/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015
* License: GPL
- * Copyright (c) The Exim Maintainers 2016
+ * Copyright (c) The Exim Maintainers 2017
*/
/* Code for calling virus (malware) scanners. Called from acl.c. */
test_byte_order()
{
short int word = 0x0001;
- char *byte = (char *) &word;
+ char *byte = CS &word;
return(byte[0] ? LITTLE_MY_ENDIAN : BIG_MY_ENDIAN);
}
*/
static inline int
m_tcpsocket(const uschar * hostname, unsigned int port,
- host_item * host, uschar ** errstr)
+ host_item * host, uschar ** errstr, const blob * fastopen_blob)
{
-return ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5, host, errstr);
+return ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5,
+ host, errstr, fastopen_blob);
}
static int
if (!(list_ele = string_nextinlist(list, sep, NULL, 0)))
*errstr = US listerr;
else
+ {
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "RE: ",
+ string_printing(list_ele));
cre = m_pcre_compile(CUS list_ele, errstr);
+ }
return cre;
}
else if (!(re = m_pcre_compile(malware_re, &errstr)))
return malware_errlog_defer(errstr);
-/* Reset sep that is set by previous string_nextinlist() call */
-sep = 0;
-
/* if av_scanner starts with a dollar, expand it first */
if (*av_scanner == '$')
{
scanner_name));
if (strcmpic(scanner_name, US scanent->name) != 0)
continue;
+ DEBUG(D_acl) debug_printf_indent("Malware scan: %s tmo=%s\n",
+ scanner_name, readconf_printtime(timeout));
+
if (!(scanner_options = string_nextinlist(&av_scanner_work, &sep, NULL, 0)))
scanner_options = scanent->options_default;
if (scanent->conn == MC_NONE)
break;
+
+ DEBUG(D_acl) debug_printf_indent("%15s%10s%s\n", "", "socket: ", scanner_options);
switch(scanent->conn)
{
case MC_TCP: sock = ip_tcpsocket(scanner_options, &errstr, 5); break;
return m_errlog_defer(scanent, CUS callout_address, errstr);
break;
}
- DEBUG(D_acl) debug_printf_indent("Malware scan: %s tmo %s\n", scanner_name, readconf_printtime(timeout));
switch (scanent->scancode)
{
if ((fsize = lseek(drweb_fd, 0, SEEK_END)) == -1)
{
- int err = errno;
+ int err;
+badseek: err = errno;
(void)close(drweb_fd);
return m_errlog_defer_3(scanent, NULL,
string_sprintf("can't seek spool file %s: %s",
sock);
}
drweb_slen = htonl(fsize);
- lseek(drweb_fd, 0, SEEK_SET);
+ if (lseek(drweb_fd, 0, SEEK_SET) < 0)
+ goto badseek;
DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s remote scan [%s]\n",
scanner_name, scanner_options);
if (drweb_vnum)
{
int i;
+ gstring * g = NULL;
/* setup default virus name */
malware_name = US"unknown";
/* read and concatenate virus names into one string */
for (i = 0; i < drweb_vnum; i++)
{
- int size = 0, off = 0, ovector[10*3];
+ int ovector[10*3];
+
/* read the size of report */
if (!recv_len(sock, &drweb_slen, sizeof(drweb_slen), tmo))
return m_errlog_defer_3(scanent, CUS callout_address,
pcre_get_substring(CS tmpbuf, ovector, result, 1, &pre_malware_nb);
if (i==0) /* the first name we just copy to malware_name */
- malware_name = string_append(NULL, &size, &off,
- 1, pre_malware_nb);
+ g = string_cat(NULL, US pre_malware_nb);
+ /*XXX could be string_append_listele? */
else /* concatenate each new virus name to previous */
- malware_name = string_append(malware_name, &size, &off,
- 2, "/", pre_malware_nb);
+ g = string_append(g, 2, "/", pre_malware_nb);
pcre_free_substring(pre_malware_nb);
