git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@182 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/01/11 01:24:20... | ... |
@@ -1,4 +1,10 @@ |
1 |
+Sat Jan 10 16:23:54 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamav-milter: Added OpenBSD instructions from <peo_s@incedo.org> |
|
4 |
+ and --signature-file option |
|
5 |
+ |
|
1 | 6 |
Sat Jan 10 14:52:00 GMT 2004 (njh) |
7 |
+---------------------------------- |
|
2 | 8 |
* docs: Note that clamav-milter debugging option requires |
3 | 9 |
reconfiguration |
4 | 10 |
|
... | ... |
@@ -34,8 +34,24 @@ FreeBSD. It comes with getopt.h which is handy. To link you need |
34 | 34 |
gcc30 -O3 -DCONFDIR=\"/usr/local/etc\" -I. -I.. -I../clamd -I../libclamav -pedantic -Wuninitialized -Wall -pipe -mcpu=pentium -march=pentium -fomit-frame-pointer -ffast-math -finline-functions -funroll-loops clamav-milter.c -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lgnugetopt |
35 | 35 |
|
36 | 36 |
FreeBSD4.8: compiles out of the box with either gcc2.95 or gcc3 |
37 |
-OpenBSD3.3: the supplied sendmail does not come with Milter support. You |
|
38 |
-will need to rebuild sendmail from source |
|
37 |
+ |
|
38 |
+OpenBSD3.4: the supplied sendmail does not come with Milter support. |
|
39 |
+Do this *before* running configure (thanks for Per-Olov Sjöhol |
|
40 |
+<peo_s@incedo.org> for these instructions). |
|
41 |
+ |
|
42 |
+ echo WANT_LIBMILTER=1 > /etc/mk.conf |
|
43 |
+ cd /usr/src/gnu/usr.sbin/sendmail |
|
44 |
+ make depend |
|
45 |
+ make |
|
46 |
+ make install |
|
47 |
+ kill -HUP `sed q /var/run/sendmail.pid` |
|
48 |
+ |
|
49 |
+Then do this to make the milter headers available to clamav... |
|
50 |
+(the libmilter.a file is already in the right place after the sendmail |
|
51 |
+recompiles above) |
|
52 |
+ |
|
53 |
+ cd /usr/include |
|
54 |
+ ln -s ../src/gnu/usr.sbin/sendmail/include/libmilter libmilter |
|
39 | 55 |
|
40 | 56 |
Solaris 9 and FreeBSD5 have milter support in the supplied sendmail, but |
41 | 57 |
doesn't include libmilter so you can't develop milter applications on it. |
... | ... |
@@ -184,6 +200,8 @@ Changes |
184 | 184 |
0.66b 27/12/03 --sign moved to privdata |
185 | 185 |
0.66c 31/12/03 Included the sendmail queue ID in the log, from an |
186 | 186 |
idea by Andy Fiddaman <af@jeamland.org> |
187 |
+0.66d 10/1/04 Added OpenBSD instructions |
|
188 |
+ Added --signature-file option |
|
187 | 189 |
|
188 | 190 |
BUG REPORTS |
189 | 191 |
|
... | ... |
@@ -76,8 +76,24 @@ |
76 | 76 |
* gcc30 -O3 -DCONFDIR=\"/usr/local/etc\" -I. -I.. -I../clamd -I../libclamav -pedantic -Wuninitialized -Wall -pipe -mcpu=pentium -march=pentium -fomit-frame-pointer -ffast-math -finline-functions -funroll-loops clamav-milter.c -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lgnugetopt |
77 | 77 |
* |
78 | 78 |
* FreeBSD4.8: compiles out of the box with either gcc2.95 or gcc3 |
79 |
- * OpenBSD3.3: the supplied sendmail does not come with Milter support. You |
|
80 |
- * will need to rebuild sendmail from source |
|
79 |
+ * |
|
80 |
+ * OpenBSD3.4: the supplied sendmail does not come with Milter support. |
|
81 |
+ * Do this *before* running configure (thanks for Per-Olov Sjöhol |
|
82 |
+ * <peo_s@incedo.org>for these instructions). |
|
83 |
+ * |
|
84 |
+ * echo WANT_LIBMILTER=1 > /etc/mk.conf |
|
85 |
+ * cd /usr/src/gnu/usr.sbin/sendmail |
|
86 |
+ * make depend |
|
87 |
+ * make |
|
88 |
+ * make install |
|
89 |
