X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fmalware.c;h=b626b18a8ea451d6d66d92bf89507aaf665b8eea;hb=4c0a7a9cb02f9904c2e890f77ff8ce3a6beb25f4;hp=e995f47b4e35aafc9673d7416cfdafd3a3848bae;hpb=040721f2bc088d5e717c0475975ed6158352dce6;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/malware.c b/src/src/malware.c
index e995f47b4..b626b18a8 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -104,7 +104,7 @@ static inline int
 test_byte_order()
 {
   short int word = 0x0001;
-  char *byte = (char *) &word;
+  char *byte = CS  &word;
   return(byte[0] ? LITTLE_MY_ENDIAN : BIG_MY_ENDIAN);
 }
 
@@ -202,7 +202,11 @@ const pcre * cre = NULL;
 if (!(list_ele = string_nextinlist(list, sep, NULL, 0)))
   *errstr = US listerr;
 else
+  {
+  DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "RE: ",
+    string_printing(list_ele));
   cre = m_pcre_compile(CUS list_ele, errstr);
+  }
 return cre;
 }
 
@@ -472,9 +476,6 @@ if (  strcmpic(malware_re,US"true") == 0
 else if (!(re = m_pcre_compile(malware_re, &errstr)))
   return malware_errlog_defer(errstr);
 
-/* Reset sep that is set by previous string_nextinlist() call */
-sep = 0;
-
 /* if av_scanner starts with a dollar, expand it first */
 if (*av_scanner == '$')
   {
@@ -506,10 +507,15 @@ if (!malware_ok)
 	scanner_name));
     if (strcmpic(scanner_name, US scanent->name) != 0)
       continue;
+    DEBUG(D_acl) debug_printf_indent("Malware scan:  %s tmo=%s\n",
+      scanner_name, readconf_printtime(timeout));
+
     if (!(scanner_options = string_nextinlist(&av_scanner_work, &sep, NULL, 0)))
       scanner_options = scanent->options_default;
     if (scanent->conn == MC_NONE)
       break;
+
+    DEBUG(D_acl) debug_printf_indent("%15s%10s%s\n", "", "socket: ", scanner_options);
     switch(scanent->conn)
     {
     case MC_TCP:  sock = ip_tcpsocket(scanner_options, &errstr, 5);	break;
@@ -521,7 +527,6 @@ if (!malware_ok)
       return m_errlog_defer(scanent, CUS callout_address, errstr);
     break;
   }
-  DEBUG(D_acl) debug_printf_indent("Malware scan: %s tmo %s\n", scanner_name, readconf_printtime(timeout));
 
   switch (scanent->scancode)
     {
@@ -605,7 +610,8 @@ if (!malware_ok)
 
 	if ((fsize = lseek(drweb_fd, 0, SEEK_END)) == -1)
 	  {
-	  int err = errno;
+	  int err;
+badseek:  err = errno;
 	  (void)close(drweb_fd);
 	  return m_errlog_defer_3(scanent, NULL,
 	    string_sprintf("can't seek spool file %s: %s",
@@ -622,7 +628,8 @@ if (!malware_ok)
 	    sock);
 	  }
 	drweb_slen = htonl(fsize);
-	lseek(drweb_fd, 0, SEEK_SET);
+	if (lseek(drweb_fd, 0, SEEK_SET) < 0)
+	  goto badseek;
 
 	DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s remote scan [%s]\n",
 	    scanner_name, scanner_options);
@@ -783,7 +790,7 @@ if (!malware_ok)
       if (buf[0] != '2')		/* aveserver is having problems */
 	return m_errlog_defer_3(scanent, CUS callout_address,
 	  string_sprintf("unavailable (Responded: %s).",
-			  ((buf[0] != 0) ? buf : (uschar *)"nothing") ),
+			  ((buf[0] != 0) ? buf : US "nothing") ),
 	  sock);
 
       /* prepare our command */
@@ -828,7 +835,7 @@ if (!malware_ok)
       if (buf[0] != '2')		/* aveserver is having problems */
 	return m_errlog_defer_3(scanent, CUS callout_address,
 	  string_sprintf("unable to quit dialogue (Responded: %s).",
-			((buf[0] != 0) ? buf : (uschar *)"nothing") ),
+			((buf[0] != 0) ? buf : US "nothing") ),
 	  sock);
 
       if (result == DEFER)
@@ -1478,7 +1485,8 @@ if (!malware_ok)
 	  }
 	if ((fsize = lseek(clam_fd, 0, SEEK_END)) < 0)
 	  {
-	  int err = errno;
+	  int err;
+b_seek:   err = errno;
 	  CLOSE_SOCKDATA; (void)close(clam_fd);
 	  return m_errlog_defer_3(scanent, NULL,
 	    string_sprintf("can't seek spool file %s: %s",
@@ -1494,7 +1502,8 @@ if (!malware_ok)
 	      eml_filename),
 	    sock);
 	  }
-	lseek(clam_fd, 0, SEEK_SET);
+	if (lseek(clam_fd, 0, SEEK_SET) < 0)
+	  goto b_seek;
 
 	if (!(clamav_fbuf = US malloc(fsize_uint)))
 	  {
@@ -1697,8 +1706,10 @@ if (!malware_ok)
       const pcre *sockline_name_re;
 
       /* find scanner command line */
-      if ((sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
-					  NULL, 0)))
+      if (  (sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
+					  NULL, 0))
+	 && *sockline_scanner
+	 )
       {	/* check for no expansions apart from one %s */
 	uschar * s = Ustrchr(sockline_scanner, '%');
 	if (s++)
@@ -1708,6 +1719,8 @@ if (!malware_ok)
       }
       else
 	sockline_scanner = sockline_scanner_default;
+      DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "cmdline: ",
+	string_printing(sockline_scanner));
 
       /* find scanner output trigger */
       sockline_trig_re = m_pcre_nextinlist(&av_scanner_work, &sep,
@@ -1723,7 +1736,8 @@ if (!malware_ok)
 
       /* prepare scanner call - security depends on expansions check above */
       commandline = string_sprintf( CS sockline_scanner, CS eml_filename);
-
+      DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "expanded: ",
+	string_printing(commandline));
 
       /* Pass the command string to the socket */
       if (m_sock_send(sock, commandline, Ustrlen(commandline), &errstr) < 0)
@@ -1742,12 +1756,16 @@ if (!malware_ok)
 		US"buffer too small", sock);
       av_buffer[bread] = '\0';
       linebuffer = string_copy(av_buffer);
+      DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "answer: ",
+	string_printing(linebuffer));
 
       /* try trigger match */
       if (regex_match_and_setup(sockline_trig_re, linebuffer, 0, -1))
 	{
 	if (!(malware_name = m_pcre_exec(sockline_name_re, av_buffer)))
 	  malware_name = US "unknown";
+	DEBUG(D_acl) debug_printf_indent("%15s%10s'%s'\n", "", "name: ",
+	  string_printing(malware_name));
 	}
       else /* no virus found */
 	malware_name = NULL;