2
* Copyright (C) 2007-2009 Sourcefire, Inc.
4
* Authors: Tomasz Kojm, Trog, Török Edvin
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
23
#include "clamav-config.h"
32
#include <sys/types.h>
34
#include <sys/socket.h>
36
#include <sys/resource.h>
37
#include <arpa/inet.h>
45
#include <stdio_ext.h>
47
#include "libclamav/clamav.h"
49
#include "shared/output.h"
50
#include "shared/optparser.h"
51
#include "shared/misc.h"
59
#include "libclamav/others.h"
60
#include "libclamav/readdb.h"
61
#include "libclamav/cltypes.h"
66
pthread_mutex_t exit_mutex = PTHREAD_MUTEX_INITIALIZER;
68
time_t reloaded_time = 0;
69
pthread_mutex_t reload_mutex = PTHREAD_MUTEX_INITIALIZER;
71
extern pthread_mutex_t logg_mutex;
72
static struct cl_stat dbstat;
74
void *event_wake_recv = NULL;
75
void *event_wake_accept = NULL;
77
static void scanner_thread(void *arg)
79
client_conn_t *conn = (client_conn_t *) arg;
84
int virus=0, errors = 0;
87
/* ignore all signals */
89
/* The behavior of a process is undefined after it ignores a
90
* SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */
91
sigdelset(&sigset, SIGFPE);
92
sigdelset(&sigset, SIGILL);
93
sigdelset(&sigset, SIGSEGV);
95
sigdelset(&sigset, SIGBUS);
97
sigdelset(&sigset, SIGTSTP);
98
sigdelset(&sigset, SIGCONT);
99
pthread_sigmask(SIG_SETMASK, &sigset, NULL);
102
ret = command(conn, &virus);
104
pthread_mutex_lock(&exit_mutex);
106
pthread_mutex_unlock(&exit_mutex);
111
thrmgr_setactiveengine(NULL);
114
free(conn->filename);
115
logg("$Finished scanthread\n");
116
if (thrmgr_group_finished(conn->group, virus ? EXIT_OTHER :
117
errors ? EXIT_ERROR : EXIT_OK)) {
118
logg("$Scanthread: connection shut down (FD %d)\n", conn->sd);
119
/* close connection if we were last in group */
120
shutdown(conn->sd, 2);
121
closesocket(conn->sd);
123
cl_engine_free(conn->engine);
128
static int syncpipe_wake_recv_w = -1;
130
void sighandler_th(int sig)
155
break; /* Take no action on other signals - e.g. SIGPIPE */
157
/* a signal doesn't always wake poll(), for example on FreeBSD */
158
if (action && syncpipe_wake_recv_w != -1)
159
if (write(syncpipe_wake_recv_w, "", 1) != 1)
160
logg("$Failed to write to syncpipe\n");
163
static struct cl_engine *reload_db(struct cl_engine *engine, unsigned int dboptions, const struct optstruct *opts, int do_check, int *ret)
167
unsigned int sigs = 0;
168
struct cl_settings *settings = NULL;
172
if(!dbstat.entries) {
173
logg("No stats for Database check - forcing reload\n");
177
if(cl_statchkdir(&dbstat) == 1) {
178
logg("SelfCheck: Database modification detected. Forcing reload.\n");
181
logg("SelfCheck: Database status OK.\n");
186
/* release old structure */
188
/* copy current settings */
189
settings = cl_engine_settings_copy(engine);
191
logg("^Can't make a copy of the current engine settings\n");
193
thrmgr_setactiveengine(NULL);
194
cl_engine_free(engine);
197
dbdir = optget(opts, "DatabaseDirectory")->strarg;
198
logg("Reading databases from %s\n", dbdir);
201
cl_statfree(&dbstat);
203
memset(&dbstat, 0, sizeof(struct cl_stat));
204
if((retval = cl_statinidir(dbdir, &dbstat))) {
205
logg("!cl_statinidir() failed: %s\n", cl_strerror(retval));
208
cl_engine_settings_free(settings);
212
if(!(engine = cl_engine_new())) {
213
logg("!Can't initialize antivirus engine\n");
216
cl_engine_settings_free(settings);
221
retval = cl_engine_settings_apply(engine, settings);
222
if(retval != CL_SUCCESS) {
223
logg("^Can't apply previous engine settings: %s\n", cl_strerror(retval));
224
logg("^Using default engine settings\n");
226
cl_engine_settings_free(settings);
229
if((retval = cl_load(dbdir, engine, &sigs, dboptions))) {
230
logg("!reload db failed: %s\n", cl_strerror(retval));
231
cl_engine_free(engine);
236
if((retval = cl_engine_compile(engine)) != 0) {
237
logg("!Database initialization error: can't compile engine: %s\n", cl_strerror(retval));
238
cl_engine_free(engine);
242
logg("Database correctly reloaded (%u signatures)\n", sigs);
244
thrmgr_setactiveengine(engine);
249
* zCOMMANDS are delimited by \0
250
* nCOMMANDS are delimited by \n
251
* Old-style non-prefixed commands are one packet, optionally delimited by \n,
252
* with trailing \r|\n ignored
254
static const char *get_cmd(struct fd_buf *buf, size_t off, size_t *len, char *term, int *oldstyle)
257
if (!buf->off || off >= buf->off) {
263
switch (buf->buffer[off]) {
264
/* commands terminated by delimiters */
268
pos = memchr(buf->buffer + off, *term, buf->off - off);
270
/* we don't have another full command yet */
276
*len = cli_chomp(buf->buffer + off);
278
*len = pos - buf->buffer - off;
281
return buf->buffer + off + 1;
283
