/* Must be called with engine_mutex locked ! */
static int load_db(void) {
unsigned int signo = 0;
size_t used, total;
int ret;
INFN();
cl_engine_set_clcb_sigload(engine, sigload_callback, NULL);
official_sigs = custom_sigs = 0;
if((ret = cl_load(dbdir, engine, &signo, CL_DB_STDOPT & ~CL_DB_PHISHING & ~CL_DB_PHISHING_URLS)) != CL_SUCCESS) {
cl_engine_free(engine);
engine = NULL;
FAIL(ret, "Failed to load database: %s", cl_strerror(ret));
}
if((ret = cl_engine_compile(engine))) {
cl_engine_free(engine);
engine = NULL;
FAIL(ret, "Failed to compile engine: %s", cl_strerror(ret));
}
logg("load_db: loaded %d signatures (%u official, %u custom)\n", signo, official_sigs, custom_sigs);
if (!mpool_getstats(engine, &used, &total))
logg("load_db: memory %.3f MB / %.3f MB\n", used/(1024*1024.0), total/(1024*1024.0));
touch_last_update(signo);
WIN();
}
int clamav_scanfile(void *state, const char *fname,
const char **virname)
{
struct clamav_state *st = (struct clamav_state *) state;
int r;
/* scan file */
r = cl_scanfile(fname, virname, NULL, st->av_engine,
CL_SCAN_STDOPT);
switch (r) {
case CL_CLEAN:
/* do nothing */
break;
case CL_VIRUS:
return 1;
break;
default:
printf("cl_scanfile error: %s\n", cl_strerror(r));
syslog(LOG_ERR, "cl_scanfile error: %s\n", cl_strerror(r));
break;
}
return 0;
}
static int clamav_load_database()
{
int ret = 0; /* return value */
int reload = 0;
/* libclamav initialization */
if (CLAMAV_G(cl_initcalled) == 0){
if((ret = cl_init(CL_INIT_DEFAULT)) != CL_SUCCESS) {
php_error(E_WARNING, "cl_init: failed : error code %i (%s)\n", ret, cl_strerror(ret));
return FAILURE;
} else {
CLAMAV_G(cl_initcalled) = 1;
}
}
/* database reload */
if (CLAMAV_G(dbstat.dir) != NULL && cl_statchkdir(&CLAMAV_G(dbstat)) == 1) {
reload = 1;
cl_statfree(&CLAMAV_G(dbstat));
}
/* load engine */
if (!(CLAMAV_G(dbengine) = cl_engine_new())){
php_error(E_WARNING, "Can’t create new engine\n");
return FAILURE;
}
if (CLAMAV_G(dbpath) == NULL) CLAMAV_G(dbpath) = (char *) cl_retdbdir();
/* database loading */
if ((ret = cl_load(CLAMAV_G(dbpath), CLAMAV_G(dbengine), &CLAMAV_G(sig_num), CL_DB_STDOPT)) != CL_SUCCESS) {
php_error(E_WARNING, "cl_load: failed : error code %i (%s)\n", ret, cl_strerror(ret));
return FAILURE;
}
/* compile signature database */
if ((ret = cl_engine_compile(CLAMAV_G(dbengine))) != CL_SUCCESS) {
php_error(E_WARNING, "cl_engine_compile : error code %i (%s\n", ret, cl_strerror(ret));
return FAILURE;
}
/* allocate cl_stat */
if (!reload) memset(&CLAMAV_G(dbstat), 0, sizeof(struct cl_stat));
/* database stats */
if ((ret = cl_statinidir(CLAMAV_G(dbpath), &CLAMAV_G(dbstat))) != CL_SUCCESS) {
php_error(E_WARNING, "cl_statinidir : error code %i (%s\n", ret, cl_strerror(ret));
return FAILURE;
}
/* set engine parameters */
cl_engine_set_num(CLAMAV_G(dbengine), CL_ENGINE_MAX_FILES, CLAMAV_G(maxfiles));
cl_engine_set_num(CLAMAV_G(dbengine), CL_ENGINE_MAX_FILESIZE, CLAMAV_G(maxfilesize));
cl_engine_set_num(CLAMAV_G(dbengine), CL_ENGINE_MAX_SCANSIZE, CLAMAV_G(maxscansize));
cl_engine_set_num(CLAMAV_G(dbengine), CL_ENGINE_MAX_RECURSION, CLAMAV_G(maxreclevel));
cl_engine_set_num(CLAMAV_G(dbengine), CL_ENGINE_KEEPTMP, CLAMAV_G(keeptmp));
cl_engine_set_str(CLAMAV_G(dbengine), CL_ENGINE_TMPDIR, CLAMAV_G(tmpdir));
return ret;
}
VirusScan::VirusScan(TrayNotify *tn)
{
numSignatures = 0;
fTypes[0] = ".EXE";
fTypes[1] = ".BAT";
fTypes[2] = ".BIN";
fTypes[3] = ".DLL";
fTypes[4] = ".COM";
fTypes[5] = ".INF";
fTypes[6] = ".INI";
fTypes[7] = ".PDF";
fTypes[8] = ".DOC";
fTypes[9] = ".DOCX";
fTypes[10] = ".PPT";
fTypes[11] = ".PPTX";
fTypes[12] = ".SYS";
fTypes[13] = ".VBS";
/* Init AV engine */
int res = cl_init(0);
cl = cl_engine_new();
if (res != CL_SUCCESS)
{
ErrorLog::logErrorToFile("*CRITICAL*", "Unable to initialize AV engine: ", (char*)cl_strerror(res));
std::cout << cl_strerror(res);
return;
}
res = cl_load(cl_retdbdir(), cl, &numSignatures, CL_DB_STDOPT);
if (res != CL_SUCCESS)
{
ErrorLog::logErrorToFile("*CRITICAL*", "Unable to load AV engine signatures. Check for db folder?: ", (char*)cl_strerror(res));
std::cout << cl_strerror(res);
return;
}
res = cl_engine_compile(cl);
if (res != CL_SUCCESS)
{
ErrorLog::logErrorToFile("*CRITICAL*", "Unable to compile AV engine rules: ", (char*)cl_strerror(res));
std::cout << cl_strerror(res);
return;
}
char msgStr[100];
sprintf(msgStr, "ClamAV engine initialized. %d signatures loaded.", numSignatures);
ErrorLog::logErrorToFile("*INFO*", msgStr);
tn->sendMessage(msgStr, "ClamAV");
tn->setHoverMessage("UsbNinja Daemon\nClamAV Loaded");
}
int init_errors(void) {
int i;
logg("*in init_errors\n");
clerrors = calloc(CL_ELAST_ERROR, sizeof(*clerrors));
if(!clerrors) {
logg("!init_errors: failed to allocate the error array, aborting\n");
return 1;
}
for(i=0; i<CL_ELAST_ERROR; i++) {
const char *cerr = cl_strerror(i);
wchar_t *werr;
int len;
if(!cerr)
continue;
len = strlen(cerr)+1;
werr = (wchar_t *)malloc(len * sizeof(wchar_t));
if(!werr) {
free_errors();
logg("!init_errors: failed to allocate string buffer, aborting\n");
return 1;
}
if(!MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, cerr, -1, werr, len)) {
free_errors();
logg("!init_errors: failed to convert ascii error <%s> to wide, aborting\n", cerr);
return 1;
}
logg("*init_errors: error %d is %S\n", i, werr);
clerrors[i] = werr;
}
return 0;
}
int CLAMAPI Scan_SetLimit(int option, unsigned int value) {
enum cl_engine_field limit;
int err;
INFN();
if(lock_engine())
FAIL(CL_ELOCK, "Failed to lock engine");
if(!engine) {
unlock_engine();
FAIL(CL_ESTATE, "Engine is NULL");
}
switch((enum CLAM_LIMIT_TYPE)option) {
case CLAM_LIMIT_FILESIZE:
logg("CLAM_LIMIT_FILESIZE: set to %u\n", value);
limit = CL_ENGINE_MAX_FILESIZE;
break;
case CLAM_LIMIT_SCANSIZE:
logg("CLAM_LIMIT_SCANSIZE: set to %u\n", value);
limit = CL_ENGINE_MAX_SCANSIZE;
break;
case CLAM_LIMIT_RECURSION:
logg("CLAM_LIMIT_RECURSION: set to %u\n", value);
limit = CL_ENGINE_MAX_SCANSIZE;
break;
default:
unlock_engine();
FAIL(CL_EARG, "Unsupported limit type: %d", option);
}
err = cl_engine_set_num(engine, limit, (long long)value);
unlock_engine();
if(err)
FAIL(err, "Failed to set engine value: %s", cl_strerror(err));
WIN();
}
void *clamav_init()
{
unsigned int sigs = 0;
int r;
struct clamav_state *st = xzmalloc(sizeof(struct clamav_state));
if (st == NULL) {
fatal("memory allocation failed", EC_SOFTWARE);
}
st->av_engine = cl_engine_new();
if ( ! st->av_engine ) {
fatal("Failed to initialize AV engine", EC_SOFTWARE);
}
/* load all available databases from default directory */
if ((r = cl_load(cl_retdbdir(), st->av_engine, &sigs, CL_DB_STDOPT))) {
syslog(LOG_ERR, "cl_load: %s", cl_strerror(r));
fatal(cl_strerror(r), EC_SOFTWARE);
}
if (verbose) printf("Loaded %d virus signatures.\n", sigs);
/* build av_engine */
if((r = cl_engine_compile(st->av_engine))) {
syslog(LOG_ERR,
"Database initialization error: %s", cl_strerror(r));
cl_engine_free(st->av_engine);
fatal(cl_strerror(r), EC_SOFTWARE);
}
/* set up archive av_limits */
/* max files */
cl_engine_set_num(st->av_engine, CL_ENGINE_MAX_FILES, 10000);
/* during the scanning of archives, this size (100 MB) will
* never be exceeded
*/
cl_engine_set_num(st->av_engine, CL_ENGINE_MAX_SCANSIZE, 100 * 1048576);
/* compressed files will only be decompressed and scanned up to
* this size (10 MB)
*/
cl_engine_set_num(st->av_engine, CL_ENGINE_MAX_FILESIZE, 10 * 1048576);
/* maximum recursion level for archives */
cl_engine_set_num(st->av_engine, CL_ENGINE_MAX_RECURSION, 16);
return (void *) st;
}
int CLAMAPI Scan_GetLimit(int option, unsigned int *value) {
enum cl_engine_field limit;
long long curlimit;
int err;
INFN();
if(lock_engine())
FAIL(CL_ELOCK, "Failed to lock engine");
if(!engine) {
unlock_engine();
FAIL(CL_ESTATE, "Engine is NULL");
}
switch((enum CLAM_LIMIT_TYPE)option) {
case CLAM_LIMIT_FILESIZE:
limit = CL_ENGINE_MAX_FILESIZE;
break;
case CLAM_LIMIT_SCANSIZE:
limit = CL_ENGINE_MAX_SCANSIZE;
break;
case CLAM_LIMIT_RECURSION:
limit = CL_ENGINE_MAX_SCANSIZE;
break;
default:
unlock_engine();
FAIL(CL_EARG, "Unsupported limit type: %d", option);
}
curlimit = cl_engine_get_num(engine, limit, &err);
if(err) {
unlock_engine();
FAIL(err, "Failed to get engine value: %s", cl_strerror(err));
}
if(curlimit > 0xffffffff)
*value = 0xffffffff;
else
*value = (unsigned int)curlimit;
unlock_engine();
WIN();
}
END_TEST
//* int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options) */
START_TEST (test_cl_scanfile)
{
const char *virname = NULL;
char file[256];
unsigned long size;
unsigned long int scanned = 0;
int ret;
int fd = get_test_file(_i, file, sizeof(file), &size);
close(fd);
cli_dbgmsg("scanning (scanfile) %s\n", file);
ret = cl_scanfile(file, &virname, &scanned, g_engine, CL_SCAN_STDOPT);
cli_dbgmsg("scan end (scanfile) %s\n", file);
if (!FALSE_NEGATIVE) {
fail_unless_fmt(ret == CL_VIRUS , "cl_scanfile failed for %s: %s", file, cl_strerror(ret));
fail_unless_fmt(virname && !strcmp(virname, "ClamAV-Test-File.UNOFFICIAL"), "virusname: %s", virname);
}
}
END_TEST
START_TEST (test_cl_scandesc_callback)
{
const char *virname = NULL;
char file[256];
unsigned long size;
unsigned long int scanned = 0;
int ret;
int fd = get_test_file(_i, file, sizeof(file), &size);
cli_dbgmsg("scanning (scandesc_cb) %s\n", file);
/* TODO: test callbacks */
ret = cl_scandesc_callback(fd, &virname, &scanned, g_engine, CL_SCAN_STDOPT, NULL);
cli_dbgmsg("scan end (scandesc_cb) %s\n", file);
if (!FALSE_NEGATIVE) {
fail_unless_fmt(ret == CL_VIRUS, "cl_scanfile failed for %s: %s", file, cl_strerror(ret));
fail_unless_fmt(virname && !strcmp(virname, "ClamAV-Test-File.UNOFFICIAL"), "virusname: %s", virname);
}
close(fd);
}
int init_virusdb()
{
int ret;
unsigned int no = 0;
virusdb = malloc(sizeof(struct virus_db));
memset(virusdb, 0, sizeof(struct virus_db));
if (!virusdb)
return 0;
#ifdef HAVE_LIBCLAMAV_095
if((ret = cl_init(CL_INIT_DEFAULT))) {
ci_debug_printf(1, "!Can't initialize libclamav: %s\n", cl_strerror(ret));
return 0;
}
if(!(virusdb->db = cl_engine_new())) {
ci_debug_printf(1, "Clamav DB load: Cannot create new clamav engine\n");
return 0;
}
if ((ret = cl_load(cl_retdbdir(), virusdb->db, &no, CL_DB_STDOPT))) {
ci_debug_printf(1, "Clamav DB load: cl_load failed: %s\n",
cl_strerror(ret));
#elif defined(HAVE_LIBCLAMAV_09X)
if ((ret = cl_load(cl_retdbdir(), &(virusdb->db), &no, CL_DB_STDOPT))) {
ci_debug_printf(1, "Clamav DB load: cl_load failed: %s\n",
cl_strerror(ret));
#else
if ((ret = cl_loaddbdir(cl_retdbdir(), &(virusdb->db), &no))) {
ci_debug_printf(1, "cl_loaddbdir: %s\n", cl_perror(ret));
#endif
return 0;
}
#ifdef HAVE_LIBCLAMAV_095
if ((ret = cl_engine_compile(virusdb->db))) {
#else
if ((ret = cl_build(virusdb->db))) {
#endif
ci_debug_printf(1, "Database initialization error: %s\n",
cl_strerror(ret));
#ifdef HAVE_LIBCLAMAV_095
cl_engine_free(virusdb->db);
#else
cl_free(virusdb->db);
#endif
free(virusdb);
virusdb = NULL;
return 0;
}
ci_thread_mutex_init(&db_mutex);
virusdb->refcount = 1;
old_virusdb = NULL;
return 1;
}
/*
Instead of using struct virus_db and refcount's someone can use the cl_dup function
of clamav library, but it is undocumented so I did not use it.
The following implementation we are starting to reload clamav db while threads are
scanning for virus but we are not allow any child to start a new scan until we are
loading DB.
