2003-07-29 15:48:06 +00:00
|
|
|
/*
|
2025-02-14 10:24:30 -05:00
|
|
|
* Copyright (C) 2013-2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
|
2019-01-25 10:15:50 -05:00
|
|
|
* Copyright (C) 2007-2013 Sourcefire, Inc.
|
2009-02-13 10:55:45 +00:00
|
|
|
*
|
|
|
|
|
* Authors: Tomasz Kojm
|
2003-07-29 15:48:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
2007-03-31 20:31:04 +00:00
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
|
* published by the Free Software Foundation.
|
2003-07-29 15:48:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2006-04-09 19:59:28 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301, USA.
|
2003-07-29 15:48:06 +00:00
|
|
|
*/
|
|
|
|
|
|
2006-09-13 22:06:13 +00:00
|
|
|
#if HAVE_CONFIG_H
|
|
|
|
|
#include "clamav-config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2004-02-20 15:49:29 +00:00
|
|
|
#include <string.h>
|
2006-09-12 20:55:09 +00:00
|
|
|
#ifdef HAVE_UNISTD_H
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <unistd.h>
|
2009-09-30 00:54:04 +02:00
|
|
|
#endif
|
|
|
|
|
#ifndef _WIN32
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <sys/time.h>
|
2010-08-31 15:10:56 +03:00
|
|
|
#include <sys/resource.h>
|
2006-09-12 20:55:09 +00:00
|
|
|
#endif
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
2003-11-23 22:42:20 +00:00
|
|
|
#include <fcntl.h>
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <time.h>
|
2009-09-24 16:21:51 +02:00
|
|
|
#ifdef HAVE_PWD_H
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <pwd.h>
|
2009-09-24 16:21:51 +02:00
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_GRP_H
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <grp.h>
|
2006-09-12 20:55:09 +00:00
|
|
|
#endif
|
2009-08-06 22:29:13 +02:00
|
|
|
#include <signal.h>
|
2010-06-15 16:14:07 +02:00
|
|
|
#include <errno.h>
|
2020-08-21 20:20:36 -07:00
|
|
|
#include <locale.h>
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-03-29 00:00:58 +00:00
|
|
|
#if defined(USE_SYSLOG) && !defined(C_AIX)
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <syslog.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2025-08-18 22:02:47 +02:00
|
|
|
#if defined(C_LINUX) || defined(__GLIBC__)
|
2004-02-27 09:45:46 +00:00
|
|
|
#include <sys/resource.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-09-05 20:45:39 +00:00
|
|
|
#include "target.h"
|
|
|
|
|
|
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
|
|
|
// libclamav
|
|
|
|
|
#include "clamav.h"
|
|
|
|
|
#include "others.h"
|
|
|
|
|
#include "matcher-ac.h"
|
|
|
|
|
#include "readdb.h"
|
2006-09-05 20:45:39 +00:00
|
|
|
|
2021-03-04 19:39:50 -08:00
|
|
|
// common
|
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
|
|
|
#include "output.h"
|
|
|
|
|
#include "optparser.h"
|
|
|
|
|
#include "misc.h"
|
2006-09-05 20:45:39 +00:00
|
|
|
|
|
|
|
|
#include "server.h"
|
2003-07-29 15:48:06 +00:00
|
|
|
#include "tcpserver.h"
|
|
|
|
|
#include "localserver.h"
|
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
|
|
|
#include "clamd_others.h"
|
2004-03-29 00:00:58 +00:00
|
|
|
#include "shared.h"
|
2010-11-02 12:26:33 +02:00
|
|
|
#include "scanner.h"
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2021-07-13 15:31:20 -04:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
#include "service.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-07-24 10:47:20 -07:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
#ifndef WIN32
|
|
|
|
|
#include <sys/wait.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-03-30 21:11:25 +00:00
|
|
|
short debug_mode = 0, logok = 0;
|
2016-02-09 13:46:13 -05:00
|
|
|
short foreground = -1;
|
2005-06-07 01:40:08 +00:00
|
|
|
|
2007-02-11 00:41:13 +00:00
|
|
|
static void help(void)
|
2006-09-05 20:45:39 +00:00
|
|
|
{
|
|
|
|
|
printf("\n");
|
2018-02-06 16:23:07 -05:00
|
|
|
printf(" Clam AntiVirus: Daemon %s\n", get_version());
|
2018-03-27 13:06:46 -04:00
|
|
|
printf(" By The ClamAV Team: https://www.clamav.net/about.html#credits\n");
|
2025-02-14 10:24:30 -05:00
|
|
|
printf(" (C) 2025 Cisco Systems, Inc.\n");
|
2018-02-06 16:23:07 -05:00
|
|
|
printf("\n");
|
|
|
|
|
printf(" clamd [options]\n");
|
|
|
|
|
printf("\n");
|
|
|
|
|
printf(" --help -h Show this help\n");
|
|
|
|
|
printf(" --version -V Show version number\n");
|
2021-07-13 15:31:20 -04:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
printf(" --install-service Install Windows Service\n");
|
|
|
|
|
printf(" --uninstall-service Uninstall Windows Service\n");
|
|
|
|
|
#endif
|
2018-10-24 18:52:29 -04:00
|
|
|
printf(" --foreground -F Run in foreground; do not daemonize\n");
|
2018-02-06 16:23:07 -05:00
|
|
|
printf(" --debug Enable debug mode\n");
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
printf(" --log=FILE -l FILE Log into FILE\n");
|
2018-02-06 16:23:07 -05:00
|
|
|
printf(" --config-file=FILE -c FILE Read configuration from FILE\n");
|
2023-05-31 17:38:00 -07:00
|
|
|
printf(" --fail-if-cvd-older-than=days Return with a nonzero error code if virus database outdated\n");
|
|
|
|
|
printf(" --datadir=DIRECTORY Load signatures from DIRECTORY\n");
|
|
|
|
|
printf(" --pid=FILE -p FILE Write the daemon's pid to FILE\n");
|
FIPS-compliant CVD signing and verification
Add X509 certificate chain based signing with PKCS7-PEM external
signatures distributed alongside CVD's in a custom .cvd.sign format.
