git-svn: trunk@2072
Nigel Horne authored on 2006/07/13 00:38:36... | ... |
@@ -23,9 +23,26 @@ |
23 | 23 |
* |
24 | 24 |
* For installation instructions see the file INSTALL that came with this file |
25 | 25 |
*/ |
26 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.250 2006/07/12 07:25:43 njh Exp $"; |
|
26 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.251 2006/07/12 15:36:48 njh Exp $"; |
|
27 | 27 |
|
28 |
-#define CM_VERSION "devel-210606" |
|
28 |
+#define CM_VERSION "devel-120706" |
|
29 |
+ |
|
30 |
+/*#define DONT_SCAN_BLACK_HOLES /* |
|
31 |
+ * Don't scan emails to addresses set to |
|
32 |
+ * /dev/null in /etc/aliases |
|
33 |
+ * |
|
34 |
+ * Since sendmail calls its milters before it |
|
35 |
+ * looks in /etc/aliases we can spend time |
|
36 |
+ * looking for malware that's going to be |
|
37 |
+ * thrown away even if the message is clean. |
|
38 |
+ * Enable this #define to not scan these |
|
39 |
+ * messages. |
|
40 |
+ * Note that this needs -ldb to be added to |
|
41 |
+ * the link line, which isn't usually done. |
|
42 |
+ * You will also need the db4 SDK |
|
43 |
+ * |
|
44 |
+ * TODO: Handle virtusertable |
|
45 |
+ */ |
|
29 | 46 |
|
30 | 47 |
#if HAVE_CONFIG_H |
31 | 48 |
#include "clamav-config.h" |
... | ... |
@@ -54,6 +71,9 @@ static char const rcsid[] = "$Id: clamav-milter.c,v 1.250 2006/07/12 07:25:43 nj |
54 | 54 |
#if HAVE_STDINT_H |
55 | 55 |
#include <stdlib.h> |
56 | 56 |
#endif |
57 |
+#if HAVE_MEMORY_H |
|
58 |
+#include <memory.h> |
|
59 |
+#endif |
|
57 | 60 |
#if HAVE_STRING_H |
58 | 61 |
#include <string.h> |
59 | 62 |
#endif |
... | ... |
@@ -82,6 +102,15 @@ static char const rcsid[] = "$Id: clamav-milter.c,v 1.250 2006/07/12 07:25:43 nj |
82 | 82 |
#include <sys/param.h> |
83 | 83 |
#endif |
84 | 84 |
|
85 |
+#ifdef DONT_SCAN_BLACK_HOLES |
|
86 |
+#include <db.h> |
|
87 |
+ |
|
88 |
+#define ALIASES "/etc/aliases.db" /* some use /etc/mail/aliases.db */ |
|
89 |
+ |
|
90 |
+typedef struct __db DB; |
|
91 |
+static DB *db; |
|
92 |
+#endif |
|
93 |
+ |
|
85 | 94 |
#if HAVE_MMAP |
86 | 95 |
#if HAVE_SYS_MMAN_H |
87 | 96 |
#include <sys/mman.h> |
... | ... |
@@ -990,6 +1019,19 @@ main(int argc, char **argv) |
990 | 990 |
consolefd = open(console, O_WRONLY); |
991 | 991 |
#endif |
992 | 992 |
|
993 |
+#ifdef DONT_SCAN_BLACK_HOLES |
|
994 |
+ if(db_create(&db, NULL, 0) == 0) { |
|
995 |
+ int ret = db->open(db, NULL, ALIASES, NULL, DB_HASH, |
|
996 |
+ DB_RDONLY, 0644); |
|
997 |
+ |
|
998 |
+ if(ret != 0) { |
|
999 |
+ perror(ALIASES); |
|
1000 |
+ return EX_OSFILE; |
|
1001 |
+ } |
|
1002 |
+ } else |
|
1003 |
+ db = NULL; |
|
1004 |
+#endif |
|
1005 |
+ |
|
993 | 1006 |
if(getuid() == 0) { |
994 | 1007 |
if(iface) { |
995 | 1008 |
#ifdef SO_BINDTODEVICE |
... | ... |
@@ -2651,6 +2693,29 @@ clamfi_eoh(SMFICTX *ctx) |
2651 | 2651 |
return cl_error; |
2652 | 2652 |
} |
2653 | 2653 |
|
2654 |
+#ifdef DONT_SCAN_BLACK_HOLES |
|
2655 |
+ for(to = privdata->to; *to; to++) { |
|
2656 |
+ DBT key, data; |
|
2657 |
+ |
|
2658 |
+ memset(&key, '\0', sizeof(DBT)); |
|
2659 |
+ memset(&data, '\0', sizeof(DBT)); |
|
2660 |
+ |
|
2661 |
+ key.data = (char *)*to; |
|
2662 |
+ key.size = strlen(key.data) + 1; |
|
2663 |
+ |
|
2664 |
+ if(db->get(db, NULL, &key, &data, 0) == 0) |
|
2665 |
+ /* FIXME: The result may be aliased as well */ |
|
2666 |
+ if(strcmp(data.data, "/dev/null") == 0) |
|
2667 |
+ continue; |
|
2668 |
+ break; |
|
2669 |
+ } |
|
2670 |
+ if(*to == NULL) { |
|
2671 |
+ /* All recipients map to /dev/null */ |
|
2672 |
+ syslog(LOG_NOTICE, "discarded, since all recipients are /dev/null"); |
|
2673 |
+ return SMFIS_DISCARD; |
|
2674 |
+ } |
|
2675 |
+#endif |
|
2676 |
+ |
|
2654 | 2677 |
/* |
2655 | 2678 |
* See if the e-mail is only going to members of the list |
2656 | 2679 |
* of users we don't scan for. If it is, don't scan, otherwise |
... | ... |
@@ -2671,6 +2736,7 @@ clamfi_eoh(SMFICTX *ctx) |
2671 | 2671 |
* no need to check any further |
2672 | 2672 |
*/ |
2673 | 2673 |
return SMFIS_CONTINUE; |
2674 |
+ |
|
2674 | 2675 |
/* |
2675 | 2676 |
* Didn't find a recipient who is not on the white list, so all |
2676 | 2677 |
* must be on the white list, so just accept the e-mail |