summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2009-04-03 13:56:35 +0000
committerRenato Botelho <garga@FreeBSD.org>2009-04-03 13:56:35 +0000
commit4055e65cd4e423c27b0a876e09a747a0529ebb1d (patch)
treefbb774bdc7be0d03b296a06db29412c3236437d7
parentUpdate to 0.201 (diff)
- Mark clamav-milter as BROKEN since it's not working. I updated clamav-devel
to a version that have the fix and won't update it anymore until 0.95.1 is released
-rw-r--r--security/clamav/Makefile1
-rw-r--r--security/clamav/files/patch-clamav-milter-fix372
2 files changed, 373 insertions, 0 deletions
diff --git a/security/clamav/Makefile b/security/clamav/Makefile
index 445667d60ae7..8a6a94b5ab0d 100644
--- a/security/clamav/Makefile
+++ b/security/clamav/Makefile
@@ -132,6 +132,7 @@ CONFIGURE_ARGS+=--without-iconv
.endif
.if defined(WITH_MILTER)
+BROKEN= clamav-milter doesn't work fine on 0.95, clamav-devel already have the fix
USE_RC_SUBR+= clamav-milter
CONF_FILES+= clamav-milter
. if defined(WITH_LDAP) && exists(${LOCALBASE}/lib/libldap.so)
diff --git a/security/clamav/files/patch-clamav-milter-fix b/security/clamav/files/patch-clamav-milter-fix
new file mode 100644
index 000000000000..8da77a178f73
--- /dev/null
+++ b/security/clamav/files/patch-clamav-milter-fix
@@ -0,0 +1,372 @@
+Index: clamav-milter/Makefile.in
+===================================================================
+--- clamav-milter/Makefile.in (revision 4964)
++++ clamav-milter/Makefile.in (working copy)
+@@ -58,10 +58,11 @@
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \
+ $(top_srcdir)/m4/argz.m4 $(top_srcdir)/m4/fdpassing.m4 \
+- $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+- $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltdl.m4 \
+- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
++ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
++ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
++ $(top_srcdir)/m4/ltdl.m4 $(top_srcdir)/m4/ltoptions.m4 \
++ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
++ $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/mmap_private.m4 $(top_srcdir)/m4/resolv.m4 \
+ $(top_srcdir)/configure.in
+ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+Index: clamav-milter/netcode.c
+===================================================================
+--- clamav-milter/netcode.c (revision 4964)
++++ clamav-milter/netcode.c (working copy)
+@@ -129,7 +129,7 @@
+ close(s);
+ return -1;
+ }
+- if (getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
++ if(getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
+ logg("*Failed to establish a connection to clamd\n");
+ close(s);
+ return -1;
+@@ -163,8 +163,6 @@
+ tv.tv_usec = 0;
+ while(1) {
+ fd_set fds;
+- int s_err;
+- socklen_t s_len = sizeof(s_err);
+
+ FD_ZERO(&fds);
+ FD_SET(s, &fds);
+@@ -177,12 +175,10 @@
+ tv.tv_usec = 0;
+ continue;
+ }
+- logg("!Failed stream to clamd\n");
++ logg("!Failed to stream to clamd\n");
+ close(s);
+ return 1;
+ }
+- len-=s_len;
+- buf+=s_len;
+ break;
+ }
+ }
+Index: clamav-milter/whitelist.h
+===================================================================
+--- clamav-milter/whitelist.h (revision 4964)
++++ clamav-milter/whitelist.h (working copy)
+@@ -24,4 +24,6 @@
+ int whitelist_init(const char *fname);
+ void whitelist_free(void);
+ int whitelisted(const char *addr, int from);
++int smtpauth_init(const char *r);
++int smtpauthed(const char *login);
+ #endif
+Index: clamav-milter/clamfi.c
+===================================================================
+--- clamav-milter/clamfi.c (revision 4964)
++++ clamav-milter/clamfi.c (working copy)
+@@ -61,6 +61,7 @@
+ } loginfected;
+
+ #define CLAMFIBUFSZ 1424
++static const char *HDR_UNAVAIL = "UNKNOWN";
+
+ struct CLAMFI {
+ char buffer[CLAMFIBUFSZ];
+@@ -74,6 +75,7 @@
+ unsigned int totsz;
+ unsigned int bufsz;
+ unsigned int all_whitelisted;
++ unsigned int gotbody;
+ };
+
+
+@@ -91,12 +93,15 @@
