@@ -271,8 +271,7 @@ need to restart sendmail after rebuilding sendmail.cf and starting clamd and

 clamav-milter.

 As with all software it is wise to ensure that clamav-milter has the least

-privileges it needs to run. So don't run it as root and don't store the sockets

-in a directory that can be written by everyone. For example ensure that /var/run

+privileges it needs to run. So don't run it as root and don't store the sockets in a directory that can be written by everyone. For example ensure that /var/run

 is owned and writeable only by root and add entries for 'User' and

 'FixStaleSocket' in clamd.conf.

@@ -295,6 +294,9 @@ appearing in a log file, you will need to increase the number of threads on

 your system (/proc/sys/kernel/threads-max), or decrease the value of

 --max-children.

+Clamav-milter performs DNS look ups, if you wish to tweak its timeouts

+see resolv.conf(5).

+

 2.7 Postfix

 Clamav-milter has only been designed to work with Sendmail. I understand that

@@ -378,7 +380,8 @@ You will have to do a lot of fiddling if you want notifications to work,

 since clamav-milter calls sendmail to handle the notifications and sendmail

 will run of out the same jail. I've not disabled the notifications, but I

 may in the future - for the moment handling notifications in the jail is an

-excercise for the reader.

+excercise for the reader. I've put in a symbolic link to sendmail, but I

+suspect it should be a real copy.

 	mkdir /var/run/clamav-root

 	chown clamav:clamav /var/run/clamav-root

@@ -33,7 +33,7 @@

  */

 static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.312 2007/02/12 22:24:21 njh Exp $";

-#define	CM_VERSION	"devel-190807"

+#define	CM_VERSION	"devel-20080820"

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

@@ -1185,6 +1185,12 @@ main(int argc, char **argv)

 					cpt->strarg, (int)user->pw_uid,

 					(int)user->pw_gid);

+			/*

+			 * Note, some O/Ss (e.g. OpenBSD/Fedora Linux) FORCE

+			 * you to run as root in black-hole-mode because

+			 * /var/spool/mqueue is mode 700 owned by root!

+			 * Flames to them, not to me, please.

+			 */

 			if(black_hole_mode && (user->pw_uid != 0)) {

 				int are_trusted;

 				FILE *sendmail;

@@ -1231,8 +1237,8 @@ main(int argc, char **argv)

 					}

 				}

 				if(!are_trusted) {

-					fprintf(stderr, _("%s: You cannot use black hole mode unless you are a TrustedUser\n"),

-						argv[0]);

+					fprintf(stderr, _("%s: You cannot use black hole mode unless %s is a TrustedUser\n"),

+						argv[0], cpt->strarg);

 					return EX_CONFIG;

 				}

 			}

@@ -6413,39 +6419,87 @@ black_hole(const struct privdata *privdata)

 	must_scan = (*to) ? 0 : 1;

 	for(; *to; to++) {

+		pid_t pid, w;

+		int pv[2], status;

 		FILE *sendmail;

-		char cmd[128];

+		char buf[BUFSIZ];

-		snprintf(cmd, sizeof(cmd) - 1, "%s -bv \"%s\"</dev/null 2>&1",

-			SENDMAIL_BIN, *to);

+		cli_dbgmsg("Calling \"%s -bv %s\"\n", SENDMAIL_BIN, *to);

-		cli_dbgmsg("Calling %s\n", cmd);

-		sendmail = popen(cmd, "r");

+		if(pipe(pv) < 0) {

+			perror("pipe");

+			logg(_("!Can't create pipe\n"));

+			must_scan = 1;

+			break;

+		}

+		pid = fork();

+		if(pid == 0) {

+			close(1);

+			close(pv[0]);

+			dup2(pv[1], 1);

+			close(pv[1]);

-		if(sendmail) {

-			char buf[BUFSIZ];

+			/*

+			 * Avoid calling popen() since *to isn't trusted

+			 */

+			execl(SENDMAIL_BIN, "sendmail", "-bv", *to, NULL);

+			perror(SENDMAIL_BIN);

+			logg("Can't execl %s\n", SENDMAIL_BIN);

+			_exit(errno ? errno : 1);

+		}

+		if(pid == -1) {

+			perror("fork");

+			logg(_("!Can't fork\n"));

+			close(pv[0]);

+			close(pv[1]);

+			must_scan = 1;

+			break;

+		}

+		close(pv[1]);

+		sendmail = fdopen(pv[0], "r");

-			while(fgets(buf, sizeof(buf), sendmail) != NULL) {

-				if(cli_chomp(buf) == 0)

-					continue;

+		if(sendmail == NULL) {

+			logg("fdopen failed\n");

+			close(pv[0]);

+			must_scan = 1;

+			break;

+		}

-				cli_dbgmsg("sendmail output: %s\n", buf);

+		while(fgets(buf, sizeof(buf), sendmail) != NULL) {

+			if(cli_chomp(buf) == 0)

+				continue;

-				if(strstr(buf, "... deliverable: mailer ")) {

-					const char *p = strstr(buf, ", user ");

+			cli_dbgmsg("sendmail output: %s\n", buf);

-					if(strcmp(&p[7], "/dev/null") != 0) {

-						must_scan = 1;

-						break;

