@@ -1,3 +1,7 @@

+Mon Sep 12 16:29:22 CEST 2011 (tk)

+----------------------------------

+ * freshclam: add new option PrivateMirror (bb#3058)

+

 Sun Aug 21 17:05:24 EEST 2011 (edwin)

 -------------------------------------

  * libclamav/pdf.c:  fix incorrect blocking of some encrypted PDF with empty user passwords. (bb #3364)

@@ -111,6 +111,11 @@ With this option you can provide custom sources (http:// or file://) for databas

 .br 

 Default: no custom URLs

 .TP 

+\fBPrivateMirror STR\fR

+This option allows you to easily point freshclam to private mirrors. If PrivateMirror is set, freshclam does not attempt to use DNS to determine whether its databases are out-of-date, instead it will use the If-Modified-Since request or directly check the headers of the remote database files. For each database, freshclam first attempts to download the CLD file. If that fails, it tries to download the CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates. It can be used multiple times to provide fall-back mirrors.

+.br 

+Default: disabled

+.TP 

 \fBHTTPProxyServer STR\fR, \fBHTTPProxyPort NUMBER\fR

 Use given proxy server and TCP port for database downloads.

 .TP 

@@ -94,6 +94,19 @@ DatabaseMirror database.clamav.net

 #DatabaseCustomURL http://myserver.com/mysigs.ndb

 #DatabaseCustomURL file:///mnt/nfs/local.hdb

+# This option allows you to easily point freshclam to private mirrors.

+# If PrivateMirror is set, freshclam does not attempt to use DNS

+# to determine whether its databases are out-of-date, instead it will

+# use the If-Modified-Since request or directly check the headers of the

+# remote database files. For each database, freshclam first attempts

+# to download the CLD file. If that fails, it tries to download the

+# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo

+# and Scripted Updates. It can be used multiple times to provide

+# fall-back mirrors.

+# Default: disabled

+#PrivateMirror mirror1.mynetwork.com

+#PrivateMirror mirror2.mynetwork.com

+

 # Number of database checks per day.

 # Default: 12 (every two hours)

 #Checks 24

@@ -412,6 +412,51 @@ int main(int argc, char **argv)

 	return 0;

     }

+    if((opt = optget(opts, "PrivateMirror"))->enabled) {

+	    struct optstruct *dbm, *opth;

+

+	dbm = (struct optstruct *) optget(opts, "DatabaseMirror");

+	dbm->active = dbm->enabled = 1;

+	do {

+	    if(dbm->strarg)

+		free(dbm->strarg);

+	    dbm->strarg = strdup(opt->strarg);

+	    if(!dbm->strarg) {

+		logg("!strdup() failed\n");

+		optfree(opts);

+		return 75;

+	    }

+	    if(!dbm->nextarg) {

+		dbm->nextarg = (struct optstruct *) calloc(1, sizeof(struct optstruct));

+		if(!dbm->nextarg) {

+		    logg("!calloc() failed\n");

+		    optfree(opts);

+		    return 75;

+		}

+	    }

+	    opth = dbm;

+	    dbm = dbm->nextarg;

+	} while((opt = opt->nextarg));

+

+	opth->nextarg = NULL;

+	while(dbm) {

+	    free(dbm->name);

+	    free(dbm->cmd);

+	    free(dbm->strarg);

+	    opth = dbm;

+	    dbm = dbm->nextarg;

+	    free(opth);

+	}

+

+	/* disable DNS db checks */

+	opth = (struct optstruct *) optget(opts, "no-dns");

+	opth->active = opth->enabled = 1;

+

+	/* disable scripted updates */

+	opth = (struct optstruct *) optget(opts, "ScriptedUpdates");

+	opth->active = opth->enabled = 0;

+    }

+

     *updtmpdir = 0;

 #ifdef _WIN32

@@ -813,7 +813,7 @@ static struct cl_cvd *remote_cvdhead(const char *cvdfile, const char *localfile,

     }

     if((strstr(buffer, "HTTP/1.1 404")) != NULL || (strstr(buffer, "HTTP/1.0 404")) != NULL) { 

-	logg("%cCVD file not found on remote server\n", logerr ? '!' : '^');

+	logg("%c%s not found on remote server\n", logerr ? '!' : '^', cvdfile);

 	mirman_update(mdat->currip, mdat->af, mdat, 2);

 	return NULL;

     }

@@ -1558,8 +1558,8 @@ static int updatedb(const char *dbname, const char *hostname, char *ip, int *sig

 	struct cl_cvd *current, *remote;

 	const struct optstruct *opt;

 	unsigned int nodb = 0, currver = 0, newver = 0, port = 0, i, j;

-	int ret, ims = -1;

-	char *pt, cvdfile[32], localname[32], *tmpdir = NULL, *newfile, *newfile2, newdb[32];

+	int ret, ims = -1, hascld = 0;

+	char *pt, cvdfile[32], cldfile[32], localname[32], *tmpdir = NULL, *newfile, *newfile2, newdb[32];

 	char extradbinfo[64], *extradnsreply = NULL, squery[64];

 	const char *proxy = NULL, *user = NULL, *pass = NULL, *uas = NULL;

 	unsigned int flevel = cl_retflevel(), remote_flevel = 0, maxattempts;

