Browse code
upgrade milter to new api
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Thu Nov 13 01:23:39 CET 2008 (acab) |
|
| 2 |
+----------------------------------- |
|
| 3 |
+ * clamav-milter/clamav-milter.c: upgrade to new API |
|
| 4 |
+ |
|
| 1 | 5 |
Wed Nov 12 21:33:50 EET 2008 (edwin) |
| 2 | 6 |
------------------------------------ |
| 3 | 7 |
* contrib/clamdtop/TODO, contrib/clamdtop/clamdtop.c: some docs |
| ... | ... |
@@ -294,7 +294,6 @@ struct privdata {
|
| 294 | 294 |
#endif |
| 295 | 295 |
int statusCount; /* number of X-Virus-Status headers */ |
| 296 | 296 |
int serverNumber; /* Index into serverIPs */ |
| 297 |
- struct cl_node *root; /* database of viruses used to scan this one */ |
|
| 298 | 297 |
}; |
| 299 | 298 |
|
| 300 | 299 |
#ifdef SESSION |
| ... | ... |
@@ -375,9 +374,13 @@ static const char *progname; /* our name - usually clamav-milter */ |
| 375 | 375 |
|
| 376 | 376 |
/* Variables for --external */ |
| 377 | 377 |
static int external = 0; /* scan messages ourself or use clamd? */ |
| 378 |
-static pthread_mutex_t root_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
| 379 |
-static struct cl_node *root = NULL; |
|
| 380 |
-static struct cl_limits limits; |
|
| 378 |
+static pthread_mutex_t engine_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
| 379 |
+struct cl_engine *engine = NULL; |
|
| 380 |
+uint64_t maxscansize; |
|
| 381 |
+uint64_t maxfilesize; |
|
| 382 |
+uint32_t maxreclevel; |
|
| 383 |
+uint32_t maxfiles; |
|
| 384 |
+ |
|
| 381 | 385 |
static struct cl_stat dbstat; |
| 382 | 386 |
static int options = CL_SCAN_STDOPT; |
| 383 | 387 |
|
| ... | ... |
@@ -1512,6 +1515,10 @@ main(int argc, char **argv) |
| 1512 | 1512 |
return EX_CONFIG; |
| 1513 | 1513 |
} |
| 1514 | 1514 |
#endif |
| 1515 |
+ if (cl_init(CL_INIT_DEFAULT)!=CL_SUCCESS) {
|
|
| 1516 |
+ fprintf(stderr, "%s: Failed to initialize libclamav, bailing out.\n", argv[0]); |
|
| 1517 |
+ return EX_UNAVAILABLE; |
|
| 1518 |
+ } |
|
| 1515 | 1519 |
if(loadDatabase() != 0) {
|
| 1516 | 1520 |
/* |
| 1517 | 1521 |
* Handle the dont-scan-on-error option, which says |
| ... | ... |
@@ -1971,8 +1978,6 @@ main(int argc, char **argv) |
| 1971 | 1971 |
atexit(quit); |
| 1972 | 1972 |
|
| 1973 | 1973 |
if(!external) {
|
| 1974 |
- /* TODO: read the limits from clamd.conf */ |
|
| 1975 |
- |
|
| 1976 | 1974 |
if(!cfgopt(copt, "ScanMail")->enabled) |
| 1977 | 1975 |
printf(_("%s: ScanMail not defined in %s (needed without --external), enabling\n"),
|
| 1978 | 1976 |
argv[0], cfgfile); |
| ... | ... |
@@ -1993,41 +1998,34 @@ main(int argc, char **argv) |
| 1993 | 1993 |
if(cfgopt(copt, "ScanHTML")->enabled) |
| 1994 | 1994 |
options |= CL_SCAN_HTML; |
| 1995 | 1995 |
|
| 1996 |
- memset(&limits, '\0', sizeof(struct cl_limits)); |
|
| 1997 |
- |
|
| 1998 | 1996 |
if(((cpt = cfgopt(copt, "MaxScanSize")) != NULL) && cpt->enabled) |
| 1999 |
- limits.maxscansize = cpt->numarg; |
|
| 1997 |
+ maxscansize = cpt->numarg; |
|
| 2000 | 1998 |
else |
| 2001 |
- limits.maxscansize = 104857600; |
