2 * inoclam - Inotify+ClamAV virus scanner
3 * Copyright (C) 2007 Vermont Department of Taxes
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Tom Cort <tom.cort@state.vt.us>
25 #include <inotifytools/inotifytools.h>
26 #include <inotifytools/inotify.h>
27 #include <libdaemon/dlog.h>
33 #include "inotify.hxx"
37 int __inotify_init(char *basedir
)
39 if (!inotifytools_initialize() || !inotifytools_watch_recursively(basedir
, IN_ALL_EVENTS
)) {
40 daemon_log(LOG_ERR
, "(%s:%u) Failed init inotify: %s", __FILE__
, __LINE__
, strerror(inotifytools_error()));
43 /* daemon_log(LOG_DEBUG, "(%s:%u) init inotify", __FILE__, __LINE__); */
50 inotifytools_cleanup();
55 * Watch the specified directory for changes and call contains_virus()
56 * @param basedir the directory to watch.
58 void inotify_main(char *basedir
)
60 struct inotify_event
*event
;
68 if (basedir
== NULL
|| __inotify_init(basedir
) == -1) {
73 daemon_log(LOG_INFO
, "(%s:%u) inotify watching '%s'", __FILE__
, __LINE__
, basedir
);
75 while (!exit_now
&& (event
= inotifytools_next_event(-1))) {
76 if (event
&& event
->name
&& event
->wd
) {
77 length
= strlen(inotifytools_filename_from_wd(event
->wd
)) + strlen(event
->name
) + 2;
78 filename
= (char *) malloc(sizeof(char) * length
);
80 daemon_log(LOG_ERR
, "(%s:%u) malloc() Failed: %s", __FILE__
, __LINE__
, strerror(errno
));
84 memset(filename
, '\0', length
);
86 snprintf(filename
, length
- 1, "%s%s", inotifytools_filename_from_wd(event
->wd
), event
->name
);
88 if ((event
->mask
& (IN_CLOSE_WRITE
| IN_MOVED_TO
)) && !(event
->mask
& IN_ISDIR
)) {
90 * Scan writtable files that are being closed.
91 * Scan files that have been moved to a watched directory.
92 * TODO: run the switch statement and scan in a new thread. (make sure filename is safely free()'d).
93 * TODO: optional e-mail notification when viruses are found.
94 * TODO: make unlink() optional.
96 switch (contains_virus(filename
)) {
99 unlink(filename
); /* remove without prejudice */
103 /* no virus detected */
106 daemon_log(LOG_ERR
, "(%s:%u) Scan Failed", __FILE__
, __LINE__
);
109 } else if ((event
->mask
& (IN_CREATE
| IN_MOVED_TO
| IN_DELETE
)) && (event
->mask
& IN_ISDIR
)) {
111 * If the directory structure has changed, reload the watch list.
112 * Benchmark this to determine if this is too much of a performance hit.
115 __inotify_init(basedir
);