git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@528 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/04/28 23:28:29... | ... |
@@ -363,6 +363,15 @@ Changes |
363 | 363 |
Also defer generated emails if --force-scan is given |
364 | 364 |
Better subject for quarantine e-mails |
365 | 365 |
0.70s 25/4/04 Added --pidfile support |
366 |
+0.70t 28/4/04 Better quarantine message error report when failing to create |
|
367 |
+ the temporary file |
|
368 |
+ Send 554 after DATA received, not 550 |
|
369 |
+ Don't send rejection notices to rejection notices, we just end |
|
370 |
+ up playing ping-pong (patch by "Andrey J.Melnikoff |
|
371 |
+ (TEMHOTA)" <temnota@kmv.ru> |
|
372 |
+ If CL_DEBUG is defined, don't redirect stdout/stderr |
|
373 |
+ Don't attempt to return an old signature if no filename has |
|
374 |
+ been given. There has never been one to return |
|
366 | 375 |
|
367 | 376 |
BUG REPORTS |
368 | 377 |
|
... | ... |
@@ -364,9 +364,22 @@ |
364 | 364 |
* Also defer generated emails if --force-scan is given |
365 | 365 |
* Better subject for quarantine e-mails |
366 | 366 |
* 0.70s 25/4/04 Added --pidfile support |
367 |
+ * 0.70t 28/4/04 Better quarantine message error report when failing |
|
368 |
+ * to create the temporary file |
|
369 |
+ * Send 554 after DATA received, not 550 |
|
370 |
+ * Don't send rejection notices to rejection notices, we |
|
371 |
+ * just end up playing ping-pong (patch by "Andrey |
|
372 |
+ * J.Melnikoff (TEMHOTA)" <temnota@kmv.ru> |
|
373 |
+ * If CL_DEBUG is defined, don't redirect stdout/stderr |
|
374 |
+ * Don't attempt to return an old signature if no |
|
375 |
+ * filename has been given. There has never been |
|
376 |
+ * one to return |
|
367 | 377 |
* |
368 | 378 |
* Change History: |
369 | 379 |
* $Log: clamav-milter.c,v $ |
380 |
+ * Revision 1.84 2004/04/28 14:28:29 nigelhorne |
|
381 |
+ * Various updates |
|
382 |
+ * |
|
370 | 383 |
* Revision 1.83 2004/04/25 12:56:35 nigelhorne |
371 | 384 |
* Added --pidfile |
372 | 385 |
* |
... | ... |
@@ -601,9 +614,9 @@ |
601 | 601 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
602 | 602 |
* Added -f flag use MaxThreads if --max-children not set |
603 | 603 |
*/ |
604 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.83 2004/04/25 12:56:35 nigelhorne Exp $"; |
|
604 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.84 2004/04/28 14:28:29 nigelhorne Exp $"; |
|
605 | 605 |
|
606 |
-#define CM_VERSION "0.70s" |
|
606 |
+#define CM_VERSION "0.70t" |
|
607 | 607 |
|
608 | 608 |
/*#define CONFDIR "/usr/local/etc"*/ |
609 | 609 |
|
... | ... |
@@ -717,6 +730,11 @@ struct privdata { |
717 | 717 |
header_list_t headers; /* Message headers */ |
718 | 718 |
long numBytes; /* Number of bytes sent so far */ |
719 | 719 |
char *received; /* keep track of received from */ |
720 |
+ const char *rejectCode; /* 550 or 554? */ |
|
721 |
+ int discard; /* |
|
722 |
+ * looks like the remote end is playing ping |
|
723 |
+ * pong with us |
|
724 |
+ */ |
|
720 | 725 |
}; |
721 | 726 |
|
722 | 727 |
static int pingServer(int serverNumber); |
... | ... |
@@ -1326,7 +1344,6 @@ main(int argc, char **argv) |
1326 | 1326 |
} |
1327 | 1327 |
|
1328 | 1328 |
if(!cfgopt(copt, "Foreground")) { |
1329 |
- |
|
1330 | 1329 |
#ifdef CL_DEBUG |
1331 | 1330 |
printf("When debugging it is recommended that you use Foreground mode in %s\n", cfgfile); |
1332 | 1331 |
puts("So that you can see all of the messages"); |
... | ... |
@@ -1342,12 +1359,16 @@ main(int argc, char **argv) |
1342 | 1342 |
