head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2009.04.03.13.57.13;	author garga;	state dead;
branches;
next	1.1;

1.1
date	2009.04.03.13.56.35;	author garga;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Remove wrong patch added on last commit
@
text
@Index: clamav-milter/Makefile.in
===================================================================
--- clamav-milter/Makefile.in	(revision 4964)
+++ clamav-milter/Makefile.in	(working copy)
@@@@ -58,10 +58,11 @@@@
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \
 	$(top_srcdir)/m4/argz.m4 $(top_srcdir)/m4/fdpassing.m4 \
-	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
-	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltdl.m4 \
-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltdl.m4 $(top_srcdir)/m4/ltoptions.m4 \
+	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+	$(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/mmap_private.m4 $(top_srcdir)/m4/resolv.m4 \
 	$(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
Index: clamav-milter/netcode.c
===================================================================
--- clamav-milter/netcode.c	(revision 4964)
+++ clamav-milter/netcode.c	(working copy)
@@@@ -129,7 +129,7 @@@@
 	    close(s);
 	    return -1;
 	}
-	if (getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
+	if(getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
 	    logg("*Failed to establish a connection to clamd\n");
 	    close(s);
 	    return -1;
@@@@ -163,8 +163,6 @@@@
 	tv.tv_usec = 0;
 	while(1) {
 	    fd_set fds;
-	    int s_err;
-	    socklen_t s_len = sizeof(s_err);
 
 	    FD_ZERO(&fds);
 	    FD_SET(s, &fds);
@@@@ -177,12 +175,10 @@@@
 		    tv.tv_usec = 0;
 		    continue;
 		}
-		logg("!Failed stream to clamd\n");
+		logg("!Failed to stream to clamd\n");
 		close(s);
 		return 1;
 	    }
-	    len-=s_len;
-	    buf+=s_len;
 	    break;
 	}
     }
Index: clamav-milter/whitelist.h
===================================================================
--- clamav-milter/whitelist.h	(revision 4964)
+++ clamav-milter/whitelist.h	(working copy)
@@@@ -24,4 +24,6 @@@@
 int whitelist_init(const char *fname);
 void whitelist_free(void);
 int whitelisted(const char *addr, int from);
+int smtpauth_init(const char *r);
+int smtpauthed(const char *login);
 #endif
Index: clamav-milter/clamfi.c
===================================================================
--- clamav-milter/clamfi.c	(revision 4964)
+++ clamav-milter/clamfi.c	(working copy)
@@@@ -61,6 +61,7 @@@@
 } loginfected;
 
 #define CLAMFIBUFSZ 1424
+static const char *HDR_UNAVAIL = "UNKNOWN";
 
 struct CLAMFI {
     char buffer[CLAMFIBUFSZ];
@@@@ -74,6 +75,7 @@@@
     unsigned int totsz;
     unsigned int bufsz;
     unsigned int all_whitelisted;
+    unsigned int gotbody;
 };
 
 
@@@@ -91,12 +93,15 @@@@
 };
 
 
-void makesanehdr(char *hdr) {
+static const char *makesanehdr(char *hdr) {
+    char *ret = hdr;
+    if(!hdr) return HDR_UNAVAIL;
     while(*hdr) {
 	if(*hdr=='\'' || *hdr=='\t' || *hdr=='\r' || *hdr=='\n' || !isprint(*hdr))
 	    *hdr = ' ';
 	hdr++;
     }
+    return ret;
 }
 
 static void nullify(SMFICTX *ctx, struct CLAMFI *cf, enum CFWHAT closewhat) {
@@@@ -113,9 +118,22 @@@@
 
 
 static sfsistat sendchunk(struct CLAMFI *cf, unsigned char *bodyp, size_t len, SMFICTX *ctx) {
-    if(cf->totsz >= maxfilesize)
+    if(cf->totsz >= maxfilesize || len == 0)
 	return SMFIS_CONTINUE;
 
+    if(!cf->totsz) {
+	sfsistat ret;
+	if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
+	    logg("!Failed to initiate streaming/fdpassing\n");
+	    nullify(ctx, cf, CF_NONE);
+	    return FailAction;
+	}
+	cf->totsz = 1; /* do not infloop */
+	if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
+	    return ret;
+	cf->totsz -= 1;
+    }
+
     if(cf->totsz + len > maxfilesize)
 	len = maxfilesize - cf->totsz;
 
