@@ -1,3 +1,7 @@

+Wed Nov 16 15:57:24 CET 2011 (tk)

+---------------------------------

+ * clamd: initial support for on-access scanner using fanotify (bb#2236)

+

 Mon Nov 14 21:22:26 CET 2011 (acab)

 -----------------------------------

  * libclamav: add preliminary support for iso9660 image files

@@ -18,9 +18,6 @@

 /* name of the clamav user */

 #undef CLAMAVUSER

-/* enable clamuko */

-#undef CLAMUKO

-

 /* enable debugging */

 #undef CL_DEBUG

@@ -87,6 +84,9 @@

 /* "default FD_SETSIZE value" */

 #undef DEFAULT_FD_SETSIZE

+/* use fanotify */

+#undef FANOTIFY

+

 /* whether _XOPEN_SOURCE needs to be defined for fd passing to work */

 #undef FDPASS_NEED_XOPEN

@@ -44,7 +44,9 @@ clamd_SOURCES = \

     scanner.h \

     others.c \

     others.h \

-    shared.h

+    shared.h \

+    fan.c \

+    fan-syscalllib.h

 AM_CFLAGS=@WERR_CFLAGS@

@@ -83,14 +83,14 @@ am__clamd_SOURCES_DIST = $(top_srcdir)/shared/output.c \

 	$(top_srcdir)/shared/misc.h clamd.c tcpserver.c tcpserver.h \

 	localserver.c localserver.h session.c session.h thrmgr.c \

 	thrmgr.h server-th.c server.h scanner.c scanner.h others.c \

-	others.h shared.h

+	others.h shared.h fan.c fan-syscalllib.h

 @BUILD_CLAMD_TRUE@am_clamd_OBJECTS = output.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	optparser.$(OBJEXT) getopt.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	misc.$(OBJEXT) clamd.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	tcpserver.$(OBJEXT) localserver.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	session.$(OBJEXT) thrmgr.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	server-th.$(OBJEXT) scanner.$(OBJEXT) \

-@BUILD_CLAMD_TRUE@	others.$(OBJEXT)

+@BUILD_CLAMD_TRUE@	others.$(OBJEXT) fan.$(OBJEXT)

 clamd_OBJECTS = $(am_clamd_OBJECTS)

 clamd_LDADD = $(LDADD)

 AM_V_lt = $(am__v_lt_$(V))

@@ -316,7 +316,9 @@ top_srcdir = @top_srcdir@

 @BUILD_CLAMD_TRUE@    scanner.h \

 @BUILD_CLAMD_TRUE@    others.c \

 @BUILD_CLAMD_TRUE@    others.h \

-@BUILD_CLAMD_TRUE@    shared.h

+@BUILD_CLAMD_TRUE@    shared.h \

+@BUILD_CLAMD_TRUE@    fan.c \

+@BUILD_CLAMD_TRUE@    fan-syscalllib.h

 @BUILD_CLAMD_TRUE@AM_CFLAGS = @WERR_CFLAGS@

 AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav

@@ -429,6 +431,7 @@ distclean-compile:

 	-rm -f *.tab.c

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clamd.Po@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fan.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getopt.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/localserver.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@

new file mode 100644

@@ -0,0 +1,28 @@

+#ifndef __FANOTIFY_SYSCALL_LIB

+#define __FANOTIFY_SYSCALL_LIB

+

+#include <unistd.h>

+#include <linux/types.h>

+

+#if defined(__x86_64__)

+# define __NR_fanotify_init	300

+# define __NR_fanotify_mark	301

+#elif defined(__i386__)

+# define __NR_fanotify_init	338

+# define __NR_fanotify_mark	339

+#else

+# error "System call numbers not defined for this architecture"

+#endif

+

+static inline int fanotify_init(unsigned int flags, unsigned int event_f_flags)

+{

+	return syscall(__NR_fanotify_init, flags, event_f_flags);

+}

+

+static inline int fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,

+				int dfd, const char *pathname)

+{

+	return syscall(__NR_fanotify_mark, fanotify_fd, flags, mask,

+		       dfd, pathname);

+}

+#endif

new file mode 100644

@@ -0,0 +1,225 @@

+/*

+ *  Copyright (C) 2011 Sourcefire, Inc.

