n"
827 
-msgstr ""
828 
-
829 
-#: clamav-milter.c:3854
830 
-msgid "^Can't set anti-phish header\n"
831 
-msgstr ""
832 
-
833 
-#: clamav-milter.c:3872
834 
-#, c-format
835 
-msgid "^Can't set quarantine user %s"
836 
-msgstr ""
837 
-
838 
-#: clamav-milter.c:3906
839 
-#, c-format
840 
-msgid "virus %s detected by ClamAV - http://www.clamav.net"
841 
-msgstr ""
842 
-
843 
-#: clamav-milter.c:3911
844 
-#, c-format
845 
-msgid "Will blacklist %s for %d seconds because of %s\n"
846 
-msgstr ""
847 
-
848 
-#: clamav-milter.c:3920
849 
-msgid "Unknown"
850 
-msgstr ""
851 
-
852 
-#: clamav-milter.c:3921
853 
-#, c-format
854 
-msgid "!%s: incorrect message \"%s\" from clamd"
855 
-msgstr ""
856 
-
857 
-#: clamav-milter.c:3926
858 
-msgid "Clean"
859 
-msgstr ""
860 
-
861 
-#: clamav-milter.c:3930
862 
-#, c-format
863 
-msgid "%s: clean message from %s\n"
864 
-msgstr ""
865 
-
866 
-#: clamav-milter.c:3932
867 
-msgid "an unknown sender"
868 
-msgstr ""
869 
-
870 
-#: clamav-milter.c:4020
871 
-#, c-format
872 
-msgid "!Can't remove clean file %s"
873 
-msgstr ""
874 
-
875 
-#: clamav-milter.c:4193 clamav-milter.c:4197
876 
-#, c-format
877 
-msgid "!write failure (%lu bytes) to %s: %s\n"
878 
-msgstr ""
879 
-
880 
-#: clamav-milter.c:4209 clamav-milter.c:4213
881 
-#, c-format
882 
-msgid "!write failure (%lu bytes) to clamd: %s\n"
883 
-msgstr ""
884 
-
885 
-#: clamav-milter.c:4290
886 
-#, c-format
887 
-msgid "!No data received from clamd in %d seconds\n"
888 
-msgstr ""
889 
-
890 
-#: clamav-milter.c:4318
891 
-#, c-format
892 
-msgid "Can't stat %s"
893 
-msgstr ""
894 
-
895 
-#: clamav-milter.c:4328
896 
-#, c-format
897 
-msgid "Can't open %s"
898 
-msgstr ""
899 
-
900 
-#: clamav-milter.c:4447
901 
-#, c-format
902 
-msgid "mkdir %s failed"
903 
-msgstr ""
904 
-
905 
-#: clamav-milter.c:4461
906 
-#, c-format
907 
-msgid "mktemp %s failed"
908 
-msgstr ""
909 
-
910 
-#: clamav-milter.c:4470
911 
-#, c-format
912 
-msgid "Temporary quarantine file %s creation failed"
913 
-msgstr ""
914 
-
915 
-#: clamav-milter.c:4581
916 
-#, c-format
917 
-msgid "!failed to send STREAM command clamd server %d"
918 
-msgstr ""
919 
-
920 
-#: clamav-milter.c:4589
921 
-msgid "!failed to send STREAM command clamd"
922 
-msgstr ""
923 
-
924 
-#: clamav-milter.c:4600
925 
-msgid "!failed to create TCPSocket to talk to clamd"
926 
-msgstr ""
927 
-
928 
-#: clamav-milter.c:4611 clamav-milter.c:4624
929 
-msgid "!recv failed from clamd getting PORT"
930 
-msgstr ""
931 
-
932 
-#: clamav-milter.c:4613 clamav-milter.c:4626
933 
-msgid "!EOF from clamd getting PORT"
934 
-msgstr ""
935 
-
936 
-#: clamav-milter.c:4637
937 
-#, c-format
938 
-msgid "!Expected port information from clamd, got '%s'"
939 
-msgstr ""
940 
-
941 
-#: clamav-milter.c:4657 clamav-milter.c:4660
942 
-#, c-format
943 
-msgid "Connecting to local port %d - data %d cmd %d\n"
944 
-msgstr ""
945 
-
946 
-#: clamav-milter.c:4673 clamav-milter.c:4676
947 
-#, c-format
948 
-msgid "!Failed to connect to port %d given by clamd: %s"
949 
-msgstr ""
950 
-
951 
-#: clamav-milter.c:4785
952 
-#, c-format
953 
-msgid "!Can't open %s\n"
954 
-msgstr ""
955 
-
956 
-#: clamav-milter.c:4799
957 
-#, c-format
958 
-msgid "!Clamd (pid %d) seems to have died\n"
959 
-msgstr ""
960 
-
961 
-#: clamav-milter.c:4825
962 
-#, c-format
963 
-msgid "!Can't open e-mail template file %s"
964 
-msgstr ""
965 
-
966 
-#: clamav-milter.c:4832
967 
-#, c-format
968 
-msgid "!Can't stat e-mail template file %s"
969 
-msgstr ""
970 
-
971 
-#: clamav-milter.c:4839
972 
-msgid "!Out of memory"
973 
-msgstr ""
974 
-
975 
-#: clamav-milter.c:4844
976 
-#, c-format
977 
-msgid "!Error reading e-mail template file %s"
978 
-msgstr ""
979 
-
980 
-#: clamav-milter.c:4872
981 
-#, c-format
982 
-msgid "!%s: Unknown clamAV variable \"%c\"\n"
983 
-msgstr ""
984 
-
985 
-#: clamav-milter.c:4882
986 
-#, c-format
987 
-msgid "!%s: Unterminated sendmail variable \"%s\"\n"
988 
-msgstr ""
989 
-
990 
-#: clamav-milter.c:4891
991 
-#, c-format
992 
-msgid "!%s: Unknown sendmail variable \"%s\"\n"
993 
-msgstr ""
994 
-
995 
-#: clamav-milter.c:4957
996 
-#, c-format
997 
-msgid "!mkdir %s failed\n"
998 
-msgstr ""
999 
-
1000 
-#: clamav-milter.c:4982
1001 
-#, c-format
1002 
-msgid "^Can't rename %1$s to %2$s\n"
1003 
-msgstr ""
1004 
-
1005 
-#: clamav-milter.c:4990
1006 
-#, c-format
1007 
-msgid "Email quarantined as %s\n"
1008 
-msgstr ""
1009 
-
1010 
-#: clamav-milter.c:5098
1011 
-#, c-format
1012 
-msgid "[Virus] %s"
1013 
-msgstr ""
1014 
-
1015 
-#: clamav-milter.c:5307
1016 
-msgid ""
1017 
-"!No response from any clamd server - your AV system is not scanning emails\n"
1018 
-msgstr ""
1019 
-
1020 
-#: clamav-milter.c:5325
1021 
-msgid "Subject: ClamAV Down\n"
1022 
-msgstr ""
1023 
-
1024 
-#: clamav-milter.c:5328
1025 
-msgid ""
1026 
-"This is an automatic message\n"
1027 
-"\n"
1028 
-msgstr ""
1029 
-
1030 
-#: clamav-milter.c:5331
1031 
-msgid "The clamd program cannot be contacted.\n"
1032 
-msgstr ""
1033 
-
1034 
-#: clamav-milter.c:5333
1035 
-msgid "No clamd server can be contacted.\n"
1036 
-msgstr ""
1037 
-
1038 
-#: clamav-milter.c:5335
1039 
-msgid "Emails may not be being scanned, please check your servers.\n"
1040 
-msgstr ""
1041 
-
1042 
-#: clamav-milter.c:5396 clamav-milter.c:5542
1043 
-msgid "!No emails will be scanned"
1044 
-msgstr ""
1045 
-
1046 
-#: clamav-milter.c:5606
1047 
-#, c-format
1048 
-msgid "Stopping %s\n"
1049 
-msgstr ""
1050 
-
1051 
-#: clamav-milter.c:5654
1052 
-msgid "Stopping clamav-milter"
1053 
-msgstr ""
1054 
-
1055 
-#: clamav-milter.c:5802
1056 
-#, c-format
1057 
-msgid "Loaded %s\n"
1058 
-msgstr ""
1059 
-
1060 
-#: clamav-milter.c:5806
1061 
-#, c-format
1062 
-msgid "ClamAV: Protecting against %u viruses\n"
1063 
-msgstr ""
1064 
-
1065 
-#: clamav-milter.c:5954
1066 
-#, c-format
1067 
-msgid "!Can't open whitelist file %s"
1068 
-msgstr ""
1069 
-
1070 
-#: clamav-milter.c:5961
1071 
-msgid "!Can't create whitelist table"
1072 
-msgstr ""
1073 
-
1074 
-#: clamav-milter.c:6049
1075 
-msgid "!Can't create blacklist table"
1076 
-msgstr ""
1077 
-
1078 
-#: clamav-milter.c:6472
1079 
-msgid "^MX peers will not be immune from being blacklisted"
1080 
-msgstr ""
1081 
-
1082 
-#: clamav-milter.c:6498
1083 
-msgid "!Can't create pipe\n"
1084 
-msgstr ""
1085 
-
1086 
-#: clamav-milter.c:6519
1087 
-msgid "!Can't fork\n"
1088 
-msgstr ""
1089 
-
1090 
-#: clamav-milter.c:6567
1091 
-#, c-format
1092 
-msgid "^Can't execute '%s' to expand '%s' (error %d)\n"
1093 
-msgstr ""
1094 
-
1095 
-#: clamav-milter.c:6625
1096 
-#, c-format
1097 
-msgid "hit max-children limit (%u >= %u)\n"
1098 
-msgstr ""
1099 
-
1100 
-#: clamav-milter.c:6626
1101 
-#, c-format
1102 
-msgid "hit max-children limit (%u >= %u): waiting for some to exit\n"
1103 
-msgstr ""
1104 
-
1105 
-#: clamav-milter.c:6648
1106 
-#, c-format
1107 
-msgid "n_children %d: waiting %d seconds for some to exit\n"
1108 
-msgstr ""
1109 
-
1110 
-#: clamav-milter.c:6661
1111 
-#, c-format
1112 
-msgid "Finished waiting, n_children = %d\n"
1113 
-msgstr ""
1114 
-
1115 
-#: clamav-milter.c:6669
1116 
-msgid "*Timeout waiting for a child to die\n"
1117 
-msgstr ""
1118 
-
1119 
-#: clamav-milter.c:6703
1120 
-#, c-format
1121 
-msgid "Won't blacklist %s\n"
1122 
-msgstr ""
clamav-milter/clamav-milter.ref.c
History View file @ 87620de
1123 1 
deleted file mode 100644
... ... 
@@ -1,6951 +0,0 @@
1 
-/*
2 
- * clamav-milter.c
3 
- *	.../clamav-milter/clamav-milter.c
4 
- *
5 
- *  Copyright (C) 2003-2007 Nigel Horne <njh@bandsman.co.uk>
6 
- *
7 
- *  This program is free software; you can redistribute it and/or modify
8 
- *  it under the terms of the GNU General Public License as published by
9 
- *  the Free Software Foundation; either version 2 of the License, or
10 
- *  (at your option) any later version.
11 
- *
12 
- *  This program is distributed in the hope that it will be useful,
13 
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
- *  GNU General Public License for more details.
16 
- *
17 
- *  You should have received a copy of the GNU General Public License
18 
- *  along with this program; if not, write to the Free Software
19 
- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
20 
- *  MA 02110-1301, USA.
21 
- *
22 
- * Install into /usr/local/sbin/clamav-milter
23 
- * See http://www.elandsys.com/resources/sendmail/libmilter/overview.html
24 
- *
25 
- * For installation instructions see the file INSTALL that came with this file
26 
- *
27 
- * NOTE: first character of strings to logg():
28 
- *	! Error
29 
- *	^ Warning
30 
- *	* Verbose
31 
- *	# Info, but not logged in foreground
32 
- *	Default Info
33 
- */
34 
-static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.312 2007/02/12 22:24:21 njh Exp $";
35 
-
36 
-#if HAVE_CONFIG_H
37 
-#include "clamav-config.h"
38 
-#endif
39 
-
40 
-#include "cfgparser.h"
41 
-#include "target.h"
42 
-#include "str.h"
43 
-#include "../libclamav/others.h"
44 
-#include "output.h"
45 
-#include "clamav.h"
46 
-#include "table.h"
47 
-#include "network.h"
48 
-#include "misc.h"
49 
-
50 
-#include <stdio.h>
51 
-#include <sysexits.h>
52 
-#ifdef	HAVE_SYS_STAT_H
53 
-#include <sys/stat.h>
54 
-#endif
55 
-#if	HAVE_STDLIB_H
56 
-#include <stdlib.h>
57 
-#endif
58 
-#if	HAVE_MEMORY_H
59 
-#include <memory.h>
60 
-#endif
61 
-#if	HAVE_STRING_H
62 
-#include <string.h>
63 
-#endif
64 
-#ifdef HAVE_STRINGS_H
65 
-#include <strings.h>
66 
-#endif
67 
-#include <sys/wait.h>
68 
-#include <assert.h>
69 
-#include <sys/socket.h>
70 
-#include <netinet/in.h>
71 
-#include <net/if.h>
72 
-#include <arpa/inet.h>
73 
-#include <sys/un.h>
74 
-#include <stdarg.h>
75 
-#include <errno.h>
76 
-#if	HAVE_LIBMILTER_MFAPI_H
77 
-#include <libmilter/mfapi.h>
78 
-#endif
79 
-#include <pthread.h>
80 
-#include <sys/time.h>
81 
-#include <sys/resource.h>
82 
-#include <signal.h>
83 
-#include <fcntl.h>
84 
-#include <pwd.h>
85 
-#include <grp.h>
86 
-#if	HAVE_SYS_PARAM_H
87 
-#include <sys/param.h>
88 
-#endif
89 
-#if	HAVE_RESOLV_H
90 
-#include <arpa/nameser.h>	/* for HEADER */
91 
-#include <resolv.h>
92 
-#endif
93 
-#ifdef	HAVE_UNISTD_H
94 
-#include <unistd.h>
95 
-#endif
96 
-#include <ctype.h>
97 
-
98 
-#if HAVE_MMAP
99 
-#if HAVE_SYS_MMAN_H
100 
-#include <sys/mman.h>
101 
-#else /* HAVE_SYS_MMAN_H */
102 
-#undef HAVE_MMAP
103 
-#endif
104 
-#endif
105 
-
106 
-#define NONBLOCK_SELECT_MAX_FAILURES	3
107 
-#define NONBLOCK_MAX_ATTEMPTS	10
108 
-#define	CONNECT_TIMEOUT	5	/* Allow 5 seconds to connect */
109 
-
110 
-#ifdef	C_LINUX
111 
-#include <sys/sendfile.h>	/* FIXME: use sendfile on BSD not Linux */
112 
-#include <libintl.h>
113 
-#include <locale.h>
114 
-
115 
-#define	gettext_noop(s)	s
116 
-#define	_(s)	gettext(s)
117 
-#define	N_(s)	gettext_noop(s)
118 
-
119 
-#else
120 
-
121 
-#define	_(s)	s
122 
-#define	N_(s)	s
123 
-
124 
-#endif
125 
-
126 
-#ifdef	USE_SYSLOG
127 
-#include <syslog.h>
128 
-#endif
129 
-
130 
-#ifdef	WITH_TCPWRAP
131 
-#if	HAVE_TCPD_H
132 
-#include <tcpd.h>
133 
-#endif
134 
-
135 
-int	allow_severity = LOG_DEBUG;
136 
-int	deny_severity = LOG_NOTICE;
137 
-#endif
138 
-
139 
-#ifdef	CL_DEBUG
140 
-static	char	console[] = "/dev/console";
141 
-#endif
142 
-
143 
-#if defined(CL_DEBUG) && defined(C_LINUX)
144 
-#include <sys/resource.h>
145 
-#endif
146 
-
147 
-#define _GNU_SOURCE
148 
-#include <getopt.h>
149 
-
150 
-#ifndef	SENDMAIL_BIN
151 
-#define	SENDMAIL_BIN	"/usr/lib/sendmail"
152 
-#endif
153 
-
154 
-#ifndef HAVE_IN_PORT_T
155 
-typedef	unsigned short	in_port_t;
156 
-#endif
157 
-
158 
-#ifndef	HAVE_IN_ADDR_T
159 
-typedef	unsigned int	in_addr_t;
160 
-#endif
161 
-
162 
-#ifndef	INET6_ADDRSTRLEN
163 
-#ifdef	AF_INET6
164 
-#define	INET6_ADDRSTRLEN	40
165 
-#else
166 
-#define	INET6_ADDRSTRLEN	16
167 
-#endif
168 
-#endif
169 
-
170 
-#ifndef	EX_CONFIG	/* HP-UX */
171 
-#define	EX_CONFIG	78
172 
-#endif
173 
-
174 
-#define	VERSION_LENGTH	128
175 
-#define	DEFAULT_TIMEOUT	120
176 
-
177 
-#define	NTRIES	5	/* How many times we try to connect to a clamd */
178 
-
179 
-/*#define	SESSION*/
180 
-		/* Keep one command connexion open to clamd, otherwise a new
181 
-		 * command connexion is created for each new email
182 
-		 *
183 
-		 * FIXME: When SESSIONS are open, freshclam can hang when
184 
-		 *	notfying clamd of an update. This is most likely to be a
185 
-		 *	problem with the implementation of SESSIONS on clamd.
186 
-		 *	The problem seems worst on BSD.
187 
-		 *
188 
-		 * Note that clamd is buggy and can hang or even crash if you
189 
-		 *	send SESSION command so be aware
190 
-		 */
191 
-
192 
-/*
193 
- * TODO: optional: xmessage on console when virus stopped (SNMP would be real nice!)
194 
- *	Having said that, with LogSysLog you can (on Linux) configure the system
195 
- *	to get messages on the system console, see syslog.conf(5), also you
196 
- *	can use wall(1) in the VirusEvent entry in clamd.conf
197 
- * TODO: Decide action (bounce, discard, reject etc.) based on the virus
198 
- *	found. Those with faked addresses, such as SCO.A want discarding,
199 
- *	others could be bounced properly.
200 
- * TODO: Encrypt mails sent to clamd to stop sniffers. Sending by UNIX domain
201 
- *	sockets is better
202 
- * TODO: Load balancing, allow local machine to talk via UNIX domain socket.
203 
- * TODO: allow each To: line in the whitelist file to specify a quarantine email
204 
- *	address
205 
- * TODO: optionally use zlib to compress data sent to remote hosts
206 
- * TODO: Finish IPv6 support (serverIPs array and SPF are IPv4 only)
207 
- * TODO: Check domainkeys as well as SPF for phish false positives
208 
- */
209 
-
210 
-struct header_node_t {
211 
-	char	*header;
212 
-	struct	header_node_t *next;
213 
-};
214 
-
215 
-struct header_list_struct {
216 
-	struct	header_node_t *first;
217 
-	struct	header_node_t *last;
218 
-};
219 
-
220 
-typedef struct header_list_struct *header_list_t;
221 
-
222 
-/*
223 
- * Local addresses are those not scanned if --local is not set
224 
- * 127.0.0.0 is not in this table since that's goverend by --outgoing
225 
- * Andy Fiddaman <clam@fiddaman.net> added 169.254.0.0/16
226 
- *	(Microsoft default DHCP)
227 
- * TODO: compare this with RFC1918/RFC3330
228 
- */
229 
-#define PACKADDR(a, b, c, d) (((uint32_t)(a) << 24) | ((b) << 16) | ((c) << 8) | (d))
230 
-#define MAKEMASK(bits)	((uint32_t)(0xffffffff << (32 - bits)))
231 
-
232 
-static struct cidr_net {	/* don't make this const because of -I flag */
233 
-	uint32_t	base;
234 
-	uint32_t	mask;
235 
-} localNets[] = {
236 
-	/*{ PACKADDR(127,   0,   0,   0), MAKEMASK(8) },	*   127.0.0.0/8 */
237 
-	{ PACKADDR(192, 168,   0,   0), MAKEMASK(16) },	/* 192.168.0.0/16 - RFC3330 */
238 
-	/*{ PACKADDR(192, 18,   0,   0), MAKEMASK(15) },	* 192.18.0.0/15 - RFC2544 */
239 
-	/*{ PACKADDR(192, 0,   2,   0), MAKEMASK(24) },	* 192.0.2.0/24 - RFC3330 */
240 
-	{ PACKADDR( 10,   0,   0,   0), MAKEMASK(8) },	/*    10.0.0.0/8 */
241 
-	{ PACKADDR(172,  16,   0,   0), MAKEMASK(12) },	/*  172.16.0.0/12 */
242 
-	{ PACKADDR(169, 254,   0,   0), MAKEMASK(16) },	/* 169.254.0.0/16 */
243 
-	{ 0, 0 },	/* space to put eight more via -I addr */
244 
-	{ 0, 0 },
245 
-	{ 0, 0 },
246 
-	{ 0, 0 },
247 
-	{ 0, 0 },
248 
-	{ 0, 0 },
249 
-	{ 0, 0 },
250 
-	{ 0, 0 },
251 
-	{ 0, 0 }
252 
-};
253 
-#define IFLAG_MAX 8
254 
-
255 
-#ifdef	AF_INET6
256 
-typedef struct cidr_net6 {
257 
-	struct in6_addr	base;
258 
-	int preflen;
259 
-} cidr_net6;
260 
-static	cidr_net6	localNets6[IFLAG_MAX];
261 
-static	int	localNets6_cnt;
262 
-#endif
263 
-
264 
-/*
265 
- * Each libmilter thread has one of these
266 
- */
267 
-struct	privdata {
268 
-	char	*from;	/* Who sent the message */
269 
-	char	*subject;	/* Original subject */
270 
-	char	*sender;	/* Secretary - often used in mailing lists */
271 
-	char	**to;	/* Who is the message going to */
272 
-	char	ip[INET6_ADDRSTRLEN];	/* IP address of the other end */
273 
-	int	numTo;	/* Number of people the message is going to */
274 
-#ifndef	SESSION
275 
-	int	cmdSocket;	/*
276 
-				 * Socket to send/get commands e.g. PORT for
277 
-				 * dataSocket
278 
-				 */
279 
-#endif
280 
-	int	dataSocket;	/* Socket to send data to clamd */
281 
-	char	*filename;	/* Where to store the message in quarantine */
282 
-	u_char	*body;		/* body of the message if Sflag is set */
283 
-	size_t	bodyLen;	/* number of bytes in body */
284 
-	header_list_t headers;	/* Message headers */
285 
-	long	numBytes;	/* Number of bytes sent so far */
286 
-	char	*received;	/* keep track of received from */
287 
-	const	char	*rejectCode;	/* 550 or 554? */
288 
-	unsigned	int	discard:1;	/*
289 
-				 * looks like the remote end is playing ping
290 
-				 * pong with us
291 
-				 */
292 
-#ifdef	HAVE_RESOLV_H
293 
-	unsigned	int	spf_ok:1;
294 
-#endif
295 
-	int	statusCount;	/* number of X-Virus-Status headers */
296 
-	int	serverNumber;	/* Index into serverIPs */
297 
-};
298 
-
299 
-#ifdef	SESSION
300 
-static	int		createSession(unsigned int s);
301 
-#else
302 
-static	int		pingServer(int serverNumber);
303 
-static	void		*try_server(void *var);
304 
-static	int		active_servers(int *active);
305 
-struct	try_server_struct {
306 
-	int	sock;
307 
-	int	rc;
308 
-	struct	sockaddr_in *server;
309 
-	int	server_index;
310 
-};
311 
-#endif
312 
-static	int		findServer(void);
313 
-static	sfsistat	clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
314 
-#ifdef	CL_DEBUG
315 
-static	sfsistat	clamfi_helo(SMFICTX *ctx, char *helostring);
316 
-#endif
317 
-static	sfsistat	clamfi_envfrom(SMFICTX *ctx, char **argv);
318 
-static	sfsistat	clamfi_envrcpt(SMFICTX *ctx, char **argv);
319 
-static	sfsistat	clamfi_header(SMFICTX *ctx, char *headerf, char *headerv);
320 
-static	sfsistat	clamfi_eoh(SMFICTX *ctx);
321 
-static	sfsistat	clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len);
322 
-static	sfsistat	clamfi_eom(SMFICTX *ctx);
323 
-static	sfsistat	clamfi_abort(SMFICTX *ctx);
324 
-static	sfsistat	clamfi_close(SMFICTX *ctx);
325 
-static	void		clamfi_cleanup(SMFICTX *ctx);
326 
-static	void		clamfi_free(struct privdata *privdata, int keep);
327 
-#ifdef __GNUC__
328 
-static	int		clamfi_send(struct privdata *privdata, size_t len, const char *format, ...) __attribute__((format(printf, 3,4)));
329 
-#else
330 
-static	int		clamfi_send(struct privdata *privdata, size_t len, const char *format, ...);
331 
-#endif
332 
-static	long		clamd_recv(int sock, char *buf, size_t len);
333 
-static	off_t		updateSigFile(void);
334 
-static	header_list_t	header_list_new(void);
335 
-static	void	header_list_free(header_list_t list);
336 
-static	void	header_list_add(header_list_t list, const char *headerf, const char *headerv);
337 
-static	void	header_list_print(header_list_t list, FILE *fp);
338 
-static	int	connect2clamd(struct privdata *privdata);
339 
-static	int	sendToFrom(struct privdata *privdata);
340 
-static	int	checkClamd(int log_result);
341 
-static	int	sendtemplate(SMFICTX *ctx, const char *filename, FILE *sendmail, const char *virusname);
342 
-static	int	qfile(struct privdata *privdata, const char *sendmailId, const char *virusname);
343 
-static	int	move(const char *oldfile, const char *newfile);
344 
-static	void	setsubject(SMFICTX *ctx, const char *virusname);
345 
-/*static	int	clamfi_gethostbyname(const char *hostname, struct hostent *hp, char *buf, size_t len);*/
346 
-static	int	add_local_ip(char *address);
347 
-static	int	isLocalAddr(in_addr_t addr);
348 
-static	int	isLocal(const char *addr);
349 
-static	void	clamdIsDown(void);
350 
-static	void	*watchdog(void *a);
351 
-static	int	check_and_reload_database(void);
352 
-static	void	timeoutBlacklist(char *ip_address, int time_of_blacklist, void *v);
353 
-static	void	quit(void);
354 
-static	void	broadcast(const char *mess);
355 
-static	int	loadDatabase(void);
356 
-static	int	increment_connexions(void);
357 
-static	void	decrement_connexions(void);
358 
-static	void	dump_blacklist(char *key, int value, void *v);
359 
-static	int	nonblock_connect(int sock, const struct sockaddr_in *sin, const char *hostname);
360 
-static	int	connect_error(int sock, const char *hostname);
361 
-
362 
-#ifdef	SESSION
363 
-static	pthread_mutex_t	version_mutex = PTHREAD_MUTEX_INITIALIZER;
364 
-static	char	**clamav_versions;	/* max_children elements in the array */
365 
-#define	clamav_version	(clamav_versions[0])
366 
-#else
367 
-static	char	clamav_version[VERSION_LENGTH + 1];
368 
-#endif
369 
-static	int	fflag = 0;	/* force a scan, whatever */
370 
-static	int	oflag = 0;	/* scan messages from our machine? */
371 
-static	int	lflag = 0;	/* scan messages from our site? */
372 
-static	int	Iflag = 0;	/* Added an IP addr to localNets? */
373 
-static	const	char	*progname;	/* our name - usually clamav-milter */
374 
-
375 
-/* Variables for --external */
376 
-static	int	external = 0;	/* scan messages ourself or use clamd? */
377 
-static	pthread_mutex_t	engine_mutex = PTHREAD_MUTEX_INITIALIZER;
378 
-struct  cl_engine *engine = NULL;
379 
-uint64_t maxscansize;
380 
-uint64_t maxfilesize;
381 
-uint32_t maxreclevel;
382 
-uint32_t maxfiles;
383 
-
384 
-static	struct	cl_stat	dbstat;
385 
-static	int	options = CL_SCAN_STDOPT;
386 
-
387 
-#ifdef	BOUNCE
388 
-static	int	bflag = 0;	/*
389 
-				 * send a failure (bounce) message to the
390 
-				 * sender. This probably isn't a good idea
391 
-				 * since most reply addresses will be fake
392 
-				 *
393 
-				 * TODO: Perhaps we can have an option to
394 
-				 * bounce outgoing mail, but not incoming?
395 
-				 */
396 
-#endif
397 
-static	const	char	*iface;	/*
398 
-				 * Broadcast a message when a virus is found,
399 
-				 * this allows remote network management
400 
-				 */
401 
-static	int	broadcastSock = -1;
402 
-static	int	pflag = 0;	/*
403 
-				 * Send a warning to the postmaster only,
404 
-				 * this means user's won't be told when someone
405 
-				 * sent them a virus
406 
-				 */
407 
-static	int	qflag = 0;	/*
408 
-				 * Send no warnings when a virus is found,
409 
-				 * this means that the only log of viruses
410 
-				 * found is the syslog, so it's best to
411 
-				 * enable LogSyslog in clamd.conf
412 
-				 */
413 
-static	int	Sflag = 0;	/*
414 
-				 * Add a signature to each message that
415 
-				 * has been scanned
416 
-				 */
417 
-static	const	char	*sigFilename;	/*
418 
-				 * File where the scanned message signature
419 
-				 * can be found
420 
-				 */
421 
-static	char	*quarantine;	/*
422 
-				 * If a virus is found in an email redirect
423 
-				 * it to this account
424 
-				 */
425 
-static	char	*quarantine_dir; /*
426 
-				 * Path to store messages before scanning.
427 
-				 * Infected ones will be left there.
428 
-				 */
429 
-static	int	nflag = 0;	/*
430 
-				 * Don't add X-Virus-Scanned to header. Patch
431 
-				 * from Dirk Meyer <dirk.meyer@dinoex.sub.org>
432 
-				 */
433 
-static	int	rejectmail = 1;	/*
434 
-				 * Send a 550 rejection when a virus is
435 
-				 * found
436 
-				 */
437 
-static	int	hflag = 0;	/*
438 
-				 * Include original message headers in
439 
-				 * report
440 
-				 */
441 
-static	int	cl_error = SMFIS_TEMPFAIL; /*
442 
-				 * If an error occurs, return
443 
-				 * this status. Allows messages
444 
-				 * to be passed through
445 
-				 * unscanned in the event of
446 
-				 * an error. Patch from
447 
-				 * Joe Talbott <josepht@cstone.net>
448 
-				 */
449 
-static	int	readTimeout = DEFAULT_TIMEOUT; /*
450 
-				 * number of seconds to wait for clamd to
451 
-				 * respond, see ReadTimeout in clamd.conf
452 
-				 */
453 
-static	long	streamMaxLength = 10*1024*1024;	/* StreamMaxLength from clamd.conf */
454 
-static	int	logok = 0;	/*
455 
-				 * Add clean items to the log file
456 
-				 */
457 
-static	const char	*signature = N_("-- \nScanned by ClamAv - http://www.clamav.net\n");
458 
-static	time_t	signatureStamp;
459 
-static	char	*templateFile;	/* e-mail to be sent when virus detected */
460 
-static	char	*templateHeaders;	/* headers to be added to the above */
461 
-static	const char	*tmpdir;
462 
-
463 
-#ifdef	CL_DEBUG
464 
-static	int	debug_level = 0;
465 
-#endif
466 
-
467 
-static	pthread_mutex_t	n_children_mutex = PTHREAD_MUTEX_INITIALIZER;
468 
-static	pthread_cond_t	n_children_cond = PTHREAD_COND_INITIALIZER;
469 
-static	int	n_children = 0;
470 
-static	int	max_children = 0;
471 
-static	unsigned	int	freshclam_monitor = 10;	/*
472 
-							 * how often, in
473 
-							 * seconds, to scan for
474 
-							 * database updates
475 
-							 */
476 
-static	int	child_timeout = 300;	/* number of seconds to wait for
477 
-					 * a child to die. Set to 0 to
478 
-					 * wait forever
479 
-					 */
480 
-static	int	dont_wait = 0;	/*
481 
-				 * If 1 send retry later to the remote end
482 
-				 * if max_chilren is exceeded, otherwise we
483 
-				 * wait for the number to go down
484 
-				 */
485 
-static	int	dont_sanitise = 0; /*
486 
-				 * Don't check for ";" and "|" chars in
487 
-				 * email addresses.
488 
-				 */
489 
-static	int	advisory = 0;	/*
490 
-				 * Run clamav-milter in advisory mode - viruses
491 
-				 * are flagged rather than deleted. Incompatible
492 
-				 * with quarantine options
493 
-				 */
494 
-static	int	detect_forged_local_address;	/*
495 
-				 * for incoming only mail servers, drop emails
496 
-				 * claiming to be from us that must be false
497 
-				 * Requires that -o, -l or -f are NOT given
498 
-				 */
499 
-static	struct	cfgstruct	*copt;
500 
-static	const	char	*localSocket;	/* milter->clamd comms */
501 
-static	in_port_t	tcpSocket;	/* milter->clamd comms */
502 
-static	char	*port = NULL;	/* sendmail->milter comms */
503 
-
504 
-static	const	char	*serverHostNames = "127.0.0.1";
505 
-#if	HAVE_IN_ADDR_T
506 
-static	in_addr_t	*serverIPs;	/* IPv4 only, in network byte order */
507 
-#else
508 
-static	long	*serverIPs;	/* IPv4 only, in network byte order */
509 
-#endif
510 
-static	int	numServers;	/* number of elements in serverIPs array */
511 
-#ifndef	SESSION
512 
-#define	RETRY_SECS	300	/* How often to retry a server that's down */
513 
-static	time_t	*last_failed_pings;	/* For servers that are down. NB: not mutexed */
514 
-#endif
515 
-static	char	*rootdir;	/* for chroot */
516 
-
517 
-#ifdef	SESSION
518 
-static	struct	session {
519 
-	int	sock;	/* fd */
520 
-	enum	{ CMDSOCKET_FREE, CMDSOCKET_INUSE, CMDSOCKET_DOWN }	status;
521 
-} *sessions;	/* max_children elements in the array */
522 
-static	pthread_mutex_t sstatus_mutex = PTHREAD_MUTEX_INITIALIZER;
523 
-#endif	/*SESSION*/
524 
-
525 
-static	pthread_cond_t	watchdog_cond = PTHREAD_COND_INITIALIZER;
526 
-
527 
-#ifndef	SHUT_RD
528 
-#define	SHUT_RD		0
529 
-#endif
530 
-#ifndef	SHUT_WR
531 
-#define	SHUT_WR		1
532 
-#endif
533 
-
534 
-static	const	char	*postmaster = "postmaster";
535 
-static	const	char	*from = "MAILER-DAEMON";
536 
-static	int	quitting;
537 
-static	int	reload;	/* reload database when SIGUSR2 is received */
538 
-static	const	char	*report;	/* Report Phishing to this address */
539 
-static	const	char	*report_fps;	/* Report Phish FPs to this address */
540 
-
541 
-static	const	char	*whitelistFile;	/*
542 
-					 * file containing destination email
543 
-					 * addresses that we don't scan
544 
-					 */
545 
-static	const	char	*sendmailCF;	/* location of sendmail.cf to verify */
546 
-static		int	checkCF = 1;
547 
-static	const	char	*pidfile;
548 
-static	int	black_hole_mode; /*
549 
-				 * Since sendmail calls its milters before it
550 
-				 * looks in /etc/aliases we can spend time
551 
-				 * looking for malware that's going to be
552 
-				 * thrown away even if the message is clean.
553 
-				 * Enable this to not scan these messages.