+ * kill -HUP `sed q /var/run/sendmail.pid` |
|
90 |
+ * |
|
91 |
+ * Then do this to make the milter headers available to clamav... |
|
92 |
+ * (the libmilter.a file is already in the right place after the sendmail |
|
93 |
+ * recompiles above) |
|
94 |
+ * |
|
95 |
+ * cd /usr/include |
|
96 |
+ * ln -s ../src/gnu/usr.sbin/sendmail/include/libmilter libmilter |
|
81 | 97 |
* |
82 | 98 |
* Solaris 9 and FreeBSD5 have milter support in the supplied sendmail, but |
83 | 99 |
* doesn't include libmilter so you can't develop milter applications on it. |
... | ... |
@@ -187,9 +203,14 @@ |
187 | 187 |
* 0.66b 27/12/03 --sign moved to privdata |
188 | 188 |
* 0.66c 31/12/03 Included the sendmail queue ID in the log, from an |
189 | 189 |
* idea by Andy Fiddaman <af@jeamland.org> |
190 |
+ * 0.66d 10/1/04 Added OpenBSD instructions |
|
191 |
+ * Added --signature-file option |
|
190 | 192 |
* |
191 | 193 |
* Change History: |
192 | 194 |
* $Log: clamav-milter.c,v $ |
195 |
+ * Revision 1.35 2004/01/10 16:22:14 nigelhorne |
|
196 |
+ * Added OpenBSD instructions and --signature-file |
|
197 |
+ * |
|
193 | 198 |
* Revision 1.34 2003/12/31 14:46:35 nigelhorne |
194 | 199 |
* Include the sendmail queue ID in the log |
195 | 200 |
* |
... | ... |
@@ -277,9 +298,9 @@ |
277 | 277 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
278 | 278 |
* Added -f flag use MaxThreads if --max-children not set |
279 | 279 |
*/ |
280 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.34 2003/12/31 14:46:35 nigelhorne Exp $"; |
|
280 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.35 2004/01/10 16:22:14 nigelhorne Exp $"; |
|
281 | 281 |
|
282 |
-#define CM_VERSION "0.66c" |
|
282 |
+#define CM_VERSION "0.66d" |
|
283 | 283 |
|
284 | 284 |
/*#define CONFDIR "/usr/local/etc"*/ |
285 | 285 |
|
... | ... |
@@ -356,7 +377,7 @@ struct privdata { |
356 | 356 |
size_t bodyLen; /* number of bytes in body */ |
357 | 357 |
}; |
358 | 358 |
|
359 |
-static int pingServer(void); |
|
359 |
+static int pingServer(void); |
|
360 | 360 |
static sfsistat clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr); |
361 | 361 |
static sfsistat clamfi_envfrom(SMFICTX *ctx, char **argv); |
362 | 362 |
static sfsistat clamfi_envrcpt(SMFICTX *ctx, char **argv); |
... | ... |
@@ -369,7 +390,8 @@ static sfsistat clamfi_close(SMFICTX *ctx); |
369 | 369 |
static void clamfi_cleanup(SMFICTX *ctx); |
370 | 370 |
static int clamfi_send(const struct privdata *privdata, size_t len, const char *format, ...); |
371 | 371 |
static char *strrcpy(char *dest, const char *source); |
372 |
-static int clamd_recv(int sock, char *buf, size_t len); |
|
372 |
+static int clamd_recv(int sock, char *buf, size_t len); |
|
373 |
+static off_t updateSigFile(void); |
|
373 | 374 |
|
374 | 375 |
static char clamav_version[128]; |
375 | 376 |
static int fflag = 0; /* force a scan, whatever */ |
... | ... |
@@ -395,6 +417,10 @@ static int Sflag = 0; /* |
395 | 395 |
* Add a signature to each message that |
396 | 396 |
* has been scanned |
397 | 397 |
*/ |
398 |
+static const char *sigFilename; /* |
|
399 |
+ * File where the scanned message signature |
|
400 |
+ * can be found |
|
401 |
+ */ |
|
398 | 402 |
static char *quarantine; /* |
399 | 403 |
* If a virus is found in an email redirect |
400 | 404 |
* it to this account |
... | ... |
@@ -419,8 +445,8 @@ static int threadtimeout = CL_DEFAULT_SCANTIMEOUT; /* |
419 | 419 |
* number of seconds to wait for clamd to |
420 | 420 |
* respond |