+ *

+ *  Authors: Tomasz Kojm

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#ifdef FANOTIFY

+

+#include <stdio.h>

+#include <unistd.h>

+#include <sys/types.h>

+#include <sys/stat.h>

+#include <fcntl.h>

+#include <signal.h>

+#include <pthread.h>

+#include <string.h>

+#include <errno.h>

+

+#include <linux/fanotify.h>

+#include "fan-syscalllib.h"

+#include "fan.h"

+

+#include "libclamav/clamav.h"

+#include "libclamav/scanners.h"

+

+#include "shared/optparser.h"

+#include "shared/output.h"

+

+#include "server.h"

+#include "others.h"

+#include "scanner.h"

+

+static void fan_exit(int sig)

+{

+

+    logg("*ScanOnAccess: fan_exit(), signal %d\n", sig);

+    pthread_exit(NULL);

+    logg("ScanOnAccess: stopped\n");

+}

+

+static int fan_scanfile(int fan_fd, const char *fname, struct fanotify_event_metadata *fmd, int scan, int extinfo, struct thrarg *tharg)

+{

+	struct fanotify_response res;

+	struct cb_context context;

+	const char *virname;

+	int ret = 0;

+

+    res.fd = fmd->fd;

+    res.response = FAN_ALLOW;

+    context.filename = fname;

+    context.virsize = 0;

+    if(scan && cl_scandesc_callback(fmd->fd, &virname, NULL, tharg->engine, tharg->options, &context) == CL_VIRUS) {

+	if(context.virsize)

+	    detstats_add(virname, fname, context.virsize, context.virhash);

+	if(extinfo && context.virsize)

+	    logg("ScanOnAccess: %s: %s(%s:%llu) FOUND\n", fname, virname, context.virhash, context.virsize);

+	else

+	    logg("ScanOnAccess: %s: %s FOUND\n", fname, virname);

+	virusaction(fname, virname, tharg->opts);

+	res.response = FAN_DENY;

+    }

+

+    if(fmd->mask & FAN_ALL_PERM_EVENTS) {

+	ret = write(fan_fd, &res, sizeof(res));

+	if(ret == -1)

+	    logg("!ScanOnAccess: Internal error (can't write to fanotify)\n");

+    }

+

+    return ret;

+}

+

+void *fan_th(void *arg)

+{

+	struct thrarg *tharg = (struct thrarg *) arg;

+	sigset_t sigset;

+        struct sigaction act;

+	const struct optstruct *pt;

+	short int scan;

+	int sizelimit = 0, extinfo;

+	struct stat sb;

+        uint64_t fan_mask = FAN_ACCESS | FAN_EVENT_ON_CHILD;

+	int fan_fd;

+        fd_set rfds;

+	char buf[4096];

+	ssize_t bread;

+	struct fanotify_event_metadata *fmd;

+	char fname[1024];

+	int ret, len;

+	char err[128];

+

+    /* ignore all signals except SIGUSR1 */

+    sigfillset(&sigset);

+    sigdelset(&sigset, SIGUSR1);

+    /* The behavior of a process is undefined after it ignores a 

+     * SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */

+    sigdelset(&sigset, SIGFPE);

+    sigdelset(&sigset, SIGILL);

+    sigdelset(&sigset, SIGSEGV);

+#ifdef SIGBUS    

+    sigdelset(&sigset, SIGBUS);

+#endif

+    pthread_sigmask(SIG_SETMASK, &sigset, NULL);

+    memset(&act, 0, sizeof(struct sigaction));

+    act.sa_handler = fan_exit;

+    sigfillset(&(act.sa_mask));

+    sigaction(SIGUSR1, &act, NULL);

+    sigaction(SIGSEGV, &act, NULL);

+

+    fan_fd = fanotify_init(0, O_RDONLY);