554 
-				 * Sadly, because these days sendmail -bv
555 
-				 * only works as root, you can't use this with
556 
-				 * the User directive, which some won't like
557 
-				 * which also may contain the real target name
558 
-				 *
559 
-				 * smfi_getsymval(ctx, "{rcpt_addr}") only
560 
-				 * handles virtuser, it doesn't also deref
561 
-				 * the alias table, so it isn't any help
562 
-				 */
563 
-
564 
-static	table_t	*blacklist;	/* never freed */
565 
-static	int	blacklist_time;	/* How long to blacklist an IP */
566 
-static	pthread_mutex_t	blacklist_mutex = PTHREAD_MUTEX_INITIALIZER;
567 
-
568 
-#ifdef	CL_DEBUG
569 
-#if __GLIBC__ == 2 && __GLIBC_MINOR__ >= 1
570 
-#define HAVE_BACKTRACE
571 
-#endif
572 
-#endif
573 
-
574 
-static	void	sigsegv(int sig);
575 
-static	void	sigusr1(int sig);
576 
-static	void	sigusr2(int sig);
577 
-
578 
-#ifdef HAVE_BACKTRACE
579 
-#include <execinfo.h>
580 
-
581 
-static	void	print_trace(void);
582 
-
583 
-#define	BACKTRACE_SIZE	200
584 
-
585 
-#endif
586 
-
587 
-static	int	verifyIncomingSocketName(const char *sockName);
588 
-static	int	isWhitelisted(const char *emailaddress, int to);
589 
-static	int	isBlacklisted(const char *ip_address);
590 
-static	table_t	*mx(const char *host, table_t *t);
591 
-static	sfsistat	black_hole(const struct privdata *privdata);
592 
-static	int	useful_header(const char *cmd);
593 
-
594 
-extern	short	logg_foreground;
595 
-
596 
-#ifdef HAVE_RESOLV_H
597 
-static	table_t	*resolve(const char *host, table_t *t);
598 
-static	int	spf(struct privdata *privdata, table_t *prevhosts);
599 
-static	void	spf_ip(char *ip, int zero, void *v);
600 
-
601 
-pthread_mutex_t	res_pool_mutex = PTHREAD_MUTEX_INITIALIZER;
602 
-
603 
-#ifdef HAVE_LRESOLV_R
604 
-res_state res_pool;
605 
-uint8_t *res_pool_state;
606 
-pthread_cond_t res_pool_cond = PTHREAD_COND_INITIALIZER;
607 
-
608 
-static int safe_res_query(const char *d, int c, int t, u_char *a, int l) {
609 
-	int i = -1, ret;
610 
-
611 
-	pthread_mutex_lock(&res_pool_mutex);
612 
-	while(i==-1) {
613 
-		int j;
614 
-		for(j=0; j<max_children+1; j++) {
615 
-			if(!res_pool_state[j]) continue;
616 
-			i = j;
617 
-			break;
618 
-		}
619 
-		if(i!=-1) break;
620 
-		pthread_cond_wait(&res_pool_cond, &res_pool_mutex);
621 
-	}
622 
-	res_pool_state[i]=0;
623 
-	pthread_mutex_unlock(&res_pool_mutex);
624 
-
625 
-	ret = res_nquery(&res_pool[i], d, c, t, a, l);
626 
-
627 
-	pthread_mutex_lock(&res_pool_mutex);
628 
-	res_pool_state[i]=1;
629 
-	pthread_cond_signal(&res_pool_cond);
630 
-	pthread_mutex_unlock(&res_pool_mutex);
631 
-	return ret;
632 
-}
633 
-
634 
-#else /* !HAVE_LRESOLV_R - non thread safe resolver (old bsd's) */
635 
-
636 
-static int safe_res_query(const char *d, int c, int t, u_char *a, int l) {
637 
-	int ret;
638 
-	pthread_mutex_lock(&res_pool_mutex);
639 
-	ret = res_query(d, c, t, a, l);
640 
-	pthread_mutex_unlock(&res_pool_mutex);
641 
-	return ret;
642 
-}
643 
-
644 
-#endif /* HAVE_LRESOLV_R */
645 
-
646 
-#endif /* HAVE_RESOLV_H */
647 
-
648 
-static void
649 
-help(void)
650 
-{
651 
-	printf("\n\tclamav-milter version %s\n", get_version());
652 
-	puts("\tCopyright (C) 2007 Nigel Horne <njh@clamav.net>\n");
653 
-
654 
-	puts(_("\t--advisory\t\t-A\tFlag viruses rather than deleting them."));
655 
-	puts(_("\t--blacklist-time=SECS\t-k\tTime (in seconds) to blacklist an IP."));
656 
-	puts(_("\t--black-hole-mode\t\tDon't scan messages aliased to /dev/null."));
657 
-#ifdef	BOUNCE
658 
-	puts(_("\t--bounce\t\t-b\tSend a failure message to the sender."));
659 
-#endif
660 
-	puts(_("\t--broadcast\t\t-B [IFACE]\tBroadcast to a network manager when a virus is found."));
661 
-	puts(_("\t--chroot=DIR\t\t-C DIR\tChroot to dir when starting."));
662 
-	puts(_("\t--config-file=FILE\t-c FILE\tRead configuration from FILE."));
663 
-	puts(_("\t--debug\t\t\t-D\tPrint debug messages."));
664 
-	puts(_("\t--detect-forged-local-address\t-L\tReject mails that claim to be from us."));
665 
-	puts(_("\t--dont-blacklist\t-K\tDon't blacklist a given IP."));
666 
-	puts(_("\t--dont-scan-on-error\t-d\tPass e-mails through unscanned if a system error occurs."));
667 
-	puts(_("\t--dont-wait\t\t\tAsk remote end to resend if max-children exceeded."));
668 
-	puts(_("\t--dont-sanitise\t\t\tAllow semicolon and pipe characters in email addresses."));
669 
-	puts(_("\t--external\t\t-e\tUse an external scanner (usually clamd)."));
670 
-	puts(_("\t--freshclam-monitor=SECS\t-M SECS\tHow often to check for database update."));
671 
-	puts(_("\t--from=EMAIL\t\t-a EMAIL\tError messages come from here."));
672 
-	puts(_("\t--force-scan\t\t-f\tForce scan all messages (overrides (-o and -l)."));
673 
-	puts(_("\t--help\t\t\t-h\tThis message."));
674 
-	puts(_("\t--headers\t\t-H\tInclude original message headers in the report."));
675 
-	puts(_("\t--ignore IPaddr\t\t-I IPaddr\tAdd IPaddr to LAN IP list (see --local)."));
676 
-	puts(_("\t--local\t\t\t-l\tScan messages sent from machines on our LAN."));
677 
-	puts(_("\t--max-childen\t\t-m\tMaximum number of concurrent scans."));
678 
-	puts(_("\t--outgoing\t\t-o\tScan outgoing messages from this machine."));
679 
-	puts(_("\t--noreject\t\t-N\tDon't reject viruses, silently throw them away."));
680 
-	puts(_("\t--noxheader\t\t-n\tSuppress X-Virus-Scanned/X-Virus-Status headers."));
681 
-	puts(_("\t--pidfile=FILE\t\t-i FILE\tLocation of pidfile."));
682 
-	puts(_("\t--postmaster\t\t-p EMAIL\tPostmaster address [default=postmaster]."));
683 
-	puts(_("\t--postmaster-only\t-P\tSend notifications only to the postmaster."));
684 
-	puts(_("\t--quiet\t\t\t-q\tDon't send e-mail notifications of interceptions."));
685 
-	puts(_("\t--quarantine=USER\t-Q EMAIL\tQuarantine e-mail account."));
686 
-	puts(_("\t--report-phish=EMAIL\t-r EMAIL\tReport phish to this email address."));
687 
-	puts(_("\t--report-phish-false-positives=EMAIL\t-R EMAIL\tReport phish false positves to this email address."));
688 
-	puts(_("\t--quarantine-dir=DIR\t-U DIR\tDirectory to store infected emails."));
689 
-	puts(_("\t--server=SERVER\t\t-s SERVER\tHostname/IP address of server(s) running clamd (when using TCPsocket)."));
690 
-	puts(_("\t--sendmail-cf=FILE\t\tLocation of the sendmail.cf file to verify"));
691 
-	puts(_("\t--no-check-cf\t\tSkip verification of sendmail.cf"));
692 
-	puts(_("\t--sign\t\t\t-S\tAdd a hard-coded signature to each scanned message."));
693 
-	puts(_("\t--signature-file=FILE\t-F FILE\tLocation of signature file."));
694 
-	puts(_("\t--template-file=FILE\t-t FILE\tLocation of e-mail template file."));
695 
-	puts(_("\t--template-headers=FILE\t\tLocation of e-mail headers for template file."));
696 
-	puts(_("\t--timeout=SECS\t\t-T SECS\tTimeout waiting to childen to die."));
697 
-	puts(_("\t--whitelist-file=FILE\t-W FILE\tLocation of the file of whitelisted addresses"));
698 
-	puts(_("\t--version\t\t-V\tPrint the version number of this software."));
699 
-#ifdef	CL_DEBUG
700 
-	puts(_("\t--debug-level=n\t\t-x n\tSets the debug level to 'n'."));
701 
-#endif
702 
-	puts(_("\nFor more information type \"man clamav-milter\"."));
703 
-	puts(_("For bug reports, please refer to http://www.clamav.net/bugs"));
704 
-}
705 
-
706 
-extern char *optarg;
707 
-int
708 
-main(int argc, char **argv)
709 
-{
710 
-	int i, Bflag = 0, server = 0;
711 
-	char *cfgfile = NULL;
712 
-	const char *wont_blacklist = NULL;
713 
-	const struct cfgstruct *cpt;
714 
-	char version[VERSION_LENGTH + 1];
715 
-	pthread_t tid;
716 
-	struct rlimit rlim;
717 
-#ifdef	CL_DEBUG
718 
-	int consolefd;
719 
-#endif
720 
-
721 
-	/*
722 
-	 * The SMFI_VERSION checks are for Sendmail 8.14, which I don't have
723 
-	 * yet, so I can't verify them
724 
-	 * Patch from Andy Fiddaman <clam@fiddaman.net>
725 
-	 */
726 
-	struct smfiDesc smfilter = {
727 
-		"ClamAv", /* filter name */
728 
-		SMFI_VERSION,	/* version code -- leave untouched */
729 
-		SMFIF_ADDHDRS|SMFIF_CHGHDRS,	/* flags - we add and delete headers */
730 
-		clamfi_connect, /* connexion callback */
731 
-#ifdef	CL_DEBUG
732 
-		clamfi_helo,	/* HELO filter callback */
733 
-#else
734 
-		NULL,
735 
-#endif
736 
-		clamfi_envfrom, /* envelope sender filter callback */
737 
-		clamfi_envrcpt, /* envelope recipient filter callback */
738 
-		clamfi_header,	/* header filter callback */
739 
-		clamfi_eoh,	/* end of header callback */
740 
-		clamfi_body,	/* body filter callback */
741 
-		clamfi_eom,	/* end of message callback */
742 
-		clamfi_abort,	/* message aborted callback */
743 
-		clamfi_close,	/* connexion cleanup callback */
744 
-#if	SMFI_VERSION > 2
745 
-		NULL,		/* Unrecognised command */
746 
-#endif
747 
-#if	SMFI_VERSION > 3
748 
-		NULL,		/* DATA command callback */
749 
-#endif
750 
-#if	SMFI_VERSION >= 0x01000000
751 
-		NULL,		/* Negotiation callback */
752 
-#endif
753 
-	};
754 
-
755 
-#if defined(CL_DEBUG) && defined(C_LINUX)
756 
-	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
757 
-	if(setrlimit(RLIMIT_CORE, &rlim) < 0)
758 
-		perror("setrlimit");
759 
-#endif
760 
-
761 
-	/*
762 
-	 * Temporarily enter guessed value into version, will
763 
-	 * be overwritten later by the value returned by clamd
764 
-	 */
765 
-	snprintf(version, sizeof(version) - 1,
766 
-		"ClamAV version %s, clamav-milter version %s",
767 
-		cl_retver(), get_version());
768 
-
769 
-	progname = strrchr(argv[0], '/');
770 
-	if(progname)
771 
-		progname++;
772 
-	else
773 
-		progname = "clamav-milter";
774 
-
775 
-#ifdef	C_LINUX
776 
-	setlocale(LC_ALL, "");
777 
-	bindtextdomain(progname, DATADIR"/clamav-milter/locale");
778 
-	textdomain(progname);
779 
-#endif
780 
-
781 
-	for(;;) {
782 
-		int opt_index = 0;
783 
-#ifdef	BOUNCE
784 
-#ifdef	CL_DEBUG
785 
-		const char *args = "a:AbB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:z0:1:2";
786 
-#else
787 
-		const char *args = "a:AbB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:z0:1:2";
788 
-#endif
789 
-#else	/*!BOUNCE*/
790 
-#ifdef	CL_DEBUG
791 
-		const char *args = "a:AB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:z0:1:2";
792 
-#else
793 
-		const char *args = "a:AB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:z0:1:2";
794 
-#endif
795 
-#endif	/*BOUNCE*/
796 
-
797 
-		static struct option long_options[] = {
798 
-			{
799 
-				"from", 2, NULL, 'a'
800 
-			},
801 
-			{
802 
-				"advisory", 0, NULL, 'A'
803 
-			},
804 
-#ifdef	BOUNCE
805 
-			{
806 
-				"bounce", 0, NULL, 'b'
807 
-			},
808 
-#endif
809 
-			{
810 
-				"broadcast", 2, NULL, 'B'
811 
-			},
812 
-			{
813 
-				"config-file", 1, NULL, 'c'
814 
-			},
815 
-			{
816 
-				"chroot", 1, NULL, 'C'
817 
-			},
818 
-			{
819 
-				"detect-forged-local-address", 0, NULL, 'L'
820 
-			},
821 
-			{
822 
-				"dont-blacklist", 1, NULL, 'K'
823 
-			},
824 
-			{
825 
-				"dont-scan-on-error", 0, NULL, 'd'
826 
-			},
827 
-			{
828 
-				"dont-wait", 0, NULL, 'w'
829 
-			},
830 
-			{
831 
-				"dont-sanitise", 0, NULL, 'z'
832 
-			},
833 
-			{
834 
-				"debug", 0, NULL, 'D'
835 
-			},
836 
-			{
837 
-				"external", 0, NULL, 'e'
838 
-			},
839 
-			{
840 
-				"force-scan", 0, NULL, 'f'
841 
-			},
842 
-			{
843 
-				"headers", 0, NULL, 'H'
844 
-			},
845 
-			{
846 
-				"help", 0, NULL, 'h'
847 
-			},
848 
-			{
849 
-				"ignore", 1, NULL, 'I'
850 
-			},
851 
-			{
852 
-				"pidfile", 1, NULL, 'i'
853 
-			},
854 
-			{
855 
-				"blacklist-time", 1, NULL, 'k'
856 
-			},
857 
-			{
858 
-				"local", 0, NULL, 'l'
859 
-			},
860 
-			{
861 
-				"noreject", 0, NULL, 'N'
862 
-			},
863 
-			{
864 
-				"noxheader", 0, NULL, 'n'
865 
-			},
866 
-			{
867 
-				"outgoing", 0, NULL, 'o'
868 
-			},
869 
-			{
870 
-				"postmaster", 1, NULL, 'p'
871 
-			},
872 
-			{
873 
-				"postmaster-only", 0, NULL, 'P',
874 
-			},
875 
-			{
876 
-				"quiet", 0, NULL, 'q'
877 
-			},
878 
-			{
879 
-				"quarantine", 1, NULL, 'Q',
880 
-			},
881 
-			{
882 
-				"report-phish", 1, NULL, 'r'
883 
-			},
884 
-			{
885 
-				"report-phish-false-positives", 1, NULL, 'R'
886 
-			},
887 
-			{
888 
-				"quarantine-dir", 1, NULL, 'U',
889 
-			},
890 
-			{
891 
-				"max-children", 1, NULL, 'm'
892 
-			},
893 
-			{
894 
-				"freshclam-monitor", 1, NULL, 'M'
895 
-			},
896 
-			{
897 
-				"sendmail-cf", 1, NULL, '0'
898 
-			},
899 
-			{
900 
-				"no-check-cf", 0, &checkCF, 0
901 
-			},
902 
-			{
903 
-				"server", 1, NULL, 's'
904 
-			},
905 
-			{
906 
-				"sign", 0, NULL, 'S'
907 
-			},
908 
-			{
909 
-				"signature-file", 1, NULL, 'F'
910 
-			},
911 
-			{
912 
-				"template-file", 1, NULL, 't'
913 
-			},
914 
-			{
915 
-				"template-headers", 1, NULL, '1'
916 
-			},
917 
-			{
918 
-				"timeout", 1, NULL, 'T'
919 
-			},
920 
-			{
921 
-				"whitelist-file", 1, NULL, 'W'
922 
-			},
923 
-			{
924 
-				"version", 0, NULL, 'V'
925 
-			},
926 
-			{
927 
-				"black-hole-mode", 0, NULL, '2'
928 
-			},
929 
-#ifdef	CL_DEBUG
930 
-			{
931 
-				"debug-level", 1, NULL, 'x'
932 
-			},
933 
-#endif
934 
-			{
935 
-				NULL, 0, NULL, '\0'
936 
-			}
937 
-		};
938 
-
939 
-		int ret = getopt_long(argc, argv, args, long_options, &opt_index);
940 
-
941 
-		if(ret == -1)
942 
-			break;
943 
-  		else if(ret == 0)
944 
-  			continue;
945 
-
946 
-		switch(ret) {
947 
-			case 'a':	/* e-mail errors from here */
948 
-				/*
949 
-				 * optarg is optional - if you give --from
950 
-				 * then the --from is set to the orginal,
951 
-				 * probably forged, email address
952 
-				 */
953 
-				from = optarg;
954 
-				break;
955 
-			case 'A':
956 
-				advisory++;
957 
-				break;
958 
-#ifdef	BOUNCE
959 
-			case 'b':	/* bounce worms/viruses */
960 
-				bflag++;
961 
-				break;
962 
-#endif
963 
-			case 'B':	/* broadcast */
964 
-				Bflag++;
965 
-				if(optarg)
966 
-					iface = optarg;
967 
-				break;
968 
-			case 'c':	/* where is clamd.conf? */
969 
-				cfgfile = optarg;
970 
-				break;
971 
-			case 'C':	/* chroot */
972 
-				rootdir = optarg;
973 
-				break;
974 
-			case 'd':	/* don't scan on error */
975 
-				cl_error = SMFIS_ACCEPT;
976 
-				break;
977 
-			case 'D':	/* enable debug messages */
978 
-				cl_debug();
979 
-				break;
980 
-			case 'e':	/* use clamd */
981 
-				external++;
982 
-				break;
983 
-			case 'f':	/* force the scan */
984 
-				fflag++;
985 
-				break;
986 
-			case 'h':
987 
-				help();
988 
-				return EX_OK;
989 
-			case 'H':
990 
-				hflag++;
991 
-				break;
992 
-			case 'i':	/* pidfile */
993 
-				pidfile = optarg;
994 
-				break;
995 
-			case 'k':	/* blacklist time */
996 
-				blacklist_time = atoi(optarg);
997 
-				break;
998 
-			case 'K':	/* don't black list given IP */
999 
-				wont_blacklist = optarg;
1000 
-				break;
1001 
-			case 'I':	/* --ignore, -I hostname */
1002 
-				/*
1003 
-				 * Based on patch by jpd@louisiana.edu
1004 
-				 */
1005 
-				if(Iflag == IFLAG_MAX) {
1006 
-					fprintf(stderr,
1007 
-						_("%s: %s, -I may only be given %d times\n"),
1008 
-							argv[0], optarg, IFLAG_MAX);
1009 
-					return EX_USAGE;
1010 
-				}
1011 
-				if(!add_local_ip(optarg)) {
1012 
-					fprintf(stderr,
1013 
-						_("%s: Cannot convert -I%s to IPaddr\n"),
1014 
-							argv[0], optarg);
1015 
-					return EX_USAGE;
1016 
-				}
1017 
-				Iflag++;
1018 
-				break;
1019 
-			case 'l':	/* scan mail from the lan */
1020 
-				lflag++;
1021 
-				break;
1022 
-			case 'L':	/* detect forged local addresses */
1023 
-				detect_forged_local_address++;
1024 
-				break;
1025 
-			case 'm':	/* maximum number of children */
1026 
-				max_children = atoi(optarg);
1027 
-				break;
1028 
-			case 'M':	/* how often to monitor for freshclam */
1029 
-				freshclam_monitor = atoi(optarg);
1030 
-				break;
1031 
-			case 'n':	/* don't add X-Virus-Scanned */
1032 
-				nflag++;
1033 
-				smfilter.xxfi_flags &= ~(SMFIF_ADDHDRS|SMFIF_CHGHDRS);
1034 
-				break;
1035 
-			case 'N':	/* Do we reject mail or silently drop it */
1036 
-				rejectmail = 0;
1037 
-				break;
1038 
-			case 'o':	/* scan outgoing mail */
1039 
-				oflag++;
1040 
-				break;
1041 
-			case 'p':	/* postmaster e-mail address */
1042 
-				postmaster = optarg;
1043 
-				break;
1044 
-			case 'P':	/* postmaster only */
1045 
-				pflag++;
1046 
-				break;
1047 
-			case 'q':	/* send NO notification email */
1048 
-				qflag++;
1049 
-				break;
1050 
-			case 'Q':	/* quarantine e-mail address */
1051 
-				quarantine = optarg;
1052 
-				smfilter.xxfi_flags |= SMFIF_CHGHDRS|SMFIF_ADDRCPT|SMFIF_DELRCPT;
1053 
-				break;
1054 
-			case 'r':	/* report phishing here */
1055 
-				/* e.g. reportphishing@antiphishing.org */
1056 
-				report = optarg;
1057 
-				break;
1058 
-			case 'R':	/* report phishing false positives here */
1059 
-				report_fps = optarg;
1060 
-				break;
1061 
-			case 's':	/* server running clamd */
1062 
-				server++;
1063 
-				serverHostNames = optarg;
1064 
-				break;
1065 
-			case 'F':	/* signature file */
1066 
-				sigFilename = optarg;
1067 
-				signature = NULL;
1068 
-				/* fall through */
1069 
-			case 'S':	/* sign */
1070 
-				smfilter.xxfi_flags |= SMFIF_CHGBODY;
1071 
-				Sflag++;
1072 
-				break;
1073 
-			case 't':	/* e-mail template file */
1074 
-				templateFile = optarg;
1075 
-				break;
1076 
-			case '1':	/* headers for the template file */
1077 
-				templateHeaders = optarg;
1078 
-				break;
1079 
-			case '2':
1080 
-				black_hole_mode++;
1081 
-				break;
1082 
-			case 'T':	/* time to wait for child to die */
1083 
-				child_timeout = atoi(optarg);
1084 
-				break;
1085 
-			case 'U':	/* quarantine path */
1086 
-				quarantine_dir = optarg;
1087 
-				break;
1088 
-			case 'V':
1089 
-				puts(version);
1090 
-				return EX_OK;
1091 
-			case 'w':
1092 
-				dont_wait++;
1093 
-				break;
1094 
-			case 'W':
1095 
-				whitelistFile = optarg;
1096 
-				break;
1097 
-			case 'z':
1098 
-				dont_sanitise=1;
1099 
-				break;
1100 
-			case '0':
1101 
-				sendmailCF = optarg;
1102 
-				break;
1103 
-#ifdef	CL_DEBUG
1104 
-			case 'x':
1105 
-				debug_level = atoi(optarg);
1106 
-				break;
1107 
-#endif
1108 
-			default:
1109 
-#ifdef	CL_DEBUG
1110 
-				fprintf(stderr, "Usage: %s [-b] [-c FILE] [-F FILE] [--max-children=num] [-e] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-s SERVER] [-S] [-x#] [-U PATH] [-M#] socket-addr\n", argv[0]);
1111 
-#else
1112 
-				fprintf(stderr, "Usage: %s [-b] [-c FILE] [-F FILE] [--max-children=num] [-e] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-s SERVER] [-S] [-U PATH] [-M#] socket-addr\n", argv[0]);
1113 
-#endif
1114 
-				return EX_USAGE;
1115 
-		}
1116 
-	}
1117 
-
1118 
-	/*
1119 
-	 * Check sanity of --external and --server arguments
1120 
-	 */
1121 
-	if(server && !external) {
1122 
-		fprintf(stderr,
1123 
-			"%s: --server can only be used with --external\n",
1124 
-			argv[0]);
1125 
-		return EX_USAGE;
1126 
-	}
1127 
-#ifdef	SESSION
1128 
-	if(!external) {
1129 
-		fprintf(stderr,
1130 
-			_("%s: SESSIONS mode requires --external\n"), argv[0]);
1131 
-		return EX_USAGE;
1132 
-	}
1133 
-#endif
1134 
-
1135 
-	/* TODO: support freshclam's daemon notify if --external is not given */
1136 
-
1137 
-	if(optind == argc) {
1138 
-		fprintf(stderr, _("%s: No socket-addr given\n"), argv[0]);
1139 
-		return EX_USAGE;
1140 
-	}
1141 
-	port = argv[optind];
1142 
-
1143 
-	if(rootdir == NULL)	/* FIXME: Handle CHROOT */
1144 
-		if(checkCF && verifyIncomingSocketName(port) < 0) {
1145 
-			fprintf(stderr, _("%s: socket-addr (%s) doesn't agree with sendmail.cf\n"), argv[0], port);
1146 
-			return EX_CONFIG;
1147 
-		}
1148 
-
1149 
-	if(strncasecmp(port, "inet:", 5) == 0)
1150 
-		if(!lflag) {
1151 
-			/*
1152 
-			 * Barmy but true. It seems that clamfi_connect will,
1153 
-			 * in this case, get the IP address of the machine
1154 
-			 * running sendmail, not of the machine sending the
1155 
-			 * mail, so the remote end will be a local address so
1156 
-			 * we must scan by enabling --local
1157 
-			 *
1158 
-			 * TODO: this is probably not needed if the remote
1159 
-			 * machine is localhost, need to check though
1160 
-			 */
1161 
-			fprintf(stderr, _("%s: when using inet: connexion to sendmail you must enable --local\n"), argv[0]);
1162 
-			return EX_USAGE;
1163 
-		}
1164 
-
1165 
-	/*
1166 
-	 * Sanity checks on the clamav configuration file
1167 
-	 */
1168 
-	if(cfgfile == NULL) {
1169 
-		cfgfile = cli_malloc(strlen(CONFDIR) + 12);	/* leak */
1170 
-		sprintf(cfgfile, "%s/clamd.conf", CONFDIR);
1171 
-	}
1172 
-	if((copt = getcfg(cfgfile, 1)) == NULL) {
1173 
-		fprintf(stderr, _("%s: Can't parse the config file %s\n"),
1174 
-			argv[0], cfgfile);
1175 
-		return EX_CONFIG;
1176 
-	}
1177 
-
1178 
-	if(detect_forged_local_address) {
1179 
-		if(oflag) {
1180 
-			fprintf(stderr, _("%s: --detect-forged-local-addresses is not compatible with --outgoing\n"), argv[0]);
1181 
-			return EX_CONFIG;
1182 
-		}
1183 
-		if(lflag) {
1184 
-			fprintf(stderr, _("%s: --detect-forged-local-addresses is not compatible with --local\n"), argv[0]);
1185 
-			return EX_CONFIG;
1186 
-		}
1187 
-		if(fflag) {
1188 
-			fprintf(stderr, _("%s: --detect-forged-local-addresses is not compatible with --force\n"), argv[0]);
1189 
-			return EX_CONFIG;
1190 
-		}
1191 
-	}
1192 
-
1193 
-	if(Bflag) {
1194 
-		int on;
1195 
-
1196 
-		broadcastSock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
1197 
-		/*
1198 
-		 * SO_BROADCAST doesn't sent to all NICs on Linux, it only
1199 
-		 * broadcasts on eth0, which is why there's an optional argument
1200 
-		 * to --broadcast to say which NIC to broadcast on. You can use
1201 
-		 * SO_BINDTODEVICE to get around that, but you need to have
1202 
-		 * uid == 0 for that
1203 
-		 */
1204 
-		on = 1;
1205 
-		if(setsockopt(broadcastSock, SOL_SOCKET, SO_BROADCAST, (int *)&on, sizeof(on)) < 0) {
1206 
-			perror("setsockopt");
1207 
-			return EX_UNAVAILABLE;
1208 
-		}
1209 
-		shutdown(broadcastSock, SHUT_RD);
1210 
-	}
1211 
-
1212 
-	/*
1213 
-	 * Drop privileges
1214 
-	 */
1215 
-#ifdef	CL_DEBUG
1216 
-	/* Save the fd for later, open while we can */
1217 
-	consolefd = open(console, O_WRONLY);
1218 
-#endif
1219 
-
1220 
-	if(getuid() == 0) {
1221 
-		if(iface) {
1222 
-#ifdef	SO_BINDTODEVICE
1223 
-			struct ifreq ifr;
1224 
-
1225 
-			memset(&ifr, '\0', sizeof(struct ifreq));
1226 
-			strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name) - 1);
1227 
-			ifr.ifr_name[sizeof(ifr.ifr_name)-1]='\0';
1228 
-			if(setsockopt(broadcastSock, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) < 0) {
1229 
-				perror(iface);
1230 
-				return EX_CONFIG;
1231 
-			}
1232 
-#else
1233 
-			fprintf(stderr, _("%s: The iface option to --broadcast is not supported on your operating system\n"), argv[0]);
1234 
-			return EX_CONFIG;
1235 
-#endif
1236 
-		}
1237 
-
1238 
-		if(((cpt = cfgopt(copt, "User")) != NULL) && cpt->enabled) {
1239 
-			const struct passwd *user;
1240 
-
1241 
-			if((user = getpwnam(cpt->strarg)) == NULL) {
1242 
-				fprintf(stderr, _("%s: Can't get information about user %s\n"), argv[0], cpt->strarg);
1243 
-				return EX_CONFIG;
1244 
-			}
1245 
-
1246 
-			if(cfgopt(copt, "AllowSupplementaryGroups")->enabled) {
1247 
-#ifdef HAVE_INITGROUPS
1248 
-				if(initgroups(cpt->strarg, user->pw_gid) < 0) {
1249 
-					perror(cpt->strarg);
1250 
-					return EX_CONFIG;
1251 
-				}
1252 
-#else
1253 
-				fprintf(stderr, _("%s: AllowSupplementaryGroups: initgroups not supported.\n"),
1254 
-					argv[0]);
1255 
-				return EX_CONFIG;
1256 
-#endif
1257 
-			} else {
1258 
-#ifdef	HAVE_SETGROUPS
1259 
-				if(setgroups(1, &user->pw_gid) < 0) {
1260 
-					perror(cpt->strarg);
1261 
-					return EX_CONFIG;
1262 
-				}
1263 
-#endif
1264 
-			}
1265 
-
1266 
-			setgid(user->pw_gid);
1267 
-
1268 
-			if(setuid(user->pw_uid) < 0)
1269 
-				perror(cpt->strarg);
1270 
-#ifdef	CL_DEBUG
1271 
-			else
1272 
-				printf(_("Running as user %s (UID %d, GID %d)\n"),
1273 
-					cpt->strarg, (int)user->pw_uid,
1274 
-					(int)user->pw_gid);
1275 
-#endif
1276 
-
1277 
-			/*
1278 
-			 * Note, some O/Ss (e.g. OpenBSD/Fedora Linux) FORCE
1279 
-			 * you to run as root in black-hole-mode because
1280 
-			 * /var/spool/mqueue is mode 700 owned by root!
1281 
-			 * Flames to them, not to me, please.
1282 
-			 */
1283 
-			if(black_hole_mode && (user->pw_uid != 0)) {
1284 
-				int are_trusted;
1285 
-				FILE *sendmail;
1286 
-				char cmd[128];
1287 
-
1288 
-				/*
1289 
-				 * Determine if we're a "trusted user"
1290 
-				 */
1291 
-				snprintf(cmd, sizeof(cmd) - 1, "%s -bv root</dev/null 2>&1",
1292 
-					SENDMAIL_BIN);
1293 
-
1294 
-				sendmail = popen(cmd, "r");
1295 
-
1296 
-				if(sendmail == NULL) {
1297 
-					perror(SENDMAIL_BIN);
1298 
-					are_trusted = 0;
1299 
-				} else {
1300 
-					int status;
1301 
-					char buf[BUFSIZ];
1302 
-
1303 
-					while(fgets(buf, sizeof(buf), sendmail) != NULL)
1304 
-						;
1305 
-					/*
1306 
-					 * Can't do
1307 
-					 * switch(WEXITSTATUS(pclose(sendmail)))
1308 
-					 * because that fails to compile on
1309 
-					 * NetBSD2.0
1310 
-					 */
1311 
-					status = pclose(sendmail);
1312 
-					switch(WEXITSTATUS(status)) {
1313 
-						case EX_NOUSER:
1314 
-							/*
1315 
-							 * No root? But at least
1316 
-							 * we're trusted enough
1317 
-							 * to find out!