421 | 421 |
*/ |
422 |
-static const char signature[] = /* TODO: read in from a file */ |
|
423 |
- "-- \nScanned by ClamAv - http://clamav.elektrapro.com\n"; |
|
422 |
+static char *signature = "-- \nScanned by ClamAv - http://www.clamav.net\n"; |
|
423 |
+static time_t signatureStamp; |
|
424 | 424 |
|
425 | 425 |
#ifdef CL_DEBUG |
426 | 426 |
static int debug_level = 0; |
... | ... |
@@ -468,7 +494,8 @@ help(void) |
468 | 468 |
puts("\t--quarantine=USER\t-Q EMAIL\tQuanrantine e-mail account."); |
469 | 469 |
puts("\t--quarantine-dir=DIR\t-U DIR\tDirectory to store infected emails."); |
470 | 470 |
puts("\t--server=ADDRESS\t-s ADDR\tIP address of server running clamd (when using TCPsocket)."); |
471 |
- puts("\t--sign\t\t\t-S\tAdd a signature to each scanned message."); |
|
471 |
+ puts("\t--sign\t\t\t-S\tAdd a hard-coded signature to each scanned message."); |
|
472 |
+ puts("\t--signature-file\t-F\tLocation of signature file."); |
|
472 | 473 |
puts("\t--version\t\t-V\tPrint the version number of this software."); |
473 | 474 |
#ifdef CL_DEBUG |
474 | 475 |
puts("\t--debug-level=n\t\t-x n\tSets the debug level to 'n'."); |
... | ... |
@@ -510,9 +537,9 @@ main(int argc, char **argv) |
510 | 510 |
for(;;) { |
511 | 511 |
int opt_index = 0; |
512 | 512 |
#ifdef CL_DEBUG |
513 |
- const char *args = "bc:flm:nop:PqQ:dhs:SU:Vx:"; |
|
513 |
+ const char *args = "bc:fF:lm:nop:PqQ:dhs:SU:Vx:"; |
|
514 | 514 |
#else |
515 |
- const char *args = "bc:flm:nop:PqQ:dhs:SU:V"; |
|
515 |
+ const char *args = "bc:fF:lm:nop:PqQ:dhs:SU:V"; |
|
516 | 516 |
#endif |
517 | 517 |
|
518 | 518 |
static struct option long_options[] = { |
... | ... |
@@ -562,7 +589,10 @@ main(int argc, char **argv) |
562 | 562 |
"server", 1, NULL, 's' |
563 | 563 |
}, |
564 | 564 |
{ |
565 |
- "sign", 1, NULL, 'S' |
|
565 |
+ "sign", 0, NULL, 'S' |
|
566 |
+ }, |
|
567 |
+ { |
|
568 |
+ "signature-file", 1, NULL, 'F' |
|
566 | 569 |
}, |
567 | 570 |
{ |
568 | 571 |
"version", 0, NULL, 'V' |
... | ... |
@@ -629,6 +659,10 @@ main(int argc, char **argv) |
629 | 629 |
case 's': /* server running clamd */ |
630 | 630 |
serverIP = optarg; |
631 | 631 |
break; |
632 |
+ case 'F': /* signature file */ |
|
633 |
+ sigFilename = optarg; |
|
634 |
+ signature = NULL; |
|
635 |
+ /* fall through */ |
|
632 | 636 |
case 'S': /* sign */ |
633 | 637 |
smfilter.xxfi_flags |= SMFIF_CHGBODY; |
634 | 638 |
Sflag++; |
... | ... |
@@ -646,9 +680,9 @@ main(int argc, char **argv) |
646 | 646 |
#endif |
647 | 647 |
default: |
648 | 648 |
#ifdef CL_DEBUG |
649 |
- fprintf(stderr, "Usage: %s [-b] [-c FILE] [--max-children=num] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-S] [-x#] [-U PATH] socket-addr\n", argv[0]); |
|
649 |
+ fprintf(stderr, "Usage: %s [-b] [-c FILE] [-F FILE] [--max-children=num] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-S] [-x#] [-U PATH] socket-addr\n", argv[0]); |
|
650 | 650 |
#else |
651 |
- fprintf(stderr, "Usage: %s [-b] [-c FILE] [--max-children=num] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-S] [-U PATH] socket-addr\n", argv[0]); |
|
651 |
+ fprintf(stderr, "Usage: %s [-b] [-c FILE] [-F FILE] [--max-children=num] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-S] [-U PATH] socket-addr\n", argv[0]); |
|
652 | 652 |
#endif |
653 | 653 |
return EX_USAGE; |
654 | 654 |
} |
... | ... |
@@ -694,6 +728,9 @@ main(int argc, char **argv) |
694 | 694 |
return EX_CONFIG; |
695 | 695 |
} |
696 | 696 |
|
697 |
