//Prepare Header for Browser
string ConnectionToHTTP::PrepareHeaderForBrowser()
{
string header;
header.reserve(20000);
header = "";
vector<string>::iterator itvec;
string it;
it.reserve(200);
//Strip unwanted headers to browser
for (itvec = tokens.begin(); itvec != tokens.end(); ++itvec)
{
//Uppercase for matching
it = UpperCase(*itvec);
if ( MatchBegin( it, "KEEP-ALIVE", 10 ) )
{
continue;
}
else if ( MatchBegin( it, "CONNECTION", 10 ) )
{
continue;
}
else if ( MatchBegin( it, "PROXY-CONNECTION", 16 ) )
{
continue;
}
else if ( MatchBegin( it, "CONTENT-LENGTH", 14 ) && (ContentLength == -1) )
{
//Do not pass invalid Content-Length
continue;
}
else if ( MatchBegin( it, "TRANSFER-ENCODING", 17 ) )
{
continue;
}
header += *itvec;
header += "\r\n";
}
return header;
}
string KasperskyScanner::Scan( const char *FileName )
{
string Response;
if ( Connected == false )
{
//Connect
if ( AVESocket.ConnectToSocket( Params::GetConfigString("AVESOCKET"), 1 ) == false )
{
//Prevent log flooding, show error only once per minute
if ( (LastError == 0) || (LastError + 60 < time(NULL)) )
{
LogFile::ErrorMessage("KAV: Could not connect to scanner! Scanner down?\n");
LastError = time(NULL);
}
ScannerAnswer = "2Could not connect to scanner socket";
return ScannerAnswer;
}
//Get initial response
if ( AVESocket.GetLine( Response, "\r\n", 600 ) == false )
{
AVESocket.Close();
ScannerAnswer = "2Could not read from scanner socket";
return ScannerAnswer;
}
//Check greeting
if ( MatchBegin( Response, "201", 3 ) == false )
{
AVESocket.Close();
LogFile::ErrorMessage("KAV: Invalid greeting from scanner\n");
ScannerAnswer = "2Invalid greeting from scanner";
return ScannerAnswer;
}
Connected = true;
}
//Construct command for scanner
ScannerCmd = "SCAN xmQPRSTUWabcdefghi ";
ScannerCmd += FileName;
ScannerCmd += "\r\n";
//Send command
if ( AVESocket.Send( ScannerCmd ) == false )
{
AVESocket.Close();
Connected = false;
//Try to reconnect if failed
sleep(1);
if ( AVESocket.ConnectToSocket( Params::GetConfigString("AVESOCKET"), 1 ) == false )
{
//Prevent log flooding, show error only once per minute
if ( (LastError == 0) || (LastError + 60 < time(NULL)) )
{
LogFile::ErrorMessage("KAV: Could not connect to scanner! Scanner down?\n");
LastError = time(NULL);
}
ScannerAnswer = "2Could not connect to scanner socket";
return ScannerAnswer;
}
//Get initial response
if ( AVESocket.GetLine( Response, "\r\n", 600 ) == false )
{
AVESocket.Close();
ScannerAnswer = "2Could not read from scanner socket";
return ScannerAnswer;
}
//Check greeting
if ( MatchBegin( Response, "201", 3 ) == false )
{
AVESocket.Close();
LogFile::ErrorMessage("KAV: Invalid greeting from scanner\n");
ScannerAnswer = "2Invalid greeting from scanner";
return ScannerAnswer;
}
//Send command.. again
if ( AVESocket.Send( ScannerCmd ) == false )
{
AVESocket.Close();
LogFile::ErrorMessage("KAV: Could not write command to scanner\n");
ScannerAnswer = "2Scanner connection failed";
return ScannerAnswer;
}
Connected = true;
}
ScannerAnswer = "";
//Parse response lines
do
{
if ( AVESocket.GetLine( Response, "\r\n", 600 ) == false )
{
AVESocket.Close();
Connected = false;
ScannerAnswer = "2Could not read from scanner socket";
return ScannerAnswer;
}
//Virus name found
if ( MatchBegin( Response, "322-", 4 ) )
{
string::size_type Position;
if ( (Position = Response.find("/", 4)) != string::npos )
{
ScannerAnswer = "1" + Response.substr( 4, Position - 5 );
}
}
}
while ( MatchBegin( Response, "3", 1 ) );
//Clean
if ( MatchBegin( Response, "220", 3 ) )
{
ScannerAnswer = "0Clean";
return ScannerAnswer;
}
//Infected
else if ( MatchBegin( Response, "230", 3 ) )
{
if (ScannerAnswer == "") ScannerAnswer = "1Unknown";
return ScannerAnswer;
}
//Suspicious
else if ( MatchBegin( Response, "232", 3 ) )
{
if (ScannerAnswer == "") ScannerAnswer = "1Suspicious";
return ScannerAnswer;
}
//Scan Error
else if ( MatchBegin( Response, "241", 3 ) )
{
ScannerAnswer = "2" + Response;
return ScannerAnswer;
}
//Other Error
else if ( MatchBegin( Response, "5", 1 ) )
{
ScannerAnswer = "2" + Response;
return ScannerAnswer;
}
//Other non-fatal responses
else if ( MatchBegin( Response, "2", 1 ) )
{
ScannerAnswer = "0Clean";
return ScannerAnswer;
}
LogFile::ErrorMessage("KAV: Unknown response from scanner: %s\n", Response.c_str());
ScannerAnswer = "2Unknown scanner response";
return ScannerAnswer;
}
int ConnectionToHTTP::AnalyseHeaderLine( string &RequestT )
{
//~ if (LL > 0) LogFile::AccessMessage("(1)*****Analyse Header Line : %s\n",RequestT.c_str());
//Optimize checks.. no need to match if header line not long enough
//"Content-Length: x" needs atleast 17 chars
//"Connection: Keep-Alive" needs atleast 22 chars
if ( RequestT.length() > 16 )
{
//Uppercase for matching
string RequestU = UpperCase(RequestT);
if ( MatchBegin( RequestU, "CONTENT-LENGTH: ", 16 ) )
{
if ( RequestU.find_first_not_of("0123456789", 16) != string::npos )
{
//Invalid Content-Length
return 0;
}
string LengthToken = RequestT.substr( 16 );
//Sanity check for invalid huge Content-Length
if ( LengthToken.length() > 18 ) return 0;
if ( sscanf(LengthToken.c_str(), LLD, &ContentLength) != 1 )
{
ContentLength = -1;
}
return 0;
}
if ( MatchSubstr( RequestU, "CONNECTION: KEEP-ALIVE", -1 ) )
{
IsKeepAlive = true;
return 0;
}
if ( MatchBegin( RequestU, "CONTENT-TYPE: IMAGE/", 20 ) )
{
IsImage = true;
return 0;
}
if ( MatchBegin( RequestU, "TRANSFER-ENCODING: CHUNKED", 26 ) )
{
IsChunked = true;
return 0;
}
if ( MatchBegin( RequestU, "TRANSFER-ENCODING: ", 19 ) )
{
//Not allowed on HTTP/1.0
return -232;
}
}//End >16 check
return 0;
}