/* one packet = one command */
286
pos = memchr(buf->buffer, '\n', buf->off);
288
*len = pos - buf->buffer;
292
buf->buffer[buf->off] = '\0';
294
cli_chomp(buf->buffer);
302
struct fd_data recv_fds;
303
pthread_cond_t cond_nfds;
306
int syncpipe_wake_recv[2];
307
int syncpipe_wake_accept[2];
310
#define ACCEPTDATA_INIT(mutex1, mutex2) { FDS_INIT(mutex1), FDS_INIT(mutex2), PTHREAD_COND_INITIALIZER, 0, 0, {-1, -1}, {-1, -1}}
312
static void *acceptloop_th(void *arg)
314
char buff[BUFFSIZE + 1];
316
struct acceptdata *data = (struct acceptdata*)arg;
317
struct fd_data *fds = &data->fds;
318
struct fd_data *recv_fds = &data->recv_fds;
319
int max_queue = data->max_queue;
320
int commandtimeout = data->commandtimeout;
322
pthread_mutex_lock(fds->buf_mutex);
324
/* Block waiting for data to become available for reading */
325
int new_sd = fds_poll_recv(fds, -1, 0, event_wake_accept);
327
ResetEvent(event_wake_accept);
329
/* TODO: what about sockets that get rm-ed? */
331
/* no more sockets to poll, all gave an error */
332
logg("!Main socket gone: fatal\n");
336
if (new_sd == -1 && errno != EINTR) {
337
logg("!Failed to poll sockets, fatal\n");
338
pthread_mutex_lock(&exit_mutex);
340
pthread_mutex_unlock(&exit_mutex);
345
for (i=0;i < fds->nfds && new_sd >= 0; i++) {
346
struct fd_buf *buf = &fds->buf[i];
347
if (!buf->got_newdata)
350
if (buf->fd == data->syncpipe_wake_accept[0]) {
351
/* dummy sync pipe, just to wake us */
352
if (read(buf->fd, buff, sizeof(buff)) < 0) {
353
logg("^Syncpipe read failed\n");
358
if (buf->got_newdata == -1) {
359
logg("$Acceptloop closed FD: %d\n", buf->fd);
360
shutdown(buf->fd, 2);
361
closesocket(buf->fd);
366
/* don't accept unlimited number of connections, or
367
* we'll run out of file descriptors */
368
pthread_mutex_lock(recv_fds->buf_mutex);
369
while (recv_fds->nfds > (unsigned)max_queue) {
370
pthread_mutex_lock(&exit_mutex);
372
pthread_mutex_unlock(&exit_mutex);
375
pthread_mutex_unlock(&exit_mutex);
376
pthread_cond_wait(&data->cond_nfds, recv_fds->buf_mutex);
378
pthread_mutex_unlock(recv_fds->buf_mutex);
380
pthread_mutex_lock(&exit_mutex);
382
pthread_mutex_unlock(&exit_mutex);
385
pthread_mutex_unlock(&exit_mutex);
387
/* listen only socket */
388
new_sd = accept(fds->buf[i].fd, NULL, NULL);
393
flags = fcntl(new_sd, F_GETFL, 0);
395
if (fcntl(new_sd, F_SETFL, flags | O_NONBLOCK) == -1) {
396
logg("^Can't set socket to nonblocking mode, errno %d\n",
400
logg("^Can't get socket flags, errno %d\n", errno);
403
logg("^Nonblocking sockets not available!\n");
405
logg("$Got new connection, FD %d\n", new_sd);
406
pthread_mutex_lock(recv_fds->buf_mutex);
407
ret = fds_add(recv_fds, new_sd, 0, commandtimeout);
408
pthread_mutex_unlock(recv_fds->buf_mutex);
411
logg("!fds_add failed\n");
416
/* notify recvloop */
418
SetEvent(event_wake_recv);
420
if (write(data->syncpipe_wake_recv[1], "", 1) == -1) {
421
logg("!write syncpipe failed\n");
425
} else if (errno != EINTR) {
426
/* very bad - need to exit or restart */
427
#ifdef HAVE_STRERROR_R
428
strerror_r(errno, buff, BUFFSIZE);
429
logg("!accept() failed: %s\n", buff);
431
logg("!accept() failed\n");
433
/* give the poll loop a chance to close disconnected FDs */
439
/* handle progexit */
440
pthread_mutex_lock(&exit_mutex);
442
pthread_mutex_unlock(&exit_mutex);
445
pthread_mutex_unlock(&exit_mutex);
447
pthread_mutex_unlock(fds->buf_mutex);
449
if (sd_listen_fds(0) == 0)
451
/* only close the sockets, when not using systemd socket activation */
452
for (i=0;i < fds->nfds; i++)
454
if (fds->buf[i].fd == -1)
456
logg("$Shutdown: closed fd %d\n", fds->buf[i].fd);
457
shutdown(fds->buf[i].fd, 2);
458
closesocket(fds->buf[i].fd);
463
pthread_mutex_destroy(fds->buf_mutex);
464
pthread_mutex_lock(&exit_mutex);
466
pthread_mutex_unlock(&exit_mutex);
468
SetEvent(event_wake_recv);
470
if (write(data->syncpipe_wake_recv[1], "", 1) < 0) {
471
logg("$Syncpipe write failed\n");
477
static const char* parse_dispatch_cmd(client_conn_t *conn, struct fd_buf *buf, size_t *ppos, int *error, const struct optstruct *opts, int readtimeout)
479
const char *cmd = NULL;
485
/* Parse & dispatch commands */
486
while ((conn->mode == MODE_COMMAND) &&
487
(cmd = get_cmd(buf, pos, &cmdlen, &term, &oldstyle)) != NULL) {
488
const char *argument;
489
enum commands cmdtype;
490
if (conn->group && oldstyle) {
491
logg("$Received oldstyle command inside IDSESSION: %s\n", cmd);
492
conn_reply_error(conn, "Only nCMDS\\n and zCMDS\\0 are accepted inside IDSESSION.");
496
cmdtype = parse_command(cmd, &argument, oldstyle);
497
logg("$got command %s (%u, %u), argument: %s\n",
498
