Browse code
Add TCPwrappers support
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@282 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/02/15 02:20:38Showing 2 changed files
| ... | ... |
@@ -221,6 +221,9 @@ Changes |
| 221 | 221 |
0.66l 7/2/04 Updated URL reference |
| 222 | 222 |
Added new config.h mechanism |
| 223 | 223 |
0.66m 9/2/04 Added Hflag from "Leonid Zeitlin" <lz@europe.com> |
| 224 |
+0.66n 13/2/04 Added TCPwrappers support |
|
| 225 |
+ Removed duplication in version string |
|
| 226 |
+ Handle machines that don't have in_port_t |
|
| 224 | 227 |
|
| 225 | 228 |
BUG REPORTS |
| 226 | 229 |
|
| ... | ... |
@@ -224,9 +224,15 @@ |
| 224 | 224 |
* 0.66l 7/2/04 Updated URL reference |
| 225 | 225 |
* Added new config.h mechanism |
| 226 | 226 |
* 0.66m 9/2/04 Added Hflag from "Leonid Zeitlin" <lz@europe.com> |
| 227 |
+ * 0.66n 13/2/04 Added TCPwrappers support |
|
| 228 |
+ * Removed duplication in version string |
|
| 229 |
+ * Handle machines that don't have in_port_t |
|
| 227 | 230 |
* |
| 228 | 231 |
* Change History: |
| 229 | 232 |
* $Log: clamav-milter.c,v $ |
| 233 |
+ * Revision 1.45 2004/02/14 17:20:38 nigelhorne |
|
| 234 |
+ * Add TCPwrappers support |
|
| 235 |
+ * |
|
| 230 | 236 |
* Revision 1.44 2004/02/09 11:05:33 nigelhorne |
| 231 | 237 |
* Added Hflag |
| 232 | 238 |
* |
| ... | ... |
@@ -344,9 +350,9 @@ |
| 344 | 344 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
| 345 | 345 |
* Added -f flag use MaxThreads if --max-children not set |
| 346 | 346 |
*/ |
| 347 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.44 2004/02/09 11:05:33 nigelhorne Exp $"; |
|
| 347 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.45 2004/02/14 17:20:38 nigelhorne Exp $"; |
|
| 348 | 348 |
|
| 349 |
-#define CM_VERSION "0.66m" |
|
| 349 |
+#define CM_VERSION "0.66n" |
|
| 350 | 350 |
|
| 351 | 351 |
/*#define CONFDIR "/usr/local/etc"*/ |
| 352 | 352 |
|
| ... | ... |
@@ -393,6 +399,10 @@ static char const rcsid[] = "$Id: clamav-milter.c,v 1.44 2004/02/09 11:05:33 nig |
| 393 | 393 |
#include <grp.h> |
| 394 | 394 |
#include <netdb.h> |
| 395 | 395 |
|
| 396 |
+#ifdef WITH_TCPWRAP |
|
| 397 |
+#include <tcpd.h> |
|
| 398 |
+#endif |
|
| 399 |
+ |
|
| 396 | 400 |
#if defined(CL_DEBUG) && defined(C_LINUX) |
| 397 | 401 |
#include <sys/resource.h> |
| 398 | 402 |
#endif |
| ... | ... |
@@ -404,6 +414,10 @@ static char const rcsid[] = "$Id: clamav-milter.c,v 1.44 2004/02/09 11:05:33 nig |
| 404 | 404 |
#define SENDMAIL_BIN "/usr/lib/sendmail" |
| 405 | 405 |
#endif |
| 406 | 406 |
|
| 407 |
+#ifndef HAVE_IN_PORT_T |
|
| 408 |
+typedef unsigned short in_port_t; |
|
| 409 |
+#endif |
|
| 410 |
+ |
|
| 407 | 411 |
/* |
| 408 | 412 |
* TODO: optional: xmessage on console when virus stopped (SNMP would be real nice!) |
| 409 | 413 |
* Having said that, with LogSysLog you can (on Linux) configure the system |
| ... | ... |
@@ -1146,7 +1160,7 @@ pingServer(int serverNumber) |
| 1146 | 1146 |
* are out of date |
