diff -Naur p3scan-2.3.2-orig/Makefile p3scan-2.3.2/Makefile --- p3scan-2.3.2-orig/Makefile 2008-02-05 12:37:59.000000000 +0100 +++ p3scan-2.3.2/Makefile 2008-02-05 12:38:28.000000000 +0100 @@ -45,7 +45,7 @@ CFLAGS=-Wall -O2 $(LOGSET) #ifdef DEMIME :) -LDFLAGS=-L. -lripmime -lpcre -lssl -lcrypto #-static +LDFLAGS=-L. -lripmime -lpcre -lssl -lcrypto -lpaiface #-static #else #LDFLAGS=-L. -lpcre -lssl -lcrypto #endif :) @@ -64,7 +64,9 @@ OBJECTS=getlinep3.o getline_ssl.o parsefile.o p3scan.o \ scanner_basic.o scanner_avpd.o scanner_avpd_new.o \ - scanner_trophie.o scanner_clamd.o scanner_bash.o + scanner_trophie.o scanner_clamd.o scanner_bash.o \ + scanner_pascanqd.o scanner_dummy.o + LIBS=libripmime.a all: $(PROGS) diff -Naur p3scan-2.3.2-orig/p3scan.c p3scan-2.3.2/p3scan.c --- p3scan-2.3.2-orig/p3scan.c 2008-02-05 12:37:59.000000000 +0100 +++ p3scan-2.3.2/p3scan.c 2008-02-05 12:38:53.000000000 +0100 @@ -82,9 +82,17 @@ #include "ripmime/ripmime-api.h" #endif +#include "pa/spaced.h" +#include "pa/stat.h" + /* globals */ int numprocs; struct configuration_t * config; +struct { + pa_stat_counter_t *total; + pa_stat_counter_t *spam; + pa_stat_counter_t *virus; +} pa_stat; /* p->ismail legend: ismail=0 not processing a message - parsing client commands @@ -116,6 +124,52 @@ static int str_tag[8]; static char smtpstr[LEN]; +/** + * This function was added for the PacketAlarm integration to avoid the + * requirement of a shell and the mv command in the chroot environment. + */ +void move(char *src, char *dst) +{ + char buf[10000]; + int fdIn = -1; + int fdOut = -1; + int len; + char *filename, *tmp; + char dstPath[PATH_MAX]; + + tmp = strdup(src); + filename = basename(tmp); + free(tmp); + snprintf(dstPath, PATH_MAX, "%s/%s", dst, filename); + do_log(LOG_DEBUG, "move: %s -> %s", src, dstPath); + if((fdIn = open(src, O_RDONLY)) < 0) + { + do_log(LOG_ERR, "move: unable to open input file, %s", + strerror(errno)); + goto finish; + } + if((fdOut = open(dstPath, O_WRONLY | O_CREAT | O_EXCL, 0644)) < 0) + { + do_log(LOG_ERR, "move: unable to open outout file, %s", + strerror(errno)); + goto finish; + } + while((len = read(fdIn, buf, sizeof(buf))) > 0) + write(fdOut, buf, len); + finish: + if(unlink(src) < 0) + { + do_log(LOG_ERR, "move: unable to unlink inout file, %s", + strerror(errno)); + } + if(fdIn > 0) + close(fdIn); + if(fdOut > 0) + close(fdOut); +} + + + void do_sigterm_proxy2(int signr){ if(config->debug) fprintf(stderr, "do_sigterm_proxy2, signal %i\n", signr); @@ -247,7 +301,7 @@ } if(!found) { // If we haven't found it, then we shouldn't free it - do_log(LOG_CRIT,"ERR: Unable to free memory not previously allocated: %s",loc); // Report this as an error + do_log(LOG_NOTICE,"ERR: Unable to free memory not previously allocated: %s",loc); // Report this as an error } global_memory_count -= found->size + sizeof(struct memory_list);// Decrement our global byte count @@ -533,7 +587,7 @@ } } else if (ret == SCANNER_RET_ERR && ret_all != SCANNER_RET_VIRUS) ret_all = SCANNER_RET_ERR; do_log(LOG_DEBUG, "Finished scanning '%s'(%s=%s)", file,(virname ? virname : "none"),(ret_all==SCANNER_RET_OK ? "OK" : (ret_all==SCANNER_RET_VIRUS ? "VIRUS" : "ERROR"))); - if (virname) w_free(virname,"virname"); + //if (virname) w_free(virname,"virname"); w_free(file,"file3"); } closedir (dp); @@ -567,7 +621,7 @@ dirlen=strlen(config->virusdirbase)+20; dir=w_malloc(dirlen); - snprintf(dir, dirlen, "%s/children/%d/", config->virusdirbase, childpid); + snprintf(dir, dirlen, "%s/p3scan-%d/", config->virusdirbase, childpid); /* Erase directory if it exists */ if ((dp = opendir (dir)) != NULL){ do_log(LOG_DEBUG, "Erasing %s contents", dir); @@ -579,7 +633,7 @@ snprintf(file, filelen, "%s%s", dir, de->d_name); do_log(LOG_DEBUG, "Unlinking (%s)", file); if ((unlink(file)<0)){ - do_log(LOG_CRIT, "ERR: File Error! Could not erase %s",file); + do_log(LOG_NOTICE, "ERR: File Error! Could not erase %s",file); return 1; } w_free(file,"file4"); @@ -799,7 +853,7 @@ if (config->demime){ /* extract MIME Parts into maildir */ do_log(LOG_DEBUG, "DeMIMEing to %s", p->maildir); - viret = mkdir(p->maildir, S_IRWXU); + viret = mkdir(p->maildir, S_IRWXU | S_IRWXO | S_IRWXG ); if ((viret == -1)&&(errno != EEXIST)){ do_log(LOG_CRIT, "ERR: Cannot create directory '%s' (%s). Can't scan mail.