1318 
-							 */
1319 
-							are_trusted = 1;
1320 
-							break;
1321 
-						default:
1322 
-							are_trusted = 0;
1323 
-							break;
1324 
-						case EX_OK:
1325 
-							are_trusted = 1;
1326 
-					}
1327 
-				}
1328 
-				if(!are_trusted) {
1329 
-					fprintf(stderr, _("%s: You cannot use black hole mode unless %s is a TrustedUser\n"),
1330 
-						argv[0], cpt->strarg);
1331 
-					return EX_CONFIG;
1332 
-				}
1333 
-			}
1334 
-		} else
1335 
-			printf(_("^%s: running as root is not recommended (check \"User\" in %s)\n"), argv[0], cfgfile);
1336 
-	} else if(iface) {
1337 
-		fprintf(stderr, _("%s: Only root can set an interface for --broadcast\n"), argv[0]);
1338 
-		return EX_USAGE;
1339 
-	}
1340 
-
1341 
-	if(advisory && quarantine) {
1342 
-		fprintf(stderr, _("%s: Advisory mode doesn't work with quarantine mode\n"), argv[0]);
1343 
-		return EX_USAGE;
1344 
-	}
1345 
-	if(quarantine_dir) {
1346 
-		struct stat statb;
1347 
-
1348 
-		if(advisory) {
1349 
-			fprintf(stderr,
1350 
-				_("%s: Advisory mode doesn't work with quarantine directories\n"),
1351 
-				argv[0]);
1352 
-			return EX_USAGE;
1353 
-		}
1354 
-		if(strstr(quarantine_dir, "ERROR") != NULL) {
1355 
-			fprintf(stderr,
1356 
-				_("%s: the quarantine directory must not contain the string 'ERROR'\n"),
1357 
-				argv[0]);
1358 
-			return EX_USAGE;
1359 
-		}
1360 
-		if(strstr(quarantine_dir, "FOUND") != NULL) {
1361 
-			fprintf(stderr,
1362 
-				_("%s: the quarantine directory must not contain the string 'FOUND'\n"),
1363 
-				argv[0]);
1364 
-			return EX_USAGE;
1365 
-		}
1366 
-		if(strstr(quarantine_dir, "OK") != NULL) {
1367 
-			fprintf(stderr,
1368 
-				_("%s: the quarantine directory must not contain the string 'OK'\n"),
1369 
-				argv[0]);
1370 
-			return EX_USAGE;
1371 
-		}
1372 
-		if(access(quarantine_dir, W_OK) < 0) {
1373 
-			perror(quarantine_dir);
1374 
-			return EX_USAGE;
1375 
-		}
1376 
-		if(stat(quarantine_dir, &statb) < 0) {
1377 
-			perror(quarantine_dir);
1378 
-			return EX_USAGE;
1379 
-		}
1380 
-		/*
1381 
-		 * Quit if the quarantine directory is publically readable
1382 
-		 * or writeable
1383 
-		 */
1384 
-		if(statb.st_mode & 077) {
1385 
-			fprintf(stderr, _("%s: insecure quarantine directory %s (mode 0%o)\n"),
1386 
-				argv[0], quarantine_dir, (int)statb.st_mode & 0777);
1387 
-			return EX_CONFIG;
1388 
-		}
1389 
-	}
1390 
-
1391 
-	if(sigFilename && !updateSigFile())
1392 
-		return EX_USAGE;
1393 
-
1394 
-	if(templateFile && (access(templateFile, R_OK) < 0)) {
1395 
-		perror(templateFile);
1396 
-		return EX_CONFIG;
1397 
-	}
1398 
-	if(templateHeaders) {
1399 
-		if(templateFile == NULL) {
1400 
-			fputs(("%s: --template-headers requires --template-file\n"),
1401 
-				stderr);
1402 
-			return EX_CONFIG;
1403 
-		}
1404 
-		if(access(templateHeaders, R_OK) < 0) {
1405 
-			perror(templateHeaders);
1406 
-			return EX_CONFIG;
1407 
-		}
1408 
-	}
1409 
-	if(whitelistFile && (access(whitelistFile, R_OK) < 0)) {
1410 
-		perror(whitelistFile);
1411 
-		return EX_CONFIG;
1412 
-	}
1413 
-
1414 
-	/*
1415 
-	 * If the --max-children flag isn't set, see if MaxThreads
1416 
-	 * is set in the config file. Based on an idea by "Richard G. Roberto"
1417 
-	 * <rgr@dedlegend.com>
1418 
-	 */
1419 
-	if((max_children == 0) && ((cpt = cfgopt(copt, "MaxThreads")) != NULL))
1420 
-		max_children = cfgopt(copt, "MaxThreads")->numarg;
1421 
-
1422 
-#ifdef HAVE_LRESOLV_R
1423 
-	/* allocate a pool of resolvers */
1424 
-	if(!(res_pool=cli_calloc(max_children+1, sizeof(*res_pool))))
1425 
-		return EX_OSERR;
1426 
-	if(!(res_pool_state=cli_malloc(max_children+1)))
1427 
-		return EX_OSERR;
1428 
-	memset(res_pool_state, 1, max_children+1);
1429 
-	for(i = 0; i < max_children+1; i++)
1430 
-		res_ninit(&res_pool[i]);
1431 
-#endif
1432 
-
1433 
-	if((cpt = cfgopt(copt, "ReadTimeout")) != NULL) {
1434 
-		readTimeout = cpt->numarg;
1435 
-
1436 
-		if(readTimeout < 0) {
1437 
-			fprintf(stderr, _("%s: ReadTimeout must not be negative in %s\n"),
1438 
-				argv[0], cfgfile);
1439 
-			return EX_CONFIG;
1440 
-		}
1441 
-	}
1442 
-
1443 
-	if((cpt = cfgopt(copt, "StreamMaxLength")) != NULL) {
1444 
-		streamMaxLength = (long)cpt->numarg;
1445 
-		if(streamMaxLength < 0L) {
1446 
-			fprintf(stderr, _("%s: StreamMaxLength must not be negative in %s\n"),
1447 
-			argv[0], cfgfile);
1448 
-			return EX_CONFIG;
1449 
-		}
1450 
-	}
1451 
-
1452 
-	if(((cpt = cfgopt(copt, "LogSyslog")) != NULL) && cpt->enabled) {
1453 
-#if defined(USE_SYSLOG) && !defined(C_AIX)
1454 
-		int fac = LOG_LOCAL6;
1455 
-#endif
1456 
-
1457 
-		if(cfgopt(copt, "LogVerbose")->enabled) {
1458 
-			logg_verbose = 1;
1459 
-#ifdef	CL_DEBUG
1460 
-#if	((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) && (SENDMAIL_VERSION_B >= 13)))
1461 
-			if(debug_level >= 15)
1462 
-				smfi_setdbg(6);
1463 
-#endif
1464 
-#endif
1465 
-		}
1466 
-#if defined(USE_SYSLOG) && !defined(C_AIX)
1467 
-		logg_syslog = 1;
1468 
-
1469 
-		if(((cpt = cfgopt(copt, "LogFacility")) != NULL) && cpt->enabled)
1470 
-			if((fac = logg_facility(cpt->strarg)) == -1) {
1471 
-				fprintf(stderr, "%s: LogFacility: %s: No such facility\n",
1472 
-					argv[0], cpt->strarg);
1473 
-				return EX_CONFIG;
1474 
-			}
1475 
-		openlog(progname, LOG_CONS|LOG_PID, fac);
1476 
-#endif
1477 
-	} else {
1478 
-		if(qflag)
1479 
-			fprintf(stderr, _("%s: (-q && !LogSyslog): warning - all interception message methods are off\n"),
1480 
-				argv[0]);
1481 
-#if defined(USE_SYSLOG) && !defined(C_AIX)
1482 
-		logg_syslog = 0;
1483 
-#endif
1484 
-	}
1485 
-	/*
1486 
-	 * Get the outgoing socket details - the way to talk to clamd, unless
1487 
-	 * we're doing the scanning internally
1488 
-	 */
1489 
-	if(!external) {
1490 
-#ifdef	C_LINUX
1491 
-		const char *lang;
1492 
-#endif
1493 
-
1494 
-		if(max_children == 0) {
1495 
-			fprintf(stderr, _("%s: --max-children must be given if --external is not given\n"), argv[0]);
1496 
-			return EX_CONFIG;
1497 
-		}
1498 
-		if(freshclam_monitor <= 0) {
1499 
-			fprintf(stderr, _("%s: --freshclam_monitor must be at least one second\n"), argv[0]);
1500 
-			return EX_CONFIG;
1501 
-		}
1502 
-#ifdef	C_LINUX
1503 
-		lang = getenv("LANG");
1504 
-
1505 
-		if(lang && (strstr(lang, "UTF-8") != NULL)) {
1506 
-			fprintf(stderr, "Your LANG environment variable is set to '%s'\n", lang);
1507 
-			fprintf(stderr, "This is known to cause problems for some %s installations.\n", argv[0]);
1508 
-			fputs("If you get failures with temporary files, please try again with LANG unset.\n", stderr);
1509 
-		}
1510 
-#endif
1511 
-#if	0
1512 
-		if(child_timeout) {
1513 
-			fprintf(stderr, _("%s: --timeout must not be given if --external is not given\n"), argv[0]);
1514 
-			return EX_CONFIG;
1515 
-		}
1516 
-#endif
1517 
-		if (cl_init(CL_INIT_DEFAULT)!=CL_SUCCESS) {
1518 
-			fprintf(stderr, "%s: Failed to initialize libclamav, bailing out.\n", argv[0]);
1519 
-			return EX_UNAVAILABLE;
1520 
-		}
1521 
-		if(loadDatabase() != 0) {
1522 
-			/*
1523 
-			 * Handle the dont-scan-on-error option, which says
1524 
-			 * that we pass on emails, unscanned, if an error has
1525 
-			 * occurred
1526 
-			 */
1527 
-			if(cl_error != SMFIS_ACCEPT)
1528 
-				return EX_CONFIG;
1529 
-
1530 
-			fprintf(stderr, _("%s: No emails will be scanned"),
1531 
-				argv[0]);
1532 
-		}
1533 
-		numServers = 1;
1534 
-	} else if(((cpt = cfgopt(copt, "LocalSocket")) != NULL) && cpt->enabled) {
1535 
-#ifdef	SESSION
1536 
-		struct sockaddr_un sockun;
1537 
-#endif
1538 
-		char *sockname = NULL;
1539 
-
1540 
-		if(cfgopt(copt, "TCPSocket")->enabled) {
1541 
-			fprintf(stderr, _("%s: You can select one server type only (local/TCP) in %s\n"),
1542 
-				argv[0], cfgfile);
1543 
-			return EX_CONFIG;
1544 
-		}
1545 
-		if(server) {
1546 
-			fprintf(stderr, _("%s: You cannot use the --server option when using LocalSocket in %s\n"),
1547 
-				argv[0], cfgfile);
1548 
-			return EX_USAGE;
1549 
-		}
1550 
-		if(strncasecmp(port, "unix:", 5) == 0)
1551 
-			sockname = &port[5];
1552 
-		else if(strncasecmp(port, "local:", 6) == 0)
1553 
-			sockname = &port[6];
1554 
-
1555 
-		if(sockname && (strcmp(sockname, cpt->strarg) == 0)) {
1556 
-			fprintf(stderr, _("The connexion from sendmail to %s (%s) must not\n"),
1557 
-				argv[0], sockname);
1558 
-			fprintf(stderr, _("be the same as the connexion to clamd (%s) in %s\n"),
1559 
-				cpt->strarg, cfgfile);
1560 
-			return EX_CONFIG;
1561 
-		}
1562 
-		/*
1563 
-		 * TODO: check --server hasn't been set
1564 
-		 */
1565 
-		localSocket = cpt->strarg;
1566 
-#ifndef	SESSION
1567 
-		if(!pingServer(-1)) {
1568 
-			fprintf(stderr, _("Can't talk to clamd server via %s\n"),
1569 
-				localSocket);
1570 
-			fprintf(stderr, _("Check your entry for LocalSocket in %s\n"),
1571 
-				cfgfile);
1572 
-			return EX_CONFIG;
1573 
-		}
1574 
-#endif
1575 
-		/*if(quarantine_dir == NULL)
1576 
-			fprintf(stderr, _("When using Localsocket in %s\nyou may improve performance if you use the --quarantine-dir option\n"), cfgfile);*/
1577 
-
1578 
-		umask(077);
1579 
-
1580 
-		serverIPs = (in_addr_t *)cli_malloc(sizeof(in_addr_t));
1581 
-#ifdef	INADDR_LOOPBACK
1582 
-		serverIPs[0] = htonl(INADDR_LOOPBACK);
1583 
-#else
1584 
-		serverIPs[0] = inet_addr("127.0.0.1");
1585 
-#endif
1586 
-
1587 
-#ifdef	SESSION
1588 
-		memset((char *)&sockun, 0, sizeof(struct sockaddr_un));
1589 
-		sockun.sun_family = AF_UNIX;
1590 
-		strncpy(sockun.sun_path, localSocket, sizeof(sockun.sun_path));
1591 
-		sockun.sun_path[sizeof(sockun.sun_path)-1]='\0';
1592 
-
1593 
-		sessions = (struct session *)cli_malloc(sizeof(struct session));
1594 
-		if((sessions[0].sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
1595 
-			perror(localSocket);
1596 
-			fprintf(stderr, _("Can't talk to clamd server via %s\n"),
1597 
-				localSocket);
1598 
-			fprintf(stderr, _("Check your entry for LocalSocket in %s\n"),
1599 
-				cfgfile);
1600 
-			return EX_CONFIG;
1601 
-		}
1602 
-		if(connect(sessions[0].sock, (struct sockaddr *)&sockun, sizeof(struct sockaddr_un)) < 0) {
1603 
-			perror(localSocket);
1604 
-			return EX_UNAVAILABLE;
1605 
-		}
1606 
-		if(send(sessions[0].sock, "SESSION\n", 8, 0) < 8) {
1607 
-			perror("send");
1608 
-			fputs(_("!Can't create a clamd session"), stderr);
1609 
-			return EX_UNAVAILABLE;
1610 
-		}
1611 
-		sessions[0].status = CMDSOCKET_FREE;
1612 
-#endif
1613 
-		/*
1614 
-		 * FIXME: Allow connexion to remote servers by TCP/IP whilst
1615 
-		 * connecting to the localserver via a UNIX domain socket
1616 
-		 */
1617 
-		numServers = 1;
1618 
-	} else if(((cpt = cfgopt(copt, "TCPSocket")) != NULL) && cpt->enabled) {
1619 
-		int activeServers;
1620 
-
1621 
-		/*
1622 
-		 * TCPSocket is in fact a port number not a full socket
1623 
-		 */
1624 
-		if(quarantine_dir) {
1625 
-			fprintf(stderr, _("%s: --quarantine-dir not supported for TCPSocket - use --quarantine\n"), argv[0]);
1626 
-			return EX_CONFIG;
1627 
-		}
1628 
-
1629 
-		tcpSocket = (in_port_t)cpt->numarg;
1630 
-
1631 
-		/*
1632 
-		 * cli_strtok's fieldno counts from 0
1633 
-		 */
1634 
-		for(;;) {
1635 
-			char *hostname = cli_strtok(serverHostNames, numServers, ":");
1636 
-			if(hostname == NULL)
1637 
-				break;
1638 
-#ifdef	MAXHOSTNAMELEN
1639 
-			if(strlen(hostname) > MAXHOSTNAMELEN) {
1640 
-				fprintf(stderr, _("%s: hostname %s is longer than %d characters\n"),
1641 
-					argv[0], hostname, MAXHOSTNAMELEN);
1642 
-				return EX_CONFIG;
1643 
-			}
1644 
-#endif
1645 
-			numServers++;
1646 
-			free(hostname);
1647 
-		}
1648 
-
1649 
-#ifdef	CL_DEBUG
1650 
-		printf("numServers: %d\n", numServers);
1651 
-#endif
1652 
-
1653 
-		serverIPs = (in_addr_t *)cli_malloc(numServers * sizeof(in_addr_t));
1654 
-		if(serverIPs == NULL)
1655 
-			return EX_OSERR;
1656 
-		activeServers = 0;
1657 
-
1658 
-#ifdef	SESSION
1659 
-		/*
1660 
-		 * We need to know how many connexion to establish to clamd
1661 
-		 */
1662 
-		if(max_children == 0) {
1663 
-			fprintf(stderr, _("%s: --max-children must be given in sessions mode\n"), argv[0]);
1664 
-			return EX_CONFIG;
1665 
-		}
1666 
-#endif
1667 
-
1668 
-		if(numServers > max_children) {
1669 
-			fprintf(stderr, _("%1$s: --max-children (%2$d) is lower than the number of servers you have (%3$d)\n"),
1670 
-				argv[0], max_children, numServers);
1671 
-			return EX_CONFIG;
1672 
-		}
1673 
-
1674 
-		for(i = 0; i < numServers; i++) {
1675 
-#ifdef	MAXHOSTNAMELEN
1676 
-			char hostname[MAXHOSTNAMELEN + 1];
1677 
-
1678 
-			if(cli_strtokbuf(serverHostNames, i, ":", hostname) == NULL)
1679 
-				break;
1680 
-#else
1681 
-			char *hostname = cli_strtok(serverHostNames, i, ":");
1682 
-#endif
1683 
-
1684 
-			/*
1685 
-			 * Translate server's name to IP address
1686 
-			 */
1687 
-			serverIPs[i] = inet_addr(hostname);
1688 
-#ifdef	INADDR_NONE
1689 
-			if(serverIPs[i] == INADDR_NONE) {
1690 
-#else
1691 
-			if(serverIPs[i] == (in_addr_t)-1) {
1692 
-#endif
1693 
-				const struct hostent *h = gethostbyname(hostname);
1694 
-
1695 
-				if(h == NULL) {
1696 
-					fprintf(stderr, _("%s: Unknown host %s\n"),
1697 
-						argv[0], hostname);
1698 
-					return EX_USAGE;
1699 
-				}
1700 
-
1701 
-				memcpy((char *)&serverIPs[i], h->h_addr, sizeof(serverIPs[i]));
1702 
-			}
1703 
-
1704 
-#if	defined(NTRIES) && ((NTRIES > 1))
1705 
-#ifndef	SESSION
1706 
-#ifdef	INADDR_LOOPBACK
1707 
-			if(serverIPs[i] == htonl(INADDR_LOOPBACK)) {
1708 
-#else
1709 
-#if	HAVE_IN_ADDR_T
1710 
-			if(serverIPs[i] == (in_addr_t)inet_addr("127.0.0.1")) {
1711 
-#else
1712 
-			if(serverIPs[i] == (long)inet_addr("127.0.0.1")) {
1713 
-#endif
1714 
-#endif
1715 
-				int tries;
1716 
-
1717 
-				/*
1718 
-				 * Fudge to allow clamd to come up on
1719 
-				 * our local machine
1720 
-				 */
1721 
-				for(tries = 0; tries < NTRIES - 1; tries++) {
1722 
-					if(pingServer(i))
1723 
-						break;
1724 
-					if(checkClamd(1))	/* will try all servers */
1725 
-						break;
1726 
-					puts(_("Waiting for clamd to come up"));
1727 
-					/*
1728 
-					 * something to do as the system starts
1729 
-					 */
1730 
-					sync();
1731 
-					sleep(1);
1732 
-				}
1733 
-				/* Will try one more time */
1734 
-			}
1735 
-#endif	/* NTRIES > 1 */
1736 
-
1737 
-			if(pingServer(i))
1738 
-				activeServers++;
1739 
-			else {
1740 
-				printf(_("Can't talk to clamd server %s on port %d\n"),
1741 
-					hostname, tcpSocket);
1742 
-				if(serverIPs[i] == htonl(INADDR_LOOPBACK)) {
1743 
-					if(cfgopt(copt, "TCPAddr")->enabled)
1744 
-						printf(_("Check the value for TCPAddr in %s\n"), cfgfile);
1745 
-				} else
1746 
-					printf(_("Check the value for TCPAddr in clamd.conf on %s\n"), hostname);
1747 
-			}
1748 
-#endif
1749 
-
1750 
-#ifndef	MAXHOSTNAMELEN
1751 
-			free(hostname);
1752 
-#endif
1753 
-		}
1754 
-#ifdef	SESSION
1755 
-		activeServers = numServers;
1756 
-
1757 
-		sessions = (struct session *)cli_calloc(max_children, sizeof(struct session));
1758 
-		for(i = 0; i < (int)max_children; i++)
1759 
-			if(createSession(i) < 0)
1760 
-				return EX_UNAVAILABLE;
1761 
-		if(activeServers == 0) {
1762 
-			fprintf(stderr, _("Check your entry for TCPSocket in %s\n"),
1763 
-				cfgfile);
1764 
-		}
1765 
-#else
1766 
-		if(activeServers == 0) {
1767 
-			fprintf(stderr, _("Check your entry for TCPSocket in %s\n"),
1768 
-				cfgfile);
1769 
-			fputs(_("Can't find any clamd server\n"), stderr);
1770 
-			return EX_CONFIG;
1771 
-		}
1772 
-		last_failed_pings = (time_t *)cli_calloc(numServers, sizeof(time_t));
1773 
-#endif
1774 
-	} else {
1775 
-		fprintf(stderr, _("%s: You must select server type (local/TCP) in %s\n"),
1776 
-			argv[0], cfgfile);
1777 
-		return EX_CONFIG;
1778 
-	}
1779 
-
1780 
-#ifdef	SESSION
1781 
-	if(!external) {
1782 
-		if(clamav_versions == NULL) {
1783 
-			clamav_versions = (char **)cli_malloc(sizeof(char *));
1784 
-			if(clamav_versions == NULL)
1785 
-				return EX_TEMPFAIL;
1786 
-			clamav_version = cli_strdup(version);
1787 
-		}
1788 
-	} else {
1789 
-		unsigned int session;
1790 
-
1791 
-		/*
1792 
-		 * We need to know how many connexions to establish to clamd
1793 
-		 */
1794 
-		if(max_children == 0) {
1795 
-			fprintf(stderr, _("%s: --max-children must be given in sessions mode\n"), argv[0]);
1796 
-			return EX_CONFIG;
1797 
-		}
1798 
-
1799 
-		clamav_versions = (char **)cli_malloc(max_children * sizeof(char *));
1800 
-		if(clamav_versions == NULL)
1801 
-			return EX_TEMPFAIL;
1802 
-
1803 
-		for(session = 0; session < max_children; session++) {
1804 
-			clamav_versions[session] = cli_strdup(version);
1805 
-			if(clamav_versions[session] == NULL)
1806 
-				return EX_TEMPFAIL;
1807 
-		}
1808 
-	}
1809 
-#else
1810 
-	strcpy(clamav_version, version);
1811 
-#endif
1812 
-
1813 
-	if(((quarantine_dir == NULL) && localSocket) || !external) {
1814 
-		/* set the temporary dir */
1815 
-		if((cpt = cfgopt(copt, "TemporaryDirectory")) && cpt->enabled)
1816 
-			tmpdir = cpt->strarg;
1817 
-		else
1818 
-			tmpdir = cli_gentemp(NULL);
1819 
-
1820 
-		logg("#Making %s\n", tmpdir);
1821 
-
1822 
-		if(mkdir(tmpdir, 0700)) {
1823 
-			perror(tmpdir);
1824 
-			return EX_CANTCREAT;
1825 
-		}
1826 
-	} else
1827 
-		tmpdir = NULL;
1828 
-
1829 
-	if(report) {
1830 
-		if(!cfgopt(copt, "PhishingSignatures")->enabled) {
1831 
-			fprintf(stderr, "%s: You have chosen --report-phish, but PhishingSignatures is off in %s\n",
1832 
-				argv[0], cfgfile);
1833 
-			return EX_USAGE;
1834 
-		}
1835 
-		if((quarantine_dir == NULL) && (tmpdir == NULL)) {
1836 
-			/*
1837 
-			 * Limitation: doesn't store message in a temporary
1838 
-			 * file, so we won't be able to use mail < file
1839 
-			 */
1840 
-			fprintf(stderr, "%s: when using --external, --report-phish cannot be used without either LocalSocket or --quarantine-dir\n",
1841 
-				argv[0]);
1842 
-			return EX_USAGE;
1843 
-		}
1844 
-		if(lflag) {
1845 
-			/*
1846 
-			 * Naturally, if you attempt to scan the phish you've
1847 
-			 * just reported, it'll be blocked!
1848 
-			 */
1849 
-			fprintf(stderr, "%s: --report-phish cannot be used with --local\n",
1850 
-				argv[0]);
1851 
-			return EX_USAGE;
1852 
-		}
1853 
-	}
1854 
-	if(report_fps)
1855 
-		if(!cfgopt(copt, "PhishingSignatures")->enabled) {
1856 
-			fprintf(stderr, "%s: You have chosen --report-phish-false-positives, but PhishingSignatures is off in %s\n",
1857 
-				argv[0], cfgfile);
1858 
-			return EX_USAGE;
1859 
-		}
1860 
-
1861 
-	if(cfgopt(copt, "Foreground")->enabled)
1862 
-		logg_foreground = 1;
1863 
-	else {
1864 
-		logg_foreground = 0;
1865 
-#ifdef	CL_DEBUG
1866 
-		printf(_("When debugging it is recommended that you use Foreground mode in %s\n"), cfgfile);
1867 
-		puts(_("\tso that you can see all of the messages"));
1868 
-#endif
1869 
-
1870 
-		switch(fork()) {
1871 
-			case -1:
1872 
-				perror("fork");
1873 
-				return EX_OSERR;
1874 
-			case 0:	/* child */
1875 
-				break;
1876 
-			default:	/* parent */
1877 
-				return EX_OK;
1878 
-		}
1879 
-		close(0);
1880 
-		open("/dev/null", O_RDONLY);
1881 
-
1882 
-		/* initialize logger */
1883 
-		logg_time = cfgopt(copt, "LogTime")->enabled;
1884 
-		logok = cfgopt(copt, "LogClean")->enabled;
1885 
-		logg_size = cfgopt(copt, "LogFileMaxSize")->numarg;
1886 
-		logg_verbose = mprintf_verbose = cfgopt(copt, "LogVerbose")->enabled;
1887 
-
1888 
-		if(cfgopt(copt, "Debug")->enabled) /* enable debug messages in libclamav */
1889 
-			cl_debug();
1890 
-
1891 
-		if((cpt = cfgopt(copt, "LogFile"))->enabled) {
1892 
-			time_t currtime;
1893 
-
1894 
-			logg_file = cpt->strarg;
1895 
-			if((strlen(logg_file) < 2) ||
1896 
-			   ((logg_file[0] != '/') && (logg_file[0] != '\\') && (logg_file[1] != ':'))) {
1897 
-				fprintf(stderr, "ERROR: LogFile requires full path.\n");
1898 
-				logg_close();
1899 
-				freecfg(copt);
1900 
-				return 1;
1901 
-			}
1902 
-			time(&currtime);
1903 
-			close(1);
1904 
-			if(logg("#ClamAV-milter started at %s", ctime(&currtime))) {
1905 
-				fprintf(stderr, "ERROR: Problem with internal logger. Please check the permissions on the %s file.\n", logg_file);
1906 
-				logg_close();
1907 
-				freecfg(copt);
1908 
-				return 1;
1909 
-			}
1910 
-		} else {
1911 
-#ifdef	CL_DEBUG
1912 
-			close(1);
1913 
-			logg_file = console;
1914 
-			if(consolefd < 0) {
1915 
-				perror(console);
1916 
-				return EX_OSFILE;
1917 
-			}
1918 
-			dup(consolefd);
1919 
-#else
1920 
-			int fds[3];
1921 
-			logg_file = NULL;
1922 
-			if(chdir("/") < 0)
1923 
-				perror("/");
1924 
-			fds[0] = open("/dev/null", O_RDONLY);
1925 
-			fds[1] = open("/dev/null", O_WRONLY);
1926 
-			fds[2] = open("/dev/null", O_WRONLY);
1927 
-			for(i = 0; i <= 2; i++) {
1928 
-				if(fds[i] == -1 || dup2(fds[i], i) == -1) {
1929 
-					fprintf(stderr, "ERROR: failed to daemonize.\n");
1930 
-					logg_close();
1931 
-					freecfg(copt);
1932 
-					return 1;
1933 
-				}
1934 
-			}
1935 
-#endif
1936 
-		}
1937 
-
1938 
-		dup2(1, 2);
1939 
-
1940 
-#ifdef	CL_DEBUG
1941 
-		if(consolefd >= 0)
1942 
-			close(consolefd);
1943 
-#endif
1944 
-
1945 
-#ifdef HAVE_SETPGRP
1946 
-#ifdef SETPGRP_VOID
1947 
-		setpgrp();
1948 
-#else
1949 
-		setpgrp(0,0);
1950 
-#endif
1951 
-#else
1952 
-#ifdef HAVE_SETSID
1953 
-		setsid();
1954 
-#endif
1955 
-#endif
1956 
-	}
1957 
-
1958 
-	if(cfgopt(copt, "Debug")->enabled)
1959 
-		/*
1960 
-		 * enable debug messages in libclamav, --debug also does this
1961 
-		 */
1962 
-		cl_debug();
1963 
-
1964 
-	atexit(quit);
1965 
-
1966 
-	if(!external) {
1967 
-		if(!cfgopt(copt, "ScanMail")->enabled)
1968 
-			printf(_("%s: ScanMail not defined in %s (needed without --external), enabling\n"),
1969 
-				argv[0], cfgfile);
1970 
-
1971 
-		options |= CL_SCAN_MAIL;	/* no choice */
1972 
-		/*if(!cfgopt(copt, "ScanRAR")->enabled)
1973 
-			options |= CL_SCAN_DISABLERAR;*/
1974 
-		if(cfgopt(copt, "ArchiveBlockEncrypted")->enabled)
1975 
-			options |= CL_SCAN_BLOCKENCRYPTED;
1976 
-		if(cfgopt(copt, "ScanPE")->enabled)
1977 
-			options |= CL_SCAN_PE;
1978 
-		if(cfgopt(copt, "DetectBrokenExecutables")->enabled)
1979 
-			options |= CL_SCAN_BLOCKBROKEN;
1980 
-		if(cfgopt(copt, "MailFollowURLs")->enabled)
1981 
-			options |= CL_SCAN_MAILURL;
1982 
-		if(cfgopt(copt, "ScanOLE2")->enabled)
1983 
-			options |= CL_SCAN_OLE2;
1984 
-		if(cfgopt(copt, "ScanHTML")->enabled)
1985 
-			options |= CL_SCAN_HTML;
1986 
-
1987 
-		if(((cpt = cfgopt(copt, "MaxScanSize")) != NULL) && cpt->enabled)
1988 
-			maxscansize = cpt->numarg;
1989 
-		else
1990 
-			maxscansize = 104857600;
1991 
-		if(((cpt = cfgopt(copt, "MaxFileSize")) != NULL) && cpt->enabled)
1992 
-			maxfilesize = cpt->numarg;
1993 
-		else
1994 
-			maxfilesize = 10485760;
1995 
-
1996 
-		if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
1997 
-			if((rlim.rlim_max < maxfilesize) || (rlim.rlim_max < maxscansize))
1998 
-				logg("^System limit for file size is lower than maxfilesize or maxscansize\n");
1999 
-		} else {
2000 
-			logg("^Cannot obtain resource limits for file size\n");
2001 
-		}
2002 
-
2003 
-		if(((cpt = cfgopt(copt, "MaxRecursion")) != NULL) && cpt->enabled)
2004 
-			maxreclevel = cpt->numarg;
2005 
-		else
2006 
-			maxreclevel = 8;
2007 
-
2008 
-		if(((cpt = cfgopt(copt, "MaxFiles")) != NULL) && cpt->enabled)
2009 
-			maxfiles = cpt->numarg;
2010 
-		else
2011 
-			maxfiles = 1000;
2012 
-
2013 
-		if(cfgopt(copt, "ScanArchive")->enabled)
2014 
-			options |= CL_SCAN_ARCHIVE;
2015 
-	}
2016 
-
2017 
-	pthread_create(&tid, NULL, watchdog, NULL);
2018 
-
2019 
-	broadcast(_("Starting clamav-milter"));
2020 
-
2021 
-	if(rootdir) {
2022 
-		if(getuid() == 0) {
2023 
-			if(chdir(rootdir) < 0) {
2024 
-				perror(rootdir);
2025 
-				logg("!chdir %s failed\n", rootdir);
2026 
-				return EX_CONFIG;
2027 
-			}
2028 
-			if(chroot(rootdir) < 0) {
2029 
-				perror(rootdir);
2030 
-				logg("!chroot %s failed\n", rootdir);
2031 
-				return EX_CONFIG;
2032 
-			}
2033 
-			logg("Chrooted to %s\n", rootdir);
2034 
-		} else {
2035 
-			logg("!chroot option needs root\n");
2036 
-			return EX_CONFIG;
2037 
-		}
2038 
-	}
2039 
-
2040 
-	if(pidfile) {
2041 
-		/* save the PID */
2042 
-		char *p, *q;
2043 
-		FILE *fd;
2044 
-		const mode_t old_umask = umask(0006);
2045 
-
2046 
-		if(pidfile[0] != '/') {
2047 
-			logg(_("!pidfile: '%s' must be a full pathname"),
2048 
-				pidfile);
2049 
-
2050 
-			return EX_CONFIG;
2051 
-		}
2052 
-		p = cli_strdup(pidfile);
2053 
-		q = strrchr(p, '/');
2054 
-		*q = '\0';
2055 
-
2056 
-		if(rootdir == NULL)
2057 
-			if(chdir(p) < 0)	/* safety */
2058 
-				perror(p);
2059 
-
2060 
-		free(p);
2061 
-
2062 
-		if((fd = fopen(pidfile, "w")) == NULL) {
2063 
-			logg(_("!Can't save PID in file %s\n"), pidfile);
2064 
-			return EX_CONFIG;
2065 
-		}
2066 
-#ifdef	C_LINUX
2067 
-		/* Ensure that all threads are kill()ed */
2068 
-		fprintf(fd, "-%d\n", (int)getpgrp());
2069 
-#else
2070 
-		fprintf(fd, "%d\n", (int)getpid());
2071 
-#endif
2072 
-		fclose(fd);
2073 
-		umask(old_umask);
2074 
-	} else if(tmpdir) {
2075 
-		if(rootdir == NULL)
2076 
-			if(chdir(tmpdir) < 0) {	/* safety */
2077 
-				perror(tmpdir);
2078 
-				logg("!chdir %s failed\n", tmpdir);
2079 
-			}
2080 
-	} else
2081 
-		if(rootdir == NULL)
2082 
-#ifdef	P_tmpdir
2083 
-			if(chdir(P_tmpdir) < 0) {
2084 
-				perror(P_tmpdir);
2085 
-				logg("!chdir %s failed\n", P_tmpdir);
2086 
-			}
2087 
-#else
2088 
-			if(chdir("/tmp") < 0) {
2089 
-				perror("/tmp");
2090 
-				logg("!chdir /tmp failed\n", P_tmpdir);
2091 
-			}
2092 
-#endif
2093 
-
2094 
-	if(smfi_setconn(port) == MI_FAILURE) {
2095 
-		logg("!smfi_setconn failure\n");
2096 
-		return EX_SOFTWARE;
2097 
-	}
2098 
-
2099 
-	if(smfi_register(smfilter) == MI_FAILURE) {
2100 
-		fprintf(stderr, "smfi_register failure, ensure that you have linked against the correct version of sendmail\n");
2101 
-		return EX_UNAVAILABLE;
2102 
-	}
2103 
-
2104 
-#if	((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) && (SENDMAIL_VERSION_B >= 13)))
2105 
-	if(smfi_opensocket(1) == MI_FAILURE) {
2106 
-		perror(port);
2107 
-		fprintf(stderr, "Can't open/create %s\n", port);
2108 
-		return EX_CONFIG;
2109 
-	}
2110 
-#endif
2111 
-
2112 
-	signal(SIGPIPE, SIG_IGN);	/* libmilter probably does this as well */
2113 
-	signal(SIGXFSZ, SIG_IGN); /* TODO: check if it's safe to call signal() here */
2114 
-
2115 
-#ifdef	SESSION
2116 
-	pthread_mutex_lock(&version_mutex);
2117 
-#endif
2118 
-	logg(_("Starting %s\n"), clamav_version);
2119 
-	logg(_("*Debugging is on\n"));
2120 
-
2121 
-#ifdef HAVE_RESOLV_H
2122 
-#if ! defined(HAVE_LRESOLV_R)
2123 
-	if(!(_res.options&RES_INIT))
2124 
-		if(res_init() < 0) {
2125 
-			fprintf(stderr, "%s: Can't initialise the resolver\n",
2126 
-				argv[0]);
2127 
-			return EX_UNAVAILABLE;
2128 
-		}
2129 
-#endif
2130 
-	if(blacklist_time) {
2131 
-		char name[MAXHOSTNAMELEN + 1];
2132 
-
2133 
-		if(gethostname(name, sizeof(name)) < 0) {
2134 
-			perror("gethostname");
2135 
-			return EX_UNAVAILABLE;
2136 
-		}
2137 
-
2138 
-		blacklist = mx(name, NULL);
2139 
-		if(blacklist)
2140 
-			/* We must never blacklist ourself */
2141 
-			tableInsert(blacklist, "127.0.0.1", 0);
2142 
-
2143 
-		if(wont_blacklist) {
2144 
-			char *w;
2145 
-
2146 
-			i = 0;
2147 
-			while((w = cli_strtok(wont_blacklist, i++, ",")) != NULL) {
2148 
-				(void)tableInsert(blacklist, w, 0);
2149 
-				free(w);
2150 
-			}
2151 
-		}
2152 
-		tableIterate(blacklist, dump_blacklist, NULL);
2153 
-	}
2154 
-#endif /* HAVE_RESOLV_H */
2155 
-
2156 
-#ifdef	SESSION
2157 
-	pthread_mutex_unlock(&version_mutex);
2158 
-#endif
2159 
-
2160 
-	(void)signal(SIGSEGV, sigsegv);
2161 
-	if(!logg_foreground)
2162 
-		(void)signal(SIGUSR1, sigusr1);
2163 
-	if(!external)
2164 
-		(void)signal(SIGUSR2, sigusr2);
2165 
-
2166 
-	return smfi_main();
2167 
-}
2168 
-
2169 
-#ifdef	SESSION
2170 
-/*
2171 
- * Use the SESSION command of clamd.
2172 
- * Returns -1 for terminal failure, 0 for OK, 1 for nonterminal failure
2173 
- * The caller must take care of locking the sessions array
2174 
- */
2175 
-static int
2176 
-createSession(unsigned int s)
2177 
-{
2178 
-	int ret = 0, fd;
2179 
-	const int serverNumber = s % numServers;
2180 
-	struct session *session = &sessions[s];
2181 
-	const struct protoent *proto;
2182 
-	struct sockaddr_in server;
2183 
-
2184 
-	logg("#createSession session %d, server %d\n", s, serverNumber);
2185 
-	assert(s < max_children);
2186 
-
2187 
-	memset((char *)&server, 0, sizeof(struct sockaddr_in));
2188 
-	server.sin_family = AF_INET;
2189 
-	server.sin_port = (in_port_t)htons(tcpSocket);
2190 
-
2191 
-	server.sin_addr.s_addr = serverIPs[serverNumber];
2192 
-
2193 
-	session->sock = -1;
2194 
-	proto = getprotobyname("tcp");
2195 
-	if(proto == NULL) {
2196 
-		fputs("Unknown prototol tcp, check /etc/protocols\n", stderr);
2197 
-		fd = ret = -1;
2198 
-	} else if((fd = socket(AF_INET, SOCK_STREAM, proto->p_proto)) < 0) {
2199 
-		perror("socket");
2200 
-		ret = -1;
2201 
-	} else if(connect(fd, (struct sockaddr *)&server, sizeof(struct sockaddr_in)) < 0) {
2202 
-		perror("connect");
2203 
-		ret = 1;
2204 
-	} else if(send(fd, "SESSION\n", 8, 0) < 8) {
2205 
-		perror("send");
2206 
-		ret = 1;
2207 
-	}
2208 
-
2209 
-	if(ret != 0) {
2210 
-#ifdef	MAXHOSTNAMELEN
2211 
-		char hostname[MAXHOSTNAMELEN + 1];
2212 
-
2213 
-		cli_strtokbuf(serverHostNames, serverNumber, ":", hostname);
2214 
-		if(strcmp(hostname, "127.0.0.1") == 0)
2215 
-			gethostname(hostname, sizeof(hostname));
2216 
-#else
2217 
-		char *hostname = cli_strtok(serverHostNames, serverNumber, ":");
2218 
-#endif
2219 
-
2220 
-		session->status = CMDSOCKET_DOWN;
2221 
-
2222 
-		if(fd >= 0)
2223 
-			close(fd);
2224 
-
2225 
-		logg(_("^Check clamd server %s - it may be down\n"), hostname);
2226 
-#ifndef	MAXHOSTNAMELEN
2227 
-		free(hostname);
2228 
-#endif
2229 
-
2230 
-		broadcast(_("Check clamd server - it may be down"));
2231 
-	} else
2232 
-		session->sock = fd;
2233 
-
2234 
-	return ret;
2235 
-}
2236 
-
2237 
-#else
2238 
-
2239 
-/*
2240 
- * Verify that the server is where we think it is
2241 
- * Returns true or false
2242 
- *
2243 
- * serverNumber counts from 0, but is only used for TCPSocket
2244 
- */
2245 
-static int
2246 
-pingServer(int serverNumber)
2247 
-{
2248 
-	char *ptr;
2249 
-	int sock;
2250 
-	long nbytes;
2251 
-	char buf[128];
2252 
-
2253 
-	if(localSocket) {
2254 
-		struct sockaddr_un server;
2255 
-
2256 
-		memset((char *)&server, 0, sizeof(struct sockaddr_un));
2257 
-		server.sun_family = AF_UNIX;
2258 
-		strncpy(server.sun_path, localSocket, sizeof(server.sun_path));
2259 
-		server.sun_path[sizeof(server.sun_path)-1]='\0';
2260 
-
2261 
-		if((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
2262 
-			perror(localSocket);
2263 
-			return 0;
2264 
-		}
2265 
-		checkClamd(1);
2266 
-		if(connect(sock, (struct sockaddr *)&server, sizeof(struct sockaddr_un)) < 0) {
2267 
-			perror(localSocket);
2268 
-			close(sock);
2269 
-			return 0;
2270 
-		}
2271 
-	} else {
2272 
-		struct sockaddr_in server;
2273 
-		char *hostname;
2274 
-
2275 
-		memset((char *)&server, 0, sizeof(struct sockaddr_in));
2276 
-		server.sin_family = AF_INET;
2277 
-		server.sin_port = (in_port_t)htons(tcpSocket);
2278 
-
2279 
-		assert(serverIPs != NULL);
2280 
-#ifdef	INADDR_NONE
2281 
-		assert(serverIPs[0] != INADDR_NONE);
2282 
-#else
2283 
-		assert(serverIPs[0] != (in_addr_t)-1);
2284 
-#endif
2285 
-
2286 
-		server.sin_addr.s_addr = serverIPs[serverNumber];
2287 
-
2288 
-		if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
2289 
-			perror("socket");
2290 
-			return 0;
2291 
-		}
2292 
-		hostname = cli_strtok(serverHostNames, serverNumber, ":");
2293 
-		/*
2294 
-		 * FIXME: use non-blocking connect, once the code is
2295 
-		 * amalgomated
2296 
-		 */
2297 
-		if(nonblock_connect(sock, &server, hostname) < 0) {
2298 
-			int is_connected = 0;
2299 
-
2300 
-#if	(!defined(NTRIES)) || ((NTRIES <= 1))
2301 
-			if(errno == ECONNREFUSED) {
2302 
-				/*
2303 
-				 * During startup there is a race condition:
2304 
-				 * clamd can start and fork, then rc will start
2305 
-				 * clamav-milter before clamd has run accept(2),
2306 
-				 * so we fail to connect.
2307 
-				 * In case this is the situation here, we wait
2308 
-				 * for a couple of seconds and try again. The
2309 
-				 * sync() is because during startup the machine
2310 
-				 * won't be doing much for most of the time, so
2311 
-				 * we may as well do something constructive!
2312 
-				 */
2313 
-				sync();
2314 
-				sleep(2);
2315 
-				if(nonblock_connect(sock, &server, hostname) >= 0)
2316 
-					is_connected = 1;
2317 
-			}
2318 
-#endif
2319 
-			if(!is_connected) {
2320 
-				if(errno != EINPROGRESS)
2321 
-					perror(hostname ? hostname : "connect");
2322 
-				close(sock);
2323 
-				if(hostname)
2324 
-					free(hostname);
2325 
-				return 0;
2326 
-			}
2327 
-		}
2328 
-		if(hostname)
2329 
-			free(hostname);
2330 
-	}
2331 
-
2332 
-	/*
2333 
-	 * It would be better to use PING, check for PONG then issue the
2334 
-	 * VERSION command, since that would better validate that we're
2335 
-	 * talking to clamd, however clamd closes the session after
2336 
-	 * sending PONG :-(
2337 
-	 * So this code does not really validate that we're talking to clamd
2338 
-	 * Needs a fix to clamd
2339 
-	 * Also version command is verbose: says "clamd / ClamAV version"
2340 
-	 * instead of "clamAV version"
2341 
-	 */
2342 
-	logg("#pingServer%d: sending VERSION\n", serverNumber);
2343 
-	if(send(sock, "VERSION\n", 8, 0) < 8) {
2344 
-		perror("send");
2345 
-		return close(sock);
2346 
-	}
2347 
-
2348 
-	shutdown(sock, SHUT_WR);
2349 
-
2350 
-	nbytes = clamd_recv(sock, buf, sizeof(buf) - 1);
2351 
-
2352 
-	close(sock);
2353 
-
2354 
-	if(nbytes < 0) {
2355 
-		perror("recv");
2356 
-		return 0;
2357 
-	}
2358 
-	if(nbytes == 0)
2359 
-		return 0;
2360 
-
2361 
-	buf[nbytes] = '\0';
2362 
-
2363 
-	/* Remove the trailing new line from the reply */
2364 
-	if((ptr = strchr(buf, '\n')) != NULL)
2365 
-		*ptr = '\0';
2366 
-
2367 
-	/*
2368 
-	 * No real validation is done here
2369 
-	 *
2370 
-	 * TODO: When connecting to more than one server, give a warning
2371 
-	 *	if they're running different versions, or if the virus DBs
2372 
-	 *	are out of date (say more than a month old)
2373 
-	 */
2374 
-	snprintf(clamav_version, sizeof(clamav_version) - 1,
2375 
-		"%s\n\tclamav-milter version %s",
2376 
-		buf, get_version());
2377 
-
2378 
-	return 1;
2379 
-}
2380 
-#endif
2381 
-
2382 
-/*
2383 
- * Find the best server to connect to. No intelligence to this.
2384 
- * It is best to weight the order of the servers from most wanted to least
2385 
- * wanted
2386 
- *
2387 
- * Return value is from 0 - index into sessions array
2388 
- *
2389 
- * If the load balancing fails return the first server in the list, not
2390 
- * an error, to be on the safe side
2391 
- */
2392 
-#ifdef	SESSION
2393 
-static int
2394 
-findServer(void)
2395 
-{
2396 
-	unsigned int i, j;
2397 
-	struct session *session;
2398 
-
2399 
-	/*
2400 
-	 * FIXME: Sessions code isn't flexible at handling servers
2401 
-	 *	appearing and disappearing, e.g. sessions[n_children].sock == -1
2402 
-	 */
2403 
-	i = 0;
2404 
-	pthread_mutex_lock(&n_children_mutex);
2405 
-	assert(n_children > 0);
2406 
-	assert(n_children <= max_children);
2407 
-	j = n_children - 1;
2408 
-	pthread_mutex_unlock(&n_children_mutex);
2409 
-
2410 
-	pthread_mutex_lock(&sstatus_mutex);
2411 
-	for(; i < max_children; i++) {
2412 
-		const int sess = (j + i) % max_children;
2413 
-
2414 
-		session = &sessions[sess];
2415 
-		logg("#findServer: try server %d\n", sess);
2416 
-		if(session->status == CMDSOCKET_FREE) {
2417 
-			session->status = CMDSOCKET_INUSE;
2418 
-			pthread_mutex_unlock(&sstatus_mutex);
2419 
-			return sess;
2420 
-		}
2421 
-	}
2422 
-	pthread_mutex_unlock(&sstatus_mutex);
2423 
-
2424 
-	/*
2425 
-	 * No session free - wait until one comes available. Only
2426 
-	 * retries once.
