On Wed, Aug 27, 2003 at 01:18:39PM +0200, Helmut Koeberle wrote:
> On Wed, 27 Aug 2003 10:57:47 +0100
> Nigel Horne <[EMAIL PROTECTED]> wrote:
> > On Wednesday 27 Aug 2003 10:46 am, Helmut Koeberle wrote:
> > > we would like to have a flag in clamav-milter to turn on/off the recipient
> > > getting information about the virus.
> > Don't use the -b/--bounce flag when starting, and a bounce won't be sent.
> If we don't use the -b/--bounce flag, the sender of the message won't get a
> bounce. But the recipient and the postmaster will always get a mail.
I attach a patch which:
- adds a configuration option: SendmailPath /usr/sbin/sendmail
- adds a configuration option: SmfiSetreply TEMPFAIL
- corrects the above problem:
sending an e-mail to the virus sender should depend on bflag being turned on.
It does not make sense to send such e-mail anyway - it is just acting as a
virus ourselves. Much better solution is to not accept it, i.e bounce with
4xx code - see change above.
- I have problems with strerror_r() missing on OpenBSD 3.3 - my solution uses
strerror() instead and is a quick hack, probably also not correct.
I do not use clamav-milter any more, it is completely unreliable, at least on
OpenBSD. Also clamd crashes sometimes. Now I only use clamscan controlled by
MIMEDefand with SpamAssassin.
R.
--
Avec mes souvenirs/J'ai allumé le feu
Mes chagrins, mes plaisirs/Je n'ai plus besoin d'eux!
diff -ru clamav-20030720/clamav-milter/clamav-milter.c
clamav-20030720rzm/clamav-milter/clamav-milter.c
--- clamav-20030720/clamav-milter/clamav-milter.c Fri Jul 18 15:20:01 2003
+++ clamav-20030720rzm/clamav-milter/clamav-milter.c Mon Jul 21 09:54:30 2003
@@ -636,7 +636,11 @@
if(rc != 0) {
char message[64], buf[64];
+#ifdef strerror_r
strerror_r(rc, buf, sizeof(buf));
+#else
+ strncpy(buf, strerror(rc), sizeof(buf));
+#endif
snprintf(message, sizeof(message),
"pthread_cond_timedwait: %s", buf);
if(use_syslog)
syslog(LOG_ERR, message);
@@ -779,7 +783,11 @@
if(use_syslog) {
char buf[64];
+#ifdef strerror_r
strerror_r(rc, buf, sizeof(buf));
+#else
+ strncpy(buf, strerror(rc), sizeof(buf));
+#endif
syslog(LOG_ERR, "Failed to connect to port %d given by clamd:
%s", port, buf);
}
@@ -886,6 +894,7 @@
{
int rc = SMFIS_CONTINUE;
char *ptr;
+ struct cfgstruct *cpt;
struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
char mess[128];
@@ -967,17 +976,24 @@
puts(err);
#endif
- sendmail = popen("/usr/lib/sendmail -t", "w");
+ if((cpt = cfgopt(copt, "SendmailPath"))) {
+ char smbuf[256];
+ strncpy(smbuf, cpt->strarg, sizeof(smbuf) - 4);
+ strcat(smbuf, " -t");
+ sendmail = popen(smbuf, "w");
+ } else
+ sendmail = popen("/usr/sbin/sendmail -t", "w");
+
if(sendmail) {
fputs("From: MAILER-DAEMON\n", sendmail);
if(bflag) {
fprintf(sendmail, "To: %s\n", privdata->from);
fputs("Cc: postmaster\n", sendmail);
+ for(to = privdata->to; *to; to++)
+ fprintf(sendmail, "Cc: %s\n", *to);
} else
fputs("To: postmaster\n", sendmail);
- for(to = privdata->to; *to; to++)
- fprintf(sendmail, "Cc: %s\n", *to);
fputs("Subject: Virus intercepted\n\n", sendmail);
if(bflag)
@@ -993,8 +1009,13 @@
pclose(sendmail);
}
- smfi_setreply(ctx, "550", "5.7.1", "Virus detected by ClamAV -
http://clamav.elektrapro.com";);
- rc = SMFIS_REJECT;
+ if(strncasecmp(cpt = cfgopt(copt, "SendmailPath"), "TEMPFAIL",
sizeof("TEMPFAIL")) != 0) {
+ smfi_setreply(ctx, "550", "5.7.1", "Virus detected by ClamAV -
http://clamav.elektrapro.com";);
+ rc = SMFIS_REJECT;
+ } else {
+ smfi_setreply(ctx, "451", "4.1.8", "Virus detected by ClamAV -
http://clamav.elektrapro.com";);
+ rc = SMFIS_TEMPFAIL;
+ }
free(err);
}
clamfi_cleanup(ctx);
diff -ru clamav-20030720/clamd/cfgfile.c clamav-20030720rzm/clamd/cfgfile.c
--- clamav-20030720/clamd/cfgfile.c Fri Jun 20 23:21:00 2003
+++ clamav-20030720rzm/clamd/cfgfile.c Mon Jul 21 09:51:54 2003
@@ -73,6 +73,8 @@
{"ClamukoExcludePath", OPT_STR},
{"ClamukoMaxFileSize", OPT_COMPSIZE},
{"ClamukoScanArchive", OPT_NOARG},
+ {"SendmailPath", OPT_STR},
+ {"SmfiSetreply", OPT_STR},
{0, 0}
};
diff -ru clamav-20030720/etc/clamav.conf clamav-20030720rzm/etc/clamav.conf
--- clamav-20030720/etc/clamav.conf Fri Jun 20 23:21:00 2003
+++ clamav-20030720rzm/etc/clamav.conf Mon Jul 21 09:51:54 2003
@@ -173,3 +173,8 @@
# (This option doesn't depend on ScanArchive, you can have archive support
# in clamd disabled).
ClamukoScanArchive
+
+# call sendmail as...
+SendmailPath /usr/sbin/sendmail
+# REJECT (default) or TEMPFAIL the virused e-mail
+SmfiSetreply TEMPFAIL
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Clamav-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-devel