cmd, (unsigned)cmdlen, (unsigned)cmdtype, argument ? argument : "");
499
if (cmdtype == COMMAND_FILDES) {
500
if (buf->buffer + buf->off <= cmd + strlen("FILDES\n")) {
501
/* we need the extra byte from recvmsg */
502
conn->mode = MODE_WAITANCILL;
503
buf->mode = MODE_WAITANCILL;
505
buf->buffer[pos + cmdlen] = term;
507
logg("$RECVTH: mode -> MODE_WAITANCILL\n");
510
/* eat extra \0 for controlmsg */
512
logg("$RECVTH: FILDES command complete\n");
517
if ((rc = execute_or_dispatch_command(conn, cmdtype, argument)) < 0) {
518
logg("!Command dispatch failed\n");
519
if(rc == -1 && optget(opts, "ExitOnOOM")->enabled) {
520
pthread_mutex_lock(&exit_mutex);
522
pthread_mutex_unlock(&exit_mutex);
526
if (thrmgr_group_need_terminate(conn->group)) {
527
logg("$Receive thread: have to terminate group\n");
528
*error = CL_ETIMEOUT;
531
if (*error || !conn->group || rc) {
532
if (rc && thrmgr_group_finished(conn->group, EXIT_OK)) {
533
logg("$Receive thread: closing conn (FD %d), group finished\n", conn->sd);
534
/* if there are no more active jobs */
535
shutdown(conn->sd, 2);
536
closesocket(conn->sd);
539
} else if (conn->mode != MODE_STREAM) {
540
logg("$mode -> MODE_WAITREPLY\n");
541
/* no more commands are accepted */
542
conn->mode = MODE_WAITREPLY;
543
/* Stop monitoring this FD, it will be closed either
544
* by us, or by the scanner thread.
545
* Never close a file descriptor that is being
546
* monitored by poll()/select() from another thread,
547
* because this can lead to subtle bugs such as:
548
* Other thread closes file descriptor -> POLLHUP is
549
* set, but the poller thread doesn't wake up yet.
550
* Another client opens a connection and sends some
551
* data. If the socket reuses the previous file descriptor,
552
* then POLLIN is set on the file descriptor too.
553
* When poll() wakes up it sees POLLIN | POLLHUP
554
* and thinks that the client has sent some data,
555
* and closed the connection, so clamd closes the
556
* connection in turn resulting in a bug.
558
* If we wouldn't have poll()-ed the file descriptor
559
* we closed in another thread, but rather made sure
560
* that we don't put a FD that we're about to close
561
* into poll()'s list of watched fds; then POLLHUP
562
* would be set, but the file descriptor would stay
563
* open, until we wake up from poll() and close it.
564
* Thus a new connection won't be able to reuse the
565
* same FD, and there is no bug.
570
/* we received a command, set readtimeout */
571
time(&buf->timeout_at);
572
buf->timeout_at += readtimeout;
574
if (conn->mode == MODE_STREAM) {
575
/* TODO: this doesn't belong here */
576
buf->dumpname = conn->filename;
577
buf->dumpfd = conn->scanfd;
578
logg("$Receive thread: INSTREAM: %s fd %u\n", buf->dumpname, buf->dumpfd);
580
if (conn->mode != MODE_COMMAND) {
581
logg("$Breaking command loop, mode is no longer MODE_COMMAND\n");
587
buf->mode = conn->mode;
589
buf->group = conn->group;
590
buf->quota = conn->quota;
591
if (conn->scanfd != -1 && conn->scanfd != buf->dumpfd) {
592
logg("$Unclaimed file descriptor received, closing: %d\n", conn->scanfd);
595
conn_reply_error(conn, "PROTOCOL ERROR: ancillary data sent without FILDES.");
600
/* move partial command to beginning of buffer */
601
if (pos < buf->off) {
602
memmove (buf->buffer, &buf->buffer[pos], buf->off - pos);
607
logg("$Moved partial command: %lu\n", (unsigned long)buf->off);
609
logg("$Consumed entire command\n");
610
/* adjust pos to account for the buffer shuffle */
617
/* static const unsigned char* parse_dispatch_cmd(client_conn_t *conn, struct fd_buf *buf, size_t *ppos, int *error, const struct optstruct *opts, int readtimeout) */
618
static int handle_stream(client_conn_t *conn, struct fd_buf *buf, const struct optstruct *opts, int *error, size_t *ppos, int readtimeout)
624
logg("$mode == MODE_STREAM\n");
625
/* we received some data, set readtimeout */
626
time(&buf->timeout_at);
627
buf->timeout_at += readtimeout;
628
while (pos <= buf->off) {
629
if (!buf->chunksize) {
631
if (buf->off-pos >= 4) {
633
memmove(&cs, buf->buffer + pos, 4);
635
buf->chunksize = ntohl(cs);
636
logg("$Got chunksize: %u\n", buf->chunksize);
637
if (!buf->chunksize) {
638
/* chunksize 0 marks end of stream */
639
conn->scanfd = buf->dumpfd;
640
conn->term = buf->term;
642
buf->mode = buf->group ? MODE_COMMAND : MODE_WAITREPLY;
643
if (buf->mode == MODE_WAITREPLY)
645
logg("$Chunks complete\n");
646
buf->dumpname = NULL;
647
if ((rc = execute_or_dispatch_command(conn, COMMAND_INSTREAMSCAN, NULL)) < 0) {
648
logg("!Command dispatch failed\n");
649
if(rc == -1 && optget(opts, "ExitOnOOM")->enabled) {
650
pthread_mutex_lock(&exit_mutex);
652