*/
/*#define DB_NO_FULL_LOCK 1*/
#undef DB_NO_FULL_LOCK
int reload_virusdb()
{
struct virus_db *vdb = NULL;
int ret;
unsigned int no = 0;
ci_thread_mutex_lock(&db_mutex);
if (old_virusdb) {
ci_debug_printf(1, "Clamav DB reload pending, cancelling.\n");
ci_thread_mutex_unlock(&db_mutex);
return 0;
}
#ifdef DB_NO_FULL_LOCK
ci_thread_mutex_unlock(&db_mutex);
#endif
vdb = malloc(sizeof(struct virus_db));
if (!vdb)
return 0;
memset(vdb, 0, sizeof(struct virus_db));
ci_debug_printf(9, "db_reload going to load db\n");
#ifdef HAVE_LIBCLAMAV_095
if(!(vdb->db = cl_engine_new())) {
ci_debug_printf(1, "Clamav DB load: Cannot create new clamav engine\n");
return 0;
}
if ((ret = cl_load(cl_retdbdir(), vdb->db, &no, CL_DB_STDOPT))) {
ci_debug_printf(1, "Clamav DB reload: cl_load failed: %s\n",
cl_strerror(ret));
#elif defined(HAVE_LIBCLAMAV_09X)
if ((ret = cl_load(cl_retdbdir(), &(vdb->db), &no, CL_DB_STDOPT))) {
ci_debug_printf(1, "Clamav DB reload: cl_load failed: %s\n",
cl_strerror(ret));
#else
if ((ret = cl_loaddbdir(cl_retdbdir(), &(vdb->db), &no))) {
ci_debug_printf(1, "Clamav DB reload: cl_loaddbdir failed: %s\n",
cl_perror(ret));
#endif
return 0;
}
ci_debug_printf(9, "loaded. Going to build\n");
#ifdef HAVE_LIBCLAMAV_095
if ((ret = cl_engine_compile(vdb->db))) {
#else
if ((ret = cl_build(vdb->db))) {
#endif
ci_debug_printf(1,
"Clamav DB reload: Database initialization error: %s\n",
cl_strerror(ret));
#ifdef HAVE_LIBCLAMAV_095
cl_engine_free(vdb->db);
#else
cl_free(vdb->db);
#endif
free(vdb);
vdb = NULL;
#ifdef DB_NO_FULL_LOCK
/*no lock needed */
#else
ci_thread_mutex_unlock(&db_mutex);
#endif
return 0;
}
ci_debug_printf(9, "Done releasing.....\n");
#ifdef DB_NO_FULL_LOCK
ci_thread_mutex_lock(&db_mutex);
#endif
old_virusdb = virusdb;
old_virusdb->refcount--;
ci_debug_printf(9, "Old VirusDB refcount:%d\n", old_virusdb->refcount);
if (old_virusdb->refcount <= 0) {
#ifdef HAVE_LIBCLAMAV_095
cl_engine_free(old_virusdb->db);
#else
cl_free(old_virusdb->db);
#endif
free(old_virusdb);
old_virusdb = NULL;
}
virusdb = vdb;
virusdb->refcount = 1;
ci_thread_mutex_unlock(&db_mutex);
return 1;
}
CL_ENGINE *get_virusdb()
{
struct virus_db *vdb;
ci_thread_mutex_lock(&db_mutex);
vdb = virusdb;
vdb->refcount++;
ci_thread_mutex_unlock(&db_mutex);
return vdb->db;
}
void release_virusdb(CL_ENGINE * db)
{
ci_thread_mutex_lock(&db_mutex);
if (virusdb && db == virusdb->db)
virusdb->refcount--;
else if (old_virusdb && (db == old_virusdb->db)) {
old_virusdb->refcount--;
ci_debug_printf(9, "Old VirusDB refcount: %d\n",
old_virusdb->refcount);
if (old_virusdb->refcount <= 0) {
#ifdef HAVE_LIBCLAMAV_095
cl_engine_free(old_virusdb->db);
#else
cl_free(old_virusdb->db);
#endif
free(old_virusdb);
old_virusdb = NULL;
}
}
else {
ci_debug_printf(1,
"BUG in srv_clamav service! please contact the author\n");
}
ci_thread_mutex_unlock(&db_mutex);
}
void destroy_virusdb()
{
if (virusdb) {
#ifdef HAVE_LIBCLAMAV_095
cl_engine_free(virusdb->db);
#else
cl_free(virusdb->db);
#endif
free(virusdb);
virusdb = NULL;
}
if (old_virusdb) {
#ifdef HAVE_LIBCLAMAV_095
cl_engine_free(old_virusdb->db);
#else
cl_free(old_virusdb->db);
#endif
free(old_virusdb);
old_virusdb = NULL;
}
}
void set_istag(ci_service_xdata_t * srv_xdata)
{
char istag[SERVICE_ISTAG_SIZE + 1];
char str_version[64];
char *daily_path;
char *s1, *s2;
struct cl_cvd *d1;
int version = 0, cfg_version = 0;
struct stat daily_stat;
/*instead of 128 should be strlen("/daily.inc/daily.info")+1*/
daily_path = malloc(strlen(cl_retdbdir()) + 128);
if (!daily_path) /*???????? */
return;
sprintf(daily_path, "%s/daily.cvd", cl_retdbdir());
if(stat(daily_path,&daily_stat) != 0){
/* if the clamav_lib_path/daily.cvd does not exists
*/
sprintf(daily_path, "%s/daily.cld", cl_retdbdir());
if(stat(daily_path,&daily_stat) != 0){
/*
else try to use the clamav_lib_path/daily.inc/daly.info file instead" */
sprintf(daily_path, "%s/daily.inc/daily.info", cl_retdbdir());
}
}
if ((d1 = cl_cvdhead(daily_path))) {
version = d1->version;
free(d1);
}
free(daily_path);
s1 = (char *) cl_retver();
s2 = str_version;
while (*s1 != '\0' && s2 - str_version < 64) {
if (*s1 != '.') {
*s2 = *s1;
s2++;
}
s1++;
}
*s2 = '\0';
/*cfg_version maybe must set by user when he is changing
the srv_clamav configuration.... */
snprintf(istag, SERVICE_ISTAG_SIZE, "-%.3d-%s-%d%d",
cfg_version, str_version, cl_retflevel(), version);
istag[SERVICE_ISTAG_SIZE] = '\0';
ci_service_set_istag(srv_xdata, istag);
}
int main(int argc, char *argv[])
{
FILE *f;
struct cli_bc *bc;
struct cli_bc_ctx *ctx;
int rc, dbgargc, bc_stats=0;
struct optstruct *opts;
const struct optstruct *opt;
unsigned funcid=0, i;
struct cli_all_bc bcs;
int fd = -1;
unsigned tracelevel;
if(check_flevel())
exit(1);
opts = optparse(NULL, argc, argv, 1, OPT_CLAMBC, 0, NULL);
if (!opts) {
fprintf(stderr, "ERROR: Can't parse command line options\n");
exit(1);
}
if(optget(opts, "version")->enabled) {
printf("Clam AntiVirus Bytecode Testing Tool %s\n", get_version());
cl_init(CL_INIT_DEFAULT);
cli_bytecode_printversion();
optfree(opts);
exit(0);
}
if(optget(opts, "help")->enabled || !opts->filename) {
optfree(opts);
help();
exit(0);
}
f = fopen(opts->filename[0], "r");
if (!f) {
fprintf(stderr, "Unable to load %s\n", argv[1]);
optfree(opts);
exit(2);
}
bc = malloc(sizeof(*bc));
if (!bc) {
fprintf(stderr, "Out of memory\n");
optfree(opts);
exit(3);
}
if (optget(opts,"debug")->enabled) {
cl_debug();
debug_flag=1;
}
rc = cl_init(CL_INIT_DEFAULT);
if (rc != CL_SUCCESS) {
fprintf(stderr,"Unable to init libclamav: %s\n", cl_strerror(rc));
optfree(opts);
exit(4);
}
dbgargc=1;
while (opts->filename[dbgargc]) dbgargc++;
if (dbgargc > 1)
cli_bytecode_debug(dbgargc, opts->filename);
if (optget(opts, "force-interpreter")->enabled) {
bcs.engine = NULL;
} else {
rc = cli_bytecode_init(&bcs);
if (rc != CL_SUCCESS) {
fprintf(stderr,"Unable to init bytecode engine: %s\n", cl_strerror(rc));
optfree(opts);
exit(4);
}
}
bcs.all_bcs = bc;
bcs.count = 1;
if((opt = optget(opts, "statistics"))->enabled) {
while(opt) {
if (!strcasecmp(opt->strarg, "bytecode"))
bc_stats=1;
opt = opt->nextarg;
}
}
rc = cli_bytecode_load(bc, f, NULL, optget(opts, "trust-bytecode")->enabled, bc_stats);
if (rc != CL_SUCCESS) {
fprintf(stderr,"Unable to load bytecode: %s\n", cl_strerror(rc));
optfree(opts);
exit(4);
}
fclose(f);
if (bc->state == bc_skip) {
fprintf(stderr,"bytecode load skipped\n");
exit(0);
}
if (debug_flag)
printf("[clambc] Bytecode loaded\n");
if (optget(opts, "info")->enabled) {
cli_bytecode_describe(bc);
} else if (optget(opts, "printsrc")->enabled) {
print_src(opts->filename[0]);
} else if (optget(opts, "printbcir")->enabled) {
cli_bytetype_describe(bc);
cli_bytevalue_describe(bc, 0);
cli_bytefunc_describe(bc, 0);
} else {
cli_ctx cctx;
struct cl_engine *engine = cl_engine_new();
fmap_t *map = NULL;
memset(&cctx, 0, sizeof(cctx));
if (!engine) {
fprintf(stderr,"Unable to create engine\n");
optfree(opts);
exit(3);
}
rc = cl_engine_compile(engine);
if (rc) {
fprintf(stderr,"Unable to compile engine: %s\n", cl_strerror(rc));
optfree(opts);
exit(4);
}
rc = cli_bytecode_prepare2(engine, &bcs, BYTECODE_ENGINE_MASK);
if (rc != CL_SUCCESS) {
fprintf(stderr,"Unable to prepare bytecode: %s\n", cl_strerror(rc));
optfree(opts);
exit(4);
}
if (debug_flag)
printf("[clambc] Bytecode prepared\n");
ctx = cli_bytecode_context_alloc();
if (!ctx) {
fprintf(stderr,"Out of memory\n");
exit(3);
}
ctx->ctx = &cctx;
cctx.engine = engine;
cctx.fmap = cli_calloc(sizeof(fmap_t*), engine->maxreclevel+2);
if (!cctx.fmap) {
fprintf(stderr,"Out of memory\n");
exit(3);
}
memset(&dbg_state, 0, sizeof(dbg_state));
dbg_state.file = "<libclamav>";
dbg_state.line = 0;
dbg_state.col = 0;
dbg_state.showline = !optget(opts, "no-trace-showsource")->enabled;
tracelevel = optget(opts, "trace")->numarg;
cli_bytecode_context_set_trace(ctx, tracelevel,
tracehook,
tracehook_op,
tracehook_val,
tracehook_ptr);
if (opts->filename[1]) {
funcid = atoi(opts->filename[1]);
}
cli_bytecode_context_setfuncid(ctx, bc, funcid);
if (debug_flag)
printf("[clambc] Running bytecode function :%u\n", funcid);
if (opts->filename[1]) {
i=2;
while (opts->filename[i]) {
rc = cli_bytecode_context_setparam_int(ctx, i-2, atoi(opts->filename[i]));
if (rc != CL_SUCCESS) {
fprintf(stderr,"Unable to set param %u: %s\n", i-2, cl_strerror(rc));
}
i++;
}
}
if ((opt = optget(opts,"input"))->enabled) {
fd = open(opt->strarg, O_RDONLY);
if (fd == -1) {
fprintf(stderr, "Unable to open input file %s: %s\n", opt->strarg, strerror(errno));
optfree(opts);
exit(5);
}
map = fmap(fd, 0, 0);
if (!map) {
fprintf(stderr, "Unable to map input file %s\n", opt->strarg);
exit(5);
}
rc = cli_bytecode_context_setfile(ctx, map);
if (rc != CL_SUCCESS) {
fprintf(stderr, "Unable to set file %s: %s\n", opt->strarg, cl_strerror(rc));
optfree(opts);
exit(5);
}
}
/* for testing */
ctx->hooks.match_counts = deadbeefcounts;
ctx->hooks.match_offsets = deadbeefcounts;
rc = cli_bytecode_run(&bcs, bc, ctx);
if (rc != CL_SUCCESS) {
fprintf(stderr,"Unable to run bytecode: %s\n", cl_strerror(rc));
} else {
uint64_t v;
if (debug_flag)
printf("[clambc] Bytecode run finished\n");
v = cli_bytecode_context_getresult_int(ctx);
if (debug_flag)
printf("[clambc] Bytecode returned: 0x%llx\n", (long long)v);
}
cli_bytecode_context_destroy(ctx);
if (map)
funmap(map);
cl_engine_free(engine);
free(cctx.fmap);
}
cli_bytecode_destroy(bc);
cli_bytecode_done(&bcs);
free(bc);
optfree(opts);
if (fd != -1)
close(fd);
if (debug_flag)
printf("[clambc] Exiting\n");
cl_cleanup_crypto();
return 0;
}
/*
* TODO:
* - strptime() is most likely not portable enough
*/
int submitstats(const char *clamdcfg, const struct optstruct *opts)
{
int fd, sd, bread, lread = 0, cnt, ret;
char post[SUBMIT_MIN_ENTRIES * 256 + 512];
char query[SUBMIT_MIN_ENTRIES * 256];
char buff[512], statsdat[512], newstatsdat[512], uastr[128];
char logfile[256], fbuff[FILEBUFF];
char *pt, *pt2, *auth = NULL;
const char *line, *country = NULL, *user, *proxy = NULL;
struct optstruct *clamdopt;
const struct optstruct *opt;
struct stat sb;
struct tm tms;
time_t epoch;
unsigned int qcnt, entries, submitted = 0, permfail = 0, port = 0;
if((opt = optget(opts, "DetectionStatsCountry"))->enabled) {
if(strlen(opt->strarg) != 2 || !isalpha(opt->strarg[0]) || !isalpha(opt->strarg[1])) {
logg("!SubmitDetectionStats: DetectionStatsCountry requires a two-letter country code\n");
return 56;
}
country = opt->strarg;
}
if(!(clamdopt = optparse(clamdcfg, 0, NULL, 1, OPT_CLAMD, 0, NULL))) {
logg("!SubmitDetectionStats: Can't open or parse configuration file %s\n", clamdcfg);
return 56;
}
if(!(opt = optget(clamdopt, "LogFile"))->enabled) {
logg("!SubmitDetectionStats: LogFile needs to be enabled in %s\n", clamdcfg);
optfree(clamdopt);
return 56;
}
strncpy(logfile, opt->strarg, sizeof(logfile));
logfile[sizeof(logfile) - 1] = 0;
if(!optget(clamdopt, "LogTime")->enabled) {
logg("!SubmitDetectionStats: LogTime needs to be enabled in %s\n", clamdcfg);
optfree(clamdopt);
return 56;
}
optfree(clamdopt);
if((fd = open("stats.dat", O_RDONLY)) != -1) {
if((bread = read(fd, statsdat, sizeof(statsdat) - 1)) == -1) {
logg("^SubmitDetectionStats: Can't read stats.dat\n");
bread = 0;
}
statsdat[bread] = 0;
close(fd);
} else {
*statsdat = 0;
}
if((fd = open(logfile, O_RDONLY)) == -1) {
logg("!SubmitDetectionStats: Can't open %s for reading\n", logfile);
return 56;
}
if(fstat(fd, &sb) == -1) {
logg("!SubmitDetectionStats: fstat() failed\n");
close(fd);
return 56;
}
while((line = readbline(fd, fbuff, FILEBUFF, sb.st_size, &lread)))
if(strlen(line) >= 32 && !strcmp(&line[strlen(line) - 6], " FOUND"))
break;
if(!line) {
logg("SubmitDetectionStats: No detection records found\n");
close(fd);
return 1;
}
if(*statsdat && !strcmp(line, statsdat)) {
logg("SubmitDetectionStats: No new detection records found\n");
close(fd);
return 1;
} else {
strncpy(newstatsdat, line, sizeof(newstatsdat));
}
if((opt = optget(opts, "HTTPUserAgent"))->enabled)
strncpy(uastr, opt->strarg, sizeof(uastr));
else
snprintf(uastr, sizeof(uastr), PACKAGE"/%s (OS: "TARGET_OS_TYPE", ARCH: "TARGET_ARCH_TYPE", CPU: "TARGET_CPU_TYPE")%s%s", get_version(), country ? ":" : "", country ? country : "");
uastr[sizeof(uastr) - 1] = 0;
if((opt = optget(opts, "HTTPProxyServer"))->enabled) {
proxy = opt->strarg;
if(!strncasecmp(proxy, "http://", 7))
proxy += 7;
if((opt = optget(opts, "HTTPProxyUsername"))->enabled) {
user = opt->strarg;
if(!(opt = optget(opts, "HTTPProxyPassword"))->enabled) {
logg("!SubmitDetectionStats: HTTPProxyUsername requires HTTPProxyPassword\n");
close(fd);
return 56;
}
auth = proxyauth(user, opt->strarg);
if(!auth) {
close(fd);
return 56;
}
}
if((opt = optget(opts, "HTTPProxyPort"))->enabled)
port = opt->numarg;
logg("*Connecting via %s\n", proxy);
}
ret = 0;
memset(query, 0, sizeof(query));
qcnt = 0;
entries = 0;
do {
if(strlen(line) < 32 || strcmp(&line[strlen(line) - 6], " FOUND"))
continue;
if(*statsdat && !strcmp(line, statsdat))
break;
strncpy(buff, line, sizeof(buff));
buff[sizeof(buff) - 1] = 0;
if(!(pt = strstr(buff, " -> "))) {
logg("*SubmitDetectionStats: Skipping detection entry logged without time\b");
continue;
}
*pt = 0;
pt += 4;
if(!strptime(buff, "%a %b %d %H:%M:%S %Y", &tms) || (epoch = mktime(&tms)) == -1) {
logg("!SubmitDetectionStats: Failed to convert date string\n");
ret = 1;
break;
}
pt2 = &pt[strlen(pt) - 6];
*pt2 = 0;
if(!(pt2 = strrchr(pt, ':'))) {
logg("!SubmitDetectionStats: Incorrect format of the log file (1)\n");
ret = 1;
break;
}
*pt2 = 0;
pt2 += 2;
#ifdef C_WINDOWS
if((pt = strrchr(pt, '\\')))
#else
if((pt = strrchr(pt, '/')))
#endif
*pt++ = 0;
if(!pt)
pt = (char*) "NOFNAME";
qcnt += snprintf(&query[qcnt], sizeof(query) - qcnt, "ts[]=%u&fname[]=%s&virus[]=%s&", (unsigned int) epoch, pt, pt2);
entries++;
if(entries == SUBMIT_MIN_ENTRIES) {
sd = wwwconnect("stats.clamav.net", proxy, port, NULL, optget(opts, "LocalIPAddress")->strarg, optget(opts, "ConnectTimeout")->numarg, NULL, 0, 0);
if(sd == -1) {
logg("!SubmitDetectionStats: Can't connect to server\n");
ret = 52;
break;
}
query[sizeof(query) - 1] = 0;
snprintf(post, sizeof(post),
"POST http://stats.clamav.net/submit.php HTTP/1.0\r\n"
"Host: stats.clamav.net\r\n%s"
"Content-Type: application/x-www-form-urlencoded\r\n"
"User-Agent: %s\r\n"
"Content-Length: %u\r\n\n"
"%s",
auth ? auth : "", uastr, (unsigned int) strlen(query), query);
if(send(sd, post, strlen(post), 0) < 0) {
logg("!SubmitDetectionStats: Can't write to socket\n");
ret = 52;
closesocket(sd);
break;
}
pt = post;
cnt = sizeof(post) - 1;
#ifdef SO_ERROR
while((bread = wait_recv(sd, pt, cnt, 0, optget(opts, "ReceiveTimeout")->numarg)) > 0) {
#else
while((bread = recv(sd, pt, cnt, 0)) > 0) {
#endif
pt += bread;
cnt -= bread;
if(cnt <= 0)
break;
}
*pt = 0;
closesocket(sd);
if(bread < 0) {
logg("!SubmitDetectionStats: Can't read from socket\n");
ret = 52;
break;
}
if(strstr(post, "SUBMIT_OK")) {
submitted += entries;
if(submitted + SUBMIT_MIN_ENTRIES > SUBMIT_MAX_ENTRIES)
break;
qcnt = 0;
entries = 0;
memset(query, 0, sizeof(query));
continue;
}
ret = 52;
if((pt = strstr(post, "SUBMIT_PERMANENT_FAILURE"))) {
if(!submitted) {
permfail = 1;
if((pt + 32 <= post + sizeof(post)) && pt[24] == ':')
logg("!SubmitDetectionStats: Remote server reported permanent failure: %s\n", &pt[25]);
else
logg("!SubmitDetectionStats: Remote server reported permanent failure\n");
}
} else if((pt = strstr(post, "SUBMIT_TEMPORARY_FAILURE"))) {
if(!submitted) {
if((pt + 32 <= post + sizeof(post)) && pt[24] == ':')
logg("!SubmitDetectionStats: Remote server reported temporary failure: %s\n", &pt[25]);
else
logg("!SubmitDetectionStats: Remote server reported temporary failure\n");
}
} else {
if(!submitted)
logg("!SubmitDetectionStats: Incorrect answer from server\n");
}
break;
}
} while((line = readbline(fd, fbuff, FILEBUFF, sb.st_size, &lread)));
close(fd);
if(auth)
free(auth);
if(submitted || permfail) {
if((fd = open("stats.dat", O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) {
logg("^SubmitDetectionStats: Can't open stats.dat for writing\n");
