git-svn: trunk@489
Tomasz Kojm authored on 2004/04/14 10:27:22... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Wed Apr 14 03:24:44 CEST 2004 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamd: VirusEvent: disable support for %f |
|
4 |
+ (http://www.securitytracker.com/alerts/2004/Apr/1009615.html) |
|
5 |
+ |
|
1 | 6 |
Tue Apr 13 14:16:42 CEST 2004 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav: scan EVS mails |
... | ... |
@@ -192,7 +192,7 @@ void *clamukoth(void *arg) |
192 | 192 |
|
193 | 193 |
if(scan && cl_scanfile(acc->filename, &virname, NULL, tharg->root, tharg->limits, options) == CL_VIRUS) { |
194 | 194 |
logg("Clamuko: %s: %s FOUND\n", acc->filename, virname); |
195 |
- virusaction(acc->filename, virname, tharg->copt); |
|
195 |
+ virusaction(virname, tharg->copt); |
|
196 | 196 |
acc->deny = 1; |
197 | 197 |
} else |
198 | 198 |
acc->deny = 0; |
... | ... |
@@ -49,7 +49,7 @@ |
49 | 49 |
#include "memory.h" |
50 | 50 |
#include "cfgparser.h" |
51 | 51 |
|
52 |
-void virusaction(const char *filename, const char *virname, const struct cfgstruct *copt) |
|
52 |
+void virusaction(const char *virname, const struct cfgstruct *copt) |
|
53 | 53 |
{ |
54 | 54 |
char *buffer, *pt, *cmd; |
55 | 55 |
struct cfgstruct *cpt; |
... | ... |
@@ -60,16 +60,7 @@ void virusaction(const char *filename, const char *virname, const struct cfgstru |
60 | 60 |
|
61 | 61 |
cmd = strdup(cpt->strarg); |
62 | 62 |
|
63 |
- buffer = (char *) mcalloc(strlen(cmd) + strlen(filename) + strlen(virname) + 10, sizeof(char)); |
|
64 |
- |
|
65 |
- if((pt = strstr(cmd, "%f"))) { |
|
66 |
- *pt = 0; pt += 2; |
|
67 |
- strcpy(buffer, cmd); |
|
68 |
- strcat(buffer, filename); |
|
69 |
- strcat(buffer, pt); |
|
70 |
- free(cmd); |
|
71 |
- cmd = strdup(buffer); |
|
72 |
- } |
|
63 |
+ buffer = (char *) mcalloc(strlen(cmd) + strlen(virname) + 10, sizeof(char)); |
|
73 | 64 |
|
74 | 65 |
if((pt = strstr(cmd, "%v"))) { |
75 | 66 |
*pt = 0; pt += 2; |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
int poll_fd(int fd, int timeout_sec); |
31 | 31 |
int is_fd_connected(int fd); |
32 |
-void virusaction(const char *filename, const char *virname, const struct cfgstruct *copt); |
|
32 |
+void virusaction(const char *virname, const struct cfgstruct *copt); |
|
33 | 33 |
int writen(int fd, void *buff, unsigned int count); |
34 | 34 |
|
35 | 35 |
#endif |
... | ... |
@@ -105,7 +105,7 @@ int dirscan(const char *dirname, const char **virname, unsigned long int *scanne |
105 | 105 |
if((scanret = cl_scanfile(fname, virname, scanned, root, limits, options)) == CL_VIRUS) { |
106 | 106 |
mdprintf(odesc, "%s: %s FOUND\n", fname, *virname); |
107 | 107 |
logg("%s: %s FOUND\n", fname, *virname); |
108 |
- virusaction(fname, *virname, copt); |
|
108 |
+ virusaction(*virname, copt); |
|
109 | 109 |
if(!contscan) { |
110 | 110 |
closedir(dd); |
111 | 111 |
free(fname); |
... | ... |
@@ -170,7 +170,7 @@ int scan(const char *filename, unsigned long int *scanned, const struct cl_node |
170 | 170 |
if(ret == CL_VIRUS) { |
171 | 171 |
mdprintf(odesc, "%s: %s FOUND\n", filename, virname); |
172 | 172 |
logg("%s: %s FOUND\n", filename, virname); |
173 |
- virusaction(filename, virname, copt); |
|
173 |
+ virusaction(virname, copt); |
|
174 | 174 |
} else if(ret != CL_CLEAN) { |
175 | 175 |
mdprintf(odesc, "%s: %s ERROR\n", filename, cl_strerror(ret)); |
176 | 176 |
logg("%s: %s ERROR\n", filename, cl_strerror(ret)); |
... | ... |
@@ -333,7 +333,7 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root |
333 | 333 |
if(ret == CL_VIRUS) { |
334 | 334 |
mdprintf(odesc, "stream: %s FOUND\n", virname); |
335 | 335 |
logg("stream: %s FOUND\n", virname); |
336 |
- virusaction("InputStream", virname, copt); |
|
336 |
+ virusaction(virname, copt); |
|
337 | 337 |
} else if(ret != CL_CLEAN) { |
338 | 338 |
mdprintf(odesc, "stream: %s ERROR\n", cl_strerror(ret)); |
339 | 339 |
logg("stream: %s ERROR\n", cl_strerror(ret)); |
... | ... |
@@ -107,14 +107,10 @@ MaxDirectoryRecursion 15 |
107 | 107 |
# By default clamd checks itself every 3600 seconds (1 hour). |
108 | 108 |
#SelfCheck 600 |
109 | 109 |
|
110 |
-# Execute a command when virus is found. In the command string %v and %f will |
|
111 |
-# be replaced by the virus name and the infected file name respectively. |
|
110 |
+# Execute a command when a virus is found. In the command string %v will |
|
111 |
+# be replaced by the virus name. |
|
112 | 112 |
# |
113 |
-# SECURITY WARNING: Make sure the virus event command cannot be exploited, |
|
114 |
-# eg. by using some special file name when %f is used. |
|
115 |
-# Always use a full path to the command. |
|
116 |
-# Never delete/move files with this directive ! |
|
117 |
-#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v" |
|
113 |
+#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" |
|
118 | 114 |
|
119 | 115 |
# Run as selected user (clamd must be started by root). |
120 | 116 |
# By default it doesn't drop privileges. |