+    if(fan_fd < 0) {

+	logg("!ScanOnAccess: fanotify_init failed: %s\n", cli_strerror(errno, err, sizeof(err)));

+	if(errno == EPERM)

+	    logg("ScanOnAccess: clamd must be started by root\n");

+	return NULL;

+    }

+

+    if((pt = optget(tharg->opts, "OnAccessIncludePath"))->enabled) {

+	while(pt) {

+	    if(fanotify_mark(fan_fd, FAN_MARK_ADD, fan_mask, fan_fd, pt->strarg) != 0) {

+		logg("!ScanOnAccess: Can't include path '%s'\n", pt->strarg);

+		return NULL;

+	    } else

+		logg("ScanOnAccess: Protecting directory '%s'\n", pt->strarg);

+	    pt = (struct optstruct *) pt->nextarg;

+	}

+    } else {

+	logg("!ScanOnAccess: Please specify at least one path with OnAccessIncludePath\n");

+	return NULL;

+    }

+

+    if((pt = optget(tharg->opts, "OnAccessExcludePath"))->enabled) {

+	while(pt) {

+            if(fanotify_mark(fan_fd, FAN_MARK_REMOVE, fan_mask, fan_fd, pt->strarg) != 0) {

+		logg("!ScanOnAccess: Can't exclude path %s\n", pt->strarg);

+		return NULL;

+	    } else

+		logg("ScanOnAccess: Excluded path %s\n", pt->strarg);

+	    pt = (struct optstruct *) pt->nextarg;

+	}

+    }

+

+    sizelimit = optget(tharg->opts, "OnAccessMaxFileSize")->numarg;

+    if(sizelimit)

+	logg("ScanOnAccess: Max file size limited to %d bytes\n", sizelimit);

+    else

+	logg("ScanOnAccess: File size limit disabled\n");

+

+    extinfo = optget(tharg->opts, "ExtendedDetectionInfo")->enabled;

+

+    FD_ZERO(&rfds);

+    FD_SET(fan_fd, &rfds);

+    do {

+        ret = select(fan_fd + 1, &rfds, NULL, NULL, NULL);

+    } while(ret == -1 && errno == EINTR);

+

+    while((bread = read(fan_fd, buf, sizeof(buf))) > 0) {

+	fmd = (struct fanotify_event_metadata *) buf;

+	while(FAN_EVENT_OK(fmd, bread)) {

+	    scan = 1;

+	    if(fmd->fd >= 0) {

+		sprintf(fname, "/proc/self/fd/%d", fmd->fd);

+		len = readlink(fname, fname, sizeof(fname) - 1);

+		if(len == -1) {

+		    close(fmd->fd);

+		    logg("!ScanOnAccess: Internal error (readlink() failed)\n");

+		    return NULL;

+		}

+		fname[len] = 0;

+

+		if(fan_checkowner(fmd->pid, tharg->opts)) {

+		    scan = 0;

+		    logg("*ScanOnAccess: %s skipped (excluded UID)\n", fname);

+		}

+

+		if(sizelimit) {

+		    fstat(fmd->fd, &sb);

+		    if(sb.st_size > sizelimit) {

+			scan = 0;

+			/* logg("*ScanOnAccess: %s skipped (size > %d)\n", fname, sizelimit); */

+		    }

+		}

+

+		if(fan_scanfile(fan_fd, fname, fmd, scan, extinfo, tharg) == -1) {

+		    close(fmd->fd);

+		    return NULL;

+		}

+

+		if(close(fmd->fd) == -1) {

+		    printf("!ScanOnAccess: Internal error (close(%d) failed)\n", fmd->fd);

+		    close(fmd->fd);

+		    return NULL;

+		}

+	    }

+	    fmd = FAN_EVENT_NEXT(fmd, bread);

+	}

+	do {

+	    ret = select(fan_fd + 1, &rfds, NULL, NULL, NULL);

+	} while(ret == -1 && errno == EINTR);

+    }

+

+    if(bread < 0)

+	logg("!ScanOnAccess: Internal error (failed to read data)\n");

+

+    return NULL;

+}

+

+#endif

new file mode 100644

@@ -0,0 +1,26 @@

+/*

+ *  Copyright (C) 2011 Sourcefire, Inc.

