antivirus check refactored

Change-Id: I47d599239dac13f7bc455070dd5a84dd034cbb42 Signed-off-by: SJ <sj@acts.hu>
2024-11-08 02:11:59 +01:00 · 2017-01-25 22:19:12 +01:00 · 2017-01-25 22:19:12 +01:00 · 2c55ff96f7
commit 2c55ff96f7
parent 10c2d59183
5 changed files with 16 additions and 174 deletions
--- a/src/av.h
+++ b/src/av.h
@ -20,60 +20,6 @@
 #define CLAMD_RESP_INFECTED "FOUND"
 #define CLAMD_RESP_ERROR "ERROR"

-int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
-int clamd_net_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
-
-// Dr.Web stuff
-
-#define DRWEB_RESP_VIRUS 0x20
-#define DRWEB_VIRUS_HAS_FOUND_MESSAGE "Virus has been found in message. See drwebd.log for details"
-
-int drweb_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
-
-
-// avast! stuff
-
-#define AVAST_READY "220"
-#define AVAST_CMD_QUIT "QUIT\r\n"
-
-#define AVAST_RESP_OK "200"
-#define AVAST_RESP_ENGINE_ERROR "451"
-#define AVAST_RESP_SYNTAX_ERROR "501"
-
-#define AVAST_RESP_CLEAN "[+]"
-#define AVAST_RESP_INFECTED "[L]"
-
-int avast_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
-int avast_cmd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
-
-// Kaspersky stuff
-
-#define KAV_CMD_QUIT "QUIT\r\n"
-
-#define KAV_READY "201 "
-#define KAV_RESP_CLEAN "220 File is clean"
-#define KAV_RESP_INFECTED "230 File is infected"
-#define KAV_RESP_INFECTED_NAME "322-"
-#define KAV_RESP_NOT_FOUND "525 File not found"
-
-int kav_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
-
-// avg stuff
-
-#define AVG_READY "220"
-#define AVG_CMD_QUIT "QUIT\r\n"
-
-#define AVG_RESP_OK "200"
-#define AVG_RESP_VIRUS "403"
-#define AVG_RESP_NOT_FOUND "404"
-#define AVG_RESP_ERROR "501"
-
-#define AVG_NOT_FOUND 404
-
-int avg_scan(char *tmpdir, char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
-
-
-int moveMessageToQuarantine(struct session_data *sdata, struct __config *cfg);
-void sendNotificationToPostmaster(struct session_data *sdata, char *rcpttoemail, char *fromemail, char *virusinfo, char *avengine, struct __config *cfg);
+int clamd_scan(char *tmpfile, struct __config *cfg);

 #endif /* _AV_H */
--- a/src/avir.c
+++ b/src/avir.c
@ -10,51 +10,12 @@
 #include <piler.h>


-int do_av_check(struct session_data *sdata, char *virusinfo, struct __data *data, struct __config *cfg){
+int do_av_check(char *filename, struct __config *cfg){
   int rav = AVIR_OK;
-   char avengine[SMALLBUFSIZE];
-   struct timezone tz;
-   struct timeval tv1, tv2;

-   gettimeofday(&tv1, &tz);
+   if(clamd_scan(filename, cfg) == AV_VIRUS) rav = AVIR_VIRUS;

-   memset(avengine, 0, SMALLBUFSIZE);
-
-#ifdef HAVE_LIBCLAMAV
-   const char *virname;
-   unsigned int options=0;
-
-   options = CL_SCAN_STDOPT | CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2;
-
-   if(cfg->use_libclamav_block_max_feature == 1) options |= CL_SCAN_BLOCKMAX;
-
-   if(cfg->clamav_block_encrypted_archives == 1) options |= CL_SCAN_BLOCKENCRYPTED;
-
-   if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: trying to pass to libclamav", sdata->ttmpfile);
-
-   if(cl_scanfile(sdata->ttmpfile, &virname, NULL, data->engine, options) == CL_VIRUS){
-      memset(virusinfo, 0, SMALLBUFSIZE);
-      strncpy(virusinfo, virname, SMALLBUFSIZE-1);
-      rav = AVIR_VIRUS;
-      snprintf(avengine, SMALLBUFSIZE-1, "libClamAV");
-   }
-
-   if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: virus info: '%s'", sdata->ttmpfile, virname);
-#endif
-
-#ifdef HAVE_CLAMD
-   if(strlen(cfg->clamd_addr) > 3 && cfg->clamd_port > 0){
-      if(clamd_net_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS;
-   } else {
-      if(clamd_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS;
-   }
-#endif
-
-   if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: done virus scanning", sdata->ttmpfile);
-
-   gettimeofday(&tv2, &tz);
-   sdata->__av = tvdiff(tv2, tv1);
+   if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: done virus scanning", filename);

   return rav;
 }
-
--- a/src/clamd.c
+++ b/src/clamd.c
@ -18,20 +18,18 @@
 #include <piler.h>


