- Mark clamav-milter as BROKEN since it's not working. I updated clamav-devel

to a version that have the fix and won't update it anymore until 0.95.1 is released
author: garga <garga@FreeBSD.org> 2009-04-03 21:56:35 +0800
committer: garga <garga@FreeBSD.org> 2009-04-03 21:56:35 +0800
commit: e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1 (patch)
tree: 8ee56ede818f08e4b0c843f486334cadf9a0263d /security
parent: c685c1a2a1a433a55bee709cbf7ff930dd086e1c (diff)
download: freebsd-ports-gnome-e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1.tar.gz
freebsd-ports-gnome-e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1.tar.zst
freebsd-ports-gnome-e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1.zip
2 files changed, 373 insertions, 0 deletions
diff --git a/security/clamav/Makefile b/security/clamav/Makefile
index 445667d60ae7..8a6a94b5ab0d 100644
--- a/security/clamav/Makefile
+++ b/security/clamav/Makefile
@@ -132,6 +132,7 @@ CONFIGURE_ARGS+=--without-iconv
 .endif
 
 .if defined(WITH_MILTER)
+BROKEN=		clamav-milter doesn't work fine on 0.95, clamav-devel already have the fix
 USE_RC_SUBR+=	clamav-milter
 CONF_FILES+=	clamav-milter
 . if defined(WITH_LDAP) && exists(${LOCALBASE}/lib/libldap.so)
diff --git a/security/clamav/files/patch-clamav-milter-fix b/security/clamav/files/patch-clamav-milter-fix
new file mode 100644
index 000000000000..8da77a178f73
--- /dev/null
+++ b/security/clamav/files/patch-clamav-milter-fix
@@ -0,0 +1,372 @@
+Index: clamav-milter/Makefile.in
+===================================================================
+--- clamav-milter/Makefile.in	(revision 4964)
++++ clamav-milter/Makefile.in	(working copy)
+@@ -58,10 +58,11 @@
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \
+ 	$(top_srcdir)/m4/argz.m4 $(top_srcdir)/m4/fdpassing.m4 \
+-	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+-	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltdl.m4 \
+-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
++	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
++	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
++	$(top_srcdir)/m4/ltdl.m4 $(top_srcdir)/m4/ltoptions.m4 \
++	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
++	$(top_srcdir)/m4/lt~obsolete.m4 \
+ 	$(top_srcdir)/m4/mmap_private.m4 $(top_srcdir)/m4/resolv.m4 \
+ 	$(top_srcdir)/configure.in
+ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+Index: clamav-milter/netcode.c
+===================================================================
+--- clamav-milter/netcode.c	(revision 4964)
++++ clamav-milter/netcode.c	(working copy)
+@@ -129,7 +129,7 @@
+ 	    close(s);
+ 	    return -1;
+ 	}
+-	if (getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
++	if(getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
+ 	    logg("*Failed to establish a connection to clamd\n");
+ 	    close(s);
+ 	    return -1;
+@@ -163,8 +163,6 @@
+ 	tv.tv_usec = 0;
+ 	while(1) {
+ 	    fd_set fds;
+-	    int s_err;
+-	    socklen_t s_len = sizeof(s_err);
+ 
+ 	    FD_ZERO(&fds);
+ 	    FD_SET(s, &fds);
+@@ -177,12 +175,10 @@
+ 		    tv.tv_usec = 0;
+ 		    continue;
+ 		}
+-		logg("!Failed stream to clamd\n");
++		logg("!Failed to stream to clamd\n");
+ 		close(s);
+ 		return 1;
+ 	    }
+-	    len-=s_len;
+-	    buf+=s_len;
