I thought somebody could be interested in this. And don't forget to allow scanning /var/qmail/queue in defUnix.prf. You don't have to recompile anything but qmail-queue for scanning, (if you don't need more friedly error message "known viruses found") I hope somebody will find it usefull. Copyright on avp-client.c is unknown since I heavily ripped AvpDaemonClient.c example in AVP distribution which is without any copyright explicitly written (I could rewrite it from scratch in case somebody will need it ;-). O.
// Program to test daemon scanning. #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> // struct sockaddr_un #include <sys/file.h> #include <time.h> #include <stdarg.h> #include <paths.h> #include <errno.h> // ... Cfg pathnames #define AVP_NODE_DIR "/var/run" #define AVP_NODE_DIR_MODE 0777 #define AVP_NODE_PID AVP_NODE_DIR "/AvpPid" #define AVP_NODE_LOG AVP_NODE_DIR "/AvpLog" #define AVP_NODE_CTL AVP_NODE_DIR "/AvpCtl\0\0\0" char *NodePid=AVP_NODE_PID; char *NodeCtl=AVP_NODE_CTL; static int AvpFile=-1; struct sockaddr_un AvpAddr; int AvpConnect(void) { if(AvpFile==-1) { bzero((char *)&AvpAddr,sizeof(AvpAddr)); AvpAddr.sun_family=AF_UNIX; strcpy(AvpAddr.sun_path,NodeCtl); if((AvpFile=socket(AF_UNIX,SOCK_STREAM,0))<0) return -1; } if(AvpFile!=-1 && connect(AvpFile,(struct sockaddr *)(&AvpAddr),sizeof(AvpAddr.sun_family)+strlen(NodeCtl))>=0) { return 0; } return -1; } void AvpClose(void) { (void)close(AvpFile); AvpFile=-1; } int AvpScan(const char *file) { char buftoscan[2048]; time_t now; long uintbuf=0; int len; // build the message (void)time(&now); len = snprintf(buftoscan, 2047, "<0>%.15s:%s", ctime(&now)+4, file); if(write(AvpFile,buftoscan,len+1)>=0) { if(read(AvpFile,(char*)&uintbuf,2) == -1) return -2; return (uintbuf&0xff)-0x30; } return -1; }
--- /usr/home/ondrej/Projects/qmail/qmail-1.03/Makefile Tue May 8 15:29:43 2001 +++ /usr/home/ondrej/Projects/qmail/qmail-queue-avp/Makefile Sun Jul 29 15:24:05 2001 @@ -1446,10 +1446,10 @@ nroff -man qmail-qstat.8 > qmail-qstat.0 qmail-queue: \ -load qmail-queue.o triggerpull.o fmtqfn.o now.o date822fmt.o \ +load qmail-queue.o avp-client.o triggerpull.o fmtqfn.o now.o date822fmt.o \ datetime.a seek.a ndelay.a open.a sig.a alloc.a substdio.a error.a \ str.a fs.a auto_qmail.o auto_split.o auto_uids.o - ./load qmail-queue triggerpull.o fmtqfn.o now.o \ + ./load qmail-queue avp-client.o triggerpull.o fmtqfn.o now.o \ date822fmt.o datetime.a seek.a ndelay.a open.a sig.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o \ auto_split.o auto_uids.o @@ -1463,6 +1463,10 @@ alloc.h substdio.h datetime.h now.h datetime.h triggerpull.h extra.h \ auto_qmail.h auto_uids.h date822fmt.h fmtqfn.h ./compile qmail-queue.c + +avp-client.o: \ +compile avp-client.c + ./compile avp-client.c qmail-queue-log: \ load qmail-queue-log.o triggerpull.o fmtqfn.o now.o date822fmt.o \ --- qmail.c~ Sun Jul 29 16:13:34 2001 +++ qmail.c Sun Jul 29 16:07:30 2001 @@ -97,6 +97,7 @@ case 115: /* compatibility */ case 11: return "Denvelope address too long for qq (#5.1.3)"; case 31: return "Dmail server permanently rejected message (#5.3.0)"; + case 32: return "Dknown viruses were found (#5.3.0)"; case 51: return "Zqq out of memory (#4.3.0)"; case 52: return "Zqq timeout (#4.3.0)"; case 53: return "Zqq write error or disk full (#4.3.0)"; --- /usr/home/ondrej/Projects/qmail/qmail-1.03/qmail-queue.c Tue Nov 21 00:44:57 2000 +++ /usr/home/ondrej/Projects/qmail/qmail-queue-avp/qmail-queue.c Sun Jul 29 16:12:02 2001 @@ -36,10 +36,13 @@ char *messfn; char *todofn; char *intdfn; +char *scanfn; +int scanlen; int messfd; int intdfd; int flagmademess = 0; int flagmadeintd = 0; +int scanres; void cleanup() { @@ -58,6 +61,7 @@ void die(e) int e; { _exit(e); } void die_write() { cleanup(); die(53); } void die_read() { cleanup(); die(54); } +void die_virus() { cleanup(); die(32); } void sigalrm() { /* thou shalt not clean up here */ die(52); } void sigbug() { die(81); } @@ -202,6 +206,16 @@ if (substdio_flush(&ssout) == -1) die_write(); if (fsync(messfd) == -1) die_write(); + + if (AvpConnect() == 0) // Pokud se neprikonektime, budeme to tise ignorovat + { + scanlen = strlen(auto_qmail)+strlen(messfn)+8; + scanfn = alloc(scanlen); + snprintf(scanfn, scanlen, "%s/%s/%s", auto_qmail, "queue", messfn); + if ((scanres = AvpScan(scanfn)) != 0) die_virus(); + alloc_free(scanfn); + AvpClose(); + } intdfd = open_excl(intdfn); if (intdfd == -1) die(65);
-- Ondřej Surý <[EMAIL PROTECTED]> Globe Internet s.r.o. http://globe.cz/ Tel: +420235365000 Fax: +420235365009 Pláničkova 1, 162 00 Praha 6 GPG fingerprint: CC91 8F02 8CDE 911A 933F AE52 F4E6 6A7C C20D F273