citadel/modules/clamav/serv_virus.c

   1 /*
   2  * $Id$
   3  *
   4  * This module allows Citadel to use clamd to filter incoming messages
   5  * arriving via SMTP.  For more information on clamd, visit
   6  * http://clamav.net (the ClamAV project is not in any way
   7  * affiliated with the Citadel project).
   8  */
   9
  10 #define CLAMD_PORT       "3310"
  11
  12 #include "sysdep.h"
  13 #include <stdlib.h>
  14 #include <unistd.h>
  15 #include <stdio.h>
  16 #include <fcntl.h>
  17 #include <signal.h>
  18 #include <pwd.h>
  19 #include <errno.h>
  20 #include <sys/types.h>
  21
  22 #if TIME_WITH_SYS_TIME
  23 # include <sys/time.h>
  24 # include <time.h>
  25 #else
  26 # if HAVE_SYS_TIME_H
  27 #  include <sys/time.h>
  28 # else
  29 #  include <time.h>
  30 # endif
  31 #endif
  32
  33 #include <sys/wait.h>
  34 #include <string.h>
  35 #include <limits.h>
  36 #include <sys/socket.h>
  37 #include <libcitadel.h>
  38 #include "citadel.h"
  39 #include "server.h"
  40 #include "citserver.h"
  41 #include "support.h"
  42 #include "config.h"
  43 #include "control.h"
  44 #include "room_ops.h"
  45 #include "user_ops.h"
  46 #include "policy.h"
  47 #include "database.h"
  48 #include "msgbase.h"
  49 #include "internet_addressing.h"
  50 #include "domain.h"
  51 #include "clientsocket.h"
  52
  53
  54 #include "ctdl_module.h"
  55
  56
  57
  58 /*
  59  * Connect to the clamd server and scan a message.
  60  */
  61 int clamd(struct CtdlMessage *msg) {
  62         int sock = (-1);
  63         int streamsock = (-1);
  64         char clamhosts[SIZ];
  65         int num_clamhosts;
  66         char buf[SIZ];
  67         char hostbuf[SIZ];
  68         char portbuf[SIZ];
  69         int is_virus = 0;
  70         int clamhost;
  71         char *msgtext;
  72         size_t msglen;
  73
  74         /* Don't care if you're logged in.  You can still spread viruses.
  75          */
  76         /* if (CC->logged_in) return(0); */
  77
  78         /* See if we have any clamd hosts configured */
  79         num_clamhosts = get_hosts(clamhosts, "clamav");
  80         if (num_clamhosts < 1) return(0);
  81
  82         /* Try them one by one until we get a working one */
  83         for (clamhost=0; clamhost<num_clamhosts; ++clamhost) {
  84                 extract_token(buf, clamhosts, clamhost, '|', sizeof buf);
  85                 CtdlLogPrintf(CTDL_INFO, "Connecting to clamd at <%s>\n", buf);
  86
  87                 /* Assuming a host:port entry */
  88                 extract_token(hostbuf, buf, 0, ':', sizeof hostbuf);
  89                 if (extract_token(portbuf, buf, 1, ':', sizeof portbuf)==-1)
  90                   /* Didn't specify a port so we'll try the psuedo-standard 3310 */
  91                   sock = sock_connect(hostbuf, CLAMD_PORT, "tcp");
  92                 else
  93                   /* Port specified lets try connecting to it! */
  94                   sock = sock_connect(hostbuf, portbuf, "tcp");
  95
  96                 if (sock >= 0) CtdlLogPrintf(CTDL_DEBUG, "Connected!\n");
  97         }
  98
  99         if (sock < 0) {
 100                 /* If the service isn't running, just pass the mail
 101                  * through.  Potentially throwing away mails isn't good.
 102                  */
 103                 return(0);
 104         }
 105
 106         /* Command */
 107         CtdlLogPrintf(CTDL_DEBUG, "Transmitting STREAM command\n");
 108         sprintf(buf, "STREAM\r\n");
 109         sock_write(sock, buf, strlen(buf));
 110
 111         CtdlLogPrintf(CTDL_DEBUG, "Waiting for PORT number\n");
 112         if (sock_getln(sock, buf, sizeof buf) < 0) {
 113                 goto bail;
 114         }
 115
 116         CtdlLogPrintf(CTDL_DEBUG, "<%s\n", buf);
 117         if (strncasecmp(buf, "PORT", 4)!=0) {
 118                 goto bail;
 119         }
 120
 121         /* Should have received a port number to connect to */
 122         extract_token(portbuf, buf, 1, ' ', sizeof portbuf);
 123
 124         /* Attempt to establish connection to STREAM socket */
 125         streamsock = sock_connect(hostbuf, portbuf, "tcp");
 126
 127         if (streamsock < 0) {
 128                 /* If the service isn't running, just pass the mail
 129                  * through.  Potentially throwing away mails isn't good.
 130                  */
 131                 return(0);
 132         }
 133         else {
 134                 CtdlLogPrintf(CTDL_DEBUG, "STREAM socket connected!\n");
 135         }
 136
 137
 138
 139         /* Message */
 140         CC->redirect_buffer = malloc(SIZ);
 141         CC->redirect_len = 0;
 142         CC->redirect_alloc = SIZ;
 143         CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ALL, 0, 1, 0);
 144         msgtext = CC->redirect_buffer;
 145         msglen = CC->redirect_len;
 146         CC->redirect_buffer = NULL;
 147         CC->redirect_len = 0;
 148         CC->redirect_alloc = 0;
 149
 150         sock_write(streamsock, msgtext, msglen);
 151         free(msgtext);
 152
 153         /* Close the streamsocket connection; this tells clamd
 154          * that we're done.
 155          */
 156         close(streamsock);
 157
 158         /* Response */
 159         CtdlLogPrintf(CTDL_DEBUG, "Awaiting response\n");
 160         if (sock_getln(sock, buf, sizeof buf) < 0) {
 161                 goto bail;
 162         }
 163         CtdlLogPrintf(CTDL_DEBUG, "<%s\n", buf);
 164         if (strncasecmp(buf, "stream: OK", 10)!=0) {
 165                 is_virus = 1;
 166         }
 167
 168         if (is_virus) {
 169                 if (msg->cm_fields['0'] != NULL) {
 170                         free(msg->cm_fields['0']);
 171                 }
 172                 msg->cm_fields['0'] = strdup("message rejected by virus filter");
 173         }
 174
 175 bail:   close(sock);
 176         return(is_virus);
 177 }
 178
 179
 180
 181 CTDL_MODULE_INIT(virus)
 182 {
 183         if (!threading)
 184         {
 185                 CtdlRegisterMessageHook(clamd, EVT_SMTPSCAN);
 186         }
 187
 188         /* return our Subversion id for the Log */
 189         return "$Id$";
 190 }