git-svn: trunk@4393
aCaB authored on 2008/11/13 10:23:39... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Thu Nov 13 01:23:39 CET 2008 (acab) |
|
2 |
+----------------------------------- |
|
3 |
+ * clamav-milter/clamav-milter.c: upgrade to new API |
|
4 |
+ |
|
1 | 5 |
Wed Nov 12 21:33:50 EET 2008 (edwin) |
2 | 6 |
------------------------------------ |
3 | 7 |
* contrib/clamdtop/TODO, contrib/clamdtop/clamdtop.c: some docs |
... | ... |
@@ -294,7 +294,6 @@ struct privdata { |
294 | 294 |
#endif |
295 | 295 |
int statusCount; /* number of X-Virus-Status headers */ |
296 | 296 |
int serverNumber; /* Index into serverIPs */ |
297 |
- struct cl_node *root; /* database of viruses used to scan this one */ |
|
298 | 297 |
}; |
299 | 298 |
|
300 | 299 |
#ifdef SESSION |
... | ... |
@@ -375,9 +374,13 @@ static const char *progname; /* our name - usually clamav-milter */ |
375 | 375 |
|
376 | 376 |
/* Variables for --external */ |
377 | 377 |
static int external = 0; /* scan messages ourself or use clamd? */ |
378 |
-static pthread_mutex_t root_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
379 |
-static struct cl_node *root = NULL; |
|
380 |
-static struct cl_limits limits; |
|
378 |
+static pthread_mutex_t engine_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
379 |
+struct cl_engine *engine = NULL; |
|
380 |
+uint64_t maxscansize; |
|
381 |
+uint64_t maxfilesize; |
|
382 |
+uint32_t maxreclevel; |
|
383 |
+uint32_t maxfiles; |
|
384 |
+ |
|
381 | 385 |
static struct cl_stat dbstat; |
382 | 386 |
static int options = CL_SCAN_STDOPT; |
383 | 387 |
|
... | ... |
@@ -1512,6 +1515,10 @@ main(int argc, char **argv) |
1512 | 1512 |
return EX_CONFIG; |
1513 | 1513 |
} |
1514 | 1514 |
#endif |
1515 |
+ if (cl_init(CL_INIT_DEFAULT)!=CL_SUCCESS) { |
|
1516 |
+ fprintf(stderr, "%s: Failed to initialize libclamav, bailing out.\n", argv[0]); |
|
1517 |
+ return EX_UNAVAILABLE; |
|
1518 |
+ } |
|
1515 | 1519 |
if(loadDatabase() != 0) { |
1516 | 1520 |
/* |
1517 | 1521 |
* Handle the dont-scan-on-error option, which says |
... | ... |
@@ -1971,8 +1978,6 @@ main(int argc, char **argv) |
1971 | 1971 |
atexit(quit); |
1972 | 1972 |
|
1973 | 1973 |
if(!external) { |
1974 |
- /* TODO: read the limits from clamd.conf */ |
|
1975 |
- |
|
1976 | 1974 |
if(!cfgopt(copt, "ScanMail")->enabled) |
1977 | 1975 |
printf(_("%s: ScanMail not defined in %s (needed without --external), enabling\n"), |
1978 | 1976 |
argv[0], cfgfile); |
... | ... |
@@ -1993,41 +1998,34 @@ main(int argc, char **argv) |
1993 | 1993 |
if(cfgopt(copt, "ScanHTML")->enabled) |
1994 | 1994 |
options |= CL_SCAN_HTML; |
1995 | 1995 |
|
1996 |
- memset(&limits, '\0', sizeof(struct cl_limits)); |
|
1997 |
- |
|
1998 | 1996 |
if(((cpt = cfgopt(copt, "MaxScanSize")) != NULL) && cpt->enabled) |
1999 |
- limits.maxscansize = cpt->numarg; |
|
1997 |
+ maxscansize = cpt->numarg; |
|
2000 | 1998 |