This new signing and verification mechanism is primarily in support
of FIPS compliance.
Fixes: https://github.com/Cisco-Talos/clamav/issues/564
Add a Rust implementation for parsing, verifying, and unpacking CVD
files.
Now installs a 'certs' directory in the app config directory
(e.g. <prefix>/etc/certs). The install location is configurable.
The CMake option to configure the CVD certs directory is:
`-D CVD_CERTS_DIRECTORY=PATH`
New options to set an alternative CVD certs directory:
- Commandline for freshclam, clamd, clamscan, and sigtool is:
`--cvdcertsdir PATH`
- Env variable for freshclam, clamd, clamscan, and sigtool is:
`CVD_CERTS_DIR`
- Config option for freshclam and clamd is:
`CVDCertsDirectory PATH`
Sigtool:
- Add sign/verify commands.
- Also verify CDIFF external digital signatures when applying CDIFFs.
- Place commonly used commands at the top of --help string.
- Fix up manpage.
Freshclam:
- Will try to download .sign files to verify CVDs and CDIFFs.
- Fix an issue where making a CLD would only include the CFG file for
daily and not if patching any other database.
libclamav.so:
- Bump version to 13:0:1 (aka 12.1.0).
- Also remove libclamav.map versioning.
Resolves: https://github.com/Cisco-Talos/clamav/issues/1304
- Add two new API's to the public clamav.h header:
```c
extern cl_error_t cl_cvdverify_ex(const char *file,
const char *certs_directory);
extern cl_error_t cl_cvdunpack_ex(const char *file,
const char *dir,
bool dont_verify,
const char *certs_directory);
```
The original `cl_cvdverify` and `cl_cvdunpack` are deprecated.
- Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`.
You may set this option with `cl_engine_set_str` and get it
with `cl_engine_get_str`, to override the compiled in default
CVD certs directory.
libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0).
Add sigtool sign/verify tests and test certs.
Make it so downloadFile doesn't throw a warning if the server
doesn't have the .sign file.
Replace use of md5-based FP signatures in the unit tests with
sha256-based FP signatures because the md5 implementation used
by Python may be disabled in FIPS mode.
Fixes: https://github.com/Cisco-Talos/clamav/issues/1411
CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates
to build against the same OpenSSL library as is used for the C build.
The Rust unit test application must also link directly with libcrypto
and libssl.
Fix some log messages with missing new lines.
Fix missing environment variable notes in --help messages and manpages.
Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in
clamav-config.h.in for libclamav from variable that had the same name
for use in clamav applications that use the optparser.
The 'clamav-test' certs for the unit tests will live for 10 years.
The 'clamav-beta.crt' public cert will only live for 120 days and will
be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
|
|
|
printf(" --cvdcertsdir=DIRECTORY Specify a directory containing the root\n");
|
|
|
|
|
printf(" CA cert needed to verify detached CVD digital signatures.\n");
|
|
|
|
|
printf(" If not provided, then clamd will look in the default directory.\n");
|
|
|
|
|
printf("\n");
|
|
|
|
|
printf("Environment Variables:\n");
|
|
|
|
|
printf("\n");
|
|
|
|
|
printf(" LD_LIBRARY_PATH May be used on startup to find the libclamunrar_iface\n");
|
|
|
|
|
printf(" shared library module to enable RAR archive support.\n");
|
|
|
|
|
printf(" CVD_CERTS_DIR Specify a directory containing the root CA cert needed\n");
|
|
|
|
|
printf(" to verify detached CVD digital signatures.\n");
|
|
|
|
|
printf(" If not provided, then clamd will look in the default directory.\n");
|
2018-02-06 16:23:07 -05:00
|
|
|
printf("\n");
|
|
|
|
|
printf("Pass in - as the filename for stdin.\n");
|
|
|
|
|
printf("\n");
|
2006-09-05 20:45:39 +00:00
|
|
|
}
|
|
|
|
|
|
2008-12-17 21:42:54 +00:00
|
|
|
static struct optstruct *opts;
|
2009-10-02 13:21:33 +03:00
|
|
|
|
|
|
|
|
/* When running under valgrind and daemonizing, valgrind incorrectly reports
|
|
|
|
|
* leaks from the engine, because it can't see that all the memory is still
|
2020-01-03 15:44:07 -05:00
|
|
|
* reachable (some pointers are stored mangled in the JIT).