+ if(sigFilename && !updateSigFile()) |
|
698 |
+ return EX_USAGE; |
|
699 |
+ |
|
697 | 700 |
if(!cfgopt(copt, "StreamSaveToDisk")) { |
698 | 701 |
fprintf(stderr, "%s: StreamSavetoDisk not enabled in %s\n", |
699 | 702 |
argv[0], cfgfile); |
... | ... |
@@ -769,6 +806,12 @@ main(int argc, char **argv) |
769 | 769 |
} |
770 | 770 |
|
771 | 771 |
if(!cfgopt(copt, "Foreground")) { |
772 |
+ |
|
773 |
+#ifdef CL_DEBUG |
|
774 |
+ printf("When debugging it is recommended that you use Foreground mode in %s\n", cfgfile); |
|
775 |
+ puts("So that you can see all of the messages"); |
|
776 |
+#endif |
|
777 |
+ |
|
772 | 778 |
switch(fork()) { |
773 | 779 |
case -1: |
774 | 780 |
perror("fork"); |
... | ... |
@@ -1123,7 +1166,7 @@ clamfi_envfrom(SMFICTX *ctx, char **argv) |
1123 | 1123 |
privdata->filename = NULL; |
1124 | 1124 |
return cl_error; |
1125 | 1125 |
} |
1126 |
- privdata->dataSocket = open(privdata->filename, O_CREAT|O_EXCL|O_WRONLY,0600); |
|
1126 |
+ privdata->dataSocket = open(privdata->filename, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC, 0600); |
|
1127 | 1127 |
#endif |
1128 | 1128 |
} while((--ntries > 0) && (privdata->dataSocket < 0)); |
1129 | 1129 |
|
... | ... |
@@ -1508,13 +1551,16 @@ clamfi_eom(SMFICTX *ctx) |
1508 | 1508 |
/* |
1509 | 1509 |
* Add a signature that all has been scanned OK |
1510 | 1510 |
*/ |
1511 |
- assert(Sflag != 0); |
|
1511 |
+ off_t len = updateSigFile(); |
|
1512 | 1512 |
|
1513 |
- privdata->body = realloc(privdata->body, privdata->bodyLen + sizeof(signature)); |
|
1514 |
- memcpy(&privdata->body[privdata->bodyLen], signature, sizeof(signature)); |
|
1513 |
+ if(len) { |
|
1514 |
+ assert(Sflag != 0); |
|
1515 | 1515 |
|
1516 |
- smfi_replacebody(ctx, privdata->body, privdata->bodyLen + sizeof(signature)); |
|
1516 |
+ privdata->body = realloc(privdata->body, privdata->bodyLen + len); |
|
1517 |
+ memcpy(&privdata->body[privdata->bodyLen], signature, len); |
|
1517 | 1518 |
|
1519 |
+ smfi_replacebody(ctx, privdata->body, privdata->bodyLen + len); |
|
1520 |
+ } |
|
1518 | 1521 |
} |
1519 | 1522 |
} else { |
1520 | 1523 |
int i; |
... | ... |
@@ -1864,3 +1910,43 @@ clamd_recv(int sock, char *buf, size_t len) |
1864 | 1864 |
} |
1865 | 1865 |
return recv(sock, buf, len, 0); |
1866 | 1866 |
} |
1867 |
+ |
|
1868 |
+/* |
|
1869 |
+ * Read in the signature file |
|
1870 |
+ */ |
|
1871 |
+static off_t |
|
1872 |
+updateSigFile(void) |
|
1873 |
+{ |
|
1874 |
+ struct stat statb; |
|
1875 |
+ int fd; |
|
1876 |
+ |
|
1877 |
+ if(sigFilename == NULL) |
|
1878 |
+ /* nothing to read */ |
|
1879 |
+ return signature ? strlen(signature) : 0; |
|
1880 |
+ |
|
1881 |
+ if(stat(sigFilename, &statb) < 0) { |
|
1882 |
+ perror(sigFilename); |
|
1883 |
+ if(use_syslog) |
|
1884 |
+ syslog(LOG_ERR, "Can't stat %s\n", sigFilename); |
|
1885 |
+ return 0; |
|
1886 |
+ } |
|
1887 |
+ |
|
1888 |
+ if(statb.st_mtime <= signatureStamp) |
|
1889 |
+ return statb.st_size; /* not changed */ |
|
1890 |
+ |
|
1891 |
+ fd = open(sigFilename, O_RDONLY); |
|
1892 |
+ if(fd < 0) { |
|
1893 |
+ perror(sigFilename); |
|
1894 |
+ if(use_syslog) |
|
1895 |
+ syslog(LOG_ERR, "Can't open %s\n", sigFilename); |
|
1896 |
+ return 0; |
|
1897 |
+ } |
|
1898 |
+ |
|
1899 |
+ signatureStamp = statb.st_mtime; |
|
1900 |
+ |
|
1901 |
+ signature = realloc(signature, statb.st_size); |
|
1902 |
+ read(fd, signature, statb.st_size); |
|
1903 |
+ close(fd); |
|
1904 |
+ |
|
1905 |
+ return statb.st_size; |
|
1906 |
+} |