|
| 1999 |
+ maxscansize = 104857600; |
|
| 2002 | 2000 |
if(((cpt = cfgopt(copt, "MaxFileSize")) != NULL) && cpt->enabled) |
| 2003 |
- limits.maxfilesize = cpt->numarg; |
|
| 2001 |
+ maxfilesize = cpt->numarg; |
|
| 2004 | 2002 |
else |
| 2005 |
- limits.maxfilesize = 10485760; |
|
| 2003 |
+ maxfilesize = 10485760; |
|
| 2006 | 2004 |
|
| 2007 | 2005 |
if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
|
| 2008 |
- if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize)) |
|
| 2006 |
+ if((rlim.rlim_max < maxfilesize) || (rlim.rlim_max < maxscansize)) |
|
| 2009 | 2007 |
logg("^System limit for file size is lower than maxfilesize or maxscansize\n");
|
| 2010 | 2008 |
} else {
|
| 2011 | 2009 |
logg("^Cannot obtain resource limits for file size\n");
|
| 2012 | 2010 |
} |
| 2013 | 2011 |
|
| 2014 | 2012 |
if(((cpt = cfgopt(copt, "MaxRecursion")) != NULL) && cpt->enabled) |
| 2015 |
- limits.maxreclevel = cpt->numarg; |
|
| 2013 |
+ maxreclevel = cpt->numarg; |
|
| 2016 | 2014 |
else |
| 2017 |
- limits.maxreclevel = 8; |
|
| 2015 |
+ maxreclevel = 8; |
|
| 2018 | 2016 |
|
| 2019 | 2017 |
if(((cpt = cfgopt(copt, "MaxFiles")) != NULL) && cpt->enabled) |
| 2020 |
- limits.maxfiles = cpt->numarg; |
|
| 2018 |
+ maxfiles = cpt->numarg; |
|
| 2021 | 2019 |
else |
| 2022 |
- limits.maxfiles = 1000; |
|
| 2020 |
+ maxfiles = 1000; |
|
| 2023 | 2021 |
|
| 2024 |
- if(cfgopt(copt, "ScanArchive")->enabled) {
|
|
| 2022 |
+ if(cfgopt(copt, "ScanArchive")->enabled) |
|
| 2025 | 2023 |
options |= CL_SCAN_ARCHIVE; |
| 2026 |
- if(cfgopt(copt, "ArchiveLimitMemoryUsage")->enabled) |
|
| 2027 |
- limits.archivememlim = 1; |
|
| 2028 |
- else |
|
| 2029 |
- limits.archivememlim = 0; |
|
| 2030 |
- } |
|
| 2031 | 2024 |
} |
| 2032 | 2025 |
|
| 2033 | 2026 |
pthread_create(&tid, NULL, watchdog, NULL); |
| ... | ... |
@@ -3451,16 +3449,17 @@ clamfi_eom(SMFICTX *ctx) |
| 3451 | 3451 |
|
| 3452 | 3452 |
if(!external) {
|
| 3453 | 3453 |
const char *virname; |
| 3454 |
+ struct cl_engine *tmp_engine; |
|
| 3454 | 3455 |
|
| 3455 |
- pthread_mutex_lock(&root_mutex); |
|
| 3456 |
- privdata->root = cl_dup(root); |
|
| 3457 |
- pthread_mutex_unlock(&root_mutex); |
|
| 3458 |
- if(privdata->root == NULL) {
|
|
| 3459 |
- logg("!privdata->root == NULL\n");
|
|
| 3456 |
+ pthread_mutex_lock(&engine_mutex); |
|
| 3457 |
+ tmp_engine = cl_engine_dup(engine); |
|
| 3458 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 3459 |
+ if(!tmp_engine) {
|
|
| 3460 |
+ logg("!cl_engine_dup failed\n");
|
|
| 3460 | 3461 |
clamfi_cleanup(ctx); |
| 3461 | 3462 |
return cl_error; |
| 3462 | 3463 |
} |
| 3463 |
- switch(cl_scanfile(privdata->filename, &virname, NULL, privdata->root, &limits, options)) {
|
|
| 3464 |
+ switch(cl_scanfile(privdata->filename, &virname, NULL, tmp_engine, options)) {
|
|
| 3464 | 3465 |
case CL_CLEAN: |
| 3465 | 3466 |
if(logok) |
| 3466 | 3467 |
logg("#%s: OK\n", privdata->filename);
|
| ... | ... |
@@ -3471,12 +3470,11 @@ clamfi_eom(SMFICTX *ctx) |
| 3471 | 3471 |
