2 * inoclam - Inotify+ClamAV virus scanner
3 * Copyright (C) 2007 Vermont Department of Taxes
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Tom Cort <tom.cort@state.vt.us>
28 #include <libdaemon/dlog.h>
32 #include "monitor.hxx"
36 * A lock used to serialize access to the engine. Serialized access is
37 * needed to keep clam_refresh() from changing the engine while
38 * contains_virus() is using it.
40 * @see contains_virus()
42 pthread_mutex_t engine_lock
;
45 * Thread attributes used by the clam_refresh() thread. This is
46 * a global so that main() can free them when its cleaning up.
53 * Multiple threads are using and altering "engine".
54 * Use the engine_lock to prevent concurrency issues.
56 struct cl_engine
*engine
= NULL
;
59 * Load the virus definition files and prepare the engine.
63 unsigned int sigs
= 0;
68 memset(&engine_lock
, '\0', sizeof(pthread_mutex_t
));
69 pthread_mutex_init(&engine_lock
, 0);
71 pthread_mutex_lock(&engine_lock
);
73 /* Load virus definition files */
74 ret
= cl_load(cl_retdbdir(), &engine
, &sigs
, CL_DB_STDOPT
);
75 if (CL_SUCCESS
!= ret
) {
76 pthread_mutex_unlock(&engine_lock
);
77 daemon_log(LOG_ERR
, "cl_load() error: %s", cl_strerror(ret
));
82 daemon_log(LOG_INFO
, "Virus definitions loaded (%d signatures).", sigs
);
84 /* prepare the detection engine */
85 ret
= cl_build(engine
);
86 if (CL_SUCCESS
!= ret
) {
87 pthread_mutex_unlock(&engine_lock
);
88 daemon_log(LOG_ERR
, "cl_build() error: %s", cl_strerror(ret
));
94 daemon_log(LOG_INFO
, "Virus detection engine ready.");
95 pthread_mutex_unlock(&engine_lock
);
98 pthread_attr_init(&ta
);
99 pthread_attr_setdetachstate(&ta
, PTHREAD_CREATE_DETACHED
);
100 ret
= pthread_create(&tt
, &ta
, (void *(*)(void *)) clam_refresh
, (void *) NULL
);
103 daemon_log(LOG_ERR
, "Can't create clam_refresh thread: %s", strerror(errno
));
108 * Thread that reloads virus definitions as needed
114 struct cl_stat dbstat
;
116 memset(&dbstat
, 0, sizeof(struct cl_stat
));
117 cl_statinidir(cl_retdbdir(), &dbstat
);
120 if (cl_statchkdir(&dbstat
) == 1) {
121 struct cl_engine
*tmp_engine
= NULL
;
122 struct cl_engine
*old_engine
= NULL
;
124 daemon_log(LOG_INFO
, "Reloading new virus definitions");
126 /* TODO: make options configurable. */
127 /* For example: enable/disable CL_DB_NCORE, CL_DB_PHISHING_URLS, etc. */
129 /* Load virus definition files */
130 ret
= cl_load(cl_retdbdir(), &tmp_engine
, &sigs
, CL_DB_STDOPT
);
131 if (CL_SUCCESS
!= ret
) {
132 daemon_log(LOG_ERR
, "cl_load() error: %s", cl_strerror(ret
));
137 daemon_log(LOG_INFO
, "Virus definitions loaded (%d signatures).", sigs
);
139 /* prepare the detection engine */
140 ret
= cl_build(tmp_engine
);
141 if (CL_SUCCESS
!= ret
) {
142 daemon_log(LOG_ERR
, "cl_build() error: %s", cl_strerror(ret
));
148 /* Swap tmp_engine and engine, free resources from old engine */
149 pthread_mutex_lock(&engine_lock
);
153 daemon_log(LOG_INFO
, "Virus detection engine ready.");
154 pthread_mutex_unlock(&engine_lock
);
159 cl_statfree(&dbstat
);
160 memset(&dbstat
, 0, sizeof(struct cl_stat
));
161 cl_statinidir(cl_retdbdir(), &dbstat
);
167 cl_statfree(&dbstat
);
170 /* pthread_exit(NULL);
175 * Scans a file for virus.
176 * @return -1 Error || 0 No Virus || +1 Virus Found
178 int contains_virus(char *filename
)
181 struct cl_limits limits
;
184 pthread_mutex_lock(&engine_lock
);
186 memset(&limits
, 0, sizeof(struct cl_limits
));
188 limits
.maxfilesize
= 10 * 1048576;
189 limits
.maxreclevel
= 1;
190 limits
.maxmailrec
= 1;
191 limits
.maxratio
= 200;
193 /* TODO: make options configurable. */
194 /* For example: enable/disable CL_SCAN_BLOCKENCRYPTED, CL_SCAN_BLOCKMAX, CL_SCAN_OLE2, etc. */
196 ret
= cl_scanfile(filename
, &virname
, NULL
, engine
, &limits
, CL_SCAN_STDOPT
);
197 if (CL_VIRUS
== ret
) {
198 pthread_mutex_unlock(&engine_lock
);
199 daemon_log(LOG_INFO
, "%s: %s FOUND", filename
, virname
);
201 } else if (CL_CLEAN
== ret
) {
202 pthread_mutex_unlock(&engine_lock
);
203 daemon_log(LOG_INFO
, "%s: OK", filename
);
206 pthread_mutex_unlock(&engine_lock
);
207 daemon_log(LOG_ERR
, "Scan Error: %s (%s)", cl_strerror(ret
), filename
);
213 * Free resources used by the engine.
217 pthread_mutex_lock(&engine_lock
);
224 pthread_mutex_unlock(&engine_lock
);