\n", p->maildir, strerror(errno)); @@ -844,7 +898,7 @@ sprintf(file, "%s/%s", p->maildir, de->d_name); if ((unlink(file)<0)){ config->emergency=make_message("File Error! Could not erase %s",file); - do_log(LOG_EMERG, "ERR: File Error! Could not erase %s",file); + do_log(LOG_NOTICE, "ERR: File Error! Could not erase %s",file); } w_free(file,"file5"); } @@ -860,6 +914,8 @@ p->virinfo=NULL; viret=config->scanner->scan(p, &p->virinfo); do_log(LOG_DEBUG, "Scanner returned %i", viret); + if(viret) + pa_stat_inc(pa_stat.virus); /* TODO: Fail on unexpected scanner return code. */ #ifdef DEMIME } @@ -933,6 +989,9 @@ return SCANNER_RET_CRIT; } ret=pclose(scanner); + if(WIFEXITED(ret) && WEXITSTATUS(ret) == 1) { + pa_stat_inc(pa_stat.spam); + } /* Spam report is now in $virusdir/newmsg so now replace original msg with newmsg */ len=strlen(MOVEIT)+1+strlen(newmsg)+1+strlen(p->mailfile)+1; @@ -1022,7 +1081,7 @@ return ret; } -unsigned long send_mailfile(char * mailfile, int fd, struct proxycontext *p){ +unsigned long send_mailfile(char * mailfile, int fd, struct proxycontext *p, int complete){ struct linebuf *filebuf, *footbuf; int mailfd, footfd; int res=0, sendret=0, gotprd=0, gottxt=0, nogo=0; @@ -1149,9 +1208,11 @@ linebuf_uninit(filebuf); return 1; } - if (!gotprd){ - do_log(LOG_DEBUG, "Wrote new EOM."); - writeline(fd, WRITELINE_LEADING_N, "."); + if(complete) { + if (!gotprd){ + do_log(LOG_DEBUG, "Wrote new EOM."); + writeline(fd, WRITELINE_LEADING_N, "."); + } } linebuf_uninit(filebuf); close(mailfd); @@ -1164,8 +1225,15 @@ static char line[512], virdef[512]; int len=0, vlen=0; char vcmd[512]; + struct hostent *hostent; gethostname(buf, 256); + if((hostent = gethostbyname(buf)) == NULL){ + paramlist_set(p->params, "%HOSTNAME%", buf); + } + else { + paramlist_set(p->params, "%HOSTNAME%", hostent->h_name); + } paramlist_set(p->params, "%HOSTNAME%", buf); if(getdomainname(buf, 256)) do_log(LOG_CRIT,"ERR: getdomainname"); paramlist_set(p->params, "%DOMAINNAME%", buf); @@ -1357,12 +1425,7 @@ } /* If mail is infected AND we just want to delete it, just don't move it */ if (!config->delit){ - snprintf(comm,4096,"%s %s %s",MOVEIT,p->mailfile,config->virusdirbase); - if(system(comm)) do_log(LOG_CRIT,"ERR: move"); - sync(); - snprintf(comm,4096,"%s %s/p3scan.*",CHMODCMD,config->virusdirbase); - do_log(LOG_DEBUG,"Forcing all files 0600 %s",comm); - if(system(comm)) do_log(LOG_CRIT,"ERR: chmod"); + move(p->mailfile, config->quarantinedir); } sprintf(mail, "%s/%i.mailout", config->notifydir,getpid()); if (p->extra) sprintf(mailx, "%s/%i.extrout", config->notifydir,getpid()); @@ -1439,7 +1502,7 @@ } } do_log(LOG_DEBUG, "sending new mail"); - len=send_mailfile(mail, p->client_fd,p); + len=send_mailfile(mail, p->client_fd,p,1); p->bytecount+=len; /* Send it to extra notification? */ if (config->extra != NULL){ @@ -1466,13 +1529,135 @@ return -1; } +int do_oversizedaction(struct proxycontext * p){ + struct linebuf; + char *mail=NULL; + char svrout[1]; + char comm[4096]; + int readerr=0, bufferr=0, subjfd=-1; + unsigned long len; + int ret; +#define CHMODCMD "/bin/chmod 0600" + + /* complete the header of the original message... */ + if (config->broken){ + if(p->hdroffset && !p->gobogus){ + while ((readerr=getlinep3(p->header_fd,p->hdrbuf)!=GETLINE_EOF)){ + writeline(p->client_fd, WRITELINE_LEADING_RN, p->hdrbuf->line); + } + } else { + while ((readerr=read(p->header_fd,p->cbuff,1)>0)){ + if (readerr < 0){ + context_uninit(p); + config->emergency="Could not read header file (broken)!"; + do_log(LOG_EMERG, "ERR: Could not read header file (broken)!"); + } + bufferr=secure_write(p->client_fd,p->cbuff,1); + if (bufferr==GETLINE_ERR) { + context_uninit(p); + config->emergency="Could not flush header buffer to client (broken)!"; + do_log(LOG_EMERG, "ERR: Could not flush header buffer to client (broken)!"); + } + } + } + } else { + if (p->gobogus){ + if (p->boguspos < 74){ + svrout[0]=BOGUSX[p->boguspos]; + secure_write(p->client_fd,svrout,1); + p->boguspos++; + } + /* now close it */ + writeline(p->client_fd,WRITELINE_LEADING_RN,PERIOD); + p->gobogus=0; + } else { + while ((readerr=read(p->header_fd,p->cbuff,1)>0)){ + if (readerr < 0){ + context_uninit(p); + config->emergency="Could not read header file!"; + do_log(LOG_EMERG, "ERR: Could not read header file!"); + } + if ((strncmp(p->cbuff,"\r",1)==0) || (strncmp(p->cbuff,"\n",1)==0)) + bufferr=secure_write(p->client_fd,"\r\n",2); + else if ((strncmp(p->cbuff,"\r",1)!=0) && (strncmp(p->cbuff,"\n",1)!=0)) + bufferr=secure_write(p->client_fd,p->cbuff,1); + if (bufferr==GETLINE_ERR) { + context_uninit(p); + config->emergency="Could not flush header buffer to client!"; + do_log(LOG_EMERG, "ERR: Could not flush header buffer to client!"); + } + } + } + } + set_maildateparam(p->params); + set_paramsfrommailheader(p->mailfile, p->params,p); + if (!p->hdrdate) writeline_format(p->client_fd,WRITELINE_LEADING_RN,"Date: %s", + paramlist_get(p->params, "%MAILDATE%")); + if (!p->hdrfrom) writeline_format(p->client_fd,WRITELINE_LEADING_RN,"From: %s", + paramlist_get(p->params, "%MAILFROM%")); + if (!p->hdrto) writeline_format(p->client_fd,WRITELINE_LEADING_RN,"To: %s", + paramlist_get(p->params, "%MAILTO%")); + p->hdroffset=0; + p->extra=0; + mail = w_malloc(strlen(p->mailfile)+10); + sprintf(mail, "%s/%i.mailout", config->notifydir,getpid()); + if (!config->altemail){ + subjfd = open(config->oversizedtemplate, O_RDONLY); + if (subjfd<0){ + w_free(mail,"mail0"); + context_uninit(p); + config->emergency=make_message("Critical error opening file '%s', Program aborted.", + config->oversizedtemplate); + do_log(LOG_EMERG,"ERR: Critical error opening file '%s', Program aborted.", + config->oversizedtemplate); + /* should not reach here as we are dead */ + } + readerr=read(subjfd,comm,4096); + /* Check for Subject line... */ + if (strncmp(comm,"Subject:",8)!