pthread_mutex_unlock(&exit_mutex);
656
memmove (buf->buffer, &buf->buffer[pos], buf->off - pos);
663
if (buf->chunksize > buf->quota) {
664
logg("^INSTREAM: Size limit reached, (requested: %lu, max: %lu)\n",
665
(unsigned long)buf->chunksize, (unsigned long)buf->quota);
666
conn_reply_error(conn, "INSTREAM size limit exceeded.");
671
buf->quota -= buf->chunksize;
673
logg("$Quota Remaining: %lu\n", buf->quota);
675
/* need more data, so return and wait for some */
676
memmove (buf->buffer, &buf->buffer[pos], buf->off - pos);
682
if (pos + buf->chunksize < buf->off)
683
cmdlen = buf->chunksize;
685
cmdlen = buf->off - pos;
686
buf->chunksize -= cmdlen;
687
if (cli_writen(buf->dumpfd, buf->buffer + pos, cmdlen) < 0) {
688
conn_reply_error(conn, "Error writing to temporary file");
689
logg("!INSTREAM: Can't write to temporary file.\n");
692
logg("$Processed %lu bytes of chunkdata, pos %lu\n", cmdlen, pos);
694
if (pos == buf->off) {
697
/* need more data, so return and wait for some */
706
int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsigned int dboptions, const struct optstruct *opts)
708
int max_threads, max_queue, readtimeout, ret = 0;
709
unsigned int options = 0;
712
struct sigaction sigact;
717
const struct optstruct *opt;
718
char buff[BUFFSIZE + 1];
721
unsigned long long val;
722
size_t i, j, rr_last = 0;
724
pthread_mutex_t fds_mutex = PTHREAD_MUTEX_INITIALIZER;
725
pthread_mutex_t recvfds_mutex = PTHREAD_MUTEX_INITIALIZER;
726
struct acceptdata acceptdata = ACCEPTDATA_INIT(&fds_mutex, &recvfds_mutex);
727
struct fd_data *fds = &acceptdata.recv_fds;
728
time_t start_time, current_time;
729
unsigned int selfchk;
730
threadpool_t *thr_pool;
732
#if defined(FANOTIFY) || defined(CLAMAUTH)
734
pthread_attr_t fan_attr;
735
struct thrarg *tharg = NULL; /* shut up gcc */
739
memset(&sigact, 0, sizeof(struct sigaction));
743
if((opt = optget(opts, "MaxScanSize"))->active) {
744
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
745
logg("!cl_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
746
cl_engine_free(engine);
750
val = cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL);
752
logg("Limits: Global size limit set to %llu bytes.\n", val);
754
logg("^Limits: Global size limit protection disabled.\n");
756
if((opt = optget(opts, "MaxFileSize"))->active) {
757
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, opt->numarg))) {
758
logg("!cl_engine_set_num(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
759
cl_engine_free(engine);
763
val = cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL);
765
logg("Limits: File size limit set to %llu bytes.\n", val);
767
logg("^Limits: File size limit protection disabled.\n");
770
if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
771
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL))
772
logg("^System limit for file size is lower than engine->maxfilesize\n");
773
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL))
774
logg("^System limit for file size is lower than engine->maxscansize\n");
776
logg("^Cannot obtain resource limits for file size\n");
780
if((opt = optget(opts, "MaxRecursion"))->active) {
781
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
782
logg("!cl_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
783
cl_engine_free(engine);
787
val = cl_engine_get_num(engine, CL_ENGINE_MAX_RECURSION, NULL);
789
logg("Limits: Recursion level limit set to %u.\n", (unsigned int) val);
791
logg("^Limits: Recursion level limit protection disabled.\n");
793
if((opt = optget(opts, "MaxFiles"))->active) {
794
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILES, opt->numarg))) {
795
logg("!cl_engine_set_num(CL_ENGINE_MAX_FILES) failed: %s\n", cl_strerror(ret));
796
cl_engine_free(engine);
800
val = cl_engine_get_num(engine, CL_ENGINE_MAX_FILES, NULL);
802
logg("Limits: Files limit set to %u.\n", (unsigned int) val);
804
logg("^Limits: Files limit protection disabled.\n");
807
if (getrlimit(RLIMIT_CORE, &rlim) == 0) {
808
logg("*Limits: Core-dump limit is %lu.\n", (unsigned long)rlim.rlim_cur);
812
/* Engine max sizes */
814
if((opt = optget(opts, "MaxEmbeddedPE"))->active) {
815
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_EMBEDDEDPE, opt->numarg))) {
816
logg("!cli_engine_set_num(CL_ENGINE_MAX_EMBEDDEDPE) failed: %s\n", cl_strerror(ret));
817
cl_engine_free(engine);
821
val = cl_engine_get_num(engine, CL_ENGINE_MAX_EMBEDDEDPE, NULL);
822
logg("Limits: MaxEmbeddedPE limit set to %llu bytes.\n", val);
824
if((opt = optget(opts, "MaxHTMLNormalize"))->active) {
825
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNORMALIZE, opt->numarg))) {
826