+ 	    break;
+ 	}
+     }
+Index: clamav-milter/whitelist.h
+===================================================================
+--- clamav-milter/whitelist.h	(revision 4964)
++++ clamav-milter/whitelist.h	(working copy)
+@@ -24,4 +24,6 @@
+ int whitelist_init(const char *fname);
+ void whitelist_free(void);
+ int whitelisted(const char *addr, int from);
++int smtpauth_init(const char *r);
++int smtpauthed(const char *login);
+ #endif
+Index: clamav-milter/clamfi.c
+===================================================================
+--- clamav-milter/clamfi.c	(revision 4964)
++++ clamav-milter/clamfi.c	(working copy)
+@@ -61,6 +61,7 @@
+ } loginfected;
+ 
+ #define CLAMFIBUFSZ 1424
++static const char *HDR_UNAVAIL = "UNKNOWN";
+ 
+ struct CLAMFI {
+     char buffer[CLAMFIBUFSZ];
+@@ -74,6 +75,7 @@
+     unsigned int totsz;
+     unsigned int bufsz;
+     unsigned int all_whitelisted;
++    unsigned int gotbody;
+ };
+ 
+ 
+@@ -91,12 +93,15 @@
+ };
+ 
+ 
+-void makesanehdr(char *hdr) {
++static const char *makesanehdr(char *hdr) {
++    char *ret = hdr;
++    if(!hdr) return HDR_UNAVAIL;
+     while(*hdr) {
+ 	if(*hdr=='\'' || *hdr=='\t' || *hdr=='\r' || *hdr=='\n' || !isprint(*hdr))
+ 	    *hdr = ' ';
+ 	hdr++;
+     }
++    return ret;
+ }
+ 
+ static void nullify(SMFICTX *ctx, struct CLAMFI *cf, enum CFWHAT closewhat) {
+@@ -113,9 +118,22 @@
+ 
+ 
+ static sfsistat sendchunk(struct CLAMFI *cf, unsigned char *bodyp, size_t len, SMFICTX *ctx) {
+-    if(cf->totsz >= maxfilesize)
++    if(cf->totsz >= maxfilesize || len == 0)
+ 	return SMFIS_CONTINUE;
+ 
++    if(!cf->totsz) {
++	sfsistat ret;
++	if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
++	    logg("!Failed to initiate streaming/fdpassing\n");
++	    nullify(ctx, cf, CF_NONE);
++	    return FailAction;
++	}
++	cf->totsz = 1; /* do not infloop */
++	if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
++	    return ret;
++	cf->totsz -= 1;
++    }
++
+     if(cf->totsz + len > maxfilesize)
+ 	len = maxfilesize - cf->totsz;
+ 
+@@ -166,35 +184,28 @@
+     if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
+ 	return SMFIS_CONTINUE; /* whatever */
+ 
+-    if(loginfected == LOGINF_FULL) {
+-	if(headerf && !strcasecmp(headerf, "Subject") && !cf->msg_subj)
+-	    cf->msg_subj = strdup(headerv);
+-	if(headerf && !strcasecmp(headerf, "Date") && !cf->msg_date)
+-	    cf->msg_date = strdup(headerv);
+-	if(headerf && !strcasecmp(headerf, "Message-ID") && !cf->msg_id)
+-	    cf->msg_id = strdup(headerv);
++    if(!cf->totsz && cf->all_whitelisted) {
++	logg("*Skipping scan (all destinations whitelisted)\n");
++	nullify(ctx, cf, CF_NONE);
++	return SMFIS_ACCEPT;
+     }
+ 
+-    if(!cf->totsz) {
+-	if(cf->all_whitelisted) {
+-	    logg("*Skipping scan (all destinations whitelisted)\n");
+-	    nullify(ctx, cf, CF_NONE);
+-	    return SMFIS_ACCEPT;
+-	}
+-	if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
+-	    logg("!Failed to initiate streaming/fdpassing\n");
+-	    nullify(ctx, cf, CF_NONE);
+-	    return FailAction;
+-	}
+-	if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
+-	    return ret;
++    if(!headerf) return SMFIS_CONTINUE; /* just in case */
++
++    if(loginfected == LOGINF_FULL) {
++	if(!cf->msg_subj && !strcasecmp(headerf, "Subject"))