+ *

+ *  Authors: Tomasz Kojm

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#ifndef __FAN_H

+#define __FAN_H

+

+void *fan_th(void *arg);

+

+#endif

@@ -723,14 +723,14 @@ void detstats_print(int desc, char term)

     pthread_mutex_unlock(&detstats_lock);

 }

-#if 0 /* CLAMUKO */

-int clamuko_checkowner(int pid, const struct optstruct *opts)

+#ifdef FANOTIFY

+int fan_checkowner(int pid, const struct optstruct *opts)

 {

 	char path[32];

 	struct stat sb;

 	const struct optstruct *opt;

-    if(!(opt = optget(opts, "ClamukoExcludeUID"))->enabled)

+    if(!(opt = optget(opts, "OnAccessExcludeUID"))->enabled)

 	return 0;

     snprintf(path, sizeof(path), "/proc/%u", pid);

@@ -86,8 +86,8 @@ void detstats_clear(void);

 void detstats_add(const char *virname, const char *fname, unsigned int fsize, const char *md5);

 void detstats_print(int desc, char term);

-#if 0 /* CLAMUKO */

-int clamuko_checkowner(int pid, const struct optstruct *opts);

+#ifdef FANOTIFY

+int fan_checkowner(int pid, const struct optstruct *opts);

 #endif

 #endif

@@ -49,6 +49,7 @@

 #include "shared/output.h"

 #include "shared/optparser.h"

+#include "fan.h"

 #include "server.h"

 #include "thrmgr.h"

 #include "session.h"

@@ -60,8 +61,6 @@

 #define BUFFSIZE 1024

-#undef CLAMUKO /* FIXME */

-

 int progexit = 0;

 pthread_mutex_t exit_mutex = PTHREAD_MUTEX_INITIALIZER;

 int reload = 0;

@@ -710,9 +709,9 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

 	unsigned int selfchk;

 	threadpool_t *thr_pool;

-#ifdef CLAMUKO

-	pthread_t clamuko_pid;

-	pthread_attr_t clamuko_attr;

+#ifdef FANOTIFY

+	pthread_t fan_pid;

+	pthread_attr_t fan_attr;

 	struct thrarg *tharg = NULL; /* shut up gcc */

 #endif

@@ -1005,24 +1004,24 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

     logg("*MaxQueue set to: %d\n", max_queue);

     acceptdata.max_queue = max_queue;

-    if(optget(opts, "ClamukoScanOnAccess")->enabled)

-#ifdef CLAMUKO

+    if(optget(opts, "ScanOnAccess")->enabled)

+#ifdef FANOTIFY

     {

         do {

-	    if(pthread_attr_init(&clamuko_attr)) break;

-	    pthread_attr_setdetachstate(&clamuko_attr, PTHREAD_CREATE_JOINABLE);

+	    if(pthread_attr_init(&fan_attr)) break;

+	    pthread_attr_setdetachstate(&fan_attr, PTHREAD_CREATE_JOINABLE);

 	    if(!(tharg = (struct thrarg *) malloc(sizeof(struct thrarg)))) break;

 	    tharg->opts = opts;

 	    tharg->engine = engine;

 	    tharg->options = options;

-	    if(!pthread_create(&clamuko_pid, &clamuko_attr, clamukoth, tharg)) break;

+	    if(!pthread_create(&fan_pid, &fan_attr, fan_th, tharg)) break;

 	    free(tharg);

 	    tharg=NULL;

 	} while(0);

-	if (!tharg) logg("!Unable to start Clamuko\n");

+	if (!tharg) logg("!Unable to start on-access scan\n");

     }

 #else

-	logg("Clamuko is not available.\n");

+	logg("!On-access scan is not available\n");

 #endif

 #ifndef	_WIN32

@@ -1285,11 +1284,11 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

 	pthread_mutex_lock(&reload_mutex);

 	if(reload) {

 	    pthread_mutex_unlock(&reload_mutex);