@@@@ -166,35 +184,28 @@@@
     if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
 	return SMFIS_CONTINUE; /* whatever */
 
-    if(loginfected == LOGINF_FULL) {
-	if(headerf && !strcasecmp(headerf, "Subject") && !cf->msg_subj)
-	    cf->msg_subj = strdup(headerv);
-	if(headerf && !strcasecmp(headerf, "Date") && !cf->msg_date)
-	    cf->msg_date = strdup(headerv);
-	if(headerf && !strcasecmp(headerf, "Message-ID") && !cf->msg_id)
-	    cf->msg_id = strdup(headerv);
+    if(!cf->totsz && cf->all_whitelisted) {
+	logg("*Skipping scan (all destinations whitelisted)\n");
+	nullify(ctx, cf, CF_NONE);
+	return SMFIS_ACCEPT;
     }
 
-    if(!cf->totsz) {
-	if(cf->all_whitelisted) {
-	    logg("*Skipping scan (all destinations whitelisted)\n");
-	    nullify(ctx, cf, CF_NONE);
-	    return SMFIS_ACCEPT;
-	}
-	if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
-	    logg("!Failed to initiate streaming/fdpassing\n");
-	    nullify(ctx, cf, CF_NONE);
-	    return FailAction;
-	}
-	if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
-	    return ret;
+    if(!headerf) return SMFIS_CONTINUE; /* just in case */
+
+    if(loginfected == LOGINF_FULL) {
+	if(!cf->msg_subj && !strcasecmp(headerf, "Subject"))
+	    cf->msg_subj = strdup(headerv ? headerv : "");
+	if(!cf->msg_date && !strcasecmp(headerf, "Date"))
+	    cf->msg_date = strdup(headerv ? headerv : "");
+	if(!cf->msg_id && !strcasecmp(headerf, "Message-ID"))
+	    cf->msg_id = strdup(headerv ? headerv : "");
     }
 
     if((ret = sendchunk(cf, (unsigned char *)headerf, strlen(headerf), ctx)) != SMFIS_CONTINUE)
 	return ret;
     if((ret = sendchunk(cf, (unsigned char *)": ", 2, ctx)) != SMFIS_CONTINUE)
 	return ret;
-    if((ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
+    if(headerv && (ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
 	return ret;
     return sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
 }
@@@@ -205,6 +216,14 @@@@
 
     if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
 	return SMFIS_CONTINUE; /* whatever */
+
+    if(!cf->gotbody) {
+	sfsistat ret = sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
+	if(ret != SMFIS_CONTINUE)
+	    return ret;
+	cf->gotbody = 1;
+    }
+
     return sendchunk(cf, bodyp, len, ctx);
 }
 
@@@@ -225,6 +244,14 @@@@
     if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
 	return SMFIS_CONTINUE; /* whatever */
 
+    if(!cf->totsz) {
+	/* got no headers and no body */
+	logg("*Not scanning an empty message\n");
+	ret = CleanAction(ctx);
+	nullify(ctx, cf, CF_NONE);
+	return ret;
+    }
+
     if(cf->local) {
 	if(nc_send(cf->main, "nFILDES\n", 8)) {
 	    logg("!FD scan request failed\n");
@@@@ -286,18 +313,19 @@@@
 		}
 
 		if(loginfected) {
-		    const char *from = smfi_getsymval(ctx, "{mail_addr}"), *to = smfi_getsymval(ctx, "{rcpt_addr}");
-		    
-		    if(!from) from = "UNKNOWN";
-		    if(!to) to = "UNKNOWN";
-		    
+		    const char *from = smfi_getsymval(ctx, "{mail_addr}");
+		    const char *to = smfi_getsymval(ctx, "{rcpt_addr}");
+
+		    if(!from) from = HDR_UNAVAIL;
+		    if(!to) to = HDR_UNAVAIL;
 		    if(loginfected == LOGINF_FULL) {
 			const char *id = smfi_getsymval(ctx, "{i}");
+			const char *msg_subj = makesanehdr(cf->msg_subj);
+			const char *msg_date = makesanehdr(cf->msg_date);
+			const char *msg_id = makesanehdr(cf->msg_id);
 