=0) + writeline_format(p->client_fd,WRITELINE_LEADING_RN,"Subject: *** Oversized *** %s ", + paramlist_get(p->params, "%SUBJECT%")); + close(subjfd); + } + if ((ret = parsefile(config->oversizedtemplate, mail, p->params, + WRITELINE_LEADING_RN))!=0) { + context_uninit(p); + unlink(mail); + w_free(mail,"mail3"); + if (ret<0) { + config->emergency=make_message("Can't open mail notification template %s", + config->oversizedtemplate); + do_log(LOG_EMERG, "ERR: Can't open mail notification template %s", + config->oversizedtemplate); + } else { + config->emergency=make_message("Can't create overwrite warning mail message %s", + p->mailfile); + do_log(LOG_EMERG, "ERR: Can't create overwrite warning mail message %s", + p->mailfile); + } + return -1; + } + do_log(LOG_DEBUG, "sending new mail"); + len=send_mailfile(mail, p->client_fd,p,1); + p->bytecount+=len; + /* Send it to extra notification? */ + unlink(mail); + w_free(mail,"mail4"); + p->ismail=0; + if (len>0) return 0; + return -1; +} + + struct proxycontext * context_init(void){ struct proxycontext * p; p=w_malloc(sizeof(struct proxycontext)); p->ismail=0; p->msgnum=0; p->mailcount=0; + p->mailsize=0; p->bytecount=0; + p->passthrough=0; p->socksize=sizeof(struct sockaddr_in); p->client_fd=-1; p->server_fd=-1; @@ -1524,7 +1709,7 @@ p->now = time(NULL); if (!p->notified && !p->cksmtp){ do_log(LOG_DEBUG, "Informing email client to wait..."); - writeline_format(p->client_fd, WRITELINE_LEADING_RN,"+OK P3Scan'ing..."); + writeline_format(p->client_fd, WRITELINE_LEADING_RN,"+OK Scaning Mails..."); p->notified=1; } p->ismail=3; @@ -1558,7 +1743,7 @@ int error; int maybe_a_space; // signals a space in the keyword for setting USERNAME var int clientret, serverret; - unsigned long len, smtpsze; + unsigned long len = 0, smtpsze; char buf[64]; #ifdef SET_TOS int tos; @@ -1566,6 +1751,7 @@ int scannerret, ret; int trapdata=0, trapcapa1=0, postdata=0; int trapcapa2=0, trapcapa3=0; + int sendret=0, res=0, gotprd=0; int smtpcmd=0; int smtprstlb=0; char *smtptr=NULL; @@ -1719,7 +1905,6 @@ } } else do_log(LOG_DEBUG, "--> %s", p->clientbuf->line); } - /* read from server */ if (p->usessl) serverret=getline_ssl(p->ssl, p->serverbuf); else serverret=getlinep3(p->server_fd, p->serverbuf); @@ -1798,6 +1983,7 @@ if (p->clientbuf->linelen>=0 && p->ismail<2 ){ // Not processing message /* scan command the client sent */ if (!strncasecmp(p->clientbuf->line,"retr", 4)){ + pa_stat_inc(pa_stat.total); p->msgnum=atoi(&p->clientbuf->line[5]); if (p->msgnum<1){ /* that's not ok */ @@ -1810,6 +1996,8 @@ p->ismail=1; } p->mailcount++; + p->mailsize=0; + p->passthrough=0; } } else if (!strncasecmp(p->clientbuf->line,"user",4)){ paramlist_set(p->params, "%USERNAME%",right(p->clientbuf->line,strlen(p->clientbuf->line)-5)); @@ -1838,6 +2026,7 @@ } else { do_log(LOG_WARNING,"Ignoring client TOP request." ); p->clientbuf->linelen=GETLINE_LINE_NULL; /* don't sent to server */ + writeline_format(p->client_fd, WRITELINE_LEADING_RN, "-ERR command not supported by proxy"); } } else if (!strncasecmp(p->clientbuf->line,"mail from:", 10) && p->cksmtp){ /* we have size of message */ @@ -1872,7 +2061,7 @@ p->ismail=0; } if ((maybe_a_space = !strncasecmp(p->clientbuf->line,"apop", 4)) || !strncasecmp(p->clientbuf->line,"user", 4)){ - len=p->clientbuf->linelen -5; + len=p->clientbuf->linelen -5; if( len >= sizeof(buf)) len=sizeof(buf)-1; if (len>0){ memcpy(buf, (char *)(p->clientbuf->line)+5, len ); @@ -1976,12 +2165,72 @@ p->ismail=0; } } else if (p->ismail>1){ + if(scanfd != -1) { + p->mailsize = p->mailsize + strlen(p->serverbuf->line); + if(config->maxmailsize && p->mailsize > config->maxmailsize) { + do_log(LOG_DEBUG, "Email is oversized: %d", p->mailsize); + set_maildateparam(p->params); + set_paramsfrommailheader(p->mailfile, p->params,p); +//FIXME FIXME FIXME + if(config->passmailsize) { + //PASSTHROUGH EMAIL + p->passthrough = 1; + len=send_mailfile(p->mailfile, p->client_fd,p,0); + while (gotprd == 0){ + if ((res=getlinep3(p->server_fd, p->serverbuf))<0){ + if (res==GETLINE_TOO_LONG){ + /* Buffer contains part of line, take care of later */ + } else { + /* Other error, take care of later */ + break; + } + } + if(res > 0) continue; + sendret=checktimeout(p); + if (sendret==GETLINE_PIPE){ + do_log(LOG_CRIT, "ERR: Client disappeared during mail send!"); + linebuf_uninit(p->serverbuf); + return 0; + } else if (sendret){ + context_uninit(p); + linebuf_uninit(p->serverbuf); + config->emergency="Sending mail to client"; + do_log(LOG_EMERG, "ERR: Sending mail to client"); + /* we are dead now. Should not reach here. But allow it + to fall through in case LOG_EMERG is changed in the future. */ + return 1; + } + if ((strncmp(p->serverbuf->line,".",1 ) == 0 && strlen(p->serverbuf->line) == 1) || + (strncmp(p->serverbuf->line,".