git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1208 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/12/21 12:14:58... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Tue Dec 21 04:11:48 CET 2004 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * freshclam: DNSDatabaseInfo: optimised and hardcoded |
|
4 |
+ |
|
1 | 5 |
Mon Dec 20 14:52:03 GMT 2004 (trog) |
2 | 6 |
----------------------------------- |
3 | 7 |
* libclamav/chmunpack.c: relax over stringent offset checks. |
... | ... |
@@ -64,9 +64,9 @@ Enable verbose logging. |
64 | 64 |
Default: disabled |
65 | 65 |
.TP |
66 | 66 |
\fBDNSDatabaseInfo STRING\fR |
67 |
-This directive enables database and software version verification through DNS TXT records. We highly recommend enabling it. Please use the current.cvd.clamav.net record. |
|
67 |
+This directive enables database and software version verification through DNS TXT records. |
|
68 | 68 |
.br |
69 |
-Default: disabled |
|
69 |
+Default: enabled, pointing to current.cvd.clamav.net |
|
70 | 70 |
.TP |
71 | 71 |
\fBDatabaseMirror STRING\fR |
72 | 72 |
Server name where database updates are downloaded from. database.clamav.net is a round\-robin record which points ClamAV users to most reliable mirrors. If this option is given multiple times, freshclam(1) tries them in the order given if one download fails. |
... | ... |
@@ -44,10 +44,10 @@ Example |
44 | 44 |
#AllowSupplementaryGroups |
45 | 45 |
|
46 | 46 |
# Use DNS to verify virus database version. Freshclam uses DNS TXT records |
47 |
-# to verify database and software versions. We highly recommend enabling |
|
48 |
-# this option. |
|
49 |
-# Default: disabled |
|
50 |
-DNSDatabaseInfo current.cvd.clamav.net |
|
47 |
+# to verify database and software versions. With this directive you can change |
|
48 |
+# the database verification domain. |
|
49 |
+# Default: enabled, pointing to current.cvd.clamav.net |
|
50 |
+#DNSDatabaseInfo current.cvd.clamav.net |
|
51 | 51 |
|
52 | 52 |
# Uncomment the following line and replace XY with your country |
53 | 53 |
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. |
... | ... |
@@ -49,6 +49,8 @@ char *txtquery(const char *domain, unsigned int *ttl) |
49 | 49 |
return NULL; |
50 | 50 |
} |
51 | 51 |
|
52 |
+ mprintf("*Querying %s\n", domain); |
|
53 |
+ |
|
52 | 54 |
memset(answer, 0, PACKETSZ); |
53 | 55 |
if((len = res_query(domain, C_IN, T_TXT, answer, PACKETSZ)) < 0) { |
54 | 56 |
mprintf("@Can't query %s\n", domain); |
... | ... |
@@ -53,10 +53,12 @@ |
53 | 53 |
int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, const char *hostname) |
54 | 54 |
{ |
55 | 55 |
time_t currtime; |
56 |
- int ret, updated = 0, signo = 0, usedns; |
|
57 |
- char ipaddr[16]; |
|
56 |
+ int ret, updated = 0, signo = 0, ttl = -1; |
|
57 |
+ char ipaddr[16], *dnsreply = NULL, *pt; |
|
58 | 58 |
struct cfgstruct *cpt; |
59 |
- |
|
59 |
+#ifdef HAVE_RESOLV_H |