else |
2001 |
- limits.maxscansize = 104857600; |
|
1999 |
+ maxscansize = 104857600; |
|
2002 | 2000 |
if(((cpt = cfgopt(copt, "MaxFileSize")) != NULL) && cpt->enabled) |
2003 |
- limits.maxfilesize = cpt->numarg; |
|
2001 |
+ maxfilesize = cpt->numarg; |
|
2004 | 2002 |
else |
2005 |
- limits.maxfilesize = 10485760; |
|
2003 |
+ maxfilesize = 10485760; |
|
2006 | 2004 |
|
2007 | 2005 |
if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) { |
2008 |
- if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize)) |
|
2006 |
+ if((rlim.rlim_max < maxfilesize) || (rlim.rlim_max < maxscansize)) |
|
2009 | 2007 |
logg("^System limit for file size is lower than maxfilesize or maxscansize\n"); |
2010 | 2008 |
} else { |
2011 | 2009 |
logg("^Cannot obtain resource limits for file size\n"); |
2012 | 2010 |
} |
2013 | 2011 |
|
2014 | 2012 |
if(((cpt = cfgopt(copt, "MaxRecursion")) != NULL) && cpt->enabled) |
2015 |
- limits.maxreclevel = cpt->numarg; |
|
2013 |
+ maxreclevel = cpt->numarg; |
|
2016 | 2014 |
else |
2017 |
- limits.maxreclevel = 8; |
|
2015 |
+ maxreclevel = 8; |
|
2018 | 2016 |
|
2019 | 2017 |
if(((cpt = cfgopt(copt, "MaxFiles")) != NULL) && cpt->enabled) |
2020 |
- limits.maxfiles = cpt->numarg; |
|
2018 |
+ maxfiles = cpt->numarg; |
|
2021 | 2019 |
else |
2022 |
- limits.maxfiles = 1000; |
|
2020 |
+ maxfiles = 1000; |
|
2023 | 2021 |
|
2024 |
- if(cfgopt(copt, "ScanArchive")->enabled) { |
|
2022 |
+ if(cfgopt(copt, "ScanArchive")->enabled) |
|
2025 | 2023 |
options |= CL_SCAN_ARCHIVE; |
2026 |
- if(cfgopt(copt, "ArchiveLimitMemoryUsage")->enabled) |
|
2027 |
- limits.archivememlim = 1; |
|
2028 |
- else |
|
2029 |
- limits.archivememlim = 0; |
|
2030 |
- } |
|
2031 | 2024 |
} |
2032 | 2025 |
|
2033 | 2026 |
pthread_create(&tid, NULL, watchdog, NULL); |
... | ... |
@@ -3451,16 +3449,17 @@ clamfi_eom(SMFICTX *ctx) |
3451 | 3451 |
|
3452 | 3452 |
if(!external) { |
3453 | 3453 |
const char *virname; |
3454 |
+ struct cl_engine *tmp_engine; |
|
3454 | 3455 |
|
3455 |
- pthread_mutex_lock(&root_mutex); |
|
3456 |
- privdata->root = cl_dup(root); |
|
3457 |
- pthread_mutex_unlock(&root_mutex); |
|
3458 |
- if(privdata->root == NULL) { |
|
3459 |
- logg("!privdata->root == NULL\n"); |
|
3456 |
+ pthread_mutex_lock(&engine_mutex); |
|
3457 |
+ tmp_engine = cl_engine_dup(engine); |
|
3458 |
+ pthread_mutex_unlock(&engine_mutex); |
|
3459 |
+ if(!tmp_engine) { |
|
3460 |
+ logg("!cl_engine_dup failed\n"); |
|
3460 | 3461 |
clamfi_cleanup(ctx); |
3461 | 3462 |
return cl_error; |
3462 | 3463 |
} |
3463 |
- switch(cl_scanfile(privdata->filename, &virname, NULL, privdata->root, &limits, options)) { |
|
3464 |
+ switch(cl_scanfile(privdata->filename, &virname, NULL, tmp_engine, options)) { |
|
3464 | 3465 |
case CL_CLEAN: |
3465 | 3466 |
if(logok) |
3466 | 3467 |
logg("#%s: OK\n", privdata->filename); |
... | ... |
@@ -3471,12 +3470,11 @@ clamfi_eom(SMFICTX *ctx) |