2427 
-	 */
2428 
-	if(pthread_cond_broadcast(&watchdog_cond) < 0)
2429 
-		perror("pthread_cond_broadcast");
2430 
-
2431 
-	i = 0;
2432 
-	session = sessions;
2433 
-	pthread_mutex_lock(&sstatus_mutex);
2434 
-	for(; i < max_children; i++, session++) {
2435 
-		logg("#findServer: try server %d\n", i);
2436 
-		if(session->status == CMDSOCKET_FREE) {
2437 
-			session->status = CMDSOCKET_INUSE;
2438 
-			pthread_mutex_unlock(&sstatus_mutex);
2439 
-			return i;
2440 
-		}
2441 
-	}
2442 
-	pthread_mutex_unlock(&sstatus_mutex);
2443 
-
2444 
-	logg(_("^No free clamd sessions\n"));
2445 
-
2446 
-	return -1;	/* none available - must fail */
2447 
-}
2448 
-#else
2449 
-/*
2450 
- * Return value is from 0 - index into serverIPs
2451 
- */
2452 
-static int
2453 
-findServer(void)
2454 
-{
2455 
-	struct sockaddr_in *servers, *server;
2456 
-	int maxsock, i, j, active;
2457 
-	int retval;
2458 
-	pthread_t *tids;
2459 
-	struct try_server_struct *socks;
2460 
-	fd_set rfds;
2461 
-
2462 
-	assert(tcpSocket != 0);
2463 
-	assert(numServers > 0);
2464 
-
2465 
-	if(numServers == 1)
2466 
-		return 0;
2467 
-
2468 
-	if(active_servers(&active) <= 1)
2469 
-		return active;
2470 
-
2471 
-	servers = (struct sockaddr_in *)cli_calloc(numServers, sizeof(struct sockaddr_in));
2472 
-	if(servers == NULL)
2473 
-		return 0;
2474 
-	socks = (struct try_server_struct *)cli_malloc(numServers * sizeof(struct try_server_struct));
2475 
-
2476 
-	if(max_children > 0) {
2477 
-		assert(n_children > 0);
2478 
-		assert(n_children <= max_children);
2479 
-
2480 
-		/*
2481 
-		 * Don't worry about no lock - it's doesn't matter if it's
2482 
-		 * not really accurate
2483 
-		 */
2484 
-		j = n_children - 1;	/* look at the next free one */
2485 
-		if(j < 0)
2486 
-			j = 0;
2487 
-	} else
2488 
-		/*
2489 
-		 * cli_rndnum returns 0..max
2490 
-		 */
2491 
-		j = cli_rndnum(numServers - 1);
2492 
-
2493 
-	for(i = 0; i < numServers; i++)
2494 
-		socks[i].sock = -1;
2495 
-
2496 
-	tids = cli_malloc(numServers * sizeof(pthread_t));
2497 
-
2498 
-	for(i = 0, server = servers; i < numServers; i++, server++) {
2499 
-		int sock;
2500 
-		int server_index = (i + j) % numServers;
2501 
-
2502 
-		server->sin_family = AF_INET;
2503 
-		server->sin_port = (in_port_t)htons(tcpSocket);
2504 
-		server->sin_addr.s_addr = serverIPs[server_index];
2505 
-
2506 
-		logg("*findServer: try server %d\n", server_index);
2507 
-
2508 
-		sock = socks[i].sock = socket(AF_INET, SOCK_STREAM, 0);
2509 
-
2510 
-		if(sock < 0) {
2511 
-			perror("socket");
2512 
-			while(i--) {
2513 
-				pthread_join(tids[i], NULL);
2514 
-				if(socks[i].sock >= 0)
2515 
-					close(socks[i].sock);
2516 
-			}
2517 
-			free(socks);
2518 
-			free(servers);
2519 
-			free(tids);
2520 
-			return 0;	/* Use the first server on failure */
2521 
-		}
2522 
-
2523 
-		socks[i].server = server;
2524 
-		socks[i].server_index = server_index;
2525 
-
2526 
-		if(pthread_create(&tids[i], NULL, try_server, &socks[i]) != 0) {
2527 
-			perror("pthread_create");
2528 
-			j = i;
2529 
-			do {
2530 
-				if (j!=i) pthread_join(tids[i], NULL);
2531 
-				if(socks[i].sock >= 0)
2532 
-					close(socks[i].sock);
2533 
-			} while(--i >= 0);
2534 
-			free(socks);
2535 
-			free(servers);
2536 
-			free(tids);
2537 
-			return 0;	/* Use the first server on failure */
2538 
-		}
2539 
-	}
2540 
-
2541 
-	maxsock = -1;
2542 
-	FD_ZERO(&rfds);
2543 
-
2544 
-	for(i = 0; i < numServers; i++) {
2545 
-		struct try_server_struct *rc;
2546 
-
2547 
-		pthread_join(tids[i], (void **)&rc);
2548 
-		assert(rc->sock == socks[i].sock);
2549 
-		if(rc->rc == 0) {
2550 
-			close(rc->sock);
2551 
-			socks[i].sock = -1;
2552 
-		} else {
2553 
-			shutdown(rc->sock, SHUT_WR);
2554 
-			FD_SET(rc->sock, &rfds);
2555 
-			if(rc->sock > maxsock)
2556 
-				maxsock = rc->sock;
2557 
-		}
2558 
-	}
2559 
-
2560 
-	free(servers);
2561 
-	free(tids);
2562 
-
2563 
-	if(maxsock == -1) {
2564 
-		logg(_("^Couldn't establish a connexion to any clamd server\n"));
2565 
-		retval = 0;
2566 
-	} else {
2567 
-		struct timeval tv;
2568 
-
2569 
-		tv.tv_sec = readTimeout ? readTimeout : DEFAULT_TIMEOUT;
2570 
-		tv.tv_usec = 0;
2571 
-
2572 
-		retval = select(maxsock + 1, &rfds, NULL, NULL, &tv);
2573 
-	}
2574 
-
2575 
-	if(retval < 0)
2576 
-		perror("select");
2577 
-
2578 
-	for(i = 0; i < numServers; i++)
2579 
-		if(socks[i].sock >= 0)
2580 
-			close(socks[i].sock);
2581 
-
2582 
-	if(retval == 0) {
2583 
-		free(socks);
2584 
-		clamdIsDown();
2585 
-		return 0;
2586 
-	} else if(retval < 0) {
2587 
-		free(socks);
2588 
-		logg(_("^findServer: select failed (maxsock = %d)\n"), maxsock);
2589 
-		return 0;
2590 
-	}
2591 
-
2592 
-	for(i = 0; i < numServers; i++)
2593 
-		if((socks[i].sock >= 0) && (FD_ISSET(socks[i].sock, &rfds))) {
2594 
-			const int s = (i + j) % numServers;
2595 
-
2596 
-			free(socks);
2597 
-			logg("*findServer: use server %d\n", s);
2598 
-			return s;
2599 
-		}
2600 
-
2601 
-	free(socks);
2602 
-	logg(_("^findServer: No response from any server\n"));
2603 
-	return 0;
2604 
-}
2605 
-
2606 
-/*
2607 
- * How many servers are up at the moment? If a server is marked as down,
2608 
- *	don't keep on flooding it with requests to see if it's now back up
2609 
- * If only one server is active, let the caller know, which server is the
2610 
- *	active one
2611 
- */
2612 
-static int
2613 
-active_servers(int *active)
2614 
-{
2615 
-	int server, count;
2616 
-	time_t now = (time_t)0;
2617 
-
2618 
-	for(count = server = 0; server < numServers; server++)
2619 
-		if(last_failed_pings[server] == (time_t)0) {
2620 
-			*active = server;
2621 
-			count++;
2622 
-		} else {
2623 
-			if(now == (time_t)0)
2624 
-				time(&now);
2625 
-			if(now - last_failed_pings[server] >= RETRY_SECS)
2626 
-				/* Try this server again next time */
2627 
-				last_failed_pings[server] = (time_t)0;
2628 
-		}
2629 
-
2630 
-	if(count != 1)
2631 
-		*active = 0;
2632 
-	return count;
2633 
-}
2634 
-
2635 
-/*
2636 
- * Connecting to remote servers can take some time, so let's connect to
2637 
- *	them in parallel. This routine is started as a thread
2638 
- */
2639 
-static void *
2640 
-try_server(void *var)
2641 
-{
2642 
-	struct try_server_struct *s = (struct try_server_struct *)var;
2643 
-	int sock = s->sock;
2644 
-	struct sockaddr *server = (struct sockaddr *)s->server;
2645 
-	int server_index = s->server_index;
2646 
-
2647 
-	if(last_failed_pings[server_index]) {
2648 
-		s->rc = 0;
2649 
-		return var;
2650 
-	}
2651 
-
2652 
-	logg("*try_server: sock %d\n", sock);
2653 
-
2654 
-	if((connect(sock, server, sizeof(struct sockaddr)) < 0) ||
2655 
-	   (send(sock, "PING\n", 5, 0) < 5)) {
2656 
-		time(&last_failed_pings[server_index]);
2657 
-		s->rc = 0;
2658 
-	} else
2659 
-		s->rc = 1;
2660 
-
2661 
-	if(s->rc == 0) {
2662 
-#ifdef	MAXHOSTNAMELEN
2663 
-		char hostname[MAXHOSTNAMELEN + 1];
2664 
-
2665 
-		cli_strtokbuf(serverHostNames, server_index, ":", hostname);
2666 
-		if(strcmp(hostname, "127.0.0.1") == 0)
2667 
-			gethostname(hostname, sizeof(hostname));
2668 
-#else
2669 
-		char *hostname = cli_strtok(serverHostNames, server_index, ":");
2670 
-#endif
2671 
-		perror(hostname);
2672 
-		logg(_("^Check clamd server %s - it may be down\n"), hostname);
2673 
-#ifndef	MAXHOSTNAMELEN
2674 
-		free(hostname);
2675 
-#endif
2676 
-		broadcast(_("Check clamd server - it may be down\n"));
2677 
-	}
2678 
-
2679 
-	return var;
2680 
-}
2681 
-#endif
2682 
-
2683 
-/*
2684 
- * Sendmail wants to establish a connexion to us
2685 
- * TODO: is it possible (desirable?) to determine if the remote machine has been
2686 
- *	compromised?
2687 
- */
2688 
-static sfsistat
2689 
-clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
2690 
-{
2691 
-#if	defined(HAVE_INET_NTOP) || defined(WITH_TCPWRAP)
2692 
-	char ip[INET6_ADDRSTRLEN];
2693 
-#endif
2694 
-	int t;
2695 
-	const char *remoteIP;
2696 
-	struct privdata *privdata;
2697 
-
2698 
-	if(quitting)
2699 
-		return cl_error;
2700 
-
2701 
-	if(ctx == NULL) {
2702 
-		logg(_("!clamfi_connect: ctx is null"));
2703 
-		return cl_error;
2704 
-	}
2705 
-	if(hostname == NULL) {
2706 
-		logg(_("!clamfi_connect: hostname is null"));
2707 
-		return cl_error;
2708 
-	}
2709 
-	if(smfi_getpriv(ctx) != NULL) {
2710 
-		/* More than one connexion command, "can't happen" */
2711 
-		logg("^clamfi_connect: called more than once\n");
2712 
-		clamfi_cleanup(ctx);
2713 
-		return cl_error;
2714 
-	}
2715 
-#ifdef AF_INET6
2716 
-	if((hostaddr == NULL) ||
2717 
-	   ((hostaddr->sa_family == AF_INET) && (&(((struct sockaddr_in *)(hostaddr))->sin_addr) == NULL)) ||
2718 
-	   ((hostaddr->sa_family == AF_INET6) && (&(((struct sockaddr_in6 *)(hostaddr))->sin6_addr) == NULL)))
2719 
-#else
2720 
-	if((hostaddr == NULL) || (&(((struct sockaddr_in *)(hostaddr))->sin_addr) == NULL))
2721 
-#endif
2722 
-		/*
2723 
-		 * According to the sendmail API hostaddr is NULL if
2724 
-		 * "the type is not supported in the current version". What
2725 
-		 * the documentation doesn't say is the type of what.
2726 
-		 *
2727 
-		 * Possibly the input is not a TCP/IP socket e.g. stdin?
2728 
-		 */
2729 
-		remoteIP = "127.0.0.1";
2730 
-	else {
2731 
-#ifdef HAVE_INET_NTOP
2732 
-		switch(hostaddr->sa_family) {
2733 
-			case AF_INET:
2734 
-				remoteIP = (const char *)inet_ntop(AF_INET, &((struct sockaddr_in *)(hostaddr))->sin_addr, ip, sizeof(ip));
2735 
-				break;
2736 
-#ifdef AF_INET6
2737 
-			case AF_INET6:
2738 
-				remoteIP = (const char *)inet_ntop(AF_INET6, &((struct sockaddr_in6 *)(hostaddr))->sin6_addr, ip, sizeof(ip));
2739 
-				break;
2740 
-#endif
2741 
-			default:
2742 
-				logg(_("clamfi_connect: Unexpected sa_family %d\n"),
2743 
-					hostaddr->sa_family);
2744 
-				return cl_error;
2745 
-		}
2746 
-
2747 
-#else
2748 
-		remoteIP = inet_ntoa(((struct sockaddr_in *)(hostaddr))->sin_addr);
2749 
-#endif
2750 
-
2751 
-		if(remoteIP == NULL) {
2752 
-			logg(_("clamfi_connect: remoteIP is null"));
2753 
-			return cl_error;
2754 
-		}
2755 
-	}
2756 
-
2757 
-#ifdef	CL_DEBUG
2758 
-	if(debug_level >= 4) {
2759 
-		if(hostname[0] == '[')
2760 
-			logg(_("clamfi_connect: connexion from %s"), remoteIP);
2761 
-		else
2762 
-			logg(_("clamfi_connect: connexion from %s [%s]"), hostname, remoteIP);
2763 
-	}
2764 
-#endif
2765 
-
2766 
-#ifdef	WITH_TCPWRAP
2767 
-	/*
2768 
-	 * Support /etc/hosts.allow and /etc/hosts.deny
2769 
-	 */
2770 
-	if(strncasecmp(port, "inet:", 5) == 0) {
2771 
-		const char *hostmail;
2772 
-		struct hostent hostent;
2773 
-		char buf[BUFSIZ];
2774 
-		static pthread_mutex_t wrap_mutex = PTHREAD_MUTEX_INITIALIZER;
2775 
-
2776 
-		/*
2777 
-		 * Using TCP/IP for the sendmail->clamav-milter connexion
2778 
-		 */
2779 
-		if(((hostmail = smfi_getsymval(ctx, "{if_name}")) == NULL) &&
2780 
-		   ((hostmail = smfi_getsymval(ctx, "j")) == NULL)) {
2781 
-			logg(_("Can't get sendmail hostname"));
2782 
-			return cl_error;
2783 
-		}
2784 
-		/*
2785 
-		 * Use hostmail for error statements, not hostname, suggestion
2786 
-		 * by Yar Tikhiy <yar@comp.chem.msu.su>
2787 
-		 */
2788 
-		if(r_gethostbyname(hostmail, &hostent, buf, sizeof(buf)) != 0) {
2789 
-			logg(_("^Access Denied: Host Unknown (%s)"), hostmail);
2790 
-			if(hostmail[0] == '[')
2791 
-				/*
2792 
-				 * A case could be made that it's not clamAV's
2793 
-				 * job to check a system's DNS configuration
2794 
-				 * and let this message through. However I am
2795 
-				 * just too worried about any knock on effects
2796 
-				 * to do that...
2797 
-				 */
2798 
-				logg(_("^Can't find entry for IP address %s in DNS - check your DNS setting\n"),
2799 
-					hostmail);
2800 
-			return cl_error;
2801 
-		}
2802 
-
2803 
-#ifdef HAVE_INET_NTOP
2804 
-		if(hostent.h_addr &&
2805 
-		   (inet_ntop(AF_INET, (struct in_addr *)hostent.h_addr, ip, sizeof(ip)) == NULL)) {
2806 
-			perror(hostent.h_name);
2807 
-			/*strcpy(ip, (char *)inet_ntoa(*(struct in_addr *)hostent.h_addr));*/
2808 
-			logg(_("^Access Denied: Can't get IP address for (%s)"), hostent.h_name);
2809 
-			return cl_error;
2810 
-		}
2811 
-#else
2812 
-		strncpy(ip, (char *)inet_ntoa(*(struct in_addr *)hostent.h_addr), sizeof(ip));
2813 
-		ip[sizeof(ip)-1]='\0';
2814 
-#endif
2815 
-
2816 
-		/*
2817 
-		 * Ask is this is a allowed name or IP number
2818 
-		 *
2819 
-		 * hosts_ctl uses strtok so it is not thread safe, see
2820 
-		 * hosts_access(3)
2821 
-		 */
2822 
-		pthread_mutex_lock(&wrap_mutex);
2823 
-		if(!hosts_ctl(progname, hostent.h_name, ip, STRING_UNKNOWN)) {
2824 
-			pthread_mutex_unlock(&wrap_mutex);
2825 
-			logg(_("^Access Denied for %s[%s]"), hostent.h_name, ip);
2826 
-			return SMFIS_TEMPFAIL;
2827 
-		}
2828 
-		pthread_mutex_unlock(&wrap_mutex);
2829 
-	}
2830 
-#endif	/*WITH_TCPWRAP*/
2831 
-
2832 
-	if(fflag)
2833 
-		/*
2834 
-		 * Patch from "Richard G. Roberto" <rgr@dedlegend.com>
2835 
-		 * Always scan whereever the message is from
2836 
-		 */
2837 
-		return SMFIS_CONTINUE;
2838 
-
2839 
-	if(!oflag)
2840 
-		if(strcmp(remoteIP, "127.0.0.1") == 0) {
2841 
-			logg(_("*clamfi_connect: not scanning outgoing messages"));
2842 
-			return SMFIS_ACCEPT;
2843 
-		}
2844 
-
2845 
-	if((!lflag) && isLocal(remoteIP)) {
2846 
-#ifdef	CL_DEBUG
2847 
-		logg(_("*clamfi_connect: not scanning local messages\n"));
2848 
-#endif
2849 
-		return SMFIS_ACCEPT;
2850 
-	}
2851 
-
2852 
-#if	defined(HAVE_INET_NTOP) || defined(WITH_TCPWRAP)
2853 
-	if(detect_forged_local_address && !isLocal(ip)) {
2854 
-#else
2855 
-	if(detect_forged_local_address && !isLocal(remoteIP)) {
2856 
-#endif
2857 
-		char me[MAXHOSTNAMELEN + 1];
2858 
-
2859 
-		if(gethostname(me, sizeof(me) - 1) < 0) {
2860 
-			logg(_("^clamfi_connect: gethostname failed"));
2861 
-			return SMFIS_CONTINUE;
2862 
-		}
2863 
-		logg("*me '%s' hostname '%s'\n", me, hostname);
2864 
-		if(strcasecmp(hostname, me) == 0) {
2865 
-			logg(_("Rejected connexion falsely claiming to be from here\n"));
2866 
-			smfi_setreply(ctx, "550", "5.7.1", _("You have claimed to be me, but you are not"));
2867 
-			broadcast(_("Forged local address detected"));
2868 
-			return SMFIS_REJECT;
2869 
-		}
2870 
-	}
2871 
-	if(isBlacklisted(remoteIP)) {
2872 
-		char mess[128];
2873 
-
2874 
-		/*
2875 
-		 * TODO: Option to greylist rather than blacklist, by sending
2876 
-		 *	a try again code
2877 
-		 * TODO: state *which* virus
2878 
-		 * TODO: add optional list of IP addresses that won't be
2879 
-		 *	blacklisted
2880 
-		 */
2881 
-		logg("Rejected connexion from blacklisted IP %s\n", remoteIP);
2882 
-
2883 
-		snprintf(mess, sizeof(mess), _("%s is blacklisted because your machine is infected with a virus"), remoteIP);
2884 
-		smfi_setreply(ctx, "550", "5.7.1", mess);
2885 
-		broadcast(_("Blacklisted IP detected"));
2886 
-
2887 
-		/*
2888 
-		 * Keep them blacklisted
2889 
-		 */
2890 
-		pthread_mutex_lock(&blacklist_mutex);
2891 
-		(void)tableUpdate(blacklist, remoteIP, (int)time((time_t *)0));
2892 
-		pthread_mutex_unlock(&blacklist_mutex);
2893 
-
2894 
-		return SMFIS_REJECT;
2895 
-	}
2896 
-
2897 
-	if(blacklist_time == 0)
2898 
-		return SMFIS_CONTINUE;	/* allocate privdata per message */
2899 
-
2900 
-	pthread_mutex_lock(&blacklist_mutex);
2901 
-	t = tableFind(blacklist, remoteIP);
2902 
-	pthread_mutex_unlock(&blacklist_mutex);
2903 
-
2904 
-	if(t == 0)
2905 
-		return SMFIS_CONTINUE;	/* this IP will never be blacklisted */
2906 
-
2907 
-	privdata = (struct privdata *)cli_calloc(1, sizeof(struct privdata));
2908 
-	if(privdata == NULL)
2909 
-		return cl_error;
2910 
-
2911 
-#ifdef	SESSION
2912 
-	privdata->dataSocket = -1;
2913 
-#else
2914 
-	privdata->dataSocket = privdata->cmdSocket = -1;
2915 
-#endif
2916 
-
2917 
-	if(smfi_setpriv(ctx, privdata) == MI_SUCCESS) {
2918 
-		strcpy(privdata->ip, remoteIP);
2919 
-		return SMFIS_CONTINUE;
2920 
-	}
2921 
-
2922 
-	free(privdata);
2923 
-
2924 
-	return cl_error;
2925 
-}
2926 
-
2927 
-/*
2928 
- * Since sendmail requires that MAIL FROM is called before RCPT TO, it is
2929 
- *	safe to assume that this routine is called first, so the n_children
2930 
- *	handler is put here
2931 
- */
2932 
-static sfsistat
2933 
-clamfi_envfrom(SMFICTX *ctx, char **argv)
2934 
-{
2935 
-	struct privdata *privdata;
2936 
-	const char *mailaddr = argv[0];
2937 
-
2938 
-	logg("*clamfi_envfrom: %s\n", argv[0]);
2939 
-
2940 
-	if(isWhitelisted(argv[0], 0)) {
2941 
-		logg(_("*clamfi_envfrom: ignoring whitelisted message"));
2942 
-		return SMFIS_ACCEPT;
2943 
-	}
2944 
-
2945 
-	if(strcmp(argv[0], "<>") == 0) {
2946 
-		mailaddr = smfi_getsymval(ctx, "{mail_addr}");
2947 
-		if(mailaddr == NULL)
2948 
-			mailaddr = smfi_getsymval(ctx, "_");
2949 
-
2950 
-		if(mailaddr && *mailaddr)
2951 
-			logg("#Message from \"%s\" has no from field\n", mailaddr);
2952 
-		else {
2953 
-#if	0
2954 
-			if(use_syslog)
2955 
-				syslog(LOG_NOTICE, _("Rejected email with empty from field"));
2956 
-			smfi_setreply(ctx, "554", "5.7.1", _("You have not said who the email is from"));
2957 
-			broadcast(_("Reject email with empty from field"));
2958 
-			clamfi_cleanup(ctx);
2959 
-			return SMFIS_REJECT;
2960 
-#endif
2961 
-			mailaddr = "<>";
2962 
-		}
2963 
-	}
2964 
-	privdata = smfi_getpriv(ctx);
2965 
-
2966 
-	if(privdata == NULL) {
2967 
-		privdata = (struct privdata *)cli_calloc(1, sizeof(struct privdata));
2968 
-		if(privdata == NULL)
2969 
-			return cl_error;
2970 
-		if(smfi_setpriv(ctx, privdata) != MI_SUCCESS) {
2971 
-			free(privdata);
2972 
-			return cl_error;
2973 
-		}
2974 
-		if(!increment_connexions()) {
2975 
-			smfi_setreply(ctx, "451", "4.3.2", _("AV system temporarily overloaded - please try later"));
2976 
-			free(privdata);
2977 
-			smfi_setpriv(ctx, NULL);
2978 
-			return SMFIS_TEMPFAIL;
2979 
-		}
2980 
-	} else {
2981 
-		/* More than one message on this connexion */
2982 
-		char ip[INET6_ADDRSTRLEN];
2983 
-
2984 
-		strcpy(ip, privdata->ip);
2985 
-		if(isBlacklisted(ip)) {
2986 
-			char mess[80 + INET6_ADDRSTRLEN];
2987 
-
2988 
-			logg("Rejected email from blacklisted IP %s\n", ip);
2989 
-
2990 
-			/*
2991 
-			 * TODO: Option to greylist rather than blacklist, by
2992 
-			 *	sending	a try again code
2993 
-			 * TODO: state *which* virus
2994 
-			 */
2995 
-			sprintf(mess, "Your IP (%s) is blacklisted because your machine is infected with a virus", ip);
2996 
-			smfi_setreply(ctx, "550", "5.7.1", mess);
2997 
-			broadcast(_("Blacklisted IP detected"));
2998 
-
2999 
-			/*
3000 
-			 * Keep them blacklisted
3001 
-			 */
3002 
-			pthread_mutex_lock(&blacklist_mutex);
3003 
-			(void)tableUpdate(blacklist, ip, (int)time((time_t *)0));
3004 
-			pthread_mutex_unlock(&blacklist_mutex);
3005 
-
3006 
-			return SMFIS_REJECT;
3007 
-		}
3008 
-		clamfi_free(privdata, 1);
3009 
-		strcpy(privdata->ip, ip);
3010 
-	}
3011 
-
3012 
-#ifdef	SESSION
3013 
-	privdata->dataSocket = -1;
3014 
-#else
3015 
-	privdata->dataSocket = privdata->cmdSocket = -1;
3016 
-#endif
3017 
-
3018 
-	/*
3019 
-	 * Rejection is via 550 until DATA is received. We know that
3020 
-	 * DATA has been sent when either we get a header or the end of
3021 
-	 * header statement
3022 
-	 */
3023 
-	privdata->rejectCode = "550";
3024 
-
3025 
-	privdata->from = cli_strdup(mailaddr);
3026 
-
3027 
-	if(hflag) {
3028 
-		privdata->headers = header_list_new();
3029 
-
3030 
-		if(privdata->headers == NULL) {
3031 
-			clamfi_free(privdata, 1);
3032 
-			return cl_error;
3033 
-		}
3034 
-	}
3035 
-
3036 
-	return SMFIS_CONTINUE;
3037 
-}
3038 
-
3039 
-#ifdef	CL_DEBUG
3040 
-static sfsistat
3041 
-clamfi_helo(SMFICTX *ctx, char *helostring)
3042 
-{
3043 
-	logg("HELO '%s'\n", helostring);
3044 
-
3045 
-	return SMFIS_CONTINUE;
3046 
-}
3047 
-#endif
3048 
-
3049 
-static sfsistat
3050 
-clamfi_envrcpt(SMFICTX *ctx, char **argv)
3051 
-{
3052 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
3053 
-	const char *to, *ptr;
3054 
-
3055 
-	logg("*clamfi_envrcpt: %s\n", argv[0]);
3056 
-
3057 
-	if(privdata == NULL)	/* sanity check */
3058 
-		return cl_error;
3059 
-
3060 
-	if(privdata->to == NULL) {
3061 
-		privdata->to = cli_malloc(sizeof(char *) * 2);
3062 
-
3063 
-		assert(privdata->numTo == 0);
3064 
-	} else
3065 
-		privdata->to = cli_realloc(privdata->to, sizeof(char *) * (privdata->numTo + 2));
3066 
-
3067 
-	if(privdata->to == NULL)
3068 
-		return cl_error;
3069 
-
3070 
-	to = smfi_getsymval(ctx, "{rcpt_addr}");
3071 
-	if(to == NULL)
3072 
-		to = argv[0];
3073 
-
3074 
-	for(ptr = to; !dont_sanitise && *ptr; ptr++)
3075 
-		if(strchr("|;", *ptr) != NULL) {
3076 
-			smfi_setreply(ctx, "554", "5.7.1", _("Suspicious recipient address blocked"));
3077 
-			logg("^Suspicious recipient address blocked: '%s'\n", to);
3078 
-			privdata->to[privdata->numTo] = NULL;
3079 
-			if(blacklist_time && privdata->ip[0]) {
3080 
-				logg(_("Will blacklist %s for %d seconds because of cracking attempt\n"),
3081 
-					privdata->ip, blacklist_time);
3082 
-				pthread_mutex_lock(&blacklist_mutex);
3083 
-				(void)tableUpdate(blacklist, privdata->ip,
3084 
-					(int)time((time_t *)0));
3085 
-				pthread_mutex_unlock(&blacklist_mutex);
3086 
-			}
3087 
-			/*
3088 
-			 * REJECT rejects this recipient, not the entire email
3089 
-			 */
3090 
-			return SMFIS_REJECT;
3091 
-		}
3092 
-
3093 
-	privdata->to[privdata->numTo] = cli_strdup(to);
3094 
-	privdata->to[++privdata->numTo] = NULL;
3095 
-
3096 
-	return SMFIS_CONTINUE;
3097 
-}
3098 
-
3099 
-static sfsistat
3100 
-clamfi_header(SMFICTX *ctx, char *headerf, char *headerv)
3101 
-{
3102 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
3103 
-
3104 
-#ifdef	CL_DEBUG
3105 
-	if(debug_level >= 9)
3106 
-		logg("*clamfi_header: %s: %s\n", headerf, headerv);
3107 
-	else
3108 
-		logg("*clamfi_header: %s\n", headerf);
3109 
-#else
3110 
-	logg("*clamfi_header: %s\n", headerf);
3111 
-#endif
3112 
-
3113 
-	/*
3114 
-	 * The DATA instruction from SMTP (RFC2821) must have been sent
3115 
-	 */
3116 
-	privdata->rejectCode = "554";
3117 
-
3118 
-	if(hflag)
3119 
-		header_list_add(privdata->headers, headerf, headerv);
3120 
-	else if((strcasecmp(headerf, "Received") == 0) &&
3121 
-		(strncasecmp(headerv, "from ", 5) == 0) &&
3122 
-		(strstr(headerv, "localhost") != 0)) {
3123 
-		if(privdata->received)
3124 
-			free(privdata->received);
3125 
-		privdata->received = cli_strdup(headerv);
3126 
-	}
3127 
-
3128 
-	if((strcasecmp(headerf, "Message-ID") == 0) &&
3129 
-	   (strncasecmp(headerv, "<MDAEMON", 8) == 0))
3130 
-		privdata->discard = 1;
3131 
-	else if((strcasecmp(headerf, "Subject") == 0) && headerv) {
3132 
-		if(privdata->subject)
3133 
-			free(privdata->subject);
3134 
-		if(headerv)
3135 
-			privdata->subject = cli_strdup(headerv);
3136 
-	} else if(strcasecmp(headerf, "X-Virus-Status") == 0)
3137 
-		privdata->statusCount++;
3138 
-	else if((strcasecmp(headerf, "Sender") == 0) && headerv) {
3139 
-		if(privdata->sender)
3140 
-			free(privdata->sender);
3141 
-		privdata->sender = cli_strdup(headerv);
3142 
-	}
3143 
-#ifdef	HAVE_RESOLV_H
3144 
-	else if((strcasecmp(headerf, "From") == 0) && headerv) {
3145 
-		/*
3146 
-		 * SPF check against the from header, since the SMTP header
3147 
-		 * may be valid. This is not what the SPF spec says, but I
3148 
-		 * have seen SPF matches on what are clearly phishes, so by
3149 
-		 * checking against the from: header we're less likely to
3150 
-		 * FP a real phish
3151 
-		 */
3152 
-		if(privdata->from)
3153 
-			free(privdata->from);
3154 
-		privdata->from = cli_strdup(headerv);
3155 
-	}
3156 
-#endif
3157 
-
3158 
-	if(!useful_header(headerf)) {
3159 
-		logg("*Discarded the header\n");
3160 
-		return SMFIS_CONTINUE;
3161 
-	}
3162 
-
3163 
-	if(privdata->dataSocket == -1)
3164 
-		/*
3165 
-		 * First header - make connexion with clamd
3166 
-		 */
3167 
-		if(!connect2clamd(privdata)) {
3168 
-			clamfi_cleanup(ctx);
3169 
-			return cl_error;
3170 
-		}
3171 
-
3172 
-	if(clamfi_send(privdata, 0, "%s: %s\n", headerf, headerv) <= 0) {
3173 
-		clamfi_cleanup(ctx);
3174 
-		return cl_error;
3175 
-	}
3176 
-
3177 
-	return SMFIS_CONTINUE;
3178 
-}
3179 
-
3180 
-/*
3181 
- * At this point DATA will have been received, so we really ought to
3182 
- * send 554 back not 550
3183 
- */
3184 
-static sfsistat
3185 
-clamfi_eoh(SMFICTX *ctx)
3186 
-{
3187 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
3188 
-	char **to;
3189 
-
3190 
-	logg(_("*clamfi_eoh\n"));
3191 
-
3192 
-	/*
3193 
-	 * The DATA instruction from SMTP (RFC2821) must have been sent
3194 
-	 */
3195 
-	privdata->rejectCode = "554";
3196 
-
3197 
-	if(privdata->dataSocket == -1)
3198 
-		/*
3199 
-		 * No headers - make connexion with clamd
3200 
-		 */
3201 
-		if(!connect2clamd(privdata)) {
3202 
-			clamfi_cleanup(ctx);
3203 
-			return cl_error;
3204 
-		}
3205 
-
3206 
-#if	0
3207 
-	/* Mailing lists often say our own posts are from us */
3208 
-	if(detect_forged_local_address && privdata->from &&
3209 
-	   (!privdata->sender) && !isWhitelisted(privdata->from, 1)) {
3210 
-		char me[MAXHOSTNAMELEN + 1];
3211 
-		const char *ptr;
3212 
-
3213 
-		if(gethostname(me, sizeof(me) - 1) < 0) {
3214 
-			if(use_syslog)
3215 
-				syslog(LOG_WARNING, _("clamfi_eoh: gethostname failed"));
3216 
-			return SMFIS_CONTINUE;
3217 
-		}
3218 
-		ptr = strstr(privdata->from, me);
3219 
-		if(ptr && (ptr != privdata->from) && (*--ptr == '@')) {
3220 
-			if(use_syslog)
3221 
-				syslog(LOG_NOTICE, _("Rejected email falsely claiming to be from %s"), privdata->from);
3222 
-			smfi_setreply(ctx, "554", "5.7.1", _("You have claimed to be from me, but you are not"));
3223 
-			broadcast(_("Forged local address detected"));
3224 
-			clamfi_cleanup(ctx);
3225 
-			return SMFIS_REJECT;
3226 
-		}
3227 
-	}
3228 
-#endif
3229 
-
3230 
-	if(clamfi_send(privdata, 1, "\n") != 1) {
3231 
-		clamfi_cleanup(ctx);
3232 
-		return cl_error;
3233 
-	}
3234 
-
3235 
-	if(black_hole_mode) {
3236 
-		sfsistat rc = black_hole(privdata);
3237 
-
3238 
-		if(rc != SMFIS_CONTINUE) {
3239 
-			clamfi_cleanup(ctx);
3240 
-			return rc;
3241 
-		}
3242 
-	}
3243 
-
3244 
-	/*
3245 
-	 * See if the e-mail is only going to members of the list
3246 
-	 * of users we don't scan for. If it is, don't scan, otherwise
3247 
-	 * scan
3248 
-	 *
3249 
-	 * scan = false
3250 
-	 * FORALL recipients
3251 
-	 *	IF receipient NOT MEMBER OF white address list
3252 
-	 *	THEN
3253 
-	 *		scan = true
3254 
-	 *	FI
3255 
-	 * ENDFOR
3256 
-	 */
3257 
-	for(to = privdata->to; *to; to++)
3258 
-		if(!isWhitelisted(*to, 1))
3259 
-			/*
3260 
-			 * This recipient is not on the whitelist,
3261 
-			 * no need to check any further
3262 
-			 */
3263 
-			return SMFIS_CONTINUE;
3264 
-
3265 
-	/*
3266 
-	 * Didn't find a recipient who is not on the white list, so all
3267 
-	 * must be on the white list, so just accept the e-mail
3268 
-	 */
3269 
-	logg(_("*clamfi_enveoh: ignoring whitelisted message"));
3270 
-	clamfi_cleanup(ctx);
3271 
-
3272 
-	return SMFIS_ACCEPT;
3273 
-}
3274 
-
3275 
-static sfsistat
3276 
-clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len)
3277 
-{
3278 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
3279 
-	int nbytes;
3280 
-
3281 
-	logg(_("*clamfi_envbody: %lu bytes"), (unsigned long)len);
3282 
-
3283 
-	if(len == 0)	/* unlikely */
3284 
-		return SMFIS_CONTINUE;
3285 
-
3286 
-	if(privdata == NULL)	/* sanity check */
3287 
-		return cl_error;
3288 
-
3289 
-	/*
3290 
-	 * TODO:
3291 
-	 *	If not in external mode, call cli_scanbuff here, at least for
3292 
-	 * the first block
3293 
-	 */
3294 
-	/*
3295 
-	 * Lines starting with From are changed to >From, to
3296 
-	 *	avoid FP matches in the scanning code, which will speed it up
3297 
-	 */
3298 
-	if((len >= 6) && cli_memstr((char *)bodyp, len, "\nFrom ", 6)) {
3299 
-		const char *ptr = (const char *)bodyp;
3300 
-		int left = len;
3301 
-
3302 
-		nbytes = 0;
3303 
-
3304 
-		/*
3305 
-		 * FIXME: sending one byte at a time down a socket is
3306 
-		 *	inefficient
3307 
-		 */
3308 
-		do {
3309 
-			if(*ptr == '\n') {
3310 
-				/*
3311 
-				 * FIXME: doesn't work if the \nFrom straddles
3312 
-				 * multiple calls to clamfi_body
3313 
-				 */
3314 
-				if(strncmp(ptr, "\nFrom ", 6) == 0) {
3315 
-					nbytes += clamfi_send(privdata, 7, "\n>From ");
3316 
-					ptr += 6;
3317 
-					left -= 6;
3318 
-				} else {
3319 
-					nbytes += clamfi_send(privdata, 1, "\n");
3320 
-					ptr++;
3321 
-					left--;
3322 
-				}
3323 
-			} else {
3324 
-				nbytes += clamfi_send(privdata, 1, ptr++);
3325 
-				left--;
3326 
-			}
3327 
-			if(left < 6 && left > 0) {
3328 
-				nbytes += clamfi_send(privdata, left, ptr);
3329 
-				break;
3330 
-			}
3331 
-		} while(left > 0);
3332 
-	} else
3333 
-		nbytes = clamfi_send(privdata, len, (char *)bodyp);
3334 
-
3335 
-	if(streamMaxLength > 0L) {
3336 
-		if(privdata->numBytes > streamMaxLength) {
3337 
-			const char *sendmailId = smfi_getsymval(ctx, "i");
3338 
-
3339 
-			if(sendmailId == NULL)
3340 
-				sendmailId = "Unknown";
3341 
-			logg(_("%s: Message more than StreamMaxLength (%ld) bytes - not scanned\n"),
3342 
-				sendmailId, streamMaxLength);
3343 
-			if(!nflag)
3344 
-				smfi_addheader(ctx, "X-Virus-Status", _("Not Scanned - StreamMaxLength exceeded"));
3345 
-
3346 
-			return SMFIS_ACCEPT;	/* clamfi_close will be called */
3347 
-		}
3348 
-	}
3349 
-	if(nbytes < (int)len) {
3350 
-		clamfi_cleanup(ctx);	/* not needed, but just to be safe */
3351 
-		return cl_error;
3352 
-	}
3353 
-	if(Sflag) {
3354 
-		if(privdata->body) {
3355 
-			assert(privdata->bodyLen > 0);
3356 
-			privdata->body = cli_realloc(privdata->body, privdata->bodyLen + len);
3357 
-			memcpy(&privdata->body[privdata->bodyLen], bodyp, len);
3358 
-			privdata->bodyLen += len;
3359 
-		} else {
3360 
-			assert(privdata->bodyLen == 0);
3361 
-			privdata->body = cli_malloc(len);
3362 
-			memcpy(privdata->body, bodyp, len);
3363 
-			privdata->bodyLen = len;
3364 
-		}
3365 
-	}
3366 
-	return SMFIS_CONTINUE;
3367 
-}
3368 
-
3369 
-static sfsistat
3370 
-clamfi_eom(SMFICTX *ctx)
3371 
-{
3372 
-	int rc = SMFIS_CONTINUE;
3373 
-	char *ptr;
3374 
-	const char *sendmailId;
3375 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
3376 
-	char mess[128];
3377 
-#ifdef	SESSION
3378 
-	struct session *session;
3379 
-#endif
3380 
-
3381 
-	logg("*clamfi_eom\n");
3382 
-
3383 
-#ifdef	CL_DEBUG
3384 
-	assert(privdata != NULL);
3385 
-#ifndef	SESSION
3386 
-	assert((privdata->cmdSocket >= 0) || (privdata->filename != NULL));
3387 
-	assert(!((privdata->cmdSocket >= 0) && (privdata->filename != NULL)));
3388 
-#endif
3389 
-#endif
3390 
-
3391 
-	if(external) {
3392 
-		shutdown(privdata->dataSocket, SHUT_WR);	/* bug 487 */
3393 
-		close(privdata->dataSocket);
3394 
-		privdata->dataSocket = -1;
3395 
-	}
3396 
-
3397 
-	if(!nflag) {
3398 
-		/*
3399 
-		 * remove any existing claims that it's virus free so that
3400 
-		 * downstream checkers aren't fooled by a carefully crafted
3401 
-		 * virus.