++	    cf->msg_subj = strdup(headerv ? headerv : "");
++	if(!cf->msg_date && !strcasecmp(headerf, "Date"))
++	    cf->msg_date = strdup(headerv ? headerv : "");
++	if(!cf->msg_id && !strcasecmp(headerf, "Message-ID"))
++	    cf->msg_id = strdup(headerv ? headerv : "");
+     }
+ 
+     if((ret = sendchunk(cf, (unsigned char *)headerf, strlen(headerf), ctx)) != SMFIS_CONTINUE)
+ 	return ret;
+     if((ret = sendchunk(cf, (unsigned char *)": ", 2, ctx)) != SMFIS_CONTINUE)
+ 	return ret;
+-    if((ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
++    if(headerv && (ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
+ 	return ret;
+     return sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
+ }
+@@ -205,6 +216,14 @@
+ 
+     if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
+ 	return SMFIS_CONTINUE; /* whatever */
++
++    if(!cf->gotbody) {
++	sfsistat ret = sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
++	if(ret != SMFIS_CONTINUE)
++	    return ret;
++	cf->gotbody = 1;
++    }
++
+     return sendchunk(cf, bodyp, len, ctx);
+ }
+ 
+@@ -225,6 +244,14 @@
+     if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
+ 	return SMFIS_CONTINUE; /* whatever */
+ 
++    if(!cf->totsz) {
++	/* got no headers and no body */
++	logg("*Not scanning an empty message\n");
++	ret = CleanAction(ctx);
++	nullify(ctx, cf, CF_NONE);
++	return ret;
++    }
++
+     if(cf->local) {
+ 	if(nc_send(cf->main, "nFILDES\n", 8)) {
+ 	    logg("!FD scan request failed\n");
+@@ -286,18 +313,19 @@
+ 		}
+ 
+ 		if(loginfected) {
+-		    const char *from = smfi_getsymval(ctx, "{mail_addr}"), *to = smfi_getsymval(ctx, "{rcpt_addr}");
+-		    
+-		    if(!from) from = "UNKNOWN";
+-		    if(!to) to = "UNKNOWN";
+-		    
++		    const char *from = smfi_getsymval(ctx, "{mail_addr}");
++		    const char *to = smfi_getsymval(ctx, "{rcpt_addr}");
++
++		    if(!from) from = HDR_UNAVAIL;
++		    if(!to) to = HDR_UNAVAIL;
+ 		    if(loginfected == LOGINF_FULL) {
+ 			const char *id = smfi_getsymval(ctx, "{i}");
++			const char *msg_subj = makesanehdr(cf->msg_subj);
++			const char *msg_date = makesanehdr(cf->msg_date);
++			const char *msg_id = makesanehdr(cf->msg_id);
+ 
+-			makesanehdr(cf->msg_subj);
+-			makesanehdr(cf->msg_date);
+-			makesanehdr(cf->msg_id);
+-			logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id ? id : "UNKNOWN", from, to, cf->msg_subj, cf->msg_id, cf->msg_date, vir);
++			if(!id) id = HDR_UNAVAIL;
++			logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id, from, to, msg_subj, msg_id, msg_date, vir);
+ 		    } else logg("~Message from <%s> to <%s> infected by %s\n", from, to, vir);
+ 		}
+ 	    }
+@@ -504,12 +532,18 @@
+ 
+ sfsistat clamfi_envfrom(SMFICTX *ctx, char **argv) {
+     struct CLAMFI *cf;
++    const char *login = smfi_getsymval(ctx, "{auth_authen}");
+ 
++    if(login && smtpauthed(login)) {
++	logg("*Skipping scan for authenticated user %s\n", login);
++	return SMFIS_ACCEPT;
++    }
++
+     if(whitelisted(argv[0], 1)) {
+ 	logg("*Skipping scan for %s (whitelisted from)\n", argv[0]);
+ 	return SMFIS_ACCEPT;
+     }
+-    
++
+     if(!(cf = (struct CLAMFI *)malloc(sizeof(*cf)))) {
+ 	logg("!Failed to allocate CLAMFI struct\n");
+ 	return FailAction;
+@@ -518,6 +552,7 @@
+     cf->bufsz = 0;