-#ifdef CLAMUKO

-	    if(optget(opts, "ClamukoScanOnAccess")->enabled && tharg) {

-		logg("Stopping and restarting Clamuko.\n");

-		pthread_kill(clamuko_pid, SIGUSR1);

-		pthread_join(clamuko_pid, NULL);

+#ifdef FANOTIFY

+	    if(optget(opts, "ScanOnAccess")->enabled && tharg) {

+		logg("Restarting on-access scan\n");

+		pthread_kill(fan_pid, SIGUSR1);

+		pthread_join(fan_pid, NULL);

 	    }

 #endif

 	    engine = reload_db(engine, dboptions, opts, FALSE, &ret);

@@ -1304,10 +1303,10 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

 	    reload = 0;

 	    time(&reloaded_time);

 	    pthread_mutex_unlock(&reload_mutex);

-#ifdef CLAMUKO

-	    if(optget(opts, "ClamukoScanOnAccess")->enabled && tharg) {

+#ifdef FANOTIFY

+	    if(optget(opts, "ScanOnAccess")->enabled && tharg) {

 		tharg->engine = engine;

-		pthread_create(&clamuko_pid, &clamuko_attr, clamukoth, tharg);

+		pthread_create(&fan_pid, &fan_attr, fan_th, tharg);

 	    }

 #endif

 	    time(&start_time);

@@ -1331,11 +1330,11 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

      */

     logg("*Waiting for all threads to finish\n");

     thrmgr_destroy(thr_pool);

-#ifdef CLAMUKO

-    if(optget(opts, "ClamukoScanOnAccess")->enabled) {

-	logg("Stopping Clamuko.\n");

-	pthread_kill(clamuko_pid, SIGUSR1);

-	pthread_join(clamuko_pid, NULL);

+#ifdef FANOTIFY

+    if(optget(opts, "ScanOnAccess")->enabled) {

+	logg("Stopping on-access scan\n");

+	pthread_kill(fan_pid, SIGUSR1);

+	pthread_join(fan_pid, NULL);

     }

 #endif

     if(engine) {

@@ -836,7 +836,7 @@ enable_unrar

 enable_getaddrinfo

 enable_ipv6

 enable_dns

-enable_clamuko

+enable_fanotify

 enable_milter

 with_system_tommath

 with_iconv

@@ -1518,7 +1518,7 @@ Optional Features:

   --disable-ipv6          disable IPv6 support

   --disable-dns           disable support for database verification through

                           DNS

-  --disable-clamuko	  disable clamuko support (Linux, DragonFly and FreeBSD only)

+  --disable-fanotify	  disable fanotify support (Linux only)

   --enable-milter	  build clamav-milter

   --disable-pthreads      disable POSIX threads support

   --disable-cr		  don't link with C reentrant library (BSD)

@@ -17107,11 +17107,11 @@ fi

-# Check whether --enable-clamuko was given.

-if test "${enable_clamuko+set}" = set; then :

-  enableval=$enable_clamuko; want_clamuko=$enableval

+# Check whether --enable-fanotify was given.

+if test "${enable_fanotify+set}" = set; then :

+  enableval=$enable_fanotify; want_fanotify=$enableval

 else

-  want_clamuko="yes"

+  want_fanotify="yes"

 fi

@@ -17622,9 +17622,14 @@ $as_echo "#define C_LINUX 1" >>confdefs.h

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-lpthread"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

+	if test "$want_fanotify" = "yes"; then

+	    ac_fn_c_check_header_mongrel "$LINENO" "linux/fanotify.h" "ac_cv_header_linux_fanotify_h" "$ac_includes_default"

+if test "x$ac_cv_header_linux_fanotify_h" = xyes; then :

+

+$as_echo "#define FANOTIFY 1" >>confdefs.h

+

+fi

-$as_echo "#define CLAMUKO 1" >>confdefs.h

 	fi

     fi

@@ -17636,11 +17641,6 @@ $as_echo "#define C_KFREEBSD_GNU 1" >>confdefs.h

     if test "$have_pthreads" = "yes"; then

        THREAD_LIBS="-lpthread"

