2011-11-14 15:57:52 +01:00
|
|
|
/*
|
|
|
|
* avir.c, SJ
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <sys/time.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <piler.h>
|
|
|
|
|
|
|
|
|
2014-07-01 11:43:36 +02:00
|
|
|
int do_av_check(struct session_data *sdata, char *virusinfo, struct __data *data, struct __config *cfg){
|
2011-11-14 15:57:52 +01:00
|
|
|
int rav = AVIR_OK;
|
|
|
|
char avengine[SMALLBUFSIZE];
|
2015-11-27 11:56:19 +01:00
|
|
|
struct timezone tz;
|
|
|
|
struct timeval tv1, tv2;
|
2011-11-14 15:57:52 +01:00
|
|
|
|
2015-11-27 11:56:19 +01:00
|
|
|
gettimeofday(&tv1, &tz);
|
2011-11-14 15:57:52 +01:00
|
|
|
|
|
|
|
memset(avengine, 0, SMALLBUFSIZE);
|
|
|
|
|
|
|
|
#ifdef HAVE_LIBCLAMAV
|
|
|
|
const char *virname;
|
|
|
|
unsigned int options=0;
|
|
|
|
|
|
|
|
options = CL_SCAN_STDOPT | CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2;
|
|
|
|
|
|
|
|
if(cfg->use_libclamav_block_max_feature == 1) options |= CL_SCAN_BLOCKMAX;
|
|
|
|
|
|
|
|
if(cfg->clamav_block_encrypted_archives == 1) options |= CL_SCAN_BLOCKENCRYPTED;
|
|
|
|
|
|
|
|
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: trying to pass to libclamav", sdata->ttmpfile);
|
|
|
|
|
|
|
|
if(cl_scanfile(sdata->ttmpfile, &virname, NULL, data->engine, options) == CL_VIRUS){
|
|
|
|
memset(virusinfo, 0, SMALLBUFSIZE);
|
|
|
|
strncpy(virusinfo, virname, SMALLBUFSIZE-1);
|
|
|
|
rav = AVIR_VIRUS;
|
|
|
|
snprintf(avengine, SMALLBUFSIZE-1, "libClamAV");
|
|
|
|
}
|
|
|
|
|
|
|
|
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: virus info: '%s'", sdata->ttmpfile, virname);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_CLAMD
|
|
|
|
if(strlen(cfg->clamd_addr) > 3 && cfg->clamd_port > 0){
|
|
|
|
if(clamd_net_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS;
|
|
|
|
} else {
|
|
|
|
if(clamd_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: done virus scanning", sdata->ttmpfile);
|
|
|
|
|
2015-11-27 11:56:19 +01:00
|
|
|
gettimeofday(&tv2, &tz);
|
|
|
|
sdata->__av = tvdiff(tv2, tv1);
|
|
|
|
|
2011-11-14 15:57:52 +01:00
|
|
|
return rav;
|
|
|
|
}
|
|
|
|
|