diff -urN src.orig/malware.c src/malware.c --- src.orig/malware.c Thu Sep 9 18:47:23 2004 +++ src/malware.c Thu Sep 9 18:47:44 2004 @@ -36,7 +36,7 @@ return(byte[0] ? LITTLE_MY_ENDIAN : BIG_MY_ENDIAN); } -uschar malware_name_buffer[256]; +uschar malware_name_buffer[256], malware_temp_name[256]; int malware_ok = 0; int malware(uschar **listptr) { @@ -53,6 +53,7 @@ int roffset; const pcre *re; const uschar *rerror; + int mw_cnt = 0; /* make sure the eml mbox file is spooled up */ mbox_file = spool_mbox(&mbox_size); @@ -98,19 +99,12 @@ return DEFER; }; - /* Do not scan twice. */ - if (malware_ok == 0) { - - /* find the scanner type from the av_scanner option */ - if ((scanner_name = string_nextinlist(&av_scanner_work, &sep, + while(scanner_name = string_nextinlist(&av_scanner_work, &sep, scanner_name_buffer, - sizeof(scanner_name_buffer))) == NULL) { - /* no scanner given */ - log_write(0, LOG_MAIN|LOG_PANIC, - "malware acl condition: av_scanner configuration variable is empty"); - return DEFER; - }; - + sizeof(scanner_name_buffer))) { + + mw_cnt++; /* increment the count of malware processed */ + /* "drweb" scanner type ----------------------------------------------- */ /* v0.1 - added support for tcp sockets */ /* v0.0 - initial release -- support for unix sockets */ @@ -144,6 +138,7 @@ if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: invalid socket '%s'", drweb_options); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -151,6 +146,7 @@ if((he = gethostbyname(CS hostname)) == 0) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: failed to lookup host '%s'", hostname); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -161,6 +157,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to acquire socket (%s)", strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -169,6 +166,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: connection to %s, port %u failed (%s)", inet_ntoa(in), port, strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -184,6 +182,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: can't open spool file %s: %s", scanrequest, strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } fsize = lseek(drweb_fd, 0, SEEK_END); @@ -191,6 +190,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: can't seek spool file %s: %s", scanrequest, strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } drweb_slen = htonl(fsize); @@ -205,6 +205,7 @@ close(drweb_fd); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -215,6 +216,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to allocate memory %u for file (%s)", fsize, scanrequest); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -225,6 +227,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: can't read spool file %s: %s", scanrequest, strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -233,6 +236,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to send file body to socket (%s)", drweb_options); +if (*av_scanner_work != 0) continue; return DEFER; } close(drweb_fd); @@ -244,6 +248,7 @@ if (sock < 0) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: can't open UNIX socket"); +if (*av_scanner_work != 0) continue; return DEFER; } server.sun_family = AF_UNIX; @@ -252,6 +257,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -270,6 +276,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options); +if (*av_scanner_work != 0) continue; return DEFER; } } @@ -279,6 +286,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to read return code"); +if (*av_scanner_work != 0) continue; return DEFER; } drweb_rc = ntohl(drweb_rc); @@ -287,6 +295,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: unable to read the number of viruses"); +if (*av_scanner_work != 0) continue; return DEFER; } drweb_vnum = ntohl(drweb_vnum); @@ -310,6 +319,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: cannot read report size"); +if (*av_scanner_work != 0) continue; return DEFER; }; drweb_slen = ntohl(drweb_slen); @@ -319,6 +329,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: drweb: cannot read report string"); +if (*av_scanner_work != 0) continue; return DEFER; }; tmpbuf[drweb_slen] = '\0'; @@ -749,7 +760,7 @@ /* no options supplied, use default options */ clamd_options = clamd_options_default; } - + /* socket does not start with '/' -> network socket */ if (*clamd_options != '/') { @@ -757,6 +768,7 @@ if( sscanf(CS clamd_options, "%s %u", hostname, &port) != 2 ) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: invalid socket '%s'", clamd_options); +if (*av_scanner_work != 0) continue; return DEFER; }; @@ -764,6 +776,7 @@ if((he = gethostbyname(CS hostname)) == 0) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: failed to lookup host '%s'", hostname); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -774,6 +787,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: unable to acquire socket (%s)", strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -782,6 +796,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: connection to %s, port %u failed (%s)", inet_ntoa(in), port, strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } } @@ -791,6 +806,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: unable to acquire socket (%s)", strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -802,6 +818,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: unable to connect to UNIX socket %s (%s)", clamd_options, strerror(errno) ); +if (*av_scanner_work != 0) continue; return DEFER; } } @@ -814,6 +831,7 @@ close(sock); log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)", strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -829,12 +847,14 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: unable to read from socket (%s)", strerror(errno)); +if (*av_scanner_work != 0) continue; return DEFER; } if (bread == sizeof(av_buffer)) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: buffer too small"); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -846,6 +866,7 @@ if (!(*av_buffer)) { log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: ClamAV returned null"); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -854,6 +875,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: ClamAV returned malformed result: %s", av_buffer); +if (*av_scanner_work != 0) continue; return DEFER; } @@ -880,6 +902,7 @@ log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: clamd: ClamAV returned %s",vname); +if (*av_scanner_work != 0) continue; return DEFER; } else { @@ -942,7 +965,6 @@ /* ----------------------------------------------------------------------- */ - /* "unknown" scanner type ------------------------------------------------- */ else { log_write(0, LOG_MAIN|LOG_PANIC, @@ -950,11 +972,25 @@ return DEFER; }; /* ----------------------------------------------------------------------- */ - - /* set "been here, done that" marker */ - malware_ok = 1; - }; + /* Add malware name and go out if virus found */ + if( malware_name ) { + Ustrcpy(CS malware_temp_name, CS scanner_name); + Ustrcat(CS malware_temp_name, ": "); + Ustrcat(CS malware_temp_name, CS malware_name); + Ustrcpy(CS malware_name, CS malware_temp_name); + break; + } + + }; /* end of loop */ + + if( mw_cnt == 0 ) { + /* no scanner given */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: av_scanner configuration variable is empty"); + return DEFER; + }; + /* match virus name against pattern (caseless ------->----------v) */ if ( (malware_name != NULL) && (regex_match_and_setup(re, malware_name, 0, -1)) ) {