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNORMALIZE) failed: %s\n", cl_strerror(ret));
827
cl_engine_free(engine);
831
val = cl_engine_get_num(engine, CL_ENGINE_MAX_HTMLNORMALIZE, NULL);
832
logg("Limits: MaxHTMLNormalize limit set to %llu bytes.\n", val);
834
if((opt = optget(opts, "MaxHTMLNoTags"))->active) {
835
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNOTAGS, opt->numarg))) {
836
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNOTAGS) failed: %s\n", cl_strerror(ret));
837
cl_engine_free(engine);
841
val = cl_engine_get_num(engine, CL_ENGINE_MAX_HTMLNOTAGS, NULL);
842
logg("Limits: MaxHTMLNoTags limit set to %llu bytes.\n", val);
844
if((opt = optget(opts, "MaxScriptNormalize"))->active) {
845
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCRIPTNORMALIZE, opt->numarg))) {
846
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCRIPTNORMALIZE) failed: %s\n", cl_strerror(ret));
847
cl_engine_free(engine);
851
val = cl_engine_get_num(engine, CL_ENGINE_MAX_SCRIPTNORMALIZE, NULL);
852
logg("Limits: MaxScriptNormalize limit set to %llu bytes.\n", val);
854
if((opt = optget(opts, "MaxZipTypeRcg"))->active) {
855
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ZIPTYPERCG, opt->numarg))) {
856
logg("!cli_engine_set_num(CL_ENGINE_MAX_ZIPTYPERCG) failed: %s\n", cl_strerror(ret));
857
cl_engine_free(engine);
861
val = cl_engine_get_num(engine, CL_ENGINE_MAX_ZIPTYPERCG, NULL);
862
logg("Limits: MaxZipTypeRcg limit set to %llu bytes.\n", val);
864
if((opt = optget(opts, "MaxPartitions"))->active) {
865
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_PARTITIONS, opt->numarg))) {
866
logg("!cli_engine_set_num(MaxPartitions) failed: %s\n", cl_strerror(ret));
867
cl_engine_free(engine);
871
val = cl_engine_get_num(engine, CL_ENGINE_MAX_PARTITIONS, NULL);
872
logg("Limits: MaxPartitions limit set to %llu.\n", val);
874
if((opt = optget(opts, "MaxIconsPE"))->active) {
875
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {
876
logg("!cli_engine_set_num(MaxIconsPE) failed: %s\n", cl_strerror(ret));
877
cl_engine_free(engine);
881
val = cl_engine_get_num(engine, CL_ENGINE_MAX_ICONSPE, NULL);
882
logg("Limits: MaxIconsPE limit set to %llu.\n", val);
884
if(optget(opts, "ScanArchive")->enabled) {
885
logg("Archive support enabled.\n");
886
options |= CL_SCAN_ARCHIVE;
888
if(optget(opts, "ArchiveBlockEncrypted")->enabled) {
889
logg("Archive: Blocking encrypted archives.\n");
890
options |= CL_SCAN_BLOCKENCRYPTED;
894
logg("Archive support disabled.\n");
897
if(optget(opts, "AlgorithmicDetection")->enabled) {
898
logg("Algorithmic detection enabled.\n");
899
options |= CL_SCAN_ALGORITHMIC;
901
logg("Algorithmic detection disabled.\n");
904
if(optget(opts, "ScanPE")->enabled) {
905
logg("Portable Executable support enabled.\n");
906
options |= CL_SCAN_PE;
908
logg("Portable Executable support disabled.\n");
911
if(optget(opts, "ScanELF")->enabled) {
912
logg("ELF support enabled.\n");
913
options |= CL_SCAN_ELF;
915
logg("ELF support disabled.\n");
918
if(optget(opts, "ScanPE")->enabled || optget(opts, "ScanELF")->enabled) {
919
if(optget(opts, "DetectBrokenExecutables")->enabled) {
920
logg("Detection of broken executables enabled.\n");
921
options |= CL_SCAN_BLOCKBROKEN;
925
if(optget(opts, "ScanMail")->enabled) {
926
logg("Mail files support enabled.\n");
927
options |= CL_SCAN_MAIL;
929
if(optget(opts, "ScanPartialMessages")->enabled) {
930
logg("Mail: RFC1341 handling enabled.\n");
931
options |= CL_SCAN_PARTIAL_MESSAGE;
935
logg("Mail files support disabled.\n");
938
if(optget(opts, "ScanOLE2")->enabled) {
939
logg("OLE2 support enabled.\n");
940
options |= CL_SCAN_OLE2;
941
if(optget(opts, "OLE2BlockMacros")->enabled) {
942
logg("OLE2: Blocking all VBA macros.\n");
943
options |= CL_SCAN_BLOCKMACROS;
946
logg("OLE2 support disabled.\n");
949
if(optget(opts, "ScanPDF")->enabled) {
950
logg("PDF support enabled.\n");
951
options |= CL_SCAN_PDF;
953
logg("PDF support disabled.\n");
956
if(optget(opts, "ScanSWF")->enabled) {
957
logg("SWF support enabled.\n");
958
options |= CL_SCAN_SWF;
960
logg("SWF support disabled.\n");
963
if(optget(opts, "ScanHTML")->enabled) {
964
logg("HTML support enabled.\n");
965
options |= CL_SCAN_HTML;
967
logg("HTML support disabled.\n");
970
if(optget(opts,"PhishingScanURLs")->enabled) {
972
if(optget(opts,"PhishingAlwaysBlockCloak")->enabled) {
973
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
974
logg("Phishing: Always checking for cloaked urls\n");
977
if(optget(opts,"PhishingAlwaysBlockSSLMismatch")->enabled) {
978
options |= CL_SCAN_PHISHING_BLOCKSSL;
979
logg("Phishing: Always checking for ssl mismatches\n");