+ };
+
+
+-void makesanehdr(char *hdr) {
++static const char *makesanehdr(char *hdr) {
++ char *ret = hdr;
++ if(!hdr) return HDR_UNAVAIL;
+ while(*hdr) {
+ if(*hdr=='\'' || *hdr=='\t' || *hdr=='\r' || *hdr=='\n' || !isprint(*hdr))
+ *hdr = ' ';
+ hdr++;
+ }
++ return ret;
+ }
+
+ static void nullify(SMFICTX *ctx, struct CLAMFI *cf, enum CFWHAT closewhat) {
+@@ -113,9 +118,22 @@
+
+
+ static sfsistat sendchunk(struct CLAMFI *cf, unsigned char *bodyp, size_t len, SMFICTX *ctx) {
+- if(cf->totsz >= maxfilesize)
++ if(cf->totsz >= maxfilesize || len == 0)
+ return SMFIS_CONTINUE;
+
++ if(!cf->totsz) {
++ sfsistat ret;
++ if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
++ logg("!Failed to initiate streaming/fdpassing\n");
++ nullify(ctx, cf, CF_NONE);
++ return FailAction;
++ }
++ cf->totsz = 1; /* do not infloop */
++ if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
++ return ret;
++ cf->totsz -= 1;
++ }
++
+ if(cf->totsz + len > maxfilesize)
+ len = maxfilesize - cf->totsz;
+
+@@ -166,35 +184,28 @@
+ if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
+ return SMFIS_CONTINUE; /* whatever */
+
+- if(loginfected == LOGINF_FULL) {
+- if(headerf && !strcasecmp(headerf, "Subject") && !cf->msg_subj)
+- cf->msg_subj = strdup(headerv);
+- if(headerf && !strcasecmp(headerf, "Date") && !cf->msg_date)
+- cf->msg_date = strdup(headerv);
+- if(headerf && !strcasecmp(headerf, "Message-ID") && !cf->msg_id)
+- cf->msg_id = strdup(headerv);
++ if(!cf->totsz && cf->all_whitelisted) {
++ logg("*Skipping scan (all destinations whitelisted)\n");
++ nullify(ctx, cf, CF_NONE);
++ return SMFIS_ACCEPT;
+ }
+
+- if(!cf->totsz) {
+- if(cf->all_whitelisted) {
+- logg("*Skipping scan (all destinations whitelisted)\n");
+- nullify(ctx, cf, CF_NONE);
+- return SMFIS_ACCEPT;
+- }
+- if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
+- logg("!Failed to initiate streaming/fdpassing\n");
+- nullify(ctx, cf, CF_NONE);
+- return FailAction;
+- }
+- if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
+- return ret;
++ if(!headerf) return SMFIS_CONTINUE; /* just in case */
++
++ if(loginfected == LOGINF_FULL) {
++ if(!cf->msg_subj && !strcasecmp(headerf, "Subject"))
++ cf->msg_subj = strdup(headerv ? headerv : "");
++ if(!cf->msg_date && !strcasecmp(headerf, "Date"))
++ cf->msg_date = strdup(headerv ? headerv : "");
++ if(!cf->msg_id && !strcasecmp(headerf, "Message-ID"))
++ cf->msg_id = strdup(headerv ? headerv : "");
+ }
+
+ if((ret = sendchunk(cf, (unsigned char *)headerf, strlen(headerf), ctx)) != SMFIS_CONTINUE)
+ return ret;
+ if((ret = sendchunk(cf, (unsigned char *)": ", 2, ctx)) != SMFIS_CONTINUE)
+ return ret;
+- if((ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
++ if(headerv && (ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
+ return ret;
+ return sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
+ }
+@@ -205,6 +216,14 @@
+
+ if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
+ return SMFIS_CONTINUE; /* whatever */
++
++ if(!cf->gotbody) {
++ sfsistat ret = sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
++ if(ret != SMFIS_CONTINUE)
++ return ret;
++ cf->gotbody = 1;
++ }
++
+ return sendchunk(cf, bodyp, len, ctx);
+ }
+
+@@ -225,6 +244,14 @@
+ if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
+ return SMFIS_CONTINUE; /* whatever */
+
++ if(!cf->totsz) {
++ /* got no headers and no body */
++ logg("*Not scanning an empty message\n");
++ ret = CleanAction(ctx);
++ nullify(ctx, cf, CF_NONE);
++ return ret;
++ }
++
+ if(cf->local) {
+ if(nc_send(cf->main, "nFILDES\n", 8)) {
+ logg("!FD scan request failed\n");
+@@ -286,18 +313,19 @@
+ }
+
+ if(loginfected) {
+- const char *from = smfi_getsymval(ctx, "{mail_addr}"), *to = smfi_getsymval(ctx, "{rcpt_addr}");
+-
+- if(!from) from = "UNKNOWN";
+- if(!to) to = "UNKNOWN";
+-
++ const char *from = smfi_getsymval(ctx, "{mail_addr}");
++ const char *to = smfi_getsymval(ctx, "{rcpt_addr}");