\r",2) == 0 && strlen(p->serverbuf->line) == 2)) gotprd=1; + sendret=writeline(p->client_fd, WRITELINE_LEADING_RN, p->serverbuf->line); + if (sendret==GETLINE_PIPE){ + do_log(LOG_CRIT, "ERR: Client disappeared during mail send!"); + linebuf_uninit(p->serverbuf); + return 0; + } else if (sendret){ + context_uninit(p); + linebuf_uninit(p->serverbuf); + config->emergency="Sending mail to client"; + do_log(LOG_EMERG, "ERR: Sending mail to client"); + /* we are dead now. Should not reach here. But allow it + to fall through in case LOG_EMERG is changed in the future. */ + return 1; + } + } + gotprd = 0; + } else { + //DROP EMAIL + close(scanfd); + scanfd = -1; + } + } + } /* that means that we have to read the mail into file */ if ((p->cksmtp && p->clientbuf->linelen == 0 && !p->header_exists) || (!p->cksmtp && p->serverbuf->linelen == 0 && !p->header_exists)){ if (p->cksmtp){ - writeline(scanfd, WRITELINE_LEADING_N, "X-" PROGNAME ": v" VERSION " by Jack S. Lai. No outbound virus detected."); - writeline(p->header_fd, WRITELINE_LEADING_N, "X-" PROGNAME ": v" VERSION " by Jack S. Lai. No outbound virus detected."); + writeline(scanfd, WRITELINE_LEADING_N, X_VIRUS_SCANNER); + writeline(p->header_fd, WRITELINE_LEADING_N, X_VIRUS_SCANNER); if(config->footer!=NULL){ len=strlen(config->footer); snprintf(fcmd, len+1, "%s 2>&1", config->footer); @@ -1991,6 +2240,7 @@ while ((fgets(line, 512, scanner))!=NULL){ if (line[0] != '\r' && line[0] != '\n'){ line[strlen(line)-1]='\0'; + writeline_format(scanfd, WRITELINE_LEADING_N,"X-" PROGNAME ": %s", line); writeline_format(p->header_fd, WRITELINE_LEADING_N,"X-" PROGNAME ": %s", line); } @@ -1999,8 +2249,8 @@ } } } else { - writeline(scanfd, WRITELINE_LEADING_N, "X-" PROGNAME ": Version " VERSION " by /"); - writeline(p->header_fd, WRITELINE_LEADING_N, "X-" PROGNAME ": Version " VERSION " by /"); + writeline(scanfd, WRITELINE_LEADING_N, X_VIRUS_SCANNER); + writeline(p->header_fd, WRITELINE_LEADING_N, X_VIRUS_SCANNER); } p->header_exists=1; /* This is the first response the client gets after "RETR/TOP", so start @@ -2060,6 +2310,7 @@ error=checktimeout(p); if (error < 0) do_log(LOG_CRIT,"ERR: Writing to client!"); } + if ((p->clientbuf->linelen==1 && p->clientbuf->line[0]=='.') || (p->serverbuf->linelen==1 && p->serverbuf->line[0]=='.')){ /* mail is complete */ error=0; @@ -2085,90 +2336,111 @@ /* Scan the file now */ scannerret=SCANNER_RET_OK; snprintf(p->maildir, 4090, "%s.dir", p->mailfile); - if (p->scannerinit > 0){ - if ((scannerret=scan_mailfile(p))==SCANNER_RET_VIRUS){ - /* virus */ - if (p->virinfo) TRIM(p->virinfo); - paramlist_set(p->params, "%VIRUSNAME%", NONULL(p->virinfo)); - paramlist_set(p->params, "%MAILFILE%", p->mailfile); - if (config->delit) paramlist_set(p->params, "%P3SCANID%", config->notify); - else paramlist_set(p->params, "%P3SCANID%", p->filename); - do_log(LOG_WARNING, "%s from %s:%s to %s:%s from %s to %s user: %s virus: %s file: %s", - paramlist_get(p->params,"%PROTOCOL%"), - paramlist_get(p->params,"%CLIENTIP%"), paramlist_get(p->params,"%CLIENTPORT%"), - paramlist_get(p->params,"%SERVERIP%"), paramlist_get(p->params,"%SERVERPORT%"), - paramlist_get(p->params,"%MAILFROM%"), paramlist_get(p->params,"%MAILTO%"), - paramlist_get(p->params,"%USERNAME%"), paramlist_get(p->params,"%VIRUSNAME%"), - paramlist_get(p->params,"%P3SCANID%") - ); - if (do_virusaction(p)!=0){ - if (p->cksmtp) { - /* Try cleaning it up again */ - do_log(LOG_CRIT,"ERR: Virusaction failed. Sending 554 and reseting smtp data sent."); - writeline_format(p->client_fd, WRITELINE_LEADING_RN, "554 %s",config->smtprset); - do_log(LOG_DEBUG,"Sending RSET to real smtp server."); - writeline_format(p->server_fd, WRITELINE_LEADING_RN, "RSET"); - writeline_format(p->server_fd, WRITELINE_LEADING_RN, "QUIT"); - } else { - do_log(LOG_CRIT,"ERR: Virusaction failed. Sending -ERR and closing pop3 connection."); - writeline_format(p->client_fd, WRITELINE_LEADING_RN,"-ERR Message %i contains a virus (%s).", p->msgnum, paramlist_get(p->params, "%VIRUSNAME%")); - } - p->ismail=0; - return 1; - }; - unset_paramsfrommailheader(p->params); - p->clientbuf->linelen=GETLINE_LINE_NULL; - p->serverbuf->linelen=GETLINE_LINE_NULL; - if (config->delit) unlink(p->mailfile); - } /* virus */ - /* see if there was a critical error */ - if (scannerret==SCANNER_RET_CRIT){ - if (!p->errmsg) do_log(LOG_CRIT,"ERR: Writing to client!"); - /* exact error already reported so kill the child. This - should get the sysadmins attention. */ - p->ismail=0; - return 1; - } - }else scannerret=SCANNER_RET_ERR; /* ! error */ - - if (scannerret!