src/clam.cxx

   1 /*
   2  * inoclam - Inotify+ClamAV virus scanner
   3  * Copyright (C) 2007 Vermont Department of Taxes
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program; if not, write to the Free Software
  16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  17  *
  18  * Contributor(s):
  19  *   Tom Cort <tom.cort@state.vt.us>
  20  *   Matt Gagne <matt.gagne@state.vt.us>
  21  */
  22
  23 #include <unistd.h>
  24 #include <clamav.h>
  25 #include <errno.h>
  26 #include <stdio.h>
  27 #include <stdlib.h>
  28 #include <string.h>
  29 #include <libdaemon/dlog.h>
  30 #include <pthread.h>
  31 #include "clam.hxx"
  32 #include "inoclam.hxx"
  33 #include "monitor.hxx"
  34 #include "signal.hxx"
  35 #include "smtp.hxx"
  36 #include "config.hxx"
  37
  38 #include <string>
  39
  40 /**
  41  * Thread that reloads virus definitions as needed
  42  */
  43 void *clam_refresh(void *v)
  44 {
  45         unsigned int sigs;
  46         int ret;
  47         struct cl_stat dbstat;
  48
  49         clam *clamav;
  50         clamav = (clam *) v;
  51
  52         memset(&dbstat, 0, sizeof(struct cl_stat));
  53         cl_statinidir(cl_retdbdir(), &dbstat);
  54
  55         do {
  56                 if (cl_statchkdir(&dbstat) == 1) {
  57                         struct cl_engine *tmp_engine = NULL;
  58                         struct cl_engine *old_engine = NULL;
  59
  60                         daemon_log(LOG_INFO, "Reloading new virus definitions");
  61
  62                         /* TODO: make options configurable. */
  63                         /* For example: enable/disable CL_DB_NCORE, CL_DB_PHISHING_URLS, etc. */
  64
  65                         /* Load virus definition files */
  66                         ret = cl_load(cl_retdbdir(), &tmp_engine, &sigs, CL_DB_STDOPT);
  67                         if (CL_SUCCESS != ret) {
  68                                 daemon_log(LOG_ERR, "cl_load() error: %s", cl_strerror(ret));
  69                                 tmp_engine = NULL;
  70                                 continue;
  71                         }
  72
  73                         daemon_log(LOG_INFO, "Virus definitions loaded (%d signatures).", sigs);
  74
  75                         /* prepare the detection engine */
  76                         ret = cl_build(tmp_engine);
  77                         if (CL_SUCCESS != ret) {
  78                                 daemon_log(LOG_ERR, "cl_build() error: %s", cl_strerror(ret));
  79                                 cl_free(tmp_engine);
  80                                 tmp_engine = NULL;
  81                                 continue;
  82                         }
  83
  84                         /* Swap tmp_engine and engine, free resources from old engine */
  85                         pthread_mutex_lock(&(clamav->engine_lock));
  86                         old_engine = clamav->engine;
  87                         clamav->engine = tmp_engine;
  88                         tmp_engine = NULL;
  89                         daemon_log(LOG_INFO, "Virus detection engine ready.");
  90                         pthread_mutex_unlock(&(clamav->engine_lock));
  91
  92                         cl_free(old_engine);
  93                         old_engine = NULL;
  94
  95                         cl_statfree(&dbstat);
  96                         memset(&dbstat, 0, sizeof(struct cl_stat));
  97                         cl_statinidir(cl_retdbdir(), &dbstat);
  98                 }
  99
 100                 sleep(5);
 101         } while (!exit_now);
 102
 103         cl_statfree(&dbstat);
 104
 105         monitor_dec();
 106         clamav->refresh_thread_alive = false;
 107         return NULL;
 108 }
 109
 110 /**
 111  * Load the virus definition files and prepare the engine.
 112  */
 113 clam::clam()
 114 {
 115         unsigned int sigs = 0;
 116         int ret;
 117
 118         pthread_t tt;
 119
 120         engine = NULL;
 121         refresh_thread_alive = false;
 122
 123         memset(&engine_lock, '\0', sizeof(pthread_mutex_t));
 124         pthread_mutex_init(&engine_lock, 0);
 125         pthread_mutex_lock(&engine_lock);
 126
 127         /* Load virus definition files */
 128         ret = cl_load(cl_retdbdir(), &engine, &sigs, CL_DB_STDOPT);
 129         if (CL_SUCCESS != ret) {
 130                 pthread_mutex_unlock(&engine_lock);
 131                 daemon_log(LOG_ERR, "cl_load() error: %s", cl_strerror(ret));
 132                 engine = NULL;
 133                 return;
 134         }
 135
 136         daemon_log(LOG_INFO, "Virus definitions loaded (%d signatures).", sigs);
 137
 138         /* prepare the detection engine */
 139         ret = cl_build(engine);
 140         if (CL_SUCCESS != ret) {
 141                 pthread_mutex_unlock(&engine_lock);
 142                 daemon_log(LOG_ERR, "cl_build() error: %s", cl_strerror(ret));
 143                 cl_free(engine);
 144                 engine = NULL;
 145                 return;
 146         }
 147
 148         daemon_log(LOG_INFO, "Virus detection engine ready.");
 149         pthread_mutex_unlock(&engine_lock);
 150
 151         refresh_thread_alive = true;
 152         monitor_inc();
 153         pthread_attr_init(&ta);
 154         pthread_attr_setdetachstate(&ta, PTHREAD_CREATE_DETACHED);
 155         ret = pthread_create(&tt, &ta, clam_refresh, (void *) this);
 156         if (ret) {
 157                 refresh_thread_alive = false;
 158                 monitor_dec();
 159                 daemon_log(LOG_ERR, "Can't create clam_refresh thread: %s", strerror(errno));
 160         }
 161 }
 162
 163 /**
 164  * Scans a file for virus.