return EX_OK; |
1343 | 1343 |
} |
1344 | 1344 |
close(0); |
1345 |
+ open("/dev/null", O_RDONLY); |
|
1346 |
+ |
|
1347 |
+#ifndef CL_DEBUG |
|
1345 | 1348 |
close(1); |
1346 | 1349 |
close(2); |
1347 |
- open("/dev/null", O_RDONLY); |
|
1348 | 1350 |
if((open("/dev/console", O_WRONLY) == 1) || |
1349 | 1351 |
(open("/dev/null", O_WRONLY) == 1)) |
1350 | 1352 |
dup(1); |
1353 |
+#endif |
|
1354 |
+ |
|
1351 | 1355 |
#ifdef HAVE_SETPGRP |
1352 | 1356 |
#ifdef SETPGRP_VOID |
1353 | 1357 |
setpgrp(); |
... | ... |
@@ -1860,6 +1881,13 @@ clamfi_envfrom(SMFICTX *ctx, char **argv) |
1860 | 1860 |
privdata->dataSocket = -1; /* 0.4 */ |
1861 | 1861 |
privdata->cmdSocket = -1; /* 0.4 */ |
1862 | 1862 |
|
1863 |
+ /* |
|
1864 |
+ * Rejection is via 550 until DATA is received. We know that |
|
1865 |
+ * DATA has been sent when either we get a header or the end of |
|
1866 |
+ * header statement |
|
1867 |
+ */ |
|
1868 |
+ privdata->rejectCode = "550"; |
|
1869 |
+ |
|
1863 | 1870 |
privdata->from = strdup(argv[0]); |
1864 | 1871 |
|
1865 | 1872 |
if(streamMaxLength > 0L) |
... | ... |
@@ -1919,6 +1947,11 @@ clamfi_header(SMFICTX *ctx, char *headerf, char *headerv) |
1919 | 1919 |
cli_dbgmsg("clamfi_header\n"); |
1920 | 1920 |
#endif |
1921 | 1921 |
|
1922 |
+ /* |
|
1923 |
+ * The DATA instruction from SMTP (RFC2821) must have been sent |
|
1924 |
+ */ |
|
1925 |
+ privdata->rejectCode = "554"; |
|
1926 |
+ |
|
1922 | 1927 |
if(privdata->dataSocket == -1) |
1923 | 1928 |
/* |
1924 | 1929 |
* First header - make connection with clamd |
... | ... |
@@ -1939,15 +1972,23 @@ clamfi_header(SMFICTX *ctx, char *headerf, char *headerv) |
1939 | 1939 |
if(hflag) |
1940 | 1940 |
header_list_add(privdata->headers, headerf, headerv); |
1941 | 1941 |
else if((strcasecmp(headerf, "Received") == 0) && |
1942 |
- (strncasecmp(headerv, "from ", 5) == 0)) { |
|
1942 |
+ (strncasecmp(headerv, "from ", 5) == 0)) { |
|
1943 | 1943 |
if(privdata->received) |
1944 | 1944 |
free(privdata->received); |
1945 | 1945 |
privdata->received = strdup(headerv); |
1946 | 1946 |
} |
1947 | 1947 |
|
1948 |
+ if((strcasecmp(headerf, "Message-ID") == 0) && |
|
1949 |
+ (strncasecmp(headerv, "<MDAEMON", 8) == 0)) |
|
1950 |
+ privdata->discard = 1; |
|
1951 |
+ |
|
1948 | 1952 |
return SMFIS_CONTINUE; |
1949 | 1953 |
} |
1950 | 1954 |
|
1955 |
+/* |
|
1956 |
+ * At this point DATA will have been received, so we really ought to |
|
1957 |
+ * send 554 back not 550 |
|
1958 |
+ */ |
|
1951 | 1959 |
static sfsistat |
1952 | 1960 |
clamfi_eoh(SMFICTX *ctx) |
1953 | 1961 |
{ |
... | ... |
@@ -1961,6 +2002,11 @@ clamfi_eoh(SMFICTX *ctx) |
1961 | 1961 |
cli_dbgmsg("clamfi_eoh\n"); |
1962 | 1962 |
#endif |
1963 | 1963 |
|
1964 |
+ /* |
|
1965 |
+ * The DATA instruction from SMTP (RFC2821) must have been sent |
|
1966 |
+ */ |
|
1967 |
+ privdata->rejectCode = "554"; |
|
1968 |
+ |
|
1964 | 1969 |
if(privdata->dataSocket == -1) |
1965 | 1970 |
/* |
1966 | 1971 |
* No headers - make connection with clamd |
... | ... |
@@ -2053,7 +2099,7 @@ clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len) |
2053 | 2053 |
if(Sflag) { |
2054 | 2054 |
if(privdata->body) { |
2055 | 2055 |
assert(privdata->bodyLen > 0); |
2056 |
- privdata->body = realloc(privdata->body, privdata->bodyLen + len); |
|
2056 |
+ privdata->body = cli_realloc(privdata->body, privdata->bodyLen + len); |
|
2057 | 2057 |
memcpy(&privdata->body[privdata->bodyLen], bodyp, len); |
2058 | 2058 |
privdata->bodyLen += len; |
2059 | 2059 |
} else { |
... | ... |
