search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move clamav related functionality into its own class.
[inoclam.git] / clam.cxx
blob6979685a08db58743afb66cf980992e0590174d0
1 /*
2 * inoclam - Inotify+ClamAV virus scanner
3 * Copyright (C) 2007 Vermont Department of Taxes
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 * Contributor(s):
20 * Tom Cort <tom.cort@state.vt.us>
21 * Matt Gagne <matt.gagne@state.vt.us>
22 */
23
24 #include <unistd.h>
25 #include <clamav.h>
26 #include <errno.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <libdaemon/dlog.h>
31 #include <pthread.h>
32 #include "clam.hxx"
33 #include "inoclam.hxx"
34 #include "monitor.hxx"
35 #include "signal.hxx"
36 #include "smtp.hxx"
37 #include "config.hxx"
38
39 #include <string>
40
41 /**
42 * Thread that reloads virus definitions as needed
43 */
44 void *clam_refresh(void *v)
45 {
46 unsigned int sigs;
47 int ret;
48 struct cl_stat dbstat;
49
50 clam *clamav;
51 clamav = (clam *) v;
52
53 memset(&dbstat, 0, sizeof(struct cl_stat));
54 cl_statinidir(cl_retdbdir(), &dbstat);
55
56 do {
57 if (cl_statchkdir(&dbstat) == 1) {
58 struct cl_engine *tmp_engine = NULL;
59 struct cl_engine *old_engine = NULL;
60
61 daemon_log(LOG_INFO, "Reloading new virus definitions");
62
63 /* TODO: make options configurable. */
64 /* For example: enable/disable CL_DB_NCORE, CL_DB_PHISHING_URLS, etc. */
65
66 /* Load virus definition files */
67 ret = cl_load(cl_retdbdir(), &tmp_engine, &sigs, CL_DB_STDOPT);
68 if (CL_SUCCESS != ret) {
69 daemon_log(LOG_ERR, "cl_load() error: %s", cl_strerror(ret));
70 tmp_engine = NULL;
71 continue;
72 }
73
74 daemon_log(LOG_INFO, "Virus definitions loaded (%d signatures).", sigs);
75
76 /* prepare the detection engine */
77 ret = cl_build(tmp_engine);
78 if (CL_SUCCESS != ret) {
79 daemon_log(LOG_ERR, "cl_build() error: %s", cl_strerror(ret));
80 cl_free(tmp_engine);
81 tmp_engine = NULL;
82 continue;
83 }
84
85 /* Swap tmp_engine and engine, free resources from old engine */
86 pthread_mutex_lock(&(clamav->engine_lock));
87 old_engine = clamav->engine;
88 clamav->engine = tmp_engine;
89 tmp_engine = NULL;
90 daemon_log(LOG_INFO, "Virus detection engine ready.");
91 pthread_mutex_unlock(&(clamav->engine_lock));
92
93 cl_free(old_engine);
94 old_engine = NULL;
95
96 cl_statfree(&dbstat);
97 memset(&dbstat, 0, sizeof(struct cl_stat));
98 cl_statinidir(cl_retdbdir(), &dbstat);
99 }
100
101 sleep(5);
102 } while (!exit_now);
103
104 cl_statfree(&dbstat);
105
106 monitor_dec();
107 clamav->refresh_thread_alive = false;
108 return NULL;
109 }
110
111 /**
112 * Load the virus definition files and prepare the engine.
113 */
114 clam::clam()
115 {
116 unsigned int sigs = 0;
117 int ret;
118
119 pthread_t tt;
120
121 engine = NULL;
122 refresh_thread_alive = false;
123
124 memset(&engine_lock, '\0', sizeof(pthread_mutex_t));
125 pthread_mutex_init(&engine_lock, 0);
126 pthread_mutex_lock(&engine_lock);
127
128 /* Load virus definition files */
129 ret = cl_load(cl_retdbdir(), &engine, &sigs, CL_DB_STDOPT);
130 if (CL_SUCCESS != ret) {
131 pthread_mutex_unlock(&engine_lock);
132 daemon_log(LOG_ERR, "cl_load() error: %s", cl_strerror(ret));
133 engine = NULL;
134 return;
135 }
136
137 daemon_log(LOG_INFO, "Virus definitions loaded (%d signatures).", sigs);
138
139 /* prepare the detection engine */
140 ret = cl_build(engine);
141 if (CL_SUCCESS != ret) {
142 pthread_mutex_unlock(&engine_lock);
143 daemon_log(LOG_ERR, "cl_build() error: %s", cl_strerror(ret));
144 cl_free(engine);
145 engine = NULL;
146 return;
147 }
148
149 daemon_log(LOG_INFO, "Virus detection engine ready.");
150 pthread_mutex_unlock(&engine_lock);
151
152 refresh_thread_alive = true;
153 monitor_inc();
154 pthread_attr_init(&ta);
155 pthread_attr_setdetachstate(&ta, PTHREAD_CREATE_DETACHED);
156 ret = pthread_create(&tt, &ta, clam_refresh, (void *) this);
157 if (ret) {
158 refresh_thread_alive = false;
159 monitor_dec();
160 daemon_log(LOG_ERR, "Can't create clam_refresh thread: %s", strerror(errno));
161 }
162 }
163
164 /**
165 * Scans a file for virus.
