git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1462 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2005/04/08 01:40:16... | ... |
@@ -1,3 +1,13 @@ |
1 |
+Thu Apr 7 17:38:53 BST 2005 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamav-milter: Added installation notes about Solaris 10 |
|
4 |
+ Internal mode: print virus and error information on |
|
5 |
+ stdout. This goes to LogFile when not in debug |
|
6 |
+ mode. |
|
7 |
+ Included patch by Andy Feldt <feldt at nhn.ou.edu> for |
|
8 |
+ AIX 5.2. I do not have access to such a machine |
|
9 |
+ so any feedback would be helpful |
|
10 |
+ |
|
1 | 11 |
Thu Apr 7 00:46:14 CEST 2005 (tk) |
2 | 12 |
---------------------------------- |
3 | 13 |
* libclamav/scanners.c: support ArchiveBlockMax in scan(g|b)zip() |
... | ... |
@@ -1,4 +1,4 @@ |
1 |
-BUILD INSTRUCTIONS |
|
1 |
+1. BUILD INSTRUCTIONS |
|
2 | 2 |
|
3 | 3 |
A makefile was supplied with this which should have built the program. If it |
4 | 4 |
fails please let us know, and here are some hints for building on different |
... | ... |
@@ -72,7 +72,7 @@ Go to sendmail.org, download the lastest sendmail, cd to libmilter and |
72 | 72 |
|
73 | 73 |
Needs -lresolv on Solaris |
74 | 74 |
|
75 |
-INSTALLATION |
|
75 |
+2. INSTALLATION |
|
76 | 76 |
|
77 | 77 |
Install into /usr/local/sbin/clamav-milter. |
78 | 78 |
|
... | ... |
@@ -89,12 +89,17 @@ If you see no output you MUST upgrade your sendmail. |
89 | 89 |
|
90 | 90 |
See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html |
91 | 91 |
|
92 |
+2.1 LINUX (RedHat, Fedora, YellowDog etc) |
|
93 |
+ |
|
92 | 94 |
Installations for RedHat Linux and it's derivatives such as YellowDog: |
93 | 95 |
Ensure that you have the sendmail-devel RPM installed |
94 | 96 |
Add to /etc/mail/sendmail.mc before the MAILER statement: |
95 | 97 |
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl |
96 | 98 |
define(`confINPUT_MAIL_FILTERS', `clamav') |
97 | 99 |
|
100 |
+ Note that the INPUT_MAIL_FILTER line must come before the |
|
101 |
+ confINPUT_MAIL_FILTERS line |
|
102 |
+ |
|
98 | 103 |
Check entry in /usr/local/etc/clamd.conf of the form: |
99 | 104 |
LocalSocket /var/run/clamav/clamd.sock |
100 | 105 |
|
... | ... |
@@ -111,9 +116,15 @@ Installations for RedHat Linux and it's derivatives such as YellowDog: |
111 | 111 |
Where /var/run/spamass.sock is the location of the spamass-milt |
112 | 112 |
socket file (on some systems it is in /var/run/sendmail/spamass.sock). |
113 | 113 |
|
114 |
+2.2 LINUX (Debian) |
|
115 |
+ |
|
114 | 116 |
Installations for Debian Linux: |
115 | 117 |
As above for RedHat, except that you need the libmilter-dev package: |
116 | 118 |
apt-get install libmilter-dev |
119 |
+ To use TCPwrappers you need to: |
|
120 |
+ apt-get install libwrap0-dev |
|
121 |
+ |
|
122 |
+2.3 FreeBSD |
|
117 | 123 |
|
118 | 124 |
Installations for FreeBSD5 (may be true for other BSDs) |
119 | 125 |
Add to /etc/mail/freebsd.mc: |
... | ... |
@@ -139,8 +150,9 @@ Installations for FreeBSD5 (may be true for other BSDs) |
139 | 139 |
FreeBSD5.3 sendmail comes without libmilter support. You can upgrade by |
140 | 140 |
cd /usr/ports/mail/sendmail |
141 | 141 |
make install |
142 |
-This may overwrite your existing sendmail configuration, so ensure that you |
|
143 |
-back up first. |
|
142 |
+ |
|
143 |