3402 
-		 */
3403 
-		int i;
3404 
-
3405 
-		for(i = privdata->statusCount; i > 0; --i)
3406 
-			if(smfi_chgheader(ctx, "X-Virus-Status", i, NULL) == MI_FAILURE)
3407 
-				logg(_("^Failed to delete X-Virus-Status header %d\n"), i);
3408 
-	}
3409 
-
3410 
-	if(!external) {
3411 
-		const char *virname;
3412 
-		int ret;
3413 
-		struct  cl_engine *cur_engine;
3414 
-
3415 
-		pthread_mutex_lock(&engine_mutex);
3416 
-		ret = cl_engine_addref(engine);
3417 
-		cur_engine = engine; /* avoid races */
3418 
-		pthread_mutex_unlock(&engine_mutex);
3419 
-		if(ret != CL_SUCCESS) {
3420 
-			logg("!cl_engine_addref failed\n");
3421 
-			clamfi_cleanup(ctx);
3422 
-			return cl_error;
3423 
-		}
3424 
-		switch(cl_scanfile(privdata->filename, &virname, NULL, cur_engine, options)) {
3425 
-			case CL_CLEAN:
3426 
-				if(logok)
3427 
-					logg("#%s: OK\n", privdata->filename);
3428 
-				strcpy(mess, "OK");
3429 
-				break;
3430 
-			case CL_VIRUS:
3431 
-				snprintf(mess, sizeof(mess), "%s: %s FOUND", privdata->filename, virname);
3432 
-				logg("#%s\n", mess);
3433 
-				break;
3434 
-			default:
3435 
-				snprintf(mess, sizeof(mess), "%s: ERROR", privdata->filename);
3436 
-				logg("!%s\n", mess);
3437 
-				break;
3438 
-		}
3439 
-		cl_engine_free(cur_engine); /* drop reference or free */
3440 
-
3441 
-#ifdef	SESSION
3442 
-		session = NULL;
3443 
-#endif
3444 
-	} else if(privdata->filename) {
3445 
-		char cmdbuf[1024];
3446 
-		/*
3447 
-		 * Create socket to talk to clamd.
3448 
-		 */
3449 
-#ifndef	SESSION
3450 
-		struct sockaddr_un server;
3451 
-#endif
3452 
-		long nbytes;
3453 
-
3454 
-		snprintf(cmdbuf, sizeof(cmdbuf) - 1, "SCAN %s", privdata->filename);
3455 
-		logg("#clamfi_eom: SCAN %s\n", privdata->filename);
3456 
-
3457 
-		nbytes = (int)strlen(cmdbuf);
3458 
-
3459 
-#ifdef	SESSION
3460 
-		session = sessions;
3461 
-		if(send(session->sock, cmdbuf, nbytes, 0) < nbytes) {
3462 
-			perror("send");
3463 
-			clamfi_cleanup(ctx);
3464 
-			logg(_("failed to send SCAN %s command to clamd\n"), privdata->filename);
3465 
-			return cl_error;
3466 
-		}
3467 
-#else
3468 
-		if((privdata->cmdSocket = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
3469 
-			perror("socket");
3470 
-			clamfi_cleanup(ctx);
3471 
-			return cl_error;
3472 
-		}
3473 
-		memset((char *)&server, 0, sizeof(struct sockaddr_un));
3474 
-		server.sun_family = AF_UNIX;
3475 
-		strncpy(server.sun_path, localSocket, sizeof(server.sun_path));
3476 
-		server.sun_path[sizeof(server.sun_path)-1]='\0';
3477 
-
3478 
-		if(connect(privdata->cmdSocket, (struct sockaddr *)&server, sizeof(struct sockaddr_un)) < 0) {
3479 
-			perror(localSocket);
3480 
-			clamfi_cleanup(ctx);
3481 
-			return cl_error;
3482 
-		}
3483 
-		if(send(privdata->cmdSocket, cmdbuf, nbytes, 0) < nbytes) {
3484 
-			perror("send");
3485 
-			clamfi_cleanup(ctx);
3486 
-			logg(_("failed to send SCAN command to clamd\n"));
3487 
-			return cl_error;
3488 
-		}
3489 
-
3490 
-		shutdown(privdata->cmdSocket, SHUT_WR);
3491 
-#endif
3492 
-	}
3493 
-#ifdef	SESSION
3494 
-	else
3495 
-		session = &sessions[privdata->serverNumber];
3496 
-#endif
3497 
-
3498 
-	sendmailId = smfi_getsymval(ctx, "i");
3499 
-	if(sendmailId == NULL)
3500 
-		sendmailId = "Unknown";
3501 
-
3502 
-	if(external) {
3503 
-		int nbytes;
3504 
-#ifdef	SESSION
3505 
-#ifdef	CL_DEBUG
3506 
-		if(debug_level >= 4)
3507 
-			logg(_("#Waiting to read status from fd %d\n"),
3508 
-				session->sock);
3509 
-#endif
3510 
-		nbytes = clamd_recv(session->sock, mess, sizeof(mess) - 1);
3511 
-#else
3512 
-		nbytes = clamd_recv(privdata->cmdSocket, mess, sizeof(mess) - 1);
3513 
-#endif
3514 
-		if(nbytes > 0) {
3515 
-			mess[nbytes] = '\0';
3516 
-			if((ptr = strchr(mess, '\n')) != NULL)
3517 
-				*ptr = '\0';
3518 
-
3519 
-			logg(_("*clamfi_eom: read %s\n"), mess);
3520 
-		} else {
3521 
-#ifdef	MAXHOSTNAMELEN
3522 
-			char hostname[MAXHOSTNAMELEN + 1];
3523 
-
3524 
-			cli_strtokbuf(serverHostNames, privdata->serverNumber, ":", hostname);
3525 
-			if(strcmp(hostname, "127.0.0.1") == 0)
3526 
-				gethostname(hostname, sizeof(hostname));
3527 
-#else
3528 
-			char *hostname = cli_strtok(serverHostNames, privdata->serverNumber, ":");
3529 
-#endif
3530 
-			if(privdata->subject)
3531 
-				logg(_("^%s: clamfi_eom: read nothing from clamd on %s, from %s (%s)\n"),
3532 
-					sendmailId, hostname, privdata->from,
3533 
-					privdata->subject);
3534 
-			else
3535 
-				logg(_("^%s: clamfi_eom: read nothing from clamd on %s, from %s\n"),
3536 
-					sendmailId, hostname, privdata->from);
3537 
-
3538 
-			if((!nflag) && (cl_error == SMFIS_ACCEPT))
3539 
-				smfi_addheader(ctx, "X-Virus-Status", _("Not Scanned - Read timeout exceeded"));
3540 
-#ifndef	MAXHOSTNAMELEN
3541 
-			free(hostname);
3542 
-#endif
3543 
-
3544 
-#ifdef	CL_DEBUG
3545 
-			/*
3546 
-			 * Save the file which caused the timeout, for
3547 
-			 * debugging
3548 
-			 */
3549 
-			if(quarantine_dir) {
3550 
-				logg(_("Quarantining failed email\n"));
3551 
-				qfile(privdata, sendmailId, "scanning-timeout");
3552 
-			}
3553 
-#endif
3554 
-
3555 
-			/*
3556 
-			 * TODO: if more than one host has been specified, try
3557 
-			 * another one - setting cl_error to SMFIS_TEMPFAIL
3558 
-			 * helps by forcing a retry
3559 
-			 */
3560 
-			clamfi_cleanup(ctx);
3561 
-
3562 
-#ifdef	SESSION
3563 
-			pthread_mutex_lock(&sstatus_mutex);
3564 
-			session->status = CMDSOCKET_DOWN;
3565 
-			pthread_mutex_unlock(&sstatus_mutex);
3566 
-#endif
3567 
-			return cl_error;
3568 
-		}
3569 
-
3570 
-#ifdef	SESSION
3571 
-		pthread_mutex_lock(&sstatus_mutex);
3572 
-		if(session->status == CMDSOCKET_INUSE)
3573 
-			session->status = CMDSOCKET_FREE;
3574 
-		pthread_mutex_unlock(&sstatus_mutex);
3575 
-#else
3576 
-		close(privdata->cmdSocket);
3577 
-		privdata->cmdSocket = -1;
3578 
-#endif
3579 
-	}
3580 
-
3581 
-	if(!nflag) {
3582 
-		char buf[1024];
3583 
-
3584 
-		/*
3585 
-		 * Include the hostname where the scan took place
3586 
-		 */
3587 
-		if(localSocket || !external) {
3588 
-#ifdef	MAXHOSTNAMELEN
3589 
-			char hostname[MAXHOSTNAMELEN + 1];
3590 
-#else
3591 
-			char hostname[65];
3592 
-#endif
3593 
-
3594 
-			if(gethostname(hostname, sizeof(hostname)) < 0) {
3595 
-				const char *j = smfi_getsymval(ctx, "{j}");
3596 
-
3597 
-				if(j)
3598 
-					strncpy(hostname, j, sizeof(hostname) - 1);
3599 
-				else
3600 
-					strcpy(hostname, _("Error determining host"));
3601 
-				hostname[sizeof(hostname)-1]='\0';
3602 
-			} else if(strchr(hostname, '.') == NULL) {
3603 
-				/*
3604 
-				 * Determine fully qualified name
3605 
-				 */
3606 
-				struct hostent hostent;
3607 
-
3608 
-				if((r_gethostbyname(hostname, &hostent, buf, sizeof(buf)) == 0) && hostent.h_name) {
3609 
-					strncpy(hostname, hostent.h_name, sizeof(hostname));
3610 
-					hostname[sizeof(hostname)-1]='\0';
3611 
-				}
3612 
-			}
3613 
-
3614 
-#ifdef	SESSION
3615 
-			pthread_mutex_lock(&version_mutex);
3616 
-			snprintf(buf, sizeof(buf) - 1, "%s on %s",
3617 
-				clamav_versions[privdata->serverNumber], hostname);
3618 
-			pthread_mutex_unlock(&version_mutex);
3619 
-#else
3620 
-			snprintf(buf, sizeof(buf) - 1, "%s on %s",
3621 
-				clamav_version, hostname);
3622 
-#endif
3623 
-		} else {
3624 
-#ifdef	MAXHOSTNAMELEN
3625 
-			char hostname[MAXHOSTNAMELEN + 1];
3626 
-
3627 
-			if(cli_strtokbuf(serverHostNames, privdata->serverNumber, ":", hostname)) {
3628 
-				if(strcmp(hostname, "127.0.0.1") == 0)
3629 
-					gethostname(hostname, sizeof(hostname));
3630 
-#else
3631 
-			char *hostname = cli_strtok(serverHostNames, privdata->serverNumber, ":");
3632 
-			if(hostname) {
3633 
-#endif
3634 
-
3635 
-#ifdef	SESSION
3636 
-				pthread_mutex_lock(&version_mutex);
3637 
-				snprintf(buf, sizeof(buf) - 1, "%s on %s",
3638 
-					clamav_versions[privdata->serverNumber], hostname);
3639 
-				pthread_mutex_unlock(&version_mutex);
3640 
-#else
3641 
-				snprintf(buf, sizeof(buf) - 1, "%s on %s",
3642 
-					clamav_version, hostname);
3643 
-#endif
3644 
-#ifndef	MAXHOSTNAMELEN
3645 
-				free(hostname);
3646 
-#endif
3647 
-			} else
3648 
-				/* sanity check failed - should issue warning */
3649 
-				strcpy(buf, _("Error determining host"));
3650 
-		}
3651 
-		smfi_addheader(ctx, "X-Virus-Scanned", buf);
3652 
-	}
3653 
-
3654 
-	/*
3655 
-	 * TODO: it would be useful to add a header if mbox.c/FOLLOWURLS was
3656 
-	 * exceeded
3657 
-	 */
3658 
-#ifdef	HAVE_RESOLV_H
3659 
-	if((strstr(mess, "FOUND") != NULL) && (strstr(mess, "Phishing") != NULL)) {
3660 
-		table_t *prevhosts = tableCreate();
3661 
-
3662 
-		if(spf(privdata, prevhosts)) {
3663 
-			logg(_("%s: Ignoring %s false positive from %s received from %s\n"),
3664 
-				sendmailId, mess, privdata->from, privdata->ip);
3665 
-			strcpy(mess, "OK");
3666 
-			/*
3667 
-			 * Report false positive to ClamAV, works best when
3668 
-			 * clamav-milter has had to create a local copy of
3669 
-			 * the email, e.g. when --quarantine-dir is on
3670 
-			 */
3671 
-			if(report_fps &&
3672 
-			   (smfi_addrcpt(ctx, report_fps) == MI_FAILURE)) {
3673 
-				if(privdata->filename) {
3674 
-					char cmd[1024];
3675 
-
3676 
-					snprintf(cmd, sizeof(cmd) - 1,
3677 
-						"mail -s \"False Positive: %s\" %s < %s",
3678 
-						mess, report_fps,
3679 
-						privdata->filename);
3680 
-					if(system(cmd) == 0)
3681 
-						logg(_("#Reported phishing false positive to %s"), report_fps);
3682 
-					else
3683 
-						logg(_("^Couldn't report false positive to %s\n"), report_fps);
3684 
-				} else
3685 
-					/*
3686 
-					 * Most likely this is because we're
3687 
-					 * attempting to add a recipient on
3688 
-					 * another host
3689 
-					 */
3690 
-					logg(_("^Can't set phish FP header\n"));
3691 
-			}
3692 
-		}
3693 
-		tableDestroy(prevhosts);
3694 
-	}
3695 
-#endif
3696 
-	if(strstr(mess, "ERROR") != NULL) {
3697 
-		if(strstr(mess, "Size limit reached") != NULL) {
3698 
-			/*
3699 
-			 * Clamd has stopped on StreamMaxLength before us
3700 
-			 */
3701 
-			logg(_("%s: Message more than StreamMaxLength (%ld) bytes - not scanned"),
3702 
-				sendmailId, streamMaxLength);
3703 
-			if(!nflag)
3704 
-				smfi_addheader(ctx, "X-Virus-Status", _("Not Scanned - StreamMaxLength exceeded"));
3705 
-			clamfi_cleanup(ctx);	/* not needed, but just to be safe */
3706 
-			return SMFIS_ACCEPT;
3707 
-		}
3708 
-		if(!nflag)
3709 
-			smfi_addheader(ctx, "X-Virus-Status", _("Not Scanned"));
3710 
-
3711 
-		logg("!%s: %s\n", sendmailId, mess);
3712 
-		rc = cl_error;
3713 
-	} else if((ptr = strstr(mess, "FOUND")) != NULL) {
3714 
-		/*
3715 
-		 * FIXME: This will give false positives if the
3716 
-		 *	word "FOUND" is in the email, e.g. the
3717 
-		 *	quarantine directory is /tmp/VIRUSES-FOUND
3718 
-		 */
3719 
-		int i;
3720 
-		char **to, *virusname, *err;
3721 
-		char reject[1024];
3722 
-
3723 
-		/*
3724 
-		 * Remove the "FOUND" word, and the space before it
3725 
-		 */
3726 
-		*--ptr = '\0';
3727 
-
3728 
-		/* skip over 'stream/filename: ' at the start */
3729 
-		if((virusname = strchr(mess, ':')) != NULL)
3730 
-			virusname = &virusname[2];
3731 
-		else
3732 
-			virusname = mess;
3733 
-
3734 
-		if(!nflag) {
3735 
-			char buf[129];
3736 
-
3737 
-			snprintf(buf, sizeof(buf) - 1, "%s %s", _("Infected with"), virusname);
3738 
-			smfi_addheader(ctx, "X-Virus-Status", buf);
3739 
-		}
3740 
-
3741 
-		if(quarantine_dir)
3742 
-			qfile(privdata, sendmailId, virusname);
3743 
-
3744 
-		/*
3745 
-		 * Setup err as a list of recipients
3746 
-		 */
3747 
-		err = (char *)cli_malloc(1024);
3748 
-
3749 
-		if(err == NULL) {
3750 
-			clamfi_cleanup(ctx);
3751 
-			return cl_error;
3752 
-		}
3753 
-
3754 
-		/*
3755 
-		 * Use snprintf rather than printf since we don't know
3756 
-		 * the length of privdata->from and may get a buffer
3757 
-		 * overrun
3758 
-		 */
3759 
-		snprintf(err, 1023, _("Intercepted virus from %s to"),
3760 
-			privdata->from);
3761 
-
3762 
-		ptr = strchr(err, '\0');
3763 
-
3764 
-		i = 1024;
3765 
-
3766 
-		for(to = privdata->to; *to; to++) {
3767 
-			/*
3768 
-			 * Re-alloc if we are about run out of buffer
3769 
-			 * space
3770 
-			 *
3771 
-			 * TODO: Only append *to if it's a valid, local
3772 
-			 *	email address
3773 
-			 */
3774 
-			if(&ptr[strlen(*to) + 2] >= &err[i]) {
3775 
-				i += 1024;
3776 
-				err = cli_realloc(err, i);
3777 
-				if(err == NULL) {
3778 
-					clamfi_cleanup(ctx);
3779 
-					return cl_error;
3780 
-				}
3781 
-				ptr = strchr(err, '\0');
3782 
-			}
3783 
-			ptr = cli_strrcpy(ptr, " ");
3784 
-			ptr = cli_strrcpy(ptr, *to);
3785 
-		}
3786 
-		(void)strcpy(ptr, "\n");
3787 
-
3788 
-		/* Include the sendmail queue ID in the log */
3789 
-		logg("%s: %s %s", sendmailId, mess, err);
3790 
-		free(err);
3791 
-
3792 
-		if(!qflag) {
3793 
-			char cmd[128];
3794 
-			FILE *sendmail;
3795 
-
3796 
-			/*
3797 
-			 * If the oflag is given this sendmail command
3798 
-			 * will cause the mail being generated here to be
3799 
-			 * scanned. So if oflag is given we just put the
3800 
-			 * item in the queue so there's no scanning of two
3801 
-			 * messages at once. It'll still be scanned, but
3802 
-			 * not at the same time as the incoming message
3803 
-			 *
3804 
-			 * FIXME: there is a race condition here when sendmail
3805 
-			 * and clamav-milter run on the same machine. If the
3806 
-			 * system is very overloaded this sendmail can
3807 
-			 * take a long time to start - and may even fail
3808 
-			 * is the LA is > REFUSE_LA. In all the time we're
3809 
-			 * taking to start this sendmail, the sendmail that's
3810 
-			 * started us may timeout waiting for a response and
3811 
-			 * let the virus through (albeit tagged with
3812 
-			 * X-Virus-Status: Infected) because we haven't
3813 
-			 * sent SMFIS_DISCARD or SMFIS_REJECT
3814 
-			 *
3815 
-			 * -i flag, suggested by Michal Jaegermann
3816 
-			 *	<michal@harddata.com>
3817 
-			 */
3818 
-			snprintf(cmd, sizeof(cmd) - 1,
3819 
-				(oflag || fflag) ? "%s -t -i -odq" : "%s -t -i",
3820 
-				SENDMAIL_BIN);
3821 
-
3822 
-			logg("#Calling %s\n", cmd);
3823 
-			sendmail = popen(cmd, "w");
3824 
-
3825 
-			if(sendmail) {
3826 
-				if(from && from[0])
3827 
-					fprintf(sendmail, "From: %s\n", from);
3828 
-				else
3829 
-					fprintf(sendmail, "From: %s\n", privdata->from);
3830 
-#ifdef	BOUNCE
3831 
-				if(bflag && privdata->from) {
3832 
-					fprintf(sendmail, "To: %s\n", privdata->from);
3833 
-					fprintf(sendmail, "Cc: %s\n", postmaster);
3834 
-				} else
3835 
-#endif
3836 
-					fprintf(sendmail, "To: %s\n", postmaster);
3837 
-
3838 
-				if((!pflag) && privdata->to)
3839 
-					for(to = privdata->to; *to; to++)
3840 
-						fprintf(sendmail, "Cc: %s\n", *to);
3841 
-				/*
3842 
-				 * Auto-submitted is still a draft, keep an
3843 
-				 * eye on its format
3844 
-				 */
3845 
-				fputs("Auto-Submitted: auto-submitted (antivirus notify)\n", sendmail);
3846 
-				/* "Sergey Y. Afonin" <asy@kraft-s.ru> */
3847 
-				if((ptr = smfi_getsymval(ctx, "{_}")) != NULL)
3848 
-					fprintf(sendmail,
3849 
-						"X-Infected-Received-From: %s\n",
3850 
-						ptr);
3851 
-				fputs(_("Subject: Virus intercepted\n"), sendmail);
3852 
-
3853 
-				if(templateHeaders) {
3854 
-					/*
3855 
-					 * For example, to state the character
3856 
-					 * set of the message:
3857 
-					 *	Content-Type: text/plain; charset=koi8-r
3858 
-					 *
3859 
-					 * Based on a suggestion by Denis
3860 
-					 *	Eremenko <moonshade@mail.kz>
3861 
-					 */
3862 
-					FILE *fin = fopen(templateHeaders, "r");
3863 
-
3864 
-					if(fin == NULL) {
3865 
-						perror(templateHeaders);
3866 
-						logg(_("!Can't open e-mail template header file %s"),
3867 
-								templateHeaders);
3868 
-					} else {
3869 
-						int c;
3870 
-						int lastc = EOF;
3871 
-
3872 
-						while((c = getc(fin)) != EOF) {
3873 
-							putc(c, sendmail);
3874 
-							lastc = c;
3875 
-						}
3876 
-						fclose(fin);
3877 
-						/*
3878 
-						 * File not new line terminated
3879 
-						 */
3880 
-						if(lastc != '\n')
3881 
-							fputs(_("\n"), sendmail);
3882 
-					}
3883 
-				}
3884 
-
3885 
-				fputs(_("\n"), sendmail);
3886 
-
3887 
-				if((templateFile == NULL) ||
3888 
-				   (sendtemplate(ctx, templateFile, sendmail, virusname) < 0)) {
3889 
-					/*
3890 
-					 * Use our own hardcoded template
3891 
-					 */
3892 
-#ifdef	BOUNCE
3893 
-					if(bflag)
3894 
-						fputs(_("A message you sent to\n"), sendmail);
3895 
-					else if(pflag)
3896 
-#else
3897 
-					if(pflag)
3898 
-#endif
3899 
-						/*
3900 
-						 * The message is only going to
3901 
-						 * the postmaster, so include
3902 
-						 * some useful information
3903 
-						 */
3904 
-						fprintf(sendmail, _("The message %1$s sent from %2$s to\n"),
3905 
-							sendmailId, privdata->from);
3906 
-					else
3907 
-						fprintf(sendmail, _("A message sent from %s to\n"),
3908 
-							privdata->from);
3909 
-
3910 
-					for(to = privdata->to; *to; to++)
3911 
-						fprintf(sendmail, "\t%s\n", *to);
3912 
-					fprintf(sendmail, _("contained %s and has not been accepted for delivery.\n"), virusname);
3913 
-
3914 
-					if(quarantine_dir != NULL)
3915 
-						fprintf(sendmail, _("\nThe message in question has been quarantined as %s\n"), privdata->filename);
3916 
-
3917 
-					if(hflag) {
3918 
-						fprintf(sendmail, _("\nThe message was received by %1$s from %2$s via %3$s\n\n"),
3919 
-							smfi_getsymval(ctx, "j"), privdata->from,
3920 
-							smfi_getsymval(ctx, "_"));
3921 
-						fputs(_("For your information, the original message headers were:\n\n"), sendmail);
3922 
-						header_list_print(privdata->headers, sendmail);
3923 
-					} else if(privdata->received)
3924 
-						/*
3925 
-						 * TODO: parse this to find
3926 
-						 * real infected machine.
3927 
-						 * Need to decide how to find
3928 
-						 * if it's a dynamic IP from a
3929 
-						 * dial up account in which
3930 
-						 * case there may not be much
3931 
-						 * we can do if that DHCP has
3932 
-						 * set the hostname...
3933 
-						 */
3934 
-						fprintf(sendmail, _("\nThe infected machine is likely to be here:\n%s\t\n"),
3935 
-							privdata->received);
3936 
-
3937 
-				}
3938 
-
3939 
-				logg("#Waiting for %s to finish\n", cmd);
3940 
-				if(pclose(sendmail) != 0)
3941 
-					logg(_("%s: Failed to notify clamAV interception - see dead.letter\n"), sendmailId);
3942 
-			} else
3943 
-				logg(_("^Can't execute '%s' to send virus notice"), cmd);
3944 
-		}
3945 
-
3946 
-		if(report && (quarantine == NULL) && (!advisory) &&
3947 
-		   (strstr(virusname, "Phishing") != NULL)) {
3948 
-			/*
3949 
-			 * Report phishing to an agency
3950 
-			 */
3951 
-			for(to = privdata->to; *to; to++) {
3952 
-				smfi_delrcpt(ctx, *to);
3953 
-				smfi_addheader(ctx, "X-Original-To", *to);
3954 
-			}
3955 
-			if(smfi_addrcpt(ctx, report) == MI_FAILURE) {
3956 
-				/* It's a remote site */
3957 
-				if(privdata->filename) {
3958 
-					char cmd[1024];
3959 
-
3960 
-					snprintf(cmd, sizeof(cmd) - 1,
3961 
-						"mail -s \"%s\" %s < %s",
3962 
-						virusname, report,
3963 
-						privdata->filename);
3964 
-					if(system(cmd) == 0)
3965 
-						logg(_("#Reported phishing to %s"), report);
3966 
-					else
3967 
-						logg(_("^Couldn't report to %s\n"), report);
3968 
-					if((!rejectmail) || privdata->discard)
3969 
-						rc = SMFIS_DISCARD;
3970 
-					else
3971 
-						rc = SMFIS_REJECT;
3972 
-				} else {
3973 
-					logg(_("^Can't set anti-phish header\n"));
3974 
-					rc = (privdata->discard) ? SMFIS_DISCARD : SMFIS_REJECT;
3975 
-				}
3976 
-			} else {
3977 
-				setsubject(ctx, "Phishing attempt trapped by ClamAV and redirected");
3978 
-
3979 
-				logg("Redirected phish to %s\n", report);
3980 
-			}
3981 
-		} else if(quarantine) {
3982 
-			for(to = privdata->to; *to; to++) {
3983 
-				smfi_delrcpt(ctx, *to);
3984 
-				smfi_addheader(ctx, "X-Original-To", *to);
3985 
-			}
3986 
-			/*
3987 
-			 * NOTE: on a closed relay this will not work
3988 
-			 * if the recipient is a remote address
3989 
-			 */
3990 
-			if(smfi_addrcpt(ctx, quarantine) == MI_FAILURE) {
3991 
-				logg(_("^Can't set quarantine user %s"), quarantine);
3992 
-				rc = (privdata->discard) ? SMFIS_DISCARD : SMFIS_REJECT;
3993 
-			} else {
3994 
-				if(report &&
3995 
-				   strstr(virusname, "Phishing") != NULL)
3996 
-					(void)smfi_addrcpt(ctx, report);
3997 
-				setsubject(ctx, virusname);
3998 
-
3999 
-				logg("Redirected virus to %s", quarantine);
4000 
-			}
4001 
-		} else if(advisory)
4002 
-			setsubject(ctx, virusname);
4003 
-		else if(rejectmail) {
4004 
-			if(privdata->discard)
4005 
-				rc = SMFIS_DISCARD;
4006 
-			else
4007 
-				rc = SMFIS_REJECT;	/* Delete the e-mail */
4008 
-		} else
4009 
-			rc = SMFIS_DISCARD;
4010 
-
4011 
-		if(quarantine_dir) {
4012 
-			/*
4013 
-			 * Cleanup filename here otherwise clamfi_free() will
4014 
-			 * delete the file that we wish to keep because it
4015 
-			 * is infected
4016 
-			 */
4017 
-			free(privdata->filename);
4018 
-			privdata->filename = NULL;
4019 
-		}
4020 
-
4021 
-		/*
4022 
-		 * Don't drop the message if it's been forwarded to a
4023 
-		 * quarantine email
4024 
-		 */
4025 
-		snprintf(reject, sizeof(reject) - 1, _("virus %s detected by ClamAV - http://www.clamav.net"), virusname);
4026 
-		smfi_setreply(ctx, (const char *)privdata->rejectCode, "5.7.1", reject);
4027 
-		broadcast(mess);
4028 
-
4029 
-		if(blacklist_time && privdata->ip[0]) {
4030 
-			logg(_("Will blacklist %s for %d seconds because of %s\n"),
4031 
-				privdata->ip, blacklist_time, virusname);
4032 
-			pthread_mutex_lock(&blacklist_mutex);
4033 
-			(void)tableUpdate(blacklist, privdata->ip,
4034 
-				(int)time((time_t *)0));
4035 
-			pthread_mutex_unlock(&blacklist_mutex);
4036 
-		}
4037 
-	} else if((strstr(mess, "OK") == NULL) && (strstr(mess, "Empty file") == NULL)) {
4038 
-		if(!nflag)
4039 
-			smfi_addheader(ctx, "X-Virus-Status", _("Unknown"));
4040 
-		logg(_("!%s: incorrect message \"%s\" from clamd"),
4041 
-				sendmailId, mess);
4042 
-		rc = cl_error;
4043 
-	} else {
4044 
-		if(!nflag)
4045 
-			smfi_addheader(ctx, "X-Virus-Status", _("Clean"));
4046 
-
4047 
-		/* Include the sendmail queue ID in the log */
4048 
-		if(logok)
4049 
-			logg(_("%s: clean message from %s\n"),
4050 
-				sendmailId,
4051 
-				(privdata->from) ? privdata->from : _("an unknown sender"));
4052 
-
4053 
-		if(privdata->body) {
4054 
-			/*
4055 
-			 * Add a signature that all has been scanned OK
4056 
-			 *
4057 
-			 * Note that this is simple minded and isn't aware of
4058 
-			 *	any MIME segments in the message. In practice
4059 
-			 *	this means that the message will only display
4060 
-			 *	on users' terminals if the message is
4061 
-			 *	plain/text
4062 
-			 */
4063 
-			off_t len = updateSigFile();
4064 
-
4065 
-			if(len) {
4066 
-				assert(Sflag != 0);
4067 
-
4068 
-				privdata->body = cli_realloc(privdata->body, privdata->bodyLen + len);
4069 
-				if(privdata->body) {
4070 
-					memcpy(&privdata->body[privdata->bodyLen], signature, len);
4071 
-					smfi_replacebody(ctx, privdata->body, privdata->bodyLen + len);
4072 
-				}
4073 
-			}
4074 
-		}
4075 
-	}
4076 
-
4077 
-	return rc;
4078 
-}
4079 
-
4080 
-static sfsistat
4081 
-clamfi_abort(SMFICTX *ctx)
4082 
-{
4083 
-	logg("*clamfi_abort\n");
4084 
-
4085 
-	clamfi_cleanup(ctx);
4086 
-	decrement_connexions();
4087 
-
4088 
-	logg("*clamfi_abort returns\n");
4089 
-
4090 
-	return cl_error;
4091 
-}
4092 
-
4093 
-static sfsistat
4094 
-clamfi_close(SMFICTX *ctx)
4095 
-{
4096 
-	logg("*clamfi_close\n");
4097 
-
4098 
-	clamfi_cleanup(ctx);
4099 
-	decrement_connexions();
4100 
-
4101 
-	return SMFIS_CONTINUE;
4102 
-}
4103 
-
4104 
-static void
4105 
-clamfi_cleanup(SMFICTX *ctx)
4106 
-{
4107 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
4108 
-
4109 
-	logg("#clamfi_cleanup\n");
4110 
-
4111 
-	if(privdata) {
4112 
-		clamfi_free(privdata, 0);
4113 
-		smfi_setpriv(ctx, NULL);
4114 
-	}
4115 
-}
4116 
-
4117 
-static void
4118 
-clamfi_free(struct privdata *privdata, int keep)
4119 
-{
4120 
-	logg("#clamfi_free\n");
4121 
-
4122 
-	if(privdata) {
4123 
-#ifdef	SESSION
4124 
-		struct session *session;
4125 
-#endif
4126 
-		if(privdata->body)
4127 
-			free(privdata->body);
4128 
-
4129 
-		if(privdata->dataSocket >= 0)
4130 
-			close(privdata->dataSocket);
4131 
-
4132 
-		if(privdata->filename != NULL) {
4133 
-			/*
4134 
-			 * Don't print an error if the file hasn't been
4135 
-			 * created yet
4136 
-			 */
4137 
-			if((unlink(privdata->filename) < 0) && (errno != ENOENT)) {
4138 
-				perror(privdata->filename);
4139 
-				logg(_("!Can't remove clean file %s"),
4140 
-					privdata->filename);
4141 
-			}
4142 
-			free(privdata->filename);
4143 
-		}
4144 
-
4145 
-		if(privdata->from) {
4146 
-#ifdef	CL_DEBUG
4147 
-			if(debug_level >= 9)
4148 
-				logg("#Free privdata->from\n");
4149 
-#endif
4150 
-			free(privdata->from);
4151 
-		}
4152 
-
4153 
-		if(privdata->subject)
4154 
-			free(privdata->subject);
4155 
-		if(privdata->sender)
4156 
-			free(privdata->sender);
4157 
-
4158 
-		if(privdata->to) {
4159 
-			char **to;
4160 
-
4161 
-			for(to = privdata->to; *to; to++) {
4162 
-#ifdef	CL_DEBUG
4163 
-				if(debug_level >= 9)
4164 
-					logg("#Free *privdata->to\n");
4165 
-#endif
4166 
-				free(*to);
4167 
-			}
4168 
-#ifdef	CL_DEBUG
4169 
-			if(debug_level >= 9)
4170 
-				logg("#Free privdata->to\n");
4171 
-#endif
4172 
-			free(privdata->to);
4173 
-		}
4174 
-
4175 
-		if(external) {
4176 
-#ifdef	SESSION
4177 
-			session = &sessions[privdata->serverNumber];
4178 
-			pthread_mutex_lock(&sstatus_mutex);
4179 
-			if(session->status == CMDSOCKET_INUSE) {
4180 
-				/*
4181 
-				 * Probably we've got here because
4182 
-				 * StreamMaxLength has been reached
4183 
-				 */
4184 
-#if	0
4185 
-				pthread_mutex_unlock(&sstatus_mutex);
4186 
-				if(readTimeout) {
4187 
-					char buf[64];
4188 
-					const int fd = session->sock;
4189 
-
4190 
-					logg("#clamfi_free: flush server %d fd %d\n",
4191 
-						privdata->serverNumber, fd);
4192 
-
4193 
-					/*
4194 
-					 * FIXME: whenever this code gets
4195 
-					 *	executed, all of the PINGs fail
4196 
-					 *	in the next watchdog cycle
4197 
-					 */
4198 
-					while(clamd_recv(fd, buf, sizeof(buf)) > 0)
4199 
-						;
4200 
-				}
4201 
-				pthread_mutex_lock(&sstatus_mutex);
4202 
-#endif
4203 
-				/* Force a reset */
4204 
-				session->status = CMDSOCKET_DOWN;
4205 
-			}
4206 
-			pthread_mutex_unlock(&sstatus_mutex);
4207 
-#else
4208 
-			if(privdata->cmdSocket >= 0) {
4209 
-#if	0
4210 
-				char buf[64];
4211 
-
4212 
-				/*
4213 
-				 * Flush the remote end so that clamd doesn't
4214 
-				 * get a SIGPIPE
4215 
-				 */
4216 
-				if(readTimeout)
4217 
-					while(clamd_recv(privdata->cmdSocket, buf, sizeof(buf)) > 0)
4218 
-						;
4219 
-#endif
4220 
-				close(privdata->cmdSocket);
4221 
-			}
4222 
-#endif
4223 
-		}
4224 
-
4225 
-		if(privdata->headers)
4226 
-			header_list_free(privdata->headers);
4227 
-
4228 
-#ifdef	CL_DEBUG
4229 
-		if(debug_level >= 9)
4230 
-			logg("#Free privdata\n");
4231 
-#endif
4232 
-		if(privdata->received)
4233 
-			free(privdata->received);
4234 
-
4235 
-		if(keep) {
4236 
-			memset(privdata, '\0', sizeof(struct privdata));
4237 
-#ifdef	SESSION
4238 
-			privdata->dataSocket = -1;
4239 
-#else
4240 
-			privdata->dataSocket = privdata->cmdSocket = -1;
4241 
-#endif
4242 
-		} else
4243 
-			free(privdata);
4244 
-	}
4245 
-
4246 
-	logg("#clamfi_free returns\n");
4247 
-}
4248 
-
4249 
-/*
4250 
- * Returns < 0 for failure, otherwise the number of bytes sent
4251 
- */
4252 
-static int
4253 
-clamfi_send(struct privdata *privdata, size_t len, const char *format, ...)
4254 
-{
4255 
-	char output[BUFSIZ];
4256 
-	const char *ptr;
4257 
-	int ret = 0;
4258 
-	assert(format != NULL);
4259 
-
4260 
-	if(len > 0)
4261 
-		/*
4262 
-		 * It isn't a NUL terminated string. We have a set number of
4263 
-		 * bytes to output.
4264 
-		 */
4265 
-		ptr = format;
4266 
-	else {
4267 
-		va_list argp;
4268 
-
4269 
-		va_start(argp, format);
4270 
-		vsnprintf(output, sizeof(output) - 1, format, argp);
4271 
-		va_end(argp);
4272 
-
4273 
-		len = strlen(output);
4274 
-		ptr = output;
4275 
-	}
4276 
-#ifdef	CL_DEBUG
4277 
-	if(debug_level >= 9) {
4278 
-		time_t t;
4279 
-		const struct tm *tm;
4280 
-
4281 
-		time(&t);
4282 
-		tm = localtime(&t);
4283 
-
4284 
-		logg("#%d:%d:%d clamfi_send: len=%u bufsiz=%u, fd=%d\n",
4285 
-			tm->tm_hour, tm->tm_min, tm->tm_sec, len,
4286 
-			sizeof(output), privdata->dataSocket);
4287 
-	}
4288 
-#endif
4289 
-
4290 
-	while(len > 0) {
4291 
-		const int nbytes = (privdata->filename) ?