-int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){
+int clamd_scan(char *tmpfile, struct __config *cfg){
   int s, n;
   char *p, *q, buf[MAXBUFSIZE], scan_cmd[SMALLBUFSIZE];
   struct sockaddr_un server;

-   memset(avinfo, 0, SMALLBUFSIZE);
-
   chmod(tmpfile, 0644);

   strcpy(server.sun_path, cfg->clamd_socket);
   server.sun_family = AF_UNIX;

   if((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1){
-      syslog(LOG_PRIORITY, "ERR: create socket");
+      syslog(LOG_PRIORITY, "ERR: create socket to %s", cfg->clamd_socket);
      return AV_ERROR;
   }

@ -66,7 +64,7 @@ int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){
         if(q){
            *q = '\0';
            p++;
-            strncpy(avinfo, p, SMALLBUFSIZE-1);
+            syslog(LOG_PRIORITY, "VIRUS <%s> found in %s", p, tmpfile);
         }
      }

@ -75,74 +73,3 @@ int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){

   return AV_OK;
 }
-
-
-int clamd_net_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){
-   int n, psd, rc, ret=AV_OK;
-   char *p, *q, buf[MAXBUFSIZE], scan_cmd[SMALLBUFSIZE];
-   char port_string[6];
-   struct addrinfo hints, *res;
-
-   memset(avinfo, 0, SMALLBUFSIZE);
-
-   chmod(tmpfile, 0644);
-
-   if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: trying to pass to clamd", tmpfile);
-
-   snprintf(port_string, sizeof(port_string)-1, "%d", cfg->clamd_port);
-
-   memset(&hints, 0, sizeof(hints));
-   hints.ai_family = AF_UNSPEC;
-   hints.ai_socktype = SOCK_STREAM;
-
-   if((rc = getaddrinfo(cfg->clamd_addr, port_string, &hints, &res)) != 0){
-      syslog(LOG_PRIORITY, "%s: getaddrinfo for '%s': %s\n", tmpfile, cfg->clamd_addr, gai_strerror(rc));
-      return AV_ERROR;
-   }
-
-   if((psd = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1){
-      syslog(LOG_PRIORITY, "%s: ERR: create socket", tmpfile);
-      ret = AV_ERROR;
-      goto ENDE_CLAMD;
-   }
-
-   if(connect(psd, res->ai_addr, res->ai_addrlen) == -1){
-      syslog(LOG_PRIORITY, "%s: CLAMD ERR: connect to %s %d", tmpfile, cfg->clamd_addr, cfg->clamd_port);
-      ret = AV_ERROR;
-      goto ENDE_CLAMD;
-   }
-
-
-   memset(scan_cmd, 0, SMALLBUFSIZE);
-   snprintf(scan_cmd, SMALLBUFSIZE-1, "SCAN %s/%s\r\n", cfg->workdir, tmpfile);
-
-   if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: CLAMD CMD: %s", tmpfile, scan_cmd);
-
-   send(psd, scan_cmd, strlen(scan_cmd), 0);
-
-   n = recvtimeout(psd, buf, MAXBUFSIZE, TIMEOUT);
-   close(psd);
-
-   if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: CLAMD DEBUG: %d %s", tmpfile, n, buf);
-
-   if(strcasestr(buf, CLAMD_RESP_INFECTED)){
-      p = strchr(buf, ' ');
-      if(p){
-         q = strrchr(p, ' ');
-         if(q){
-            *q = '\0';
-            p++;
-            strncpy(avinfo, p, SMALLBUFSIZE-1);
-         }
-      }
-
-      ret = AV_VIRUS;
-   }
-
-
-ENDE_CLAMD:
-   freeaddrinfo(res);
-
-   return ret;
-}
-
--- a/src/piler.c
+++ b/src/piler.c
@ -102,6 +102,14 @@ int process_email(char *filename, struct session_data *sdata, struct __data *dat

   bzero(&counters, sizeof(counters));

+#ifdef HAVE_ANTIVIRUS
+   if(do_av_check(filename, cfg) == AVIR_VIRUS){
+      syslog(LOG_PRIORITY, "%s: discarding: virus", filename);
+      unlink(filename);
+      return OK;
+   }
+#endif
+
   init_session_data(sdata, cfg);

   sdata->tot_len = size;
--- a/src/piler.h
+++ b/src/piler.h
@ -32,7 +32,7 @@ void insert_offset(struct session_data *sdata, int server_id);

 void tear_down_client(int n);

-int do_av_check(struct session_data *sdata, char *virusinfo, struct __data *data, struct __config *cfg);
+int do_av_check(char *filename, struct __config *cfg);

 int make_digests(struct session_data *sdata, struct __config *cfg);
 void digest_file(char *filename, char *digest);