//Prepare Header for Browser string ConnectionToHTTP::PrepareHeaderForBrowser() { string header; header.reserve(20000); header = ""; vector<string>::iterator itvec; string it; it.reserve(200); //Strip unwanted headers to browser for (itvec = tokens.begin(); itvec != tokens.end(); ++itvec) { //Uppercase for matching it = UpperCase(*itvec); if ( MatchBegin( it, "KEEP-ALIVE", 10 ) ) { continue; } else if ( MatchBegin( it, "CONNECTION", 10 ) ) { continue; } else if ( MatchBegin( it, "PROXY-CONNECTION", 16 ) ) { continue; } else if ( MatchBegin( it, "CONTENT-LENGTH", 14 ) && (ContentLength == -1) ) { //Do not pass invalid Content-Length continue; } else if ( MatchBegin( it, "TRANSFER-ENCODING", 17 ) ) { continue; } header += *itvec; header += "\r\n"; } return header; }
string KasperskyScanner::Scan( const char *FileName ) { string Response; if ( Connected == false ) { //Connect if ( AVESocket.ConnectToSocket( Params::GetConfigString("AVESOCKET"), 1 ) == false ) { //Prevent log flooding, show error only once per minute if ( (LastError == 0) || (LastError + 60 < time(NULL)) ) { LogFile::ErrorMessage("KAV: Could not connect to scanner! Scanner down?\n"); LastError = time(NULL); } ScannerAnswer = "2Could not connect to scanner socket"; return ScannerAnswer; } //Get initial response if ( AVESocket.GetLine( Response, "\r\n", 600 ) == false ) { AVESocket.Close(); ScannerAnswer = "2Could not read from scanner socket"; return ScannerAnswer; } //Check greeting if ( MatchBegin( Response, "201", 3 ) == false ) { AVESocket.Close(); LogFile::ErrorMessage("KAV: Invalid greeting from scanner\n"); ScannerAnswer = "2Invalid greeting from scanner"; return ScannerAnswer; } Connected = true; } //Construct command for scanner ScannerCmd = "SCAN xmQPRSTUWabcdefghi "; ScannerCmd += FileName; ScannerCmd += "\r\n"; //Send command if ( AVESocket.Send( ScannerCmd ) == false ) { AVESocket.Close(); Connected = false; //Try to reconnect if failed sleep(1); if ( AVESocket.ConnectToSocket( Params::GetConfigString("AVESOCKET"), 1 ) == false ) { //Prevent log flooding, show error only once per minute if ( (LastError == 0) || (LastError + 60 < time(NULL)) ) { LogFile::ErrorMessage("KAV: Could not connect to scanner! Scanner down?\n"); LastError = time(NULL); } ScannerAnswer = "2Could not connect to scanner socket"; return ScannerAnswer; } //Get initial response if ( AVESocket.GetLine( Response, "\r\n", 600 ) == false ) { AVESocket.Close(); ScannerAnswer = "2Could not read from scanner socket"; return ScannerAnswer; } //Check greeting if ( MatchBegin( Response, "201", 3 ) == false ) { AVESocket.Close(); LogFile::ErrorMessage("KAV: Invalid greeting from scanner\n"); ScannerAnswer = "2Invalid greeting from scanner"; return ScannerAnswer; } //Send command.. again if ( AVESocket.Send( ScannerCmd ) == false ) { AVESocket.Close(); LogFile::ErrorMessage("KAV: Could not write command to scanner\n"); ScannerAnswer = "2Scanner connection failed"; return ScannerAnswer; } Connected = true; } ScannerAnswer = ""; //Parse response lines do { if ( AVESocket.GetLine( Response, "\r\n", 600 ) == false ) { AVESocket.Close(); Connected = false; ScannerAnswer = "2Could not read from scanner socket"; return ScannerAnswer; } //Virus name found if ( MatchBegin( Response, "322-", 4 ) ) { string::size_type Position; if ( (Position = Response.find("/", 4)) != string::npos ) { ScannerAnswer = "1" + Response.substr( 4, Position - 5 ); } } } while ( MatchBegin( Response, "3", 1 ) ); //Clean if ( MatchBegin( Response, "220", 3 ) ) { ScannerAnswer = "0Clean"; return ScannerAnswer; } //Infected else if ( MatchBegin( Response, "230", 3 ) ) { if (ScannerAnswer == "") ScannerAnswer = "1Unknown"; return ScannerAnswer; } //Suspicious else if ( MatchBegin( Response, "232", 3 ) ) { if (ScannerAnswer == "") ScannerAnswer = "1Suspicious"; return ScannerAnswer; } //Scan Error else if ( MatchBegin( Response, "241", 3 ) ) { ScannerAnswer = "2" + Response; return ScannerAnswer; } //Other Error else if ( MatchBegin( Response, "5", 1 ) ) { ScannerAnswer = "2" + Response; return ScannerAnswer; } //Other non-fatal responses else if ( MatchBegin( Response, "2", 1 ) ) { ScannerAnswer = "0Clean"; return ScannerAnswer; } LogFile::ErrorMessage("KAV: Unknown response from scanner: %s\n", Response.c_str()); ScannerAnswer = "2Unknown scanner response"; return ScannerAnswer; }
int ConnectionToHTTP::AnalyseHeaderLine( string &RequestT ) { //~ if (LL > 0) LogFile::AccessMessage("(1)*****Analyse Header Line : %s\n",RequestT.c_str()); //Optimize checks.. no need to match if header line not long enough //"Content-Length: x" needs atleast 17 chars //"Connection: Keep-Alive" needs atleast 22 chars if ( RequestT.length() > 16 ) { //Uppercase for matching string RequestU = UpperCase(RequestT); if ( MatchBegin( RequestU, "CONTENT-LENGTH: ", 16 ) ) { if ( RequestU.find_first_not_of("0123456789", 16) != string::npos ) { //Invalid Content-Length return 0; } string LengthToken = RequestT.substr( 16 ); //Sanity check for invalid huge Content-Length if ( LengthToken.length() > 18 ) return 0; if ( sscanf(LengthToken.c_str(), LLD, &ContentLength) != 1 ) { ContentLength = -1; } return 0; } if ( MatchSubstr( RequestU, "CONNECTION: KEEP-ALIVE", -1 ) ) { IsKeepAlive = true; return 0; } if ( MatchBegin( RequestU, "CONTENT-TYPE: IMAGE/", 20 ) ) { IsImage = true; return 0; } if ( MatchBegin( RequestU, "TRANSFER-ENCODING: CHUNKED", 26 ) ) { IsChunked = true; return 0; } if ( MatchBegin( RequestU, "TRANSFER-ENCODING: ", 19 ) ) { //Not allowed on HTTP/1.0 return -232; } }//End >16 check return 0; }