=SCANNER_RET_VIRUS){ /* send mail if no virus */ - if (scannerret==SCANNER_RET_ERR){ - do_log(LOG_ALERT, "ERR: We can't say if it is a virus! So we have to give the client the mail! You should check your configuration/system"); - context_uninit(p); - config->emergency="Scanner returned unexpected error code. You should check your configuration/system."; - do_log(LOG_EMERG, "ERR: Scanner returned unexpected error code. You should check your configuration/system."); - /* We are dead now. Don't let virus mails pass */ - } - /* no virus / error / scanning disabled */ - do_log(LOG_DEBUG, "Scanning done, sending mail now."); - p->ismail=5; - if (p->cksmtp){ - do_log(LOG_DEBUG, "Sending DATA to server."); - if (writeline(p->server_fd, WRITELINE_LEADING_RN, "DATA")){ - do_log(LOG_CRIT, "ERR: Can't send DATA to server!"); - return 1; - } - p->serverbuf->linelen=GETLINE_LINE_NULL; /* assume 354 from server */ - do_log(LOG_DEBUG, "Sending smtp message to server."); - if ((len=send_mailfile(p->mailfile, p->server_fd, p))<0){ - do_log(LOG_CRIT, "ERR: Can't submit mail! We have to quit now!"); - p->ismail=0; - return 1; - } - } else { - if ((len=send_mailfile(p->mailfile, p->client_fd, p))<0){ - do_log(LOG_CRIT, "ERR: Can't send mail! We have to quit now!"); - p->ismail=0; - return 1; - } + if(scanfd == -1) { + if (do_oversizedaction(p)!=0){ + do_log(LOG_CRIT,"ERR: Oversizedaction failed. Sending -ERR and closing pop3 connection."); + writeline_format(p->client_fd, WRITELINE_LEADING_RN,"-ERR Message %i is too big (%d).", p->msgnum, p->mailsize); } - do_log(LOG_DEBUG, "Sending done."); p->ismail=0; p->bytecount+=len; p->serverbuf->linelen=GETLINE_LINE_NULL; linebuf_zero(p->serverbuf); trapdata=0; unlink(p->mailfile); /* we do not unlink virusmails, so only here */ + } else if(p->passthrough == 1) { + p->ismail=0; + p->bytecount+=len; + p->serverbuf->linelen=GETLINE_LINE_NULL; + linebuf_zero(p->serverbuf); + trapdata=0; + unlink(p->mailfile); /* we do not unlink virusmails, so only here */ + } else { + if (p->scannerinit > 0){ + if ((scannerret=scan_mailfile(p))==SCANNER_RET_VIRUS){ + /* virus */ + if (p->virinfo) TRIM(p->virinfo); + paramlist_set(p->params, "%VIRUSNAME%", NONULL(p->virinfo)); + paramlist_set(p->params, "%MAILFILE%", p->mailfile); + if (config->delit) paramlist_set(p->params, "%P3SCANID%", config->notify); + else paramlist_set(p->params, "%P3SCANID%", p->filename); + do_log(LOG_WARNING, "%s from %s:%s to %s:%s from %s to %s user: %s virus: %s file: %s", + paramlist_get(p->params,"%PROTOCOL%"), + paramlist_get(p->params,"%CLIENTIP%"), paramlist_get(p->params,"%CLIENTPORT%"), + paramlist_get(p->params,"%SERVERIP%"), paramlist_get(p->params,"%SERVERPORT%"), + paramlist_get(p->params,"%MAILFROM%"), paramlist_get(p->params,"%MAILTO%"), + paramlist_get(p->params,"%USERNAME%"), paramlist_get(p->params,"%VIRUSNAME%"), + paramlist_get(p->params,"%P3SCANID%") + ); + if (do_virusaction(p)!=0){ + if (p->cksmtp) { + /* Try cleaning it up again */ + do_log(LOG_CRIT,"ERR: Virusaction failed. Sending 554 and reseting smtp data sent."); + writeline_format(p->client_fd, WRITELINE_LEADING_RN, "554 %s",config->smtprset); + do_log(LOG_DEBUG,"Sending RSET to real smtp server."); + writeline_format(p->server_fd, WRITELINE_LEADING_RN, "RSET"); + writeline_format(p->server_fd, WRITELINE_LEADING_RN, "QUIT"); + } else { + do_log(LOG_CRIT,"ERR: Virusaction failed. Sending -ERR and closing pop3 connection."); + writeline_format(p->client_fd, WRITELINE_LEADING_RN,"-ERR Message %i contains a virus (%s).", p->msgnum, paramlist_get(p->params, "%VIRUSNAME%")); + } + p->ismail=0; + return 1; + }; + unset_paramsfrommailheader(p->params); + p->clientbuf->linelen=GETLINE_LINE_NULL; + p->serverbuf->linelen=GETLINE_LINE_NULL; + if (config->delit) unlink(p->mailfile); + } /* virus */ + /* see if there was a critical error */ + if (scannerret==SCANNER_RET_CRIT){ + if (!p->errmsg) do_log(LOG_CRIT,"ERR: Writing to client!"); + /* exact error already reported so kill the child. This + should get the sysadmins attention. */ + p->ismail=0; + return 1; + } + }else scannerret=SCANNER_RET_ERR; /* ! error */ + + if (scannerret!=SCANNER_RET_VIRUS){ /* send mail if no virus */ + if (scannerret==SCANNER_RET_ERR){ + do_log(LOG_ALERT, "ERR: We can't say if it is a virus! So we have to give the client the mail! You should check your configuration/system"); + context_uninit(p); + config->emergency="Scanner returned unexpected error code. You should check your configuration/system."; + do_log(LOG_EMERG, "ERR: Scanner returned unexpected error code. You should check your configuration/system."); + /* We are dead now. Don't let virus mails pass */ + } + /* no virus / error / scanning disabled */ + do_log(LOG_DEBUG, "Scanning done, sending mail now."); + p->ismail=5; + if (p->cksmtp){ + do_log(LOG_DEBUG, "Sending DATA to server."); + if (writeline(p->server_fd, WRITELINE_LEADING_RN, "DATA")){ + do_log(LOG_CRIT, "ERR: Can't send DATA to server!"); + return 1; + } + p->serverbuf->linelen=GETLINE_LINE_NULL; /* assume 354 from server */ + do_log(LOG_DEBUG, "Sending smtp message to server."); + if ((len=send_mailfile(p->mailfile, p->server_fd, p, 1))<0){ + do_log(LOG_CRIT, "ERR: Can't submit mail! We have to quit now!"); + p->ismail=0; + return 1; + } + } else { + if ((len=send_mailfile(p->mailfile, p->client_fd, p, 1))<0){ + do_log(LOG_CRIT, "ERR: Can't send mail! We have to quit now!"); + p->ismail=0; + return 1; + } + } + do_log(LOG_DEBUG, "Sending done."); + p->ismail=0; + p->bytecount+=len; + //FIXME + p->serverbuf->linelen=GETLINE_LINE_NULL; + linebuf_zero(p->serverbuf); + trapdata=0; + unlink(p->mailfile); /* we do not unlink virusmails, so only here */ + } } close(p->header_fd); unlink(p->p3shdrfile); @@ -2264,6 +2536,7 @@ " -C, --checksize=NUM Number (in KBytes) of the maximum smtp message size.