4292 
-			write(privdata->dataSocket, ptr, len) :
4293 
-			send(privdata->dataSocket, ptr, len, 0);
4294 
-
4295 
-		assert(privdata->dataSocket >= 0);
4296 
-
4297 
-		if(nbytes == -1) {
4298 
-			if(privdata->filename) {
4299 
-#ifdef HAVE_STRERROR_R
4300 
-				char buf[32];
4301 
-
4302 
-				perror(privdata->filename);
4303 
-				strerror_r(errno, buf, sizeof(buf));
4304 
-				logg(_("!write failure (%lu bytes) to %s: %s\n"),
4305 
-					(unsigned long)len, privdata->filename, buf);
4306 
-#else
4307 
-				perror(privdata->filename);
4308 
-				logg(_("!write failure (%lu bytes) to %s: %s\n"),
4309 
-					(unsigned long)len, privdata->filename,
4310 
-					strerror(errno));
4311 
-#endif
4312 
-			} else {
4313 
-				if(errno == EINTR)
4314 
-					continue;
4315 
-				perror("send");
4316 
-#ifdef HAVE_STRERROR_R
4317 
-				{
4318 
-					char buf[32];
4319 
-					strerror_r(errno, buf, sizeof(buf));
4320 
-					logg(_("!write failure (%lu bytes) to clamd: %s\n"),
4321 
-						(unsigned long)len, buf);
4322 
-				}
4323 
-#else
4324 
-				logg(_("!write failure (%lu bytes) to clamd: %s\n"),
4325 
-					(unsigned long)len, strerror(errno));
4326 
-#endif
4327 
-				checkClamd(1);
4328 
-			}
4329 
-
4330 
-			return -1;
4331 
-		}
4332 
-		ret += nbytes;
4333 
-		len -= nbytes;
4334 
-		ptr = &ptr[nbytes];
4335 
-
4336 
-		if(streamMaxLength > 0L) {
4337 
-			privdata->numBytes += nbytes;
4338 
-			if(privdata->numBytes >= streamMaxLength)
4339 
-				break;
4340 
-		}
4341 
-	}
4342 
-	return ret;
4343 
-}
4344 
-
4345 
-/*
4346 
- * Like strcpy, but return the END of the destination, allowing a quicker
4347 
- * means of adding to the end of a string than strcat
4348 
- */
4349 
-#if	0
4350 
-static char *
4351 
-strrcpy(char *dest, const char *source)
4352 
-{
4353 
-	/* Pre assertions */
4354 
-	assert(dest != NULL);
4355 
-	assert(source != NULL);
4356 
-	assert(dest != source);
4357 
-
4358 
-	while((*dest++ = *source++) != '\0')
4359 
-		;
4360 
-	return(--dest);
4361 
-}
4362 
-#endif
4363 
-
4364 
-/*
4365 
- * Read from clamav - timeout if necessary
4366 
- */
4367 
-static long
4368 
-clamd_recv(int sock, char *buf, size_t len)
4369 
-{
4370 
-	struct timeval tv;
4371 
-	long ret;
4372 
-
4373 
-	assert(sock >= 0);
4374 
-
4375 
-	if(readTimeout == 0) {
4376 
-		do
4377 
-			/* TODO: Needs a test for ssize_t in configure */
4378 
-			ret = (long)recv(sock, buf, len, 0);
4379 
-		while((ret < 0) && (errno == EINTR));
4380 
-
4381 
-		return ret;
4382 
-	}
4383 
-
4384 
-	tv.tv_sec = readTimeout;
4385 
-	tv.tv_usec = 0;
4386 
-
4387 
-	for(;;) {
4388 
-		fd_set rfds;
4389 
-
4390 
-		FD_ZERO(&rfds);
4391 
-		FD_SET(sock, &rfds);
4392 
-
4393 
-		switch(select(sock + 1, &rfds, NULL, NULL, &tv)) {
4394 
-			case -1:
4395 
-				if(errno == EINTR)
4396 
-					/* FIXME: work out time left */
4397 
-					continue;
4398 
-				perror("select");
4399 
-				return -1;
4400 
-			case 0:
4401 
-				logg(_("!No data received from clamd in %d seconds\n"), readTimeout);
4402 
-				return 0;
4403 
-		}
4404 
-		break;
4405 
-	}
4406 
-
4407 
-	do
4408 
-		ret = recv(sock, buf, len, 0);
4409 
-	while((ret < 0) && (errno == EINTR));
4410 
-
4411 
-	return ret;
4412 
-}
4413 
-
4414 
-/*
4415 
- * Read in the signature file
4416 
- */
4417 
-static off_t
4418 
-updateSigFile(void)
4419 
-{
4420 
-	struct stat statb;
4421 
-	int fd;
4422 
-
4423 
-	if(sigFilename == NULL)
4424 
-		/* nothing to read */
4425 
-		return 0;
4426 
-
4427 
-	if(stat(sigFilename, &statb) < 0) {
4428 
-		perror(sigFilename);
4429 
-		logg(_("Can't stat %s"), sigFilename);
4430 
-		return 0;
4431 
-	}
4432 
-
4433 
-	if(statb.st_mtime <= signatureStamp)
4434 
-		return statb.st_size;	/* not changed */
4435 
-
4436 
-	fd = open(sigFilename, O_RDONLY);
4437 
-	if(fd < 0) {
4438 
-		perror(sigFilename);
4439 
-		logg(_("Can't open %s"), sigFilename);
4440 
-		return 0;
4441 
-	}
4442 
-
4443 
-	signatureStamp = statb.st_mtime;
4444 
-
4445 
-	signature = cli_realloc((void *)signature, statb.st_size);
4446 
-	if(signature)
4447 
-		cli_readn(fd, (void *)signature, statb.st_size);
4448 
-	close(fd);
4449 
-
4450 
-	return statb.st_size;
4451 
-}
4452 
-
4453 
-static header_list_t
4454 
-header_list_new(void)
4455 
-{
4456 
-	header_list_t ret;
4457 
-
4458 
-	ret = (header_list_t)cli_malloc(sizeof(struct header_list_struct));
4459 
-	if(ret) {
4460 
-		ret->first = NULL;
4461 
-		ret->last = NULL;
4462 
-	}
4463 
-	return ret;
4464 
-}
4465 
-
4466 
-static void
4467 
-header_list_free(header_list_t list)
4468 
-{
4469 
-	struct header_node_t *iter;
4470 
-
4471 
-	if(list == NULL)
4472 
-		return;
4473 
-
4474 
-	iter = list->first;
4475 
-	while(iter) {
4476 
-		struct header_node_t *iter2 = iter->next;
4477 
-		free(iter->header);
4478 
-		free(iter);
4479 
-		iter = iter2;
4480 
-	}
4481 
-	free(list);
4482 
-}
4483 
-
4484 
-static void
4485 
-header_list_add(header_list_t list, const char *headerf, const char *headerv)
4486 
-{
4487 
-	char *header;
4488 
-	size_t len;
4489 
-	struct header_node_t *new_node;
4490 
-
4491 
-	if(list == NULL)
4492 
-		return;
4493 
-
4494 
-	len = (size_t)(strlen(headerf) + strlen(headerv) + 3);
4495 
-
4496 
-	header = (char *)cli_malloc(len);
4497 
-	if(header == NULL)
4498 
-		return;
4499 
-
4500 
-	sprintf(header, "%s: %s", headerf, headerv);
4501 
-	new_node = (struct header_node_t *)cli_malloc(sizeof(struct header_node_t));
4502 
-	if(new_node == NULL) {
4503 
-		free(header);
4504 
-		return;
4505 
-	}
4506 
-	new_node->header = header;
4507 
-	new_node->next = NULL;
4508 
-	if(list->first == NULL)
4509 
-		list->first = new_node;
4510 
-	if(list->last)
4511 
-		list->last->next = new_node;
4512 
-
4513 
-	list->last = new_node;
4514 
-}
4515 
-
4516 
-static void
4517 
-header_list_print(const header_list_t list, FILE *fp)
4518 
-{
4519 
-	const struct header_node_t *iter;
4520 
-
4521 
-	if(list == NULL)
4522 
-		return;
4523 
-
4524 
-	for(iter = list->first; iter; iter = iter->next) {
4525 
-		if(strncmp(iter->header, "From ", 5) == 0)
4526 
-			putc('>', fp);
4527 
-		fprintf(fp, "%s\n", iter->header);
4528 
-	}
4529 
-}
4530 
-
4531 
-/*
4532 
- * Establish a connexion to clamd
4533 
- *	Returns success (1) or failure (0)
4534 
- */
4535 
-static int
4536 
-connect2clamd(struct privdata *privdata)
4537 
-{
4538 
-	assert(privdata != NULL);
4539 
-	assert(privdata->dataSocket == -1);
4540 
-	assert(privdata->from != NULL);
4541 
-	assert(privdata->to != NULL);
4542 
-
4543 
-	logg("*connect2clamd\n");
4544 
-
4545 
-	if(quarantine_dir || tmpdir) {	/* store message in a temporary file */
4546 
-		int ntries = 5;
4547 
-		const char *dir = (tmpdir) ? tmpdir : quarantine_dir;
4548 
-
4549 
-		/*
4550 
-		 * TODO: investigate mkdtemp on LINUX and possibly others
4551 
-		 */
4552 
-#ifdef	C_AIX
4553 
-		/*
4554 
-		 * Patch by Andy Feldt <feldt@nhn.ou.edu>, AIX 5.2 sets errno
4555 
-		 * to ENOENT often and sometimes sets errno to 0 (after a
4556 
-		 * database reload) for the mkdir call
4557 
-		 */
4558 
-		if((mkdir(dir, 0700) < 0) && (errno != EEXIST) && (errno > 0) &&
4559 
-		    (errno != ENOENT)) {
4560 
-#else
4561 
-		if((mkdir(dir, 0700) < 0) && (errno != EEXIST)) {
4562 
-#endif
4563 
-			perror(dir);
4564 
-			logg(_("mkdir %s failed"), dir);
4565 
-			return 0;
4566 
-		}
4567 
-		privdata->filename = (char *)cli_malloc(strlen(dir) + 12);
4568 
-
4569 
-		if(privdata->filename == NULL)
4570 
-			return 0;
4571 
-
4572 
-		do {
4573 
-			sprintf(privdata->filename, "%s/msg.XXXXXX", dir);
4574 
-#if	defined(C_LINUX) || defined(C_BSD) || defined(HAVE_MKSTEMP) || defined(C_SOLARIS)
4575 
-			privdata->dataSocket = mkstemp(privdata->filename);
4576 
-#else
4577 
-			if(mktemp(privdata->filename) == NULL) {
4578 
-				logg(_("mktemp %s failed"), privdata->filename);
4579 
-				return 0;
4580 
-			}
4581 
-			privdata->dataSocket = open(privdata->filename, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC, 0600);
4582 
-#endif
4583 
-		} while((--ntries > 0) && (privdata->dataSocket < 0));
4584 
-
4585 
-		if(privdata->dataSocket < 0) {
4586 
-			perror(privdata->filename);
4587 
-			logg(_("Temporary quarantine file %s creation failed"),
4588 
-				privdata->filename);
4589 
-			free(privdata->filename);
4590 
-			privdata->filename = NULL;
4591 
-			return 0;
4592 
-		}
4593 
-		privdata->serverNumber = 0;
4594 
-		logg("#Saving message to %s to scan later\n", privdata->filename);
4595 
-	} else {	/* communicate to clamd */
4596 
-		int freeServer, nbytes;
4597 
-		in_port_t p;
4598 
-		struct sockaddr_in reply;
4599 
-		char buf[64];
4600 
-
4601 
-#ifdef	SESSION
4602 
-		struct session *session;
4603 
-#else
4604 
-		assert(privdata->cmdSocket == -1);
4605 
-#endif
4606 
-
4607 
-		/*
4608 
-		 * Create socket to talk to clamd. It will tell us the port to
4609 
-		 * use to send the data. That will require another socket.
4610 
-		 */
4611 
-		if(localSocket) {
4612 
-#ifndef	SESSION
4613 
-			struct sockaddr_un server;
4614 
-
4615 
-			memset((char *)&server, 0, sizeof(struct sockaddr_un));
4616 
-			server.sun_family = AF_UNIX;
4617 
-			strncpy(server.sun_path, localSocket, sizeof(server.sun_path));
4618 
-			server.sun_path[sizeof(server.sun_path)-1]='\0';
4619 
-
4620 
-			if((privdata->cmdSocket = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
4621 
-				perror("socket");
4622 
-				return 0;
4623 
-			}
4624 
-			if(connect(privdata->cmdSocket, (struct sockaddr *)&server, sizeof(struct sockaddr_un)) < 0) {
4625 
-				perror(localSocket);
4626 
-				return 0;
4627 
-			}
4628 
-			privdata->serverNumber = 0;
4629 
-#endif
4630 
-			freeServer = 0;
4631 
-		} else {	/* TCP/IP */
4632 
-#ifdef	SESSION
4633 
-			freeServer = findServer();
4634 
-			if(freeServer < 0)
4635 
-				return 0;
4636 
-			assert(freeServer < (int)max_children);
4637 
-#else
4638 
-			struct sockaddr_in server;
4639 
-
4640 
-			memset((char *)&server, 0, sizeof(struct sockaddr_in));
4641 
-			server.sin_family = AF_INET;
4642 
-			server.sin_port = (in_port_t)htons(tcpSocket);
4643 
-
4644 
-			assert(serverIPs != NULL);
4645 
-
4646 
-			freeServer = findServer();
4647 
-			if(freeServer < 0)
4648 
-				return 0;
4649 
-			assert(freeServer < (int)numServers);
4650 
-
4651 
-			server.sin_addr.s_addr = serverIPs[freeServer];
4652 
-
4653 
-			if((privdata->cmdSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
4654 
-				perror("socket");
4655 
-				return 0;
4656 
-			}
4657 
-			if(connect(privdata->cmdSocket, (struct sockaddr *)&server, sizeof(struct sockaddr_in)) < 0) {
4658 
-				char *hostname = cli_strtok(serverHostNames, freeServer, ":");
4659 
-
4660 
-				perror(hostname ? hostname : "connect");
4661 
-				close(privdata->cmdSocket);
4662 
-				privdata->cmdSocket = -1;
4663 
-				if(hostname)
4664 
-					free(hostname);
4665 
-				time(&last_failed_pings[freeServer]);
4666 
-				return 0;
4667 
-			}
4668 
-			last_failed_pings[freeServer] = (time_t)0;
4669 
-#endif
4670 
-			privdata->serverNumber = freeServer;
4671 
-		}
4672 
-
4673 
-#ifdef	SESSION
4674 
-		if(serverIPs[freeServer] == (int)inet_addr("127.0.0.1")) {
4675 
-			privdata->filename = cli_gentemp(NULL);
4676 
-			if(privdata->filename) {
4677 
-				logg("#connect2clamd(%d): creating %s\n", freeServer, privdata->filename);
4678 
-#ifdef	O_TEXT
4679 
-				privdata->dataSocket = open(privdata->filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_TEXT, 0600);
4680 
-#else
4681 
-				privdata->dataSocket = open(privdata->filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
4682 
-#endif
4683 
-				if(privdata->dataSocket < 0) {
4684 
-					perror(privdata->filename);
4685 
-					free(privdata->filename);
4686 
-					privdata->filename = NULL;
4687 
-				} else
4688 
-					return sendToFrom(privdata);
4689 
-			}
4690 
-		}
4691 
-		logg("#connect2clamd(%d): STREAM\n", freeServer);
4692 
-
4693 
-		session = &sessions[freeServer];
4694 
-		if((session->sock < 0) || (send(session->sock, "STREAM\n", 7, 0) < 7)) {
4695 
-			perror("send");
4696 
-			pthread_mutex_lock(&sstatus_mutex);
4697 
-			session->status = CMDSOCKET_DOWN;
4698 
-			pthread_mutex_unlock(&sstatus_mutex);
4699 
-			logg(_("!failed to send STREAM command clamd server %d"),
4700 
-				freeServer);
4701 
-
4702 
-			return 0;
4703 
-		}
4704 
-#else
4705 
-		if(send(privdata->cmdSocket, "STREAM\n", 7, 0) < 7) {
4706 
-			perror("send");
4707 
-			logg(_("!failed to send STREAM command clamd"));
4708 
-			return 0;
4709 
-		}
4710 
-		shutdown(privdata->cmdSocket, SHUT_WR);
4711 
-#endif
4712 
-
4713 
-		/*
4714 
-		 * Create socket that we'll use to send the data to clamd
4715 
-		 */
4716 
-		if((privdata->dataSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
4717 
-			perror("socket");
4718 
-			logg(_("!failed to create TCPSocket to talk to clamd\n"));
4719 
-			return 0;
4720 
-		}
4721 
-
4722 
-		shutdown(privdata->dataSocket, SHUT_RD);
4723 
-
4724 
-#ifdef	SESSION
4725 
-		nbytes = clamd_recv(session->sock, buf, sizeof(buf));
4726 
-		if(nbytes <= 0) {
4727 
-			if(nbytes < 0) {
4728 
-				perror("recv");
4729 
-				logg(_("!recv failed from clamd getting PORT\n"));
4730 
-			} else
4731 
-				logg(_("!EOF from clamd getting PORT\n"));
4732 
-
4733 
-			pthread_mutex_lock(&sstatus_mutex);
4734 
-			session->status = CMDSOCKET_DOWN;
4735 
-			return pthread_mutex_unlock(&sstatus_mutex);
4736 
-		}
4737 
-#else
4738 
-		nbytes = clamd_recv(privdata->cmdSocket, buf, sizeof(buf));
4739 
-		if(nbytes <= 0) {
4740 
-			if(nbytes < 0) {
4741 
-				perror("recv");
4742 
-				logg(_("!recv failed from clamd getting PORT\n"));
4743 
-			} else
4744 
-				logg(_("!EOF from clamd getting PORT\n"));
4745 
-
4746 
-			return 0;
4747 
-		}
4748 
-#endif
4749 
-		buf[nbytes] = '\0';
4750 
-#ifdef	CL_DEBUG
4751 
-		if(debug_level >= 4)
4752 
-			logg("#Received: %s\n", buf);
4753 
-#endif
4754 
-		if(sscanf(buf, "PORT %hu\n", &p) != 1) {
4755 
-			logg(_("!Expected port information from clamd, got '%s'\n"),
4756 
-				buf);
4757 
-#ifdef	SESSION
4758 
-			session->status = CMDSOCKET_DOWN;
4759 
-			pthread_mutex_unlock(&sstatus_mutex);
4760 
-#endif
4761 
-			return 0;
4762 
-		}
4763 
-
4764 
-		memset((char *)&reply, 0, sizeof(struct sockaddr_in));
4765 
-		reply.sin_family = AF_INET;
4766 
-		reply.sin_port = (in_port_t)htons(p);
4767 
-
4768 
-		assert(serverIPs != NULL);
4769 
-
4770 
-		reply.sin_addr.s_addr = serverIPs[freeServer];
4771 
-
4772 
-#ifdef	CL_DEBUG
4773 
-		if(debug_level >= 4)
4774 
-#ifdef	SESSION
4775 
-			logg(_("#Connecting to local port %d - data %d cmd %d\n"),
4776 
-				p, privdata->dataSocket, session->sock);
4777 
-#else
4778 
-			logg(_("#Connecting to local port %d - data %d cmd %d\n"),
4779 
-				p, privdata->dataSocket, privdata->cmdSocket);
4780 
-#endif
4781 
-#endif
4782 
-
4783 
-		if(connect(privdata->dataSocket, (struct sockaddr *)&reply, sizeof(struct sockaddr_in)) < 0) {
4784 
-			perror("connect");
4785 
-
4786 
-			logg("#Failed to connect to port %d given by clamd\n",
4787 
-				p);
4788 
-			/* 0.4 - use better error message */
4789 
-#ifdef HAVE_STRERROR_R
4790 
-			strerror_r(errno, buf, sizeof(buf));
4791 
-			logg(_("!Failed to connect to port %d given by clamd: %s"),
4792 
-					p, buf);
4793 
-#else
4794 
-			logg(_("!Failed to connect to port %d given by clamd: %s"), p, strerror(errno));
4795 
-#endif
4796 
-#ifdef	SESSION
4797 
-			pthread_mutex_lock(&sstatus_mutex);
4798 
-			session->status = CMDSOCKET_DOWN;
4799 
-			pthread_mutex_unlock(&sstatus_mutex);
4800 
-#endif
4801 
-			return 0;
4802 
-		}
4803 
-	}
4804 
-
4805 
-	if(!sendToFrom(privdata))
4806 
-		return 0;
4807 
-
4808 
-	logg("#connect2clamd: serverNumber = %d\n", privdata->serverNumber);
4809 
-
4810 
-	return 1;
4811 
-}
4812 
-
4813 
-/*
4814 
- * Combine the To and From into one clamfi_send to save bandwidth
4815 
- * when sending using TCP/IP to connect to a remote clamd, by band
4816 
- * width here I mean number of packets
4817 
- */
4818 
-static int
4819 
-sendToFrom(struct privdata *privdata)
4820 
-{
4821 
-	char **to;
4822 
-	char *msg;
4823 
-	int length;
4824 
-
4825 
-	length = strlen(privdata->from) + 34;
4826 
-	for(to = privdata->to; *to; to++)
4827 
-		length += strlen(*to) + 5;
4828 
-
4829 
-	msg = cli_malloc(length + 1);
4830 
-
4831 
-	if(msg) {
4832 
-		sprintf(msg, "Received: by clamav-milter\nFrom: %s\n",
4833 
-			privdata->from);
4834 
-
4835 
-		for(to = privdata->to; *to; to++) {
4836 
-			char *eom = strchr(msg, '\0');
4837 
-
4838 
-			sprintf(eom, "To: %s\n", *to);
4839 
-		}
4840 
-		if(clamfi_send(privdata, length, msg) != length) {
4841 
-			free(msg);
4842 
-			return 0;
4843 
-		}
4844 
-		free(msg);
4845 
-	} else {
4846 
-		if(clamfi_send(privdata, 0,
4847 
-		    "Received: by clamav-milter\nFrom: %s\n",
4848 
-		    privdata->from) <= 0)
4849 
-			return 0;
4850 
-
4851 
-		for(to = privdata->to; *to; to++)
4852 
-			if(clamfi_send(privdata, 0, "To: %s\n", *to) <= 0)
4853 
-				return 0;
4854 
-	}
4855 
-
4856 
-	return 1;
4857 
-}
4858 
-
4859 
-/*
4860 
- * If possible, check if clamd has died, and, if requested, report if it has
4861 
- * Returns true if OK or unknown, otherwise false
4862 
- */
4863 
-static int
4864 
-checkClamd(int log_result)
4865 
-{
4866 
-	pid_t pid;
4867 
-	int fd, nbytes;
4868 
-	char buf[9];
4869 
-
4870 
-	int i, onlocal;
4871 
-
4872 
-	for(i = 0; i < numServers; i++) {
4873 
-		if(serverIPs[i] && pingServer(i))
4874 
-			return 1;
4875 
-	}
4876 
-
4877 
-	if(log_result)
4878 
-		logg(_("!Can't find any clamd server\n"));
4879 
-	return 0;
4880 
-}
4881 
-
4882 
-/*
4883 
- * Send a templated message about an intercepted message. Very basic for
4884 
- * now, just to prove it works, will enhance the flexability later, only
4885 
- * supports %v and $sendmail_variables$ at present.
4886 
- *
4887 
- * TODO: more template features
4888 
- * TODO: allow filename to start with a '|' taken to mean the output of
4889 
- *	a program
4890 
- */
4891 
-static int
4892 
-sendtemplate(SMFICTX *ctx, const char *filename, FILE *sendmail, const char *virusname)
4893 
-{
4894 
-	FILE *fin = fopen(filename, "r");
4895 
-	struct stat statb;
4896 
-	char *buf, *ptr /* , *ptr2 */;
4897 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
4898 
-
4899 
-	if(fin == NULL) {
4900 
-		perror(filename);
4901 
-		logg(_("!Can't open e-mail template file %s"), filename);
4902 
-		return -1;
4903 
-	}
4904 
-
4905 
-	if(fstat(fileno(fin), &statb) < 0) {
4906 
-		/* File disappeared in race condition? */
4907 
-		perror(filename);
4908 
-		logg(_("!Can't stat e-mail template file %s"), filename);
4909 
-		fclose(fin);
4910 
-		return -1;
4911 
-	}
4912 
-	buf = cli_malloc(statb.st_size + 1);
4913 
-	if(buf == NULL) {
4914 
-		fclose(fin);
4915 
-		logg(_("!Out of memory"));
4916 
-		return -1;
4917 
-	}
4918 
-	if(fread(buf, sizeof(char), statb.st_size, fin) != (size_t)statb.st_size) {
4919 
-		perror(filename);
4920 
-		logg(_("!Error reading e-mail template file %s"),
4921 
-			filename);
4922 
-		fclose(fin);
4923 
-		free(buf);
4924 
-		return -1;
4925 
-	}
4926 
-	fclose(fin);
4927 
-	buf[statb.st_size] = '\0';
4928 
-
4929 
-	for(ptr = buf; *ptr; ptr++)
4930 
-		switch(*ptr) {
4931 
-			case '%': /* clamAV variable */
4932 
-				switch(*++ptr) {
4933 
-					case 'v':	/* virus name */
4934 
-						fputs(virusname, sendmail);
4935 
-						break;
4936 
-					case '%':
4937 
-						putc('%', sendmail);
4938 
-						break;
4939 
-					case 'h':	/* headers */
4940 
-						if(privdata)
4941 
-							header_list_print(privdata->headers, sendmail);
4942 
-						break;
4943 
-					case '\0':
4944 
-						putc('%', sendmail);
4945 
-						--ptr;
4946 
-						continue;
4947 
-					default:
4948 
-						logg(_("!%s: Unknown clamAV variable \"%c\"\n"),
4949 
-							filename, *ptr);
4950 
-						break;
4951 
-				}
4952 
-				break;
4953 
-			case '$': /* sendmail string */ {
4954 
-				const char *val;
4955 
-				char *end = strchr(++ptr, '$');
4956 
-
4957 
-				if(end == NULL) {
4958 
-					logg(_("!%s: Unterminated sendmail variable \"%s\"\n"),
4959 
-						filename, ptr);
4960 
-					continue;
4961 
-				}
4962 
-				*end = '\0';
4963 
-
4964 
-				val = smfi_getsymval(ctx, ptr);
4965 
-				if(val == NULL) {
4966 
-					fputs(ptr, sendmail);
4967 
-						logg(_("!%s: Unknown sendmail variable \"%s\"\n"),
4968 
-							filename, ptr);
4969 
-				} else
4970 
-					fputs(val, sendmail);
4971 
-				ptr = end;
4972 
-				break;
4973 
-			}
4974 
-			case '\\':
4975 
-				if(*++ptr == '\0') {
4976 
-					--ptr;
4977 
-					continue;
4978 
-				}
4979 
-				putc(*ptr, sendmail);
4980 
-				break;
4981 
-			default:
4982 
-				putc(*ptr, sendmail);
4983 
-		}
4984 
-
4985 
-	free(buf);
4986 
-
4987 
-	return 0;
4988 
-}
4989 
-
4990 
-/*
4991 
- * Keep the infected file in quarantine, return success (0) or failure
4992 
- *
4993 
- * It's quicker if the quarantine directory is on the same filesystem
4994 
- *	as the temporary directory
4995 
- */
4996 
-static int
4997 
-qfile(struct privdata *privdata, const char *sendmailId, const char *virusname)
4998 
-{
4999 
-	int MM, YY, DD;
5000 
-	time_t t;
5001 
-	size_t len;
5002 
-	char *newname, *ptr;
5003 
-	const struct tm *tm;
5004 
-
5005 
-	assert(privdata != NULL);
5006 
-
5007 
-	if((privdata->filename == NULL) || (virusname == NULL))
5008 
-		return -1;
5009 
-
5010 
-	logg("#qfile filename '%s' sendmailId '%s' virusname '%s'\n", privdata->filename, sendmailId, virusname);
5011 
-
5012 
-	len = strlen(quarantine_dir);
5013 
-
5014 
-	newname = cli_malloc(len + strlen(sendmailId) + strlen(virusname) + 10);
5015 
-
5016 
-	if(newname == NULL)
5017 
-		return -1;
5018 
-
5019 
-	t = time((time_t *)0);
5020 
-	tm = localtime(&t);
5021 
-	MM = tm->tm_mon + 1;
5022 
-	YY = tm->tm_year - 100;
5023 
-	DD = tm->tm_mday;
5024 
-
5025 
-	sprintf(newname, "%s/%02d%02d%02d", quarantine_dir, YY, MM, DD);
5026 
-#ifdef	C_AIX
5027 
-	if((mkdir(newname, 0700) < 0) && (errno != EEXIST) && (errno > 0) &&
5028 
-	    (errno != ENOENT)) {
5029 
-#else
5030 
-	if((mkdir(newname, 0700) < 0) && (errno != EEXIST)) {
5031 
-#endif
5032 
-		perror(newname);
5033 
-		logg(_("!mkdir %s failed\n"), newname);
5034 
-		return -1;
5035 
-	}
5036 
-	sprintf(newname, "%s/%02d%02d%02d/%s.%s",
5037 
-		quarantine_dir, YY, MM, DD, sendmailId, virusname);
5038 
-
5039 
-	/*
5040 
-	 * Strip out funnies that may be in the name of the virus, such as '/'
5041 
-	 * that would cause the quarantine to fail to save since the name
5042 
-	 * of the virus is included in the filename
5043 
-	 */
5044 
-	for(ptr = &newname[len + 8]; *ptr; ptr++) {
5045 
-#ifdef	C_DARWIN
5046 
-		*ptr &= '\177';
5047 
-#endif
5048 
-#if	defined(MSDOS) || defined(C_WINDOWS) || defined(C_OS2)
5049 
-		if(strchr("/*?<>|\\\"+=,;:\t ", *ptr))
5050 
-#else
5051 
-		if(*ptr == '/')
5052 
-#endif
5053 
-			*ptr = '_';
5054 
-	}
5055 
-	logg("#qfile move '%s' to '%s'\n", privdata->filename, newname);
5056 
-
5057 
-	if(move(privdata->filename, newname) < 0) {
5058 
-		logg(_("^Can't rename %1$s to %2$s\n"),
5059 
-			privdata->filename, newname);
5060 
-		free(newname);
5061 
-		return -1;
5062 
-	}
5063 
-	free(privdata->filename);
5064 
-	privdata->filename = newname;
5065 
-
5066 
-	logg(_("Email quarantined as %s\n"), newname);
5067 
-
5068 
-	return 0;
5069 
-}
5070 
-
5071 
-/*
5072 
- * Move oldfile to newfile using the fastest possible method
5073 
- */
5074 
-static int
5075 
-move(const char *oldfile, const char *newfile)
5076 
-{
5077 
-	int ret, c;
5078 
-	FILE *fin, *fout;
5079 
-#ifdef	C_LINUX
5080 
-	struct stat statb;
5081 
-	int in, out;
5082 
-	off_t offset;
5083 
-#endif
5084 
-
5085 
-	ret = rename(oldfile, newfile);
5086 
-	if(ret >= 0)
5087 
-		return 0;
5088 
-
5089 
-	if((ret < 0) && (errno != EXDEV)) {
5090 
-		perror(newfile);
5091 
-		return -1;
5092 
-	}
5093 
-
5094 
-#ifdef	C_LINUX	/* >= 2.2 */
5095 
-	in = open(oldfile, O_RDONLY);
5096 
-	if(in < 0) {
5097 
-		perror(oldfile);
5098 
-		return -1;
5099 
-	}
5100 
-
5101 
-	if(fstat(in, &statb) < 0) {
5102 
-		perror(oldfile);
5103 
-		close(in);
5104 
-		return -1;
5105 
-	}
5106 
-	out = open(newfile, O_WRONLY|O_CREAT, 0600);
5107 
-	if(out < 0) {
5108 
-		perror(newfile);
5109 
-		close(in);
5110 
-		return -1;
5111 
-	}
5112 
-	offset = (off_t)0;
5113 
-	ret = sendfile(out, in, &offset, statb.st_size);
5114 
-	close(in);
5115 
-	if(ret < 0) {
5116 
-		/*
5117 
-		 * Fall back if sendfile fails, which will happen on Linux
5118 
-		 * 2.6 :-(. FreeBSD works correctly, so the ifdef should be
5119 
-		 * fixed
5120 
-		 */
5121 
-		close(out);
5122 
-		unlink(newfile);
5123 
-
5124 
-		fin = fopen(oldfile, "r");
5125 
-		if(fin == NULL)
5126 
-			return -1;
5127 
-
5128 
-		fout = fopen(newfile, "w");
5129 
-		if(fout == NULL) {
5130 
-			fclose(fin);
5131 
-			return -1;
5132 
-		}
5133 
-		while((c = getc(fin)) != EOF)
5134 
-			putc(c, fout);
5135 
-
5136 
-		fclose(fin);
5137 
-		fclose(fout);
5138 
-	} else
5139 
-		close(out);
5140 
-#else
5141 
-	fin = fopen(oldfile, "r");
5142 
-	if(fin == NULL)
5143 
-		return -1;
5144 
-
5145 
-	fout = fopen(newfile, "w");
5146 
-	if(fout == NULL) {
5147 
-		fclose(fin);
5148 
-		return -1;
5149 
-	}
5150 
-	while((c = getc(fin)) != EOF)
5151 
-		putc(c, fout);
5152 
-
5153 
-	fclose(fin);
5154 
-	fclose(fout);
5155 
-#endif
5156 
-
5157 
-	logg("#removing %s\n", oldfile);
5158 
-
5159 
-	return unlink(oldfile);
5160 
-}
5161 
-
5162 
-/*
5163 
- * Store the name of the virus in the subject of the e-mail
5164 
- */
5165 
-static void
5166 
-setsubject(SMFICTX *ctx, const char *virusname)
5167 
-{
5168 
-	struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
5169 
-	char subject[128];
5170 
-
5171 
-	if(privdata->subject)
5172 
-		smfi_addheader(ctx, "X-Original-Subject", privdata->subject);
5173 
-
5174 
-	snprintf(subject, sizeof(subject) - 1, _("[Virus] %s"), virusname);
5175 
-	if(privdata->subject)
5176 
-		smfi_chgheader(ctx, "Subject", 1, subject);
5177 
-	else
5178 
-		smfi_addheader(ctx, "Subject", subject);
5179 
-}
5180 
-
5181 
-#if	0
5182 
-/*
5183 
- * TODO: gethostbyname_r is non-standard so different operating
5184 
- * systems do it in different ways. Need more examples
5185 
- * Perhaps we could use res_search()?
5186 
- * Perhaps we could use http://www.chiark.greenend.org.uk/~ian/adns/
5187 
- *
5188 
- * Returns 0 for success
5189 
- */
5190 
-static int
5191 
-clamfi_gethostbyname(const char *hostname, struct hostent *hp, char *buf, size_t len)
5192 
-{
5193 
-#if	defined(HAVE_GETHOSTBYNAME_R_6)
5194 
-	/* e.g. Linux */
5195 
-	struct hostent *hp2;
5196 
-	int ret = -1;
5197 
-
5198 
-	if((hostname == NULL) || (hp == NULL))
5199 
-		return -1;
5200 
-	if(gethostbyname_r(hostname, hp, buf, len, &hp2, &ret) < 0)
5201 
-		return ret;
5202 
-#elif	defined(HAVE_GETHOSTBYNAME_R_5)
5203 
-	/* e.g. BSD, Solaris, Cygwin */
5204 
-	int ret = -1;
5205 
-
5206 
-	if((hostname == NULL) || (hp == NULL))
5207 
-		return -1;
5208 
-	if(gethostbyname_r(hostname, hp, buf, len, &ret) == NULL)
5209 
-		return ret;
5210 
-#elif	defined(HAVE_GETHOSTBYNAME_R_3)
5211 
-	/* e.g. HP/UX, AIX */
5212 
-	if((hostname == NULL) || (hp == NULL))
5213 
-		return -1;
5214 
-	if(gethostbyname_r(hostname, &hp, (struct hostent_data *)buf) < 0)
5215 
-		return h_errno;
5216 
-#else
5217 
-	/* Single thread the code */
5218 
-	struct hostent *hp2;
5219 
-	static pthread_mutex_t hostent_mutex = PTHREAD_MUTEX_INITIALIZER;
5220 
-
5221 
-	if((hostname == NULL) || (hp == NULL))
5222 
-		return -1;
5223 
-
5224 
-	pthread_mutex_lock(&hostent_mutex);
5225 
-	if((hp2 = gethostbyname(hostname)) == NULL) {
5226 
-		pthread_mutex_unlock(&hostent_mutex);
5227 
-		return h_errno;
5228 
-	}
5229 
-	memcpy(hp, hp2, sizeof(struct hostent));
5230 
-	pthread_mutex_unlock(&hostent_mutex);
5231 
-#endif
5232 
-
5233 
-	return 0;
5234 
-}
5235 
-#endif
5236 
-
5237 
-/*
5238 
- * Handle the -I flag
5239 
- */
5240 
-static int
5241 
-add_local_ip(char *address)
5242 
-{
5243 
-	char *opt, *pref;
5244 
-	int preflen;
5245 
-	int retval;
5246 
-	struct in_addr ignoreIP;
5247 
-#ifdef	AF_INET6
5248 
-	struct in6_addr ignoreIP6;
5249 
-#endif
5250 
-
5251 
-	opt = cli_strdup(address);
5252 
-	if(opt == NULL)
5253 
-		return 0;
5254 
-
5255 
-	pref = strchr(opt, '/'); /* search for "/prefix" */
5256 
-	if(pref)
5257 
-		*pref = '\0';
5258 
-#ifdef HAVE_INET_NTOP
5259 
-	/* IPv4 address ? */
5260 
-	if(inet_pton(AF_INET, opt, &ignoreIP) > 0) {
5261 
-#else
5262 
-	if(inet_aton(address, &ignoreIP)) {
5263 
-#endif
5264 
-		struct cidr_net *net;
5265 
-
5266 
-		for(net = (struct cidr_net *)localNets; net->base; net++)
5267 
-			;
5268 
-		if(pref && *(pref+1))
5269 
-			preflen = atoi(pref+1);
5270 
-		else
5271 
-			preflen = 32;
5272 
-
5273 
-		net->base = ntohl(ignoreIP.s_addr);
5274 
-		net->mask = MAKEMASK(preflen);
5275 
-
5276 
-		retval = 1;
5277 
-	}
5278 
-
5279 
-#ifdef HAVE_INET_NTOP
5280 
-#ifdef AF_INET6
5281 
-	else if(inet_pton(AF_INET6, opt, &ignoreIP6) > 0) {
5282 
-		/* IPv6 address ? */
5283 
-		localNets6[localNets6_cnt].base = ignoreIP6;
5284 
-
5285 
-		if(pref && *(pref+1))
5286 
-			preflen = atoi (pref+1);
5287 
-		else
5288 
-			preflen = 128;
5289 
-		localNets6[localNets6_cnt].preflen = preflen;
5290 
-		localNets6_cnt++;
5291 
-
5292 
-		retval = 1;
5293 
-	}
5294 
-#endif
5295 
-#endif
5296 
-	else
5297 
-		retval = 0;
5298 
-
5299 
-	free(opt);
5300 
-	return retval;
5301 
-}
5302 
-
5303 
-/*
5304 
- * Determine if an IPv6 email address is "local". The address is the
5305 
- *	human readable version. Calls isLocalAddr if the given address is
5306 
- *	IPv4
5307 
- */
5308 
-static int
5309 
-isLocal(const char *addr)
5310 
-{
5311 
-	struct in_addr ip;
5312 
-#ifdef	AF_INET6
5313 
-	struct in6_addr ip6;
5314 
-#endif
5315 
-
5316 
-#ifdef HAVE_INET_NTOP
5317 
-	if(inet_pton(AF_INET, addr, &ip) > 0)
5318 
-		return isLocalAddr(ip.s_addr);
5319 
-#ifdef AF_INET6
5320 
-	else if(inet_pton (AF_INET6, addr, &ip6) > 0) {
5321 
-		int i;
5322 
-		const cidr_net6 *pnet6 = localNets6;
5323 
-
5324 
-		for (i = 0; i < localNets6_cnt; i++) {
5325 
-			int match = 1;
5326 
-			int j;
5327 
-
5328 
-			for(j = 0; match && j < (pnet6->preflen >> 3); j++)
5329 
-				if(pnet6->base.s6_addr[j] != ip6.s6_addr[j])
5330 
-					match = 0;
5331 
-			if(match && (j < 16)) {
5332 
-				uint8_t mask = (uint8_t)(0xff << (8 - (pnet6->preflen & 7)) & 0xFF);
5333 
-
5334 
-				if((pnet6->base.s6_addr[j] & mask) != (ip6.s6_addr[j] & mask))
5335 
-					match = 0;
5336 
-			}
5337 
-			if(match)
5338 
-				return 1;	/* isLocal */
5339 
-			pnet6++;
5340 
-		 }
5341 
-	}
5342 
-#endif	/* AF_INET6 */
5343 
-#endif	/* HAVE_INET_NTOP */
5344 
-	return isLocalAddr(inet_addr(addr));
5345 
-}
5346 
-
5347 
-/*
5348 
- * David Champion <dgc@uchicago.edu>
5349 
- *
5350 
- * Check whether addr is on network by applying netmasks.
