2 * inoclam - Inotify+ClamAV virus scanner
3 * Copyright (C) 2007 Vermont Department of Taxes
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Tom Cort <tom.cort@state.vt.us>
25 #include <inotifytools/inotifytools.h>
26 #include <inotifytools/inotify.h>
27 #include <libdaemon/dlog.h>
34 int __inotify_init(char *basedir
)
36 if (!inotifytools_initialize() || !inotifytools_watch_recursively(basedir
, IN_ALL_EVENTS
)) {
37 daemon_log(LOG_ERR
, "(%s:%u) Failed init inotify: %s", __FILE__
, __LINE__
, strerror(inotifytools_error()));
40 /* daemon_log(LOG_DEBUG, "(%s:%u) init inotify", __FILE__, __LINE__); */
47 inotifytools_cleanup();
52 * Watch the specified directory for changes and call contains_virus()
53 * @param basedir the directory to watch.
55 void inotify_main(char *basedir
)
57 struct inotify_event
*event
;
65 if (basedir
== NULL
|| __inotify_init(basedir
) == -1) {
70 daemon_log(LOG_INFO
, "(%s:%u) inotify watching '%s'", __FILE__
, __LINE__
, basedir
);
72 while (!exit_now
&& (event
= inotifytools_next_event(-1))) {
73 if (event
&& event
->name
&& event
->wd
) {
74 length
= strlen(inotifytools_filename_from_wd(event
->wd
)) + strlen(event
->name
) + 2;
75 filename
= (char *) malloc(sizeof(char) * length
);
77 daemon_log(LOG_ERR
, "(%s:%u) malloc() Failed: %s", __FILE__
, __LINE__
, strerror(errno
));
81 memset(filename
, '\0', length
);
83 snprintf(filename
, length
- 1, "%s%s", inotifytools_filename_from_wd(event
->wd
), event
->name
);
85 if ((event
->mask
& (IN_CLOSE_WRITE
| IN_MOVED_TO
)) && !(event
->mask
& IN_ISDIR
)) {
87 * Scan writtable files that are being closed.
88 * Scan files that have been moved to a watched directory.
89 * TODO: run the switch statement and scan in a new thread. (make sure filename is safely free()'d).
90 * TODO: optional e-mail notification when viruses are found.
91 * TODO: make unlink() optional.
93 switch (contains_virus(filename
)) {
96 unlink(filename
); /* remove without prejudice */
99 /* no virus detected */
102 daemon_log(LOG_ERR
, "(%s:%u) Scan Failed", __FILE__
, __LINE__
);
105 } else if ((event
->mask
& (IN_CREATE
| IN_MOVED_TO
| IN_DELETE
)) && (event
->mask
& IN_ISDIR
)) {
107 * If the directory structure has changed, reload the watch list.
108 * Benchmark this to determine if this is too much of a performance hit.
111 __inotify_init(basedir
);