- /* "virus(es) found" if virus number is > 0 */
- if (drweb_vnum)
- {
- int i;
- uschar pre_malware_nb[256];
-
- malware_name = malware_name_buffer;
-
- /* setup default virus name */
- Ustrcpy(malware_name_buffer,"unknown");
-
- /* read and concatenate virus names into one string */
- for (i=0;i<drweb_vnum;i++)
- {
- /* read the size of report */
- if ((bread = recv(sock, &drweb_slen, sizeof(drweb_slen), 0) != sizeof(drweb_slen))) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report size");
- return DEFER;
- };
- drweb_slen = ntohl(drweb_slen);
-
- /* read report body */
- if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
- close(sock);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: cannot read report string");
- return DEFER;
- };
- tmpbuf[drweb_slen] = '\0';
-
- /* set up match regex, depends on retcode */
- Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
-
- drweb_re = pcre_compile( CS drweb_match_string,
- PCRE_COPT,
- (const char **)&rerror,
- &roffset,
- NULL );
-
- /* try matcher on the line, grab substring */
- result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
- if (result >= 2) {
- pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS pre_malware_nb, 255);
- }
- /* the first name we just copy to malware_name */
- if (i==0)
- Ustrcpy(CS malware_name_buffer, CS pre_malware_nb);
- else {
- /* concatenate each new virus name to previous */
- int slen = Ustrlen(malware_name_buffer);
- if (slen < (slen+Ustrlen(pre_malware_nb))) {
- Ustrcat(malware_name_buffer, "/");
- Ustrcat(malware_name_buffer, pre_malware_nb);
- }
- }
- }
- }
- else {
- char *drweb_s = NULL;
-
- if (drweb_rc & DERR_READ_ERR) drweb_s = "read error";
- if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory";
- if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout";
- if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command";
- /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED.
- * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM,
- * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
- * and others are ignored */
- if (drweb_s) {
- log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
- close(sock);
- return DEFER;
- }
- /* no virus found */
- malware_name = NULL;
- };
- close(sock);
+ if ((!fprot6d_re_virus && !(fprot6d_re_virus = m_pcre_compile(fprot6d_re_virus_str, &errstr)))
+ || (!fprot6d_re_error && !(fprot6d_re_error = m_pcre_compile(fprot6d_re_error_str, &errstr))))
+ return malware_panic_defer(errstr);
+
+ scanrequest = string_sprintf("SCAN FILE %s\n", eml_filename);
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s: %s\n",
+ scanner_name, scanrequest);
+
+ if (m_sock_send(malware_daemon_ctx.sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0)
+ return m_panic_defer(scanent, CUS callout_address, errstr);
+
+ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
+
+ if (bread <= 0)
+ return m_panic_defer_3(scanent, CUS callout_address,
+ string_sprintf("unable to read from socket (%s)", strerror(errno)),
+ malware_daemon_ctx.sock);
+
+ if (bread == sizeof(av_buffer))
+ return m_panic_defer_3(scanent, CUS callout_address,
+ US"buffer too small", malware_daemon_ctx.sock);
+
+ av_buffer[bread] = '\0';
+ linebuffer = string_copy(av_buffer);
+
+ m_sock_send(malware_daemon_ctx.sock, US"QUIT\n", 5, 0);
+
+ if ((e = m_pcre_exec(fprot6d_re_error, linebuffer)))
+ return m_panic_defer_3(scanent, CUS callout_address,
+ string_sprintf("scanner reported error (%s)", e), malware_daemon_ctx.sock);
+
+ if (!(malware_name = m_pcre_exec(fprot6d_re_virus, linebuffer)))
+ malware_name = NULL;
+
+ break;
+ } /* f-prot6d */
+#endif
+
+#ifndef DISABLE_MAL_DRWEB
+ case M_DRWEB: /* "drweb" scanner type ----------------------------------- */
+ /* v0.1 - added support for tcp sockets */
+ /* v0.0 - initial release -- support for unix sockets */
+ {
+ int result;
+ off_t fsize;
+ unsigned int fsize_uint;
+ uschar * tmpbuf, *drweb_fbuf;
+ int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
+ drweb_vnum, drweb_slen, drweb_fin = 0x0000;
+
+ /* prepare variables */
+ drweb_cmd = htonl(DRWEBD_SCAN_CMD);
+ drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
+
+ if (*scanner_options != '/')
+ {
+ /* calc file size */
+ if ((drweb_fd = open(CCS eml_filename, O_RDONLY)) == -1)
+ return m_panic_defer_3(scanent, NULL,
+ string_sprintf("can't open spool file %s: %s",
+ eml_filename, strerror(errno)),
+ malware_daemon_ctx.sock);
+
+ if ((fsize = lseek(drweb_fd, 0, SEEK_END)) == -1)
+ {
+ int err;
+badseek: err = errno;
+ (void)close(drweb_fd);
+ return m_panic_defer_3(scanent, NULL,
+ string_sprintf("can't seek spool file %s: %s",
