2 * inoclam - Inotify+ClamAV virus scanner
3 * Copyright (C) 2007 Vermont Department of Taxes
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Tom Cort <tom.cort@state.vt.us>
25 #include <inotifytools/inotifytools.h>
26 #include <inotifytools/inotify.h>
27 #include <libdaemon/dlog.h>
33 #include "inotify.hxx"
38 * Grant permission to inoclam to delete infected files by setting this
41 cfg_bool_t virus_removal_enabled
;
44 * Initializes inotify and tells it to 'watch' basedir.
45 * @param basedir the directory to watch.
46 * @return 1 for OK, -1 for failure.
48 static int __inotify_init(char *basedir
)
50 if (!inotifytools_initialize() || !inotifytools_watch_recursively(basedir
, IN_ALL_EVENTS
)) {
51 daemon_log(LOG_ERR
, "(%s:%u) Failed init inotify: %s", __FILE__
, __LINE__
, strerror(inotifytools_error()));
54 /* daemon_log(LOG_DEBUG, "(%s:%u) init inotify", __FILE__, __LINE__); */
60 * Free resources used by inotify
62 static void __inotify_exit()
64 inotifytools_cleanup();
68 * Watch the specified directory for changes and call contains_virus()
69 * @param basedir the directory to watch.
71 void inotify_main(char *basedir
)
73 struct inotify_event
*event
;
81 if (basedir
== NULL
|| __inotify_init(basedir
) == -1) {
86 daemon_log(LOG_INFO
, "(%s:%u) inotify watching '%s'", __FILE__
, __LINE__
, basedir
);
88 while (!exit_now
&& (event
= inotifytools_next_event(-1))) {
89 if (event
&& event
->name
&& event
->wd
) {
90 length
= strlen(inotifytools_filename_from_wd(event
->wd
)) + strlen(event
->name
) + 2;
91 filename
= (char *) malloc(sizeof(char) * length
);
93 daemon_log(LOG_ERR
, "(%s:%u) malloc() Failed: %s", __FILE__
, __LINE__
, strerror(errno
));
97 memset(filename
, '\0', length
);
99 snprintf(filename
, length
- 1, "%s%s", inotifytools_filename_from_wd(event
->wd
), event
->name
);
101 if ((event
->mask
& (IN_CLOSE_WRITE
| IN_MOVED_TO
)) && !(event
->mask
& IN_ISDIR
)) {
103 * Scan writtable files that are being closed.
104 * Scan files that have been moved to a watched directory.
105 * TODO: run the switch statement and scan in a new thread. (make sure filename is safely free()'d).
106 * TODO: optional e-mail notification when viruses are found.
107 * TODO: make unlink() optional.
109 switch (contains_virus(filename
)) {
112 if (virus_removal_enabled
== cfg_true
) {
116 if (smtp_enabled
== cfg_true
) {
121 /* no virus detected */
124 daemon_log(LOG_ERR
, "(%s:%u) Scan Failed", __FILE__
, __LINE__
);
127 } else if ((event
->mask
& (IN_CREATE
| IN_MOVED_TO
| IN_DELETE
)) && (event
->mask
& IN_ISDIR
)) {
129 * If the directory structure has changed, reload the watch list.
130 * Benchmark this to determine if this is too much of a performance hit.
133 __inotify_init(basedir
);