mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-11-08 04:31:58 +01:00
antivirus check refactored
Change-Id: I47d599239dac13f7bc455070dd5a84dd034cbb42 Signed-off-by: SJ <sj@acts.hu>
This commit is contained in:
parent
10c2d59183
commit
2c55ff96f7
56
src/av.h
56
src/av.h
@ -20,60 +20,6 @@
|
||||
#define CLAMD_RESP_INFECTED "FOUND"
|
||||
#define CLAMD_RESP_ERROR "ERROR"
|
||||
|
||||
int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
|
||||
int clamd_net_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
|
||||
|
||||
// Dr.Web stuff
|
||||
|
||||
#define DRWEB_RESP_VIRUS 0x20
|
||||
#define DRWEB_VIRUS_HAS_FOUND_MESSAGE "Virus has been found in message. See drwebd.log for details"
|
||||
|
||||
int drweb_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
|
||||
|
||||
|
||||
// avast! stuff
|
||||
|
||||
#define AVAST_READY "220"
|
||||
#define AVAST_CMD_QUIT "QUIT\r\n"
|
||||
|
||||
#define AVAST_RESP_OK "200"
|
||||
#define AVAST_RESP_ENGINE_ERROR "451"
|
||||
#define AVAST_RESP_SYNTAX_ERROR "501"
|
||||
|
||||
#define AVAST_RESP_CLEAN "[+]"
|
||||
#define AVAST_RESP_INFECTED "[L]"
|
||||
|
||||
int avast_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
|
||||
int avast_cmd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
|
||||
|
||||
// Kaspersky stuff
|
||||
|
||||
#define KAV_CMD_QUIT "QUIT\r\n"
|
||||
|
||||
#define KAV_READY "201 "
|
||||
#define KAV_RESP_CLEAN "220 File is clean"
|
||||
#define KAV_RESP_INFECTED "230 File is infected"
|
||||
#define KAV_RESP_INFECTED_NAME "322-"
|
||||
#define KAV_RESP_NOT_FOUND "525 File not found"
|
||||
|
||||
int kav_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
|
||||
|
||||
// avg stuff
|
||||
|
||||
#define AVG_READY "220"
|
||||
#define AVG_CMD_QUIT "QUIT\r\n"
|
||||
|
||||
#define AVG_RESP_OK "200"
|
||||
#define AVG_RESP_VIRUS "403"
|
||||
#define AVG_RESP_NOT_FOUND "404"
|
||||
#define AVG_RESP_ERROR "501"
|
||||
|
||||
#define AVG_NOT_FOUND 404
|
||||
|
||||
int avg_scan(char *tmpdir, char *tmpfile, char *engine, char *avinfo, struct __config *cfg);
|
||||
|
||||
|
||||
int moveMessageToQuarantine(struct session_data *sdata, struct __config *cfg);
|
||||
void sendNotificationToPostmaster(struct session_data *sdata, char *rcpttoemail, char *fromemail, char *virusinfo, char *avengine, struct __config *cfg);
|
||||
int clamd_scan(char *tmpfile, struct __config *cfg);
|
||||
|
||||
#endif /* _AV_H */
|
||||
|
45
src/avir.c
45
src/avir.c
@ -10,51 +10,12 @@
|
||||
#include <piler.h>
|
||||
|
||||
|
||||
int do_av_check(struct session_data *sdata, char *virusinfo, struct __data *data, struct __config *cfg){
|
||||
int do_av_check(char *filename, struct __config *cfg){
|
||||
int rav = AVIR_OK;
|
||||
char avengine[SMALLBUFSIZE];
|
||||
struct timezone tz;
|
||||
struct timeval tv1, tv2;
|
||||
|
||||
gettimeofday(&tv1, &tz);
|
||||
if(clamd_scan(filename, cfg) == AV_VIRUS) rav = AVIR_VIRUS;
|
||||
|
||||
memset(avengine, 0, SMALLBUFSIZE);
|
||||
|
||||
#ifdef HAVE_LIBCLAMAV
|
||||
const char *virname;
|
||||
unsigned int options=0;
|
||||
|
||||
options = CL_SCAN_STDOPT | CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2;
|
||||
|
||||
if(cfg->use_libclamav_block_max_feature == 1) options |= CL_SCAN_BLOCKMAX;
|
||||
|
||||
if(cfg->clamav_block_encrypted_archives == 1) options |= CL_SCAN_BLOCKENCRYPTED;
|
||||
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: trying to pass to libclamav", sdata->ttmpfile);
|
||||
|
||||
if(cl_scanfile(sdata->ttmpfile, &virname, NULL, data->engine, options) == CL_VIRUS){
|
||||
memset(virusinfo, 0, SMALLBUFSIZE);
|
||||
strncpy(virusinfo, virname, SMALLBUFSIZE-1);
|
||||
rav = AVIR_VIRUS;
|
||||
snprintf(avengine, SMALLBUFSIZE-1, "libClamAV");
|
||||
}
|
||||
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: virus info: '%s'", sdata->ttmpfile, virname);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CLAMD
|
||||
if(strlen(cfg->clamd_addr) > 3 && cfg->clamd_port > 0){
|
||||
if(clamd_net_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS;
|
||||
} else {
|
||||
if(clamd_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS;
|
||||
}
|
||||
#endif
|
||||
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: done virus scanning", sdata->ttmpfile);
|
||||
|
||||
gettimeofday(&tv2, &tz);
|
||||
sdata->__av = tvdiff(tv2, tv1);