@@ -2199,10 +2245,11 @@ clamfi_eom(SMFICTX *ctx) |
2199 | 2199 |
if(len) { |
2200 | 2200 |
assert(Sflag != 0); |
2201 | 2201 |
|
2202 |
- privdata->body = realloc(privdata->body, privdata->bodyLen + len); |
|
2203 |
- memcpy(&privdata->body[privdata->bodyLen], signature, len); |
|
2204 |
- |
|
2205 |
- smfi_replacebody(ctx, privdata->body, privdata->bodyLen + len); |
|
2202 |
+ privdata->body = cli_realloc(privdata->body, privdata->bodyLen + len); |
|
2203 |
+ if(privdata->body) { |
|
2204 |
+ memcpy(&privdata->body[privdata->bodyLen], signature, len); |
|
2205 |
+ smfi_replacebody(ctx, privdata->body, privdata->bodyLen + len); |
|
2206 |
+ } |
|
2206 | 2207 |
} |
2207 | 2208 |
} |
2208 | 2209 |
} else { |
... | ... |
@@ -2249,7 +2296,11 @@ clamfi_eom(SMFICTX *ctx) |
2249 | 2249 |
*/ |
2250 | 2250 |
if(&ptr[strlen(*to) + 2] >= &err[i]) { |
2251 | 2251 |
i += 1024; |
2252 |
- err = realloc(err, i); |
|
2252 |
+ err = cli_realloc(err, i); |
|
2253 |
+ if(err == NULL) { |
|
2254 |
+ clamfi_cleanup(ctx); |
|
2255 |
+ return cl_error; |
|
2256 |
+ } |
|
2253 | 2257 |
ptr = strchr(err, '\0'); |
2254 | 2258 |
} |
2255 | 2259 |
ptr = strrcpy(ptr, " "); |
... | ... |
@@ -2407,13 +2458,16 @@ clamfi_eom(SMFICTX *ctx) |
2407 | 2407 |
"[Virus] %s", virusname); |
2408 | 2408 |
smfi_chgheader(ctx, "Subject", 1, subject); |
2409 | 2409 |
} |
2410 |
- } else if(rejectmail) |
|
2411 |
- rc = SMFIS_REJECT; /* Delete the e-mail */ |
|
2412 |
- else |
|
2410 |
+ } else if(rejectmail) { |
|
2411 |
+ if(privdata->discard) |
|
2412 |
+ rc = SMFIS_DISCARD; |
|
2413 |
+ else |
|
2414 |
+ rc = SMFIS_REJECT; /* Delete the e-mail */ |
|
2415 |
+ } else |
|
2413 | 2416 |
rc = SMFIS_DISCARD; |
2414 | 2417 |
|
2415 | 2418 |
snprintf(reject, sizeof(reject) - 1, "%sdetected by ClamAV - http://www.clamav.net", virusname); |
2416 |
- smfi_setreply(ctx, "550", "5.7.1", reject); |
|
2419 |
+ smfi_setreply(ctx, (char *)privdata->rejectCode, "5.7.1", reject); |
|
2417 | 2420 |
} |
2418 | 2421 |
clamfi_cleanup(ctx); |
2419 | 2422 |
|
... | ... |
@@ -2692,7 +2746,7 @@ updateSigFile(void) |
2692 | 2692 |
|
2693 | 2693 |
if(sigFilename == NULL) |
2694 | 2694 |
/* nothing to read */ |
2695 |
- return signature ? strlen(signature) : 0; |
|
2695 |
+ return 0; |
|
2696 | 2696 |
|
2697 | 2697 |
if(stat(sigFilename, &statb) < 0) { |
2698 | 2698 |
perror(sigFilename); |
... | ... |
@@ -2714,7 +2768,7 @@ updateSigFile(void) |
2714 | 2714 |
|
2715 | 2715 |
signatureStamp = statb.st_mtime; |
2716 | 2716 |
|
2717 |
- signature = realloc(signature, statb.st_size); |
|
2717 |
+ cli_realloc(signature, statb.st_size); |
|
2718 | 2718 |
read(fd, signature, statb.st_size); |
2719 | 2719 |
close(fd); |
2720 | 2720 |
|
... | ... |
@@ -2799,6 +2853,7 @@ connect2clamd(struct privdata *privdata) |
2799 | 2799 |
{ |
2800 | 2800 |
char **to; |
2801 | 2801 |
|
2802 |
+ assert(privdata != NULL); |
|
2802 | 2803 |
assert(privdata->dataSocket == -1); |
2803 | 2804 |
assert(privdata->from != NULL); |
2804 | 2805 |
assert(privdata->to != NULL); |
... | ... |
@@ -2855,8 +2910,9 @@ connect2clamd(struct privdata *privdata) |
2855 | 2855 |
} while((--ntries > 0) && (privdata->dataSocket < 0)); |
2856 | 2856 |
|
2857 | 2857 |
if(privdata->dataSocket < 0) { |
2858 |
+ perror(privdata->filename); |
|
2858 | 2859 |
if(use_syslog) |
2859 |
- syslog(LOG_ERR, "tempfile %s creation failed", privdata->filename); |
|
2860 |
+ syslog(LOG_ERR, "Temporary quarantine file %s creation failed", privdata->filename); |
|
2860 | 2861 |
return 0; |
2861 | 2862 |
} |
2862 | 2863 |
} else { |