git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@521 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/04/23 18:14:51... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Fri Apr 23 10:14:00 BST 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamav-milter: Ensure only From lines are escaped |
|
4 |
+ Also defer generated emails if --force-scan is given |
|
5 |
+ Better subject for quarantine e-mails |
|
6 |
+ |
|
1 | 7 |
Thu Apr 22 17:48:49 BST 2004 (njh) |
2 | 8 |
---------------------------------- |
3 | 9 |
* clamav-milter: No need to parse the received line if --headers is given |
... | ... |
@@ -90,6 +90,10 @@ You may find INPUT_MAIL_FILTERS is not needed on your machine, however it |
90 | 90 |
is recommended by the Sendmail documentation and I recommend going along |
91 | 91 |
with that. |
92 | 92 |
|
93 |
+If you see an unsafe socket error from sendmail, it means that the permissions |
|
94 |
+of the /var/run/clamav directory are too open. Check you have correctly run |
|
95 |
+chown and chmod. |
|
96 |
+ |
|
93 | 97 |
The above example shows clamav-milter, clamd and sendmail all on the |
94 | 98 |
same machine, however using TCP they may reside on different machines, |
95 | 99 |
indeed clamav-milter is capable of talking to multiple clamds for redundancy |
... | ... |
@@ -354,6 +358,9 @@ Changes |
354 | 354 |
reached (used to fail if any one server could not be |
355 | 355 |
reached) |
356 | 356 |
Not all servers were load balanced |
357 |
+0.70r 23/4/04 Ensure only From lines are escaped |
|
358 |
+ Also defer generated emails if --force-scan is given |
|
359 |
+ Better subject for quarantine e-mails |
|
357 | 360 |
|
358 | 361 |
BUG REPORTS |
359 | 362 |
|
... | ... |
@@ -39,10 +39,15 @@ |
39 | 39 |
* chown clamav /var/run/clamav (if you use User clamav in clamav.conf) |
40 | 40 |
* chmod 700 /var/run/clamav |
41 | 41 |
* |
42 |
+ * If you see an unsafe socket error from sendmail, it means that the |
|
43 |
+ * permissions of the /var/run/clamav directory are too open. Check you have |
|
44 |
+ * correctly run chown and chmod. |
|
45 |
+ * |
|
42 | 46 |
* The above example shows clamav-milter, clamd and sendmail all on the |
43 | 47 |
* same machine, however using TCP they may reside on different machines, |
44 | 48 |
* indeed clamav-milter is capable of talking to multiple clamds for redundancy |
45 | 49 |
* and load balancing. |
50 |
+ * |
|
46 | 51 |
* 5) You may find INPUT_MAIL_FILTERS is not needed on your machine, however it |
47 | 52 |
* is recommended by the Sendmail documentation and I suggest going along |
48 | 53 |
* with that. |
... | ... |
@@ -343,7 +348,7 @@ |
343 | 343 |
* Sort out tabs in the hard coded e-mail message |
344 | 344 |
* 0.70q 22/4/04 No need to parse the received line if --headers is |
345 | 345 |
* given |
346 |
- * If -outgoing is given put generated emails in the |
|
346 |
+ * If --outgoing is given put generated emails in the |
|
347 | 347 |
* deferred queue to avoid the milter being called |
348 | 348 |
* twice at the same time (one on the incoming one on the |
349 | 349 |
* outgoing) |
... | ... |
@@ -354,9 +359,15 @@ |
354 | 354 |
* can be reached (used to fail if any one server |
355 | 355 |
* could not be reached) |
356 | 356 |
* Not all servers were load balanced |
357 |
+ * 0.70r 23/4/04 Ensure only From lines are escaped |
|
358 |
+ * Also defer generated emails if --force-scan is given |
|
359 |
+ * Better subject for quarantine e-mails |
|
357 | 360 |
* |
358 | 361 |
* Change History: |
359 | 362 |
* $Log: clamav-milter.c,v $ |
363 |
+ * Revision 1.82 2004/04/23 09:13:30 nigelhorne |
|
364 |
+ * Better quarantine email subject |
|
365 |
+ * |
|
360 | 366 |
* Revision 1.81 2004/04/22 16:47:04 nigelhorne |