+     cf->main = cf->alt = -1;
+     cf->all_whitelisted = 1;
++    cf->gotbody = 0;
+     cf->msg_subj = cf->msg_date = cf->msg_id = NULL;
+     smfi_setpriv(ctx, (void *)cf);
+ 
+Index: clamav-milter/whitelist.c
+===================================================================
+--- clamav-milter/whitelist.c	(revision 4964)
++++ clamav-milter/whitelist.c	(working copy)
+@@ -25,8 +25,8 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <sys/types.h>
+-#include <regex.h>
+ 
++#include "libclamav/regex/regex.h"
+ #include "shared/output.h"
+ #include "whitelist.h"
+ 
+@@ -38,17 +38,20 @@
+ struct WHLST *wfrom = NULL;
+ struct WHLST *wto = NULL;
+ 
++int skipauth = 0;
++regex_t authreg;
++
+ void whitelist_free(void) {
+     struct WHLST *w;
+     while(wfrom) {
+ 	w = wfrom->next;
+-	regfree(&wfrom->preg);
++	cli_regfree(&wfrom->preg);
+ 	free(wfrom);
+ 	wfrom = w;
+     }
+     while(wto) {
+ 	w = wto->next;
+-	regfree(&wto->preg);
++	cli_regfree(&wto->preg);
+ 	free(wto);
+ 	wto = w;
+     }
+@@ -85,14 +88,14 @@
+ 	}
+ 	if(!len) continue;
+ 	if (!(w = (struct WHLST *)malloc(sizeof(*w)))) {
+-	    logg("!Out of memory loading whitelist\n");
++	    logg("!Out of memory loading whitelist file\n");
+ 	    whitelist_free();
+ 	    return 1;
+ 	}
+ 	w->next = (*addto);
+ 	(*addto) = w;
+-	if (regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
+-	    logg("!Failed to compile regex '%s'\n", ptr);
++	if (cli_regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
++	    logg("!Failed to compile regex '%s' in whitelist file\n", ptr);
+ 	    whitelist_free();
+ 	    return 1;
+ 	}
+@@ -108,7 +111,7 @@
+     else w = wto;
+ 
+     while(w) {
+-	if(!regexec(&w->preg, addr, 0, NULL, 0))
++	if(!cli_regexec(&w->preg, addr, 0, NULL, 0))
+ 	    return 1;
+ 	w = w->next;
+     }
+@@ -116,6 +119,23 @@
+ }
+ 
+ 
++int smtpauth_init(const char *r) {
++    if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) {
++	logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r);
++	return 1;
++    }
++    skipauth = 1;
++    return 0;
++}
++
++
++int smtpauthed(const char *login) {
++    if(skipauth && !cli_regexec(&authreg, login, 0, NULL, 0))
++	return 1;
++    return 0;
++}
++
++
+ /*
+  * Local Variables:
+  * mode: c
+Index: clamav-milter/clamav-milter.c
+===================================================================
+--- clamav-milter/clamav-milter.c	(revision 4964)
++++ clamav-milter/clamav-milter.c	(working copy)
+@@ -211,6 +211,14 @@
+ 	return 1;
+     }
+ 
++    if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) {
++	localnets_free();
++	whitelist_free();
++	logg_close();
++	optfree(opts);
++	return 1;
++    }
++
+     if(optget(opts, "AddHeader")->enabled) {
+ 	char myname[255];
+
author	garga <garga@FreeBSD.org>	2009-04-03 21:56:35 +0800
committer	garga <garga@FreeBSD.org>	2009-04-03 21:56:35 +0800
commit	e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1 (patch)
tree	8ee56ede818f08e4b0c843f486334cadf9a0263d /security
parent	c685c1a2a1a433a55bee709cbf7ff930dd086e1c (diff)
download	freebsd-ports-gnome-e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1.tar.gz freebsd-ports-gnome-e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1.tar.zst freebsd-ports-gnome-e3ec3eb38aaf9d063c8c5f266bc7c58df3f718b1.zip