983
if(optget(opts,"PartitionIntersection")->enabled) {
984
options |= CL_SCAN_PARTITION_INTXN;
985
logg("Raw DMG: Always checking for partitons intersections\n");
988
if(optget(opts,"HeuristicScanPrecedence")->enabled) {
989
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
990
logg("Heuristic: precedence enabled\n");
993
if(optget(opts, "StructuredDataDetection")->enabled) {
994
options |= CL_SCAN_STRUCTURED;
996
if((opt = optget(opts, "StructuredMinCreditCardCount"))->enabled) {
997
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_CC_COUNT, opt->numarg))) {
998
logg("!cl_engine_set_num(CL_ENGINE_MIN_CC_COUNT) failed: %s\n", cl_strerror(ret));
999
cl_engine_free(engine);
1003
val = cl_engine_get_num(engine, CL_ENGINE_MIN_CC_COUNT, NULL);
1004
logg("Structured: Minimum Credit Card Number Count set to %u\n", (unsigned int) val);
1006
if((opt = optget(opts, "StructuredMinSSNCount"))->enabled) {
1007
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_SSN_COUNT, opt->numarg))) {
1008
logg("!cl_engine_set_num(CL_ENGINE_MIN_SSN_COUNT) failed: %s\n", cl_strerror(ret));
1009
cl_engine_free(engine);
1013
val = cl_engine_get_num(engine, CL_ENGINE_MIN_SSN_COUNT, NULL);
1014
logg("Structured: Minimum Social Security Number Count set to %u\n", (unsigned int) val);
1016
if(optget(opts, "StructuredSSNFormatNormal")->enabled)
1017
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
1019
if(optget(opts, "StructuredSSNFormatStripped")->enabled)
1020
options |= CL_SCAN_STRUCTURED_SSN_STRIPPED;
1023
#ifdef HAVE__INTERNAL__SHA_COLLECT
1024
if(optget(opts, "DevCollectHashes")->enabled)
1025
options |= CL_SCAN_INTERNAL_COLLECT_SHA;
1028
selfchk = optget(opts, "SelfCheck")->numarg;
1030
logg("Self checking disabled.\n");
1032
logg("Self checking every %u seconds.\n", selfchk);
1034
memset(&dbstat, 0, sizeof(dbstat));
1038
if((opt = optget(opts, "PidFile"))->enabled) {
1040
old_umask = umask(0002);
1041
if((fd = fopen(opt->strarg, "w")) == NULL) {
1042
logg("!Can't save PID in file %s\n", opt->strarg);
1044
if (fprintf(fd, "%u\n", (unsigned int) mainpid)<0) {
1045
logg("!Can't save PID in file %s\n", opt->strarg);
1052
logg("*Listening daemon: PID: %u\n", (unsigned int) mainpid);
1053
max_threads = optget(opts, "MaxThreads")->numarg;
1054
max_queue = optget(opts, "MaxQueue")->numarg;
1055
acceptdata.commandtimeout = optget(opts, "CommandReadTimeout")->numarg;
1056
readtimeout = optget(opts, "ReadTimeout")->numarg;
1058
#if !defined(_WIN32) && defined(RLIMIT_NOFILE)
1059
if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) {
1060
/* don't warn if default value is too high, silently fix it */
1063
unsigned warn = optget(opts, "MaxQueue")->active;
1064
const unsigned clamdfiles = 6;
1065
/* Condition to not run out of file descriptors:
1066
* MaxThreads * MaxRecursion + (MaxQueue - MaxThreads) + CLAMDFILES < RLIMIT_NOFILE
1067
* CLAMDFILES is 6: 3 standard FD + logfile + 2 FD for reloading the DB
1070
#ifdef HAVE_ENABLE_EXTENDED_FILE_STDIO
1071
if (enable_extended_FILE_stdio(-1, -1) == -1) {
1072
logg("^Unable to set extended FILE stdio, clamd will be limited to max 256 open files\n");
1073
rlim.rlim_cur = rlim.rlim_cur > 255 ? 255 : rlim.rlim_cur;
1075
#elif !defined(_LP64)
1076
if (rlim.rlim_cur > 255) {
1077
rlim.rlim_cur = 255;
1078
logg("^Solaris only supports 256 open files for 32-bit processes, you need at least Solaris 10u4, or compile as 64-bit to support more!\n");
1082
opt = optget(opts,"MaxRecursion");
1083
maxrec = opt->numarg;
1084
max_max_queue = rlim.rlim_cur - maxrec * max_threads - clamdfiles + max_threads;
1085
if (max_queue < max_threads) {
1086
max_queue = max_threads;
1088
logg("^MaxQueue value too low, increasing to: %d\n", max_queue);
1090
if (max_max_queue < max_threads) {
1091
logg("^MaxThreads * MaxRecursion is too high: %d, open file descriptor limit is: %lu\n",
1092
maxrec*max_threads, (unsigned long)rlim.rlim_cur);
1093
max_max_queue = max_threads;
1095
if (max_queue > max_max_queue) {
1096
max_queue = max_max_queue;
1098
logg("^MaxQueue value too high, lowering to: %d\n", max_queue);
1099
} else if (max_queue < 2*max_threads && max_queue < max_max_queue) {
1100
max_queue = 2*max_threads;
1101
if (max_queue > max_max_queue)
1102
max_queue = max_max_queue;
1103
/* always warn here */
1104
logg("^MaxQueue is lower than twice MaxThreads, increasing to: %d\n", max_queue);
1108
logg("*MaxQueue set to: %d\n", max_queue);
1109
acceptdata.max_queue = max_queue;
1111
if(optget(opts, "ScanOnAccess")->enabled)
1112
#if defined(FANOTIFY) || defined(CLAMAUTH)
1115
if(pthread_attr_init(&fan_attr)) break;
1116
