コード例 #1
0
ファイル: example.c プロジェクト: eqmcc/dazuko
int main(int argc, char *argv[])
{
	struct dazuko_access	*acc;
	int			args_ok = 0;
	int			i;
	struct dazuko_version	ver;

	if (dazukoIOVersion(&ver) != 0)
	{
		printf("error: failed to read DazukoIO version\n");
		return -1;
	}

	printf("DazukoIO version %s (%d.%d.%d.%d)\n", ver.text, ver.major, ver.minor, ver.revision, ver.release);

	/* register with dazuko */
	if (dazukoRegister("DAZUKO_EXAMPLE", "r+") != 0)
	{
		printf("error: failed to register with Dazuko\n");
		return -1;
	}

	printf("registered with Dazuko successfully\n");

	if (dazukoVersion(&ver) != 0)
	{
		printf("error: failed to read Dazuko version\n");
		dazukoUnregister();
		return -1;
	}

	printf("Dazuko version %s (%d.%d.%d.%d)\n", ver.text, ver.major, ver.minor, ver.revision, ver.release);

	/* detect TERM signals */
	signal(SIGTERM, sigterm);

	/* detect INT signals */
	signal(SIGINT, sigterm);

	/* set access mask */
	if (dazukoSetAccessMask(DAZUKO_ON_OPEN | DAZUKO_ON_CLOSE | DAZUKO_ON_CLOSE_MODIFIED | DAZUKO_ON_EXEC | DAZUKO_ON_UNLINK | DAZUKO_ON_RMDIR) != 0)
	{
		printf("error: failed to set access mask\n");
		dazukoUnregister();
		return -1;
	}

	printf("set access mask successfully\n");

	/* set scan path */
	for (i=1 ; i<argc ; i++)
	{
		if (argv[i][0] == '/')
		{
			if (dazukoAddIncludePath(argv[i]) != 0)
			{
				printf("error: failed to add %s include path\n", argv[i]);
				dazukoUnregister();
				return -1;
			}

			args_ok = 1;
		}
	}

	/* ignore /dev/ */
	if (dazukoAddExcludePath("/dev/") != 0)
	{
		printf("error: failed to add /dev/ exclude path\n");
		dazukoUnregister();
		return -1;
	}

	if (!args_ok)
	{
		print_usage();
		dazukoUnregister();
		return -1;
	}

	printf("set scan path successfully\n");

	while (RUNNING)
	{
		/* get an access */
		if (dazukoGetAccess(&acc) == 0)
		{
			print_access(acc);

			/* always allow access */
			acc->deny = 0;

			/* return access (IMPORTANT, the kernel is waiting for us!) */
			if (dazukoReturnAccess(&acc) != 0)
			{
				printf("error: failed to return access\n");
				RUNNING = 0;
			}
		}
		else if (RUNNING)
		{
			printf("warning: failed to get an access\n");
			RUNNING = 0;
		}
	}

	/* unregister with Dazuko */
	if (dazukoUnregister() != 0)
	{
		printf("error: failed to unregister with Dazuko\n");
		return -1;
	}

	printf("unregistered with Dazuko successfully\n");

	return 0;
}
コード例 #2
0
ファイル: clamuko.c プロジェクト: OPSF/uClinux
void *clamukoth(void *arg)
{
	struct thrarg *tharg = (struct thrarg *) arg;
	sigset_t sigset;
	const char *virname;
        struct sigaction act;
	unsigned long mask = 0;
	const struct optstruct *pt;
	short int scan;
	int sizelimit = 0;
	struct stat sb;


    clamuko_scanning = 0;