5351 
- * addr must be a 32-bit integer-packed IPv4 address in network order.
5352 
- * For example:
5353 
- *	struct in_addr IPAddress;
5354 
- *	isLocal = isLocalAddr(IPAddress.s_addr);
5355 
- */
5356 
-static int
5357 
-isLocalAddr(in_addr_t addr)
5358 
-{
5359 
-	const struct cidr_net *net;
5360 
-
5361 
-	for(net = localNets; net->base; net++)
5362 
-		if((net->base & net->mask) == (ntohl(addr) & net->mask))
5363 
-			return 1;
5364 
-
5365 
-	return 0;	/* is non-local */
5366 
-}
5367 
-
5368 
-/*
5369 
- * Can't connect to any clamd server. This is serious, we need to inform
5370 
- * someone. In the absence of SNMP the best way is by e-mail. We
5371 
- * don't want to flood so there's a need to restrict to
5372 
- * no more than say one message every 15 minutes
5373 
- */
5374 
-static void
5375 
-clamdIsDown(void)
5376 
-{
5377 
-	static time_t lasttime;
5378 
-	time_t thistime, diff;
5379 
-	static pthread_mutex_t time_mutex = PTHREAD_MUTEX_INITIALIZER;
5380 
-
5381 
-	logg(_("!No response from any clamd server - your AV system is not scanning emails\n"));
5382 
-
5383 
-	time(&thistime);
5384 
-	pthread_mutex_lock(&time_mutex);
5385 
-	diff = thistime - lasttime;
5386 
-	pthread_mutex_unlock(&time_mutex);
5387 
-
5388 
-	if(diff >= (time_t)(15 * 60)) {
5389 
-		char cmd[128];
5390 
-		FILE *sendmail;
5391 
-
5392 
-		snprintf(cmd, sizeof(cmd) - 1, "%s -t -i", SENDMAIL_BIN);
5393 
-
5394 
-		sendmail = popen(cmd, "w");
5395 
-
5396 
-		if(sendmail) {
5397 
-			fprintf(sendmail, "To: %s\n", postmaster);
5398 
-			fprintf(sendmail, "From: %s\n", postmaster);
5399 
-			fputs(_("Subject: ClamAV Down\n"), sendmail);
5400 
-			fputs("Priority: High\n\n", sendmail);
5401 
-
5402 
-			fputs(_("This is an automatic message\n\n"), sendmail);
5403 
-
5404 
-			if(numServers == 1)
5405 
-				fputs(_("The clamd program cannot be contacted.\n"), sendmail);
5406 
-			else
5407 
-				fputs(_("No clamd server can be contacted.\n"), sendmail);
5408 
-
5409 
-			fputs(_("Emails may not be being scanned, please check your servers.\n"), sendmail);
5410 
-
5411 
-			if(pclose(sendmail) == 0) {
5412 
-				pthread_mutex_lock(&time_mutex);
5413 
-				time(&lasttime);
5414 
-				pthread_mutex_unlock(&time_mutex);
5415 
-			}
5416 
-		}
5417 
-	}
5418 
-}
5419 
-
5420 
-#ifdef	SESSION
5421 
-/*
5422 
- * Thread to monitor the links to clamd sessions. Any marked as being in
5423 
- * an error state because of previous I/O errors are restarted, and a heartbeat
5424 
- * is sent the others
5425 
- *
5426 
- * It is woken up when the milter goes idle, when there are no free servers
5427 
- * available and once every readTimeout-1 seconds
5428 
- *
5429 
- * TODO: reload the whiteList file if it's been changed
5430 
- *
5431 
- * TODO: localSocket support
5432 
- */
5433 
-static void *
5434 
-watchdog(void *a)
5435 
-{
5436 
-	static pthread_mutex_t watchdog_mutex = PTHREAD_MUTEX_INITIALIZER;
5437 
-
5438 
-	while(!quitting) {
5439 
-		unsigned int i;
5440 
-		struct timespec ts;
5441 
-		struct timeval tp;
5442 
-		struct session *session;
5443 
-
5444 
-		gettimeofday(&tp, NULL);
5445 
-
5446 
-		ts.tv_sec = tp.tv_sec + freshclam_monitor;
5447 
-		ts.tv_nsec = tp.tv_usec * 1000;
5448 
-		logg("#watchdog sleeps\n");
5449 
-		pthread_mutex_lock(&watchdog_mutex);
5450 
-		/*
5451 
-		 * Sometimes this returns EPIPE which isn't listed as a
5452 
-		 * return value in the Linux man page for pthread_cond_timedwait
5453 
-		 * so I'm not sure why it happens
5454 
-		 */
5455 
-		switch(pthread_cond_timedwait(&watchdog_cond, &watchdog_mutex, &ts)) {
5456 
-			case ETIMEDOUT:
5457 
-			case 0:
5458 
-				break;
5459 
-			default:
5460 
-				perror("pthread_cond_timedwait");
5461 
-		}
5462 
-		pthread_mutex_unlock(&watchdog_mutex);
5463 
-
5464 
-		logg("#watchdog wakes\n");
5465 
-
5466 
-		if(check_and_reload_database() != 0) {
5467 
-			if(cl_error != SMFIS_ACCEPT) {
5468 
-				smfi_stop();
5469 
-				return NULL;
5470 
-			}
5471 
-			logg(_("!No emails will be scanned"));
5472 
-		}
5473 
-
5474 
-		i = 0;
5475 
-		session = sessions;
5476 
-		pthread_mutex_lock(&sstatus_mutex);
5477 
-		for(; i < max_children; i++, session++) {
5478 
-			const int sock = session->sock;
5479 
-
5480 
-			/*
5481 
-			 * Check all free sessions are still usable
5482 
-			 * This could take some time with many free
5483 
-			 * sessions to slow remote servers, so only do this
5484 
-			 * when the system is quiet (not 100% accurate when
5485 
-			 * determining this since n_children isn't locked but
5486 
-			 * that doesn't really matter)
5487 
-			 */
5488 
-			logg("#watchdog: check server %d\n", i);
5489 
-			if((n_children == 0) &&
5490 
-			   (session->status == CMDSOCKET_FREE) &&
5491 
-			   (clamav_versions != NULL)) {
5492 
-				if(send(sock, "VERSION\n", 8, 0) == 8) {
5493 
-					char buf[81];
5494 
-					const int nbytes = clamd_recv(sock, buf, sizeof(buf) - 1);
5495 
-
5496 
-					if(nbytes <= 0)
5497 
-						session->status = CMDSOCKET_DOWN;
5498 
-					else {
5499 
-						buf[nbytes] = '\0';
5500 
-						if(strncmp(buf, "ClamAV ", 7) == 0) {
5501 
-							/* Remove the trailing new line from the reply */
5502 
-							char *ptr;
5503 
-
5504 
-							if((ptr = strchr(buf, '\n')) != NULL)
5505 
-								*ptr = '\0';
5506 
-							pthread_mutex_lock(&version_mutex);
5507 
-							if(clamav_versions[i] == NULL)
5508 
-								clamav_versions[i] = cli_strdup(buf);
5509 
-							else if(strcmp(buf, clamav_versions[i]) != 0) {
5510 
-								logg("New version received for server %d: '%s'\n", i, buf);
5511 
-								free(clamav_versions[i]);
5512 
-								clamav_versions[i] = cli_strdup(buf);
5513 
-							}
5514 
-							pthread_mutex_unlock(&version_mutex);
5515 
-						} else {
5516 
-							logg("^watchdog: expected \"ClamAV\", got \"%s\"\n", buf);
5517 
-							session->status = CMDSOCKET_DOWN;
5518 
-						}
5519 
-					}
5520 
-				} else {
5521 
-					perror("send");
5522 
-					session->status = CMDSOCKET_DOWN;
5523 
-				}
5524 
-
5525 
-				if(session->status == CMDSOCKET_DOWN)
5526 
-					logg("^Session %d has gone down\n", i);
5527 
-			}
5528 
-			/*
5529 
-			 * Reset all all dead sessions
5530 
-			 */
5531 
-			if(session->status == CMDSOCKET_DOWN) {
5532 
-				/*
5533 
-				 * The END command probably won't get through,
5534 
-				 * but let's give it a go anyway
5535 
-				 */
5536 
-				if(sock >= 0) {
5537 
-					send(sock, "END\n", 4, 0);
5538 
-					close(sock);
5539 
-				}
5540 
-
5541 
-				logg("#Trying to restart session %d\n", i);
5542 
-				if(createSession(i) == 0) {
5543 
-					session->status = CMDSOCKET_FREE;
5544 
-					logg("^Session %d restarted OK\n", i);
5545 
-				}
5546 
-			}
5547 
-		}
5548 
-		for(i = 0; i < max_children; i++)
5549 
-			if(sessions[i].status != CMDSOCKET_DOWN)
5550 
-				break;
5551 
-
5552 
-		if(i == max_children)
5553 
-			clamdIsDown();
5554 
-		pthread_mutex_unlock(&sstatus_mutex);
5555 
-
5556 
-		/* Garbage collect IP addresses no longer blacklisted */
5557 
-		if(blacklist) {
5558 
-			pthread_mutex_lock(&blacklist_mutex);
5559 
-			tableIterate(blacklist, timeoutBlacklist, NULL);
5560 
-			pthread_mutex_unlock(&blacklist_mutex);
5561 
-		}
5562 
-	}
5563 
-	logg("#watchdog quits\n");
5564 
-	return NULL;
5565 
-}
5566 
-#else	/*!SESSION*/
5567 
-/*
5568 
- * Reload the database from time to time, when using the internal scanner
5569 
- *
5570 
- * TODO: reload the whiteList file if it's been changed
5571 
- */
5572 
-/*ARGSUSED*/
5573 
-static void *
5574 
-watchdog(void *a)
5575 
-{
5576 
-	static pthread_mutex_t watchdog_mutex = PTHREAD_MUTEX_INITIALIZER;
5577 
-
5578 
-	if((!blacklist_time) && external)
5579 
-		return NULL;	/* no need for this thread */
5580 
-
5581 
-	while(!quitting) {
5582 
-		struct timespec ts;
5583 
-		struct timeval tp;
5584 
-
5585 
-		gettimeofday(&tp, NULL);
5586 
-
5587 
-		ts.tv_sec = tp.tv_sec + freshclam_monitor;
5588 
-		ts.tv_nsec = tp.tv_usec * 1000;
5589 
-		logg("#watchdog sleeps\n");
5590 
-
5591 
-		pthread_mutex_lock(&watchdog_mutex);
5592 
-		/*
5593 
-		 * Sometimes this returns EPIPE which isn't listed as a
5594 
-		 * return value in the Linux man page for pthread_cond_timedwait
5595 
-		 * so I'm not sure why it happens
5596 
-		 */
5597 
-		switch(pthread_cond_timedwait(&watchdog_cond, &watchdog_mutex, &ts)) {
5598 
-			case ETIMEDOUT:
5599 
-			case 0:
5600 
-				break;
5601 
-			default:
5602 
-				perror("pthread_cond_timedwait");
5603 
-		}
5604 
-		pthread_mutex_unlock(&watchdog_mutex);
5605 
-		logg("#watchdog wakes\n");
5606 
-
5607 
-		/*
5608 
-		 * TODO: sanity check that if n_children == 0, that
5609 
-		 * root->refcount == 0. Unfortunatly root->refcount isn't
5610 
-		 * thread-safe, since it's governed by a mutex that we can't
5611 
-		 * see, and there's no access to it via an approved method
5612 
-		 */
5613 
-		if(check_and_reload_database() != 0) {
5614 
-			if(cl_error != SMFIS_ACCEPT) {
5615 
-				smfi_stop();
5616 
-				return NULL;
5617 
-			}
5618 
-			logg(_("!No emails will be scanned"));
5619 
-		}
5620 
-		/* Garbage collect IP addresses no longer blacklisted */
5621 
-		if(blacklist) {
5622 
-			pthread_mutex_lock(&blacklist_mutex);
5623 
-			tableIterate(blacklist, timeoutBlacklist, NULL);
5624 
-			pthread_mutex_unlock(&blacklist_mutex);
5625 
-		}
5626 
-	}
5627 
-	logg("#watchdog quits\n");
5628 
-	return NULL;
5629 
-}
5630 
-#endif
5631 
-
5632 
-/*
5633 
- * Check to see if the database needs to be reloaded
5634 
- *	Return 0 for success
5635 
- */
5636 
-static int
5637 
-check_and_reload_database(void)
5638 
-{
5639 
-	int rc;
5640 
-
5641 
-	if(external)
5642 
-		return 0;
5643 
-
5644 
-	if(reload) {
5645 
-		rc = 1;
5646 
-		reload = 0;
5647 
-	} else
5648 
-		rc = cl_statchkdir(&dbstat);
5649 
-
5650 
-	switch(rc) {
5651 
-		case 1:
5652 
-			logg("^Database has changed, loading updated database\n");
5653 
-			cl_statfree(&dbstat);
5654 
-			rc = loadDatabase();
5655 
-			if(rc != 0) {
5656 
-				logg("!Failed to load updated database\n");
5657 
-				return rc;
5658 
-			}
5659 
-			break;
5660 
-		case 0:
5661 
-			logg("*Database has not changed\n");
5662 
-			break;
5663 
-		default:
5664 
-			logg("Database error %d - %s is stopping\n",
5665 
-				rc, progname);
5666 
-			return 1;
5667 
-	}
5668 
-	return 0;	/* all OK */
5669 
-}
5670 
-
5671 
-static void
5672 
-timeoutBlacklist(char *ip_address, int time_of_blacklist, void *v)
5673 
-{
5674 
-	if(time_of_blacklist == 0)	/* Must not blacklist this IP address */
5675 
-		return;
5676 
-	if((time((time_t *)0) - time_of_blacklist) > blacklist_time)
5677 
-		tableRemove(blacklist, ip_address);
5678 
-}
5679 
-
5680 
-static void
5681 
-quit(void)
5682 
-{
5683 
-	quitting++;
5684 
-
5685 
-#ifdef	SESSION
5686 
-	pthread_mutex_lock(&version_mutex);
5687 
-#endif
5688 
-	logg(_("Stopping %s\n"), clamav_version);
5689 
-#ifdef	SESSION
5690 
-	pthread_mutex_unlock(&version_mutex);
5691 
-#endif
5692 
-
5693 
-	if(!external) {
5694 
-		pthread_mutex_lock(&engine_mutex);
5695 
-		if(engine)
5696 
-			cl_engine_free(engine);
5697 
-		pthread_mutex_unlock(&engine_mutex);
5698 
-	} else {
5699 
-#ifdef	SESSION
5700 
-		int i = 0;
5701 
-		struct session *session = sessions;
5702 
-
5703 
-		pthread_mutex_lock(&sstatus_mutex);
5704 
-		for(; i < ((localSocket != NULL) ? 1 : (int)max_children); i++) {
5705 
-			/*
5706 
-			 * Check all free sessions are still usable
5707 
-			 * This could take some time with many free
5708 
-			 * sessions to slow remote servers, so only do this
5709 
-			 * when the system is quiet (not 100% accurate when
5710 
-			 * determining this since n_children isn't locked but
5711 
-			 * that doesn't really matter)
5712 
-			 */
5713 
-			logg("#quit: close server %d\n", i);
5714 
-			if(session->status == CMDSOCKET_FREE) {
5715 
-				const int sock = session->sock;
5716 
-
5717 
-				send(sock, "END\n", 4, 0);
5718 
-				shutdown(sock, SHUT_WR);
5719 
-				session->status = CMDSOCKET_DOWN;
5720 
-				pthread_mutex_unlock(&sstatus_mutex);
5721 
-				close(sock);
5722 
-				pthread_mutex_lock(&sstatus_mutex);
5723 
-			}
5724 
-			session++;
5725 
-		}
5726 
-		pthread_mutex_unlock(&sstatus_mutex);
5727 
-#endif
5728 
-	}
5729 
-
5730 
-	if(tmpdir)
5731 
-		if(rmdir(tmpdir) < 0)
5732 
-			perror(tmpdir);
5733 
-
5734 
-	broadcast(_("Stopping clamav-milter"));
5735 
-
5736 
-	if(pidfile)
5737 
-		if(unlink(pidfile) < 0)
5738 
-			perror(pidfile);
5739 
-
5740 
-	logg_close();
5741 
-}
5742 
-
5743 
-static void
5744 
-broadcast(const char *mess)
5745 
-{
5746 
-	struct sockaddr_in s;
5747 
-
5748 
-	if(broadcastSock < 0)
5749 
-		return;
5750 
-
5751 
-	memset(&s, '\0', sizeof(struct sockaddr_in));
5752 
-	s.sin_family = AF_INET;
5753 
-	s.sin_port = (in_port_t)htons(tcpSocket ? tcpSocket : 3310);
5754 
-	s.sin_addr.s_addr = htonl(INADDR_BROADCAST);
5755 
-
5756 
-	logg("#broadcast %s to %d\n", mess, broadcastSock);
5757 
-	if(sendto(broadcastSock, mess, strlen(mess), 0, (struct sockaddr *)&s, sizeof(struct sockaddr_in)) < 0)
5758 
-		perror("sendto");
5759 
-}
5760 
-
5761 
-/*
5762 
- * Load a new database into the internal scanner
5763 
- */
5764 
-static int
5765 
-loadDatabase(void)
5766 
-{
5767 
-	int ret;
5768 
-	unsigned int signatures, dboptions;
5769 
-	char *daily;
5770 
-	struct cl_cvd *d;
5771 
-	const struct cfgstruct *cpt;
5772 
-	static const char *dbdir;
5773 
-
5774 
-	assert(!external);
5775 
-
5776 
-	if(dbdir == NULL) {
5777 
-		/*
5778 
-		 * First time through, find out in which directory the signature
5779 
-		 * databases are
5780 
-		 */
5781 
-		if((cpt = cfgopt(copt, "DatabaseDirectory")) && cpt->enabled)
5782 
-			dbdir = cpt->strarg;
5783 
-		else
5784 
-			dbdir = cl_retdbdir();
5785 
-	}
5786 
-
5787 
-	daily = cli_malloc(strlen(dbdir) + 11);
5788 
-	sprintf(daily, "%s/daily.cvd", dbdir);
5789 
-	if(access(daily, R_OK) < 0)
5790 
-		sprintf(daily, "%s/daily.cld", dbdir);
5791 
-
5792 
-
5793 
-	logg("#loadDatabase: check %s for updates\n", daily);
5794 
-
5795 
-	d = cl_cvdhead(daily);
5796 
-
5797 
-	if(d) {
5798 
-		char *ptr;
5799 
-		time_t t = d->stime;
5800 
-		char buf[26];
5801 
-
5802 
-		snprintf(clamav_version, VERSION_LENGTH,
5803 
-			"ClamAV %s/%u/%s", get_version(), d->version,
5804 
-			cli_ctime(&t, buf, sizeof(buf)));
5805 
-
5806 
-		/* Remove ctime's trailing \n */
5807 
-		if((ptr = strchr(clamav_version, '\n')) != NULL)
5808 
-			*ptr = '\0';
5809 
-
5810 
-		cl_cvdfree(d);
5811 
-	} else
5812 
-		snprintf(clamav_version, VERSION_LENGTH,
5813 
-			"ClamAV version %s, clamav-milter version %s",
5814 
-			cl_retver(), get_version());
5815 
-
5816 
-	free(daily);
5817 
-
5818 
-#ifdef	SESSION
5819 
-	pthread_mutex_lock(&version_mutex);
5820 
-	if(clamav_versions == NULL) {
5821 
-		clamav_versions = (char **)cli_malloc(sizeof(char *));
5822 
-		if(clamav_versions == NULL) {
5823 
-			pthread_mutex_unlock(&version_mutex);
5824 
-			return -1;
5825 
-		}
5826 
-		clamav_version = cli_malloc(VERSION_LENGTH + 1);
5827 
-		if(clamav_version == NULL) {
5828 
-			free(clamav_versions);
5829 
-			clamav_versions = NULL;
5830 
-			pthread_mutex_unlock(&version_mutex);
5831 
-			return -1;
5832 
-		}
5833 
-	}
5834 
-	pthread_mutex_unlock(&version_mutex);
5835 
-#endif
5836 
-	signatures = 0;
5837 
-	pthread_mutex_lock(&engine_mutex);
5838 
-	if(engine) cl_engine_free(engine);
5839 
-	engine = cl_engine_new();
5840 
-	if (!engine) {
5841 
-		logg("!Can't initialize antivirus engine\n");
5842 
-		pthread_mutex_unlock(&engine_mutex);
5843 
-		return -1;
5844 
-	}
5845 
-	if(!cfgopt(copt, "PhishingSignatures")->enabled) {
5846 
-		logg("Not loading phishing signatures.\n");
5847 
-		dboptions = 0;
5848 
-	} else
5849 
-		dboptions = CL_DB_PHISHING;
5850 
-	if((ret = cl_engine_set(engine, CL_ENGINE_MAX_SCANSIZE, &maxscansize))) {
5851 
-		logg("!cli_engine_set(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
5852 
-		cl_engine_free(engine);
5853 
-		pthread_mutex_unlock(&engine_mutex);
5854 
-		return -1;
5855 
-	}
5856 
-	if((ret = cl_engine_set(engine, CL_ENGINE_MAX_FILESIZE, &maxfilesize))) {
5857 
-		logg("!cli_engine_set(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
5858 
-		cl_engine_free(engine);
5859 
-		pthread_mutex_unlock(&engine_mutex);
5860 
-		return -1;
5861 
-	}
5862 
-	ret = cl_load(dbdir, engine, &signatures, dboptions);
5863 
-	if(ret != CL_SUCCESS) {
5864 
-		logg("!%s\n", cl_strerror(ret));
5865 
-		cl_engine_free(engine);
5866 
-		pthread_mutex_unlock(&engine_mutex);
5867 
-		return -1;
5868 
-	}
5869 
-	ret = cl_engine_compile(engine);
5870 
-	if(ret != CL_SUCCESS) {
5871 
-		logg("!Database initialization error: %s\n", cl_strerror(ret));
5872 
-		cl_engine_free(engine);
5873 
-		pthread_mutex_unlock(&engine_mutex);
5874 
-		return -1;
5875 
-	}
5876 
-	pthread_mutex_unlock(&engine_mutex);
5877 
-#ifdef	SESSION
5878 
-	pthread_mutex_lock(&version_mutex);
5879 
-#endif
5880 
-	logg( _("Loaded %s\n"), clamav_version);
5881 
-#ifdef	SESSION
5882 
-	pthread_mutex_unlock(&version_mutex);
5883 
-#endif
5884 
-	logg(_("ClamAV: Protecting against %u viruses\n"), signatures);
5885 
-	logg("#Database correctly (re)loaded (%u viruses)\n");
5886 
-	return cl_statinidir(dbdir, &dbstat);
5887 
-}
5888 
-
5889 
-static void
5890 
-sigsegv(int sig)
5891 
-{
5892 
-	signal(SIGSEGV, SIG_DFL);
5893 
-
5894 
-#ifdef HAVE_BACKTRACE
5895 
-	print_trace();
5896 
-#endif
5897 
-
5898 
-	logg("!Segmentation fault :-( Bye.., notify bugs@clamav.net\n");
5899 
-
5900 
-	quitting++;
5901 
-	smfi_stop();
5902 
-}
5903 
-
5904 
-extern FILE *logg_fd;
5905 
-static void
5906 
-sigusr1(int sig)
5907 
-{
5908 
-
5909 
-	signal(SIGUSR1, sigusr1);
5910 
-
5911 
-	if(!(cfgopt(copt, "LogFile"))->enabled)
5912 
-		return;
5913 
-
5914 
-	logg("SIGUSR1 caught: re-opening log file\n");
5915 
-	logg_close();
5916 
-	logg("*Log file re-opened\n");
5917 
-	dup2(fileno(logg_fd), 2);
5918 
-}
5919 
-
5920 
-static void
5921 
-sigusr2(int sig)
5922 
-{
5923 
-	signal(SIGUSR2, sigusr2);
5924 
-
5925 
-	logg("^SIGUSR2 caught: scheduling database reload\n");
5926 
-	reload++;
5927 
-}
5928 
-
5929 
-#ifdef HAVE_BACKTRACE
5930 
-static void
5931 
-print_trace(void)
5932 
-{
5933 
-	void *array[BACKTRACE_SIZE];
5934 
-	size_t size, i;
5935 
-	char **strings;
5936 
-	pid_t pid = getpid();
5937 
-
5938 
-	size = backtrace(array, BACKTRACE_SIZE);
5939 
-	strings = backtrace_symbols(array, size);
5940 
-
5941 
-	logg("*Backtrace of pid %d:\n", pid);
5942 
-
5943 
-	for(i = 0; i < size; i++)
5944 
-		logg("bt[%u]: %s", i, strings[i]);
5945 
-
5946 
-	/* TODO: dump the current email */
5947 
-
5948 
-	free(strings);
5949 
-}
5950 
-#endif
5951 
-
5952 
-/*
5953 
- * Check that the correct port name has been given, i.e. that the
5954 
- * input socket to clamav-milter from sendmail, is the same that
5955 
- * sendmail has been configured to use as it's output socket
5956 
- * Return:	<0 invalid
5957 
- *		=0 valid
5958 
- *		>0 unknown
5959 
- *
5960 
- * You wouldn't believe the amount of time I used to waste chasing bug reports
5961 
- *	from people who's sendmail.cf didn't tally with the arguments given to
5962 
- *	clamav-milter before I put this check in, which is why bug 726 must
5963 
- *	never be acted upon.
5964 
- *
5965 
- * FIXME: return different codes for "the value is wrong" and "sendmail.cf"
5966 
- *	hasn't been set up, though that's not so easy to work out.
5967 
- */
5968 
-static int
5969 
-verifyIncomingSocketName(const char *sockName)
5970 
-{
5971 
-#if HAVE_MMAP
5972 
-	int fd, ret;
5973 
-	char *ptr;
5974 
-	size_t size;
5975 
-	struct stat statb;
5976 
-
5977 
-	if(strncmp(sockName, "inet:", 5) == 0)
5978 
-		/*
5979 
-		 * clamav-milter is running on a different machine from sendmail
5980 
-		 */
5981 
-		return 1;
5982 
-
5983 
-	if(sendmailCF)
5984 
-		fd = open(sendmailCF, O_RDONLY);
5985 
-	else {
5986 
-		fd = open("/etc/mail/sendmail.cf", O_RDONLY);
5987 
-		if(fd < 0)
5988 
-			fd = open("/etc/sendmail.cf", O_RDONLY);
5989 
-	}
5990 
-
5991 
-	if(fd < 0)
5992 
-		return 1;
5993 
-
5994 
-	if(fstat(fd, &statb) < 0) {
5995 
-		close(fd);
5996 
-		return 1;
5997 
-	}
5998 
-
5999 
-	size = statb.st_size;
6000 
-
6001 
-	if(size == 0) {
6002 
-		close(fd);
6003 
-		return -1;
6004 
-	}
6005 
-
6006 
-	ptr = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
6007 
-	if(ptr == MAP_FAILED) {
6008 
-		perror("mmap");
6009 
-		close(fd);
6010 
-		return -1;
6011 
-	}
6012 
-
6013 
-	ret = (cli_memstr(ptr, size, sockName, strlen(sockName)) != NULL) ? 1 : -1;
6014 
-
6015 
-	munmap(ptr, size);
6016 
-	close(fd);
6017 
-
6018 
-	return ret;
6019 
-#else	/*!HAVE_MMAP*/
6020 
-	return 1;
6021 
-#endif
6022 
-}
6023 
-
6024 
-/*
6025 
- * If the given email address is whitelisted don't scan emails to them,
6026 
- *	the addresses are in angle brackets e.g. <foo@bar.com>.
6027 
- *
6028 
- * TODO: Allow regular expressions in the addresses
6029 
- * TODO: Syntax check the contents of the files
6030 
- * TODO: Allow emails of the form "name <address>"
6031 
- * TODO: Allow emails not of the form "<address>", i.e. no angle brackets
6032 
- * TODO: Assume that if a '@' is missing from the address, that all emails
6033 
- *	to that domain are to be whitelisted
6034 
- */
6035 
-static int
6036 
-isWhitelisted(const char *emailaddress, int to)
6037 
-{
6038 
-	static table_t *to_whitelist, *from_whitelist;	/* never freed */
6039 
-	table_t *table;
6040 
-
6041 
-	logg("*isWhitelisted %s\n", emailaddress);
6042 
-
6043 
-	/*
6044 
-	 * Don't scan messages to the quarantine email address
6045 
-	 */
6046 
-	if(quarantine && (strcasecmp(quarantine, emailaddress) == 0))
6047 
-		return 1;
6048 
-
6049 
-	if((to_whitelist == NULL) && whitelistFile) {
6050 
-		FILE *fin;
6051 
-		char buf[BUFSIZ + 1];
6052 
-
6053 
-		fin = fopen(whitelistFile, "r");
6054 
-
6055 
-		if(fin == NULL) {
6056 
-			perror(whitelistFile);
6057 
-			logg(_("!Can't open whitelist file %s"), whitelistFile);
6058 
-			return 0;
6059 
-		}
6060 
-		to_whitelist = tableCreate();
6061 
-		from_whitelist = tableCreate();
6062 
-
6063 
-		if((to_whitelist == NULL) || (from_whitelist == NULL)) {
6064 
-			logg(_("!Can't create whitelist table"));
6065 
-			if(to_whitelist) {
6066 
-				tableDestroy(to_whitelist);
6067 
-				to_whitelist = NULL;
6068 
-			} else {
6069 
-				tableDestroy(from_whitelist);
6070 
-				from_whitelist = NULL;
6071 
-			}
6072 
-			fclose(fin);
6073 
-			return 0;
6074 
-		}
6075 
-
6076 
-		while(fgets(buf, sizeof(buf), fin) != NULL) {
6077 
-			const char *ptr;
6078 
-
6079 
-			/* comment line? */
6080 
-			switch(buf[0]) {
6081 
-				case '#':
6082 
-				case '/':
6083 
-				case ':':
6084 
-					continue;
6085 
-			}
6086 
-			if(cli_chomp(buf) > 0) {
6087 
-				if((ptr = strchr(buf, ':')) != NULL) {
6088 
-					do
6089 
-						ptr++;
6090 
-					while(*ptr && isspace(*ptr));
6091 
-
6092 
-					if(*ptr == '\0') {
6093 
-						logg("*Ignoring bad line '%s'\n",
6094 
-							buf);
6095 
-						continue;
6096 
-					}
6097 
-				} else
6098 
-					ptr = buf;
6099 
-
6100 
-				if(strncasecmp(buf, "From:", 5) == 0)
6101 
-					table = from_whitelist;
6102 
-				else
6103 
-					table = to_whitelist;
6104 
-
6105 
-				(void)tableInsert(table, ptr, 1);
6106 
-			}
6107 
-		}
6108 
-		fclose(fin);
6109 
-	}
6110 
-	table = (to) ? to_whitelist : from_whitelist;
6111 
-
6112 
-	if(table && (tableFind(table, emailaddress) == 1))
6113 
-		/*
6114 
-		 * This recipient is on the whitelist
6115 
-		 */
6116 
-		return 1;
6117 
-
6118 
-	return 0;
6119 
-}
6120 
-
6121 
-/*
6122 
- * Blacklist IP addresses that send malware. Often in the phishing world, one
6123 
- * phish is quickly followed by another. IP addresses are blacklisted for one
6124 
- * minute. We can't blacklist for longer since DHCP means we could hit innocent
6125 
- * parties, and in theory malware could go through a smart host and affect
6126 
- * innocent parties
6127 
- *
6128 
- * Note that sites which can't be blacklisted will have their timestamp set
6129 
- * to 0, since that can never be less than blacklist_time seconds from now
6130 
- */
6131 
-static int
6132 
-isBlacklisted(const char *ip_address)
6133 
-{
6134 
-	time_t t;
6135 
-
6136 
-	if(blacklist_time == 0)
6137 
-		/* Blacklisting not being used */
6138 
-		return 0;
6139 
-
6140 
-	logg("*isBlacklisted %s\n", ip_address);
6141 
-
6142 
-	if(isLocal(ip_address))
6143 
-		return 0;
6144 
-
6145 
-	pthread_mutex_lock(&blacklist_mutex);
6146 
-	if(blacklist == NULL) {
6147 
-		blacklist = tableCreate();
6148 
-
6149 
-		pthread_mutex_unlock(&blacklist_mutex);
6150 
-
6151 
-		if(blacklist == NULL)
6152 
-			logg(_("!Can't create blacklist table"));
6153 
-		return 0;
6154 
-	}
6155 
-	t = tableFind(blacklist, ip_address);
6156 
-	pthread_mutex_unlock(&blacklist_mutex);
6157 
-
6158 
-	if(t == (time_t)-1)
6159 
-		/* IP address is not blacklisted */
6160 
-		return 0;
6161 
-
6162 
-	if(t == (time_t)0)
6163 
-		/* IP cannot be blacklisted */
6164 
-		return 0;
6165 
-
6166 
-	if((time((time_t *)0) - t) <= blacklist_time)
6167 
-		return 1;
6168 
-
6169 
-	/* timedout: remove the IP from the blacklist */
6170 
-	pthread_mutex_lock(&blacklist_mutex);
6171 
-	tableRemove(blacklist, ip_address);
6172 
-	pthread_mutex_unlock(&blacklist_mutex);
6173 
-
6174 
-	return 0;
6175 
-}
6176 
-
6177 
-#ifdef	HAVE_RESOLV_H
6178 
-/*
6179 
- * Determine our MX peers, they must never be blacklisted
6180 
- * See RFC1034 for the definition of the record formats
6181 
- *
6182 
- * This is only ever called once, which is wrong, but the overheard of calling
6183 
- * this from the watchdog isn't worth it
6184 
- */
6185 
-static table_t *
6186 
-mx(const char *host, table_t *t)
6187 
-{
6188 
-	u_char *p, *end;
6189 
-	const HEADER *hp;
6190 
-	int len, i;
6191 
-	union {
6192 
-		HEADER h;
6193 
-		u_char u[PACKETSZ];
6194 
-	} q;
6195 
-	char buf[BUFSIZ];
6196 
-
6197 
-	if(t == NULL) {
6198 
-		t = tableCreate();
6199 
-
6200 
-		if(t == NULL)
6201 
-			return NULL;
6202 
-	}
6203 
-
6204 
-	len = safe_res_query(host, C_IN, T_MX, (u_char *)&q, sizeof(q));
6205 
-	if(len < 0)
6206 
-		return t;	/* Host has no MX records */
6207 
-
6208 
-	if((unsigned int)len > sizeof(q))
6209 
-		return t;
6210 
-
6211 
-	hp = &(q.h);
6212 
-	p = q.u + HFIXEDSZ;
6213 
-	end = q.u + len;
6214 
-
6215 
-	for(i = ntohs(hp->qdcount); i--; p += len + QFIXEDSZ)
6216 
-		if((len = dn_skipname(p, end)) < 0)
6217 
-			return t;
6218 
-
6219 
-	i = ntohs(hp->ancount);
6220 
-
6221 
-	while((--i >= 0) && (p < end)) {
6222 
-		in_addr_t addr;
6223 
-		u_short type, pref;
6224 
-		u_long ttl;	/* unused */
6225 
-
6226 
-		if((len = dn_expand(q.u, end, p, buf, sizeof(buf) - 1)) < 0)
6227 
-			break;
6228 
-		p += len;
6229 
-		GETSHORT(type, p);
6230 
-		p += INT16SZ;
6231 
-		GETLONG(ttl, p);
6232 
-		GETSHORT(len, p);
6233 
-		if(type != T_MX) {
6234 
-			p += len;
6235 
-			continue;
6236 
-		}
6237 
-		GETSHORT(pref, p);
6238 
-		if((len = dn_expand(q.u, end, p, buf, sizeof(buf) - 1)) < 0)
6239 
-			break;
6240 
-		p += len;
6241 
-		addr = inet_addr(buf);
6242 
-#ifdef	INADDR_NONE
6243 
-		if(addr != INADDR_NONE) {
6244 
-#else
6245 
-		if(addr != (in_addr_t)-1) {
6246 
-#endif
6247 
-			(void)tableInsert(t, buf, 0);
6248 
-		} else
6249 
-			t = resolve(buf, t);
6250 
-	}
6251 
-	return t;
6252 
-}
6253 
-
6254 
-/*
6255 
- * If the MX record points to a name, we need to resolve that name. This routine
6256 
- * does that
6257 
- */
6258 
-static table_t *
6259 
-resolve(const char *host, table_t *t)
6260 
-{
6261 
-	u_char *p, *end;
6262 
-	const HEADER *hp;
6263 
-	int len, i;
6264 
-	union {
6265 
-		HEADER h;
6266 
-		u_char u[PACKETSZ];
6267 
-	} q;
6268 
-	char buf[BUFSIZ];
6269 
-
6270 
-	if((host == NULL) || (*host == '\0'))
6271 
-		return t;
6272 
-
6273 
-	len = safe_res_query(host, C_IN, T_A, (u_char *)&q, sizeof(q));
6274 
-	if(len < 0)
6275 
-		return t;	/* Host has no A records */
6276 
-
6277 
-	if((unsigned int)len > sizeof(q))
6278 
-		return t;
6279 
-
6280 
-	hp = &(q.h);
6281 
-	p = q.u + HFIXEDSZ;
6282 
-	end = q.u + len;
6283 
-
6284 
-	for(i = ntohs(hp->qdcount); i--; p += len + QFIXEDSZ)
6285 
-		if((len = dn_skipname(p, end)) < 0)
6286 
-			return t;
6287 
-
6288 
-	i = ntohs(hp->ancount);
6289 
-
6290 
-	while((--i >= 0) && (p < end)) {
6291 
-		u_short type;
6292 
-		u_long ttl;
6293 
-		const char *ip;
6294 
-		struct in_addr addr;
6295 
-
6296 
-		if((len = dn_expand(q.u, end, p, buf, sizeof(buf) - 1)) < 0)
6297 
-			return t;
6298 
-		p += len;
6299 
-		GETSHORT(type, p);
6300 
-		p += INT16SZ;
6301 
-		GETLONG(ttl, p);	/* unused */
6302 
-		GETSHORT(len, p);
6303 
-		if(type != T_A) {
6304 
-			p += len;
6305 
-			continue;
6306 
-		}
6307 
-		memcpy(&addr, p, sizeof(struct in_addr));
6308 
-		p += 4;	/* Should check len == 4 */
6309 
-		ip = inet_ntoa(addr);
6310 
-		if(ip) {
6311 
-			if(t == NULL) {
6312 
-				t = tableCreate();
6313 
-
6314 
-				if(t == NULL)
6315 
-					return NULL;
6316 
-			}
6317 
-			(void)tableInsert(t, ip, 0);
6318 
-		}
6319 
-	}
6320 
-	return t;
6321 
-}
6322 
-
6323 
-/*
6324 
- * Validate SPF records to help to stop Phish false positives
6325 
- * http://www.openspf.org/SPF_Record_Syntax
6326 
- *
6327 
- * Currently only handles ip4, a and mx fields in the DNS record
6328 
- * Having said that, this is NOT a replacement for spf-milter, it is NOT
6329 
- *	an SPF system, we ONLY use SPF records to reduce phish false positives
6330 
- * TODO: IPv6?