pthread_attr_setdetachstate(&fan_attr, PTHREAD_CREATE_JOINABLE);
1117
if(!(tharg = (struct thrarg *) malloc(sizeof(struct thrarg)))) break;
1119
tharg->engine = engine;
1120
tharg->options = options;
1121
if(!pthread_create(&fan_pid, &fan_attr, fan_th, tharg)) break;
1125
if (!tharg) logg("!Unable to start on-access scan\n");
1128
logg("!On-access scan is not available\n");
1132
/* set up signal handling */
1133
sigfillset(&sigset);
1134
sigdelset(&sigset, SIGINT);
1135
sigdelset(&sigset, SIGTERM);
1136
sigdelset(&sigset, SIGSEGV);
1137
sigdelset(&sigset, SIGHUP);
1138
sigdelset(&sigset, SIGPIPE);
1139
sigdelset(&sigset, SIGUSR2);
1140
/* The behavior of a process is undefined after it ignores a
1141
* SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */
1142
sigdelset(&sigset, SIGFPE);
1143
sigdelset(&sigset, SIGILL);
1144
sigdelset(&sigset, SIGSEGV);
1146
sigdelset(&sigset, SIGBUS);
1148
sigdelset(&sigset, SIGTSTP);
1149
sigdelset(&sigset, SIGCONT);
1150
sigprocmask(SIG_SETMASK, &sigset, NULL);
1152
/* SIGINT, SIGTERM, SIGSEGV */
1153
sigact.sa_handler = sighandler_th;
1154
sigemptyset(&sigact.sa_mask);
1155
sigaddset(&sigact.sa_mask, SIGINT);
1156
sigaddset(&sigact.sa_mask, SIGTERM);
1157
sigaddset(&sigact.sa_mask, SIGHUP);
1158
sigaddset(&sigact.sa_mask, SIGPIPE);
1159
sigaddset(&sigact.sa_mask, SIGUSR2);
1160
sigaction(SIGINT, &sigact, NULL);
1161
sigaction(SIGTERM, &sigact, NULL);
1162
sigaction(SIGHUP, &sigact, NULL);
1163
sigaction(SIGPIPE, &sigact, NULL);
1164
sigaction(SIGUSR2, &sigact, NULL);
1167
idletimeout = optget(opts, "IdleTimeout")->numarg;
1169
for (i=0;i < nsockets;i++)
1170
if (fds_add(&acceptdata.fds, socketds[i], 1, 0) == -1) {
1171
logg("!fds_add failed\n");
1172
cl_engine_free(engine);
1176
event_wake_accept = CreateEvent(NULL, TRUE, FALSE, NULL);
1177
event_wake_recv = CreateEvent(NULL, TRUE, FALSE, NULL);
1179
if (pipe(acceptdata.syncpipe_wake_recv) == -1 ||
1180
(pipe(acceptdata.syncpipe_wake_accept) == -1)) {
1182
logg("!pipe failed\n");
1185
syncpipe_wake_recv_w = acceptdata.syncpipe_wake_recv[1];
1187
if (fds_add(fds, acceptdata.syncpipe_wake_recv[0], 1, 0) == -1 ||
1188
fds_add(&acceptdata.fds, acceptdata.syncpipe_wake_accept[0], 1, 0)) {
1189
logg("!failed to add pipe fd\n");
1194
if ((thr_pool = thrmgr_new(max_threads, idletimeout, max_queue, scanner_thread)) == NULL) {
1195
logg("!thrmgr_new failed\n");
1199
if (pthread_create(&accept_th, NULL, acceptloop_th, &acceptdata)) {
1200
logg("!pthread_create failed\n");
1208
/* Block waiting for connection on any of the sockets */
1209
pthread_mutex_lock(fds->buf_mutex);
1211
/* signal that we can accept more connections */
1212
if (fds->nfds <= (unsigned)max_queue)
1213
pthread_cond_signal(&acceptdata.cond_nfds);
1214
new_sd = fds_poll_recv(fds, selfchk ? (int)selfchk : -1, 1, event_wake_recv);
1216
ResetEvent(event_wake_recv);
1219
/* at least the dummy/sync pipe should have remained */
1220
logg("!All recv() descriptors gone: fatal\n");
1221
pthread_mutex_lock(&exit_mutex);
1223
pthread_mutex_unlock(&exit_mutex);
1224
pthread_mutex_unlock(fds->buf_mutex);
1228
if (new_sd == -1 && errno != EINTR) {
1229
logg("!Failed to poll sockets, fatal\n");
1230
pthread_mutex_lock(&exit_mutex);
1232
pthread_mutex_unlock(&exit_mutex);
1236
if(fds->nfds) i = (rr_last + 1) % fds->nfds;
1237
for (j = 0; j < fds->nfds && new_sd >= 0; j++, i = (i+1) % fds->nfds) {
1240
struct fd_buf *buf = &fds->buf[i];
1241
if (!buf->got_newdata)
1245
if (buf->fd == acceptdata.syncpipe_wake_recv[0]) {
1246
/* dummy sync pipe, just to wake us */
1247
if (read(buf->fd, buff, sizeof(buff)) < 0) {
1248
logg("^Syncpipe read failed\n");
1253
if (buf->got_newdata == -1) {
1254
if (buf->mode == MODE_WAITREPLY) {
1255
logg("$mode WAIT_REPLY -> closed\n");
1257
thrmgr_group_terminate(buf->group);
1258
thrmgr_group_finished(buf->group, EXIT_ERROR);
1261
logg("$client read error or EOF on read\n");
1266
if (buf->fd != -1 && buf->got_newdata == -2) {
1267
logg("$Client read timed out\n");
1268
mdprintf(buf->fd, "COMMAND READ TIMED OUT\n");
1273
if (buf->mode == MODE_WAITANCILL) {
1274
buf->mode = MODE_COMMAND;
1275
logg("$mode -> MODE_COMMAND\n");
1277
while (!error && buf->fd != -1 && buf->buffer && pos < buf->off &&
1278
buf->mode != MODE_WAITANCILL) {
1280
const char *cmd = NULL;
1282
/* New data available to read on socket. */
1284
memset(&conn, 0, sizeof(conn));
1285
conn.scanfd = buf->recvfd;
1288
conn.options = options;
1290
conn.thrpool = thr_pool;
1291
conn.engine = engine;
1292
conn.group = buf->group;
1294
conn.quota = buf->quota;
1295
conn.filename = buf->dumpname;
1296
conn.mode = buf->mode;
1297
conn.term = buf->term;
1299