361 | 367 |
* Various changes |
362 | 368 |
* |
... | ... |
@@ -585,9 +596,9 @@ |
585 | 585 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
586 | 586 |
* Added -f flag use MaxThreads if --max-children not set |
587 | 587 |
*/ |
588 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.81 2004/04/22 16:47:04 nigelhorne Exp $"; |
|
588 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.82 2004/04/23 09:13:30 nigelhorne Exp $"; |
|
589 | 589 |
|
590 |
-#define CM_VERSION "0.70q" |
|
590 |
+#define CM_VERSION "0.70r" |
|
591 | 591 |
|
592 | 592 |
/*#define CONFDIR "/usr/local/etc"*/ |
593 | 593 |
|
... | ... |
@@ -1547,10 +1558,10 @@ findServer(void) |
1547 | 1547 |
if((connect(sock, (struct sockaddr *)server, sizeof(struct sockaddr)) < 0) || |
1548 | 1548 |
(send(sock, "PING\n", 5, 0) < 5)) { |
1549 | 1549 |
const char *hostname = cli_strtok(serverHostNames, i, ":"); |
1550 |
- cli_warnmsg("findServer: Check clamd server %s - it may be down\n", hostname); |
|
1550 |
+ cli_warnmsg("Check clamd server %s - it may be down\n", hostname); |
|
1551 | 1551 |
if(use_syslog) |
1552 | 1552 |
syslog(LOG_WARNING, |
1553 |
- "findServer: Check clamd server %s - it may be down", |
|
1553 |
+ "Check clamd server %s - it may be down", |
|
1554 | 1554 |
hostname); |
1555 | 1555 |
socks[i] = -1; |
1556 | 1556 |
close(sock); |
... | ... |
@@ -1586,7 +1597,7 @@ findServer(void) |
1586 | 1586 |
} else if(retval < 0) { |
1587 | 1587 |
free(socks); |
1588 | 1588 |
if(use_syslog) |
1589 |
- syslog(LOG_ERR, "findServer: select failed\n"); |
|
1589 |
+ syslog(LOG_ERR, "findServer: select failed"); |
|
1590 | 1590 |
return 0; |
1591 | 1591 |
} |
1592 | 1592 |
|
... | ... |
@@ -1998,7 +2009,7 @@ clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len) |
1998 | 1998 |
const char *sendmailId = smfi_getsymval(ctx, "i"); |
1999 | 1999 |
if(sendmailId == NULL) |
2000 | 2000 |
sendmailId = "Unknown"; |
2001 |
- syslog(LOG_NOTICE, "%s: Message more than StreamMaxLength (%ld) bytes - not scanned\n", |
|
2001 |
+ syslog(LOG_NOTICE, "%s: Message more than StreamMaxLength (%ld) bytes - not scanned", |
|
2002 | 2002 |
sendmailId, streamMaxLength); |
2003 | 2003 |
} |
2004 | 2004 |
clamfi_cleanup(ctx); /* not needed, but just to be safe */ |
... | ... |
@@ -2122,7 +2133,7 @@ clamfi_eom(SMFICTX *ctx) |
2122 | 2122 |
* Clamd has stopped on StreamMaxLength before us |
2123 | 2123 |
*/ |
2124 | 2124 |
if(use_syslog) |
2125 |
- syslog(LOG_NOTICE, "%s: Message more than StreamMaxLength (%ld) bytes - not scanned\n", |
|
2125 |
+ syslog(LOG_NOTICE, "%s: Message more than StreamMaxLength (%ld) bytes - not scanned", |
|
2126 | 2126 |
sendmailId, streamMaxLength); |
2127 | 2127 |
clamfi_cleanup(ctx); /* not needed, but just to be safe */ |
2128 | 2128 |
return SMFIS_ACCEPT; |
... | ... |
@@ -2237,7 +2248,8 @@ clamfi_eom(SMFICTX *ctx) |
2237 | 2237 |
* not at the same time as the incoming message |
2238 | 2238 |
*/ |
2239 | 2239 |
snprintf(cmd, sizeof(cmd) - 1, |
2240 |
- (oflag) ? "%s -t -odq" : "%s -t", SENDMAIL_BIN); |
|
2240 |
+ (oflag || fflag) ? "%s -t -odq" : "%s -t", |
|
2241 |
+ SENDMAIL_BIN); |
|
2241 | 2242 |
|
2242 | 2243 |
sendmail = popen(cmd, "w"); |
2243 | 2244 |
|
... | ... |
@@ -2346,16 +2358,25 @@ clamfi_eom(SMFICTX *ctx) |
2346 | 2346 |
} |
2347 | 2347 |
free(privdata->to); |
2348 | 2348 |
privdata->to = NULL; |
2349 |
+ /* |
|
2350 |
+ * NOTE: on a closed relay this will not work |
|
2351 |
+ * if the recipient is a remote address |
|
2352 |
+ */ |
|
2349 | 2353 |
if(smfi_addrcpt(ctx, quarantine) == MI_FAILURE) { |
2350 | 2354 |
if(use_syslog) |
2351 | 2355 |
syslog(LOG_DEBUG, "Can't set quarantine user %s", quarantine); |
2352 | 2356 |
else |
2353 | 2357 |