} else {
if((bread = write(fd, newstatsdat, sizeof(newstatsdat))) != sizeof(newstatsdat))
logg("^SubmitDetectionStats: Can't write to stats.dat\n");
close(fd);
}
}
if(ret == 0) {
if(!submitted)
logg("SubmitDetectionStats: Not enough recent data for submission\n");
else
logg("SubmitDetectionStats: Submitted %u records\n", submitted);
}
return ret;
}
static int Rfc2822DateTime(char *buf, time_t mtime)
{
struct tm *gmt;
gmt = gmtime(&mtime);
return strftime(buf, 36, "%a, %d %b %Y %X GMT", gmt);
}
static struct cl_cvd *remote_cvdhead(const char *cvdfile, const char *localfile, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, int *ims, int ctimeout, int rtimeout, struct mirdat *mdat, int logerr, unsigned int can_whitelist)
{
char cmd[512], head[513], buffer[FILEBUFF], ipaddr[46], *ch, *tmp;
int bread, cnt, sd;
unsigned int i, j;
char *remotename = NULL, *authorization = NULL;
struct cl_cvd *cvd;
char last_modified[36], uastr[128];
if(proxy) {
remotename = malloc(strlen(hostname) + 8);
if(!remotename) {
logg("!remote_cvdhead: Can't allocate memory for 'remotename'\n");
return NULL;
}
sprintf(remotename, "http://%s", hostname);
if(user) {
authorization = proxyauth(user, pass);
if(!authorization) {
free(remotename);
return NULL;
}
}
}
if(!access(localfile, R_OK)) {
cvd = cl_cvdhead(localfile);
if(!cvd) {
logg("!remote_cvdhead: Can't parse file %s\n", localfile);
free(remotename);
free(authorization);
return NULL;
}
Rfc2822DateTime(last_modified, (time_t) cvd->stime);
cl_cvdfree(cvd);
} else {
time_t mtime = 1104119530;
Rfc2822DateTime(last_modified, mtime);
logg("*Assuming modification time in the past\n");
}
logg("*If-Modified-Since: %s\n", last_modified);
logg("Reading CVD header (%s): ", cvdfile);
if(uas)
strncpy(uastr, uas, sizeof(uastr));
else
snprintf(uastr, sizeof(uastr), PACKAGE"/%s (OS: "TARGET_OS_TYPE", ARCH: "TARGET_ARCH_TYPE", CPU: "TARGET_CPU_TYPE")", get_version());
uastr[sizeof(uastr) - 1] = 0;
snprintf(cmd, sizeof(cmd),
"GET %s/%s HTTP/1.0\r\n"
"Host: %s\r\n%s"
"User-Agent: %s\r\n"
"Connection: close\r\n"
"Range: bytes=0-511\r\n"
"If-Modified-Since: %s\r\n"
"\r\n", (remotename != NULL) ? remotename : "", cvdfile, hostname, (authorization != NULL) ? authorization : "", uastr, last_modified);
free(remotename);
free(authorization);
memset(ipaddr, 0, sizeof(ipaddr));
if(ip[0]) /* use ip to connect */
sd = wwwconnect(ip, proxy, port, ipaddr, localip, ctimeout, mdat, logerr, can_whitelist);
else
sd = wwwconnect(hostname, proxy, port, ipaddr, localip, ctimeout, mdat, logerr, can_whitelist);
if(sd < 0) {
return NULL;
} else {
logg("*Connected to %s (IP: %s).\n", hostname, ipaddr);
logg("*Trying to retrieve CVD header of http://%s/%s\n", hostname, cvdfile);
}
if(!ip[0])
strcpy(ip, ipaddr);
if(send(sd, cmd, strlen(cmd), 0) < 0) {
logg("%cremote_cvdhead: write failed\n", logerr ? '!' : '^');
closesocket(sd);
return NULL;
}
tmp = buffer;
cnt = FILEBUFF;
#ifdef SO_ERROR
while((bread = wait_recv(sd, tmp, cnt, 0, rtimeout)) > 0) {
#else
while((bread = recv(sd, tmp, cnt, 0)) > 0) {
#endif
tmp += bread;
cnt -= bread;
if(cnt <= 0)
break;
}
closesocket(sd);
if(bread == -1) {
logg("%cremote_cvdhead: Error while reading CVD header from %s\n", logerr ? '!' : '^', hostname);
mirman_update(mdat->currip, mdat->af, mdat, 1);
return NULL;
}
if((strstr(buffer, "HTTP/1.1 404")) != NULL || (strstr(buffer, "HTTP/1.0 404")) != NULL) {
logg("%cCVD file not found on remote server\n", logerr ? '!' : '^');
mirman_update(mdat->currip, mdat->af, mdat, 2);
return NULL;
}
/* check whether the resource is up-to-date */
if((strstr(buffer, "HTTP/1.1 304")) != NULL || (strstr(buffer, "HTTP/1.0 304")) != NULL) {
*ims = 0;
logg("OK (IMS)\n");
mirman_update(mdat->currip, mdat->af, mdat, 0);
return NULL;
} else {
*ims = 1;
}
if(!strstr(buffer, "HTTP/1.1 200") && !strstr(buffer, "HTTP/1.0 200") &&
!strstr(buffer, "HTTP/1.1 206") && !strstr(buffer, "HTTP/1.0 206")) {
logg("%cUnknown response from remote server\n", logerr ? '!' : '^');
mirman_update(mdat->currip, mdat->af, mdat, 1);
return NULL;
}
i = 3;
ch = buffer + i;
while(i < sizeof(buffer)) {
if (*ch == '\n' && *(ch - 1) == '\r' && *(ch - 2) == '\n' && *(ch - 3) == '\r') {
ch++;
i++;
break;
}
ch++;
i++;
}
if(sizeof(buffer) - i < 512) {
logg("%cremote_cvdhead: Malformed CVD header (too short)\n", logerr ? '!' : '^');
mirman_update(mdat->currip, mdat->af, mdat, 1);
return NULL;
}
memset(head, 0, sizeof(head));
for(j = 0; j < 512; j++) {
if(!ch || (ch && !*ch) || (ch && !isprint(ch[j]))) {
logg("%cremote_cvdhead: Malformed CVD header (bad chars)\n", logerr ? '!' : '^');
mirman_update(mdat->currip, mdat->af, mdat, 1);
return NULL;
}
head[j] = ch[j];
}
if(!(cvd = cl_cvdparse(head))) {
logg("%cremote_cvdhead: Malformed CVD header (can't parse)\n", logerr ? '!' : '^');
mirman_update(mdat->currip, mdat->af, mdat, 1);
} else {
logg("OK\n");
mirman_update(mdat->currip, mdat->af, mdat, 0);
}
return cvd;
}
static int getfile(const char *srcfile, const char *destfile, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, int ctimeout, int rtimeout, struct mirdat *mdat, int logerr, unsigned int can_whitelist)
{
char cmd[512], uastr[128], buffer[FILEBUFF], *ch;
int bread, fd, totalsize = 0, rot = 0, totaldownloaded = 0,
percentage = 0, sd;
unsigned int i;
char *remotename = NULL, *authorization = NULL, *headerline, ipaddr[46];
const char *rotation = "|/-\\";
#ifdef FILTER_RULES
pid_t pid = -1;
#endif
if(proxy) {
remotename = malloc(strlen(hostname) + 8);
if(!remotename) {
logg("!getfile: Can't allocate memory for 'remotename'\n");
return 75; /* FIXME */
}
sprintf(remotename, "http://%s", hostname);
if(user) {
authorization = proxyauth(user, pass);
if(!authorization) {
free(remotename);
return 75; /* FIXME */
}
}
}
if(uas)
strncpy(uastr, uas, sizeof(uastr));
else
snprintf(uastr, sizeof(uastr), PACKAGE"/%s (OS: "TARGET_OS_TYPE", ARCH: "TARGET_ARCH_TYPE", CPU: "TARGET_CPU_TYPE")", get_version());
uastr[sizeof(uastr) - 1] = 0;
snprintf(cmd, sizeof(cmd),
"GET %s/%s HTTP/1.0\r\n"
"Host: %s\r\n%s"
"User-Agent: %s\r\n"
#ifdef FRESHCLAM_NO_CACHE
"Cache-Control: no-cache\r\n"
#endif
"Connection: close\r\n"
"\r\n", (remotename != NULL) ? remotename : "", srcfile, hostname, (authorization != NULL) ? authorization : "", uastr);
if(remotename)
free(remotename);
if(authorization)
free(authorization);
memset(ipaddr, 0, sizeof(ipaddr));
if(ip[0]) /* use ip to connect */
sd = wwwconnect(ip, proxy, port, ipaddr, localip, ctimeout, mdat, logerr, can_whitelist);
else
sd = wwwconnect(hostname, proxy, port, ipaddr, localip, ctimeout, mdat, logerr, can_whitelist);
if(sd < 0) {
return 52;
} else {
logg("*Trying to download http://%s/%s (IP: %s)\n", hostname, srcfile, ipaddr);
}
if(!ip[0])
strcpy(ip, ipaddr);
if(send(sd, cmd, strlen(cmd), 0) < 0) {
logg("%cgetfile: Can't write to socket\n", logerr ? '!' : '^');
closesocket(sd);
return 52;
}
/* read http headers */
ch = buffer;
i = 0;
while(1) {
/* recv one byte at a time, until we reach \r\n\r\n */
#ifdef SO_ERROR
if((i >= sizeof(buffer) - 1) || wait_recv(sd, buffer + i, 1, 0, rtimeout) == -1) {
#else
if((i >= sizeof(buffer) - 1) || recv(sd, buffer + i, 1, 0) == -1) {
#endif
logg("%cgetfile: Error while reading database from %s (IP: %s)\n", logerr ? '!' : '^', hostname, ipaddr);
mirman_update(mdat->currip, mdat->af, mdat, 1);
closesocket(sd);
return 52;
}
if(i > 2 && *ch == '\n' && *(ch - 1) == '\r' && *(ch - 2) == '\n' && *(ch - 3) == '\r') {
i++;
break;
}
ch++;
i++;
}
buffer[i] = 0;
/* check whether the resource actually existed or not */
if((strstr(buffer, "HTTP/1.1 404")) != NULL || (strstr(buffer, "HTTP/1.0 404")) != NULL) {
logg("^getfile: %s not found on remote server (IP: %s)\n", srcfile, ipaddr);
mirman_update(mdat->currip, mdat->af, mdat, 2);
closesocket(sd);
return 58;
}
if(!strstr(buffer, "HTTP/1.1 200") && !strstr(buffer, "HTTP/1.0 200") &&
!strstr(buffer, "HTTP/1.1 206") && !strstr(buffer, "HTTP/1.0 206")) {
logg("%cgetfile: Unknown response from remote server (IP: %s)\n", logerr ? '!' : '^', ipaddr);
mirman_update(mdat->currip, mdat->af, mdat, 1);
closesocket(sd);
return 58;
}
/* get size of resource */
for(i = 0; (headerline = cli_strtok(buffer, i, "\n")); i++){
if(strstr(headerline, "Content-Length:")) {
if((ch = cli_strtok(headerline, 1, ": "))) {
totalsize = atoi(ch);
free(ch);
} else {
totalsize = 0;
}
}
free(headerline);
}
#ifdef FILTER_RULES
{
int pfd[2];
if (pipe(pfd) == -1) {
logg("!getfile: Can't create pipe to filter\n");
closesocket(sd);
return 57;
}
pid = fork();
if (pid == -1) {
logg("!getfile: Can't filter fork failed\n");
closesocket(sd);
return 57;
}
if (pid == 0) {
/* Child */
close(pfd[1]);
dup2(pfd[0], 0);
close(pfd[0]);
execl("/bin/clamfilter", "clamfilter", destfile, NULL);
_exit(1);
}
/* Parent */
close(pfd[0]);
fd = pfd[1];
destfile = "clam-filter";
}
#else
if((fd = open(destfile, O_WRONLY|O_CREAT|O_EXCL|O_BINARY, 0644)) == -1) {
char currdir[512];
if(getcwd(currdir, sizeof(currdir)))
logg("!getfile: Can't create new file %s in %s\n", destfile, currdir);
else
logg("!getfile: Can't create new file %s in the current directory\n", destfile);
logg("Hint: The database directory must be writable for UID %d or GID %d\n", getuid(), getgid());
closesocket(sd);
return 57;
}
#endif
#ifdef SO_ERROR
while((bread = wait_recv(sd, buffer, FILEBUFF, 0, rtimeout)) > 0) {
#else
while((bread = recv(sd, buffer, FILEBUFF, 0)) > 0) {
#endif
if(write(fd, buffer, bread) != bread) {
logg("getfile: Can't write %d bytes to %s\n", bread, destfile);
#ifdef FILTER_RULES
// if (pid == -1)
// unlink(destfile);
#else
unlink(destfile);
#endif
close(fd);
closesocket(sd);
return 57; /* FIXME */
}
if(totalsize > 0) {
totaldownloaded += bread;
percentage = (int) (100 * (float) totaldownloaded / totalsize);
}
if(!mprintf_quiet) {
if(totalsize > 0) {
mprintf("Downloading %s [%3i%%]\r", srcfile, percentage);
} else {
mprintf("Downloading %s [%c]\r", srcfile, rotation[rot]);
rot++;
rot %= 4;
}
fflush(stdout);
}
}
closesocket(sd);
close(fd);
#ifdef FILTER_RULES
/*if (pid != -1)*/ {
int status;
waitpid(pid, &status, 0);
if (! WIFEXITED(status) || WEXITSTATUS(status) != 0) {
logg("!getfile: Filter failed\n");
return 57;
}
}
#endif
if(totalsize > 0)
logg("Downloading %s [%i%%]\n", srcfile, percentage);
else
logg("Downloading %s [*]\n", srcfile);
mirman_update(mdat->currip, mdat->af, mdat, 0);
return 0;
}
static int getcvd(const char *cvdfile, const char *newfile, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, unsigned int newver, int ctimeout, int rtimeout, struct mirdat *mdat, int logerr, unsigned int can_whitelist)
{
struct cl_cvd *cvd;
int ret;
logg("*Retrieving http://%s/%s\n", hostname, cvdfile);
if((ret = getfile(cvdfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, ctimeout, rtimeout, mdat, logerr, can_whitelist))) {
logg("%cCan't download %s from %s\n", logerr ? '!' : '^', cvdfile, hostname);
unlink(newfile);
return ret;
}
if((ret = cl_cvdverify(newfile))) {
logg("!Verification: %s\n", cl_strerror(ret));
unlink(newfile);
return 54;
}
if(!(cvd = cl_cvdhead(newfile))) {
logg("!Can't read CVD header of new %s database.\n", cvdfile);
unlink(newfile);
return 54;
}
if(cvd->version < newver) {
logg("^Mirror %s is not synchronized.\n", ip);
mirman_update(mdat->currip, mdat->af, mdat, 2);
cl_cvdfree(cvd);
unlink(newfile);
return 59;
}
cl_cvdfree(cvd);
return 0;
}
static int chdir_tmp(const char *dbname, const char *tmpdir)
{
char cvdfile[32];
if(access(tmpdir, R_OK|W_OK) == -1) {
sprintf(cvdfile, "%s.cvd", dbname);
if(access(cvdfile, R_OK) == -1) {
sprintf(cvdfile, "%s.cld", dbname);
if(access(cvdfile, R_OK) == -1) {
logg("!chdir_tmp: Can't access local %s database\n", dbname);
return -1;
}
}
if(mkdir(tmpdir, 0755) == -1) {
logg("!chdir_tmp: Can't create directory %s\n", tmpdir);
return -1;
}
if(cli_cvdunpack(cvdfile, tmpdir) == -1) {
logg("!chdir_tmp: Can't unpack %s into %s\n", cvdfile, tmpdir);
cli_rmdirs(tmpdir);
return -1;
}
}
if(chdir(tmpdir) == -1) {
logg("!chdir_tmp: Can't change directory to %s\n", tmpdir);
return -1;
}
return 0;
}
static int getpatch(const char *dbname, const char *tmpdir, int version, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, int ctimeout, int rtimeout, struct mirdat *mdat, int logerr, unsigned int can_whitelist)
{
char *tempname, patch[32], olddir[512];
int ret, fd;
if(!getcwd(olddir, sizeof(olddir))) {
logg("!getpatch: Can't get path of current working directory\n");
return 50; /* FIXME */
}
if(chdir_tmp(dbname, tmpdir) == -1)
return 50;
tempname = cli_gentemp(".");
snprintf(patch, sizeof(patch), "%s-%d.cdiff", dbname, version);
logg("*Retrieving http://%s/%s\n", hostname, patch);
if((ret = getfile(patch, tempname, hostname, ip, localip, proxy, port, user, pass, uas, ctimeout, rtimeout, mdat, logerr, can_whitelist))) {
logg("%cgetpatch: Can't download %s from %s\n", logerr ? '!' : '^', patch, hostname);
unlink(tempname);
free(tempname);
CHDIR_ERR(olddir);
return ret;
}
if((fd = open(tempname, O_RDONLY|O_BINARY)) == -1) {
logg("!getpatch: Can't open %s for reading\n", tempname);
unlink(tempname);
free(tempname);
CHDIR_ERR(olddir);
return 55;
}
if(cdiff_apply(fd, 1) == -1) {
logg("!getpatch: Can't apply patch\n");
close(fd);
unlink(tempname);
free(tempname);
CHDIR_ERR(olddir);
return 70; /* FIXME */
}
close(fd);
unlink(tempname);
free(tempname);
if(chdir(olddir) == -1) {
logg("!getpatch: Can't chdir to %s\n", olddir);
return 50; /* FIXME */
}
return 0;
}
static void scanfile(const char *filename, struct cl_engine *engine, const struct optstruct *opts, unsigned int options)
{
int ret = 0, fd, included;
unsigned i;
const struct optstruct *opt;
const char *virname;
STATBUF sb;
struct metachain chain;
struct clamscan_cb_data data;
if((opt = optget(opts, "exclude"))->enabled) {
while(opt) {
if(match_regex(filename, opt->strarg) == 1) {
if(!printinfected)
logg("~%s: Excluded\n", filename);
return;
}
opt = opt->nextarg;
}
}
if((opt = optget(opts, "include"))->enabled) {
included = 0;
while(opt) {
if(match_regex(filename, opt->strarg) == 1) {
included = 1;
break;
}
opt = opt->nextarg;
}
if(!included) {
if(!printinfected)
logg("~%s: Excluded\n", filename);
return;
}
}
/* argh, don't scan /proc files */
if(CLAMSTAT(filename, &sb) != -1) {
#ifdef C_LINUX
if(procdev && sb.st_dev == procdev) {
if(!printinfected)
logg("~%s: Excluded (/proc)\n", filename);
return;
}
#endif
if(!sb.st_size) {
if(!printinfected)
logg("~%s: Empty file\n", filename);
return;
}
info.rblocks += sb.st_size / CL_COUNT_PRECISION;
}
#ifndef _WIN32
if(geteuid()) {
if(checkaccess(filename, NULL, R_OK) != 1) {
if(!printinfected)
logg("~%s: Access denied\n", filename);
info.errors++;
return;
}
}
#endif
memset(&chain, 0, sizeof(chain));
if(optget(opts, "archive-verbose")->enabled) {
chain.chains = malloc(sizeof(char **));
if (chain.chains) {
chain.chains[0] = strdup(filename);
if (!chain.chains[0]) {
free(chain.chains);
logg("Unable to allocate memory in scanfile()\n");
info.errors++;
return;
}
chain.nchains = 1;
}
}
logg("*Scanning %s\n", filename);
if((fd = safe_open(filename, O_RDONLY|O_BINARY)) == -1) {
logg("^Can't open file %s: %s\n", filename, strerror(errno));
info.errors++;
return;
}
data.chain = &chain;
data.filename = filename;
if((ret = cl_scandesc_callback(fd, &virname, &info.blocks, engine, options, &data)) == CL_VIRUS) {
if(optget(opts, "archive-verbose")->enabled) {
if (chain.nchains > 1) {
char str[128];
int toolong = print_chain(&chain, str, sizeof(str));
logg("~%s%s!(%llu)%s: %s FOUND\n", str, toolong ? "..." : "", (long long unsigned)(chain.lastvir-1), chain.chains[chain.nchains-1], virname);
} else if (chain.lastvir) {
logg("~%s!(%llu): %s FOUND\n", filename, (long long unsigned)(chain.lastvir-1), virname);
}
}
info.files++;
info.ifiles++;
if(bell)
fprintf(stderr, "\007");
} else if(ret == CL_CLEAN) {
if(!printinfected && printclean)
mprintf("~%s: OK\n", filename);
info.files++;
} else {
if(!printinfected)
logg("~%s: %s ERROR\n", filename, cl_strerror(ret));
info.errors++;
}
for (i=0;i<chain.nchains;i++)
free(chain.chains[i]);