-					}

+			if(strstr(buf, "... deliverable: mailer ")) {

+				const char *p = strstr(buf, ", user ");

+

+				if(strcmp(&p[7], "/dev/null") != 0) {

+					must_scan = 1;

+					break;

 				}

 			}

-			if(pclose(sendmail) != 0)

+		}

+		fclose(sendmail);

+

+		status = -1;

+		do

+			w = wait(&status);

+		while((w != pid) && (w != -1));

+

+		if(w == -1)

+			status = -1;

+		else

+			status = WEXITSTATUS(status);

+

+		switch(status) {

+			case EX_NOUSER:

+			case EX_OK:

+				break;

+			default:

+				logg(_("^Can't execute '%s' to expand '%s' (error %d)\n"),

+					SENDMAIL_BIN, *to, WEXITSTATUS(status));

 				must_scan = 1;

-		} else {

-			logg(_("^Can't execute '%s' to expand '%s'"),

-				cmd, *to);

-			must_scan = 1;

 		}

 		if(must_scan)

 			break;

@@ -301,6 +301,7 @@ thrown away even if the message is clean.

 Enabling this stops these messages from being scanned

 (in practice clamav\-milter will discard

 these messages so the message doesn't go further down the milter call chain).

+Only enable this if your site has many addresses aliased to /dev/null.

 .IP

 To enable this mode clamav-milter must have certain sendmail rights:

 it needs to run as a TrustedUser as defined by \fIsendmail\fR

@@ -308,7 +309,10 @@ it needs to run as a TrustedUser as defined by \fIsendmail\fR

 by the use of the User directive in clamd.conf,

 the clamav user must be able read the mail queue (often /var/spool/mqueue),

 and AllowSupplementaryGroups must be enabled in clamd.conf.

-Only enable this if your site has many addresses aliased to /dev/null.

+Some operating systems set \fI/var/spool/mqueue\fR to be mode 700 forcing you to

+run clamav-milter as root for black-hole-mode.

+This is always unadvisable, it is better to have \fI/var/spool/mqueue\fR as

+mode 750.

 .SH "BUGS"

 There is no support for IPv6.

 .SH "EXAMPLES"

@@ -209,6 +209,7 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)

 	xreflength = (size_t)(trailerstart - xrefstart);

 	bytesleft -= xreflength;

 	 */

+	*ctx->virname = NULL;

 	/*

 	 * The body section consists of a sequence of indirect objects

@@ -490,8 +491,15 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)

 				if(is_flatedecode) {

 					const int zstat = try_flatedecode((unsigned char *)tmpbuf, real_streamlen, real_streamlen, fout, ctx);

-					if(zstat != Z_OK)

-						rc = CL_EZIP;

+					switch(zstat) {

+						case Z_DATA_ERROR:

+							rc = *ctx->virname ? CL_VIRUS : CL_EZIP;

+							break;

+						case Z_OK:

+							break;

+						default:

+							rc = CL_EZIP;

+					}

 				} else

 					cli_writen(fout, (const char *)streamstart, real_streamlen);

 			}

@@ -499,8 +507,15 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)

 		} else if(is_flatedecode) {

 			const int zstat = try_flatedecode((unsigned char *)streamstart, real_streamlen, calculated_streamlen, fout, ctx);

-			if(zstat != Z_OK)

-				rc = CL_EZIP;

+			switch(zstat) {

+				case Z_DATA_ERROR:

+					rc = *ctx->virname ? CL_VIRUS : CL_EZIP;

+					break;

+				case Z_OK:

+					break;

+				default:

+					rc = CL_EZIP;

+			}

 		} else {

 			cli_dbgmsg("cli_pdf: writing %lu bytes from the stream\n",

 				(unsigned long)real_streamlen);

@@ -624,21 +639,14 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx)

 					nbytes += cli_writen(fout, output, sizeof(output));

-					/*

-					 * BLOCKMAX is on if ArchiveBlockMax

-					 *	is set in clamd.conf

-					 *

-					 * Bug 608 Michael Brennen

-					 *	<michael@fishnet.us>

-					 */

 					if(ctx->limits &&

 					   ctx->limits->maxfilesize &&

-					   BLOCKMAX &&

 					   (nbytes > (off_t) ctx->limits->maxfilesize)) {

 						cli_dbgmsg("cli_pdf: flatedecode size exceeded (%lu)\n",

 							(unsigned long)nbytes);

 						inflateEnd(&stream);

-						*ctx->virname = "PDF.ExceededFileSize";

+						if(BLOCKMAX)

+							*ctx->virname = "PDF.ExceededFileSize";

 						return Z_DATA_ERROR;

 					}

 					stream.next_out = output;

@@ -672,11 +680,11 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx)

 	if(ctx->limits &&

 	   ctx->limits->maxratio &&

-	   BLOCKMAX &&

 	   ((stream.total_out / stream.total_in) > ctx->limits->maxratio)) {

 		cli_dbgmsg("cli_pdf: flatedecode Max ratio reached\n");

 		inflateEnd(&stream);

-		*ctx->virname = "Oversized.PDF";

+		if(BLOCKMAX)

+			*ctx->virname = "Oversized.PDF";

 		return Z_DATA_ERROR;

 	}