logg("#%s\n", mess);
|
| 3472 | 3472 |
break; |
| 3473 | 3473 |
default: |
| 3474 |
- snprintf(mess, sizeof(mess), "%s: %s ERROR", privdata->filename, cl_strerror(rc)); |
|
| 3474 |
+ snprintf(mess, sizeof(mess), "%s: ERROR", privdata->filename); |
|
| 3475 | 3475 |
logg("!%s\n", mess);
|
| 3476 | 3476 |
break; |
| 3477 | 3477 |
} |
| 3478 |
- cl_free(privdata->root); |
|
| 3479 |
- privdata->root = NULL; |
|
| 3478 |
+ cl_engine_free(tmp_engine); |
|
| 3480 | 3479 |
|
| 3481 | 3480 |
#ifdef SESSION |
| 3482 | 3481 |
session = NULL; |
| ... | ... |
@@ -4260,14 +4258,7 @@ clamfi_free(struct privdata *privdata, int keep) |
| 4260 | 4260 |
close(privdata->cmdSocket); |
| 4261 | 4261 |
} |
| 4262 | 4262 |
#endif |
| 4263 |
- } else if(privdata->root) |
|
| 4264 |
- /* |
|
| 4265 |
- * Since only one of clamfi_abort() and clamfi_eom() |
|
| 4266 |
- * can ever be called, and the only cl_dup is in |
|
| 4267 |
- * clamfi_eom() which calls cl_free soon after, this |
|
| 4268 |
- * should be overkill, since this can "never happen" |
|
| 4269 |
- */ |
|
| 4270 |
- cl_free(privdata->root); |
|
| 4263 |
+ } |
|
| 4271 | 4264 |
|
| 4272 | 4265 |
if(privdata->headers) |
| 4273 | 4266 |
header_list_free(privdata->headers); |
| ... | ... |
@@ -4489,9 +4480,9 @@ updateSigFile(void) |
| 4489 | 4489 |
|
| 4490 | 4490 |
signatureStamp = statb.st_mtime; |
| 4491 | 4491 |
|
| 4492 |
- signature = cli_realloc(signature, statb.st_size); |
|
| 4492 |
+ signature = cli_realloc((void *)signature, statb.st_size); |
|
| 4493 | 4493 |
if(signature) |
| 4494 |
- cli_readn(fd, signature, statb.st_size); |
|
| 4494 |
+ cli_readn(fd, (void *)signature, statb.st_size); |
|
| 4495 | 4495 |
close(fd); |
| 4496 | 4496 |
|
| 4497 | 4497 |
return statb.st_size; |
| ... | ... |
@@ -5780,12 +5771,10 @@ quit(void) |
| 5780 | 5780 |
#endif |
| 5781 | 5781 |
|
| 5782 | 5782 |
if(!external) {
|
| 5783 |
- pthread_mutex_lock(&root_mutex); |
|
| 5784 |
- if(root) {
|
|
| 5785 |
- cl_free(root); |
|
| 5786 |
- root = NULL; |
|
| 5787 |
- } |
|
| 5788 |
- pthread_mutex_unlock(&root_mutex); |
|
| 5783 |
+ pthread_mutex_lock(&engine_mutex); |
|
| 5784 |
+ if(engine) |
|
| 5785 |
+ cl_engine_free(engine); |
|
| 5786 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 5789 | 5787 |
} else {
|
| 5790 | 5788 |
#ifdef SESSION |
| 5791 | 5789 |
int i = 0; |
| ... | ... |
@@ -5860,7 +5849,6 @@ loadDatabase(void) |
| 5860 | 5860 |
char *daily; |
| 5861 | 5861 |
struct cl_cvd *d; |
| 5862 | 5862 |
const struct cfgstruct *cpt; |
| 5863 |
- struct cl_node *newroot, *oldroot; |
|
| 5864 | 5863 |
static const char *dbdir; |
| 5865 | 5864 |
|
| 5866 | 5865 |
assert(!external); |
| ... | ... |
@@ -5926,35 +5914,46 @@ loadDatabase(void) |
| 5926 | 5926 |
pthread_mutex_unlock(&version_mutex); |
| 5927 | 5927 |
#endif |
| 5928 | 5928 |
signatures = 0; |
| 5929 |
- newroot = NULL; |
|
| 5930 |
- |
|
| 5929 |
+ pthread_mutex_lock(&engine_mutex); |
|
| 5930 |
+ if(engine) cl_engine_free(engine); |
|
| 5931 |
+ engine = cl_engine_new(CL_ENGINE_DEFAULT); |