|
60 |
+ const char *dnsdbinfo; |
|
61 |
+#endif |
|
60 | 62 |
|
61 | 63 |
time(&currtime); |
62 | 64 |
mprintf("ClamAV update process started at %s", ctime(&currtime)); |
... | ... |
@@ -69,21 +71,88 @@ int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, c |
69 | 69 |
logg("See the FAQ at http://www.clamav.net/faq.html for an explanation.\n"); |
70 | 70 |
#endif |
71 | 71 |
|
72 |
- optl(opt, "no-dns") ? (usedns = 0) : (usedns = 1); |
|
72 |
+#ifdef HAVE_RESOLV_H |
|
73 |
+ if((cpt = cfgopt(copt, "DNSDatabaseInfo"))) |
|
74 |
+ dnsdbinfo = cpt->strarg; |
|
75 |
+ else |
|
76 |
+ dnsdbinfo = "current.cvd.clamav.net"; |
|
77 |
+ |
|
78 |
+ if(optl(opt, "no-dns")) { |
|
79 |
+ dnsreply = NULL; |
|
80 |
+ } else { |
|
81 |
+ if((dnsreply = txtquery(dnsdbinfo, &ttl))) { |
|
82 |
+ mprintf("*TTL: %d\n", ttl); |
|
83 |
+ |
|
84 |
+ if((pt = cli_strtok(dnsreply, 3, ":"))) { |
|
85 |
+ int rt; |
|
86 |
+ time_t ct; |
|
87 |
+ |
|
88 |
+ rt = atoi(pt); |
|
89 |
+ free(pt); |
|
90 |
+ time(&ct); |
|
91 |
+ if((int) ct - rt > 10800) { |
|
92 |
+ mprintf("WARNING: DNS record is older than 3 hours.\n"); |
|
93 |
+ logg("WARNING: DNS record is older than 3 hours.\n"); |
|
94 |
+ free(dnsreply); |
|
95 |
+ dnsreply = NULL; |
|
96 |
+ } |
|
97 |
+ |
|
98 |
+ } else { |
|
99 |
+ free(dnsreply); |
|
100 |
+ dnsreply = NULL; |
|
101 |
+ } |
|
102 |
+ |
|
103 |
+ if(dnsreply && (pt = cli_strtok(dnsreply, 0, ":"))) { |
|
104 |
+ mprintf("*Software version from DNS: %s\n", pt); |
|
105 |
+ if(!strstr(cl_retver(), "devel")) { |
|
106 |
+ if(strcmp(cl_retver(), pt)) { |
|
107 |
+ mprintf("WARNING: Your ClamAV installation is OUTDATED - please update immediately!\n"); |
|
108 |
+ mprintf("WARNING: Local version: %s Recommended version: %s\n", cl_retver(), pt); |
|
109 |
+ logg("WARNING: Your ClamAV installation is OUTDATED - please update immediately!\n"); |
|
110 |
+ logg("WARNING: Local version: %s Recommended version: %s\n", cl_retver(), pt); |
|
111 |
+ } |
|
112 |
+ } |
|
113 |
+ free(pt); |
|
114 |
+ |
|
115 |
+ } else { |
|
116 |
+ if(dnsreply) { |
|
117 |
+ free(dnsreply); |
|
118 |
+ dnsreply = NULL; |
|
119 |
+ } |
|
120 |
+ } |
|
121 |
+ } |
|
122 |
+ |
|
123 |
+ if(!dnsreply) { |
|
124 |
+ mprintf("WARNING: Invalid DNS reply. Falling back to HTTP mode.\n"); |
|
125 |
+ logg("WARNING: Invalid DNS reply. Falling back to HTTP mode.\n"); |
|
126 |
+ } |
|
127 |
+ } |
|
128 |
+#endif /* HAVE_RESOLV_H */ |
|
73 | 129 |
|
74 | 130 |
memset(ipaddr, 0, sizeof(ipaddr)); |
75 | 131 |
|
76 |
- if((ret = downloaddb(DB1NAME, "main.cvd", hostname, ipaddr, &signo, copt, usedns)) > 50) |
|
132 |
+ if((ret = downloaddb(DB1NAME, "main.cvd", hostname, ipaddr, &signo, copt, dnsreply)) > 50) { |
|
133 |
+ if(dnsreply) |
|
134 |
+ free(dnsreply); |
|
135 |
+ |
|
77 | 136 |
return ret; |
78 |
- else if(ret == 0) |
|
137 |
+ |
|
138 |
+ } else if(ret == 0) |
|
79 | 139 |
updated = 1; |
