... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Mon Feb 28 21:46:50 CET 2011 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * clamd: add new option ClamukoExcludeUID (bb#2260) |
|
4 |
+ Based on idea from alfred*bokxing.nl |
|
5 |
+ |
|
1 | 6 |
Fri Feb 25 14:49:04 CET 2011 (tk) |
2 | 7 |
--------------------------------- |
3 | 8 |
* libclamav/elf.c: fix incorrect detection of Broken.Executable (bb#2580) |
... | ... |
@@ -185,6 +185,11 @@ static void *clamukolegacyth(void *arg) |
185 | 185 |
} |
186 | 186 |
} |
187 | 187 |
|
188 |
+ if(clamuko_checkowner(acc->pid, tharg->opts)) { |
|
189 |
+ scan = 0; |
|
190 |
+ logg("*Clamuko: %s skipped (excluded UID)\n", acc->filename); |
|
191 |
+ } |
|
192 |
+ |
|
188 | 193 |
context.filename = acc->filename; |
189 | 194 |
context.virsize = 0; |
190 | 195 |
if(scan && cl_scanfile_callback(acc->filename, &virname, NULL, tharg->engine, tharg->options, &context) == CL_VIRUS) { |
... | ... |
@@ -153,6 +153,12 @@ static void *clamuko_scanth(void *arg) |
153 | 153 |
} |
154 | 154 |
} |
155 | 155 |
|
156 |
+ if(clamuko_checkowner(acc.pid, tharg->opts)) { |
|
157 |
+ dazukofs_get_filename(&acc, filename, sizeof(filename)); |
|
158 |
+ logg("*Clamuko: %s skipped (excluded UID)\n", filename); |
|
159 |
+ skip_scan = 1; |
|
160 |
+ } |
|
161 |
+ |
|
156 | 162 |
context.filename = NULL; |
157 | 163 |
context.virsize = 0; |
158 | 164 |
if(skip_scan) { |
... | ... |
@@ -722,3 +722,25 @@ void detstats_print(int desc, char term) |
722 | 722 |
mdprintf(desc, "%u:%s:%u:%s:%s%c", detstats_data[i].time, detstats_data[i].md5, detstats_data[i].fsize, detstats_data[i].virname, detstats_data[i].fname, term); |
723 | 723 |
pthread_mutex_unlock(&detstats_lock); |
724 | 724 |
} |
725 |
+ |
|
726 |
+#ifdef CLAMUKO |
|
727 |
+int clamuko_checkowner(int pid, const struct optstruct *opts) |
|
728 |
+{ |
|
729 |
+ char path[32]; |
|
730 |
+ struct stat sb; |
|
731 |
+ const struct optstruct *opt; |
|
732 |
+ |
|
733 |
+ if(!(opt = optget(opts, "ClamukoExcludeUID"))->enabled) |
|
734 |
+ return 0; |
|
735 |
+ |
|
736 |
+ snprintf(path, sizeof(path), "/proc/%u", pid); |
|
737 |
+ if(stat(path, &sb) == 0) { |
|
738 |
+ while(opt) { |
|
739 |
+ if(opt->numarg == (long long) sb.st_uid) |
|
740 |
+ return 1; |
|
741 |
+ opt = opt->nextarg; |
|
742 |
+ } |
|
743 |
+ } |
|
744 |
+ return 0; |
|
745 |
+} |
|
746 |
+#endif |
... | ... |
@@ -86,4 +86,8 @@ void detstats_clear(void); |
86 | 86 |
void detstats_add(const char *virname, const char *fname, unsigned int fsize, const char *md5); |
87 | 87 |
void detstats_print(int desc, char term); |
88 | 88 |
|
89 |
+#ifdef CLAMUKO |
|
90 |
+int clamuko_checkowner(int pid, const struct optstruct *opts); |
|
91 |
+#endif |
|
92 |
+ |
|
89 | 93 |
#endif |
... | ... |
@@ -466,6 +466,10 @@ Default: no |
466 | 466 |
Set the exclude paths. All subdirectories will also be excluded. |
467 | 467 |
.br |
468 | 468 |
Default: no |
469 |
+\fBClamukoExcludeUID NUMBER\fR |
|
470 |
+With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files. This option can be used multiple times (one per line). |
|
471 |
+.br |
|
472 |
+Default: no |
|
469 | 473 |
.TP |
470 | 474 |
\fBClamukoMaxFileSize SIZE\fR |
471 | 475 |
Ignore files larger than SIZE. |
... | ... |
@@ -458,6 +458,12 @@ Example |
458 | 458 |
# Default: disabled |
459 | 459 |
#ClamukoExcludePath /home/bofh |
460 | 460 |
|
461 |
+# With this option you can whitelist specific UIDs. Processes with these UIDs |
|
462 |
+# will be able to access all files. |
|
463 |
+# This option can be used multiple times (one per line). |
|
464 |
+# Default: disabled |
|
465 |
+#ClamukoExcludeUID 0 |
|
466 |
+ |
|
461 | 467 |
# With this option enabled ClamAV will load bytecode from the database. |
462 | 468 |
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. |
463 | 469 |
# Default: yes |
... | ... |
@@ -339,6 +339,8 @@ const struct clam_option __clam_options[] = { |
339 | 339 |
|
340 | 340 |
{ "ClamukoExcludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option allows excluding directories from on-access scanning. It can\nbe used multiple times.", "/home/bofh\n/root" }, |
341 | 341 |
|
342 |
+ { "ClamukoExcludeUID", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "With this option you can whitelist specific UIDs. Processes with these UIDs\nwill be able to access all files.\nThis option can be used multiple times (one per line).", "0" }, |
|
343 |
+ |
|
342 | 344 |
{ "ClamukoMaxFileSize", NULL, 0, TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned.", "5M" }, |
343 | 345 |
|
344 | 346 |
/* FIXME: mark these as private and don't output into clamd.conf/man */ |