+ eml_filename, strerror(err)),
+ malware_daemon_ctx.sock);
+ }
+ fsize_uint = (unsigned int) fsize;
+ if ((off_t)fsize_uint != fsize)
+ {
+ (void)close(drweb_fd);
+ return m_panic_defer_3(scanent, NULL,
+ string_sprintf("seeking spool file %s, size overflow",
+ eml_filename),
+ malware_daemon_ctx.sock);
+ }
+ drweb_slen = htonl(fsize);
+ if (lseek(drweb_fd, 0, SEEK_SET) < 0)
+ goto badseek;
+
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s remote scan [%s]\n",
+ scanner_name, scanner_options);
+
+ /* send scan request */
+ if ((send(malware_daemon_ctx.sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(malware_daemon_ctx.sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(malware_daemon_ctx.sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
+ (send(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), 0) < 0))
+ {
+ (void)close(drweb_fd);
+ return m_panic_defer_3(scanent, CUS callout_address, string_sprintf(
+ "unable to send commands to socket (%s)", scanner_options),
+ malware_daemon_ctx.sock);
+ }
+
+ if (!(drweb_fbuf = US malloc(fsize_uint)))
+ {
+ (void)close(drweb_fd);
+ return m_panic_defer_3(scanent, NULL,
+ string_sprintf("unable to allocate memory %u for file (%s)",
+ fsize_uint, eml_filename),
+ malware_daemon_ctx.sock);
+ }
+
+ if ((result = read (drweb_fd, drweb_fbuf, fsize)) == -1)
+ {
+ int err = errno;
+ (void)close(drweb_fd);
+ free(drweb_fbuf);
+ return m_panic_defer_3(scanent, NULL,
+ string_sprintf("can't read spool file %s: %s",
+ eml_filename, strerror(err)),
+ malware_daemon_ctx.sock);
+ }
+ (void)close(drweb_fd);
+
+ /* send file body to socket */
+ if (send(malware_daemon_ctx.sock, drweb_fbuf, fsize, 0) < 0)
+ {
+ free(drweb_fbuf);
+ return m_panic_defer_3(scanent, CUS callout_address, string_sprintf(
+ "unable to send file body to socket (%s)", scanner_options),
+ malware_daemon_ctx.sock);
+ }
+ }
+ else
+ {
+ drweb_slen = htonl(Ustrlen(eml_filename));
+
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s local scan [%s]\n",
+ scanner_name, scanner_options);
+
+ /* send scan request */
+ if ((send(malware_daemon_ctx.sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
+ (send(malware_daemon_ctx.sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
+ (send(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
+ (send(malware_daemon_ctx.sock, eml_filename, Ustrlen(eml_filename), 0) < 0) ||
+ (send(malware_daemon_ctx.sock, &drweb_fin, sizeof(drweb_fin), 0) < 0))
+ return m_panic_defer_3(scanent, CUS callout_address, string_sprintf(
+ "unable to send commands to socket (%s)", scanner_options),
+ malware_daemon_ctx.sock);
+ }
+
+ /* wait for result */
+ if (!recv_len(malware_daemon_ctx.sock, &drweb_rc, sizeof(drweb_rc), tmo))
+ return m_panic_defer_3(scanent, CUS callout_address,
+ US"unable to read return code", malware_daemon_ctx.sock);
+ drweb_rc = ntohl(drweb_rc);
+
+ if (!recv_len(malware_daemon_ctx.sock, &drweb_vnum, sizeof(drweb_vnum), tmo))
+ return m_panic_defer_3(scanent, CUS callout_address,
+ US"unable to read the number of viruses", malware_daemon_ctx.sock);
+ drweb_vnum = ntohl(drweb_vnum);
+
+ /* "virus(es) found" if virus number is > 0 */
+ if (drweb_vnum)
+ {
+ gstring * g = NULL;
+
+ /* setup default virus name */
+ malware_name = US"unknown";
+
+ /* set up match regex */
+ if (!drweb_re)
+ drweb_re = m_pcre_compile(drweb_re_str, &errstr);
+
+ /* read and concatenate virus names into one string */
+ for (int i = 0; i < drweb_vnum; i++)
+ {
+ int ovector[10*3];
+
+ /* read the size of report */
+ if (!recv_len(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), tmo))
+ return m_panic_defer_3(scanent, CUS callout_address,
+ US"cannot read report size", malware_daemon_ctx.sock);
+ drweb_slen = ntohl(drweb_slen);
+ tmpbuf = store_get(drweb_slen);
+
+ /* read report body */
+ if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo))
+ return m_panic_defer_3(scanent, CUS callout_address,
+ US"cannot read report string", malware_daemon_ctx.sock);
+ tmpbuf[drweb_slen] = '\0';
+
+ /* try matcher on the line, grab substring */
+ result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0,
+ ovector, nelem(ovector));
+ if (result >= 2)
+ {
+ const char * pre_malware_nb;
+
+ pcre_get_substring(CS tmpbuf, ovector, result, 1, &pre_malware_nb);
+
+ if (i==0) /* the first name we just copy to malware_name */
+ g = string_cat(NULL, US pre_malware_nb);
+
+ /*XXX could be string_append_listele? */
+ else /* concatenate each new virus name to previous */
+ g = string_append(g, 2, "/", pre_malware_nb);
+
+ pcre_free_substring(pre_malware_nb);
+ }
+ }
+ malware_name = string_from_gstring(g);