free(chain.chains);
close(fd);
if(ret == CL_VIRUS && action)
action(filename);
}
int main(int argc, char **argv)
{
static struct cl_engine *engine = NULL;
const struct optstruct *opt;
#ifndef _WIN32
struct passwd *user = NULL;
struct sigaction sa;
struct rlimit rlim;
#endif
time_t currtime;
const char *dbdir, *cfgfile;
char *pua_cats = NULL, *pt;
int ret, tcpsock = 0, localsock = 0, i, min_port, max_port;
unsigned int sigs = 0;
int lsockets[2], nlsockets = 0;
unsigned int dboptions = 0;
#ifdef C_LINUX
STATBUF sb;
#endif
if(check_flevel())
exit(1);
#ifndef _WIN32
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGUSR2, &sa, NULL);
#endif
if((opts = optparse(NULL, argc, argv, 1, OPT_CLAMD, 0, NULL)) == NULL) {
mprintf("!Can't parse command line options\n");
return 1;
}
if(optget(opts, "help")->enabled) {
help();
optfree(opts);
return 0;
}
if(optget(opts, "debug")->enabled) {
#if defined(C_LINUX)
/* [email protected]: create a dump if needed */
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
if(setrlimit(RLIMIT_CORE, &rlim) < 0)
perror("setrlimit");
#endif
debug_mode = 1;
}
/* parse the config file */
cfgfile = optget(opts, "config-file")->strarg;
pt = strdup(cfgfile);
if((opts = optparse(cfgfile, 0, NULL, 1, OPT_CLAMD, 0, opts)) == NULL) {
fprintf(stderr, "ERROR: Can't open/parse the config file %s\n", pt);
free(pt);
return 1;
}
free(pt);
if(optget(opts, "version")->enabled) {
print_version(optget(opts, "DatabaseDirectory")->strarg);
optfree(opts);
return 0;
}
/* drop privileges */
#ifndef _WIN32
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
if((user = getpwnam(opt->strarg)) == NULL) {
fprintf(stderr, "ERROR: Can't get information about user %s.\n", opt->strarg);
optfree(opts);
return 1;
}
if(optget(opts, "AllowSupplementaryGroups")->enabled) {
#ifdef HAVE_INITGROUPS
if(initgroups(opt->strarg, user->pw_gid)) {
fprintf(stderr, "ERROR: initgroups() failed.\n");
optfree(opts);
return 1;
}
#else
mprintf("!AllowSupplementaryGroups: initgroups() is not available, please disable AllowSupplementaryGroups in %s\n", cfgfile);
optfree(opts);
return 1;
#endif
} else {
#ifdef HAVE_SETGROUPS
if(setgroups(1, &user->pw_gid)) {
fprintf(stderr, "ERROR: setgroups() failed.\n");
optfree(opts);
return 1;
}
#endif
}
if(setgid(user->pw_gid)) {
fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid);
optfree(opts);
return 1;
}
if(setuid(user->pw_uid)) {
fprintf(stderr, "ERROR: setuid(%d) failed.\n", (int) user->pw_uid);
optfree(opts);
return 1;
}
}
#endif
/* initialize logger */
logg_lock = !optget(opts, "LogFileUnlock")->enabled;
logg_time = optget(opts, "LogTime")->enabled;
logok = optget(opts, "LogClean")->enabled;
logg_size = optget(opts, "LogFileMaxSize")->numarg;
logg_verbose = mprintf_verbose = optget(opts, "LogVerbose")->enabled;
if (logg_size)
logg_rotate = optget(opts, "LogRotate")->enabled;
mprintf_send_timeout = optget(opts, "SendBufTimeout")->numarg;
do { /* logger initialized */
if((opt = optget(opts, "LogFile"))->enabled) {
char timestr[32];
logg_file = opt->strarg;
if(!cli_is_abspath(logg_file)) {
fprintf(stderr, "ERROR: LogFile requires full path.\n");
ret = 1;
break;
}
time(&currtime);
if(logg("#+++ Started at %s", cli_ctime(&currtime, timestr, sizeof(timestr)))) {
fprintf(stderr, "ERROR: Can't initialize the internal logger\n");
ret = 1;
break;
}
} else
logg_file = NULL;
if (optget(opts,"DevLiblog")->enabled)
cl_set_clcb_msg(msg_callback);
if((ret = cl_init(CL_INIT_DEFAULT))) {
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret));
ret = 1;
break;
}
if(optget(opts, "Debug")->enabled) /* enable debug messages in libclamav */ {
cl_debug();
logg_verbose = 2;
}
#if defined(USE_SYSLOG) && !defined(C_AIX)
if(optget(opts, "LogSyslog")->enabled) {
int fac = LOG_LOCAL6;
opt = optget(opts, "LogFacility");
if((fac = logg_facility(opt->strarg)) == -1) {
logg("!LogFacility: %s: No such facility.\n", opt->strarg);
ret = 1;
break;
}
openlog("clamd", LOG_PID, fac);
logg_syslog = 1;
}
#endif
#ifdef C_LINUX
procdev = 0;
if(CLAMSTAT("/proc", &sb) != -1 && !sb.st_size)
procdev = sb.st_dev;
#endif
/* check socket type */
if(optget(opts, "TCPSocket")->enabled)
tcpsock = 1;
if(optget(opts, "LocalSocket")->enabled)
localsock = 1;
if(!tcpsock && !localsock) {
logg("!Please define server type (local and/or TCP).\n");
ret = 1;
break;
}
logg("#clamd daemon %s (OS: "TARGET_OS_TYPE", ARCH: "TARGET_ARCH_TYPE", CPU: "TARGET_CPU_TYPE")\n", get_version());
#ifndef _WIN32
if(user)
logg("#Running as user %s (UID %u, GID %u)\n", user->pw_name, user->pw_uid, user->pw_gid);
#endif
#if defined(RLIMIT_DATA) && defined(C_BSD)
if (getrlimit(RLIMIT_DATA, &rlim) == 0) {
/* bb #1941.
* On 32-bit FreeBSD if you set ulimit -d to >2GB then mmap() will fail
* too soon (after ~120 MB).
* Set limit lower than 2G if on 32-bit */
uint64_t lim = rlim.rlim_cur;
if (sizeof(void*) == 4 &&
lim > (1ULL << 31)) {
rlim.rlim_cur = 1ULL << 31;
if (setrlimit(RLIMIT_DATA, &rlim) < 0)
logg("!setrlimit(RLIMIT_DATA) failed: %s\n", strerror(errno));
else
logg("Running on 32-bit system, and RLIMIT_DATA > 2GB, lowering to 2GB!\n");
}
}
#endif
if(logg_size)
logg("#Log file size limited to %u bytes.\n", logg_size);
else
logg("#Log file size limit disabled.\n");
min_port = optget(opts, "StreamMinPort")->numarg;
max_port = optget(opts, "StreamMaxPort")->numarg;
if (min_port < 1024 || min_port > max_port || max_port > 65535) {
logg("!Invalid StreamMinPort/StreamMaxPort: %d, %d\n", min_port, max_port);
ret = 1;
break;
}
if(!(engine = cl_engine_new())) {
logg("!Can't initialize antivirus engine\n");
ret = 1;
break;
}
/* load the database(s) */
dbdir = optget(opts, "DatabaseDirectory")->strarg;
logg("#Reading databases from %s\n", dbdir);
if(optget(opts, "DetectPUA")->enabled) {
dboptions |= CL_DB_PUA;
if((opt = optget(opts, "ExcludePUA"))->enabled) {
dboptions |= CL_DB_PUA_EXCLUDE;
i = 0;
logg("#Excluded PUA categories:");
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
cl_engine_free(engine);
ret = 1;
break;
}
logg("# %s", opt->strarg);
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
opt = opt->nextarg;
}
if (ret)
break;
logg("#\n");
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if((opt = optget(opts, "IncludePUA"))->enabled) {
if(pua_cats) {
logg("!ExcludePUA and IncludePUA cannot be used at the same time\n");
free(pua_cats);
ret = 1;
break;
}
dboptions |= CL_DB_PUA_INCLUDE;
i = 0;
logg("#Included PUA categories:");
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
ret = 1;
break;
}
logg("# %s", opt->strarg);
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
opt = opt->nextarg;
}
if (ret)
break;
logg("#\n");
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if(pua_cats) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_PUA_CATEGORIES, pua_cats))) {
logg("!cli_engine_set_str(CL_ENGINE_PUA_CATEGORIES) failed: %s\n", cl_strerror(ret));
free(pua_cats);
ret = 1;
break;
}
free(pua_cats);
}
} else {
logg("#Not loading PUA signatures.\n");
}
if(optget(opts, "OfficialDatabaseOnly")->enabled) {
dboptions |= CL_DB_OFFICIAL_ONLY;
logg("#Only loading official signatures.\n");
}
/* set the temporary dir */
if((opt = optget(opts, "TemporaryDirectory"))->enabled) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
logg("!cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret));
ret = 1;
break;
}
}
cl_engine_set_clcb_hash(engine, hash_callback);
detstats_clear();
if(optget(opts, "LeaveTemporaryFiles")->enabled)
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
if(optget(opts, "PhishingSignatures")->enabled)
dboptions |= CL_DB_PHISHING;
else
logg("#Not loading phishing signatures.\n");
if(optget(opts,"Bytecode")->enabled) {
dboptions |= CL_DB_BYTECODE;
if((opt = optget(opts,"BytecodeSecurity"))->enabled) {
enum bytecode_security s;
if (!strcmp(opt->strarg, "TrustSigned")) {
s = CL_BYTECODE_TRUST_SIGNED;
logg("#Bytecode: Security mode set to \"TrustSigned\".\n");
} else if (!strcmp(opt->strarg, "Paranoid")) {
s = CL_BYTECODE_TRUST_NOTHING;
logg("#Bytecode: Security mode set to \"Paranoid\".\n");
} else {
logg("!Unable to parse bytecode security setting:%s\n",
opt->strarg);
ret = 1;
break;
}
if ((ret = cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, s))) {
logg("^Invalid bytecode security setting %s: %s\n", opt->strarg, cl_strerror(ret));
ret = 1;
break;
}
}
if((opt = optget(opts,"BytecodeUnsigned"))->enabled) {
dboptions |= CL_DB_BYTECODE_UNSIGNED;
logg("#Bytecode: Enabled support for unsigned bytecode.\n");
}
if((opt = optget(opts,"BytecodeMode"))->enabled) {
enum bytecode_mode mode;
if (!strcmp(opt->strarg, "ForceJIT"))
mode = CL_BYTECODE_MODE_JIT;
else if(!strcmp(opt->strarg, "ForceInterpreter"))
mode = CL_BYTECODE_MODE_INTERPRETER;
else if(!strcmp(opt->strarg, "Test"))
mode = CL_BYTECODE_MODE_TEST;
else
mode = CL_BYTECODE_MODE_AUTO;
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
}
if((opt = optget(opts,"BytecodeTimeout"))->enabled) {
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
}
} else
logg("#Bytecode support disabled.\n");
if(optget(opts,"PhishingScanURLs")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
else
logg("#Disabling URL based phishing detection.\n");
if(optget(opts,"DevACOnly")->enabled) {
logg("#Only using the A-C matcher.\n");
cl_engine_set_num(engine, CL_ENGINE_AC_ONLY, 1);
}
if((opt = optget(opts, "DevACDepth"))->enabled) {
cl_engine_set_num(engine, CL_ENGINE_AC_MAXDEPTH, opt->numarg);
logg("#Max A-C depth set to %u\n", (unsigned int) opt->numarg);
}
if((ret = cl_load(dbdir, engine, &sigs, dboptions))) {
logg("!%s\n", cl_strerror(ret));
ret = 1;
break;
}
if (optget(opts, "DisableCertCheck")->enabled)
engine->dconf->pe |= PE_CONF_DISABLECERT;
logg("#Loaded %u signatures.\n", sigs);
if((ret = cl_engine_compile(engine)) != 0) {
logg("!Database initialization error: %s\n", cl_strerror(ret));
ret = 1;
break;
}
if(tcpsock) {
if ((lsockets[nlsockets] = tcpserver(opts)) == -1) {
ret = 1;
break;
}
nlsockets++;
}
#ifndef _WIN32
if(localsock) {
mode_t sock_mode, umsk = umask(0777); /* socket is created with 000 to avoid races */
if ((lsockets[nlsockets] = localserver(opts)) == -1) {
ret = 1;
umask(umsk);
break;
}
umask(umsk); /* restore umask */
if(optget(opts, "LocalSocketGroup")->enabled) {
char *gname = optget(opts, "LocalSocketGroup")->strarg, *end;
gid_t sock_gid = strtol(gname, &end, 10);
if(*end) {
struct group *pgrp = getgrnam(gname);
if(!pgrp) {
logg("!Unknown group %s\n", gname);
ret = 1;
break;
}
sock_gid = pgrp->gr_gid;
}
if(chown(optget(opts, "LocalSocket")->strarg, -1, sock_gid)) {
logg("!Failed to change socket ownership to group %s\n", gname);
ret = 1;
break;
}
}
if(optget(opts, "LocalSocketMode")->enabled) {
char *end;
sock_mode = strtol(optget(opts, "LocalSocketMode")->strarg, &end, 8);
if(*end) {
logg("!Invalid LocalSocketMode %s\n", optget(opts, "LocalSocketMode")->strarg);
ret = 1;
break;
}
} else
sock_mode = 0777 /* & ~umsk*/; /* conservative default: umask was 0 in clamd < 0.96 */
if(chmod(optget(opts, "LocalSocket")->strarg, sock_mode & 0666)) {
logg("!Cannot set socket permission to %s\n", optget(opts, "LocalSocketMode")->strarg);
ret = 1;
break;
}
nlsockets++;
}
/* fork into background */
if(!optget(opts, "Foreground")->enabled) {
#ifdef C_BSD
/* workaround for OpenBSD bug, see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=885 */
for(ret=0;ret<nlsockets;ret++) {
if (fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) | O_NONBLOCK) == -1) {
logg("!fcntl for lsockets[] failed\n");
close(lsockets[ret]);
ret = 1;
break;
}
}
#endif
gengine = engine;
atexit(free_engine);
if(daemonize() == -1) {
logg("!daemonize() failed: %s\n", strerror(errno));
ret = 1;
break;
}
gengine = NULL;
#ifdef C_BSD
for(ret=0;ret<nlsockets;ret++) {
if (fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) & ~O_NONBLOCK) == -1) {
logg("!fcntl for lsockets[] failed\n");
close(lsockets[ret]);
ret = 1;
break;
}
}
#endif
if(!debug_mode)
if(chdir("/") == -1)
logg("^Can't change current working directory to root\n");
} else
foreground = 1;
#endif
ret = recvloop_th(lsockets, nlsockets, engine, dboptions, opts);
} while (0);
logg("*Closing the main socket%s.\n", (nlsockets > 1) ? "s" : "");
for (i = 0; i < nlsockets; i++) {
closesocket(lsockets[i]);
}
#ifndef _WIN32
if(nlsockets && localsock) {
opt = optget(opts, "LocalSocket");
if(unlink(opt->strarg) == -1)
logg("!Can't unlink the socket file %s\n", opt->strarg);
else
logg("Socket file removed.\n");
}
#endif
logg_close();
optfree(opts);
return ret;
}
int CLAMAPI Scan_Initialize(const wchar_t *pEnginesFolder, const wchar_t *pTempRoot, const wchar_t *pLicenseKey, BOOL bLoadMinDefs) {
BOOL cant_convert;
int ret;
logg("*in Scan_Initialize(pEnginesFolder = %S, pTempRoot = %S)\n", pEnginesFolder, pTempRoot);
if(!pEnginesFolder)
FAIL(CL_ENULLARG, "pEnginesFolder is NULL");
if(!pTempRoot)
FAIL(CL_ENULLARG, "pTempRoot is NULL");
if(lock_engine())
FAIL(CL_ELOCK, "failed to lock engine");
if(engine) {
unlock_engine();
FAIL(CL_ESTATE, "Already initialized");
}
if(!(engine = cl_engine_new())) {
unlock_engine();
FAIL(CL_EMEM, "Not enough memory for a new engine");
}
cl_engine_set_clcb_pre_cache(engine, filetype_cb);
cl_engine_set_clcb_pre_scan(engine, prescan_cb);
cl_engine_set_clcb_post_scan(engine, postscan_cb);
minimal_definitions = bLoadMinDefs;
if(bLoadMinDefs)
logg("^MINIMAL DEFINITIONS MODE ON!\n");
if(!WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, pTempRoot, -1, tmpdir, sizeof(tmpdir), NULL, &cant_convert) || cant_convert) {
free_engine_and_unlock();
FAIL(CL_EARG, "Can't translate pTempRoot");
}
ret = strlen(tmpdir);
while(ret>0 && tmpdir[--ret] == '\\')
tmpdir[ret] = '\0';
if(!ret || ret + 8 + 1 >= sizeof(tmpdir)) {
free_engine_and_unlock();
FAIL(CL_EARG, "Bad or too long pTempRoot '%s'", tmpdir);
}
memcpy(&tmpdir[ret+1], "\\clamtmp", 9);
cli_rmdirs(tmpdir);
if((ret = SHCreateDirectoryExA(NULL, tmpdir, NULL) != ERROR_SUCCESS) && ret != ERROR_ALREADY_EXISTS) {
free_engine_and_unlock();
FAIL(CL_ETMPDIR, "Cannot create pTempRoot '%s': error %d", tmpdir, ret);
}
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, tmpdir))) {
free_engine_and_unlock();
FAIL(ret, "Failed to set engine tempdir to '%s': %s", tmpdir, cl_strerror(ret));
}
if(!WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, pEnginesFolder, -1, dbdir, sizeof(dbdir), NULL, &cant_convert) || cant_convert) {
free_engine_and_unlock();
FAIL(CL_EARG, "Can't translate pEnginesFolder");
}
ret = load_db();
unlock_engine();
if(!ret) {
ResetEvent(monitor_event);
if(!(monitor_hdl = CreateThread(NULL, 0, monitor_thread, NULL, 0, NULL)))
logg("^Failed to start db monitoring thread\n");
}
logg("*Scan_Initialize: returning %d\n", ret);
return ret;
}
int scan_callback(STATBUF *sb, char *filename, const char *msg, enum cli_ftw_reason reason, struct cli_ftw_cbdata *data)
{
struct scan_cb_data *scandata = data->data;
const char *virname = NULL;
int ret;
int type = scandata->type;
struct cb_context context;
/* detect disconnected socket,
* this should NOT detect half-shutdown sockets (SHUT_WR) */
if (send(scandata->conn->sd, &ret, 0, 0) == -1 && errno != EINTR) {
logg("$Client disconnected while command was active!\n");
thrmgr_group_terminate(scandata->conn->group);
if (reason == visit_file)
free(filename);
return CL_BREAK;
}
if (thrmgr_group_need_terminate(scandata->conn->group)) {
logg("^Client disconnected while scanjob was active\n");
if (reason == visit_file)
free(filename);
return CL_BREAK;
}
scandata->total++;
switch (reason) {
case error_mem:
if (msg)
logg("!Memory allocation failed during cli_ftw() on %s\n",
msg);
else
logg("!Memory allocation failed during cli_ftw()\n");
scandata->errors++;
return CL_EMEM;
case error_stat:
conn_reply_errno(scandata->conn, msg, "lstat() failed:");
logg("^lstat() failed on: %s\n", msg);
scandata->errors++;
return CL_SUCCESS;
case warning_skipped_dir:
logg("^Directory recursion limit reached, skipping %s\n",
msg);
return CL_SUCCESS;
case warning_skipped_link:
logg("$Skipping symlink: %s\n", msg);
return CL_SUCCESS;
case warning_skipped_special:
if (msg == scandata->toplevel_path)
conn_reply(scandata->conn, msg, "Not supported file type", "ERROR");
logg("*Not supported file type: %s\n", msg);
return CL_SUCCESS;
case visit_directory_toplev:
return CL_SUCCESS;
case visit_file:
break;
}
/* check whether the file is excluded */
#ifdef C_LINUX
if(procdev && sb && (sb->st_dev == procdev)) {
free(filename);
return CL_SUCCESS;
}
#endif
if(sb && sb->st_size == 0) { /* empty file */
if (msg == scandata->toplevel_path)
conn_reply_single(scandata->conn, filename, "Empty file");
free(filename);
return CL_SUCCESS;
}
if (type == TYPE_MULTISCAN) {
client_conn_t *client_conn = (client_conn_t *) calloc(1, sizeof(struct client_conn_tag));
if(client_conn) {
client_conn->scanfd = -1;
client_conn->sd = scandata->odesc;
client_conn->filename = filename;
client_conn->cmdtype = COMMAND_MULTISCANFILE;
client_conn->term = scandata->conn->term;
client_conn->options = scandata->options;
client_conn->opts = scandata->opts;
client_conn->group = scandata->group;
if(cl_engine_addref(scandata->engine)) {
logg("!cl_engine_addref() failed\n");
free(filename);
free(client_conn);
return CL_EMEM;
} else {
client_conn->engine = scandata->engine;
pthread_mutex_lock(&reload_mutex);
client_conn->engine_timestamp = reloaded_time;
pthread_mutex_unlock(&reload_mutex);
if(!thrmgr_group_dispatch(scandata->thr_pool, scandata->group, client_conn, 1)) {
logg("!thread dispatch failed\n");
cl_engine_free(scandata->engine);
free(filename);
free(client_conn);
return CL_EMEM;
}
}
} else {
logg("!Can't allocate memory for client_conn\n");
scandata->errors++;
free(filename);
return CL_EMEM;
}
return CL_SUCCESS;
}
if (access(filename, R_OK)) {
if (conn_reply(scandata->conn, filename, "Access denied.", "ERROR") == -1) {
free(filename);
return CL_ETIMEOUT;
}
logg("*Access denied: %s\n", filename);
scandata->errors++;
free(filename);
return CL_SUCCESS;
}
thrmgr_setactivetask(filename, NULL);
context.filename = filename;
context.virsize = 0;
context.scandata = scandata;
ret = cl_scanfile_callback(filename, &virname, &scandata->scanned, scandata->engine, scandata->options, &context);
thrmgr_setactivetask(NULL, NULL);
if (thrmgr_group_need_terminate(scandata->conn->group)) {
free(filename);
logg("*Client disconnected while scanjob was active\n");
return ret == CL_ETIMEOUT ? ret : CL_BREAK;
}
if ((ret == CL_VIRUS) && (virname == NULL)) {
logg("*%s: reported CL_VIRUS but no virname returned!\n", filename);
ret = CL_EMEM;
}
if (ret == CL_VIRUS) {
scandata->infected++;
if (scandata->options & CL_SCAN_ALLMATCHES) {
if(optget(scandata->opts, "PreludeEnable")->enabled){
prelude_logging(filename, virname, context.virhash, context.virsize);
}
virusaction(filename, virname, scandata->opts);
} else {
if (conn_reply_virus(scandata->conn, filename, virname) == -1) {
free(filename);
return CL_ETIMEOUT;
}
if(optget(scandata->opts, "PreludeEnable")->enabled){
prelude_logging(filename, virname, context.virhash, context.virsize);
}
if(context.virsize && optget(scandata->opts, "ExtendedDetectionInfo")->enabled)
logg("~%s: %s(%s:%llu) FOUND\n", filename, virname, context.virhash, context.virsize);
else
logg("~%s: %s FOUND\n", filename, virname);
virusaction(filename, virname, scandata->opts);
}
} else if (ret != CL_CLEAN) {
scandata->errors++;
if (conn_reply(scandata->conn, filename, cl_strerror(ret), "ERROR") == -1) {
free(filename);
return CL_ETIMEOUT;
}
logg("~%s: %s ERROR\n", filename, cl_strerror(ret));
} else if (logok) {
logg("~%s: OK\n", filename);
}
free(filename);
if(ret == CL_EMEM) /* stop scanning */
return ret;
if (type == TYPE_SCAN) {
/* virus -> break */
return ret;
}
/* keep scanning always */
return CL_SUCCESS;
}
static int scanstdin(const struct cl_engine *engine, const struct optstruct *opts, int options)
{
int ret;
unsigned int fsize = 0;
const char *virname, *tmpdir;
char *file, buff[FILEBUFF];
size_t bread;
FILE *fs;
struct clamscan_cb_data data;
if(optget(opts, "tempdir")->enabled) {
tmpdir = optget(opts, "tempdir")->strarg;
} else {
/* check write access */
tmpdir = cli_gettmpdir();
}
if(checkaccess(tmpdir, CLAMAVUSER, W_OK) != 1) {
logg("!Can't write to temporary directory\n");
return 2;
}
if(!(file = cli_gentemp(tmpdir))) {
logg("!Can't generate tempfile name\n");
return 2;
}
if(!(fs = fopen(file, "wb"))) {
logg("!Can't open %s for writing\n", file);
free(file);
return 2;
}
while((bread = fread(buff, 1, FILEBUFF, stdin))) {
fsize += bread;
if(fwrite(buff, 1, bread, fs) < bread) {
logg("!Can't write to %s\n", file);
free(file);
fclose(fs);
return 2;
}
}
fclose(fs);
logg("*Checking %s\n", file);
info.files++;
info.rblocks += fsize / CL_COUNT_PRECISION;
data.filename = "stdin";
data.chain = NULL;
if((ret = cl_scanfile_callback(file, &virname, &info.blocks, engine, options, &data)) == CL_VIRUS) {
info.ifiles++;
if(bell)
fprintf(stderr, "\007");
} else if(ret == CL_CLEAN) {
if(!printinfected)
mprintf("stdin: OK\n");
} else {
if(!printinfected)
logg("stdin: %s ERROR\n", cl_strerror(ret));
info.errors++;
}
unlink(file);
free(file);
return ret;
}
int scanmanager(const struct optstruct *opts)
{
int ret = 0, i;
unsigned int options = 0, dboptions = 0, dirlnk = 1, filelnk = 1;
struct cl_engine *engine;
STATBUF sb;
char *file, cwd[1024], *pua_cats = NULL;
const char *filename;
const struct optstruct *opt;
#ifndef _WIN32
struct rlimit rlim;
#endif
dirlnk = optget(opts, "follow-dir-symlinks")->numarg;
if(dirlnk > 2) {
logg("!--follow-dir-symlinks: Invalid argument\n");
return 2;
}
filelnk = optget(opts, "follow-file-symlinks")->numarg;
if(filelnk > 2) {
logg("!--follow-file-symlinks: Invalid argument\n");
return 2;
}
if(optget(opts, "yara-rules")->enabled) {
char *p = optget(opts, "yara-rules")->strarg;
if(strcmp(p, "yes")) {
if(!strcmp(p, "only"))
dboptions |= CL_DB_YARA_ONLY;
else if (!strcmp(p, "no"))
dboptions |= CL_DB_YARA_EXCLUDE;
}
}
if(optget(opts, "phishing-sigs")->enabled)
dboptions |= CL_DB_PHISHING;
if(optget(opts, "official-db-only")->enabled)
dboptions |= CL_DB_OFFICIAL_ONLY;
if(optget(opts,"phishing-scan-urls")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
if(optget(opts,"bytecode")->enabled)
dboptions |= CL_DB_BYTECODE;
if((ret = cl_init(CL_INIT_DEFAULT))) {
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret));
return 2;
}
if(!(engine = cl_engine_new())) {
logg("!Can't initialize antivirus engine\n");
return 2;
}
cl_engine_set_clcb_virus_found(engine, clamscan_virus_found_cb);
if (optget(opts, "disable-cache")->enabled)
cl_engine_set_num(engine, CL_ENGINE_DISABLE_CACHE, 1);
if (optget(opts, "disable-pe-stats")->enabled) {
cl_engine_set_num(engine, CL_ENGINE_DISABLE_PE_STATS, 1);
}
if (optget(opts, "enable-stats")->enabled) {
cl_engine_stats_enable(engine);
}
if (optget(opts, "stats-timeout")->enabled) {
cl_engine_set_num(engine, CL_ENGINE_STATS_TIMEOUT, optget(opts, "StatsTimeout")->numarg);
}
if (optget(opts, "stats-host-id")->enabled) {
char *p = optget(opts, "stats-host-id")->strarg;
if (strcmp(p, "default")) {
if (!strcmp(p, "none")) {
cl_engine_set_clcb_stats_get_hostid(engine, NULL);
} else if (!strcmp(p, "anonymous")) {
strcpy(hostid, STATS_ANON_UUID);
} else {
if (strlen(p) > 36) {
logg("!Invalid HostID\n");
cl_engine_set_clcb_stats_submit(engine, NULL);
cl_engine_free(engine);
return 2;
}
strcpy(hostid, p);
}
cl_engine_set_clcb_stats_get_hostid(engine, get_hostid);
}
}
if(optget(opts, "detect-pua")->enabled) {
dboptions |= CL_DB_PUA;
if((opt = optget(opts, "exclude-pua"))->enabled) {
dboptions |= CL_DB_PUA_EXCLUDE;
i = 0;
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
cl_engine_free(engine);
return 2;
}
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
opt = opt->nextarg;
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if((opt = optget(opts, "include-pua"))->enabled) {
if(pua_cats) {
logg("!--exclude-pua and --include-pua cannot be used at the same time\n");
cl_engine_free(engine);
free(pua_cats);
return 2;
}
dboptions |= CL_DB_PUA_INCLUDE;
i = 0;
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
cl_engine_free(engine);
return 2;
}
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
opt = opt->nextarg;
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if(pua_cats) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_PUA_CATEGORIES, pua_cats))) {
logg("!cli_engine_set_str(CL_ENGINE_PUA_CATEGORIES) failed: %s\n", cl_strerror(ret));
free(pua_cats);
cl_engine_free(engine);
return 2;
}
free(pua_cats);
}
}
if(optget(opts, "dev-ac-only")->enabled)
cl_engine_set_num(engine, CL_ENGINE_AC_ONLY, 1);
if(optget(opts, "dev-ac-depth")->enabled)
cl_engine_set_num(engine, CL_ENGINE_AC_MAXDEPTH, optget(opts, "dev-ac-depth")->numarg);
if(optget(opts, "leave-temps")->enabled)
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
if(optget(opts, "force-to-disk")->enabled)
cl_engine_set_num(engine, CL_ENGINE_FORCETODISK, 1);
if(optget(opts, "bytecode-unsigned")->enabled)
dboptions |= CL_DB_BYTECODE_UNSIGNED;
if((opt = optget(opts,"bytecode-timeout"))->enabled)
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
if (optget(opts, "nocerts")->enabled)
cl_engine_set_num(engine, CL_ENGINE_DISABLE_PE_CERTS, 1);
if (optget(opts, "dumpcerts")->enabled)
cl_engine_set_num(engine, CL_ENGINE_PE_DUMPCERTS, 1);
if((opt = optget(opts,"bytecode-mode"))->enabled) {
enum bytecode_mode mode;
if (!strcmp(opt->strarg, "ForceJIT"))
mode = CL_BYTECODE_MODE_JIT;
else if(!strcmp(opt->strarg, "ForceInterpreter"))
mode = CL_BYTECODE_MODE_INTERPRETER;
else if(!strcmp(opt->strarg, "Test"))
mode = CL_BYTECODE_MODE_TEST;
else
mode = CL_BYTECODE_MODE_AUTO;
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
}
if((opt = optget(opts, "statistics"))->enabled) {
while(opt) {
if (!strcasecmp(opt->strarg, "bytecode")) {
dboptions |= CL_DB_BYTECODE_STATS;
}
else if (!strcasecmp(opt->strarg, "pcre")) {
dboptions |= CL_DB_PCRE_STATS;
}
opt = opt->nextarg;
}
}
if((opt = optget(opts, "tempdir"))->enabled) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
logg("!cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "database"))->active) {
while(opt) {
if((ret = cl_load(opt->strarg, engine, &info.sigs, dboptions))) {
logg("!%s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
opt = opt->nextarg;
}
} else {
char *dbdir = freshdbdir();
if((ret = cl_load(dbdir, engine, &info.sigs, dboptions))) {
logg("!%s\n", cl_strerror(ret));
free(dbdir);
cl_engine_free(engine);
return 2;
}
free(dbdir);
}
/* pcre engine limits - required for cl_engine_compile */
if ((opt = optget(opts, "pcre-match-limit"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MATCH_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_PCRE_MATCH_LIMIT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if ((opt = optget(opts, "pcre-recmatch-limit"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_RECMATCH_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_PCRE_RECMATCH_LIMIT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((ret = cl_engine_compile(engine)) != 0) {
logg("!Database initialization error: %s\n", cl_strerror(ret));;
cl_engine_free(engine);
return 2;
}
if(optget(opts, "archive-verbose")->enabled) {
cl_engine_set_clcb_meta(engine, meta);
cl_engine_set_clcb_pre_cache(engine, pre);
cl_engine_set_clcb_post_scan(engine, post);
}
/* set limits */
if((opt = optget(opts, "max-scansize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-filesize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
#ifndef _WIN32
if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL))
logg("^System limit for file size is lower than engine->maxfilesize\n");
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL))
logg("^System limit for file size is lower than engine->maxscansize\n");
} else {
logg("^Cannot obtain resource limits for file size\n");
}
#endif
if((opt = optget(opts, "max-files"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILES, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_FILES) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-recursion"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
/* Engine max sizes */
if((opt = optget(opts, "max-embeddedpe"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_EMBEDDEDPE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_EMBEDDEDPE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-htmlnormalize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNORMALIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNORMALIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-htmlnotags"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNOTAGS, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNOTAGS) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-scriptnormalize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCRIPTNORMALIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCRIPTNORMALIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-ziptypercg"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ZIPTYPERCG, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_ZIPTYPERCG) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-partitions"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_PARTITIONS, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_PARTITIONS) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-iconspe"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_ICONSPE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-rechwp3"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECHWP3, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_RECHWP3) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if ((opt = optget(opts, "timelimit"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_TIME_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_TIME_LIMIT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if ((opt = optget(opts, "pcre-max-filesize"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MAX_FILESIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_PCRE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
/* set scan options */
if(optget(opts, "allmatch")->enabled) {
options |= CL_SCAN_ALLMATCHES;
}
if(optget(opts,"phishing-ssl")->enabled)
options |= CL_SCAN_PHISHING_BLOCKSSL;
if(optget(opts,"phishing-cloak")->enabled)
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
if(optget(opts,"partition-intersection")->enabled)
options |= CL_SCAN_PARTITION_INTXN;
if(optget(opts,"heuristic-scan-precedence")->enabled)
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
if(optget(opts, "scan-archive")->enabled)
options |= CL_SCAN_ARCHIVE;
if(optget(opts, "detect-broken")->enabled)
options |= CL_SCAN_BLOCKBROKEN;
if(optget(opts, "block-encrypted")->enabled)
options |= CL_SCAN_BLOCKENCRYPTED;
if(optget(opts, "block-macros")->enabled)
options |= CL_SCAN_BLOCKMACROS;
if(optget(opts, "scan-pe")->enabled)
options |= CL_SCAN_PE;
if(optget(opts, "scan-elf")->enabled)
options |= CL_SCAN_ELF;
if(optget(opts, "scan-ole2")->enabled)
options |= CL_SCAN_OLE2;
if(optget(opts, "scan-pdf")->enabled)
options |= CL_SCAN_PDF;
if(optget(opts, "scan-swf")->enabled)
options |= CL_SCAN_SWF;
if(optget(opts, "scan-html")->enabled && optget(opts, "normalize")->enabled)
options |= CL_SCAN_HTML;
if(optget(opts, "scan-mail")->enabled)
options |= CL_SCAN_MAIL;
if(optget(opts, "scan-xmldocs")->enabled)
options |= CL_SCAN_XMLDOCS;
if(optget(opts, "scan-hwp3")->enabled)
options |= CL_SCAN_HWP3;
if(optget(opts, "algorithmic-detection")->enabled)
options |= CL_SCAN_ALGORITHMIC;
if(optget(opts, "block-max")->enabled) {
options |= CL_SCAN_BLOCKMAX;
}
#ifdef HAVE__INTERNAL__SHA_COLLECT
if(optget(opts, "dev-collect-hashes")->enabled)
options |= CL_SCAN_INTERNAL_COLLECT_SHA;
#endif
if(optget(opts, "dev-performance")->enabled)
options |= CL_SCAN_PERFORMANCE_INFO;
if(optget(opts, "detect-structured")->enabled) {
options |= CL_SCAN_STRUCTURED;
if((opt = optget(opts, "structured-ssn-format"))->enabled) {
switch(opt->numarg) {
case 0:
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
break;
case 1:
options |= CL_SCAN_STRUCTURED_SSN_STRIPPED;
break;
case 2:
options |= (CL_SCAN_STRUCTURED_SSN_NORMAL | CL_SCAN_STRUCTURED_SSN_STRIPPED);
break;
default:
logg("!Invalid argument for --structured-ssn-format\n");
return 2;
}
} else {
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
}
if((opt = optget(opts, "structured-ssn-count"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_SSN_COUNT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MIN_SSN_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "structured-cc-count"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_CC_COUNT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MIN_CC_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
} else {
options &= ~CL_SCAN_STRUCTURED;
}
#ifdef C_LINUX
procdev = (dev_t) 0;
if(CLAMSTAT("/proc", &sb) != -1 && !sb.st_size)
procdev = sb.st_dev;
#endif
#if HAVE_JSON
if (optget(opts, "gen-json")->enabled)
options |= CL_SCAN_FILE_PROPERTIES;
#endif
/* check filetype */
if(!opts->filename && !optget(opts, "file-list")->enabled) {
/* we need full path for some reasons (eg. archive handling) */
if(!getcwd(cwd, sizeof(cwd))) {
logg("!Can't get absolute pathname of current working directory\n");
ret = 2;
} else {
CLAMSTAT(cwd, &sb);
scandirs(cwd, engine, opts, options, 1, sb.st_dev);
}
} else if(opts->filename && !optget(opts, "file-list")->enabled && !strcmp(opts->filename[0], "-")) { /* read data from stdin */
ret = scanstdin(engine, opts, options);
} else {
if(opts->filename && optget(opts, "file-list")->enabled)
logg("^Only scanning files from --file-list (files passed at cmdline are ignored)\n");
while((filename = filelist(opts, &ret)) && (file = strdup(filename))) {
if(LSTAT(file, &sb) == -1) {
perror(file);
logg("^%s: Can't access file\n", file);
ret = 2;
} else {
for(i = strlen(file) - 1; i > 0; i--) {
if(file[i] == *PATHSEP)
file[i] = 0;
else
break;
}
if(S_ISLNK(sb.st_mode)) {
if(dirlnk == 0 && filelnk == 0) {
if(!printinfected)
logg("%s: Symbolic link\n", file);
} else if(CLAMSTAT(file, &sb) != -1) {
if(S_ISREG(sb.st_mode) && filelnk) {
scanfile(file, engine, opts, options);
} else if(S_ISDIR(sb.st_mode) && dirlnk) {
scandirs(file, engine, opts, options, 1, sb.st_dev);
} else {
if(!printinfected)
logg("%s: Symbolic link\n", file);
}
}
} else if(S_ISREG(sb.st_mode)) {
scanfile(file, engine, opts, options);
} else if(S_ISDIR(sb.st_mode)) {
scandirs(file, engine, opts, options, 1, sb.st_dev);
} else {
logg("^%s: Not supported file type\n", file);
ret = 2;
}
}
free(file);
}
}
if((opt = optget(opts, "statistics"))->enabled) {
while(opt) {
if (!strcasecmp(opt->strarg, "bytecode")) {
cli_sigperf_print();
cli_sigperf_events_destroy();
}
#if HAVE_PCRE
else if (!strcasecmp(opt->strarg, "pcre")) {
cli_pcre_perf_print();
cli_pcre_perf_events_destroy();
}
#endif
opt = opt->nextarg;
}
}
/* free the engine */
cl_engine_free(engine);
/* overwrite return code - infection takes priority */
if(info.ifiles)
ret = 1;
else if(info.errors)
ret = 2;
return ret;
}
static struct cl_engine *reload_db(struct cl_engine *engine, unsigned int dboptions, const struct optstruct *opts, int do_check, int *ret)
{
const char *dbdir;
int retval;
unsigned int sigs = 0;
struct cl_settings *settings = NULL;
*ret = 0;
if(do_check) {
if(!dbstat.entries) {
logg("No stats for Database check - forcing reload\n");
return engine;
}
if(cl_statchkdir(&dbstat) == 1) {
logg("SelfCheck: Database modification detected. Forcing reload.\n");
return engine;
} else {
logg("SelfCheck: Database status OK.\n");
return NULL;
}
}
/* release old structure */
if(engine) {
/* copy current settings */
settings = cl_engine_settings_copy(engine);
if(!settings)
logg("^Can't make a copy of the current engine settings\n");
thrmgr_setactiveengine(NULL);
cl_engine_free(engine);
}
dbdir = optget(opts, "DatabaseDirectory")->strarg;
logg("Reading databases from %s\n", dbdir);
if(dbstat.entries)
cl_statfree(&dbstat);
memset(&dbstat, 0, sizeof(struct cl_stat));
if((retval = cl_statinidir(dbdir, &dbstat))) {
logg("!cl_statinidir() failed: %s\n", cl_strerror(retval));
*ret = 1;
if(settings)
cl_engine_settings_free(settings);
return NULL;
}
if(!(engine = cl_engine_new())) {
logg("!Can't initialize antivirus engine\n");
*ret = 1;
if(settings)
cl_engine_settings_free(settings);
return NULL;
}
if(settings) {
retval = cl_engine_settings_apply(engine, settings);
if(retval != CL_SUCCESS) {
logg("^Can't apply previous engine settings: %s\n", cl_strerror(retval));
logg("^Using default engine settings\n");
}
cl_engine_settings_free(settings);
}
if((retval = cl_load(dbdir, engine, &sigs, dboptions))) {
logg("!reload db failed: %s\n", cl_strerror(retval));
cl_engine_free(engine);
*ret = 1;
return NULL;
}
if((retval = cl_engine_compile(engine)) != 0) {
logg("!Database initialization error: can't compile engine: %s\n", cl_strerror(retval));
cl_engine_free(engine);
*ret = 1;
return NULL;
}
logg("Database correctly reloaded (%u signatures)\n", sigs);
thrmgr_setactiveengine(engine);
return engine;
}
static int sigtool_scandir (const char *dirname, int hex_output)
{
DIR *dd;
struct dirent *dent;
struct stat statbuf;
char *fname;
const char *tmpdir;
char *dir;
int ret = CL_CLEAN, desc;
if ((dd = opendir (dirname)) != NULL) {
while ((dent = readdir (dd))) {
if (dent->d_ino) {
if (strcmp (dent->d_name, ".") && strcmp (dent->d_name, "..")) {
/* build the full name */
fname = (char *) cli_calloc (strlen (dirname) + strlen (dent->d_name) + 2, sizeof (char));
sprintf (fname, "%s/%s", dirname, dent->d_name);
/* stat the file */
if (lstat (fname, &statbuf) != -1) {
if (S_ISDIR (statbuf.st_mode) && !S_ISLNK (statbuf.st_mode)) {
if (sigtool_scandir (fname, hex_output)) {
free (fname);
closedir (dd);
return CL_VIRUS;
}
} else {
if (S_ISREG (statbuf.st_mode)) {
tmpdir = getenv ("TMPDIR");
if (tmpdir == NULL)
#ifdef P_tmpdir
tmpdir = P_tmpdir;
#else
tmpdir = "/tmp";
#endif
/* generate the temporary directory */
dir = cli_gentemp (tmpdir);
if (mkdir (dir, 0700)) {
printf ("Can't create temporary directory %s\n", dir);
return CL_ETMPDIR;
}
if ((desc = open (fname, O_RDONLY)) == -1) {
printf ("Can't open file %s\n", fname);
return 1;
}
if ((ret = cli_ole2_extract (desc, dir, NULL))) {
printf ("ERROR %s\n", cl_strerror (ret));
cli_rmdirs (dir);
free (dir);
return ret;
}
sigtool_vba_scandir (dir, hex_output);
cli_rmdirs (dir);
free (dir);
}
}
}
free (fname);
}
}
}
} else {
cli_errmsg ("Can't open directory %s.\n", dirname);
return CL_EOPEN;
}
closedir (dd);
return 0;
}
END_TEST
START_TEST (test_cl_scanmap_callback_mem_allscan)
{
const char *virname = NULL;
unsigned long int scanned = 0;
cl_fmap_t *map;
int ret;
void *mem;
unsigned long size;
char file[256];
int fd = get_test_file(_i, file, sizeof(file), &size);
mem = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
fail_unless(mem != MAP_FAILED, "mmap");
/* intentionally use different way than scanners.c for testing */
map = cl_fmap_open_memory(mem, size);
fail_unless(!!map, "cl_fmap_open_mem %s");
cli_dbgmsg("scanning (mem) allscan %s\n", file);
ret = cl_scanmap_callback(map, &virname, &scanned, g_engine, CL_SCAN_ALLMATCHES+CL_SCAN_STDOPT, NULL);
cli_dbgmsg("scan end (mem) allscan %s\n", file);
if (!FALSE_NEGATIVE) {
fail_unless_fmt(ret == CL_VIRUS, "cl_scanmap_callback failed for %s: %s", file, cl_strerror(ret));
fail_unless_fmt(virname && !strcmp(virname, "ClamAV-Test-File.UNOFFICIAL"), "virusname: %s for %s", virname, file);
}
close(fd);
cl_fmap_close(map);
munmap(mem, size);
}
END_TEST
START_TEST (test_cl_scanmap_callback_handle_allscan)
{
const char *virname = NULL;
unsigned long int scanned = 0;
cl_fmap_t *map;
int ret;
char file[256];
unsigned long size;
int fd = get_test_file(_i, file, sizeof(file), &size);
/* intentionally use different way than scanners.c for testing */
map = cl_fmap_open_handle(&fd, 0, size, pread_cb, 1);
fail_unless(!!map, "cl_fmap_open_handle %s");
cli_dbgmsg("scanning (handle) allscan %s\n", file);
ret = cl_scanmap_callback(map, &virname, &scanned, g_engine, CL_SCAN_ALLMATCHES+CL_SCAN_STDOPT, NULL);
cli_dbgmsg("scan end (handle) allscan %s\n", file);
if (!FALSE_NEGATIVE) {
fail_unless_fmt(ret == CL_VIRUS, "cl_scanmap_callback_allscan failed for %s: %s", file, cl_strerror(ret));
fail_unless_fmt(virname && !strcmp(virname, "ClamAV-Test-File.UNOFFICIAL"), "virusname: %s", virname);
}
close(fd);
}
const char *CWStrError_A(int clerror)
{
return cl_strerror(clerror);
}
int main(int argc, char **argv)
{
int fd, ret;
unsigned long int size = 0;
unsigned int sigs = 0;
long double mb;
const char *virname;
struct cl_engine *engine;
if(argc != 2) {
printf("Usage: %s file\n", argv[0]);
return 2;
}
if((fd = open(argv[1], O_RDONLY)) == -1) {
printf("Can't open file %s\n", argv[1]);
return 2;
}
if((ret = cl_init(CL_INIT_DEFAULT)) != CL_SUCCESS) {
printf("Can't initialize libclamav: %s\n", cl_strerror(ret));
return 2;
}
if(!(engine = cl_engine_new())) {
printf("Can't create new engine\n");
return 2;
}
/* load all available databases from default directory */
if((ret = cl_load(cl_retdbdir(), engine, &sigs, CL_DB_STDOPT)) != CL_SUCCESS) {
printf("cl_load: %s\n", cl_strerror(ret));
close(fd);
cl_engine_free(engine);
return 2;
}
printf("Loaded %u signatures.\n", sigs);
/* build engine */
if((ret = cl_engine_compile(engine)) != CL_SUCCESS) {
printf("Database initialization error: %s\n", cl_strerror(ret));;
cl_engine_free(engine);
close(fd);
return 2;
}
/* scan file descriptor */
if((ret = cl_scandesc(fd, &virname, &size, engine, CL_SCAN_STDOPT)) == CL_VIRUS) {
printf("Virus detected: %s\n", virname);
} else {
if(ret == CL_CLEAN) {
printf("No virus detected.\n");
} else {
printf("Error: %s\n", cl_strerror(ret));
cl_engine_free(engine);
close(fd);
return 2;
}
}
close(fd);
/* free memory */
cl_engine_free(engine);
/* calculate size of scanned data */
mb = size * (CL_COUNT_PRECISION / 1024) / 1024.0;
printf("Data scanned: %2.2Lf MB\n", mb);
return ret == CL_VIRUS ? 1 : 0;
}
int scanfd(const client_conn_t *conn, unsigned long int *scanned,
const struct cl_engine *engine,
unsigned int options, const struct optstruct *opts, int odesc, int stream)
{
int ret, fd = conn->scanfd;
const char *virname;
STATBUF statbuf;
struct cb_context context;
char fdstr[32];
const char*reply_fdstr;
UNUSEDPARAM(odesc);
if (stream) {
struct sockaddr_in sa;
socklen_t salen = sizeof(sa);
if(getpeername(conn->sd, (struct sockaddr *)&sa, &salen) || salen > sizeof(sa) || sa.sin_family != AF_INET)
strncpy(fdstr, "instream(local)", sizeof(fdstr));
else
snprintf(fdstr, sizeof(fdstr), "instream(%s@%u)", inet_ntoa(sa.sin_addr), ntohs(sa.sin_port));
reply_fdstr = "stream";
} else {
snprintf(fdstr, sizeof(fdstr), "fd[%d]", fd);
reply_fdstr = fdstr;
}
if(FSTAT(fd, &statbuf) == -1 || !S_ISREG(statbuf.st_mode)) {
logg("%s: Not a regular file. ERROR\n", fdstr);
if (conn_reply(conn, reply_fdstr, "Not a regular file", "ERROR") == -1)
return CL_ETIMEOUT;
return -1;
}
thrmgr_setactivetask(fdstr, NULL);
context.filename = fdstr;
context.virsize = 0;
context.scandata = NULL;
ret = cl_scandesc_callback(fd, &virname, scanned, engine, options, &context);
thrmgr_setactivetask(NULL, NULL);
if (thrmgr_group_need_terminate(conn->group)) {
logg("*Client disconnected while scanjob was active\n");
return ret == CL_ETIMEOUT ? ret : CL_BREAK;
}
if(ret == CL_VIRUS) {
if (conn_reply_virus(conn, reply_fdstr, virname) == -1)
ret = CL_ETIMEOUT;
if(context.virsize && optget(opts, "ExtendedDetectionInfo")->enabled)
logg("%s: %s(%s:%llu) FOUND\n", fdstr, virname, context.virhash, context.virsize);
else
logg("%s: %s FOUND\n", fdstr, virname);
virusaction(reply_fdstr, virname, opts);
} else if(ret != CL_CLEAN) {
if (conn_reply(conn, reply_fdstr, cl_strerror(ret), "ERROR") == -1)
ret = CL_ETIMEOUT;
logg("%s: %s ERROR\n", fdstr, cl_strerror(ret));
} else {
if (conn_reply_single(conn, reply_fdstr, "OK") == CL_ETIMEOUT)
ret = CL_ETIMEOUT;
if(logok)
logg("%s: OK\n", fdstr);
}
return ret;
}
int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsigned int dboptions, const struct optstruct *opts)
{
int max_threads, max_queue, readtimeout, ret = 0;
unsigned int options = 0;
char timestr[32];
#ifndef _WIN32
struct sigaction sigact;
sigset_t sigset;
struct rlimit rlim;
#endif
mode_t old_umask;
const struct optstruct *opt;
char buff[BUFFSIZE + 1];
pid_t mainpid;
int idletimeout;
unsigned long long val;
size_t i, j, rr_last = 0;
pthread_t accept_th;
pthread_mutex_t fds_mutex = PTHREAD_MUTEX_INITIALIZER;
pthread_mutex_t recvfds_mutex = PTHREAD_MUTEX_INITIALIZER;
struct acceptdata acceptdata = ACCEPTDATA_INIT(&fds_mutex, &recvfds_mutex);
struct fd_data *fds = &acceptdata.recv_fds;
time_t start_time, current_time;
unsigned int selfchk;
threadpool_t *thr_pool;
#if defined(FANOTIFY) || defined(CLAMAUTH)
pthread_t fan_pid;
pthread_attr_t fan_attr;
struct thrarg *tharg = NULL; /* shut up gcc */
#endif
#ifndef _WIN32
memset(&sigact, 0, sizeof(struct sigaction));
#endif
/* set up limits */
if((opt = optget(opts, "MaxScanSize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
logg("!cl_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL);
if(val)
logg("Limits: Global size limit set to %llu bytes.\n", val);
else
logg("^Limits: Global size limit protection disabled.\n");
if((opt = optget(opts, "MaxFileSize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, opt->numarg))) {
logg("!cl_engine_set_num(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL);
if(val)
logg("Limits: File size limit set to %llu bytes.\n", val);
else
logg("^Limits: File size limit protection disabled.\n");
#ifndef _WIN32
if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL))
logg("^System limit for file size is lower than engine->maxfilesize\n");
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL))
logg("^System limit for file size is lower than engine->maxscansize\n");
} else {
logg("^Cannot obtain resource limits for file size\n");
}
#endif
if((opt = optget(opts, "MaxRecursion"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
logg("!cl_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_RECURSION, NULL);
if(val)
logg("Limits: Recursion level limit set to %u.\n", (unsigned int) val);
else
logg("^Limits: Recursion level limit protection disabled.\n");
if((opt = optget(opts, "MaxFiles"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILES, opt->numarg))) {
logg("!cl_engine_set_num(CL_ENGINE_MAX_FILES) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_FILES, NULL);
if(val)
logg("Limits: Files limit set to %u.\n", (unsigned int) val);
else
logg("^Limits: Files limit protection disabled.\n");
#ifndef _WIN32
if (getrlimit(RLIMIT_CORE, &rlim) == 0) {
logg("*Limits: Core-dump limit is %lu.\n", (unsigned long)rlim.rlim_cur);
}
#endif
/* Engine max sizes */
if((opt = optget(opts, "MaxEmbeddedPE"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_EMBEDDEDPE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_EMBEDDEDPE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_EMBEDDEDPE, NULL);
logg("Limits: MaxEmbeddedPE limit set to %llu bytes.\n", val);
if((opt = optget(opts, "MaxHTMLNormalize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNORMALIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNORMALIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_HTMLNORMALIZE, NULL);
logg("Limits: MaxHTMLNormalize limit set to %llu bytes.\n", val);
if((opt = optget(opts, "MaxHTMLNoTags"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNOTAGS, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNOTAGS) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_HTMLNOTAGS, NULL);
logg("Limits: MaxHTMLNoTags limit set to %llu bytes.\n", val);
if((opt = optget(opts, "MaxScriptNormalize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCRIPTNORMALIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCRIPTNORMALIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_SCRIPTNORMALIZE, NULL);
logg("Limits: MaxScriptNormalize limit set to %llu bytes.\n", val);
if((opt = optget(opts, "MaxZipTypeRcg"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ZIPTYPERCG, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_ZIPTYPERCG) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_ZIPTYPERCG, NULL);