6331 
- * TODO: cache queries?
6332 
- *
6333 
- * INPUT: prevhosts, a list of hosts already searched: stops include loops
6334 
- *	e.g. mercado.com includes medrcadosw.com which includes mercado.com,
6335 
- *	causing a loop
6336 
- * Return 1 if SPF says this email is from a legitimate source
6337 
- *	0 for fail or unknown
6338 
- */
6339 
-static int
6340 
-spf(struct privdata *privdata, table_t *prevhosts)
6341 
-{
6342 
-	char *host, *ptr;
6343 
-	u_char *p, *end;
6344 
-	const HEADER *hp;
6345 
-	int len, i;
6346 
-	union {
6347 
-		HEADER h;
6348 
-		u_char u[PACKETSZ];
6349 
-	} q;
6350 
-	char buf[BUFSIZ];
6351 
-
6352 
-	if(privdata->spf_ok)
6353 
-		return 1;
6354 
-	if(privdata->ip[0] == '\0')
6355 
-		return 0;
6356 
-	if(strcmp(privdata->ip, "127.0.0.1") == 0) {
6357 
-		/* Loopback always pass SPF */
6358 
-		privdata->spf_ok = 1;
6359 
-		return 1;
6360 
-	}
6361 
-	if(isLocal(privdata->ip)) {
6362 
-		/* Local addresses always pass SPF */
6363 
-		privdata->spf_ok = 1;
6364 
-		return 1;
6365 
-	}
6366 
-
6367 
-	if(privdata->from == NULL)
6368 
-		return 0;
6369 
-	if((host = strrchr(privdata->from, '@')) == NULL)
6370 
-		return 0;
6371 
-
6372 
-	host = cli_strdup(++host);
6373 
-
6374 
-	if(host == NULL)
6375 
-		return 0;
6376 
-
6377 
-	ptr = strchr(host, '>');
6378 
-
6379 
-	if(ptr)
6380 
-		*ptr = '\0';
6381 
-
6382 
-	logg("*SPF query '%s'\n", host);
6383 
-	len = safe_res_query(host, C_IN, T_TXT, (u_char *)&q, sizeof(q));
6384 
-	if(len < 0) {
6385 
-		free(host);
6386 
-		return 0;	/* Host has no TXT records */
6387 
-	}
6388 
-
6389 
-	if((unsigned int)len > sizeof(q)) {
6390 
-		free(host);
6391 
-		return 0;
6392 
-	}
6393 
-
6394 
-	hp = &(q.h);
6395 
-	p = q.u + HFIXEDSZ;
6396 
-	end = q.u + len;
6397 
-
6398 
-	for(i = ntohs(hp->qdcount); i--; p += len + QFIXEDSZ)
6399 
-		if((len = dn_skipname(p, end)) < 0) {
6400 
-			free(host);
6401 
-			return 0;
6402 
-		}
6403 
-
6404 
-	i = ntohs(hp->ancount);
6405 
-
6406 
-	while((--i >= 0) && (p < end) && !privdata->spf_ok) {
6407 
-		u_short type;
6408 
-		u_long ttl;
6409 
-		char txt[BUFSIZ];
6410 
-
6411 
-		if((len = dn_expand(q.u, end, p, buf, sizeof(buf) - 1)) < 0) {
6412 
-			free(host);
6413 
-			return 0;
6414 
-		}
6415 
-		p += len;
6416 
-		GETSHORT(type, p);
6417 
-		p += INT16SZ;
6418 
-		GETLONG(ttl, p);	/* unused */
6419 
-		GETSHORT(len, p);
6420 
-		if(type != T_TXT) {
6421 
-			p += len;
6422 
-			continue;
6423 
-		}
6424 
-		strncpy(txt, (const char *)&p[1], sizeof(txt) - 1);
6425 
-		txt[sizeof(txt)-1]='\0';
6426 
-		txt[len - 1] = '\0';
6427 
-		if((strncmp(txt, "v=spf1 ", 7) == 0) || (strncmp(txt, "spf2.0/pra ", 11) == 0)) {
6428 
-			int j;
6429 
-			char *record;
6430 
-			struct in_addr remote_ip;	/* IP connecting to us */
6431 
-
6432 
-			logg("*%s(%s): SPF record %s\n",
6433 
-				host, privdata->ip, txt);
6434 
-#ifdef HAVE_INET_NTOP
6435 
-			/* IPv4 address ? */
6436 
-			if(inet_pton(AF_INET, privdata->ip, &remote_ip) <= 0) {
6437 
-				p += len;
6438 
-				continue;
6439 
-			}
6440 
-#else
6441 
-			if(inet_aton(privdata->ip, &remote_ip) == 0) {
6442 
-				p += len;
6443 
-				continue;
6444 
-			}
6445 
-#endif
6446 
-
6447 
-			j = 1;	/* strtok 0 would give the v= part */
6448 
-			while((record = cli_strtok(txt, j++, " ")) != NULL) {
6449 
-				if(strncmp(record, "ip4:", 4) == 0) {
6450 
-					int preflen;
6451 
-					char *ip, *pref;
6452 
-					uint32_t mask;
6453 
-					struct in_addr spf_range;	/* acceptable range of IPs */
6454 
-
6455 
-					ip = &record[4];
6456 
-
6457 
-					pref = strchr(ip, '/');
6458 
-					preflen = 32;
6459 
-					if(pref) {
6460 
-						*pref++ = '\0';
6461 
-						if(*pref)
6462 
-							preflen = atoi(pref);
6463 
-					}
6464 
-
6465 
-#ifdef HAVE_INET_NTOP
6466 
-					/* IPv4 address ? */
6467 
-					if(inet_pton(AF_INET, ip, &spf_range) <= 0) {
6468 
-						free(record);
6469 
-						continue;
6470 
-					}
6471 
-#else
6472 
-					if(inet_aton(ip, &spf_range) == 0) {
6473 
-						free(record);
6474 
-						continue;
6475 
-					}
6476 
-#endif
6477 
-					mask = MAKEMASK(preflen);
6478 
-					if((ntohl(remote_ip.s_addr) & mask) == (ntohl(spf_range.s_addr) & mask)) {
6479 
-						if(privdata->subject)
6480 
-							logg("#SPF ip4 pass (%s) %s is valid for %s\n",
6481 
-								privdata->subject, ip, host);
6482 
-						else
6483 
-							logg("#SPF ip4 pass %s is valid for %s\n", ip, host);
6484 
-						privdata->spf_ok = 1;
6485 
-					}
6486 
-				} else if(strcmp(record, "mx") == 0) {
6487 
-					table_t *t = mx(host, NULL);
6488 
-
6489 
-					if(t) {
6490 
-						tableIterate(t, spf_ip,
6491 
-							(void *)privdata);
6492 
-						tableDestroy(t);
6493 
-					}
6494 
-				} else if(strcmp(record, "a") == 0) {
6495 
-					table_t *t = resolve(host, NULL);
6496 
-
6497 
-					if(t) {
6498 
-						tableIterate(t, spf_ip,
6499 
-							(void *)privdata);
6500 
-						tableDestroy(t);
6501 
-					}
6502 
-				} else if(strncmp(record, "a:", 2) == 0) {
6503 
-					const char *ahost = &record[2];
6504 
-
6505 
-					if(*ahost && (strcmp(ahost, host) != 0)) {
6506 
-						table_t *t = resolve(ahost, NULL);
6507 
-
6508 
-						if(t) {
6509 
-							tableIterate(t, spf_ip,
6510 
-								(void *)privdata);
6511 
-							tableDestroy(t);
6512 
-						}
6513 
-					}
6514 
-				} else if(strncmp(record, "mx:", 3) == 0) {
6515 
-					const char *mxhost = &record[3];
6516 
-
6517 
-					if(*mxhost && (strcmp(mxhost, host) != 0)) {
6518 
-						table_t *t = mx(mxhost, NULL);
6519 
-
6520 
-						if(t) {
6521 
-							tableIterate(t, spf_ip,
6522 
-								(void *)privdata);
6523 
-							tableDestroy(t);
6524 
-						}
6525 
-					}
6526 
-				} else if(strncmp(record, "include:", 8) == 0) {
6527 
-					const char *inchost = &record[8];
6528 
-
6529 
-					/*
6530 
-					 * Ensure we haven't already looked at
6531 
-					 *	the host that's to be included
6532 
-					 */
6533 
-					if(*inchost &&
6534 
-					   (strcmp(inchost, host) != 0) &&
6535 
-					   (tableFind(prevhosts, inchost) == -1)) {
6536 
-						char *real_from = privdata->from;
6537 
-						privdata->from = cli_malloc(strlen(inchost) + 3);
6538 
-						sprintf(privdata->from, "n@%s", inchost);
6539 
-						tableInsert(prevhosts, host, 0);
6540 
-						spf(privdata, prevhosts);
6541 
-						free(privdata->from);
6542 
-						privdata->from = real_from;
6543 
-					}
6544 
-				}
6545 
-				free(record);
6546 
-				if(privdata->spf_ok)
6547 
-					break;
6548 
-			}
6549 
-		}
6550 
-		p += len;
6551 
-	}
6552 
-	free(host);
6553 
-
6554 
-	return privdata->spf_ok;
6555 
-}
6556 
-
6557 
-static void
6558 
-spf_ip(char *ip, int zero, void *v)
6559 
-{
6560 
-	struct privdata *privdata = (struct privdata *)v;
6561 
-
6562 
-	if(strcmp(ip, privdata->ip) == 0) {
6563 
-		if(privdata->subject)
6564 
-			logg("#SPF mx/a pass (%s) %s\n", privdata->subject, ip);
6565 
-		else
6566 
-			logg("#SPF mx/a pass %s\n", ip);
6567 
-		privdata->spf_ok = 1;
6568 
-	}
6569 
-}
6570 
-
6571 
-#else	/*!HAVE_RESOLV_H */
6572 
-static table_t *
6573 
-mx(const char *host, table_t *t)
6574 
-{
6575 
-	logg(_("^MX peers will not be immune from being blacklisted"));
6576 
-
6577 
-	if(blacklist == NULL)
6578 
-		blacklist = tableCreate();
6579 
-	return NULL;
6580 
-}
6581 
-#endif	/* HAVE_RESOLV_H */
6582 
-
6583 
-static sfsistat
6584 
-black_hole(const struct privdata *privdata)
6585 
-{
6586 
-	int must_scan;
6587 
-	char **to;
6588 
-
6589 
-	to = privdata->to;
6590 
-	must_scan = (*to) ? 0 : 1;
6591 
-
6592 
-	for(; *to; to++) {
6593 
-		pid_t pid, w;
6594 
-		int pv[2], status;
6595 
-		FILE *sendmail;
6596 
-		char buf[BUFSIZ];
6597 
-
6598 
-		logg("*Calling \"%s -bv %s\"\n", SENDMAIL_BIN, *to);
6599 
-
6600 
-		if(pipe(pv) < 0) {
6601 
-			perror("pipe");
6602 
-			logg(_("!Can't create pipe\n"));
6603 
-			must_scan = 1;
6604 
-			break;
6605 
-		}
6606 
-		pid = fork();
6607 
-		if(pid == 0) {
6608 
-			close(1);
6609 
-			close(pv[0]);
6610 
-			dup2(pv[1], 1);
6611 
-			close(pv[1]);
6612 
-
6613 
-			/*
6614 
-			 * Avoid calling popen() since *to isn't trusted
6615 
-			 */
6616 
-			execl(SENDMAIL_BIN, "sendmail", "-bv", *to, NULL);
6617 
-			perror(SENDMAIL_BIN);
6618 
-			logg("Can't execl %s\n", SENDMAIL_BIN);
6619 
-			_exit(errno ? errno : 1);
6620 
-		}
6621 
-		if(pid == -1) {
6622 
-			perror("fork");
6623 
-			logg(_("!Can't fork\n"));
6624 
-			close(pv[0]);
6625 
-			close(pv[1]);
6626 
-			must_scan = 1;
6627 
-			break;
6628 
-		}
6629 
-		close(pv[1]);
6630 
-		sendmail = fdopen(pv[0], "r");
6631 
-
6632 
-		if(sendmail == NULL) {
6633 
-			logg("fdopen failed\n");
6634 
-			close(pv[0]);
6635 
-			must_scan = 1;
6636 
-			break;
6637 
-		}
6638 
-
6639 
-		while(fgets(buf, sizeof(buf), sendmail) != NULL) {
6640 
-			if(cli_chomp(buf) == 0)
6641 
-				continue;
6642 
-
6643 
-			logg("*sendmail output: %s\n", buf);
6644 
-
6645 
-			if(strstr(buf, "... deliverable: mailer ")) {
6646 
-				const char *p = strstr(buf, ", user ");
6647 
-
6648 
-				if(strcmp(&p[7], "/dev/null") != 0) {
6649 
-					must_scan = 1;
6650 
-					break;
6651 
-				}
6652 
-			}
6653 
-		}
6654 
-		fclose(sendmail);
6655 
-
6656 
-		status = -1;
6657 
-		do
6658 
-			w = wait(&status);
6659 
-		while((w != pid) && (w != -1));
6660 
-
6661 
-		if(w == -1)
6662 
-			status = -1;
6663 
-		else
6664 
-			status = WEXITSTATUS(status);
6665 
-
6666 
-		switch(status) {
6667 
-			case EX_NOUSER:
6668 
-			case EX_OK:
6669 
-				break;
6670 
-			default:
6671 
-				logg(_("^Can't execute '%s' to expand '%s' (error %d)\n"),
6672 
-					SENDMAIL_BIN, *to, WEXITSTATUS(status));
6673 
-				must_scan = 1;
6674 
-		}
6675 
-		if(must_scan)
6676 
-			break;
6677 
-	}
6678 
-	if(!must_scan) {
6679 
-		/* All recipients map to /dev/null */
6680 
-		to = privdata->to;
6681 
-		if(*to)
6682 
-			logg("Discarded, since all recipients (e.g. \"%s\") are /dev/null\n", *to);
6683 
-		else
6684 
-			logg("Discarded, since all recipients are /dev/null\n");
6685 
-		return SMFIS_DISCARD;
6686 
-	}
6687 
-	return SMFIS_CONTINUE;
6688 
-}
6689 
-
6690 
-/* See also libclamav/mbox.c */
6691 
-static int
6692 
-useful_header(const char *cmd)
6693 
-{
6694 
-	if(strcasecmp(cmd, "From") == 0)
6695 
-		return 1;
6696 
-	if(strcasecmp(cmd, "Received") == 0)
6697 
-		return 1;
6698 
-	if(strcasecmp(cmd, "Content-Type") == 0)
6699 
-		return 1;
6700 
-	if(strcasecmp(cmd, "Content-Transfer-Encoding") == 0)
6701 
-		return 1;
6702 
-	if(strcasecmp(cmd, "Content-Disposition") == 0)
6703 
-		return 1;
6704 
-	if(strcasecmp(cmd, "De") == 0)
6705 
-		return 1;
6706 
-
6707 
-	return 0;
6708 
-}
6709 
-
6710 
-static int
6711 
-increment_connexions(void)
6712 
-{
6713 
-	if(max_children > 0) {
6714 
-		int rc = 0;
6715 
-
6716 
-		pthread_mutex_lock(&n_children_mutex);
6717 
-
6718 
-		/*
6719 
-		 * Wait a while since sendmail doesn't like it if we
6720 
-		 * take too long replying. Effectively this means that
6721 
-		 * max_children is more of a hint than a rule
6722 
-		 */
6723 
-		if(n_children >= max_children) {
6724 
-			struct timespec timeout;
6725 
-			struct timeval now;
6726 
-			struct timezone tz;
6727 
-
6728 
-			logg((dont_wait) ?
6729 
-					_("hit max-children limit (%u >= %u)\n") :
6730 
-					_("hit max-children limit (%u >= %u): waiting for some to exit\n"),
6731 
-				n_children, max_children);
6732 
-
6733 
-			if(dont_wait) {
6734 
-				pthread_mutex_unlock(&n_children_mutex);
6735 
-				return 0;
6736 
-			}
6737 
-			/*
6738 
-			 * Wait for an amount of time for a child to go
6739 
-			 *
6740 
-			 * Use pthread_cond_timedwait rather than
6741 
-			 * pthread_cond_wait since the sendmail which
6742 
-			 * calls us will have a timeout that we don't
6743 
-			 * want to exceed, stops sendmail getting
6744 
-			 * fidgety.
6745 
-			 *
6746 
-			 * Patch from Damian Menscher
6747 
-			 * <menscher@uiuc.edu> to ensure it wakes up
6748 
-			 * when a child goes away
6749 
-			 */
6750 
-			gettimeofday(&now, &tz);
6751 
-			do {
6752 
-				logg(_("n_children %d: waiting %d seconds for some to exit\n"),
6753 
-					n_children, child_timeout);
6754 
-
6755 
-				if(child_timeout == 0) {
6756 
-					pthread_cond_wait(&n_children_cond, &n_children_mutex);
6757 
-					rc = 0;
6758 
-				} else {
6759 
-					timeout.tv_sec = now.tv_sec + child_timeout;
6760 
-					timeout.tv_nsec = 0;
6761 
-
6762 
-					rc = pthread_cond_timedwait(&n_children_cond, &n_children_mutex, &timeout);
6763 
-				}
6764 
-			} while((n_children >= max_children) && (rc != ETIMEDOUT));
6765 
-			logg(_("Finished waiting, n_children = %d\n"), n_children);
6766 
-		}
6767 
-		n_children++;
6768 
-
6769 
-		logg("*>n_children = %d\n", n_children);
6770 
-		pthread_mutex_unlock(&n_children_mutex);
6771 
-
6772 
-		if(child_timeout && (rc == ETIMEDOUT))
6773 
-			logg(_("Timeout waiting for a child to die\n"));
6774 
-	}
6775 
-
6776 
-	return 1;
6777 
-}
6778 
-
6779 
-static void
6780 
-decrement_connexions(void)
6781 
-{
6782 
-	if(max_children > 0) {
6783 
-		pthread_mutex_lock(&n_children_mutex);
6784 
-		logg("*decrement_connexions: n_children = %d\n", n_children);
6785 
-		/*
6786 
-		 * Deliberately errs on the side of broadcasting too many times
6787 
-		 */
6788 
-		if(n_children > 0)
6789 
-			if(--n_children == 0) {
6790 
-				logg("*%s is idle\n", progname);
6791 
-				if(pthread_cond_broadcast(&watchdog_cond) < 0)
6792 
-					perror("pthread_cond_broadcast");
6793 
-			}
6794 
-#ifdef	CL_DEBUG
6795 
-		logg("*pthread_cond_broadcast\n");
6796 
-#endif
6797 
-		if(pthread_cond_broadcast(&n_children_cond) < 0)
6798 
-			perror("pthread_cond_broadcast");
6799 
-		logg("*<n_children = %d\n", n_children);
6800 
-		pthread_mutex_unlock(&n_children_mutex);
6801 
-	}
6802 
-}
6803 
-
6804 
-static void
6805 
-dump_blacklist(char *key, int value, void *v)
6806 
-{
6807 
-	logg(_("Won't blacklist %s\n"), key);
6808 
-}
6809 
-
6810 
-/*
6811 
- * Non-blocking connect, based on an idea by Everton da Silva Marques
6812 
- *	 <everton.marques@gmail.com>
6813 
- * FIXME: There are lots of copies of this code :-(
6814 
- */
6815 
-static int
6816 
-nonblock_connect(int sock, const struct sockaddr_in *sin, const char *hostname)
6817 
-{
6818 
-	int select_failures;	/* Max. of unexpected select() failures */
6819 
-	int attempts;
6820 
-	struct timeval timeout;	/* When we should time out */
6821 
-	int numfd;		/* Highest fdset fd plus 1 */
6822 
-	long flags;
6823 
-
6824 
-	gettimeofday(&timeout, 0);	/* store when we started to connect */
6825 
-
6826 
-	if(hostname == NULL)
6827 
-		hostname = "clamav-milter";	/* It's only used in debug messages */
6828 
-
6829 
-#ifdef	F_GETFL
6830 
-	flags = fcntl(sock, F_GETFL, 0);
6831 
-
6832 
-	if(flags == -1L)
6833 
-		logg("^getfl: %s\n", strerror(errno));
6834 
-	else if(fcntl(sock, F_SETFL, (long)(flags | O_NONBLOCK)) < 0)
6835 
-		logg("^setfl: %s\n", strerror(errno));
6836 
-#else
6837 
-	flags = -1L;
6838 
-#endif
6839 
-	if(connect(sock, (const struct sockaddr *)sin, sizeof(struct sockaddr_in)) != 0)
6840 
-		switch(errno) {
6841 
-			case EALREADY:
6842 
-			case EINPROGRESS:
6843 
-				logg("*%s: connect: %s\n", hostname,
6844 
-					strerror(errno));
6845 
-				break; /* wait for connection */
6846 
-			case EISCONN:
6847 
-				return 0; /* connected */
6848 
-			default:
6849 
-				logg("^%s: connect: %s\n", hostname,
6850 
-					strerror(errno));
6851 
-#ifdef	F_SETFL
6852 
-				if(flags != -1L)
6853 
-					if(fcntl(sock, F_SETFL, flags))
6854 
-						logg("^f_setfl: %s\n", strerror(errno));
6855 
-#endif
6856 
-				return -1; /* failed */
6857 
-		}
6858 
-	else {
6859 
-#ifdef	F_SETFL
6860 
-		if(flags != -1L)
6861 
-			if(fcntl(sock, F_SETFL, flags))
6862 
-				logg("^f_setfl: %s\n", strerror(errno));
6863 
-#endif
6864 
-		return connect_error(sock, hostname);
6865 
-	}
6866 
-
6867 
-	numfd = (int)sock + 1;
6868 
-	select_failures = NONBLOCK_SELECT_MAX_FAILURES;
6869 
-	attempts = 1;
6870 
-	timeout.tv_sec += CONNECT_TIMEOUT;
6871 
-
6872 
-	for (;;) {
6873 
-		int n, t;
6874 
-		fd_set fds;
6875 
-		struct timeval now, waittime;
6876 
-
6877 
-		/* Force timeout if we ran out of time */
6878 
-		gettimeofday(&now, 0);
6879 
-		t = (now.tv_sec == timeout.tv_sec) ?
6880 
-			(now.tv_usec > timeout.tv_usec) :
6881 
-			(now.tv_sec > timeout.tv_sec);
6882 
-
6883 
-		if(t) {
6884 
-			logg("^%s: connect timeout (%d secs)\n",
6885 
-				hostname, CONNECT_TIMEOUT);
6886 
-			break;
6887 
-		}
6888 
-
6889 
-		/* Calculate how long to wait */
6890 
-		waittime.tv_sec = timeout.tv_sec - now.tv_sec;
6891 
-		waittime.tv_usec = timeout.tv_usec - now.tv_usec;
6892 
-		if(waittime.tv_usec < 0) {
6893 
-			waittime.tv_sec--;
6894 
-			waittime.tv_usec += 1000000;
6895 
-		}
6896 
-
6897 
-		/* Init fds with 'sock' as the only fd */
6898 
-		FD_ZERO(&fds);
6899 
-		FD_SET(sock, &fds);
6900 
-
6901 
-		n = select(numfd, 0, &fds, 0, &waittime);
6902 
-		if(n < 0) {
6903 
-			logg("^%s: select attempt %d %s\n",
6904 
-				hostname, select_failures, strerror(errno));
6905 
-			if(--select_failures >= 0)
6906 
-				continue; /* not timed-out, try again */
6907 
-			break; /* failed */
6908 
-		}
6909 
-
6910 
-		logg("*%s: select = %d\n", hostname, n);
6911 
-
6912 
-		if(n) {
6913 
-#ifdef	F_SETFL
6914 
-			if(flags != -1L)
6915 
-				if(fcntl(sock, F_SETFL, flags))
6916 
-					logg("^f_setfl: %s\n", strerror(errno));
6917 
-#endif
6918 
-			return connect_error(sock, hostname);
6919 
-		}
6920 
-
6921 
-		/* timeout */
6922 
-		if(attempts++ == NONBLOCK_MAX_ATTEMPTS) {
6923 
-			logg("^timeout connecting to %s\n", hostname);
6924 
-			break;
6925 
-		}
6926 
-	}
6927 
-
6928 
-#ifdef	F_SETFL
6929 
-	if(flags != -1L)
6930 
-		if(fcntl(sock, F_SETFL, flags))
6931 
-			logg("^f_setfl: %s\n", strerror(errno));
6932 
-#endif
6933 
-	return -1; /* failed */
6934 
-}
6935 
-
6936 
-static int
6937 
-connect_error(int sock, const char *hostname)
6938 
-{
6939 
-#ifdef	SO_ERROR
6940 
-	int optval;
6941 
-	socklen_t optlen = sizeof(optval);
6942 
-
6943 
-	getsockopt(sock, SOL_SOCKET, SO_ERROR, &optval, &optlen);
6944 
-
6945 
-	if(optval) {
6946 
-		logg("^%s: %s\n", hostname, strerror(optval));
6947 
-		return -1;
6948 
-	}
6949 
-#endif
6950 
-	return 0;
6951 
-}
clamav-milter/connpool.c
History View file @ 87620de
... ... 
@@ -40,13 +40,8 @@
40 40 
 #include "connpool.h"
41 41 
 #include "netcode.h"
42 42
43 
-#ifdef HAVE_GETADDRINFO
44 43 
 #define SETGAI(k, v) {(k)->gai = (void *)(v);} while(0)
45 44 
 #define FREESRV(k) { if((k).gai) freeaddrinfo((k).gai); else if((k).server) free((k).server); } while(0)
46 
-#else
47 
-#define SETGAI
48 
-#define FREESRV(k) { if ((k).server) free((k).server); } while(0)
49 
-#endif
50 45
51 46 
 struct CPOOL *cp = NULL;
52 47
... ... 
@@ -90,17 +85,12 @@ static int islocal(struct sockaddr *sa, socklen_t addrlen) {
90 90 
 }
91 91
92 92
93 
-#ifdef HAVE_GETADDRINFO
94 93 
 static int cpool_addtcp(char *addr, char *port) {
95 94 
     struct addrinfo hints, *res, *res2;;
96 95 
     struct CP_ENTRY *cpe = (struct CP_ENTRY *)&cp->pool[cp->entries-1];
97 96
98 97 
     memset(&hints, 0, sizeof(hints));
99 
-#ifdef SUPPORT_IPv6
100 98 
     hints.ai_family = AF_UNSPEC;
101 
-#else
102 
-    hints.ai_family = AF_INET;
103 
-#endif
104 99 
     hints.ai_socktype = SOCK_STREAM;
105 100
106 101 
     if(getaddrinfo(addr, port ? port : "3310", &hints, &res)) {
... ... 
@@ -113,11 +103,7 @@ static int cpool_addtcp(char *addr, char *port) {
113 113 
     memset(&hints, 0, sizeof(hints));
114 114 
     hints.ai_flags = AI_PASSIVE;
115 115 
     hints.ai_socktype = SOCK_STREAM;
116 
-#ifdef SUPPORT_IPv6
117 116 
     hints.ai_family = AF_UNSPEC;
118 
-#else
119 
-    hints.ai_family = AF_INET;
120 
-#endif
121 117 
     if(!getaddrinfo(addr, NULL, &hints, &res2)) {
122 118 
 	cpe->local = islocal(res2->ai_addr, res2->ai_addrlen);
123 119 
 	freeaddrinfo(res2);
... ... 
@@ -129,49 +115,6 @@ static int cpool_addtcp(char *addr, char *port) {
129 129 
     logg("*%s socket tcp:%s:%s added to the pool (slot %d)\n", cpe->local ? "Local" : "Remote", addr ? addr : "localhost", port ? port : "3310", cp->entries);
130 130 
     return 0;
131 131 
 }
132 
-#else
133 
-static int cpool_addtcp(char *addr, char *port) {
134 
-    struct sockaddr_in *srv;
135 
-    struct CP_ENTRY *cpe = (struct CP_ENTRY *)&cp->pool[cp->entries-1];
136 
-    int nport = 3310;
137 
-
138 
-    if(port) {
139 
-	nport = atoi(port);
140 
-	if (nport<=0 || nport>65535) {
141 
-	    logg("!Bad port for clamd socket (%d)\n", nport);
142 
-	    return 1;
143 
-	}
144 
-    }
145 
-    if(!(srv = malloc(sizeof(*srv)))) {
146 
-	logg("!Out of memory allocating unix socket space\n");
147 
-	return 1;
148 
-    }
149 
-
150 
-    srv->sin_family = AF_INET;
151 
-
152 
-    if (addr) {
153 
-	struct hostent *h;
154 
-	if(!(h=gethostbyname(addr))) {
155 
-	    logg("^Can't resolve tcp socket hostname %s\n", addr);
156 
-	    free(srv);
157 
-	    return 1;
158 
-	}
159 
-	memcpy(&srv->sin_addr.s_addr, h->h_addr_list[0], 4);
160 
-    } else {
161 
-	srv->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
162 
-    }
163 
-    cpe->type = 1;
164 
-    cpe->dead = 1;
165 
-    srv->sin_port = htons(INADDR_ANY);
166 
-    cpe->local = islocal(srv, sizeof(srv));
167 
-    srv->sin_port = htons(nport);
168 
-    cpe->last_poll = 0;
169 
-    cpe->server = (struct sockaddr *)srv;
170 
-    cpe->socklen = sizeof(*srv);
171 
-    logg("*%s socket tcp:%s:%u added to the pool (slot %d)\n", cpe->local ? "Local" : "Remote", addr ? addr : "localhost", nport, cp->entries);
172 
-    return 0;
173 
-}
174 
-#endif
175 132
176 133
177 134 
 int addslot(void) {
... ... 
@@ -248,31 +191,6 @@ void cpool_init(struct cfgstruct *copt) {
248 248 
 	}
249 249 
     }
250 250
251 
-#ifdef MILTER_LEGACY
252 
-    if((cpt = cfgopt(copt, "LocalSocket"))->enabled) {
253 
-	if(addslot()) return;
254 
-	if(cpool_addunix(cpt->strarg)) {
255 
-	    cpool_free();
256 
-	    return;
257 
-	}
258 
-    }
259 
-
260 
-    if((cpt = cfgopt(copt, "TCPSocket"))->enabled) {
261 
-	char *addr = NULL;
262 
-	char port[5];
263 
-
264 
-	if(addslot()) return;
265 
-	snprintf(port, 5, "%d", cpt->numarg);
266 
-	port[5] = 0;
267 
-	if((cpt = cfgopt(copt, "TCPAddr"))->enabled)
268 
-	    addr = cpt->strarg;
269 
-	if(cpool_addtcp(addr, port)) {
270 
-	    cpool_free();
271 
-	    return;
272 
-	}
273 
-    }
274 
-#endif
275 
-
276 251 
     if(!cp->entries) {
277 252 
 	logg("!No ClamdSocket specified\n");
278 253 
 	cpool_free();
clamav-milter/connpool.h
History View file @ 87620de
... ... 
@@ -8,6 +8,7 @@
8 8 
 #include <sys/socket.h>
9 9 
 #include <netinet/in.h>
10 10 
 #include <netinet/ip.h>
11 
+#include <pthread.h>
11 12
12 13 
 #include "shared/cfgparser.h"
13 14
clamav-milter/netcode.c
History View file @ 87620de
... ... 
@@ -36,6 +36,7 @@
36 36 
 #include <netdb.h>
37 37
38 38 
 #include "shared/output.h"
39 
+#include "libclamav/others.h"
39 40 
 #include "netcode.h"
40 41
41 42
... ... 
@@ -54,9 +55,10 @@ struct LOCALNET {
54 54 
 };
55 55
56 56 
 struct LOCALNET *lnet = NULL;
57 
+char *tempdir = NULL;
57 58
58 
-/* FIXME: for connect and send */
59 
-#define TIMEOUT 60
59 
+/* for connect and send */
60 
+#define TIMEOUT 30
60 61 
 /* for recv */
61 62 
 long readtimeout;
62 63
... ... 
@@ -288,13 +290,13 @@ int nc_connect_rand(int *main, int *alt, int *local) {
288 288 
     if(!cpe) return 1;
289 289 
     *local = (cpe->server->sa_family == AF_UNIX);
290 290 
     if(*local) {
291 
-	char tmpn[] = "/tmp/clamav-milter-XXXXXX";
292 
-	if((*alt = mkstemp(tmpn))==-1) { /* FIXME */
291 
+	char *unlinkme;
292 
+	if(cli_gentempfd(tempdir, &unlinkme, alt) != CL_SUCCESS) {
293 293 
 	    logg("!Failed to create temporary file\n");
294 294 
 	    close(*main);
295 295 
 	    return 1;
296 296 
 	}
297 
-	unlink(tmpn);
297 
+	unlink(unlinkme);
298 298 
     } else {
299 299 
 	char *reply=NULL, *port;
300 300 
 	int nport;
... ... 
@@ -349,11 +351,7 @@ int resolve(char *name, uint32_t *family, uint32_t *host) {
349 349 
     }
350 350
351 351 
     memset(&hints, 0, sizeof(hints));
352 
-#ifdef SUPPORT_IPv6
353 352 
     hints.ai_family = AF_UNSPEC;
354 
-#else
355 
-    hints.ai_family = AF_INET;
356 
-#endif
357 353 
     hints.ai_socktype = SOCK_STREAM;
358 354
359 355 
     if(getaddrinfo(name, NULL, &hints, &res)) {
clamav-milter/netcode.h
History View file @ 87620de
... ... 
@@ -19,5 +19,6 @@ int islocalnet_name(char *name);
19 19 
 int islocalnet_sock(struct sockaddr *sa);
20 20
21 21 
 extern long readtimeout;
22 
+extern char *tempdir;
22 23
23 24 
 #endif
etc/clamav-milter.conf
History View file @ 87620de
... ... 
@@ -58,6 +58,16 @@ Example
58 58 
 # Default: unset (don't chroot)
59 59 
 ##Chroot /newroot
60 60
61 
+# This option allows you to save a process identifier of the listening
62 
+# daemon (main thread).
63 
+#
64 
+# Default: disabled
65 
+##PidFile /var/run/clamd.pid
66 
+
67 
+# Optional path to the global temporary directory.
68 
+# Default: system specific (usually /tmp or /var/tmp).
69 
+#
70 
+#TemporaryDirectory /var/tmp
61 71
62 72 
 ##
63 73 
 ## Clamd options
... ... 
@@ -188,12 +198,6 @@ Example
188 188 
 # Default: no
189 189 
 ##LogTime yes
190 190
191 
-# Also log clean files. Useful in debugging but drastically increases the
192 
-# log size.
193 
-#
194 
-# Default: no
195 
-##LogClean yes
196 
-
197 191 
 # Use system logger (can work together with LogFile).
198 192 
 #
199 193 
 # Default: no
... ... 
@@ -215,7 +219,7 @@ Example
215 215 
 ## Limits
216 216 
 ##
217 217
218 
-# Files larger than this value won't be scanned.
218 
+# Messages larger than this value won't be scanned.
219 219 
 # Default: 25M
220 220 
 ##MaxFileSize 150M
221 221
... ... 
@@ -244,19 +248,17 @@ Example
244 244 
 #MaxRecursion
245 245 
 #MaxFiles
246 246 
 #PhishingSignatures
247 
-#PidFile
248 247 
 #ScanArchive
249 248 
 #ScanHTML
250 249 
 #ScanMail
251 250 
 #ScanOLE2
252 251 
 #ScanPE
253 
-#TemporaryDirectory
254 252
255 253
256 254 
 #Todo
257 255 
 ##-C --chroot
258 256 
 #-D --debug
259 
-#-i --pidfile
257 
+##-i --pidfile
260 258 
 ##-I --ignore
261 259 
 ##-W --whitelist-file
262 260
shared/cfgparser.c
History View file @ 87620de
... ... 
@@ -39,12 +39,12 @@ struct cfgoption cfg_options[] = {
39 39 
     {"LogFileUnlock", OPT_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_MILTER},
40 40 
     {"LogFileMaxSize", OPT_COMPSIZE, 1048576, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER},
41 41 
     {"LogTime", OPT_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER},
42 
-    {"LogClean", OPT_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_MILTER},
42 
+    {"LogClean", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
43 43 
     {"LogVerbose", OPT_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER},
44 44 
     {"LogSyslog", OPT_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER},
45 45 
     {"LogFacility", OPT_QUOTESTR, -1, "LOG_LOCAL6", 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER},
46 
-    {"PidFile", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM},
47 
-    {"TemporaryDirectory", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD},
46 
+    {"PidFile", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER},
47 
+    {"TemporaryDirectory", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD | OPT_MILTER},
48 48 
     {"ScanPE", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
49 49 
     {"ScanELF", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
50 50 
     {"DetectBrokenExecutables", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
... ... 
@@ -166,7 +166,6 @@ struct cfgoption cfg_options[] = {
166 166 
     {"MaxFiles", OPT_NUM, -1, NULL, 0, OPT_MILTER | OPT_DEPRECATED},
167 167 
     {"MaxRecursion", OPT_NUM, -1, NULL, 0, OPT_MILTER | OPT_DEPRECATED},
168 168 
     {"PhishingSignatures", OPT_BOOL, 1, NULL, 0, OPT_MILTER | OPT_DEPRECATED},
169 
-    {"PidFile", OPT_QUOTESTR, -1, NULL, 0, OPT_MILTER | OPT_DEPRECATED},
170 169 
     {"ScanArchive", OPT_BOOL, 1, NULL, 0, OPT_MILTER | OPT_DEPRECATED},
171 170 
     {"ScanHTML", OPT_BOOL, 1, NULL, 0, OPT_MILTER | OPT_DEPRECATED},
172 171 
     {"ScanMail", OPT_BOOL, 1, NULL, 0, OPT_MILTER | OPT_DEPRECATED},