diff --git a/src/av.h b/src/av.h index 8f05c81..7439e30 100644 --- a/src/av.h +++ b/src/av.h @@ -20,60 +20,6 @@ #define CLAMD_RESP_INFECTED "FOUND" #define CLAMD_RESP_ERROR "ERROR" -int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg); -int clamd_net_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg); - -// Dr.Web stuff - -#define DRWEB_RESP_VIRUS 0x20 -#define DRWEB_VIRUS_HAS_FOUND_MESSAGE "Virus has been found in message. See drwebd.log for details" - -int drweb_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg); - - -// avast! stuff - -#define AVAST_READY "220" -#define AVAST_CMD_QUIT "QUIT\r\n" - -#define AVAST_RESP_OK "200" -#define AVAST_RESP_ENGINE_ERROR "451" -#define AVAST_RESP_SYNTAX_ERROR "501" - -#define AVAST_RESP_CLEAN "[+]" -#define AVAST_RESP_INFECTED "[L]" - -int avast_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg); -int avast_cmd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg); - -// Kaspersky stuff - -#define KAV_CMD_QUIT "QUIT\r\n" - -#define KAV_READY "201 " -#define KAV_RESP_CLEAN "220 File is clean" -#define KAV_RESP_INFECTED "230 File is infected" -#define KAV_RESP_INFECTED_NAME "322-" -#define KAV_RESP_NOT_FOUND "525 File not found" - -int kav_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg); - -// avg stuff - -#define AVG_READY "220" -#define AVG_CMD_QUIT "QUIT\r\n" - -#define AVG_RESP_OK "200" -#define AVG_RESP_VIRUS "403" -#define AVG_RESP_NOT_FOUND "404" -#define AVG_RESP_ERROR "501" - -#define AVG_NOT_FOUND 404 - -int avg_scan(char *tmpdir, char *tmpfile, char *engine, char *avinfo, struct __config *cfg); - - -int moveMessageToQuarantine(struct session_data *sdata, struct __config *cfg); -void sendNotificationToPostmaster(struct session_data *sdata, char *rcpttoemail, char *fromemail, char *virusinfo, char *avengine, struct __config *cfg); +int clamd_scan(char *tmpfile, struct __config *cfg); #endif /* _AV_H */ diff --git a/src/avir.c b/src/avir.c index 9e4116e..d9da95b 100644 --- a/src/avir.c +++ b/src/avir.c @@ -10,51 +10,12 @@ #include -int do_av_check(struct session_data *sdata, char *virusinfo, struct __data *data, struct __config *cfg){ +int do_av_check(char *filename, struct __config *cfg){ int rav = AVIR_OK; - char avengine[SMALLBUFSIZE]; - struct timezone tz; - struct timeval tv1, tv2; - gettimeofday(&tv1, &tz); + if(clamd_scan(filename, cfg) == AV_VIRUS) rav = AVIR_VIRUS; - memset(avengine, 0, SMALLBUFSIZE); - -#ifdef HAVE_LIBCLAMAV - const char *virname; - unsigned int options=0; - - options = CL_SCAN_STDOPT | CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2; - - if(cfg->use_libclamav_block_max_feature == 1) options |= CL_SCAN_BLOCKMAX; - - if(cfg->clamav_block_encrypted_archives == 1) options |= CL_SCAN_BLOCKENCRYPTED; - - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: trying to pass to libclamav", sdata->ttmpfile); - - if(cl_scanfile(sdata->ttmpfile, &virname, NULL, data->engine, options) == CL_VIRUS){ - memset(virusinfo, 0, SMALLBUFSIZE); - strncpy(virusinfo, virname, SMALLBUFSIZE-1); - rav = AVIR_VIRUS; - snprintf(avengine, SMALLBUFSIZE-1, "libClamAV"); - } - - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: virus info: '%s'", sdata->ttmpfile, virname); -#endif - -#ifdef HAVE_CLAMD - if(strlen(cfg->clamd_addr) > 3 && cfg->clamd_port > 0){ - if(clamd_net_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS; - } else { - if(clamd_scan(sdata->ttmpfile, avengine, virusinfo, cfg) == AV_VIRUS) rav = AVIR_VIRUS; - } -#endif - - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: done virus scanning", sdata->ttmpfile); - - gettimeofday(&tv2, &tz); - sdata->__av = tvdiff(tv2, tv1); + if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: done virus scanning", filename); return rav; } - diff --git a/src/clamd.c b/src/clamd.c index 542f0b2..443561e 100644 --- a/src/clamd.c +++ b/src/clamd.c @@ -18,20 +18,18 @@ #include -int clamd_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){ +int clamd_scan(char *tmpfile, struct __config *cfg){ int s, n; char *p, *q, buf[MAXBUFSIZE], scan_cmd[SMALLBUFSIZE]; struct sockaddr_un server; - memset(avinfo, 0, SMALLBUFSIZE); - chmod(tmpfile, 0644); strcpy(server.sun_path, cfg->clamd_socket); server.sun_family = AF_UNIX; if((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1){ - syslog(LOG_PRIORITY, "ERR: create socket"); + syslog(LOG_PRIORITY, "ERR: create socket to %s", cfg->clamd_socket); return AV_ERROR; } @@ -66,7 +64,7 @@ if(q){ *q = '\0'; p++; - strncpy(avinfo, p, SMALLBUFSIZE-1); + syslog(LOG_PRIORITY, "VIRUS <%s> found in %s", p, tmpfile); } } @@ -75,74 +73,3 @@ return AV_OK; } - - -int clamd_net_scan(char *tmpfile, char *engine, char *avinfo, struct __config *cfg){ - int n, psd, rc, ret=AV_OK; - char *p, *q, buf[MAXBUFSIZE], scan_cmd[SMALLBUFSIZE]; - char port_string[6]; - struct addrinfo hints, *res; - - memset(avinfo, 0, SMALLBUFSIZE); - - chmod(tmpfile, 0644); - - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: trying to pass to clamd", tmpfile); - - snprintf(port_string, sizeof(port_string)-1, "%d", cfg->clamd_port); - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - - if((rc = getaddrinfo(cfg->clamd_addr, port_string, &hints, &res)) != 0){ - syslog(LOG_PRIORITY, "%s: getaddrinfo for '%s': %s\n", tmpfile, cfg->clamd_addr, gai_strerror(rc)); - return AV_ERROR; - } - - if((psd = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1){ - syslog(LOG_PRIORITY, "%s: ERR: create socket", tmpfile); - ret = AV_ERROR; - goto ENDE_CLAMD; - } - - if(connect(psd, res->ai_addr, res->ai_addrlen) == -1){ - syslog(LOG_PRIORITY, "%s: CLAMD ERR: connect to %s %d", tmpfile, cfg->clamd_addr, cfg->clamd_port); - ret = AV_ERROR; - goto ENDE_CLAMD; - } - - - memset(scan_cmd, 0, SMALLBUFSIZE); - snprintf(scan_cmd, SMALLBUFSIZE-1, "SCAN %s/%s\r\n", cfg->workdir, tmpfile); - - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: CLAMD CMD: %s", tmpfile, scan_cmd); - - send(psd, scan_cmd, strlen(scan_cmd), 0); - - n = recvtimeout(psd, buf, MAXBUFSIZE, TIMEOUT); - close(psd); - - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: CLAMD DEBUG: %d %s", tmpfile, n, buf); - - if(strcasestr(buf, CLAMD_RESP_INFECTED)){ - p = strchr(buf, ' '); - if(p){ - q = strrchr(p, ' '); - if(q){ - *q = '\0'; - p++; - strncpy(avinfo, p, SMALLBUFSIZE-1); - } - } - - ret = AV_VIRUS; - } - - -ENDE_CLAMD: - freeaddrinfo(res); - - return ret; -} - diff --git a/src/piler.c b/src/piler.c index 28e2878..5ac6f55 100644 --- a/src/piler.c +++ b/src/piler.c @@ -102,6 +102,14 @@ bzero(&counters, sizeof(counters)); +#ifdef HAVE_ANTIVIRUS + if(do_av_check(filename, cfg) == AVIR_VIRUS){ + syslog(LOG_PRIORITY, "%s: discarding: virus", filename); + unlink(filename); + return OK; + } +#endif + init_session_data(sdata, cfg); sdata->tot_len = size; diff --git a/src/piler.h b/src/piler.h index 047ae81..5ee0316 100644 --- a/src/piler.h +++ b/src/piler.h @@ -32,7 +32,7 @@ void tear_down_client(int n); -int do_av_check(struct session_data *sdata, char *virusinfo, struct __data *data, struct __config *cfg); +int do_av_check(char *filename, struct __config *cfg); int make_digests(struct session_data *sdata, struct __config *cfg); void digest_file(char *filename, char *digest);