|
2009-10-02 13:21:33 +03:00
|
|
|
* So free the engine on exit from the parent too (during daemonize)
|
|
|
|
|
*/
|
|
|
|
|
static struct cl_engine *gengine = NULL;
|
|
|
|
|
static void free_engine(void)
|
|
|
|
|
{
|
|
|
|
|
if (gengine) {
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_free(gengine);
|
|
|
|
|
gengine = NULL;
|
2009-10-02 13:21:33 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-05-15 18:30:18 +00:00
|
|
|
int main(int argc, char **argv)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
2014-01-25 17:29:26 -05:00
|
|
|
static struct cl_engine *engine = NULL;
|
|
|
|
|
const struct optstruct *opt;
|
2018-12-03 12:40:13 -05:00
|
|
|
#ifndef _WIN32
|
2014-01-25 17:29:26 -05:00
|
|
|
struct passwd *user = NULL;
|
|
|
|
|
struct sigaction sa;
|
2020-08-31 11:34:05 -07:00
|
|
|
int dropPrivRet = 0;
|
2020-11-06 22:16:23 -08:00
|
|
|
#endif
|
2025-08-18 22:02:47 +02:00
|
|
|
#if defined(C_LINUX) || defined(__GLIBC__) || (defined(RLIMIT_DATA) && defined(C_BSD))
|
2020-11-06 22:16:23 -08:00
|
|
|
struct rlimit rlim;
|
2008-05-30 10:27:24 +00:00
|
|
|
#endif
|
2014-01-25 17:29:26 -05:00
|
|
|
time_t currtime;
|
|
|
|
|
const char *dbdir, *cfgfile;
|
|
|
|
|
char *pua_cats = NULL, *pt;
|
2014-07-11 09:30:58 -04:00
|
|
|
int ret, tcpsock = 0, localsock = 0, min_port, max_port;
|
2018-12-03 12:40:13 -05:00
|
|
|
unsigned int sigs = 0;
|
|
|
|
|
int *lsockets = NULL;
|
2014-01-25 21:50:33 -05:00
|
|
|
unsigned int nlsockets = 0;
|
2014-01-25 17:29:26 -05:00
|
|
|
unsigned int dboptions = 0;
|
2018-12-03 12:40:13 -05:00
|
|
|
unsigned int i;
|
2016-02-09 13:46:13 -05:00
|
|
|
int j;
|
|
|
|
|
int num_fd;
|
2020-07-24 10:47:20 -07:00
|
|
|
pid_t parentPid = getpid();
|
2004-05-11 00:14:14 +00:00
|
|
|
#ifdef C_LINUX
|
2014-01-25 17:29:26 -05:00
|
|
|
STATBUF sb;
|
2004-05-11 00:14:14 +00:00
|
|
|
#endif
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
pid_t mainpid = 0;
|
|
|
|
|
mode_t old_umask = 0;
|
|
|
|
|
const char *user_name = NULL;
|
FIPS-compliant CVD signing and verification
Add X509 certificate chain based signing with PKCS7-PEM external
signatures distributed alongside CVD's in a custom .cvd.sign format.
This new signing and verification mechanism is primarily in support
of FIPS compliance.
Fixes: https://github.com/Cisco-Talos/clamav/issues/564
Add a Rust implementation for parsing, verifying, and unpacking CVD
files.
Now installs a 'certs' directory in the app config directory
(e.g. <prefix>/etc/certs). The install location is configurable.
The CMake option to configure the CVD certs directory is:
`-D CVD_CERTS_DIRECTORY=PATH`
New options to set an alternative CVD certs directory:
- Commandline for freshclam, clamd, clamscan, and sigtool is:
`--cvdcertsdir PATH`
- Env variable for freshclam, clamd, clamscan, and sigtool is:
`CVD_CERTS_DIR`
- Config option for freshclam and clamd is:
`CVDCertsDirectory PATH`
Sigtool:
- Add sign/verify commands.
- Also verify CDIFF external digital signatures when applying CDIFFs.
- Place commonly used commands at the top of --help string.
- Fix up manpage.
Freshclam:
- Will try to download .sign files to verify CVDs and CDIFFs.
- Fix an issue where making a CLD would only include the CFG file for
daily and not if patching any other database.
libclamav.so:
- Bump version to 13:0:1 (aka 12.1.0).
- Also remove libclamav.map versioning.
Resolves: https://github.com/Cisco-Talos/clamav/issues/1304
- Add two new API's to the public clamav.h header:
```c
extern cl_error_t cl_cvdverify_ex(const char *file,
const char *certs_directory);
extern cl_error_t cl_cvdunpack_ex(const char *file,
const char *dir,
bool dont_verify,
const char *certs_directory);
```
The original `cl_cvdverify` and `cl_cvdunpack` are deprecated.
- Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`.
You may set this option with `cl_engine_set_str` and get it
with `cl_engine_get_str`, to override the compiled in default
CVD certs directory.
libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0).
Add sigtool sign/verify tests and test certs.
Make it so downloadFile doesn't throw a warning if the server
doesn't have the .sign file.
Replace use of md5-based FP signatures in the unit tests with
sha256-based FP signatures because the md5 implementation used
by Python may be disabled in FIPS mode.
Fixes: https://github.com/Cisco-Talos/clamav/issues/1411
CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates
to build against the same OpenSSL library as is used for the C build.
The Rust unit test application must also link directly with libcrypto
and libssl.
Fix some log messages with missing new lines.
Fix missing environment variable notes in --help messages and manpages.
Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in
clamav-config.h.in for libclamav from variable that had the same name
for use in clamav applications that use the optparser.
The 'clamav-test' certs for the unit tests will live for 10 years.