80 | 140 |
|
81 | 141 |
/* if ipaddr[0] != 0 it will use it to connect to the web host */ |
82 |
- if((ret = downloaddb(DB2NAME, "daily.cvd", hostname, ipaddr, &signo, copt, usedns)) > 50) |
|
142 |
+ if((ret = downloaddb(DB2NAME, "daily.cvd", hostname, ipaddr, &signo, copt, dnsreply)) > 50) { |
|
143 |
+ if(dnsreply) |
|
144 |
+ free(dnsreply); |
|
145 |
+ |
|
83 | 146 |
return ret; |
84 |
- else if(ret == 0) |
|
147 |
+ |
|
148 |
+ } else if(ret == 0) |
|
85 | 149 |
updated = 1; |
86 | 150 |
|
151 |
+ if(dnsreply) |
|
152 |
+ free(dnsreply); |
|
153 |
+ |
|
87 | 154 |
if(updated) { |
88 | 155 |
if(cfgopt(copt, "HTTPProxyServer")) { |
89 | 156 |
mprintf("Database updated (%d signatures) from %s.\n", signo, hostname); |
... | ... |
@@ -131,12 +200,12 @@ static int isnumb(const char *str) |
131 | 131 |
return 1; |
132 | 132 |
} |
133 | 133 |
|
134 |
-int downloaddb(const char *localname, const char *remotename, const char *hostname, char *ip, int *signo, const struct cfgstruct *copt, int usedns) |
|
134 |
+int downloaddb(const char *localname, const char *remotename, const char *hostname, char *ip, int *signo, const struct cfgstruct *copt, const char *dnsreply) |
|
135 | 135 |
{ |
136 | 136 |
struct cl_cvd *current, *remote; |
137 | 137 |
struct cfgstruct *cpt; |
138 |
- int hostfd, nodb = 0, dbver = -1, ret, port = 0, ttl; |
|
139 |
- char *tempname, ipaddr[16], *dnsreply, *pt; |
|
138 |
+ int hostfd, nodb = 0, dbver = -1, ret, port = 0; |
|
139 |
+ char *tempname, ipaddr[16], *pt; |
|
140 | 140 |
const char *proxy = NULL, *user = NULL, *pass = NULL; |
141 | 141 |
int flevel = cl_retflevel(); |
142 | 142 |
|
... | ... |
@@ -144,68 +213,32 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna |
144 | 144 |
if((current = cl_cvdhead(localname)) == NULL) |
145 | 145 |
nodb = 1; |
146 | 146 |
|
147 |
+ if(!nodb && dnsreply) { |
|
148 |
+ int field = 0; |
|
147 | 149 |
|
148 |
- if(!nodb && usedns && (cpt = cfgopt(copt, "DNSDatabaseInfo"))) { |
|
149 |
- if((dnsreply = txtquery(cpt->strarg, &ttl))) { |
|
150 |
- int field = 0; |
|
151 |
- |
|
152 |
- mprintf("*TTL: %d\n", ttl); |
|
153 |
- |
|
154 |
- if(!strcmp(remotename, "main.cvd")) { |
|
155 |
- field = 1; |
|
156 |
- } else if(!strcmp(remotename, "daily.cvd")) { |
|
157 |
- field = 2; |
|
158 |
- } else { |
|
159 |
- mprintf("WARNING: Unknown database name (%s) passed.\n", remotename); |
|
160 |
- logg("WARNING: Unknown database name (%s) passed.\n", remotename); |
|
161 |
- } |
|
162 |
- |
|
163 |
- if(field && (pt = cli_strtok(dnsreply, 3, ":"))) { |
|
164 |
- int rt; |
|
165 |
- time_t ct; |
|
166 |
- |
|
167 |
- rt = atoi(pt); |
|
168 |
- free(pt); |
|
169 |
- time(&ct); |
|
170 |
- if((int) ct - rt > 10800) { |
|
171 |
- mprintf("WARNING: DNS record is older than 3 hours.\n"); |
|
172 |
- logg("WARNING: DNS record is older than 3 hours.\n"); |
|
173 |
- field = 0; |
|
174 |
- } |
|
175 |
- |
|
176 |