}
}
+ malware_name = string_from_gstring(g);
}
else
{
if (buf[0] != '2') /* aveserver is having problems */
return m_errlog_defer_3(scanent, CUS callout_address,
string_sprintf("unavailable (Responded: %s).",
- ((buf[0] != 0) ? buf : (uschar *)"nothing") ),
+ ((buf[0] != 0) ? buf : US "nothing") ),
sock);
/* prepare our command */
if (buf[0] != '2') /* aveserver is having problems */
return m_errlog_defer_3(scanent, CUS callout_address,
string_sprintf("unable to quit dialogue (Responded: %s).",
- ((buf[0] != 0) ? buf : (uschar *)"nothing") ),
+ ((buf[0] != 0) ? buf : US "nothing") ),
sock);
if (result == DEFER)
uschar *p, *vname, *result_tag;
int bread=0;
- uschar * file_name;
uschar av_buffer[1024];
uschar *hostname = US"";
host_item connhost;
#else
uint32_t send_size, send_final_zeroblock;
#endif
+ blob cmd_str;
/*XXX if unixdomain socket, only one server supported. Needs fixing;
there's no reason we should not mix local and remote servers */
string_sprintf("local/SCAN mode incompatible with" \
" : in path to email filename [%s]", eml_filename));
+ /* Set up the very first data we will be sending */
+ if (!use_scan_command)
+#ifdef WITH_OLD_CLAMAV_STREAM
+ { cmd_str.data = US"STREAM\n"; cmd_str.len = 7; }
+#else
+ { cmd_str.data = US"zINSTREAM"; cmd_str.len = 10; }
+#endif
+ else
+ {
+ cmd_str.data = string_sprintf("SCAN %s\n", eml_filename);
+ cmd_str.len = Ustrlen(cmd_str.data);
+ }
+
/* We have some network servers specified */
if (num_servers)
{
while (num_servers > 0)
{
- int i = random_number( num_servers );
+ int i = random_number(num_servers);
clamd_address * cd = cv[i];
DEBUG(D_acl) debug_printf_indent("trying server name %s, port %u\n",
* on both connections (as one host could resolve to multiple ips) */
for (;;)
{
- sock= m_tcpsocket(cd->hostspec, cd->tcp_port, &connhost, &errstr);
- if (sock >= 0)
+ if ((sock = m_tcpsocket(cd->hostspec, cd->tcp_port,
+ &connhost, &errstr, &cmd_str)) >= 0)
{
/* Connection successfully established with a server */
hostname = cd->hostspec;
+ cmd_str.len = 0;
break;
}
if (cd->retry <= 0) break;
"Malware scan: issuing %s old-style remote scan (PORT)\n",
scanner_name);
- /* Pass the string to ClamAV (7 = "STREAM\n") */
- if (m_sock_send(sock, US"STREAM\n", 7, &errstr) < 0)
- return m_errlog_defer(scanent, CUS callout_address, errstr);
+ /* Pass the string to ClamAV (7 = "STREAM\n"), if not already sent */
+ if (cmd_str.len)
+ if (m_sock_send(sock, cmd_str.data, cmd_str.len, &errstr) < 0)
+ return m_errlog_defer(scanent, CUS callout_address, errstr);
memset(av_buffer2, 0, sizeof(av_buffer2));
bread = ip_recv(sock, av_buffer2, sizeof(av_buffer2), tmo-time(NULL));
"ClamAV returned null", sock);
av_buffer2[bread] = '\0';
- if( sscanf(CS av_buffer2, "PORT %u\n", &port) != 1 )
+ if(sscanf(CS av_buffer2, "PORT %u\n", &port) != 1)
return m_errlog_defer_3(scanent, CUS callout_address,
string_sprintf("Expected port information from clamd, got '%s'",
av_buffer2),
sock);
- sockData = m_tcpsocket(connhost.address, port, NULL, &errstr);
+ sockData = m_tcpsocket(connhost.address, port, NULL, &errstr, NULL);
if (sockData < 0)
return m_errlog_defer_3(scanent, CUS callout_address, errstr, sock);
"Malware scan: issuing %s new-style remote scan (zINSTREAM)\n",
scanner_name);
- /* Pass the string to ClamAV (10 = "zINSTREAM\0") */
- if (send(sock, "zINSTREAM", 10, 0) < 0)
