Here's a patch to add "--accept-on-error/-A" as a command-line option
for clamav-milter. Rather than tempfail we prefer to accept the
possibility of infect mail getting through rather than have all mail
be undeliverable.
Joe
--- ./clamav-milter/clamav-milter.c 2003-10-22 15:44:01.000000000 -0400
+++ ./clamav-milter/clamav-milter.c.working 2003-10-24 10:43:04.000000000 -0400
@@ -261,6 +261,7 @@
static char *strrcpy(char *dest, const char *source);
static char clamav_version[128];
+static int cl_error = SMFIS_TEMPFAIL;
static int fflag = 0; /* force a scan, whatever */
static int oflag = 0; /* scan messages from our machine? */
static int lflag = 0; /* scan messages from our site? */
@@ -314,6 +315,7 @@
printf("\n\tclamav-milter version %s\n", CM_VERSION);
puts("\tCopyright (C) 2003 Nigel Horne <[EMAIL PROTECTED]>\n");
+ puts("\t--accept-on-error\t\t-A\tOn error accept message rather than
tempfail.");
puts("\t--bounce\t\t-b\tSend a failure message to the sender.");
puts("\t--config-file=FILE\t-c FILE\tRead configuration from FILE.");
puts("\t--force-scan\tForce scan all messages (overrides (-o and -l).");
@@ -365,12 +367,15 @@
for(;;) {
int opt_index = 0;
#ifdef CL_DEBUG
- const char *args = "bc:flnopPqdhs:Vx:";
+ const char *args = "Abc:flnopPqdhs:Vx:";
#else
- const char *args = "bc:flnopPqdhs:V";
+ const char *args = "Abc:flnopPqdhs:V";
#endif
static struct option long_options[] = {
{
+ "accept-on-error", 0, NULL, 'A'
+ },
+ {
"bounce", 0, NULL, 'b'
},
{
@@ -427,6 +432,9 @@
ret = long_options[opt_index].val;
switch(ret) {
+ case 'A': /* accept on error */
+ cl_error = SMFIS_ACCEPT;
+ break;
case 'b': /* bounce worms/viruses */
bflag++;
break;
@@ -764,7 +772,7 @@
if(regcomp(®, *possible, 0) != 0) {
if(use_syslog)
syslog(LOG_ERR, "Couldn't parse local regexp");
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
rc = (regexec(®, remoteIP, 0, NULL, 0) == REG_NOMATCH) ? 0
: 1;
@@ -897,11 +905,11 @@
if((privdata->cmdSocket = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
perror("socket");
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
if(connect(privdata->cmdSocket, (struct sockaddr *)&server,
sizeof(struct sockaddr_un)) < 0) {
perror(localSocket);
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
} else {
struct sockaddr_in server;
@@ -913,11 +921,11 @@
if((privdata->cmdSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("socket");
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
if(connect(privdata->cmdSocket, (struct sockaddr *)&server,
sizeof(struct sockaddr_in)) < 0) {
perror("connect");
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
}
@@ -930,7 +938,7 @@
free(privdata);
if(use_syslog)
syslog(LOG_ERR, "send failed to create socket");
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
shutdown(privdata->dataSocket, SHUT_RD);
@@ -942,7 +950,7 @@
free(privdata);
if(use_syslog)
syslog(LOG_ERR, "send failed to clamd");
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
shutdown(privdata->cmdSocket, SHUT_WR);
@@ -955,7 +963,7 @@
free(privdata);
if(use_syslog)
syslog(LOG_ERR, "recv failed from clamd getting PORT");
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
buf[nbytes] = '\0';
#ifdef CL_DEBUG
@@ -972,7 +980,7 @@
else
fprintf(stderr, "Expected port information from clamd, got
'%s'\n",
buf);
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
memset((char *)&reply, 0, sizeof(struct sockaddr_in));
@@ -1005,7 +1013,7 @@
#endif
}
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
clamfi_send(privdata, 0, "From %s\n", argv[0]);
@@ -1014,7 +1022,7 @@
privdata->from = strdup(argv[0]);
privdata->to = NULL;
- return (smfi_setpriv(ctx, privdata) == MI_SUCCESS) ? SMFIS_CONTINUE :
SMFIS_TEMPFAIL;
+ return (smfi_setpriv(ctx, privdata) == MI_SUCCESS) ? SMFIS_CONTINUE : cl_error;
}
static sfsistat
@@ -1060,7 +1068,7 @@
if(clamfi_send(privdata, 0, "%s: %s\n", headerf, headerv) < 0) {
clamfi_cleanup(ctx);
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
return SMFIS_CONTINUE;
}
@@ -1079,7 +1087,7 @@
if(clamfi_send(privdata, 1, "\n") < 0) {
clamfi_cleanup(ctx);
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
/*
@@ -1139,7 +1147,7 @@
if(clamfi_send(privdata, len, (char *)bodyp) < 0) {
clamfi_cleanup(ctx);
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
return SMFIS_CONTINUE;
}
@@ -1295,7 +1303,7 @@
clamfi_cleanup(ctx);
- return SMFIS_TEMPFAIL;
+ return cl_error;
}
static sfsistat