|
| 5932 |
+ if (!engine) {
|
|
| 5933 |
+ logg("!Can't initialize antivirus engine\n");
|
|
| 5934 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 5935 |
+ return -1; |
|
| 5936 |
+ } |
|
| 5931 | 5937 |
if(!cfgopt(copt, "PhishingSignatures")->enabled) {
|
| 5932 | 5938 |
logg("Not loading phishing signatures.\n");
|
| 5933 | 5939 |
dboptions = 0; |
| 5934 | 5940 |
} else |
| 5935 | 5941 |
dboptions = CL_DB_PHISHING; |
| 5936 |
- |
|
| 5937 |
- ret = cl_load(dbdir, &newroot, &signatures, dboptions); |
|
| 5938 |
- if(ret != 0) {
|
|
| 5939 |
- logg("!%s\n", cl_strerror(ret));
|
|
| 5942 |
+ if((ret = cl_engine_set(engine, CL_ENGINE_MAX_SCANSIZE, &maxscansize))) {
|
|
| 5943 |
+ logg("!cli_engine_set(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
|
|
| 5944 |
+ cl_engine_free(engine); |
|
| 5945 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 5940 | 5946 |
return -1; |
| 5941 | 5947 |
} |
| 5942 |
- if(newroot == NULL) {
|
|
| 5943 |
- logg("!Can't initialize the virus database.\n");
|
|
| 5948 |
+ if((ret = cl_engine_set(engine, CL_ENGINE_MAX_FILESIZE, &maxfilesize))) {
|
|
| 5949 |
+ logg("!cli_engine_set(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
|
|
| 5950 |
+ cl_engine_free(engine); |
|
| 5951 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 5944 | 5952 |
return -1; |
| 5945 | 5953 |
} |
| 5946 |
- |
|
| 5947 |
- ret = cl_build(newroot); |
|
| 5948 |
- if(ret != 0) {
|
|
| 5954 |
+ ret = cl_load(dbdir, engine, &signatures, dboptions); |
|
| 5955 |
+ if(ret != CL_SUCCESS) {
|
|
| 5956 |
+ logg("!%s\n", cl_strerror(ret));
|
|
| 5957 |
+ cl_engine_free(engine); |
|
| 5958 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 5959 |
+ return -1; |
|
| 5960 |
+ } |
|
| 5961 |
+ ret = cl_engine_compile(engine); |
|
| 5962 |
+ if(ret != CL_SUCCESS) {
|
|
| 5949 | 5963 |
logg("!Database initialization error: %s\n", cl_strerror(ret));
|
| 5950 |
- cl_free(newroot); |
|
| 5964 |
+ cl_engine_free(engine); |
|
| 5965 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 5951 | 5966 |
return -1; |
| 5952 | 5967 |
} |
| 5953 |
- pthread_mutex_lock(&root_mutex); |
|
| 5954 |
- oldroot = root; |
|
| 5955 |
- root = newroot; |
|
| 5956 |
- pthread_mutex_unlock(&root_mutex); |
|
| 5957 |
- |
|
| 5968 |
+ pthread_mutex_unlock(&engine_mutex); |
|
| 5958 | 5969 |
#ifdef SESSION |
| 5959 | 5970 |
pthread_mutex_lock(&version_mutex); |
| 5960 | 5971 |
#endif |
| ... | ... |
@@ -5963,12 +5962,7 @@ loadDatabase(void) |
| 5963 | 5963 |
pthread_mutex_unlock(&version_mutex); |
| 5964 | 5964 |
#endif |
| 5965 | 5965 |
logg(_("ClamAV: Protecting against %u viruses\n"), signatures);
|
| 5966 |
- if(oldroot) {
|
|
| 5967 |
- cl_free(oldroot); |
|
| 5968 |
- logg("#Database correctly reloaded (%u viruses)\n", signatures);
|
|
| 5969 |
- } else |
|
| 5970 |
- logg("*Database loaded\n");
|
|
| 5971 |
- |
|
| 5966 |
+ logg("#Database correctly (re)loaded (%u viruses)\n");
|
|
| 5972 | 5967 |
return cl_statinidir(dbdir, &dbstat); |
| 5973 | 5968 |
} |
| 5974 | 5969 |
|