The 'clamav-beta.crt' public cert will only live for 120 days and will
be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
|
|
|
char *cvdcertsdir = NULL;
|
|
|
|
|
STATBUF statbuf;
|
2006-05-15 18:30:18 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (check_flevel())
|
2014-01-25 17:29:26 -05:00
|
|
|
exit(1);
|
2010-05-10 17:05:16 +02:00
|
|
|
|
2025-07-25 22:42:43 +01:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
SetConsoleOutputCP(CP_UTF8);
|
|
|
|
|
#else /* !_WIN32 */
|
2009-08-05 18:34:21 +02:00
|
|
|
memset(&sa, 0, sizeof(sa));
|
|
|
|
|
sa.sa_handler = SIG_IGN;
|
|
|
|
|
sigaction(SIGHUP, &sa, NULL);
|
|
|
|
|
sigaction(SIGUSR2, &sa, NULL);
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
if (!setlocale(LC_CTYPE, "")) {
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_WARNING, "Failed to set locale\n");
|
2020-08-21 20:20:36 -07:00
|
|
|
}
|
2006-09-12 20:55:09 +00:00
|
|
|
#endif
|
2006-05-15 18:30:18 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opts = optparse(NULL, argc, argv, 1, OPT_CLAMD, 0, NULL)) == NULL) {
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_ERROR, "Can't parse command line options\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
return 1;
|
2006-05-15 18:30:18 +00:00
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "help")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
help();
|
|
|
|
|
optfree(opts);
|
|
|
|
|
return 0;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "debug")->enabled) {
|
2025-08-18 22:02:47 +02:00
|
|
|
#if defined(C_LINUX) || defined(__GLIBC__)
|
2014-01-25 17:29:26 -05:00
|
|
|
/* njh@bandsman.co.uk: create a dump if needed */
|
|
|
|
|
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
|
2018-12-03 12:40:13 -05:00
|
|
|
if (setrlimit(RLIMIT_CORE, &rlim) < 0)
|
2014-01-25 17:29:26 -05:00
|
|
|
perror("setrlimit");
|
2004-02-27 09:45:46 +00:00
|
|
|
#endif
|
2014-01-25 17:29:26 -05:00
|
|
|
debug_mode = 1;
|
2004-02-27 09:45:46 +00:00
|
|
|
}
|
2004-02-17 00:08:25 +00:00
|
|
|
|
2016-02-09 13:46:13 -05:00
|
|
|
/* check foreground option from command line to override config file */
|
2018-12-03 12:40:13 -05:00
|
|
|
for (j = 0; j < argc; j += 1) {
|
|
|
|
|
if ((memcmp(argv[j], "--foreground", 12) == 0) || (memcmp(argv[j], "-F", 2) == 0)) {
|
2016-02-09 13:46:13 -05:00
|
|
|
/* found */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (j < argc) {
|
|
|
|
|
if (optget(opts, "Foreground")->enabled) {
|
2016-02-09 13:46:13 -05:00
|
|
|
foreground = 1;
|
2018-12-03 12:40:13 -05:00
|
|
|
} else {
|
2016-02-09 13:46:13 -05:00
|
|
|
foreground = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
num_fd = sd_listen_fds(0);
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
/* parse the config file */
|
2008-12-17 21:42:54 +00:00
|
|
|
cfgfile = optget(opts, "config-file")->strarg;
|
2018-12-03 12:40:13 -05:00
|
|
|
pt = strdup(cfgfile);
|
2015-09-21 14:41:19 -04:00
|
|
|
if (pt == NULL) {
|
2018-12-03 12:40:13 -05:00
|
|
|
fprintf(stderr, "ERROR: Unable to allocate memory for config file\n");
|
|
|
|
|
return 1;
|
2015-09-21 14:41:19 -04:00
|
|
|
}
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opts = optparse(cfgfile, 0, NULL, 1, OPT_CLAMD, 0, opts)) == NULL) {
|
2014-01-25 17:29:26 -05:00
|
|
|
fprintf(stderr, "ERROR: Can't open/parse the config file %s\n", pt);
|
|
|
|
|
free(pt);
|
|
|
|
|
return 1;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
2008-12-17 21:42:54 +00:00
|
|
|
free(pt);
|
2008-01-22 10:42:30 +00:00
|
|
|
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
if ((opt = optget(opts, "User"))->enabled) {
|
2020-08-31 11:34:05 -07:00
|
|
|
user_name = opt->strarg;
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "version")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
print_version(optget(opts, "DatabaseDirectory")->strarg);
|
|
|
|
|
optfree(opts);
|
|
|
|
|
return 0;
|
2008-01-22 10:42:30 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-24 10:47:20 -07:00
|
|
|
/* initialize logger */
|
|
|
|
|
logg_lock = !optget(opts, "LogFileUnlock")->enabled;
|
|
|
|
|
logg_time = optget(opts, "LogTime")->enabled;
|
|
|
|
|
logok = optget(opts, "LogClean")->enabled;
|
|
|
|
|
logg_size = optget(opts, "LogFileMaxSize")->numarg;
|
|
|
|
|
logg_verbose = mprintf_verbose = optget(opts, "LogVerbose")->enabled;
|
|
|
|
|
if (logg_size)
|
|
|
|
|
logg_rotate = optget(opts, "LogRotate")->enabled;
|
|
|
|
|
mprintf_send_timeout = optget(opts, "SendBufTimeout")->numarg;
|
|
|
|
|
|
|
|
|
|
if ((opt = optget(opts, "LogFile"))->enabled) {
|
|
|
|
|
char timestr[32];
|
|
|
|
|
logg_file = opt->strarg;
|
|
|
|
|
if (!cli_is_abspath(logg_file)) {
|
|
|
|
|
fprintf(stderr, "ERROR: LogFile requires full path.\n");
|
|
|
|
|
ret = 1;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
time(&currtime);
|
2022-02-16 00:13:55 +01:00
|
|
|
if (logg(LOGG_INFO_NF, "+++ Started at %s", cli_ctime(&currtime, timestr, sizeof(timestr)))) {
|
2020-07-24 10:47:20 -07:00
|
|
|
fprintf(stderr, "ERROR: Can't initialize the internal logger\n");
|
|
|
|
|
ret = 1;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
logg_file = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifndef WIN32