+This may overwrite your existing sendmail configuration, so ensure |
|
144 |
+that you back up first. |
|
144 | 145 |
|
145 | 146 |
You should have received a script to install into /etc/rc.d as /etc/rc.d/clamav |
146 | 147 |
with this software. Add to /etc/rc.conf: |
... | ... |
@@ -148,6 +160,28 @@ with this software. Add to /etc/rc.conf: |
148 | 148 |
clamav_milter_enable="YES" |
149 | 149 |
clamav_milter_flags="--max-children=2 --dont-wait --timeout=0 -P local:/var/run/clamav/clamav.sock --pidfile=/var/run/clamav/clamav-milter.pid --quarantine-dir=/var/run/clamav/quarantine" |
150 | 150 |
|
151 |
+2.4 Solaris 10 |
|
152 |
+ |
|
153 |
+Solaris 10 should install out of the box. Edit /etc/mail/cf/cf/main.mc adding |
|
154 |
+the line: |
|
155 |
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl |
|
156 |
+Then: |
|
157 |
+ cp /etc/mail/cf/cf/main.cf /etc/mail/main.cf |
|
158 |
+ /usr/local/sbin/clamav-milter local:/var/run/clamav/clmilter.sock |
|
159 |
+ mkdir /var/run/clamav |
|
160 |
+ chown clamav /var/run/clamav (if you use User clamav in clamd.conf) |
|
161 |
+ chmod 700 /var/run/clamav |
|
162 |
+ |
|
163 |
+You should have received a script to install into /etc/init.d as |
|
164 |
+/etc/init.d/clamav-milter. Then: |
|
165 |
+ |
|
166 |
+ chmod 755 /etc/init.d/clamav-milter |
|
167 |
+ ln -s /etc/init.d/clamav-milter /etc/rc2.d/S90clamav-milter |
|
168 |
+ /etc/init.d/clamav-milter start |
|
169 |
+ /etc/init.d/sendmail restart |
|
170 |
+ |
|
171 |
+2.6 General Instalation Issues |
|
172 |
+ |
|
151 | 173 |
You may find INPUT_MAIL_FILTERS is not needed on your machine, however it |
152 | 174 |
is recommended by the Sendmail documentation and I recommend going along |
153 | 175 |
with that. |
... | ... |
@@ -210,7 +244,7 @@ able to call sendmail, for example on a Fedora Linux system: |
210 | 210 |
To test that your clamAV system is now intercepting viruses, visit |
211 | 211 |
http://www.testvirus.org |
212 | 212 |
|
213 |
-CHANGE HISTORY |
|
213 |
+3. CHANGE HISTORY |
|
214 | 214 |
|
215 | 215 |
Changes |
216 | 216 |
0.2: 4/3/03 clamfi_abort() now always calls pthread_mutex_unlock |
... | ... |
@@ -716,8 +750,14 @@ Changes |
716 | 716 |
header set (e.g. mailing lists) |
717 | 717 |
Use {mail_addr} if no From field is received |
718 | 718 |
0.84c 18/3/05: Better handling of {mail_addr} / <> |
719 |
+0.84d 6/4/05: Internal mode: print virus and error information on |
|
720 |
+ stdout. This goes to LogFile when not in debug |
|
721 |
+ mode. |
|
722 |
+ Included patch by Andy Feldt <feldt@nhn.ou.edu> for |
|
723 |
+ AIX 5.2. I do not have access to such a machine |
|
724 |
+ so any feedback would be helpful |
|
719 | 725 |
|
720 |
-INTERNATIONALISATION |
|
726 |
+4. INTERNATIONALISATION |
|
721 | 727 |
|
722 | 728 |
The .po file was created with the command |
723 | 729 |
xgettext --msgid-bugs-address=bugs@clamav.net --copyright-holder=njh@bandsman.co.uk -L c -d clamav-milter -k_ clamav-milter.c |
... | ... |
@@ -725,12 +765,12 @@ The .po file was created with the command |
725 | 725 |
If you're interested in helping to translate this program please drop the |
726 | 726 |
author an e-mail. |
727 | 727 |
|
728 |
-BUG REPORTS |
|
728 |
+5. BUG REPORTS |
|
729 | 729 |
|
730 | 730 |
Please send bug reports and/or comments to Nigel Horne <njh@despammed.com> or |
731 | 731 |