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: done virus scanning", filename);
|
||||
|
||||
return rav;
|
||||
}
|
||||
|
||||
|
79
src/clamd.c
79
src/clamd.c
@ -18,20 +18,18 @@
|
||||
#include <piler.h>
|
||||
|
||||
|
||||
int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){
|
||||
int clamd_scan(char *tmpfile, struct __config *cfg){
|
||||
int s, n;
|
||||
char *p, *q, buf[MAXBUFSIZE], scan_cmd[SMALLBUFSIZE];
|
||||
struct sockaddr_un server;
|
||||
|
||||
memset(avinfo, 0, SMALLBUFSIZE);
|
||||
|
||||
chmod(tmpfile, 0644);
|
||||
|
||||
strcpy(server.sun_path, cfg->clamd_socket);
|
||||
server.sun_family = AF_UNIX;
|
||||
|
||||
if((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1){
|
||||
syslog(LOG_PRIORITY, "ERR: create socket");
|
||||
syslog(LOG_PRIORITY, "ERR: create socket to %s", cfg->clamd_socket);
|
||||
return AV_ERROR;
|
||||
}
|
||||
|
||||
@ -66,7 +64,7 @@ int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){
|
||||
if(q){
|
||||
*q = '\0';
|
||||
p++;
|
||||
strncpy(avinfo, p, SMALLBUFSIZE-1);
|
||||
syslog(LOG_PRIORITY, "VIRUS <%s> found in %s", p, tmpfile);
|
||||
}
|
||||
}
|
||||
|
||||
@ -75,74 +73,3 @@ int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){
|
||||
|
||||
return AV_OK;
|
||||
}
|
||||
|
||||
|
||||
int clamd_net_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){
|
||||
int n, psd, rc, ret=AV_OK;
|
||||
char *p, *q, buf[MAXBUFSIZE], scan_cmd[SMALLBUFSIZE];
|
||||
char port_string[6];
|
||||
struct addrinfo hints, *res;
|
||||
|
||||
memset(avinfo, 0, SMALLBUFSIZE);
|
||||
|
||||
chmod(tmpfile, 0644);
|
||||
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: trying to pass to clamd", tmpfile);
|
||||
|
||||
snprintf(port_string, sizeof(port_string)-1, "%d", cfg->clamd_port);
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_UNSPEC;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
|
||||
if((rc = getaddrinfo(cfg->clamd_addr, port_string, &hints, &res)) != 0){
|
||||
syslog(LOG_PRIORITY, "%s: getaddrinfo for '%s': %s\n", tmpfile, cfg->clamd_addr, gai_strerror(rc));
|
||||
return AV_ERROR;
|
||||
}
|
||||
|
||||
if((psd = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1){
|
||||
syslog(LOG_PRIORITY, "%s: ERR: create socket", tmpfile);
|
||||
ret = AV_ERROR;
|
||||
goto ENDE_CLAMD;
|
||||
}
|
||||
|
||||
if(connect(psd, res->ai_addr, res->ai_addrlen) == -1){
|
||||
syslog(LOG_PRIORITY, "%s: CLAMD ERR: connect to %s %d", tmpfile, cfg->clamd_addr, cfg->clamd_port);
|
||||
ret = AV_ERROR;
|
||||
goto ENDE_CLAMD;
|
||||
}
|
||||
|
||||
|
||||
memset(scan_cmd, 0, SMALLBUFSIZE);
|
||||
snprintf(scan_cmd, SMALLBUFSIZE-1, "SCAN %s/%s\r\n", cfg->workdir, tmpfile);
|
||||
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: CLAMD CMD: %s", tmpfile, scan_cmd);
|
||||
|
||||
send(psd, scan_cmd, strlen(scan_cmd), 0);
|
||||
|
||||
n = recvtimeout(psd, buf, MAXBUFSIZE, TIMEOUT);
|
||||
close(psd);
|
||||
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: CLAMD DEBUG: %d %s", tmpfile, n, buf);
|
||||
|
||||
if(strcasestr(buf, CLAMD_RESP_INFECTED)){
|
||||
p = strchr(buf, ' ');
|
||||
if(p){
|
||||
q = strrchr(p, ' ');
|
||||
if(q){
|
||||
*q = '\0';
|
||||
p++;
|
||||
strncpy(avinfo, p, SMALLBUFSIZE-1);
|
||||
}
|
||||
}
|
||||
|
||||
ret = AV_VIRUS;
|
||||
}
|
||||
|
||||
|
||||
ENDE_CLAMD:
|
||||
freeaddrinfo(res);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -102,6 +102,14 @@ int process_email(char *filename, struct session_data *sdata, struct __data *dat
|
||||
|
||||
bzero(&counters, sizeof(counters));
|
||||
|
||||
#ifdef HAVE_ANTIVIRUS
|
||||
if(do_av_check(filename, cfg) == AVIR_VIRUS){
|
||||
syslog(LOG_PRIORITY, "%s: discarding: virus", filename);
|
||||
unlink(filename);
|
||||
return OK;
|
||||
}
|
||||
#endif
|
||||
|
||||
init_session_data(sdata, cfg);
|
||||
|
||||
sdata->tot_len = size;
|
||||
|
@ -32,7 +32,7 @@ void insert_offset(struct session_data *sdata, int server_id);
|
||||
|
||||
void tear_down_client(int n);
|
||||
|
||||
int do_av_check(struct session_data *sdata, char *virusinfo, struct __data *data, struct __config *cfg);
|
||||
int do_av_check(char *filename, struct __config *cfg);
|
||||
|
||||
int make_digests(struct session_data *sdata, struct __config *cfg);
|
||||
void digest_file(char *filename, char *digest);
|
||||
|
Loading…
Reference in New Issue
Block a user