166 * @return -1 Error || 0 No Virus || +1 Virus Found
167 */
168 int clam::clam_scan(std::string * filename, config * conf)
169 {
170 int ret;
171 struct cl_limits limits;
172 const char *virname;
173
174 pthread_mutex_lock(&engine_lock);
175
176 memset(&limits, 0, sizeof(struct cl_limits));
177 limits.maxfiles = 1;
178 limits.maxfilesize = 10 * 1048576;
179 limits.maxreclevel = 1;
180 limits.maxmailrec = 1;
181 limits.maxratio = 200;
182
183 /* TODO: make options configurable. */
184 /* For example: enable/disable CL_SCAN_BLOCKENCRYPTED, CL_SCAN_BLOCKMAX, CL_SCAN_OLE2, etc. */
185
186 ret = cl_scanfile(filename->c_str(), &virname, NULL, engine, &limits, CL_SCAN_STDOPT);
187 if (CL_VIRUS == ret) {
188 int file_removed = 0;
189
190 pthread_mutex_unlock(&engine_lock);
191 daemon_log(LOG_INFO, "%s: %s FOUND", filename->c_str(), virname);
192
193 if (conf->getVirusRemovalEnabled() == cfg_true) {
194 int rc;
195 rc = unlink(filename->c_str());
196 if (rc == 0) {
197 file_removed = 1;
198 } else {
199 daemon_log(LOG_ERR, "unlink failed for '%s': %s", filename->c_str(), strerror(errno));
200 }
201 }
202
203 if (conf->getSMTPEnabled() == cfg_true) {
204 std::string * smtp_body;
205 char *timestamp;
206 const struct tm *tm;
207 time_t now;
208
209 timestamp = NULL;
210 tm = NULL;
211
212 /* get the timestamp */
213 now = time(NULL);
214 tm = localtime(&now);
215
216 timestamp = (char *) malloc(sizeof(char) * 41);
217 if (!timestamp) {
218 daemon_log(LOG_ERR, "malloc() failed!");
219 return 1;
220 }
221 memset(timestamp, '\0', 41); /* RFC 2822 Date */
222 strftime(timestamp, 40, "%a, %d %b %Y %H:%M:%S +0000", tm);
223
224 /* Sample Message:
225 * "File: <filename>\n"
226 * "Virus: <virname>\n"
227 * "Date: Thu, 28 Jun 2001 14:17:15 +0000\n"
228 * "Deleted: <Yes|No>\n"
229 * "\n"
230 * " (o_ Powered by: inoclam v1.0 (Bender)\n"
231 * " //\ Homepage: http://www.inoclam.org/\n"
232 * " V_/_ Author: Vermont Department of Taxes\n"
233 */
234
235 smtp_body = new std::string();
236 smtp_body->append("File: ");
237 smtp_body->append(filename->c_str());
238 smtp_body->append("\n");
239
240 std::string * vname;
241 vname = new std::string(virname);
242 smtp_body->append("Virus: ");
243 smtp_body->append(vname->c_str());
244 smtp_body->append("\n");
245 delete vname;
246
247 std::string * tstamp;
248 tstamp = new std::string(timestamp);
249 smtp_body->append("Date: ");
250 smtp_body->append(tstamp->c_str());
251 smtp_body->append("\n");
252 delete tstamp;
253
254 smtp_body->append("Deleted: ");
255
256 std::string * rmstatus;
257
258 if (file_removed == 1) {
259 rmstatus = new std::string("Yes");
260 } else {
261 rmstatus = new std::string("No");
262 }
263
264 smtp_body->append(rmstatus->c_str());
265 delete rmstatus;
266
267 smtp_body->append("\n\n");
268
269 std::string * version;
270 version = new std::string(VERSION);
271 smtp_body->append(" (o_ Powered by inoclam ");
272 smtp_body->append(version->c_str());
273 smtp_body->append("\n");
274 delete version;
275
276 smtp_body->append(" //\\ Developed by the Vermont Department of Taxes\n");
277 smtp_body->append(" V_/_ Project Homepage: http://www.inoclam.org/\n");
278
279 smtp_send(conf->getVirusSubject(), smtp_body, conf);
280
281 delete smtp_body; /* Clean up email string */
282
283 if (timestamp) {
284 free(timestamp);
285 timestamp = NULL;
286 }
287 }
288
289 return 1;
290 } else if (CL_CLEAN == ret) {
291 pthread_mutex_unlock(&engine_lock);
292 daemon_log(LOG_INFO, "%s: OK", filename->c_str());
293 return 0;
294 } else {
295 pthread_mutex_unlock(&engine_lock);
296 daemon_log(LOG_ERR, "Scan Error: %s (%s)", cl_strerror(ret), filename->c_str());
297 return -1;
298 }
299 }
300
301 /**
302 * Free resources used by the engine.
303 */
304 clam::~clam()
305 {
306 pthread_mutex_lock(&engine_lock);
307
308 if (engine) {
309 cl_free(engine);
310 engine = NULL;
311 }
312
313 while (refresh_thread_alive) {
314 sched_yield();
315 sleep(3);
316 }
317
318 pthread_mutex_unlock(&engine_lock);
319 pthread_mutex_destroy(&engine_lock);
320 pthread_attr_destroy(&ta);
321 }
Inoclam monitors directories with inotify and virus scans files with ClamAV when they are created or changed.