-			makesanehdr(cf->msg_subj);
-			makesanehdr(cf->msg_date);
-			makesanehdr(cf->msg_id);
-			logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id ? id : "UNKNOWN", from, to, cf->msg_subj, cf->msg_id, cf->msg_date, vir);
+			if(!id) id = HDR_UNAVAIL;
+			logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id, from, to, msg_subj, msg_id, msg_date, vir);
 		    } else logg("~Message from <%s> to <%s> infected by %s\n", from, to, vir);
 		}
 	    }
@@@@ -504,12 +532,18 @@@@
 
 sfsistat clamfi_envfrom(SMFICTX *ctx, char **argv) {
     struct CLAMFI *cf;
+    const char *login = smfi_getsymval(ctx, "{auth_authen}");
 
+    if(login && smtpauthed(login)) {
+	logg("*Skipping scan for authenticated user %s\n", login);
+	return SMFIS_ACCEPT;
+    }
+
     if(whitelisted(argv[0], 1)) {
 	logg("*Skipping scan for %s (whitelisted from)\n", argv[0]);
 	return SMFIS_ACCEPT;
     }
-    
+
     if(!(cf = (struct CLAMFI *)malloc(sizeof(*cf)))) {
 	logg("!Failed to allocate CLAMFI struct\n");
 	return FailAction;
@@@@ -518,6 +552,7 @@@@
     cf->bufsz = 0;
     cf->main = cf->alt = -1;
     cf->all_whitelisted = 1;
+    cf->gotbody = 0;
     cf->msg_subj = cf->msg_date = cf->msg_id = NULL;
     smfi_setpriv(ctx, (void *)cf);
 
Index: clamav-milter/whitelist.c
===================================================================
--- clamav-milter/whitelist.c	(revision 4964)
+++ clamav-milter/whitelist.c	(working copy)
@@@@ -25,8 +25,8 @@@@
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
-#include <regex.h>
 
+#include "libclamav/regex/regex.h"
 #include "shared/output.h"
 #include "whitelist.h"
 
@@@@ -38,17 +38,20 @@@@
 struct WHLST *wfrom = NULL;
 struct WHLST *wto = NULL;
 
+int skipauth = 0;
+regex_t authreg;
+
 void whitelist_free(void) {
     struct WHLST *w;
     while(wfrom) {
 	w = wfrom->next;
-	regfree(&wfrom->preg);
+	cli_regfree(&wfrom->preg);
 	free(wfrom);
 	wfrom = w;
     }
     while(wto) {
 	w = wto->next;
-	regfree(&wto->preg);
+	cli_regfree(&wto->preg);
 	free(wto);
 	wto = w;
     }
@@@@ -85,14 +88,14 @@@@
 	}
 	if(!len) continue;
 	if (!(w = (struct WHLST *)malloc(sizeof(*w)))) {
-	    logg("!Out of memory loading whitelist\n");
+	    logg("!Out of memory loading whitelist file\n");
 	    whitelist_free();
 	    return 1;
 	}
 	w->next = (*addto);
 	(*addto) = w;
-	if (regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
-	    logg("!Failed to compile regex '%s'\n", ptr);
+	if (cli_regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
+	    logg("!Failed to compile regex '%s' in whitelist file\n", ptr);
 	    whitelist_free();
 	    return 1;
 	}
@@@@ -108,7 +111,7 @@@@
     else w = wto;
 
     while(w) {
-	if(!regexec(&w->preg, addr, 0, NULL, 0))
+	if(!cli_regexec(&w->preg, addr, 0, NULL, 0))
 	    return 1;
 	w = w->next;
     }
@@@@ -116,6 +119,23 @@@@
 }
 
 
+int smtpauth_init(const char *r) {
+    if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) {
+	logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r);
+	return 1;
+    }
+    skipauth = 1;
+    return 0;
+}
+
+
+int smtpauthed(const char *login) {
+    if(skipauth && !cli_regexec(&authreg, login, 0, NULL, 0))
+	return 1;
+    return 0;
+}
+
+
 /*
  * Local Variables:
  * mode: c
Index: clamav-milter/clamav-milter.c
===================================================================
--- clamav-milter/clamav-milter.c	(revision 4964)
+++ clamav-milter/clamav-milter.c	(working copy)
@@@@ -211,6 +211,14 @@@@
 	return 1;
     }
 
+    if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) {
+	localnets_free();
+	whitelist_free();
+	logg_close();
+	optfree(opts);
+	return 1;
+    }
+
     if(optget(opts, "AddHeader")->enabled) {
 	char myname[255];
 
@


1.1
log
@- Mark clamav-milter as BROKEN since it's not working. I updated clamav-devel
  to a version that have the fix and won't update it anymore until 0.95.1 is
  released
@
text
@@