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
/* fork into background */
|
|
|
|
|
if (foreground == -1) {
|
|
|
|
|
if (optget(opts, "Foreground")->enabled) {
|
|
|
|
|
foreground = 1;
|
|
|
|
|
} else {
|
|
|
|
|
foreground = 0;
|
2020-07-24 10:47:20 -07:00
|
|
|
}
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
}
|
|
|
|
|
if (foreground == 0) {
|
|
|
|
|
int daemonizeRet = 0;
|
2020-07-24 10:47:20 -07:00
|
|
|
#ifdef C_BSD
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
/* workaround for OpenBSD bug, see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=885 */
|
|
|
|
|
for (ret = 0; (unsigned int)ret < nlsockets; ret++) {
|
|
|
|
|
if (fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) | O_NONBLOCK) == -1) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "fcntl for lsockets[] failed\n");
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
close(lsockets[ret]);
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
2020-07-24 10:47:20 -07:00
|
|
|
}
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
}
|
2020-07-24 10:47:20 -07:00
|
|
|
#endif
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
gengine = engine;
|
|
|
|
|
atexit(free_engine);
|
|
|
|
|
daemonizeRet = daemonize_parent_wait(user_name, logg_file);
|
|
|
|
|
if (daemonizeRet < 0) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "daemonize() failed: %s\n", strerror(errno));
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
gengine = NULL;
|
2020-07-24 10:47:20 -07:00
|
|
|
#ifdef C_BSD
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
for (ret = 0; (unsigned int)ret < nlsockets; ret++) {
|
|
|
|
|
if (fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) & ~O_NONBLOCK) == -1) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "fcntl for lsockets[] failed\n");
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
close(lsockets[ret]);
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
2020-07-24 10:47:20 -07:00
|
|
|
}
|
|
|
|
|
}
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
#endif
|
|
|
|
|
}
|
2020-07-24 10:47:20 -07:00
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* save the PID */
|
|
|
|
|
mainpid = getpid();
|
|
|
|
|
if ((opt = optget(opts, "PidFile"))->enabled) {
|
|
|
|
|
FILE *fd;
|
2020-11-25 09:46:19 -08:00
|
|
|
old_umask = umask(0022);
|
2020-07-24 10:47:20 -07:00
|
|
|
if ((fd = fopen(opt->strarg, "w")) == NULL) {
|
2022-02-16 00:13:55 +01:00
|
|
|
// logg(LOGG_ERROR, "Can't save PID in file %s\n", opt->strarg);
|
|
|
|
|
logg(LOGG_ERROR, "Can't save PID to file %s: %s\n", opt->strarg, strerror(errno));
|
2020-07-24 10:47:20 -07:00
|
|
|
exit(2);
|
|
|
|
|
} else {
|
|
|
|
|
if (fprintf(fd, "%u\n", (unsigned int)mainpid) < 0) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Can't save PID to file %s: %s\n", opt->strarg, strerror(errno));
|
|
|
|
|
// logg(LOGG_ERROR, "Can't save PID in file %s\n", opt->strarg);
|
2020-07-24 10:47:20 -07:00
|
|
|
fclose(fd);
|
|
|
|
|
exit(2);
|
|
|
|
|
}
|
|
|
|
|
fclose(fd);
|
|
|
|
|
}
|
|
|
|
|
umask(old_umask);
|
|
|
|
|
|
2009-09-24 19:10:27 +02:00
|
|
|
#ifndef _WIN32
|
2020-08-31 11:34:05 -07:00
|
|
|
/*If the file has already been created by a different user, it will just be
|
|
|
|
|
* rewritten by us, but not change the ownership, so do that explicitly.
|
|
|
|
|
*/
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
if (0 == geteuid()) {
|
|
|
|
|
struct passwd *pw = getpwuid(0);
|
|
|
|
|
int ret = lchown(opt->strarg, pw->pw_uid, pw->pw_gid);
|
|
|
|
|
if (ret) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Can't change ownership of PID file %s '%s'\n", opt->strarg, strerror(errno));
|
2020-08-31 11:34:05 -07:00
|
|
|
exit(2);
|
|
|
|
|
}
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2020-08-31 11:34:05 -07:00
|
|
|
#endif /* _WIN32 */
|
2005-06-07 01:40:08 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-13 15:31:20 -04:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
|
|
|
|
|
if (optget(opts, "install-service")->enabled) {
|
|
|
|
|
svc_install("clamd", "ClamAV ClamD",
|
|
|
|
|
"Provides virus scanning facilities for ClamAV");
|
|
|
|
|
optfree(opts);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (optget(opts, "uninstall-service")->enabled) {
|
|
|
|
|
svc_uninstall("clamd", 1);
|
|
|
|
|
optfree(opts);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-08-31 11:34:05 -07:00
|
|
|
/* drop privileges */
|
|
|
|
|
#ifndef _WIN32
|
|
|
|
|
dropPrivRet = drop_privileges(user_name, logg_file);
|
|
|
|
|
if (dropPrivRet) {
|
|
|
|
|
optfree(opts);
|
|
|
|
|
return dropPrivRet;
|
|
|
|
|
}
|
|
|
|
|
#endif /* _WIN32 */
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2009-02-12 21:14:45 +00:00
|
|
|
do { /* logger initialized */
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "DevLiblog")->enabled)
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_set_clcb_msg(msg_callback);
|
2008-11-12 16:19:43 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((ret = cl_init(CL_INIT_DEFAULT))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Can't initialize libclamav: %s\n", cl_strerror(ret));
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "Debug")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
/* enable debug messages in libclamav */