 165  * @return -1 Error || 0 No Virus || +1 Virus Found
 166  */
 167 int clam::clam_scan(std::string * filename, config * conf)
 168 {
 169         int ret;
 170         struct cl_limits limits;
 171         const char *virname;
 172
 173         pthread_mutex_lock(&engine_lock);
 174
 175         memset(&limits, 0, sizeof(struct cl_limits));
 176         limits.maxfiles = 1;
 177         limits.maxfilesize = 10 * 1048576;
 178         limits.maxreclevel = 1;
 179         limits.maxmailrec = 1;
 180         limits.maxratio = 200;
 181
 182         /* TODO: make options configurable. */
 183         /* For example: enable/disable CL_SCAN_BLOCKENCRYPTED, CL_SCAN_BLOCKMAX, CL_SCAN_OLE2, etc. */
 184
 185         ret = cl_scanfile(filename->c_str(), &virname, NULL, engine, &limits, CL_SCAN_STDOPT);
 186         if (CL_VIRUS == ret) {
 187                 int file_removed = 0;
 188
 189                 pthread_mutex_unlock(&engine_lock);
 190                 daemon_log(LOG_INFO, "%s: %s FOUND", filename->c_str(), virname);
 191
 192                 if (conf->getVirusRemovalEnabled() == cfg_true) {
 193                         int rc;
 194                         rc = unlink(filename->c_str());
 195                         if (rc == 0) {
 196                                 file_removed = 1;
 197                         } else {
 198                                 daemon_log(LOG_ERR, "unlink failed for '%s': %s", filename->c_str(), strerror(errno));
 199                         }
 200                 }
 201
 202                 if (conf->getVirusEMailEnabled() == cfg_true) {
 203                         /* Sample Message:
 204                          * "File: <filename>\n"
 205                          * "Virus: <virname>\n"
 206                          * "Date: Thu, 28 Jun 2001 14:17:15 +0000\n"
 207                          * "Deleted: <Yes|No>\n"
 208                          * "\n"
 209                          * " (o_   Powered by: inoclam v1.0 (Bender)\n"
 210                          * " //\   Homepage:   http://www.inoclam.org/\n"
 211                          * " V_/_  Author:     Vermont Department of Taxes\n"
 212                          */
 213
 214                         std::string * smtp_body;
 215                         smtp_body = new std::string();
 216                         smtp_body->append("File: ");
 217                         smtp_body->append(filename->c_str());
 218                         smtp_body->append("\n");
 219
 220                         std::string * vname;
 221                         vname = new std::string(virname);
 222                         smtp_body->append("Virus: ");
 223                         smtp_body->append(vname->c_str());
 224                         smtp_body->append("\n");
 225                         delete vname;
 226
 227                         std::string * tstamp;
 228                         tstamp = smtp_get_timestamp();
 229                         if (!tstamp) {
 230                                 return -1;
 231                         }
 232                         smtp_body->append("Date: ");
 233                         smtp_body->append(tstamp->c_str());
 234                         smtp_body->append("\n");
 235                         delete tstamp;
 236
 237                         smtp_body->append("Deleted: ");
 238
 239                         std::string * rmstatus;
 240
 241                         if (file_removed == 1) {
 242                                 rmstatus = new std::string("Yes");
 243                         } else {
 244                                 rmstatus = new std::string("No");
 245                         }
 246
 247                         smtp_body->append(rmstatus->c_str());
 248                         delete rmstatus;
 249
 250                         smtp_body->append("\n\n");
 251
 252                         std::string * banner;
 253                         banner = smtp_get_banner();
 254                         smtp_body->append(banner->c_str());
 255                         delete banner;
 256
 257                         smtp_send(conf->getVirusEMailSubject(), smtp_body, conf);
 258
 259                         delete smtp_body;       /* Clean up email string */
 260                 }
 261
 262                 return 1;
 263         } else if (CL_CLEAN == ret) {
 264                 pthread_mutex_unlock(&engine_lock);
 265                 daemon_log(LOG_INFO, "%s: OK", filename->c_str());
 266                 return 0;
 267         } else {
 268                 pthread_mutex_unlock(&engine_lock);
 269                 daemon_log(LOG_ERR, "Scan Error: %s (%s)", cl_strerror(ret), filename->c_str());
 270                 return -1;
 271         }
 272 }
 273
 274 /**
 275  * Free resources used by the engine.
 276  */
 277 clam::~clam()
 278 {
 279         pthread_mutex_lock(&engine_lock);
 280
 281         if (engine) {
 282                 cl_free(engine);
 283                 engine = NULL;
 284         }
 285
 286         while (refresh_thread_alive) {
 287                 sched_yield();
 288                 sleep(3);
 289         }
 290
 291         pthread_mutex_unlock(&engine_lock);
 292         pthread_mutex_destroy(&engine_lock);
 293         pthread_attr_destroy(&ta);
 294 }