inotify.cxx

   1 /*
   2  * inoclam - Inotify+ClamAV virus scanner
   3  * Copyright (C) 2007 Vermont Department of Taxes
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program; if not, write to the Free Software
  17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18  *
  19  * Contributor(s):
  20  *   Tom Cort <tom.cort@state.vt.us>
  21  */
  22
  23 #include <errno.h>
  24 #include <idn-int.h>
  25 #include <inotifytools/inotifytools.h>
  26 #include <inotifytools/inotify.h>
  27 #include <libdaemon/dlog.h>
  28 #include <stdlib.h>
  29 #include <string.h>
  30 #include <unistd.h>
  31
  32 #include "clam.hxx"
  33 #include "inotify.hxx"
  34 #include "signal.hxx"
  35 #include "smtp.hxx"
  36
  37 int __inotify_init(char *basedir)
  38 {
  39         if (!inotifytools_initialize() || !inotifytools_watch_recursively(basedir, IN_ALL_EVENTS)) {
  40                 daemon_log(LOG_ERR, "(%s:%u) Failed init inotify: %s", __FILE__, __LINE__, strerror(inotifytools_error()));
  41                 return -1;
  42         } else {
  43                 /* daemon_log(LOG_DEBUG, "(%s:%u) init inotify", __FILE__, __LINE__); */
  44                 return 1;
  45         }
  46 }
  47
  48 int __inotify_exit()
  49 {
  50         inotifytools_cleanup();
  51         return 1;
  52 }
  53
  54 /**
  55  * Watch the specified directory for changes and call contains_virus()
  56  * @param basedir the directory to watch.
  57  */
  58 void inotify_main(char *basedir)
  59 {
  60         struct inotify_event *event;
  61         char *filename;
  62         int length;
  63
  64         event = NULL;
  65         filename = NULL;
  66         length = 0;
  67
  68         if (basedir == NULL || __inotify_init(basedir) == -1) {
  69                 exit_now = 1;
  70                 return;
  71         }
  72
  73         daemon_log(LOG_INFO, "(%s:%u) inotify watching '%s'", __FILE__, __LINE__, basedir);
  74
  75         while (!exit_now && (event = inotifytools_next_event(-1))) {
  76                 if (event && event->name && event->wd) {
  77                         length = strlen(inotifytools_filename_from_wd(event->wd)) + strlen(event->name) + 2;
  78                         filename = (char *) malloc(sizeof(char) * length);
  79                         if (!filename) {
  80                                 daemon_log(LOG_ERR, "(%s:%u) malloc() Failed: %s", __FILE__, __LINE__, strerror(errno));
  81                                 exit_now = 1;
  82                                 return;
  83                         }
  84                         memset(filename, '\0', length);
  85
  86                         snprintf(filename, length - 1, "%s%s", inotifytools_filename_from_wd(event->wd), event->name);
  87
  88                         if ((event->mask & (IN_CLOSE_WRITE | IN_MOVED_TO)) && !(event->mask & IN_ISDIR)) {
  89                                 /*
  90                                  * Scan writtable files that are being closed.
  91                                  * Scan files that have been moved to a watched directory.
  92                                  * TODO: run the switch statement and scan in a new thread. (make sure filename is safely free()'d).
  93                                  * TODO: optional e-mail notification when viruses are found.
  94                                  * TODO: make unlink() optional.
  95                                  */
  96                                 switch (contains_virus(filename)) {
  97                                 case 1:
  98                                         /* virus found */
  99                                         unlink(filename);       /* remove without prejudice */
 100                                         smtp_send(filename);
 101                                         break;
 102                                 case 0:
 103                                         /* no virus detected */
 104                                         break;
 105                                 default:
 106                                         daemon_log(LOG_ERR, "(%s:%u) Scan Failed", __FILE__, __LINE__);
 107                                         break;
 108                                 }
 109                         } else if ((event->mask & (IN_CREATE | IN_MOVED_TO | IN_DELETE)) && (event->mask & IN_ISDIR)) {
 110                                 /*
 111                                  * If the directory structure has changed, reload the watch list.
 112                                  * Benchmark this to determine if this is too much of a performance hit.
 113                                  */
 114                                 __inotify_exit();
 115                                 __inotify_init(basedir);
 116                         }
 117
 118                         if (filename) {
 119                                 free(filename);
 120                                 filename = NULL;
 121                         }
 122                 }
 123         }
 124
 125         __inotify_exit();
 126 }