/* Parse & dispatch command */
1300
cmd = parse_dispatch_cmd(&conn, buf, &pos, &error, opts, readtimeout);
1302
if (conn.mode == MODE_COMMAND && !cmd)
1305
if (buf->mode == MODE_WAITREPLY && buf->off) {
1306
/* Client is not supposed to send anything more */
1307
logg("^Client sent garbage after last command: %lu bytes\n", (unsigned long)buf->off);
1308
buf->buffer[buf->off] = '\0';
1309
logg("$Garbage: %s\n", buf->buffer);
1311
} else if (buf->mode == MODE_STREAM) {
1312
rc = handle_stream(&conn, buf, opts, &error, &pos, readtimeout);
1319
if (error && error != CL_ETIMEOUT) {
1320
conn_reply_error(&conn, "Error processing command.");
1324
if (buf->dumpfd != -1) {
1326
if (buf->dumpname) {
1327
cli_unlink(buf->dumpname);
1328
free(buf->dumpname);
1332
thrmgr_group_terminate(buf->group);
1333
if (thrmgr_group_finished(buf->group, EXIT_ERROR)) {
1335
logg("$Skipping shutdown of bad socket after error (FD %d)\n", buf->fd);
1338
logg("$Shutting down socket after error (FD %d)\n", buf->fd);
1339
shutdown(buf->fd, 2);
1340
closesocket(buf->fd);
1343
logg("$Socket not shut down due to active tasks\n");
1347
pthread_mutex_unlock(fds->buf_mutex);
1349
/* handle progexit */
1350
pthread_mutex_lock(&exit_mutex);
1352
pthread_mutex_unlock(&exit_mutex);
1353
pthread_mutex_lock(fds->buf_mutex);
1354
if (sd_listen_fds(0) == 0)
1356
/* only close the sockets, when not using systemd socket activation */
1357
for (i=0;i < fds->nfds; i++)
1359
if (fds->buf[i].fd == -1)
1361
thrmgr_group_terminate(fds->buf[i].group);
1362
if (thrmgr_group_finished(fds->buf[i].group, EXIT_ERROR))
1364
logg("$Shutdown closed fd %d\n", fds->buf[i].fd);
1365
shutdown(fds->buf[i].fd, 2);
1366
closesocket(fds->buf[i].fd);
1367
fds->buf[i].fd = -1;
1371
pthread_mutex_unlock(fds->buf_mutex);
1374
pthread_mutex_unlock(&exit_mutex);
1378
logg("SIGHUP caught: re-opening log file.\n");
1381
if(!logg_file && (opt = optget(opts, "LogFile"))->enabled)
1382
logg_file = opt->strarg;
1387
time(¤t_time);
1388
if((current_time - start_time) >= (time_t)selfchk) {
1389
if(reload_db(engine, dboptions, opts, TRUE, &ret)) {
1390
pthread_mutex_lock(&reload_mutex);
1392
pthread_mutex_unlock(&reload_mutex);
1399
pthread_mutex_lock(&reload_mutex);
1401
pthread_mutex_unlock(&reload_mutex);
1402
#if defined(FANOTIFY) || defined(CLAMAUTH)
1403
if(optget(opts, "ScanOnAccess")->enabled && tharg) {
1404
logg("Restarting on-access scan\n");
1405
pthread_mutex_lock(&logg_mutex);
1406
pthread_kill(fan_pid, SIGUSR1);
1407
pthread_mutex_unlock(&logg_mutex);
1408
pthread_join(fan_pid, NULL);
1411
engine = reload_db(engine, dboptions, opts, FALSE, &ret);
1413
logg("Terminating because of a fatal error.\n");
1415
closesocket(new_sd);
1419
pthread_mutex_lock(&reload_mutex);
1421
time(&reloaded_time);
1422
pthread_mutex_unlock(&reload_mutex);
1423
#if defined(FANOTIFY) || defined(CLAMAUTH)
1424
if(optget(opts, "ScanOnAccess")->enabled && tharg) {
1425
tharg->engine = engine;
1426
pthread_create(&fan_pid, &fan_attr, fan_th, tharg);
1431
pthread_mutex_unlock(&reload_mutex);
1435
pthread_mutex_lock(&exit_mutex);
1437
pthread_mutex_unlock(&exit_mutex);
1439
SetEvent(event_wake_accept);
1441
if (write(acceptdata.syncpipe_wake_accept[1], "", 1) < 0) {
1442
logg("^Write to syncpipe failed\n");
1445
/* Destroy the thread manager.
1446
* This waits for all current tasks to end
1448
logg("*Waiting for all threads to finish\n");
1449
thrmgr_destroy(thr_pool);
1450
#if defined(FANOTIFY) || defined(CLAMAUTH)
1451
if(optget(opts, "ScanOnAccess")->enabled && tharg) {
1452
logg("Stopping on-access scan\n");
1453
pthread_mutex_lock(&logg_mutex);
1454
pthread_kill(fan_pid, SIGUSR1);
1455
pthread_mutex_unlock(&logg_mutex);
1456
pthread_join(fan_pid, NULL);
1461
thrmgr_setactiveengine(NULL);
1462
cl_engine_free(engine);
1465
pthread_join(accept_th, NULL);
1467
pthread_mutex_destroy(fds->buf_mutex);
1468
pthread_cond_destroy(&acceptdata.cond_nfds);
1470
CloseHandle(event_wake_accept);
1471
CloseHandle(event_wake_recv);
1473
close(acceptdata.syncpipe_wake_accept[1]);
1474
close(acceptdata.syncpipe_wake_recv[1]);
1477
cl_statfree(&dbstat);
1478
if (sd_listen_fds(0) == 0)
1480
/* only close the sockets, when not using systemd socket activation */
1481
logg("*Shutting down the main socket%s.\n", (nsockets > 1) ? "s" : "");
1482
for (i = 0; i < nsockets; i++)
1483
shutdown(socketds[i], 2);
1486
if((opt = optget(opts, "PidFile"))->enabled) {
1487
if(unlink(opt->strarg) == -1)
1488
logg("!Can't unlink the pid file %s\n", opt->strarg);
1490
logg("Pid file removed.\n");
1493
time(¤t_time);
1494
logg("--- Stopped at %s", cli_ctime(¤t_time, timestr, sizeof(timestr)));