inotify.cxx

   1 /*
   2  * inoclam - Inotify+ClamAV virus scanner
   3  * Copyright (C) 2007 Vermont Department of Taxes
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program; if not, write to the Free Software
  17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18  *
  19  * Contributor(s):
  20  *   Tom Cort <tom.cort@state.vt.us>
  21  */
  22
  23 #include <errno.h>
  24 #include <idn-int.h>
  25 #include <inotifytools/inotifytools.h>
  26 #include <inotifytools/inotify.h>
  27 #include <libdaemon/dlog.h>
  28 #include <stdlib.h>
  29 #include <string.h>
  30 #include <unistd.h>
  31
  32 #include "clam.hxx"
  33 #include "inotify.hxx"
  34 #include "signal.hxx"
  35 #include "smtp.hxx"
  36
  37 /**
  38  * Grant permission to inoclam to delete infected files by setting this
  39  * to true or false
  40  */
  41 cfg_bool_t virus_removal_enabled;
  42
  43 /**
  44  * Initializes inotify and tells it to 'watch' basedir.
  45  * @param basedir the directory to watch.
  46  * @return 1 for OK, -1 for failure.
  47  */
  48 static int __inotify_init(char *basedir)
  49 {
  50         if (!inotifytools_initialize() || !inotifytools_watch_recursively(basedir, IN_ALL_EVENTS)) {
  51                 daemon_log(LOG_ERR, "(%s:%u) Failed init inotify: %s", __FILE__, __LINE__, strerror(inotifytools_error()));
  52                 return -1;
  53         } else {
  54                 /* daemon_log(LOG_DEBUG, "(%s:%u) init inotify", __FILE__, __LINE__); */
  55                 return 1;
  56         }
  57 }
  58
  59 /**
  60  * Free resources used by inotify
  61  */
  62 static void __inotify_exit()
  63 {
  64         inotifytools_cleanup();
  65 }
  66
  67 /**
  68  * Watch the specified directory for changes and call contains_virus()
  69  * @param basedir the directory to watch.
  70  */
  71 void inotify_main(char *basedir)
  72 {
  73         struct inotify_event *event;
  74         char *filename;
  75         int length;
  76
  77         event = NULL;
  78         filename = NULL;
  79         length = 0;
  80
  81         if (basedir == NULL || __inotify_init(basedir) == -1) {
  82                 exit_now = 1;
  83                 return;
  84         }
  85
  86         daemon_log(LOG_INFO, "(%s:%u) inotify watching '%s'", __FILE__, __LINE__, basedir);
  87
  88         while (!exit_now && (event = inotifytools_next_event(-1))) {
  89                 if (event && event->name && event->wd) {
  90                         length = strlen(inotifytools_filename_from_wd(event->wd)) + strlen(event->name) + 2;
  91                         filename = (char *) malloc(sizeof(char) * length);
  92                         if (!filename) {
  93                                 daemon_log(LOG_ERR, "(%s:%u) malloc() Failed: %s", __FILE__, __LINE__, strerror(errno));
  94                                 exit_now = 1;
  95                                 return;
  96                         }
  97                         memset(filename, '\0', length);
  98
  99                         snprintf(filename, length - 1, "%s%s", inotifytools_filename_from_wd(event->wd), event->name);
 100
 101                         if ((event->mask & (IN_CLOSE_WRITE | IN_MOVED_TO)) && !(event->mask & IN_ISDIR)) {
 102                                 /*
 103                                  * Scan writtable files that are being closed.
 104                                  * Scan files that have been moved to a watched directory.
 105                                  * TODO: run the switch statement and scan in a new thread. (make sure filename is safely free()'d).
 106                                  * TODO: optional e-mail notification when viruses are found.
 107                                  * TODO: make unlink() optional.
 108                                  */
 109                                 switch (contains_virus(filename)) {
 110                                 case 1:
 111                                         /* virus found */
 112                                         if (virus_removal_enabled == cfg_true) {
 113                                                 unlink(filename);
 114                                         }
 115
 116                                         if (smtp_enabled == cfg_true) {
 117                                                 smtp_send(filename);
 118                                         }
 119                                         break;
 120                                 case 0:
 121                                         /* no virus detected */
 122                                         break;
 123                                 default:
 124                                         daemon_log(LOG_ERR, "(%s:%u) Scan Failed", __FILE__, __LINE__);
 125                                         break;
 126                                 }
 127                         } else if ((event->mask & (IN_CREATE | IN_MOVED_TO | IN_DELETE)) && (event->mask & IN_ISDIR)) {
 128                                 /*
 129                                  * If the directory structure has changed, reload the watch list.
 130                                  * Benchmark this to determine if this is too much of a performance hit.
 131                                  */
 132                                 __inotify_exit();
 133                                 __inotify_init(basedir);
 134                         }
 135
 136                         if (filename) {
 137                                 free(filename);
 138                                 filename = NULL;
 139                         }
 140                 }
 141         }
 142
 143         __inotify_exit();
 144 }