@@ -1576,6 +1576,7 @@ static int updatedb(const char *dbname, const char *hostname, char *ip, int *sig

 	mirror_stats = 1;

     snprintf(cvdfile, sizeof(cvdfile), "%s.cvd", dbname);

+    snprintf(cldfile, sizeof(cldfile), "%s.cld", dbname);

     if(!(current = currentdb(dbname, localname))) {

 	nodb = 1;

@@ -1688,8 +1689,14 @@ static int updatedb(const char *dbname, const char *hostname, char *ip, int *sig

     rtimeout = optget(opts, "ReceiveTimeout")->numarg;

     if(!nodb && !newver) {

-

-	remote = remote_cvdhead(cvdfile, localname, hostname, ip, localip, proxy, port, user, pass, uas, &ims, ctimeout, rtimeout, mdat, logerr, can_whitelist);

+	if(optget(opts, "PrivateMirror")->enabled) {

+	    remote = remote_cvdhead(cldfile, localname, hostname, ip, localip, proxy, port, user, pass, uas, &ims, ctimeout, rtimeout, mdat, logerr, can_whitelist);

+	    if(remote)

+		hascld = 1;

+	    else

+		remote = remote_cvdhead(cvdfile, localname, hostname, ip, localip, proxy, port, user, pass, uas, &ims, ctimeout, rtimeout, mdat, logerr, can_whitelist);

+	} else

+	    remote = remote_cvdhead(cvdfile, localname, hostname, ip, localip, proxy, port, user, pass, uas, &ims, ctimeout, rtimeout, mdat, logerr, can_whitelist);

 	if(!nodb && !ims) {

 	    logg("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder);

@@ -1759,7 +1766,15 @@ static int updatedb(const char *dbname, const char *hostname, char *ip, int *sig

     newfile = cli_gentemp(updtmpdir);

     if(nodb) {

-	ret = getcvd(cvdfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, newver, ctimeout, rtimeout, mdat, logerr, can_whitelist, opts);

+	if(optget(opts, "PrivateMirror")->enabled) {

+	    ret = 0;

+	    if(hascld)

+		ret = getcvd(cldfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, newver, ctimeout, rtimeout, mdat, logerr, can_whitelist, opts);

+	    if(ret || !hascld)

+		ret = getcvd(cvdfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, newver, ctimeout, rtimeout, mdat, logerr, can_whitelist, opts);

+	} else

+	    ret = getcvd(cvdfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, newver, ctimeout, rtimeout, mdat, logerr, can_whitelist, opts);

+

 	if(ret) {

 	    if(mirror_stats && strlen(ip)) {

 		snprintf(squery, sizeof(squery), "%s.%u.%u.%u.%u.%s.ping.clamav.net", dbname, 0, flevel, 0, w32, ip);

@@ -2166,7 +2181,7 @@ int downloadmanager(const struct optstruct *opts, const char *hostname, int loge

     if((opt = optget(opts, "LocalIPAddress"))->enabled)

 	localip = opt->strarg;

-    if(optget(opts, "HTTPProxyServer")->enabled)

+    if(optget(opts, "HTTPProxyServer")->enabled || optget(opts, "PrivateMirror")->enabled)

 	mirman_read("mirrors.dat", &mdat, 0);

     else

 	mirman_read("mirrors.dat", &mdat, 1);

@@ -371,6 +371,8 @@ const struct clam_option __clam_options[] = {

     { "DatabaseMirror", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_FRESHCLAM, "DatabaseMirror specifies to which mirror(s) freshclam should connect.\nYou should have at least two entries: db.XY.clamav.net (or db.XY.ipv6.clamav.net\nfor IPv6) and database.clamav.net (in this order). Please replace XY with your\ncountry code (see http://www.iana.org/cctld/cctld-whois.htm).\ndatabase.clamav.net is a round-robin record which points to our most reliable\nmirrors. It's used as a fall back in case db.XY.clamav.net is not working.", "db.XY.clamav.net\ndatabase.clamav.net" },

+    { "PrivateMirror", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_FRESHCLAM, "This option allows you to easily point freshclam to private mirrors.\nIf PrivateMirror is set, freshclam does not attempt to use DNS\nto determine whether its databases are out-of-date, instead it will\nuse the If-Modified-Since request or directly check the headers of the\nremote database files. For each database, freshclam first attempts\nto download the CLD file. If that fails, it tries to download the\nCVD file. This option overrides DatabaseMirror, DNSDatabaseInfo\nand Scripted Updates. It can be used multiple times to provide\nfall-back mirrors.", "mirror1.mynetwork.com\nmirror2.mynetwork.com" },

+

     { "MaxAttempts", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_FRESHCLAM, "This option defines how many attempts freshclam should make before giving up.", "5" },

     { "ScriptedUpdates", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_FRESHCLAM, "With this option you can control scripted updates. It's highly recommended to keep them enabled.", "yes" },