bugs@clamav.net. |
732 | 732 |
|
733 |
-TODO |
|
733 |
+6. TODO |
|
734 | 734 |
|
735 | 735 |
There are several ideas marked as TODO in the source code. If anyone has |
736 | 736 |
any other suggestions please feel free to contact me. |
... | ... |
@@ -24,9 +24,9 @@ |
24 | 24 |
* |
25 | 25 |
* For installation instructions see the file INSTALL that came with this file |
26 | 26 |
*/ |
27 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.190 2005/03/28 08:15:41 nigelhorne Exp $"; |
|
27 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.191 2005/04/07 16:37:16 nigelhorne Exp $"; |
|
28 | 28 |
|
29 |
-#define CM_VERSION "0.84c" |
|
29 |
+#define CM_VERSION "0.84d" |
|
30 | 30 |
|
31 | 31 |
#if HAVE_CONFIG_H |
32 | 32 |
#include "clamav-config.h" |
... | ... |
@@ -105,6 +105,11 @@ int deny_severity = LOG_NOTICE; |
105 | 105 |
|
106 | 106 |
#endif |
107 | 107 |
|
108 |
+#ifndef CL_DEBUG |
|
109 |
+static const char *logFile; |
|
110 |
+static int logTime; |
|
111 |
+#endif |
|
112 |
+ |
|
108 | 113 |
#if defined(CL_DEBUG) && defined(C_LINUX) |
109 | 114 |
#include <sys/resource.h> |
110 | 115 |
#endif |
... | ... |
@@ -145,7 +150,6 @@ typedef unsigned int in_addr_t; |
145 | 145 |
* to get messages on the system console, see syslog.conf(5), also you |
146 | 146 |
* can use wall(1) in the VirusEvent entry in clamd.conf |
147 | 147 |
* TODO: build with libclamav.so rather than libclamav.a |
148 |
- * TODO: Support LogTime and Logfile from the conf file |
|
149 | 148 |
* TODO: Warn if TCPAddr doesn't allow connection from us |
150 | 149 |
* TODO: Decide action (bounce, discard, reject etc.) based on the virus |
151 | 150 |
* found. Those with faked addresses, such as SCO.A want discarding, |
... | ... |
@@ -226,7 +230,7 @@ struct privdata { |
226 | 226 |
}; |
227 | 227 |
|
228 | 228 |
#ifdef SESSION |
229 |
-static int createSession(int s); |
|
229 |
+static int createSession(unsigned int s); |
|
230 | 230 |
#else |
231 | 231 |
static int pingServer(int serverNumber); |
232 | 232 |
#endif |
... | ... |
@@ -290,6 +294,9 @@ static int bflag = 0; /* |
290 | 290 |
* send a failure (bounce) message to the |
291 | 291 |
* sender. This probably isn't a good idea |
292 | 292 |
* since most reply addresses will be fake |
293 |
+ * |
|
294 |
+ * TODO: Perhaps we can have an option to |
|
295 |
+ * bounce outgoing mail, but not incoming? |
|
293 | 296 |
*/ |
294 | 297 |
static const char *iface; /* |
295 | 298 |
* Broadcast a message when a virus is found, |
... | ... |
@@ -448,6 +455,7 @@ static void print_trace(void); |
448 | 448 |
|
449 | 449 |
static int verifyIncomingSocketName(const char *sockName); |
450 | 450 |
static int isWhitelisted(const char *emailaddress); |
451 |
+static void logger(const char *mess); |
|
451 | 452 |
|
452 | 453 |
static void |
453 | 454 |
help(void) |
... | ... |
@@ -1220,7 +1228,7 @@ main(int argc, char **argv) |
1220 | 1220 |
activeServers = numServers; |
1221 | 1221 |
|
1222 | 1222 |
sessions = (struct session *)cli_calloc(max_children, sizeof(struct session)); |
1223 |
- for(i = 0; i < max_children; i++) |
|
1223 |
+ for(i = 0; i < (int)max_children; i++) |
|
1224 | 1224 |
if(createSession(i) < 0) |
1225 | 1225 |
return EX_UNAVAILABLE; |
1226 | 1226 |
if(activeServers == 0) { |
... | ... |
@@ -1251,6 +1259,8 @@ main(int argc, char **argv) |
1251 | 1251 |
