diff options
author | Renato Botelho <garga@FreeBSD.org> | 2009-04-03 13:56:35 +0000 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2009-04-03 13:56:35 +0000 |
commit | 4055e65cd4e423c27b0a876e09a747a0529ebb1d (patch) | |
tree | fbb774bdc7be0d03b296a06db29412c3236437d7 | |
parent | Update to 0.201 (diff) |
- Mark clamav-milter as BROKEN since it's not working. I updated clamav-devel
to a version that have the fix and won't update it anymore until 0.95.1 is
released
-rw-r--r-- | security/clamav/Makefile | 1 | ||||
-rw-r--r-- | security/clamav/files/patch-clamav-milter-fix | 372 |
2 files changed, 373 insertions, 0 deletions
diff --git a/security/clamav/Makefile b/security/clamav/Makefile index 445667d60ae7..8a6a94b5ab0d 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -132,6 +132,7 @@ CONFIGURE_ARGS+=--without-iconv .endif .if defined(WITH_MILTER) +BROKEN= clamav-milter doesn't work fine on 0.95, clamav-devel already have the fix USE_RC_SUBR+= clamav-milter CONF_FILES+= clamav-milter . if defined(WITH_LDAP) && exists(${LOCALBASE}/lib/libldap.so) diff --git a/security/clamav/files/patch-clamav-milter-fix b/security/clamav/files/patch-clamav-milter-fix new file mode 100644 index 000000000000..8da77a178f73 --- /dev/null +++ b/security/clamav/files/patch-clamav-milter-fix @@ -0,0 +1,372 @@ +Index: clamav-milter/Makefile.in +=================================================================== +--- clamav-milter/Makefile.in (revision 4964) ++++ clamav-milter/Makefile.in (working copy) +@@ -58,10 +58,11 @@ + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/argz.m4 $(top_srcdir)/m4/fdpassing.m4 \ +- $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ +- $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltdl.m4 \ +- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ +- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ ++ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ ++ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ ++ $(top_srcdir)/m4/ltdl.m4 $(top_srcdir)/m4/ltoptions.m4 \ ++ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ ++ $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/mmap_private.m4 $(top_srcdir)/m4/resolv.m4 \ + $(top_srcdir)/configure.in + am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ +Index: clamav-milter/netcode.c +=================================================================== +--- clamav-milter/netcode.c (revision 4964) ++++ clamav-milter/netcode.c (working copy) +@@ -129,7 +129,7 @@ + close(s); + return -1; + } +- if (getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) { ++ if(getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) { + logg("*Failed to establish a connection to clamd\n"); + close(s); + return -1; +@@ -163,8 +163,6 @@ + tv.tv_usec = 0; + while(1) { + fd_set fds; +- int s_err; +- socklen_t s_len = sizeof(s_err); + + FD_ZERO(&fds); + FD_SET(s, &fds); +@@ -177,12 +175,10 @@ + tv.tv_usec = 0; + continue; + } +- logg("!Failed stream to clamd\n"); ++ logg("!Failed to stream to clamd\n"); + close(s); + return 1; + } +- len-=s_len; +- buf+=s_len; + break; + } + } +Index: clamav-milter/whitelist.h +=================================================================== +--- clamav-milter/whitelist.h (revision 4964) ++++ clamav-milter/whitelist.h (working copy) +@@ -24,4 +24,6 @@ + int whitelist_init(const char *fname); + void whitelist_free(void); + int whitelisted(const char *addr, int from); ++int smtpauth_init(const char *r); ++int smtpauthed(const char *login); + #endif +Index: clamav-milter/clamfi.c +=================================================================== +--- clamav-milter/clamfi.c (revision 4964) ++++ clamav-milter/clamfi.c (working copy) +@@ -61,6 +61,7 @@ + } loginfected; + + #define CLAMFIBUFSZ 1424 ++static const char *HDR_UNAVAIL = "UNKNOWN"; + + struct CLAMFI { + char buffer[CLAMFIBUFSZ]; +@@ -74,6 +75,7 @@ + unsigned int totsz; + unsigned int bufsz; + unsigned int all_whitelisted; ++ unsigned int gotbody; + }; + + +@@ -91,12 +93,15 @@ + }; + + +-void makesanehdr(char *hdr) { ++static const char *makesanehdr(char *hdr) { ++ char *ret = hdr; ++ if(!hdr) return HDR_UNAVAIL; + while(*hdr) { + if(*hdr=='\'' || *hdr=='\t' || *hdr=='\r' || *hdr=='\n' || !isprint(*hdr)) + *hdr = ' '; + hdr++; + } ++ return ret; + } + + static void nullify(SMFICTX *ctx, struct CLAMFI *cf, enum CFWHAT closewhat) { +@@ -113,9 +118,22 @@ + + + static sfsistat sendchunk(struct CLAMFI *cf, unsigned char *bodyp, size_t len, SMFICTX *ctx) { +- if(cf->totsz >= maxfilesize) ++ if(cf->totsz >= maxfilesize || len == 0) + return SMFIS_CONTINUE; + ++ if(!cf->totsz) { ++ sfsistat ret; ++ if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) { ++ logg("!Failed to initiate streaming/fdpassing\n"); ++ nullify(ctx, cf, CF_NONE); ++ return FailAction; ++ } ++ cf->totsz = 1; /* do not infloop */ ++ if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE) ++ return ret; ++ cf->totsz -= 1; ++ } ++ + if(cf->totsz + len > maxfilesize) + len = maxfilesize - cf->totsz; + +@@ -166,35 +184,28 @@ + if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx))) + return SMFIS_CONTINUE; /* whatever */ + +- if(loginfected == LOGINF_FULL) { +- if(headerf && !strcasecmp(headerf, "Subject") && !cf->msg_subj) +- cf->msg_subj = strdup(headerv); +- if(headerf && !strcasecmp(headerf, "Date") && !cf->msg_date) +- cf->msg_date = strdup(headerv); +- if(headerf && !strcasecmp(headerf, "Message-ID") && !cf->msg_id) +- cf->msg_id = strdup(headerv); ++ if(!cf->totsz && cf->all_whitelisted) { ++ logg("*Skipping scan (all destinations whitelisted)\n"); ++ nullify(ctx, cf, CF_NONE); ++ return SMFIS_ACCEPT; + } + +- if(!cf->totsz) { +- if(cf->all_whitelisted) { +- logg("*Skipping scan (all destinations whitelisted)\n"); +- nullify(ctx, cf, CF_NONE); +- return SMFIS_ACCEPT; +- } +- if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) { +- logg("!Failed to initiate streaming/fdpassing\n"); +- nullify(ctx, cf, CF_NONE); +- return FailAction; +- } +- if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE) +- return ret; ++ if(!headerf) return SMFIS_CONTINUE; /* just in case */ ++ ++ if(loginfected == LOGINF_FULL) { ++ if(!cf->msg_subj && !strcasecmp(headerf, "Subject")) ++ cf->msg_subj = strdup(headerv ? headerv : ""); ++ if(!cf->msg_date && !strcasecmp(headerf, "Date")) ++ cf->msg_date = strdup(headerv ? headerv : ""); ++ if(!cf->msg_id && !strcasecmp(headerf, "Message-ID")) ++ cf->msg_id = strdup(headerv ? headerv : ""); + } + + if((ret = sendchunk(cf, (unsigned char *)headerf, strlen(headerf), ctx)) != SMFIS_CONTINUE) + return ret; + if((ret = sendchunk(cf, (unsigned char *)": ", 2, ctx)) != SMFIS_CONTINUE) + return ret; +- if((ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE) ++ if(headerv && (ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE) + return ret; + return sendchunk(cf, (unsigned char *)"\r\n", 2, ctx); + } +@@ -205,6 +216,14 @@ + + if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx))) + return SMFIS_CONTINUE; /* whatever */ ++ ++ if(!cf->gotbody) { ++ sfsistat ret = sendchunk(cf, (unsigned char *)"\r\n", 2, ctx); ++ if(ret != SMFIS_CONTINUE) ++ return ret; ++ cf->gotbody = 1; ++ } ++ + return sendchunk(cf, bodyp, len, ctx); + } + +@@ -225,6 +244,14 @@ + if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx))) + return SMFIS_CONTINUE; /* whatever */ + ++ if(!cf->totsz) { ++ /* got no headers and no body */ ++ logg("*Not scanning an empty message\n"); ++ ret = CleanAction(ctx); ++ nullify(ctx, cf, CF_NONE); ++ return ret; ++ } ++ + if(cf->local) { + if(nc_send(cf->main, "nFILDES\n", 8)) { + logg("!FD scan request failed\n"); +@@ -286,18 +313,19 @@ + } + + if(loginfected) { +- const char *from = smfi_getsymval(ctx, "{mail_addr}"), *to = smfi_getsymval(ctx, "{rcpt_addr}"); +- +- if(!from) from = "UNKNOWN"; +- if(!to) to = "UNKNOWN"; +- ++ const char *from = smfi_getsymval(ctx, "{mail_addr}"); ++ const char *to = smfi_getsymval(ctx, "{rcpt_addr}"); ++ ++ if(!from) from = HDR_UNAVAIL; ++ if(!to) to = HDR_UNAVAIL; + if(loginfected == LOGINF_FULL) { + const char *id = smfi_getsymval(ctx, "{i}"); ++ const char *msg_subj = makesanehdr(cf->msg_subj); ++ const char *msg_date = makesanehdr(cf->msg_date); ++ const char *msg_id = makesanehdr(cf->msg_id); + +- makesanehdr(cf->msg_subj); +- makesanehdr(cf->msg_date); +- makesanehdr(cf->msg_id); +- logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id ? id : "UNKNOWN", from, to, cf->msg_subj, cf->msg_id, cf->msg_date, vir); ++ if(!id) id = HDR_UNAVAIL; ++ logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id, from, to, msg_subj, msg_id, msg_date, vir); + } else logg("~Message from <%s> to <%s> infected by %s\n", from, to, vir); + } + } +@@ -504,12 +532,18 @@ + + sfsistat clamfi_envfrom(SMFICTX *ctx, char **argv) { + struct CLAMFI *cf; ++ const char *login = smfi_getsymval(ctx, "{auth_authen}"); + ++ if(login && smtpauthed(login)) { ++ logg("*Skipping scan for authenticated user %s\n", login); ++ return SMFIS_ACCEPT; ++ } ++ + if(whitelisted(argv[0], 1)) { + logg("*Skipping scan for %s (whitelisted from)\n", argv[0]); + return SMFIS_ACCEPT; + } +- ++ + if(!(cf = (struct CLAMFI *)malloc(sizeof(*cf)))) { + logg("!Failed to allocate CLAMFI struct\n"); + return FailAction; +@@ -518,6 +552,7 @@ + cf->bufsz = 0; + cf->main = cf->alt = -1; + cf->all_whitelisted = 1; ++ cf->gotbody = 0; + cf->msg_subj = cf->msg_date = cf->msg_id = NULL; + smfi_setpriv(ctx, (void *)cf); + +Index: clamav-milter/whitelist.c +=================================================================== +--- clamav-milter/whitelist.c (revision 4964) ++++ clamav-milter/whitelist.c (working copy) +@@ -25,8 +25,8 @@ + #include <stdio.h> + #include <string.h> + #include <sys/types.h> +-#include <regex.h> + ++#include "libclamav/regex/regex.h" + #include "shared/output.h" + #include "whitelist.h" + +@@ -38,17 +38,20 @@ + struct WHLST *wfrom = NULL; + struct WHLST *wto = NULL; + ++int skipauth = 0; ++regex_t authreg; ++ + void whitelist_free(void) { + struct WHLST *w; + while(wfrom) { + w = wfrom->next; +- regfree(&wfrom->preg); ++ cli_regfree(&wfrom->preg); + free(wfrom); + wfrom = w; + } + while(wto) { + w = wto->next; +- regfree(&wto->preg); ++ cli_regfree(&wto->preg); + free(wto); + wto = w; + } +@@ -85,14 +88,14 @@ + } + if(!len) continue; + if (!(w = (struct WHLST *)malloc(sizeof(*w)))) { +- logg("!Out of memory loading whitelist\n"); ++ logg("!Out of memory loading whitelist file\n"); + whitelist_free(); + return 1; + } + w->next = (*addto); + (*addto) = w; +- if (regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) { +- logg("!Failed to compile regex '%s'\n", ptr); ++ if (cli_regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) { ++ logg("!Failed to compile regex '%s' in whitelist file\n", ptr); + whitelist_free(); + return 1; + } +@@ -108,7 +111,7 @@ + else w = wto; + + while(w) { +- if(!regexec(&w->preg, addr, 0, NULL, 0)) ++ if(!cli_regexec(&w->preg, addr, 0, NULL, 0)) + return 1; + w = w->next; + } +@@ -116,6 +119,23 @@ + } + + ++int smtpauth_init(const char *r) { ++ if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) { ++ logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r); ++ return 1; ++ } ++ skipauth = 1; ++ return 0; ++} ++ ++ ++int smtpauthed(const char *login) { ++ if(skipauth && !cli_regexec(&authreg, login, 0, NULL, 0)) ++ return 1; ++ return 0; ++} ++ ++ + /* + * Local Variables: + * mode: c +Index: clamav-milter/clamav-milter.c +=================================================================== +--- clamav-milter/clamav-milter.c (revision 4964) ++++ clamav-milter/clamav-milter.c (working copy) +@@ -211,6 +211,14 @@ + return 1; + } + ++ if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) { ++ localnets_free(); ++ whitelist_free(); ++ logg_close(); ++ optfree(opts); ++ return 1; ++ } ++ + if(optget(opts, "AddHeader")->enabled) { + char myname[255]; + |