- } else { |
|
177 |
- field = 0; |
|
178 |
- } |
|
150 |
+ if(!strcmp(remotename, "main.cvd")) { |
|
151 |
+ field = 1; |
|
152 |
+ } else if(!strcmp(remotename, "daily.cvd")) { |
|
153 |
+ field = 2; |
|
154 |
+ } else { |
|
155 |
+ mprintf("WARNING: Unknown database name (%s) passed.\n", remotename); |
|
156 |
+ logg("WARNING: Unknown database name (%s) passed.\n", remotename); |
|
157 |
+ } |
|
179 | 158 |
|
180 |
- if(field && (pt = cli_strtok(dnsreply, field, ":"))) { |
|
181 |
- if(!isnumb(pt)) { |
|
182 |
- mprintf("WARNING: Broken database version in TXT record.\n"); |
|
183 |
- logg("WARNING: Broken database version in TXT record.\n"); |
|
184 |
- } else { |
|
185 |
- dbver = atoi(pt); |
|
186 |
- mprintf("*%s version from DNS: %d\n", remotename, dbver); |
|
187 |
- } |
|
188 |
- free(pt); |
|
159 |
+ if(field && (pt = cli_strtok(dnsreply, field, ":"))) { |
|
160 |
+ if(!isnumb(pt)) { |
|
161 |
+ mprintf("WARNING: Broken database version in TXT record.\n"); |
|
162 |
+ logg("WARNING: Broken database version in TXT record.\n"); |
|
189 | 163 |
} else { |
190 |
- mprintf("WARNING: Invalid DNS reply.\n"); |
|
191 |
- logg("WARNING: Invalid DNS reply.\n"); |
|
164 |
+ dbver = atoi(pt); |
|
165 |
+ mprintf("*%s version from DNS: %d\n", remotename, dbver); |
|
192 | 166 |
} |
193 |
- |
|
194 |
- if(field == 1 && (pt = cli_strtok(dnsreply, 0, ":"))) { |
|
195 |
- mprintf("*Software version from DNS: %s\n", pt); |
|
196 |
- if(!strstr(cl_retver(), "devel")) { |
|
197 |
- if(strcmp(cl_retver(), pt)) { |
|
198 |
- mprintf("WARNING: Your ClamAV installation is OUTDATED - please update immediately!\n"); |
|
199 |
- mprintf("WARNING: Local version: %s Recommended version: %s\n", cl_retver(), pt); |
|
200 |
- logg("WARNING: Your ClamAV installation is OUTDATED - please update immediately!\n"); |
|
201 |
- logg("WARNING: Local version: %s Recommended version: %s\n", cl_retver(), pt); |
|
202 |
- } |
|
203 |
- } |
|
204 |
- free(pt); |
|
205 |
- } |
|
206 |
- |
|
207 |
- free(dnsreply); |
|
167 |
+ free(pt); |
|
168 |
+ } else { |
|
169 |
+ mprintf("WARNING: Invalid DNS reply. Falling back to HTTP mode.\n"); |
|
170 |
+ logg("WARNING: Invalid DNS reply. Falling back to HTTP mode.\n"); |
|
208 | 171 |
} |
172 |
+ |
|
209 | 173 |
} |
210 | 174 |
|
211 | 175 |
/* Initialize proxy settings */ |
... | ... |
@@ -24,7 +24,7 @@ |
24 | 24 |
|
25 | 25 |
int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, const char *hostname); |
26 | 26 |
|
27 |
-int downloaddb(const char *localname, const char *remotename, const char *hostname, char *ip, int *signo, const struct cfgstruct *copt, int usedns); |
|
27 |
+int downloaddb(const char *localname, const char *remotename, const char *hostname, char *ip, int *signo, const struct cfgstruct *copt, const char *dnsreply); |
|
28 | 28 |
|
29 | 29 |
int wwwconnect(const char *server, const char *proxy, int pport, char *ip); |
30 | 30 |
|