| 1147 | 1147 |
*/ |
| 1148 | 1148 |
snprintf(clamav_version, sizeof(clamav_version), |
| 1149 |
- "ClamAV version '%s', clamav-milter version '%s'", |
|
| 1149 |
+ "%s, clamav-milter version %s", |
|
| 1150 | 1150 |
buf, CM_VERSION); |
| 1151 | 1151 |
|
| 1152 | 1152 |
return 1; |
| ... | ... |
@@ -1344,6 +1358,20 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
| 1344 | 1344 |
} |
| 1345 | 1345 |
} |
| 1346 | 1346 |
} |
| 1347 |
+ |
|
| 1348 |
+#ifdef WITH_TCPWRAP |
|
| 1349 |
+ /* |
|
| 1350 |
+ * Support /etc/hosts.allow and /etc/hosts.deny |
|
| 1351 |
+ */ |
|
| 1352 |
+ if(!hosts_ctl("clamav-milter", hostname, remoteIP, STRING_UNKNOWN)) {
|
|
| 1353 |
+ if(use_syslog) |
|
| 1354 |
+ syslog(LOG_WARNING, |
|
| 1355 |
+ "Access to clamav-milter denied for %s[%s]", |
|
| 1356 |
+ hostname, |
|
| 1357 |
+ remoteIP); |
|
| 1358 |
+ return SMFIS_TEMPFAIL; |
|
| 1359 |
+ } |
|
| 1360 |
+#endif |
|
| 1347 | 1361 |
return SMFIS_CONTINUE; |
| 1348 | 1362 |
} |
| 1349 | 1363 |
|
| ... | ... |
@@ -1911,6 +1939,20 @@ clamfi_eom(SMFICTX *ctx) |
| 1911 | 1911 |
sendmail = popen(cmd, "w"); |
| 1912 | 1912 |
|
| 1913 | 1913 |
if(sendmail) {
|
| 1914 |
+ const char *from; |
|
| 1915 |
+ |
|
| 1916 |
+ /* |
|
| 1917 |
+ * Try to determine who sent the message. |
|
| 1918 |
+ * In the days of faked from addresses this is |
|
| 1919 |
+ * not easy! |
|
| 1920 |
+ */ |
|
| 1921 |
+ if(privdata->from) |
|
| 1922 |
+ from = (strcmp(privdata->from, "<>") == 0) ? |
|
| 1923 |
+ smfi_getsymval(ctx, "_") : |
|
| 1924 |
+ privdata->from; |
|
| 1925 |
+ else |
|
| 1926 |
+ from = smfi_getsymval(ctx, "_"); |
|
| 1927 |
+ |
|
| 1914 | 1928 |
/* |
| 1915 | 1929 |
* TODO: Make this e-mail message customisable |
| 1916 | 1930 |
* perhaps by means of a template |
| ... | ... |
@@ -1936,16 +1978,10 @@ clamfi_eom(SMFICTX *ctx) |
| 1936 | 1936 |
* information |
| 1937 | 1937 |
*/ |
| 1938 | 1938 |
fprintf(sendmail, "The message %s sent from %s to\n\t", |
| 1939 |
- smfi_getsymval(ctx, "i"), |
|
| 1940 |
- /*privdata->from,*/ |
|
| 1941 |
- smfi_getsymval(ctx, "_") |
|
| 1942 |
- ); |
|
| 1939 |
+ smfi_getsymval(ctx, "i"), from); |
|
| 1943 | 1940 |
else |
| 1944 |
- |
|
| 1945 | 1941 |
fprintf(sendmail, "A message sent from %s to\n\t", |
| 1946 |
- /*privdata->from,*/ |
|
| 1947 |
- smfi_getsymval(ctx, "_") |
|
| 1948 |
- ); |
|
| 1942 |
+ from); |
|
| 1949 | 1943 |
|
| 1950 | 1944 |
for(to = privdata->to; *to; to++) |
| 1951 | 1945 |
fprintf(sendmail, "%s\n", *to); |
| ... | ... |
@@ -1957,8 +1993,7 @@ clamfi_eom(SMFICTX *ctx) |
| 1957 | 1957 |
|
| 1958 | 1958 |
if (hflag) {
|
| 1959 | 1959 |
fprintf(sendmail, "\nThe message was received by %s from %s\n\n", |
| 1960 |
- smfi_getsymval(ctx, "j"), |
|
| 1961 |
- smfi_getsymval(ctx, "_")); |
|
| 1960 |
+ smfi_getsymval(ctx, "j"), from); |
|
| 1962 | 1961 |
fputs("For your information, the original message headers were:\n\n", sendmail);
|
| 1963 | 1962 |
header_list_print(privdata->headers, sendmail); |
| 1964 | 1963 |
} |