\n" " -d, --debug Turn on debugging. See " CONFIGFILE " for recommended\n" " debug procedure.\n" + " -D --maxmailsize=NUM Maximum Mailsize for POP3\n" " -e, --extra=ADDR Extra notification of recipient's email address\n" " -E, --emailport=PORT Port to check smtp (email) submissions on\n" " -f, --configfile=FILE Specify a configfile\n" @@ -2300,6 +2573,7 @@ " -P, --targetport=PORT Connect to port . Default: %i\n" " Ignored in transparent proxy mode\n" " -q, --quiet Turn off normal reporting\n" + " -Q, Quaranaine Dir\n" " -r, --virusdir=DIR Save infected mails in \n" " Default: " VIRUS_DIR "\n" " -R, --smtprset Change smtp reject message line\n" @@ -2325,6 +2599,7 @@ " -v, --version Prints version information\n" " -x, --demime eXtract all MIME-Parts before scanning\n" " -X, --xmail=FILE Xtra notification rcpt mail pgm. Default: " XMAIL "\n" + " -y --passmailsize=NUM Drop oversized Mails (1) or passthrough (0). Default (0)\n" " -z, --spamcheck=FILE Specify path to Spam Checking program executable\n" " Default /usr/bin/spamc (Mail::SpamAssassin)\n" "\n" @@ -2353,6 +2628,7 @@ { "viruscode", required_argument, NULL, 'c' }, { "checksize", required_argument, NULL, 'C' }, { "debug", no_argument, NULL, 'd' }, + { "maxmailsize", required_argument, NULL, 'D' }, { "extra", required_argument, NULL, 'e' }, { "emailport", required_argument, NULL, 'E' }, { "configfile", required_argument, NULL, 'f' }, @@ -2377,6 +2653,7 @@ { "port", required_argument, NULL, 'p' }, { "targetport", required_argument, NULL, 'P' }, { "quiet", no_argument, NULL, 'q' }, + { "quarantine", required_argument, NULL, 'Q' }, { "virusdir", required_argument, NULL, 'r' }, { "smtprset", required_argument, NULL, 'R' }, { "scanner", required_argument, NULL, 's' }, @@ -2390,13 +2667,14 @@ { "demime", no_argument, NULL, 'x' }, #endif { "xmail", required_argument, NULL, 'X' }, + { "passmailsize", required_argument, NULL, 'y' }, { "spamcheck", required_argument, NULL, 'z' }, { NULL, no_argument, NULL, 0 } }; #ifdef DEMIME - char getoptparam[] = "hvf:a:Ab:Bc:C:de:F:g:G:i:I:jJkK:l:L:m:M:n:N:o:O:p:P:qr:R:s:S:t:T:u:UxX:z:"; + char getoptparam[] = "hvf:a:Ab:Bc:C:dD:e:F:g:G:i:I:jJkK:l:L:m:M:n:N:o:O:p:P:qr:R:s:S:t:T:u:UxX:z:Q:"; #else - char getoptparam[] = "hvf:a:Ab:Bc:C:de:F:g:G:i:I:jJkK:l:L:m:M:n:N:o:O:p:P:qr:R:s:S:t:T:u:UX:z:"; + char getoptparam[] = "hvf:a:Ab:Bc:C:dD:e:F:g:G:i:I:jJkK:l:L:m:M:n:N:o:O:p:P:qr:R:s:S:t:T:u:UX:z:"; #endif void switchoption(char opt, char * arg, char * optstr, char * where, int state){ char *next_tok; @@ -2586,6 +2864,9 @@ case 'q': /* quiet */ config->quiet=1; break; + case 'Q': /* quarantine directory, added for PA */ + config->quarantinedir = arg; + break; case 'u': /* Run as User */ config->runasuser=arg; /* getpwnam will also accept UID's, so we need no converting*/ @@ -2685,7 +2966,10 @@ i=strtol(arg, &rest, 10); config->freespace=(int)i; break; - case 'C': /* Check SMTP size */ + case 'D': /*max mail size */ + i=strtol(arg, &rest, 10); + config->maxmailsize=(int)i; + case 'C': /* Check SMTP size */ i=strtol(arg, &rest, 10); config->smtpsize=(int)i; break; @@ -2707,6 +2991,14 @@ case 'M': /* ISP marked as SPAM */ config->ispspam = arg; break; + case 'y': /*Drop max mail size */ + i=strtol(arg, &rest, 10); + config->passmailsize=(int)i; + if (config->passmailsize != 0 && config->passmailsize != 1){ + fprintf(stderr, "%s passmailsize '%s' is not supported", where, arg); + error=1; + } + break; default: fprintf(stderr, "%s Option '%s' isn't known\n", where, optstr); @@ -2746,6 +3038,7 @@ config->virusdirbase=NULL; config->notifydir=NULL; config->virustemplate=NULL; + config->oversizedtemplate=NULL; config->virusscanner=NULL; config->demime=0; config->pidfile=NULL; @@ -2771,6 +3064,8 @@ config->enabletop=0; config->emergcon=NULL; config->emergency=NULL; + config->maxmailsize=MAXMAILSIZE; + config->passmailsize=1; /* parse line args, but for the first time only configfile/version/help */ parseargs(argc, argv, "\t[cmdlineparm]", CONFIG_STATE_CMDPRE); /* parse configfile */ @@ -2832,6 +3127,7 @@ SETIFNULL(config->virusdir, config->virusdirbase ); SETIFNULL(config->notifydir, NOTIFY_MAIL_DIR); SETIFNULL(config->virustemplate, VIRUS_TEMPLATE); + SETIFNULL(config->oversizedtemplate, OVERSIZED_TEMPLATE); SETIFNULL(config->virusscanner, VIRUS_SCANNER); SETIFNULL(config->pidfile, PID_FILE); SETIFNULL(config->syslogname, SYSLOG_NAME); @@ -2889,6 +3185,9 @@ unsigned long kbfree; struct statvfs fs; + pa_stat.total = pa_stat_getcnt("pop3mail"); + pa_stat.spam = pa_stat_getcnt("pop3spam_pass"); + pa_stat.virus = pa_stat_getcnt("pop3virus"); w_memory_init(); // We need to initialize our memory allocation routines parseoptions(argc, argv); @@ -2969,6 +3268,11 @@ if(config->delit) do_log(LOG_DEBUG,"justdelete: enabled"); else do_log(LOG_DEBUG,"justdelete: disabled"); do_log(LOG_DEBUG,"bytesfree: %lu",config->freespace); + do_log(LOG_DEBUG,"maxmailsize: %lu",config->maxmailsize); + if(!config->passmailsize) + do_log(LOG_DEBUG,"Drop oversized Messages: YES"); + else + do_log(LOG_DEBUG,"Pass oversized Messages: YES"); #ifdef DEMIME if(config->demime) do_log(LOG_DEBUG,"demime: enabled"); else do_log(LOG_DEBUG,"demime: disabled"); @@ -2988,6 +3292,7 @@ if(config->quiet) do_log(LOG_DEBUG,"quiet: enabled"); else do_log(LOG_DEBUG,"quiet: disabled"); if(strlen(NONULL(config->virustemplate))) do_log(LOG_DEBUG,"template: %s",config->virustemplate); + if(strlen(NONULL(config->oversizedtemplate))) do_log(LOG_DEBUG,"template: %s",config->oversizedtemplate); if(strlen(NONULL(config->subject))) do_log(LOG_DEBUG,"subject: %s",config->subject); if(strlen(NONULL(config->notify))) do_log(LOG_DEBUG,"notify: %s",config->notify); if(strlen(NONULL(config->extra))) do_log(LOG_DEBUG,"extra: %s",config->extra); @@ -3041,25 +3346,33 @@ do_log(LOG_EMERG, "ERR: Unable to get available space!"); return SCANNER_RET_CRIT; // Should never reach here, but keep it clean. :) } + /* Catch Space from SpaceDaemon */ + if(! (config->spacedaemon = pasd_request(pasd_client_type_pop3, config->maxmailsize))) + { + config->emergency=make_message("PA-SpaceDaemon returned: %s", pasd_errstr); + do_log(LOG_EMERG, "PA-SpaceDaemon returned: %s", pasd_errstr); + exit(0); + } if (fs.f_bsize==1024) kbfree=fs.f_bavail; else kbfree=fs.f_bsize * (fs.f_bavail / 1024) + fs.f_bavail%1024 * fs.f_bsize / 1024; - if (config->freespace != 0 && kbfree < config->freespace){ + /** + if (config->freespace != 0 && kbfree < config->freespace / 1024){ config->emergency=make_message("Not enough space! Available space: %lu", kbfree); do_log(LOG_EMERG, "ERR: Not enough space! Available space: %lu", kbfree); do_sigterm_proxy(1); exit(0); } - + */ virusdirlen=strlen(config->virusdirbase)+20; config->virusdir=w_malloc(virusdirlen); - snprintf(config->virusdir, virusdirlen, "%s/children/%d/", config->virusdirbase,getpid()); + snprintf(config->virusdir, virusdirlen, "%s/p3scan-%d/", config->virusdirbase,getpid()); do_log(LOG_DEBUG, "setting the virusdir to %s", config->virusdir); if(clean_child_directory(getpid())){ config->emergency="Error calling clean child directory!"; do_log(LOG_EMERG, "ERR: Error calling clean child directory!"); } - if((mkdir (config->virusdir, S_IRWXU)<0)){ + if((mkdir (config->virusdir, S_IRWXU | S_IRWXO | S_IRWXG )<0)){ config->emergency=make_message("Could not create virusdir %s", config->virusdir); do_log(LOG_EMERG,"ERR: Could not create virusdir %s",config->virusdir); } @@ -3090,6 +3403,9 @@ responsemsg=strdup("Critical abort"); }else responsemsg=strdup("Clean Exit"); + /* Release Space from SpaceDaemon */ + pasd_release(config->spacedaemon); + if (config->scannerenabled){ do_log(LOG_NOTICE, "Session done (%s). Mails: %i Bytes: %lu", responsemsg, p->mailcount, p->bytecount); @@ -3107,3 +3423,4 @@ do_sigterm_main(-1); return 0; } + diff -Naur p3scan-2.3.2-orig/p3scan-en.mail p3scan-2.3.2/p3scan-en.mail --- p3scan-2.3.2-orig/p3scan-en.mail 2008-02-05 12:37:59.000000000 +0100 +++ p3scan-2.3.2/p3scan-en.mail 2008-02-05 12:38:28.000000000 +0100 @@ -3,16 +3,11 @@ Content-Type: text/plain; charset="iso-8859-1" -Hello %USERNAME%. -This message body was generated automatically from P3Scan, which runs on -%HOSTNAME%.%DOMAINNAME% for scanning all incoming email. +Hello, -It replaces the body of a message sent to you that contained a VIRUS! +This mail was generated automatically by funkwerk UTM. +In a mail sent to you a virus has been found. -Instead of the infected email this message has been sent to you. - -You may look at the message header of this message for the complete -email header information of the infected message. Virus name: %VIRUSNAME% @@ -26,11 +21,5 @@ %SUBJECT% Connection data: %PROTOCOL% from %CLIENTIP%:%CLIENTPORT% to %SERVERIP%:%SERVERPORT% -Message File: - %P3SCANID% -Virus Definition Info: - %VDINFO% --- -%PROGNAME% %VERSION% -by Jack S. Lai + . diff -Naur p3scan-2.3.2-orig/p3scan.h p3scan-2.3.2/p3scan.h --- p3scan-2.3.2-orig/p3scan.h 2008-02-05 12:37:59.000000000 +0100 +++ p3scan-2.3.2/p3scan.h 2008-02-05 12:38:28.000000000 +0100 @@ -37,6 +37,7 @@ #ifndef _P3SCAN_H #define _P3SCAN_H +#include "pa/spaced.h" #include /* do_log */ #include /* config */ #include "getline_ssl.h" @@ -112,12 +113,14 @@ #define SYSLOG_NAME "p3scan" #define CONFIGFILE "/etc/p3scan/p3scan.conf" #define VIRUS_TEMPLATE "/etc/p3scan/p3scan.mail" +#define OVERSIZED_TEMPLATE "/etc/p3scan-over.mail" #define DEBUG 0 #define QUIET 0 #define OVERWRITE NULL #define CHECKSPAM 0 #define SPAMCHECK "/usr/bin/spamc" #define MINSPACE 10000 +#define MAXMAILSIZE 100000 #define DELIT 0 #define SUBJECT "[Virus] found in a mail to you:" #define NOTIFY "Per instruction, the message has been deleted." @@ -138,6 +141,7 @@ #undef DEBUG_SCANNING /* print message lines while scanning */ #undef DEBUG_FOOTER /* print virus scanner version info */ #undef DEBUG_SMTP /* print smtp messages lines */ +#define X_VIRUS_SCANNER "X-Virus-Scanner: funkwerk UTM" /* undef this to not use the ripmime library You also need to change the symlink for Makefile to the proper @@ -186,6 +190,8 @@ struct paramlist *params; int mailcount; unsigned long bytecount; + unsigned long mailsize; + int passthrough; int gobogus; int boguspos; int hdrdate; @@ -235,6 +241,7 @@ char * virusdirbase; char * virusdir; char * notifydir; + char * oversizedtemplate; char * virustemplate; char * virusscanner; int viruscode[MAX_VIRUS_CODES + 1]; @@ -255,6 +262,8 @@ int checkspam; char * spamcheck; unsigned long freespace; + unsigned long maxmailsize; + int passmailsize; int delit; int ispam; int broken; @@ -277,6 +286,8 @@ int useurl; char * emergcon; char * emergency; + char * quarantinedir; + pasd_handle_t *spacedaemon; /* Handle for PA-Spacedaemon */ } configuration_t; extern void do_log(int level, const char *fmt,...); diff -Naur p3scan-2.3.2-orig/p3scan-over.mail p3scan-2.3.2/p3scan-over.mail --- p3scan-2.3.2-orig/p3scan-over.mail 1970-01-01 01:00:00.000000000 +0100 +++ p3scan-2.3.2/p3scan-over.mail 2008-02-05 12:38:28.000000000 +0100 @@ -0,0 +1,24 @@ +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Content-Type: text/plain; + charset="iso-8859-1" + +Hello, + +This mail was generated automatically by funkwerk UTM. +A mail sent to you exceeded the maximum size. + + +(Supposed) Sender of the email: + %MAILFROM% +Sent To: + %MAILTO% +On Date: + %MAILDATE% +Subject: + %SUBJECT% +Connection data: + %PROTOCOL% from %CLIENTIP%:%CLIENTPORT% to %SERVERIP%:%SERVERPORT% + +. + diff -Naur p3scan-2.3.2-orig/scanner_dummy.c p3scan-2.3.2/scanner_dummy.c --- p3scan-2.3.2-orig/scanner_dummy.c 1970-01-01 01:00:00.000000000 +0100 +++ p3scan-2.3.2/scanner_dummy.c 2008-02-05 12:38:28.000000000 +0100 @@ -0,0 +1,32 @@ +/** + * This file provides a dummy scanner for the PacketAlarm integration. The + * scanner is used when the user disables virus checks. + */ + +#include +#include +#include +#include + +#include "p3scan.h" + +struct configuration_t * config; + + + +static int scan(struct proxycontext *p, char **virname) +{ + return(SCANNER_RET_OK); +} + + +scanner_t scanner_dummy = { + "dummy", + "dummy scanner for PacketAlarm", + NULL, + NULL, + &scan, + NULL, + NULL, + 0 /* dirscan, not supported by pa-scanqd */ +}; diff -Naur p3scan-2.3.2-orig/scanner.h p3scan-2.3.2/scanner.h --- p3scan-2.3.2-orig/scanner.h 2008-02-05 12:37:59.000000000 +0100 +++ p3scan-2.3.2/scanner.h 2008-02-05 12:38:28.000000000 +0100 @@ -45,6 +45,9 @@ extern scanner_t scanner_trophie; extern scanner_t scanner_clamd; extern scanner_t scanner_bash; +extern scanner_t scanner_pascanqd; +extern scanner_t scanner_dummy; + scanner_t *scannerlist[] = { &scanner_basic, /* first one is default */ @@ -53,6 +56,8 @@ &scanner_trophie, &scanner_clamd, &scanner_bash, + &scanner_pascanqd, + &scanner_dummy, NULL }; diff -Naur p3scan-2.3.2-orig/scanner_pascanqd.c p3scan-2.3.2/scanner_pascanqd.c --- p3scan-2.3.2-orig/scanner_pascanqd.c 1970-01-01 01:00:00.000000000 +0100 +++ p3scan-2.3.2/scanner_pascanqd.c 2008-02-05 12:38:28.000000000 +0100 @@ -0,0 +1,63 @@ +/** + * This file provides the integration of the pa-scanqd frontend into the + * p3scan transparent POP3 proxy + */ + +#include +#include +#include +#include + +#include "p3scan.h" +#include + +struct configuration_t * config; + + + +static int scan(struct proxycontext *p, char **virname) +{ + int res; + int ret; + char info[200], src[16], dst[16]; + + do_log(LOG_DEBUG, "pa-scanqd frontend"); + strcpy(src, inet_ntoa((struct in_addr)p->client_addr.sin_addr)); + strcpy(dst, inet_ntoa((struct in_addr)p->server_addr.sin_addr)); + snprintf(info, sizeof(info), "Client: %s, Server: %s", src, dst); + res = pa_virus_scan("POP3", p->scanthis, info); + if(res < 0) + { + do_log(LOG_ERR, "pa-scanqd failed: %s", pa_virus_errstr()); + ret = SCANNER_RET_ERR; + *virname = NULL; + } + else if(res == 0) + { + do_log(LOG_DEBUG, "pa-scanqd found virus: %s", pa_virus_name()); + ret = SCANNER_RET_VIRUS; + *virname = strdup(pa_virus_name()); + } + else + { + do_log(LOG_DEBUG, "pa-scanqd file is clean"); + ret = SCANNER_RET_OK; + *virname = NULL; + } + + do_log(LOG_DEBUG, "pa_scanqd finished"); + return(ret); + +} + + +scanner_t scanner_pascanqd = { + "pascanqd", + "pa-scanqd frontend", + NULL, + NULL, + &scan, + NULL, + NULL, + 0 /* dirscan, not supported by pa-scanqd */ +};