logg("Limits: MaxZipTypeRcg limit set to %llu bytes.\n", val);
if((opt = optget(opts, "MaxPartitions"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_PARTITIONS, opt->numarg))) {
logg("!cli_engine_set_num(MaxPartitions) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_PARTITIONS, NULL);
logg("Limits: MaxPartitions limit set to %llu.\n", val);
if((opt = optget(opts, "MaxIconsPE"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {
logg("!cli_engine_set_num(MaxIconsPE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_ICONSPE, NULL);
logg("Limits: MaxIconsPE limit set to %llu.\n", val);
if((opt = optget(opts, "PCREMatchLimit"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MATCH_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(PCREMatchLimit) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_PCRE_MATCH_LIMIT, NULL);
logg("Limits: PCREMatchLimit limit set to %llu.\n", val);
if((opt = optget(opts, "PCRERecMatchLimit"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_RECMATCH_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(PCRERecMatchLimit) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_PCRE_RECMATCH_LIMIT, NULL);
logg("Limits: PCRERecMatchLimit limit set to %llu.\n", val);
if((opt = optget(opts, "PCREMaxFileSize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MAX_FILESIZE, opt->numarg))) {
logg("!cli_engine_set_num(PCREMaxFileSize) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_PCRE_MAX_FILESIZE, NULL);
logg("Limits: PCREMaxFileSize limit set to %llu.\n", val);
if(optget(opts, "ScanArchive")->enabled) {
logg("Archive support enabled.\n");
options |= CL_SCAN_ARCHIVE;
if(optget(opts, "ArchiveBlockEncrypted")->enabled) {
logg("Archive: Blocking encrypted archives.\n");
options |= CL_SCAN_BLOCKENCRYPTED;
}
} else {
logg("Archive support disabled.\n");
}
if(optget(opts, "AlgorithmicDetection")->enabled) {
logg("Algorithmic detection enabled.\n");
options |= CL_SCAN_ALGORITHMIC;
} else {
logg("Algorithmic detection disabled.\n");
}
if(optget(opts, "ScanPE")->enabled) {
logg("Portable Executable support enabled.\n");
options |= CL_SCAN_PE;
} else {
logg("Portable Executable support disabled.\n");
}
if(optget(opts, "ScanELF")->enabled) {
logg("ELF support enabled.\n");
options |= CL_SCAN_ELF;
} else {
logg("ELF support disabled.\n");
}
if(optget(opts, "ScanPE")->enabled || optget(opts, "ScanELF")->enabled) {
if(optget(opts, "DetectBrokenExecutables")->enabled) {
logg("Detection of broken executables enabled.\n");
options |= CL_SCAN_BLOCKBROKEN;
}
}
if(optget(opts, "ScanMail")->enabled) {
logg("Mail files support enabled.\n");
options |= CL_SCAN_MAIL;
if(optget(opts, "ScanPartialMessages")->enabled) {
logg("Mail: RFC1341 handling enabled.\n");
options |= CL_SCAN_PARTIAL_MESSAGE;
}
} else {
logg("Mail files support disabled.\n");
}
if(optget(opts, "ScanOLE2")->enabled) {
logg("OLE2 support enabled.\n");
options |= CL_SCAN_OLE2;
if(optget(opts, "OLE2BlockMacros")->enabled) {
logg("OLE2: Blocking all VBA macros.\n");
options |= CL_SCAN_BLOCKMACROS;
}
} else {
logg("OLE2 support disabled.\n");
}
if(optget(opts, "ScanPDF")->enabled) {
logg("PDF support enabled.\n");
options |= CL_SCAN_PDF;
} else {
logg("PDF support disabled.\n");
}
if(optget(opts, "ScanSWF")->enabled) {
logg("SWF support enabled.\n");
options |= CL_SCAN_SWF;
} else {
logg("SWF support disabled.\n");
}
if(optget(opts, "ScanHTML")->enabled) {
logg("HTML support enabled.\n");
options |= CL_SCAN_HTML;
} else {
logg("HTML support disabled.\n");
}
if(optget(opts,"PhishingScanURLs")->enabled) {
if(optget(opts,"PhishingAlwaysBlockCloak")->enabled) {
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
logg("Phishing: Always checking for cloaked urls\n");
}
if(optget(opts,"PhishingAlwaysBlockSSLMismatch")->enabled) {
options |= CL_SCAN_PHISHING_BLOCKSSL;
logg("Phishing: Always checking for ssl mismatches\n");
}
}
if(optget(opts,"PartitionIntersection")->enabled) {
options |= CL_SCAN_PARTITION_INTXN;
logg("Raw DMG: Always checking for partitons intersections\n");
}
if(optget(opts,"HeuristicScanPrecedence")->enabled) {
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
logg("Heuristic: precedence enabled\n");
}
if(optget(opts, "StructuredDataDetection")->enabled) {
options |= CL_SCAN_STRUCTURED;
if((opt = optget(opts, "StructuredMinCreditCardCount"))->enabled) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_CC_COUNT, opt->numarg))) {
logg("!cl_engine_set_num(CL_ENGINE_MIN_CC_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MIN_CC_COUNT, NULL);
logg("Structured: Minimum Credit Card Number Count set to %u\n", (unsigned int) val);
if((opt = optget(opts, "StructuredMinSSNCount"))->enabled) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_SSN_COUNT, opt->numarg))) {
logg("!cl_engine_set_num(CL_ENGINE_MIN_SSN_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 1;
}
}
val = cl_engine_get_num(engine, CL_ENGINE_MIN_SSN_COUNT, NULL);
logg("Structured: Minimum Social Security Number Count set to %u\n", (unsigned int) val);
if(optget(opts, "StructuredSSNFormatNormal")->enabled)
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
if(optget(opts, "StructuredSSNFormatStripped")->enabled)
options |= CL_SCAN_STRUCTURED_SSN_STRIPPED;
}
#ifdef HAVE__INTERNAL__SHA_COLLECT
if(optget(opts, "DevCollectHashes")->enabled)
options |= CL_SCAN_INTERNAL_COLLECT_SHA;
#endif
selfchk = optget(opts, "SelfCheck")->numarg;
if(!selfchk) {
logg("Self checking disabled.\n");
} else {
logg("Self checking every %u seconds.\n", selfchk);
}
/* save the PID */
mainpid = getpid();
if((opt = optget(opts, "PidFile"))->enabled) {
FILE *fd;
old_umask = umask(0002);
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
} else {
if (fprintf(fd, "%u\n", (unsigned int) mainpid)<0) {
logg("!Can't save PID in file %s\n", opt->strarg);
}
fclose(fd);
}
umask(old_umask);
}
logg("*Listening daemon: PID: %u\n", (unsigned int) mainpid);
max_threads = optget(opts, "MaxThreads")->numarg;
max_queue = optget(opts, "MaxQueue")->numarg;
acceptdata.commandtimeout = optget(opts, "CommandReadTimeout")->numarg;
readtimeout = optget(opts, "ReadTimeout")->numarg;
#if !defined(_WIN32) && defined(RLIMIT_NOFILE)
if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) {
/* don't warn if default value is too high, silently fix it */
unsigned maxrec;
int max_max_queue;
unsigned warn = optget(opts, "MaxQueue")->active;
const unsigned clamdfiles = 6;
/* Condition to not run out of file descriptors:
* MaxThreads * MaxRecursion + (MaxQueue - MaxThreads) + CLAMDFILES < RLIMIT_NOFILE
* CLAMDFILES is 6: 3 standard FD + logfile + 2 FD for reloading the DB
* */
#ifdef C_SOLARIS
#ifdef HAVE_ENABLE_EXTENDED_FILE_STDIO
if (enable_extended_FILE_stdio(-1, -1) == -1) {
logg("^Unable to set extended FILE stdio, clamd will be limited to max 256 open files\n");
rlim.rlim_cur = rlim.rlim_cur > 255 ? 255 : rlim.rlim_cur;
}
#elif !defined(_LP64)
if (rlim.rlim_cur > 255) {
rlim.rlim_cur = 255;
logg("^Solaris only supports 256 open files for 32-bit processes, you need at least Solaris 10u4, or compile as 64-bit to support more!\n");
}
#endif
#endif
opt = optget(opts,"MaxRecursion");
maxrec = opt->numarg;
max_max_queue = rlim.rlim_cur - maxrec * max_threads - clamdfiles + max_threads;
if (max_queue < max_threads) {
max_queue = max_threads;
if (warn)
logg("^MaxQueue value too low, increasing to: %d\n", max_queue);
}
if (max_max_queue < max_threads) {
logg("^MaxThreads * MaxRecursion is too high: %d, open file descriptor limit is: %lu\n",
maxrec*max_threads, (unsigned long)rlim.rlim_cur);
max_max_queue = max_threads;
}
if (max_queue > max_max_queue) {
max_queue = max_max_queue;
if (warn)
logg("^MaxQueue value too high, lowering to: %d\n", max_queue);
} else if (max_queue < 2*max_threads && max_queue < max_max_queue) {
max_queue = 2*max_threads;
if (max_queue > max_max_queue)
max_queue = max_max_queue;
/* always warn here */
logg("^MaxQueue is lower than twice MaxThreads, increasing to: %d\n", max_queue);
}
}
#endif
logg("*MaxQueue set to: %d\n", max_queue);
acceptdata.max_queue = max_queue;
if(optget(opts, "ScanOnAccess")->enabled)
#if defined(FANOTIFY) || defined(CLAMAUTH)
{
do {
if(pthread_attr_init(&fan_attr)) break;
pthread_attr_setdetachstate(&fan_attr, PTHREAD_CREATE_JOINABLE);
if(!(tharg = (struct thrarg *) malloc(sizeof(struct thrarg)))) break;
tharg->opts = opts;
tharg->engine = engine;
tharg->options = options;
if(!pthread_create(&fan_pid, &fan_attr, onas_fan_th, tharg)) break;
free(tharg);
tharg=NULL;
} while(0);
if (!tharg) logg("!Unable to start on-access scan\n");
}
#else
logg("!On-access scan is not available\n");
#endif
#ifndef _WIN32
/* set up signal handling */
sigfillset(&sigset);
sigdelset(&sigset, SIGINT);
sigdelset(&sigset, SIGTERM);
sigdelset(&sigset, SIGSEGV);
sigdelset(&sigset, SIGHUP);
sigdelset(&sigset, SIGPIPE);
sigdelset(&sigset, SIGUSR2);
/* The behavior of a process is undefined after it ignores a
* SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */
sigdelset(&sigset, SIGFPE);
sigdelset(&sigset, SIGILL);
sigdelset(&sigset, SIGSEGV);
#ifdef SIGBUS
sigdelset(&sigset, SIGBUS);
#endif
sigdelset(&sigset, SIGTSTP);
sigdelset(&sigset, SIGCONT);
sigprocmask(SIG_SETMASK, &sigset, NULL);
/* SIGINT, SIGTERM, SIGSEGV */
sigact.sa_handler = sighandler_th;
sigemptyset(&sigact.sa_mask);
sigaddset(&sigact.sa_mask, SIGINT);
sigaddset(&sigact.sa_mask, SIGTERM);
sigaddset(&sigact.sa_mask, SIGHUP);
sigaddset(&sigact.sa_mask, SIGPIPE);
sigaddset(&sigact.sa_mask, SIGUSR2);
sigaction(SIGINT, &sigact, NULL);
sigaction(SIGTERM, &sigact, NULL);
sigaction(SIGHUP, &sigact, NULL);
sigaction(SIGPIPE, &sigact, NULL);
sigaction(SIGUSR2, &sigact, NULL);
#endif
idletimeout = optget(opts, "IdleTimeout")->numarg;
for (i=0;i < nsockets;i++)
if (fds_add(&acceptdata.fds, socketds[i], 1, 0) == -1) {
logg("!fds_add failed\n");
cl_engine_free(engine);
return 1;
}
#ifdef _WIN32
event_wake_accept = CreateEvent(NULL, TRUE, FALSE, NULL);
event_wake_recv = CreateEvent(NULL, TRUE, FALSE, NULL);
#else
if (pipe(acceptdata.syncpipe_wake_recv) == -1 ||
(pipe(acceptdata.syncpipe_wake_accept) == -1)) {
logg("!pipe failed\n");
exit(-1);
}
syncpipe_wake_recv_w = acceptdata.syncpipe_wake_recv[1];
if (fds_add(fds, acceptdata.syncpipe_wake_recv[0], 1, 0) == -1 ||
fds_add(&acceptdata.fds, acceptdata.syncpipe_wake_accept[0], 1, 0)) {
logg("!failed to add pipe fd\n");
exit(-1);
}
#endif
if ((thr_pool = thrmgr_new(max_threads, idletimeout, max_queue, scanner_thread)) == NULL) {
logg("!thrmgr_new failed\n");
exit(-1);
}
if (pthread_create(&accept_th, NULL, acceptloop_th, &acceptdata)) {
logg("!pthread_create failed\n");
exit(-1);
}
time(&start_time);
for(;;) {
int new_sd;
/* Block waiting for connection on any of the sockets */
pthread_mutex_lock(fds->buf_mutex);
fds_cleanup(fds);
/* signal that we can accept more connections */
if (fds->nfds <= (unsigned)max_queue)
pthread_cond_signal(&acceptdata.cond_nfds);
new_sd = fds_poll_recv(fds, selfchk ? (int)selfchk : -1, 1, event_wake_recv);
#ifdef _WIN32
ResetEvent(event_wake_recv);
#else
if (!fds->nfds) {
/* at least the dummy/sync pipe should have remained */
logg("!All recv() descriptors gone: fatal\n");
pthread_mutex_lock(&exit_mutex);
progexit = 1;
pthread_mutex_unlock(&exit_mutex);
pthread_mutex_unlock(fds->buf_mutex);
break;
}
#endif
if (new_sd == -1 && errno != EINTR) {
logg("!Failed to poll sockets, fatal\n");
pthread_mutex_lock(&exit_mutex);
progexit = 1;
pthread_mutex_unlock(&exit_mutex);
}
if(fds->nfds) i = (rr_last + 1) % fds->nfds;
for (j = 0; j < fds->nfds && new_sd >= 0; j++, i = (i+1) % fds->nfds) {
size_t pos = 0;
int error = 0;
struct fd_buf *buf = &fds->buf[i];
if (!buf->got_newdata)
continue;
#ifndef _WIN32
if (buf->fd == acceptdata.syncpipe_wake_recv[0]) {
/* dummy sync pipe, just to wake us */
if (read(buf->fd, buff, sizeof(buff)) < 0) {
logg("^Syncpipe read failed\n");
}
continue;
}
#endif
if (buf->got_newdata == -1) {
if (buf->mode == MODE_WAITREPLY) {
logg("$mode WAIT_REPLY -> closed\n");
buf->fd = -1;
thrmgr_group_terminate(buf->group);
thrmgr_group_finished(buf->group, EXIT_ERROR);
continue;
} else {
logg("$client read error or EOF on read\n");
error = 1;
}
}
if (buf->fd != -1 && buf->got_newdata == -2) {
logg("$Client read timed out\n");
mdprintf(buf->fd, "COMMAND READ TIMED OUT\n");
error = 1;
}
rr_last = i;
if (buf->mode == MODE_WAITANCILL) {
buf->mode = MODE_COMMAND;
logg("$mode -> MODE_COMMAND\n");
}
while (!error && buf->fd != -1 && buf->buffer && pos < buf->off &&
buf->mode != MODE_WAITANCILL) {
client_conn_t conn;
const char *cmd = NULL;
int rc;
/* New data available to read on socket. */
memset(&conn, 0, sizeof(conn));
conn.scanfd = buf->recvfd;
buf->recvfd = -1;
conn.sd = buf->fd;
conn.options = options;
conn.opts = opts;
conn.thrpool = thr_pool;
conn.engine = engine;
conn.group = buf->group;
conn.id = buf->id;
conn.quota = buf->quota;
conn.filename = buf->dumpname;
conn.mode = buf->mode;
conn.term = buf->term;
/* Parse & dispatch command */
cmd = parse_dispatch_cmd(&conn, buf, &pos, &error, opts, readtimeout);
if (conn.mode == MODE_COMMAND && !cmd)
break;
if (!error) {
if (buf->mode == MODE_WAITREPLY && buf->off) {
/* Client is not supposed to send anything more */
logg("^Client sent garbage after last command: %lu bytes\n", (unsigned long)buf->off);
buf->buffer[buf->off] = '\0';
logg("$Garbage: %s\n", buf->buffer);
error = 1;
} else if (buf->mode == MODE_STREAM) {
rc = handle_stream(&conn, buf, opts, &error, &pos, readtimeout);
if (rc == -1)
break;
else
continue;
}
}
if (error && error != CL_ETIMEOUT) {
conn_reply_error(&conn, "Error processing command.");
}
}
if (error) {
if (buf->dumpfd != -1) {
close(buf->dumpfd);
if (buf->dumpname) {
cli_unlink(buf->dumpname);
free(buf->dumpname);
}
buf->dumpfd = -1;
}
thrmgr_group_terminate(buf->group);
if (thrmgr_group_finished(buf->group, EXIT_ERROR)) {
if (buf->fd < 0) {
logg("$Skipping shutdown of bad socket after error (FD %d)\n", buf->fd);
}
else {
logg("$Shutting down socket after error (FD %d)\n", buf->fd);
shutdown(buf->fd, 2);
closesocket(buf->fd);
}
} else
logg("$Socket not shut down due to active tasks\n");
buf->fd = -1;
}
}
pthread_mutex_unlock(fds->buf_mutex);
/* handle progexit */
pthread_mutex_lock(&exit_mutex);
if (progexit) {
pthread_mutex_unlock(&exit_mutex);
pthread_mutex_lock(fds->buf_mutex);
for (i=0;i < fds->nfds; i++) {
if (fds->buf[i].fd == -1)
continue;
thrmgr_group_terminate(fds->buf[i].group);
if (thrmgr_group_finished(fds->buf[i].group, EXIT_ERROR)) {
logg("$Shutdown closed fd %d\n", fds->buf[i].fd);
shutdown(fds->buf[i].fd, 2);
closesocket(fds->buf[i].fd);
fds->buf[i].fd = -1;
}
}
pthread_mutex_unlock(fds->buf_mutex);
break;
}
pthread_mutex_unlock(&exit_mutex);
/* SIGHUP */
if (sighup) {
logg("SIGHUP caught: re-opening log file.\n");
logg_close();
sighup = 0;
if(!logg_file && (opt = optget(opts, "LogFile"))->enabled)
logg_file = opt->strarg;
}
/* SelfCheck */
if(selfchk) {
time(¤t_time);
if((current_time - start_time) >= (time_t)selfchk) {
if(reload_db(engine, dboptions, opts, TRUE, &ret)) {
pthread_mutex_lock(&reload_mutex);
reload = 1;
pthread_mutex_unlock(&reload_mutex);
}
time(&start_time);
}
}
/* DB reload */
pthread_mutex_lock(&reload_mutex);
if(reload) {
pthread_mutex_unlock(&reload_mutex);
engine = reload_db(engine, dboptions, opts, FALSE, &ret);
if(ret) {
logg("Terminating because of a fatal error.\n");
if(new_sd >= 0)
closesocket(new_sd);
break;
}
pthread_mutex_lock(&reload_mutex);
reload = 0;
time(&reloaded_time);
pthread_mutex_unlock(&reload_mutex);
#if defined(FANOTIFY) || defined(CLAMAUTH)
if(optget(opts, "ScanOnAccess")->enabled && tharg) {
tharg->engine = engine;
}
#endif
time(&start_time);
} else {
pthread_mutex_unlock(&reload_mutex);
}
}
pthread_mutex_lock(&exit_mutex);
progexit = 1;
pthread_mutex_unlock(&exit_mutex);
#ifdef _WIN32
SetEvent(event_wake_accept);
#else
if (write(acceptdata.syncpipe_wake_accept[1], "", 1) < 0) {
logg("^Write to syncpipe failed\n");
}
#endif
/* Destroy the thread manager.