clamav_version = strdup(version); |
1252 | 1252 |
} |
1253 | 1253 |
} else { |
1254 |
+ unsigned int session; |
|
1255 |
+ |
|
1254 | 1256 |
/* |
1255 | 1257 |
* We need to know how many connections to establish to clamd |
1256 | 1258 |
*/ |
... | ... |
@@ -1263,9 +1273,9 @@ main(int argc, char **argv) |
1263 | 1263 |
if(clamav_versions == NULL) |
1264 | 1264 |
return EX_TEMPFAIL; |
1265 | 1265 |
|
1266 |
- for(i = 0; i < max_children; i++) { |
|
1267 |
- clamav_versions[i] = strdup(version); |
|
1268 |
- if(clamav_versions[i] == NULL) |
|
1266 |
+ for(session = 0; session < max_children; session++) { |
|
1267 |
+ clamav_versions[session] = strdup(version); |
|
1268 |
+ if(clamav_versions[session] == NULL) |
|
1269 | 1269 |
return EX_TEMPFAIL; |
1270 | 1270 |
} |
1271 | 1271 |
} |
... | ... |
@@ -1305,8 +1315,6 @@ main(int argc, char **argv) |
1305 | 1305 |
#ifdef CL_DEBUG |
1306 | 1306 |
printf(_("When debugging it is recommended that you use Foreground mode in %s\n"), cfgfile); |
1307 | 1307 |
puts(_("\tso that you can see all of the messages")); |
1308 |
-#else |
|
1309 |
- const char *logFile; |
|
1310 | 1308 |
#endif |
1311 | 1309 |
|
1312 | 1310 |
switch(fork()) { |
... | ... |
@@ -1342,7 +1350,9 @@ main(int argc, char **argv) |
1342 | 1342 |
if((open(logFile, O_WRONLY|O_APPEND) == 1) || |
1343 | 1343 |
(open("/dev/null", O_WRONLY) == 1)) |
1344 | 1344 |
dup(1); |
1345 |
-#endif |
|
1345 |
+ if(cfgopt(copt, "LogTime")) |
|
1346 |
+ logTime++; |
|
1347 |
+#endif /*!CL_DEBUG*/ |
|
1346 | 1348 |
|
1347 | 1349 |
#ifdef HAVE_SETPGRP |
1348 | 1350 |
#ifdef SETPGRP_VOID |
... | ... |
@@ -1514,7 +1524,7 @@ main(int argc, char **argv) |
1514 | 1514 |
* The caller must take care of locking the sessions array |
1515 | 1515 |
*/ |
1516 | 1516 |
static int |
1517 |
-createSession(int s) |
|
1517 |
+createSession(unsigned int s) |
|
1518 | 1518 |
{ |
1519 | 1519 |
int ret = 0, fd; |
1520 | 1520 |
struct sockaddr_in server; |
... | ... |
@@ -1690,7 +1700,7 @@ pingServer(int serverNumber) |
1690 | 1690 |
static int |
1691 | 1691 |
findServer(void) |
1692 | 1692 |
{ |
1693 |
- int i, j; |
|
1693 |
+ unsigned int i, j; |
|
1694 | 1694 |
struct session *session; |
1695 | 1695 |
|
1696 | 1696 |
/* |
... | ... |
@@ -2386,7 +2396,6 @@ clamfi_eoh(SMFICTX *ctx) |
2386 | 2386 |
* no need to check any further |
2387 | 2387 |
*/ |
2388 | 2388 |
return SMFIS_CONTINUE; |
2389 |
- |
|
2390 | 2389 |
/* |
2391 | 2390 |
* Didn't find a recipient who is not on the white list, so all |
2392 | 2391 |
* must be on the white list, so just accept the e-mail |
... | ... |
@@ -2508,9 +2517,11 @@ clamfi_eom(SMFICTX *ctx) |
2508 | 2508 |
break; |
2509 | 2509 |
case CL_VIRUS: |
2510 | 2510 |
snprintf(mess, sizeof(mess), "%s: %s FOUND", privdata->filename, virname); |
2511 |
+ logger(mess); |
|
2511 | 2512 |
break; |
2512 | 2513 |
default: |
2513 | 2514 |
snprintf(mess, sizeof(mess), "%s: %s ERROR", privdata->filename, cl_strerror(rc)); |
2515 |
+ logger(mess); |
|
2514 | 2516 |
break; |
2515 | 2517 |
} |
2516 | 2518 |
|
... | ... |
@@ -3509,7 +3520,17 @@ connect2clamd(struct privdata *privdata) |
3509 | 3509 |
/* |
3510 | 3510 |
* TODO: investigate mkdtemp on LINUX and possibly others |
3511 | 3511 |
*/ |
3512 |
+#ifdef C_AIX |
|
3513 |
+ /* |
|
3514 |
+ * Patch by Andy Feldt <feldt@nhn.ou.edu>, AIX 5.2 sets errno |