|
|
|
|
|
cl_debug();
|
|
|
|
|
logg_verbose = 2;
|
|
|
|
|
}
|
2008-11-12 16:19:43 +00:00
|
|
|
|
2004-03-29 00:00:58 +00:00
|
|
|
#if defined(USE_SYSLOG) && !defined(C_AIX)
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "LogSyslog")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
int fac = LOG_LOCAL6;
|
|
|
|
|
|
|
|
|
|
opt = optget(opts, "LogFacility");
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((fac = logg_facility(opt->strarg)) == -1) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "LogFacility: %s: No such facility.\n", opt->strarg);
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
openlog("clamd", LOG_PID, fac);
|
|
|
|
|
logg_syslog = 1;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
#endif
|
|
|
|
|
|
2004-05-11 00:14:14 +00:00
|
|
|
#ifdef C_LINUX
|
2014-01-25 17:29:26 -05:00
|
|
|
procdev = 0;
|
2018-12-03 12:40:13 -05:00
|
|
|
if (CLAMSTAT("/proc", &sb) != -1 && !sb.st_size)
|
2014-01-25 17:29:26 -05:00
|
|
|
procdev = sb.st_dev;
|
2004-05-11 00:14:14 +00:00
|
|
|
#endif
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2014-01-25 17:29:26 -05:00
|
|
|
/* check socket type */
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "TCPSocket")->enabled)
|
2014-01-25 17:29:26 -05:00
|
|
|
tcpsock = 1;
|
2005-06-22 15:54:28 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "LocalSocket")->enabled)
|
2014-01-25 17:29:26 -05:00
|
|
|
localsock = 1;
|
2005-06-22 15:54:28 +00:00
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Received %d file descriptor(s) from systemd.\n", num_fd);
|
2016-02-09 13:46:13 -05:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (!tcpsock && !localsock && num_fd == 0) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Please define server type (local and/or TCP).\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "clamd daemon %s (OS: " TARGET_OS_TYPE ", ARCH: " TARGET_ARCH_TYPE ", CPU: " TARGET_CPU_TYPE ")\n", get_version());
|
2007-02-22 19:08:59 +00:00
|
|
|
|
2009-09-24 16:08:52 +02:00
|
|
|
#ifndef _WIN32
|
2018-12-03 12:40:13 -05:00
|
|
|
if (user)
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Running as user %s (UID %u, GID %u)\n", user->pw_name, user->pw_uid, user->pw_gid);
|
2008-05-30 10:27:24 +00:00
|
|
|
#endif
|
2007-03-19 20:36:17 +00:00
|
|
|
|
2010-09-22 10:38:57 +03:00
|
|
|
#if defined(RLIMIT_DATA) && defined(C_BSD)
|
2014-01-25 17:29:26 -05:00
|
|
|
if (getrlimit(RLIMIT_DATA, &rlim) == 0) {
|
2018-12-03 12:40:13 -05:00
|
|
|
/* bb #1941.
|
2022-02-16 00:13:55 +01:00
|
|
|
* On 32-bit FreeBSD if you set ulimit -d to >2GB then mmap() will fail
|
|
|
|
|
* too soon (after ~120 MB).
|
|
|
|
|
* Set limit lower than 2G if on 32-bit */
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t lim = rlim.rlim_cur;
|
|
|
|
|
if (sizeof(void *) == 4 &&
|
|
|
|
|
lim > (1ULL << 31)) {
|
|
|
|
|
rlim.rlim_cur = 1ULL << 31;
|
|
|
|
|
if (setrlimit(RLIMIT_DATA, &rlim) < 0)
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "setrlimit(RLIMIT_DATA) failed: %s\n", strerror(errno));
|
2018-12-03 12:40:13 -05:00
|
|
|
else
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "Running on 32-bit system, and RLIMIT_DATA > 2GB, lowering to 2GB!\n");
|
2018-12-03 12:40:13 -05:00
|
|
|
}
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2010-08-31 15:10:56 +03:00
|
|
|
#endif
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (logg_size)
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Log file size limited to %lld bytes.\n", (long long int)logg_size);
|
2014-01-25 17:29:26 -05:00
|
|
|
else
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Log file size limit disabled.\n");
|
2007-02-22 19:08:59 +00:00
|
|
|
|
2014-01-25 17:29:26 -05:00
|
|
|
min_port = optget(opts, "StreamMinPort")->numarg;
|
|
|
|
|
max_port = optget(opts, "StreamMaxPort")->numarg;
|
|
|
|
|
if (min_port < 1024 || min_port > max_port || max_port > 65535) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Invalid StreamMinPort/StreamMaxPort: %d, %d\n", min_port, max_port);
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-02-12 16:51:09 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (!(engine = cl_engine_new())) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Can't initialize antivirus engine\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2008-11-12 16:19:43 +00:00
|
|
|
|
2023-03-31 17:20:54 -04:00
|
|
|
if ((opt = optget(opts, "cache-size"))->enabled)
|
|
|
|
|
cl_engine_set_num(engine, CL_ENGINE_CACHE_SIZE, opt->numarg);
|
2014-01-25 17:29:26 -05:00
|
|
|
if (optget(opts, "disable-cache")->enabled)
|
|
|
|
|
cl_engine_set_num(engine, CL_ENGINE_DISABLE_CACHE, 1);
|
|
|
|
|
|
|
|
|
|
/* load the database(s) */
|
|
|
|
|
dbdir = optget(opts, "DatabaseDirectory")->strarg;
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Reading databases from %s\n", dbdir);
|
2014-01-25 17:29:26 -05:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "DetectPUA")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
dboptions |= CL_DB_PUA;
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "ExcludePUA"))->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
dboptions |= CL_DB_PUA_EXCLUDE;
|
|
|
|
|
i = 0;