cli_warnmsg("Can't set quarantine user %s\n", quarantine); |
2354 |
- } else |
|
2358 |
+ } else { |
|
2359 |
+ char subject[128]; |
|
2360 |
+ |
|
2355 | 2361 |
/* |
2356 | 2362 |
* FIXME: doesn't work if there's no subject |
2357 | 2363 |
*/ |
2358 |
- smfi_chgheader(ctx, "Subject", 1, mess); |
|
2364 |
+ snprintf(subject, sizeof(subject) - 1, |
|
2365 |
+ "[Virus] %s", virusname); |
|
2366 |
+ smfi_chgheader(ctx, "Subject", 1, subject); |
|
2367 |
+ } |
|
2359 | 2368 |
} else if(rejectmail) |
2360 | 2369 |
rc = SMFIS_REJECT; /* Delete the e-mail */ |
2361 | 2370 |
else |
... | ... |
@@ -2646,7 +2667,7 @@ updateSigFile(void) |
2646 | 2646 |
if(stat(sigFilename, &statb) < 0) { |
2647 | 2647 |
perror(sigFilename); |
2648 | 2648 |
if(use_syslog) |
2649 |
- syslog(LOG_ERR, "Can't stat %s\n", sigFilename); |
|
2649 |
+ syslog(LOG_ERR, "Can't stat %s", sigFilename); |
|
2650 | 2650 |
return 0; |
2651 | 2651 |
} |
2652 | 2652 |
|
... | ... |
@@ -2657,7 +2678,7 @@ updateSigFile(void) |
2657 | 2657 |
if(fd < 0) { |
2658 | 2658 |
perror(sigFilename); |
2659 | 2659 |
if(use_syslog) |
2660 |
- syslog(LOG_ERR, "Can't open %s\n", sigFilename); |
|
2660 |
+ syslog(LOG_ERR, "Can't open %s", sigFilename); |
|
2661 | 2661 |
return 0; |
2662 | 2662 |
} |
2663 | 2663 |
|
... | ... |
@@ -2733,7 +2754,7 @@ header_list_print(header_list_t list, FILE *fp) |
2733 | 2733 |
const struct header_node_t *iter; |
2734 | 2734 |
|
2735 | 2735 |
for(iter = list->first; iter; iter = iter->next) { |
2736 |
- if(strncmp(iter->header, "From", 4) == 0) |
|
2736 |
+ if(strncmp(iter->header, "From ", 5) == 0) |
|
2737 | 2737 |
putc('>', fp); |
2738 | 2738 |
fprintf(fp, "%s\n", iter->header); |
2739 | 2739 |
} |
... | ... |
@@ -2973,7 +2994,7 @@ checkClamd(void) |
2973 | 2973 |
if(fd < 0) { |
2974 | 2974 |
perror(pidFile); |
2975 | 2975 |
if(use_syslog) |
2976 |
- syslog(LOG_ERR, "Can't open %s\n", pidFile); |
|
2976 |
+ syslog(LOG_ERR, "Can't open %s", pidFile); |
|
2977 | 2977 |
return; |
2978 | 2978 |
} |
2979 | 2979 |
nbytes = read(fd, buf, sizeof(buf) - 1); |
... | ... |
@@ -2982,7 +3003,7 @@ checkClamd(void) |
2982 | 2982 |
pid = atoi(buf); |
2983 | 2983 |
if((kill(pid, 0) < 0) && (errno == ESRCH)) { |
2984 | 2984 |
if(use_syslog) |
2985 |
- syslog(LOG_ERR, "Clamd (pid %d) seems to have died\n", |
|
2985 |
+ syslog(LOG_ERR, "Clamd (pid %d) seems to have died", |
|
2986 | 2986 |
pid); |
2987 | 2987 |
perror("clamd"); |
2988 | 2988 |
} |
... | ... |
@@ -3008,7 +3029,7 @@ sendtemplate(const char *filename, FILE *sendmail, const char *clamdMessage) |
3008 | 3008 |
if(fin == NULL) { |
3009 | 3009 |
perror(filename); |
3010 | 3010 |
if(use_syslog) |
3011 |
- syslog(LOG_ERR, "Can't open e-mail template file %s\n", |
|
3011 |
+ syslog(LOG_ERR, "Can't open e-mail template file %s", |
|
3012 | 3012 |
filename); |
3013 | 3013 |
return -1; |
3014 | 3014 |
} |
... | ... |
@@ -3017,7 +3038,7 @@ sendtemplate(const char *filename, FILE *sendmail, const char *clamdMessage) |
3017 | 3017 |
/* File disappeared in race condition? */ |
3018 | 3018 |
perror(filename); |
3019 | 3019 |
if(use_syslog) |
3020 |
- syslog(LOG_ERR, "Can't stat e-mail template file %s\n", |
|
3020 |
+ syslog(LOG_ERR, "Can't stat e-mail template file %s", |
|
3021 | 3021 |
filename); |
3022 | 3022 |
fclose(fin); |
3023 | 3023 |
return -1; |
... | ... |
@@ -3025,7 +3046,7 @@ sendtemplate(const char *filename, FILE *sendmail, const char *clamdMessage) |
3025 | 3025 |
buf = cli_malloc(statb.st_size + 1); |
3026 | 3026 |
if(buf == NULL) { |
3027 | 3027 |
if(use_syslog) |
3028 |
- syslog(LOG_ERR, "Out of memory\n"); |
|
3028 |
+ syslog(LOG_ERR, "Out of memory"); |
|
3029 | 3029 |
fclose(fin); |
3030 | 3030 |
return -1; |
3031 | 3031 |
} |