|
3515 |
+ * to ENOENT often and sometimes sets errno to 0 (after a |
|
3516 |
+ * database reload) for the mkdir call |
|
3517 |
+ */ |
|
3518 |
+ if((mkdir(dir, 0700) < 0) && (errno != EEXIST) && (errno > 0) && |
|
3519 |
+ (errno != ENOENT)) { |
|
3520 |
+#else |
|
3512 | 3521 |
if((mkdir(dir, 0700) < 0) && (errno != EEXIST)) { |
3522 |
+#endif |
|
3513 | 3523 |
perror(dir); |
3514 | 3524 |
if(use_syslog) |
3515 | 3525 |
syslog(LOG_ERR, _("mkdir %s failed"), dir); |
... | ... |
@@ -3609,7 +3630,7 @@ connect2clamd(struct privdata *privdata) |
3609 | 3609 |
} |
3610 | 3610 |
|
3611 | 3611 |
#ifdef SESSION |
3612 |
- if(serverIPs[freeServer] == inet_addr("127.0.0.1")) { |
|
3612 |
+ if(serverIPs[freeServer] == (int)inet_addr("127.0.0.1")) { |
|
3613 | 3613 |
privdata->filename = cli_gentemp(NULL); |
3614 | 3614 |
if(privdata->filename) { |
3615 | 3615 |
cli_dbgmsg("connect2clamd(%d): creating %s\n", freeServer, privdata->filename); |
... | ... |
@@ -3989,7 +4010,12 @@ qfile(struct privdata *privdata, const char *sendmailId, const char *virusname) |
3989 | 3989 |
DD = tm->tm_mday; |
3990 | 3990 |
|
3991 | 3991 |
sprintf(newname, "%s/%02d%02d%02d", quarantine_dir, YY, MM, DD); |
3992 |
+#ifdef C_AIX |
|
3993 |
+ if((mkdir(newname, 0700) < 0) && (errno != EEXIST) && (errno > 0) && |
|
3994 |
+ (errno != ENOENT)) { |
|
3995 |
+#else |
|
3992 | 3996 |
if((mkdir(newname, 0700) < 0) && (errno != EEXIST)) { |
3997 |
+#endif |
|
3993 | 3998 |
perror(newname); |
3994 | 3999 |
if(use_syslog) |
3995 | 4000 |
syslog(LOG_ERR, _("mkdir %s failed"), newname); |
... | ... |
@@ -4276,7 +4302,7 @@ watchdog(void *a) |
4276 | 4276 |
assert((!external) || (sessions != NULL)); |
4277 | 4277 |
|
4278 | 4278 |
while(!quitting) { |
4279 |
- int i; |
|
4279 |
+ unsigned int i; |
|
4280 | 4280 |
struct timespec ts; |
4281 | 4281 |
struct timeval tp; |
4282 | 4282 |
struct session *session; |
... | ... |
@@ -4670,7 +4696,7 @@ quit(void) |
4670 | 4670 |
struct session *session = sessions; |
4671 | 4671 |
|
4672 | 4672 |
pthread_mutex_lock(&sstatus_mutex); |
4673 |
- for(; i < ((localSocket != NULL) ? 1 : max_children); i++) { |
|
4673 |
+ for(; i < ((localSocket != NULL) ? 1 : (int)max_children); i++) { |
|
4674 | 4674 |
/* |
4675 | 4675 |
* Check all free sessions are still usable |
4676 | 4676 |
* This could take some time with many free |
... | ... |
@@ -4987,3 +5013,33 @@ isWhitelisted(const char *emailaddress) |
4987 | 4987 |
|
4988 | 4988 |
return 0; |
4989 | 4989 |
} |
4990 |
+ |
|
4991 |
+static void |
|
4992 |
+logger(const char *mess) |
|
4993 |
+{ |
|
4994 |
+#ifdef CL_DEBUG |
|
4995 |
+ puts(mess); |
|
4996 |
+#else |
|
4997 |
+ FILE *fout = fopen(logFile, "a"); |
|
4998 |
+ |
|
4999 |
+ if(fout == NULL) |
|
5000 |
+ return; |
|
5001 |
+ |
|
5002 |
+ if(logTime) { |
|
5003 |
+ time_t currtime = time((time_t)0); |
|
5004 |
+ char buf[27]; |
|
5005 |
+ |
|
5006 |
+ /* |
|
5007 |
+ * FIXME: This should be HAS_CTIME_R2 and HAS_CTIME_R3 |
|
5008 |
+ */ |
|
5009 |
+#ifdef C_SOLARIS |
|
5010 |
+ ctime_r(&currtime, buf, sizeof(buf)); |
|
5011 |
+#else |
|
5012 |
+ ctime_r(&currtime, buf); |
|
5013 |
+#endif |
|
5014 |
+ fprintf(fout, "%.*s -> %s\n", strlen(buf) - 1, buf, mess); |
|
5015 |
+ } else |
|
5016 |
+ fprintf(fout, "%s\n", mess); |
|
5017 |
+ fclose(fout); |
|
5018 |
+#endif |
|
5019 |
+} |