        TH_SAFE="-thread-safe"

-       if test "$want_clamuko" = "yes"; then

-

-$as_echo "#define CLAMUKO 1" >>confdefs.h

-

-       fi

     fi

     ;;

 solaris*)

@@ -17660,11 +17660,6 @@ freebsd[45]*)

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-pthread -lc_r"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

-

-$as_echo "#define CLAMUKO 1" >>confdefs.h

-

-	fi

     fi

 $as_echo "#define C_BSD 1" >>confdefs.h

@@ -17674,11 +17669,6 @@ freebsd*)

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-lthr"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

-

-$as_echo "#define CLAMUKO 1" >>confdefs.h

-

-	fi

     fi

 $as_echo "#define C_BSD 1" >>confdefs.h

@@ -17688,11 +17678,6 @@ dragonfly*)

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-pthread"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

-

-$as_echo "#define CLAMUKO 1" >>confdefs.h

-

-	fi

     fi

 $as_echo "#define C_BSD 1" >>confdefs.h

@@ -26143,15 +26128,15 @@ fi

-   $as_echo_n "              clamuko     : "

-   if test "x$want_clamuko" = "xno"; then :

-  $as_echo "$want_clamuko (disabled)"

-elif test "x$want_clamuko" = "xyes"; then :

-  $as_echo "$want_clamuko"

-elif test "x$want_clamuko" = "x"; then :

-  $as_echo "$want_clamuko"

+   $as_echo_n "              fanotify    : "

+   if test "x$want_fanotify" = "xno"; then :

+  $as_echo "$want_fanotify (disabled)"

+elif test "x$want_fanotify" = "xyes"; then :

+  $as_echo "$want_fanotify"

+elif test "x$want_fanotify" = "x"; then :

+  $as_echo "$want_fanotify"

 else

-  $as_echo "$want_clamuko ($want_clamuko)"

+  $as_echo "$want_fanotify ($want_fanotify)"

 fi

 if test "x$ac_cv_have_control_in_msghdr" = "xyes"; then

@@ -730,9 +730,9 @@ fi

 AC_C_DNS

-AC_ARG_ENABLE([clamuko],

-[  --disable-clamuko	  disable clamuko support (Linux, DragonFly and FreeBSD only)],

-want_clamuko=$enableval, want_clamuko="yes")

+AC_ARG_ENABLE([fanotify],

+[  --disable-fanotify	  disable fanotify support (Linux only)],

+want_fanotify=$enableval, want_fanotify="yes")

 dnl AC_FUNC_SETPGRP does not work when cross compiling

 dnl Instead, assume we will have a prototype for setpgrp if cross compiling.

@@ -952,8 +952,8 @@ linux*)

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-lpthread"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

-	    AC_DEFINE([CLAMUKO],1,[enable clamuko])

+	if test "$want_fanotify" = "yes"; then

+	    AC_CHECK_HEADER([linux/fanotify.h],AC_DEFINE([FANOTIFY],1,[use fanotify]),)

 	fi

     fi

     ;;

@@ -962,9 +962,6 @@ kfreebsd*-gnu)

     if test "$have_pthreads" = "yes"; then

        THREAD_LIBS="-lpthread"

        TH_SAFE="-thread-safe"

-       if test "$want_clamuko" = "yes"; then

-           AC_DEFINE([CLAMUKO],1,[enable clamuko])

-       fi

     fi

     ;;

 solaris*)

@@ -982,9 +979,6 @@ freebsd[[45]]*)

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-pthread -lc_r"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

-	    AC_DEFINE([CLAMUKO],1,[enable clamuko])

-	fi

     fi

     AC_DEFINE([C_BSD],1,[os is freebsd 4 or 5])

     ;;

@@ -992,9 +986,6 @@ freebsd*)

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-lthr"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

-	    AC_DEFINE([CLAMUKO],1,[enable clamuko])

-	fi

     fi

     AC_DEFINE([C_BSD],1,[os is freebsd 6])