    /* ignore all signals except SIGUSR1 */
    sigfillset(&sigset);
    sigdelset(&sigset, SIGUSR1);
    /* The behavior of a process is undefined after it ignores a 
     * SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */
    sigdelset(&sigset, SIGFPE);
    sigdelset(&sigset, SIGILL);
    sigdelset(&sigset, SIGSEGV);
#ifdef SIGBUS    
    sigdelset(&sigset, SIGBUS);
#endif
    pthread_sigmask(SIG_SETMASK, &sigset, NULL);
    act.sa_handler = clamuko_exit;
    sigfillset(&(act.sa_mask));
    sigaction(SIGUSR1, &act, NULL);
    sigaction(SIGSEGV, &act, NULL);

    /* register */
    if(dazukoRegister("ClamAV", "r+")) {
	logg("!Clamuko: Can't register with Dazuko\n");
	return NULL;
    } else
	logg("Clamuko: Correctly registered with Dazuko.\n");

    /* access mask */
    if(optget(tharg->opts, "ClamukoScanOnOpen")->enabled) {
	logg("Clamuko: Scan-on-open mode activated.\n");
	mask |= DAZUKO_ON_OPEN;
    }
    if(optget(tharg->opts, "ClamukoScanOnClose")->enabled) {
	logg("Clamuko: Scan-on-close mode activated.\n");
	mask |= DAZUKO_ON_CLOSE;
    }
    if(optget(tharg->opts, "ClamukoScanOnExec")->enabled) {
	logg("Clamuko: Scan-on-exec mode activated.\n");
	mask |= DAZUKO_ON_EXEC;
    }

    if(!mask) {
	logg("!Access mask is not configured properly.\n");
	dazukoUnregister();
	return NULL;
    }

    if(dazukoSetAccessMask(mask)) {
	logg("!Clamuko: Can't set access mask in Dazuko.\n");
	dazukoUnregister();
	return NULL;
    }

    if((pt = optget(tharg->opts, "ClamukoIncludePath"))->enabled) {
	while(pt) {
	    if((dazukoAddIncludePath(pt->strarg))) {
		logg("!Clamuko: Dazuko -> Can't include path %s\n", pt->strarg);
		dazukoUnregister();
		return NULL;
	    } else
		logg("Clamuko: Included path %s\n", pt->strarg);

	    pt = (struct optstruct *) pt->nextarg;
	}
    } else {
	logg("!Clamuko: please include at least one path.\n");
	dazukoUnregister();
	return NULL;
    }

    if((pt = optget(tharg->opts, "ClamukoExcludePath"))->enabled) {
	while(pt) {
	    if((dazukoAddExcludePath(pt->strarg))) {
		logg("!Clamuko: Dazuko -> Can't exclude path %s\n", pt->strarg);
		dazukoUnregister();
		return NULL;
	    } else
		logg("Clamuko: Excluded path %s\n", pt->strarg);

	    pt = (struct optstruct *) pt->nextarg;
	}
    }

    sizelimit = optget(tharg->opts, "ClamukoMaxFileSize")->numarg;
    if(sizelimit)
	logg("Clamuko: Max file size limited to %d bytes.\n", sizelimit);
    else
	logg("Clamuko: File size limit disabled.\n");

    while(1) {

	if(dazukoGetAccess(&acc) == 0) {
	    clamuko_scanning = 1;
	    scan = 1;

	    if(sizelimit) {
		stat(acc->filename, &sb);
		if(sb.st_size > sizelimit) {
		    scan = 0;
		    logg("*Clamuko: %s skipped (too big)\n", acc->filename);
		}
	    }

	    if(scan && cl_scanfile(acc->filename, &virname, NULL, tharg->engine, tharg->options) == CL_VIRUS) {
		logg("Clamuko: %s: %s FOUND\n", acc->filename, virname);
		virusaction(acc->filename, virname, tharg->opts);
		acc->deny = 1;
	    } else
		acc->deny = 0;

	    if(dazukoReturnAccess(&acc)) {
		logg("!Can't return access to Dazuko.\n");
		logg("Clamuko stopped.\n");
		dazukoUnregister();
		clamuko_scanning = 0;
		return NULL;
	    }

	    clamuko_scanning = 0;
	}
    }

    /* can't be ;) */
    return NULL;
}