- return m_errlog_defer_3(scanent, CUS hostname,
- string_sprintf("unable to send zINSTREAM to socket (%s)",
- strerror(errno)),
- sock);
+ /* Pass the string to ClamAV (10 = "zINSTREAM\0"), if not already sent */
+ if (cmd_str.len)
+ if (send(sock, cmd_str.data, cmd_str.len, 0) < 0)
+ return m_errlog_defer_3(scanent, CUS hostname,
+ string_sprintf("unable to send zINSTREAM to socket (%s)",
+ strerror(errno)),
+ sock);
# define CLOSE_SOCKDATA /**/
#endif
}
if ((fsize = lseek(clam_fd, 0, SEEK_END)) < 0)
{
- int err = errno;
+ int err;
+b_seek: err = errno;
CLOSE_SOCKDATA; (void)close(clam_fd);
return m_errlog_defer_3(scanent, NULL,
string_sprintf("can't seek spool file %s: %s",
eml_filename),
sock);
}
- lseek(clam_fd, 0, SEEK_SET);
+ if (lseek(clam_fd, 0, SEEK_SET) < 0)
+ goto b_seek;
if (!(clamav_fbuf = US malloc(fsize_uint)))
{
scanned twice, in the broken out files and from the original .eml.
Since ClamAV now handles emails (and has for quite some time) we can
just use the email file itself. */
- /* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
- file_name = string_sprintf("SCAN %s\n", eml_filename);
+ /* Pass the string to ClamAV (7 = "SCAN \n" + \0), if not already sent */
DEBUG(D_acl) debug_printf_indent(
"Malware scan: issuing %s local-path scan [%s]\n",
scanner_name, scanner_options);
- if (send(sock, file_name, Ustrlen(file_name), 0) < 0)
- return m_errlog_defer_3(scanent, CUS callout_address,
- string_sprintf("unable to write to socket (%s)", strerror(errno)),
- sock);
+ if (cmd_str.len)
+ if (send(sock, cmd_str.data, cmd_str.len, 0) < 0)
+ return m_errlog_defer_3(scanent, CUS callout_address,
+ string_sprintf("unable to write to socket (%s)", strerror(errno)),
+ sock);
/* Do not shut down the socket for writing; a user report noted that
* clamd 0.70 does not react well to this. */
const pcre *sockline_name_re;
/* find scanner command line */
- if ((sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
- NULL, 0)))
+ if ( (sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
+ NULL, 0))
+ && *sockline_scanner
+ )
{ /* check for no expansions apart from one %s */
uschar * s = Ustrchr(sockline_scanner, '%');
if (s++)
}
else
sockline_scanner = sockline_scanner_default;
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "cmdline: ",
+ string_printing(sockline_scanner));
/* find scanner output trigger */
sockline_trig_re = m_pcre_nextinlist(&av_scanner_work, &sep,
/* prepare scanner call - security depends on expansions check above */
commandline = string_sprintf( CS sockline_scanner, CS eml_filename);
-
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "expanded: ",
+ string_printing(commandline));
/* Pass the command string to the socket */
if (m_sock_send(sock, commandline, Ustrlen(commandline), &errstr) < 0)
US"buffer too small", sock);
av_buffer[bread] = '\0';
linebuffer = string_copy(av_buffer);
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "answer: ",
+ string_printing(linebuffer));
/* try trigger match */
if (regex_match_and_setup(sockline_trig_re, linebuffer, 0, -1))
{
if (!(malware_name = m_pcre_exec(sockline_name_re, av_buffer)))
malware_name = US "unknown";
+ DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "name: ",
+ string_printing(malware_name));
}
else /* no virus found */
malware_name = NULL;
projects / exim.git / blobdiff