     ;;

@@ -1002,9 +993,6 @@ dragonfly*)

     if test "$have_pthreads" = "yes"; then

 	THREAD_LIBS="-pthread"

 	TH_SAFE="-thread-safe"

-	if test "$want_clamuko" = "yes"; then

-	    AC_DEFINE([CLAMUKO],1,[enable clamuko])

-	fi

     fi

     AC_DEFINE([C_BSD],1,[os is dragonfly])

     ;;

@@ -1676,7 +1664,7 @@ else

     check_libs="$CHECK_LIBS"

 fi

 CL_MSG_STATUS([check       ],[$check_libs],[$enable_check_ut])

-CL_MSG_STATUS([clamuko     ],[$want_clamuko],[$want_clamuko])

+CL_MSG_STATUS([fanotify    ],[$want_fanotify],[$want_fanotify])

 if test "x$ac_cv_have_control_in_msghdr" = "xyes"; then

     CL_MSG_STATUS([fdpassing   ],[$have_fdpass],[$want_fdpassing])

 else

@@ -329,23 +329,15 @@ const struct clam_option __clam_options[] = {

     { "MaxFiles", "max-files", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXFILES, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Number of files to be scanned within an archive, a document, or any other\ncontainer file.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage to the system.", "10000" },

-    { "ClamukoScanOnAccess", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables Clamuko. Dazuko needs to be already configured and\nrunning.", "no" },

+    { "ScanOnAccess", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables on-access scanning (Linux only)", "no" },

-    { "ClamukoScannerCount", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_CLAMD, "The number of scanner threads that will be started (DazukoFS only).\nHaving multiple scanner threads allows Clamuko to serve multiple\nprocesses simultaneously. This is particularly beneficial on SMP machines.", "3" },

+    { "OnAccessIncludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option specifies a directory (including all files and directories\ninside it), which should be scanned on access. This option can\nbe used multiple times.", "/home\n/students" },

-    { "ClamukoScanOnOpen", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "Scan files when they get opened by the system.", "yes" },

+    { "OnAccessExcludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option allows excluding directories from on-access scanning. It can\nbe used multiple times.", "/home/bofh\n/root" },

-    { "ClamukoScanOnClose", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "Scan files when they get closed by the system.", "yes" },

+    { "OnAccessExcludeUID", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "With this option you can whitelist specific UIDs. Processes with these UIDs\nwill be able to access all files.\nThis option can be used multiple times (one per line).", "0" },

-    { "ClamukoScanOnExec", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "Scan files when they get executed by the system.", "yes" },

-

-    { "ClamukoIncludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option specifies a directory (together will all files and directories\ninside this directory) which should be scanned on-access. This option can\nbe used multiple times.", "/home\n/students" },

-

-    { "ClamukoExcludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option allows excluding directories from on-access scanning. It can\nbe used multiple times.", "/home/bofh\n/root" },

-

-    { "ClamukoExcludeUID", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "With this option you can whitelist specific UIDs. Processes with these UIDs\nwill be able to access all files.\nThis option can be used multiple times (one per line).", "0" },

-

-    { "ClamukoMaxFileSize", NULL, 0, TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned.", "5M" },

+    { "OnAccessMaxFileSize", NULL, 0, TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned in on access.", "5M" },

     /* FIXME: mark these as private and don't output into clamd.conf/man */

     { "DevACOnly", "dev-ac-only", 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, FLAG_HIDDEN, OPT_CLAMD | OPT_CLAMSCAN, "", "" },

@@ -430,6 +422,15 @@ const struct clam_option __clam_options[] = {

     { "ArchiveBlockMax", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

     { "ArchiveLimitMemoryUsage", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

     { "MailFollowURLs", "mail-follow-urls", 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },

+    { "ClamukoScanOnAccess", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoScannerCount", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoScanOnOpen", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoScanOnClose", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoScanOnExec", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoIncludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoExcludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoExcludeUID", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },

+    { "ClamukoMaxFileSize", NULL, 0, TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },

     /* Milter specific options */