* This waits for all current tasks to end
*/
logg("*Waiting for all threads to finish\n");
thrmgr_destroy(thr_pool);
#if defined(FANOTIFY) || defined(CLAMAUTH)
if(optget(opts, "ScanOnAccess")->enabled && tharg) {
logg("Stopping on-access scan\n");
pthread_mutex_lock(&logg_mutex);
pthread_kill(fan_pid, SIGUSR1);
pthread_mutex_unlock(&logg_mutex);
pthread_join(fan_pid, NULL);
free(tharg);
}
#endif
if(engine) {
thrmgr_setactiveengine(NULL);
cl_engine_free(engine);
}
pthread_join(accept_th, NULL);
fds_free(fds);
pthread_mutex_destroy(fds->buf_mutex);
pthread_cond_destroy(&acceptdata.cond_nfds);
#ifdef _WIN32
CloseHandle(event_wake_accept);
CloseHandle(event_wake_recv);
#else
close(acceptdata.syncpipe_wake_accept[1]);
close(acceptdata.syncpipe_wake_recv[1]);
#endif
if(dbstat.entries)
cl_statfree(&dbstat);
logg("*Shutting down the main socket%s.\n", (nsockets > 1) ? "s" : "");
for (i = 0; i < nsockets; i++)
shutdown(socketds[i], 2);
if((opt = optget(opts, "PidFile"))->enabled) {
if(unlink(opt->strarg) == -1)
logg("!Can't unlink the pid file %s\n", opt->strarg);
else
logg("Pid file removed.\n");
}
time(¤t_time);
logg("--- Stopped at %s", cli_ctime(¤t_time, timestr, sizeof(timestr)));
return ret;
}
int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *engine, unsigned int options, const struct optstruct *opts, char term)
{
int ret, sockfd, acceptd;
int tmpd, bread, retval, firsttimeout, timeout, btread;
unsigned int port = 0, portscan, min_port, max_port;
unsigned long int quota = 0, maxsize = 0;
short bound = 0;
const char *virname;
char buff[FILEBUFF];
char peer_addr[32];
struct cb_context context;
struct sockaddr_in server;
struct sockaddr_in peer;
socklen_t addrlen;
char *tmpname;
min_port = optget(opts, "StreamMinPort")->numarg;
max_port = optget(opts, "StreamMaxPort")->numarg;
/* search for a free port to bind to */
port = cli_rndnum(max_port - min_port);
bound = 0;
for (portscan = 0; portscan < 1000; portscan++) {
port = (port - 1) % (max_port - min_port + 1);
memset((char *) &server, 0, sizeof(server));
server.sin_family = AF_INET;
server.sin_port = htons(min_port + port);
server.sin_addr.s_addr = htonl(INADDR_ANY);
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
continue;
if(bind(sockfd, (struct sockaddr *) &server, (socklen_t)sizeof(struct sockaddr_in)) == -1)
closesocket(sockfd);
else {
bound = 1;
break;
}
}
port += min_port;
timeout = optget(opts, "ReadTimeout")->numarg;
firsttimeout = optget(opts, "CommandReadTimeout")->numarg;
if(!bound) {
logg("!ScanStream: Can't find any free port.\n");
mdprintf(odesc, "Can't find any free port. ERROR%c", term);
return -1;
} else {
if (listen(sockfd, 1) == -1) {
logg("!ScanStream: listen() error on socket. Error returned is %s.\n", strerror(errno));
closesocket(sockfd);
return -1;
}
if(mdprintf(odesc, "PORT %u%c", port, term) <= 0) {
logg("!ScanStream: error transmitting port.\n");
closesocket(sockfd);
return -1;
}
}
retval = poll_fd(sockfd, firsttimeout, 0);
if (!retval || retval == -1) {
const char *reason = !retval ? "timeout" : "poll";
mdprintf(odesc, "Accept %s. ERROR%c", reason, term);
logg("!ScanStream %u: accept %s.\n", port, reason);
closesocket(sockfd);
return -1;
}
addrlen = sizeof(peer);
if((acceptd = accept(sockfd, (struct sockaddr *) &peer, (socklen_t *)&addrlen)) == -1) {
closesocket(sockfd);
mdprintf(odesc, "accept() ERROR%c", term);
logg("!ScanStream %u: accept() failed.\n", port);
return -1;
}
*peer_addr = '\0';
inet_ntop(peer.sin_family, &peer.sin_addr, peer_addr, sizeof(peer_addr));
logg("*Accepted connection from %s on port %u, fd %d\n", peer_addr, port, acceptd);
if(cli_gentempfd(optget(opts, "TemporaryDirectory")->strarg, &tmpname, &tmpd)) {
shutdown(sockfd, 2);
closesocket(sockfd);
closesocket(acceptd);
mdprintf(odesc, "cli_gentempfd() failed. ERROR%c", term);
logg("!ScanStream(%s@%u): Can't create temporary file.\n", peer_addr, port);
return -1;
}
quota = maxsize = optget(opts, "StreamMaxLength")->numarg;
while((retval = poll_fd(acceptd, timeout, 0)) == 1) {
/* only read up to max */
btread = (maxsize && (quota < sizeof(buff))) ? quota : sizeof(buff);
if (!btread) {
logg("^ScanStream(%s@%u): Size limit reached (max: %lu)\n", peer_addr, port, maxsize);
break; /* Scan what we have */
}
bread = recv(acceptd, buff, btread, 0);
if(bread <= 0)
break;
quota -= bread;
if(writen(tmpd, buff, bread) != bread) {
shutdown(sockfd, 2);
closesocket(sockfd);
closesocket(acceptd);
mdprintf(odesc, "Temporary file -> write ERROR%c", term);
logg("!ScanStream(%s@%u): Can't write to temporary file.\n", peer_addr, port);
close(tmpd);
if(!optget(opts, "LeaveTemporaryFiles")->enabled)
unlink(tmpname);
free(tmpname);
return -1;
}
}
switch(retval) {
case 0: /* timeout */
mdprintf(odesc, "read timeout ERROR%c", term);
logg("!ScanStream(%s@%u): read timeout.\n", peer_addr, port);
break;
case -1:
mdprintf(odesc, "read poll ERROR%c", term);
logg("!ScanStream(%s@%u): read poll failed.\n", peer_addr, port);
break;
}
if(retval == 1) {
lseek(tmpd, 0, SEEK_SET);
thrmgr_setactivetask(peer_addr, NULL);
context.filename = peer_addr;
context.virsize = 0;
context.scandata = NULL;
ret = cl_scandesc_callback(tmpd, &virname, scanned, engine, options, &context);
thrmgr_setactivetask(NULL, NULL);
} else {
ret = -1;
}
close(tmpd);
if(!optget(opts, "LeaveTemporaryFiles")->enabled)
unlink(tmpname);
free(tmpname);
closesocket(acceptd);
closesocket(sockfd);
if(ret == CL_VIRUS) {
if(context.virsize && optget(opts, "ExtendedDetectionInfo")->enabled) {
mdprintf(odesc, "stream: %s(%s:%llu) FOUND%c", virname, context.virhash, context.virsize, term);
logg("stream(%s@%u): %s(%s:%llu) FOUND\n", peer_addr, port, virname, context.virhash, context.virsize);
} else {
mdprintf(odesc, "stream: %s FOUND%c", virname, term);
logg("stream(%s@%u): %s FOUND\n", peer_addr, port, virname);
}
virusaction("stream", virname, opts);
} else if(ret != CL_CLEAN) {
if(retval == 1) {
mdprintf(odesc, "stream: %s ERROR%c", cl_strerror(ret), term);
logg("stream(%s@%u): %s ERROR\n", peer_addr, port, cl_strerror(ret));
}
} else {
mdprintf(odesc, "stream: OK%c", term);
if(logok)
logg("stream(%s@%u): OK\n", peer_addr, port);
}
return ret;
}
int CLAMAPI Scan_ScanObjectByHandle(CClamAVScanner *pScanner, HANDLE object, int *pScanStatus, PCLAM_SCAN_INFO_LIST *pInfoList) {
instance *inst;
HANDLE duphdl, self;
char *virname = NULL;
int fd, res;
unsigned int i;
struct scan_ctx sctx;
DWORD perf;
logg("*in Scan_ScanObjectByHandle(pScanner = %p, HANDLE = %p, pScanStatus = %p, pInfoList = %p)\n", pScanner, object, pScanStatus, pInfoList);
if(!pScanner)
FAIL(CL_ENULLARG, "NULL pScanner");
if(!pScanStatus)
FAIL(CL_ENULLARG, "NULL pScanStatus on instance %p", pScanner);
self = GetCurrentProcess();
if(!DuplicateHandle(self, object, self, &duphdl, GENERIC_READ, FALSE, 0))
FAIL(CL_EDUP, "Duplicate handle failed for instance %p", pScanner);
if((fd = _open_osfhandle((intptr_t)duphdl, _O_RDONLY)) == -1) {
CloseHandle(duphdl);
FAIL(CL_EOPEN, "Open handle failed for instance %p", pScanner);
}
if(lock_instances()) {
close(fd);
FAIL(CL_ELOCK, "failed to lock instances for instance %p", pScanner);
}
inst = (instance *)pScanner;
for(i=0; i<ninsts_total; i++) {
if(instances[i].inst == inst)
break;
}
if(i == ninsts_total) {
unlock_instances();
close(fd);
FAIL(CL_EARG, "invalid instance %p", inst);
}
instances[i].refcnt++;
ResetEvent(reload_event);
unlock_instances();
sctx.entryfd = fd;
sctx.inst = inst;
sctx.cb_times = 0;
sctx.copy_times = 0;
logg("*Scan_ScanObjectByHandle (instance %p) invoking cl_scandesc with clamav context %p\n", inst, &sctx);
perf = GetTickCount();
res = cl_scandesc_callback(fd, &virname, NULL, engine, inst->scanopts, &sctx);
if(!inst->filetype) do {
CLAM_SCAN_INFO si;
CLAM_ACTION act;
DWORD cbperf;
wchar_t wvirname[MAX_VIRNAME_LEN] = L"Clam.";
LONG lo = 0, hi = 0, hi2 = 0;
si.cbSize = sizeof(si);
si.flags = 0;
si.scanPhase = SCAN_PHASE_FINAL;
si.errorCode = CLAMAPI_SUCCESS;
if(res == CL_VIRUS) {
if(MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, virname, -1, &wvirname[5], MAX_VIRNAME_LEN - 5))
si.pThreatName = wvirname;
else
si.pThreatName = L"Clam.UNOFFICIAL";
} else
si.pThreatName = NULL;
logg("*in final_cb with clamav context %p, instance %p, fd %d, result %d, virusname %S)\n", &sctx, inst, fd, res, si.pThreatName);
si.pThreatType = threat_type(virname);
si.object = INVALID_HANDLE_VALUE;
si.objectId = INVALID_HANDLE_VALUE;
si.pInnerObjectPath = NULL;
lo = SetFilePointer(duphdl, 0, &hi, FILE_CURRENT);
SetFilePointer(duphdl, 0, &hi2, FILE_BEGIN);
logg("*final_cb (clamav context %p, instance %p) invoking callback %p with context %p\n", &sctx, inst, inst->scancb, inst->scancb_ctx);
cbperf = GetTickCount();
inst->scancb(&si, &act, inst->scancb_ctx);
cbperf = GetTickCount() - cbperf;
sctx.cb_times += cbperf;
logg("*final_cb (clamav context %p, instance %p) callback completed with %u (result ignored) in %u ms\n", &sctx, inst, act, cbperf);
SetFilePointer(duphdl, lo, &hi, FILE_BEGIN);
} while(0);
perf = GetTickCount() - perf;
close(fd);
logg("*Scan_ScanObjectByHandle (instance %p): cl_scandesc returned %d in %u ms (%d ms own, %d ms copy)\n", inst, res, perf, perf - sctx.cb_times - sctx.copy_times, sctx.copy_times);
if(lock_instances())
FAIL(CL_ELOCK, "failed to lock instances for instance %p", pScanner);
instances[i].refcnt--;
if(!instances[i].refcnt)
SetEvent(reload_event);
unlock_instances();
if(res == CL_VIRUS) {
logg("Scan_ScanObjectByHandle (instance %p): file is INFECTED with %s\n", inst, virname);
if(pInfoList) {
CLAM_SCAN_INFO_LIST *infolist = (CLAM_SCAN_INFO_LIST *)calloc(1, sizeof(CLAM_SCAN_INFO_LIST) + sizeof(CLAM_SCAN_INFO) + MAX_VIRNAME_LEN * 2);
PCLAM_SCAN_INFO scaninfo;
wchar_t *wvirname;
if(!infolist)
FAIL(CL_EMEM, "ScanByHandle (instance %p): OOM while allocating result list", inst);
scaninfo = (PCLAM_SCAN_INFO)(infolist + 1);
infolist->cbCount = 1;
scaninfo->cbSize = sizeof(*scaninfo);
scaninfo->scanPhase = SCAN_PHASE_FINAL;
scaninfo->errorCode = CLAMAPI_SUCCESS;
scaninfo->pThreatType = threat_type(virname);
scaninfo->object = INVALID_HANDLE_VALUE;
scaninfo->objectId = INVALID_HANDLE_VALUE;
wvirname = (wchar_t *)(scaninfo + 1);
scaninfo->pThreatName = wvirname;
memcpy(wvirname, L"Clam.", 10);
if(!MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, virname, -1, &wvirname[5], MAX_VIRNAME_LEN-5))
scaninfo->pThreatName = L"Clam.UNOFFICIAL";
*pInfoList = infolist;
logg("*Scan_ScanObjectByHandle (instance %p): created result list %p\n", inst, infolist);
}
*pScanStatus = CLAM_INFECTED;
} else if(res == CL_CLEAN) {
logg("*Scan_ScanObjectByHandle (instance %p): file is CLEAN\n", inst);
if(pInfoList) *pInfoList = NULL;
*pScanStatus = CLAM_CLEAN;
} else {
FAIL(res, "Scan failed for instance %p: %s", inst, cl_strerror(res));
}
WIN();
}
/* Base scan function for scanning HFS+ or HFSX partitions */
int cli_scanhfsplus(cli_ctx *ctx)
{
char *targetdir = NULL;
int ret = CL_CLEAN;
hfsPlusVolumeHeader *volHeader = NULL;
hfsNodeDescriptor catFileDesc;
hfsHeaderRecord catFileHeader;
hfsNodeDescriptor extentFileDesc;
hfsHeaderRecord extentFileHeader;
if (!ctx || !ctx->fmap) {
cli_errmsg("cli_scanhfsplus: Invalid context\n");
return CL_ENULLARG;
}
cli_dbgmsg("cli_scanhfsplus: scanning partition content\n");
/* first, read volume header contents */
ret = hfsplus_volumeheader(ctx, &volHeader);
if (ret != CL_CLEAN) {
goto freeHeader;
}
/*
cli_dbgmsg("sizeof(hfsUniStr255) is %lu\n", sizeof(hfsUniStr255));
cli_dbgmsg("sizeof(hfsPlusBSDInfo) is %lu\n", sizeof(hfsPlusBSDInfo));
cli_dbgmsg("sizeof(hfsPlusExtentDescriptor) is %lu\n", sizeof(hfsPlusExtentDescriptor));
cli_dbgmsg("sizeof(hfsPlusExtentRecord) is %lu\n", sizeof(hfsPlusExtentRecord));
cli_dbgmsg("sizeof(hfsPlusForkData) is %lu\n", sizeof(hfsPlusForkData));
cli_dbgmsg("sizeof(hfsPlusVolumeHeader) is %lu\n", sizeof(hfsPlusVolumeHeader));
cli_dbgmsg("sizeof(hfsNodeDescriptor) is %lu\n", sizeof(hfsNodeDescriptor));
*/
/* Get root node (header node) of extent overflow file */
ret = hfsplus_readheader(ctx, volHeader, &extentFileDesc, &extentFileHeader, HFS_FILETREE_EXTENTS, "extentFile");
if (ret != CL_CLEAN) {
goto freeHeader;
}
/* Get root node (header node) of catalog file */
ret = hfsplus_readheader(ctx, volHeader, &catFileDesc, &catFileHeader, HFS_FILETREE_CATALOG, "catalogFile");
if (ret != CL_CLEAN) {
goto freeHeader;
}
/* Create temp folder for contents */
if (!(targetdir = cli_gentemp(ctx->engine->tmpdir))) {
cli_errmsg("cli_scandmg: cli_gentemp failed\n");
ret = CL_ETMPDIR;
goto freeHeader;
}
if (mkdir(targetdir, 0700)) {
cli_errmsg("cli_scandmg: Cannot create temporary directory %s\n", targetdir);
ret = CL_ETMPDIR;
goto freeDirname;
}
cli_dbgmsg("cli_scandmg: Extracting into %s\n", targetdir);
/* Can build and scan catalog file if we want ***
ret = hfsplus_scanfile(ctx, volHeader, &extentFileHeader, &(volHeader->catalogFile), targetdir);
*/
if (ret == CL_CLEAN) {
ret = hfsplus_validate_catalog(ctx, volHeader, &catFileHeader);
if (ret == CL_CLEAN) {
cli_dbgmsg("cli_scandmg: validation successful\n");
}
else {
cli_dbgmsg("cli_scandmg: validation returned %d : %s\n", ret, cl_strerror(ret));
}
}
/* Walk through catalog to identify files to scan */
if (ret == CL_CLEAN) {
ret = hfsplus_walk_catalog(ctx, volHeader, &catFileHeader, &extentFileHeader, targetdir);
cli_dbgmsg("cli_scandmg: walk catalog finished\n");
}
/* Clean up extracted content, if needed */
if (!ctx->engine->keeptmp) {
cli_rmdirs(targetdir);
}
freeDirname:
free(targetdir);
freeHeader:
free(volHeader);
return ret;
}