3471 | 3471 |
logg("#%s\n", mess); |
3472 | 3472 |
break; |
3473 | 3473 |
default: |
3474 |
- snprintf(mess, sizeof(mess), "%s: %s ERROR", privdata->filename, cl_strerror(rc)); |
|
3474 |
+ snprintf(mess, sizeof(mess), "%s: ERROR", privdata->filename); |
|
3475 | 3475 |
logg("!%s\n", mess); |
3476 | 3476 |
break; |
3477 | 3477 |
} |
3478 |
- cl_free(privdata->root); |
|
3479 |
- privdata->root = NULL; |
|
3478 |
+ cl_engine_free(tmp_engine); |
|
3480 | 3479 |
|
3481 | 3480 |
#ifdef SESSION |
3482 | 3481 |
session = NULL; |
... | ... |
@@ -4260,14 +4258,7 @@ clamfi_free(struct privdata *privdata, int keep) |
4260 | 4260 |
close(privdata->cmdSocket); |
4261 | 4261 |
} |
4262 | 4262 |
#endif |
4263 |
- } else if(privdata->root) |
|
4264 |
- /* |
|
4265 |
- * Since only one of clamfi_abort() and clamfi_eom() |
|
4266 |
- * can ever be called, and the only cl_dup is in |
|
4267 |
- * clamfi_eom() which calls cl_free soon after, this |
|
4268 |
- * should be overkill, since this can "never happen" |
|
4269 |
- */ |
|
4270 |
- cl_free(privdata->root); |
|
4263 |
+ } |
|
4271 | 4264 |
|
4272 | 4265 |
if(privdata->headers) |
4273 | 4266 |
header_list_free(privdata->headers); |
... | ... |
@@ -4489,9 +4480,9 @@ updateSigFile(void) |
4489 | 4489 |
|
4490 | 4490 |
signatureStamp = statb.st_mtime; |
4491 | 4491 |
|
4492 |
- signature = cli_realloc(signature, statb.st_size); |
|
4492 |
+ signature = cli_realloc((void *)signature, statb.st_size); |
|
4493 | 4493 |
if(signature) |
4494 |
- cli_readn(fd, signature, statb.st_size); |
|
4494 |
+ cli_readn(fd, (void *)signature, statb.st_size); |
|
4495 | 4495 |
close(fd); |
4496 | 4496 |
|
4497 | 4497 |
return statb.st_size; |
... | ... |
@@ -5780,12 +5771,10 @@ quit(void) |
5780 | 5780 |
#endif |
5781 | 5781 |
|
5782 | 5782 |
if(!external) { |
5783 |
- pthread_mutex_lock(&root_mutex); |
|
5784 |
- if(root) { |
|
5785 |
- cl_free(root); |
|
5786 |
- root = NULL; |
|
5787 |
- } |
|
5788 |
- pthread_mutex_unlock(&root_mutex); |
|
5783 |
+ pthread_mutex_lock(&engine_mutex); |
|
5784 |
+ if(engine) |
|
5785 |
+ cl_engine_free(engine); |
|
5786 |
+ pthread_mutex_unlock(&engine_mutex); |
|
5789 | 5787 |
} else { |
5790 | 5788 |
#ifdef SESSION |
5791 | 5789 |
int i = 0; |
... | ... |
@@ -5860,7 +5849,6 @@ loadDatabase(void) |
5860 | 5860 |
char *daily; |
5861 | 5861 |
struct cl_cvd *d; |
5862 | 5862 |
const struct cfgstruct *cpt; |
5863 |
- struct cl_node *newroot, *oldroot; |
|
5864 | 5863 |
static const char *dbdir; |
5865 | 5864 |
|
5866 | 5865 |
assert(!external); |
... | ... |
@@ -5926,35 +5914,46 @@ loadDatabase(void) |
5926 | 5926 |
pthread_mutex_unlock(&version_mutex); |
5927 | 5927 |
#endif |
5928 | 5928 |
signatures = 0; |
5929 |
- newroot = NULL; |
|
5930 |
- |
|
5929 |
+ pthread_mutex_lock(&engine_mutex); |
|
5930 |
+ if(engine) cl_engine_free(engine); |
|
5931 |