++
++ if(!from) from = HDR_UNAVAIL;
++ if(!to) to = HDR_UNAVAIL;
+ if(loginfected == LOGINF_FULL) {
+ const char *id = smfi_getsymval(ctx, "{i}");
++ const char *msg_subj = makesanehdr(cf->msg_subj);
++ const char *msg_date = makesanehdr(cf->msg_date);
++ const char *msg_id = makesanehdr(cf->msg_id);
+
+- makesanehdr(cf->msg_subj);
+- makesanehdr(cf->msg_date);
+- makesanehdr(cf->msg_id);
+- logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id ? id : "UNKNOWN", from, to, cf->msg_subj, cf->msg_id, cf->msg_date, vir);
++ if(!id) id = HDR_UNAVAIL;
++ logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id, from, to, msg_subj, msg_id, msg_date, vir);
+ } else logg("~Message from <%s> to <%s> infected by %s\n", from, to, vir);
+ }
+ }
+@@ -504,12 +532,18 @@
+
+ sfsistat clamfi_envfrom(SMFICTX *ctx, char **argv) {
+ struct CLAMFI *cf;
++ const char *login = smfi_getsymval(ctx, "{auth_authen}");
+
++ if(login && smtpauthed(login)) {
++ logg("*Skipping scan for authenticated user %s\n", login);
++ return SMFIS_ACCEPT;
++ }
++
+ if(whitelisted(argv[0], 1)) {
+ logg("*Skipping scan for %s (whitelisted from)\n", argv[0]);
+ return SMFIS_ACCEPT;
+ }
+-
++
+ if(!(cf = (struct CLAMFI *)malloc(sizeof(*cf)))) {
+ logg("!Failed to allocate CLAMFI struct\n");
+ return FailAction;
+@@ -518,6 +552,7 @@
+ cf->bufsz = 0;
+ cf->main = cf->alt = -1;
+ cf->all_whitelisted = 1;
++ cf->gotbody = 0;
+ cf->msg_subj = cf->msg_date = cf->msg_id = NULL;
+ smfi_setpriv(ctx, (void *)cf);
+
+Index: clamav-milter/whitelist.c
+===================================================================
+--- clamav-milter/whitelist.c (revision 4964)
++++ clamav-milter/whitelist.c (working copy)
+@@ -25,8 +25,8 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <sys/types.h>
+-#include <regex.h>
+
++#include "libclamav/regex/regex.h"
+ #include "shared/output.h"
+ #include "whitelist.h"
+
+@@ -38,17 +38,20 @@
+ struct WHLST *wfrom = NULL;
+ struct WHLST *wto = NULL;
+
++int skipauth = 0;
++regex_t authreg;
++
+ void whitelist_free(void) {
+ struct WHLST *w;
+ while(wfrom) {
+ w = wfrom->next;
+- regfree(&wfrom->preg);
++ cli_regfree(&wfrom->preg);
+ free(wfrom);
+ wfrom = w;
+ }
+ while(wto) {
+ w = wto->next;
+- regfree(&wto->preg);
++ cli_regfree(&wto->preg);
+ free(wto);
+ wto = w;
+ }
+@@ -85,14 +88,14 @@
+ }
+ if(!len) continue;
+ if (!(w = (struct WHLST *)malloc(sizeof(*w)))) {
+- logg("!Out of memory loading whitelist\n");
++ logg("!Out of memory loading whitelist file\n");
+ whitelist_free();
+ return 1;
+ }
+ w->next = (*addto);
+ (*addto) = w;
+- if (regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
+- logg("!Failed to compile regex '%s'\n", ptr);
++ if (cli_regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
++ logg("!Failed to compile regex '%s' in whitelist file\n", ptr);
+ whitelist_free();
+ return 1;
+ }
+@@ -108,7 +111,7 @@
+ else w = wto;
+
+ while(w) {
+- if(!regexec(&w->preg, addr, 0, NULL, 0))
++ if(!cli_regexec(&w->preg, addr, 0, NULL, 0))
+ return 1;
+ w = w->next;
+ }
+@@ -116,6 +119,23 @@
+ }
+
+
++int smtpauth_init(const char *r) {
++ if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) {
++ logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r);
++ return 1;
++ }
++ skipauth = 1;
++ return 0;
++}
++
++
++int smtpauthed(const char *login) {
++ if(skipauth && !cli_regexec(&authreg, login, 0, NULL, 0))
++ return 1;
++ return 0;
++}
++
++
+ /*
+ * Local Variables:
+ * mode: c
+Index: clamav-milter/clamav-milter.c
+===================================================================
+--- clamav-milter/clamav-milter.c (revision 4964)
++++ clamav-milter/clamav-milter.c (working copy)
+@@ -211,6 +211,14 @@
+ return 1;
+ }
+
++ if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) {
++ localnets_free();
++ whitelist_free();
++ logg_close();
++ optfree(opts);
++ return 1;
++ }
++
+ if(optget(opts, "AddHeader")->enabled) {
+ char myname[255];
+