+ engine = cl_engine_new(CL_ENGINE_DEFAULT); |
|
5932 |
+ if (!engine) { |
|
5933 |
+ logg("!Can't initialize antivirus engine\n"); |
|
5934 |
+ pthread_mutex_unlock(&engine_mutex); |
|
5935 |
+ return -1; |
|
5936 |
+ } |
|
5931 | 5937 |
if(!cfgopt(copt, "PhishingSignatures")->enabled) { |
5932 | 5938 |
logg("Not loading phishing signatures.\n"); |
5933 | 5939 |
dboptions = 0; |
5934 | 5940 |
} else |
5935 | 5941 |
dboptions = CL_DB_PHISHING; |
5936 |
- |
|
5937 |
- ret = cl_load(dbdir, &newroot, &signatures, dboptions); |
|
5938 |
- if(ret != 0) { |
|
5939 |
- logg("!%s\n", cl_strerror(ret)); |
|
5942 |
+ if((ret = cl_engine_set(engine, CL_ENGINE_MAX_SCANSIZE, &maxscansize))) { |
|
5943 |
+ logg("!cli_engine_set(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret)); |
|
5944 |
+ cl_engine_free(engine); |
|
5945 |
+ pthread_mutex_unlock(&engine_mutex); |
|
5940 | 5946 |
return -1; |
5941 | 5947 |
} |
5942 |
- if(newroot == NULL) { |
|
5943 |
- logg("!Can't initialize the virus database.\n"); |
|
5948 |
+ if((ret = cl_engine_set(engine, CL_ENGINE_MAX_FILESIZE, &maxfilesize))) { |
|
5949 |
+ logg("!cli_engine_set(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret)); |
|
5950 |
+ cl_engine_free(engine); |
|
5951 |
+ pthread_mutex_unlock(&engine_mutex); |
|
5944 | 5952 |
return -1; |
5945 | 5953 |
} |
5946 |
- |
|
5947 |
- ret = cl_build(newroot); |
|
5948 |
- if(ret != 0) { |
|
5954 |
+ ret = cl_load(dbdir, engine, &signatures, dboptions); |
|
5955 |
+ if(ret != CL_SUCCESS) { |
|
5956 |
+ logg("!%s\n", cl_strerror(ret)); |
|
5957 |
+ cl_engine_free(engine); |
|
5958 |
+ pthread_mutex_unlock(&engine_mutex); |
|
5959 |
+ return -1; |
|
5960 |
+ } |
|
5961 |
+ ret = cl_engine_compile(engine); |
|
5962 |
+ if(ret != CL_SUCCESS) { |
|
5949 | 5963 |
logg("!Database initialization error: %s\n", cl_strerror(ret)); |
5950 |
- cl_free(newroot); |
|
5964 |
+ cl_engine_free(engine); |
|
5965 |
+ pthread_mutex_unlock(&engine_mutex); |
|
5951 | 5966 |
return -1; |
5952 | 5967 |
} |
5953 |
- pthread_mutex_lock(&root_mutex); |
|
5954 |
- oldroot = root; |
|
5955 |
- root = newroot; |
|
5956 |
- pthread_mutex_unlock(&root_mutex); |
|
5957 |
- |
|
5968 |
+ pthread_mutex_unlock(&engine_mutex); |
|
5958 | 5969 |
#ifdef SESSION |
5959 | 5970 |
pthread_mutex_lock(&version_mutex); |
5960 | 5971 |
#endif |
... | ... |
@@ -5963,12 +5962,7 @@ loadDatabase(void) |
5963 | 5963 |
pthread_mutex_unlock(&version_mutex); |
5964 | 5964 |
#endif |
5965 | 5965 |
logg(_("ClamAV: Protecting against %u viruses\n"), signatures); |
5966 |
- if(oldroot) { |
|
5967 |
- cl_free(oldroot); |
|
5968 |
- logg("#Database correctly reloaded (%u viruses)\n", signatures); |
|
5969 |
- } else |
|
5970 |
- logg("*Database loaded\n"); |
|
5971 |
- |
|
5966 |
+ logg("#Database correctly (re)loaded (%u viruses)\n"); |
|
5972 | 5967 |
return cl_statinidir(dbdir, &dbstat); |
5973 | 5968 |
} |
5974 | 5969 |
|