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Excluded PUA categories:");
|
2014-01-25 17:29:26 -05:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
while (opt) {
|
|
|
|
|
if (!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Can't allocate memory for pua_cats\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_free(engine);
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, " %s", opt->strarg);
|
2014-01-25 17:29:26 -05:00
|
|
|
|
|
|
|
|
sprintf(pua_cats + i, ".%s", opt->strarg);
|
|
|
|
|
i += strlen(opt->strarg) + 1;
|
|
|
|
|
pua_cats[i] = 0;
|
2018-12-03 12:40:13 -05:00
|
|
|
opt = opt->nextarg;
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
break;
|
|
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "\n");
|
2018-12-03 12:40:13 -05:00
|
|
|
pua_cats[i] = '.';
|
2014-01-25 17:29:26 -05:00
|
|
|
pua_cats[i + 1] = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "IncludePUA"))->enabled) {
|
|
|
|
|
if (pua_cats) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "ExcludePUA and IncludePUA cannot be used at the same time\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
free(pua_cats);
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dboptions |= CL_DB_PUA_INCLUDE;
|
|
|
|
|
i = 0;
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Included PUA categories:");
|
2018-12-03 12:40:13 -05:00
|
|
|
while (opt) {
|
|
|
|
|
if (!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Can't allocate memory for pua_cats\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, " %s", opt->strarg);
|
2014-01-25 17:29:26 -05:00
|
|
|
|
|
|
|
|
sprintf(pua_cats + i, ".%s", opt->strarg);
|
|
|
|
|
i += strlen(opt->strarg) + 1;
|
|
|
|
|
pua_cats[i] = 0;
|
2018-12-03 12:40:13 -05:00
|
|
|
opt = opt->nextarg;
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
break;
|
|
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "\n");
|
2018-12-03 12:40:13 -05:00
|
|
|
pua_cats[i] = '.';
|
2014-01-25 17:29:26 -05:00
|
|
|
pua_cats[i + 1] = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (pua_cats) {
|
|
|
|
|
if ((ret = cl_engine_set_str(engine, CL_ENGINE_PUA_CATEGORIES, pua_cats))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "cli_engine_set_str(CL_ENGINE_PUA_CATEGORIES) failed: %s\n", cl_strerror(ret));
|
2014-01-25 17:29:26 -05:00
|
|
|
free(pua_cats);
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
free(pua_cats);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Not loading PUA signatures.\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2007-08-13 18:10:35 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "OfficialDatabaseOnly")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
dboptions |= CL_DB_OFFICIAL_ONLY;
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Only loading official signatures.\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2009-11-10 19:30:33 +01:00
|
|
|
|
2014-01-25 17:29:26 -05:00
|
|
|
/* set the temporary dir */
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "TemporaryDirectory"))->enabled) {
|
|
|
|
|
if ((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret));
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2023-10-16 15:15:11 -07:00
|
|
|
|
|
|
|
|
STATBUF sb;
|
|
|
|
|
if (CLAMSTAT(opt->strarg, &sb) != 0 && !S_ISDIR(sb.st_mode)) {
|
|
|
|
|
logg(LOGG_ERROR, "Current configuration of TemporaryDirectory: %s does not exist, or is not valid \n", opt->strarg);
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2008-11-14 22:23:39 +00:00
|
|
|
|
FIPS-compliant CVD signing and verification
Add X509 certificate chain based signing with PKCS7-PEM external
signatures distributed alongside CVD's in a custom .cvd.sign format.
This new signing and verification mechanism is primarily in support
of FIPS compliance.
Fixes: https://github.com/Cisco-Talos/clamav/issues/564
Add a Rust implementation for parsing, verifying, and unpacking CVD
files.
Now installs a 'certs' directory in the app config directory
(e.g. <prefix>/etc/certs). The install location is configurable.
The CMake option to configure the CVD certs directory is:
`-D CVD_CERTS_DIRECTORY=PATH`
New options to set an alternative CVD certs directory:
- Commandline for freshclam, clamd, clamscan, and sigtool is:
`--cvdcertsdir PATH`
- Env variable for freshclam, clamd, clamscan, and sigtool is:
`CVD_CERTS_DIR`
- Config option for freshclam and clamd is:
`CVDCertsDirectory PATH`
Sigtool:
- Add sign/verify commands.
- Also verify CDIFF external digital signatures when applying CDIFFs.
- Place commonly used commands at the top of --help string.
- Fix up manpage.
Freshclam:
- Will try to download .sign files to verify CVDs and CDIFFs.
- Fix an issue where making a CLD would only include the CFG file for
daily and not if patching any other database.
libclamav.so:
- Bump version to 13:0:1 (aka 12.1.0).
- Also remove libclamav.map versioning.
Resolves: https://github.com/Cisco-Talos/clamav/issues/1304
- Add two new API's to the public clamav.h header:
```c
extern cl_error_t cl_cvdverify_ex(const char *file,
const char *certs_directory);
extern cl_error_t cl_cvdunpack_ex(const char *file,
const char *dir,
bool dont_verify,
const char *certs_directory);
```
The original `cl_cvdverify` and `cl_cvdunpack` are deprecated.
- Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`.
You may set this option with `cl_engine_set_str` and get it
with `cl_engine_get_str`, to override the compiled in default
CVD certs directory.
libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0).
Add sigtool sign/verify tests and test certs.
Make it so downloadFile doesn't throw a warning if the server
doesn't have the .sign file.
Replace use of md5-based FP signatures in the unit tests with
sha256-based FP signatures because the md5 implementation used
by Python may be disabled in FIPS mode.
Fixes: https://github.com/Cisco-Talos/clamav/issues/1411
CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates
to build against the same OpenSSL library as is used for the C build.
The Rust unit test application must also link directly with libcrypto
and libssl.
Fix some log messages with missing new lines.
Fix missing environment variable notes in --help messages and manpages.
Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in
clamav-config.h.in for libclamav from variable that had the same name
for use in clamav applications that use the optparser.
The 'clamav-test' certs for the unit tests will live for 10 years.
The 'clamav-beta.crt' public cert will only live for 120 days and will
be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
|
|
|
cvdcertsdir = optget(opts, "cvdcertsdir")->strarg;
|
|
|
|
|
if (NULL != cvdcertsdir) {
|
|
|
|
|
// Config option must override the engine defaults
|
|
|
|
|
// (which would've used the env var or hardcoded path)
|
|
|
|
|
if (LSTAT(cvdcertsdir, &statbuf) == -1) {
|
|
|
|
|
logg(LOGG_ERROR,
|
|
|
|
|
"ClamAV CA certificates directory is missing: %s"
|
|
|
|
|
" - It should have been provided as a part of installation.\n",
|
|
|
|
|
cvdcertsdir);
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((ret = cl_engine_set_str(engine, CL_ENGINE_CVDCERTSDIR, cvdcertsdir))) {
|
|
|
|
|
logg(LOGG_ERROR, "cli_engine_set_str(CL_ENGINE_CVDCERTSDIR) failed: %s\n", cl_strerror(ret));
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_set_clcb_hash(engine, hash_callback);
|
|
|
|
|
|
2015-10-01 17:47:37 -04:00
|
|
|
cl_engine_set_clcb_virus_found(engine, clamd_virus_found_cb);
|
|
|
|
|
|
libclamav: Add engine option to toggle temp directory recursion
Temp directory recursion in ClamAV is when each layer of a scan gets its
own temp directory in the parent layer's temp directory.
In addition to temp directory recursion, ClamAV has been creating a new
subdirectory for each file scan as a risk-adverse method to ensure
no temporary file leaks fill up the disk.
Creating a directory is relatively slow on Windows in particular if
scanning a lot of very small files.
This commit:
1. Separates the temp directory recursion feature from the leave-temps
feature so that libclamav can leave temp files without making
subdirectories for each file scanned.
2. Makes it so that when temp directory recursion is off, libclamav
will just use the configure temp directory for all files.
The new option to enable temp directory recursion is for libclamav-only
at this time. It is off by default, and you can enable it like this:
```c
cl_engine_set_num(engine, CL_ENGINE_TMPDIR_RECURSION, 1);
```
For the `clamscan` and `clamd` programs, temp directory recursion will
be enabled when `--leave-temps` / `LeaveTemporaryFiles` is enabled.
The difference is that when disabled, it will return to using the
configured temp directory without making a subdirectory for each file
scanned, so as to improve scan performance for small files, mostly on
Windows.
Under the hood, this commit also:
1. Cleans up how we keep track of tmpdirs for each layer.
The goal here is to align how we keep track of layer-specific stuff
using the scan_layer structure.
2. Cleans up how we record metadata JSON for embedded files.
Note: Embedded files being different from Contained files, as they
are extracted not with a parser, but by finding them with
file type magic signatures.
CLAM-1583
2025-06-09 20:42:31 -04:00
|
|
|
if (optget(opts, "LeaveTemporaryFiles")->enabled) {
|
|
|
|
|
/* Set the engine to keep temporary files */
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
|
libclamav: Add engine option to toggle temp directory recursion
Temp directory recursion in ClamAV is when each layer of a scan gets its
own temp directory in the parent layer's temp directory.
In addition to temp directory recursion, ClamAV has been creating a new
subdirectory for each file scan as a risk-adverse method to ensure
no temporary file leaks fill up the disk.
Creating a directory is relatively slow on Windows in particular if
scanning a lot of very small files.
This commit:
1. Separates the temp directory recursion feature from the leave-temps
feature so that libclamav can leave temp files without making
subdirectories for each file scanned.
2. Makes it so that when temp directory recursion is off, libclamav
will just use the configure temp directory for all files.
The new option to enable temp directory recursion is for libclamav-only
at this time. It is off by default, and you can enable it like this:
```c
cl_engine_set_num(engine, CL_ENGINE_TMPDIR_RECURSION, 1);
```
For the `clamscan` and `clamd` programs, temp directory recursion will
be enabled when `--leave-temps` / `LeaveTemporaryFiles` is enabled.
The difference is that when disabled, it will return to using the
configured temp directory without making a subdirectory for each file
scanned, so as to improve scan performance for small files, mostly on
Windows.
Under the hood, this commit also:
1. Cleans up how we keep track of tmpdirs for each layer.
The goal here is to align how we keep track of layer-specific stuff
using the scan_layer structure.
2. Cleans up how we record metadata JSON for embedded files.
Note: Embedded files being different from Contained files, as they
are extracted not with a parser, but by finding them with
file type magic signatures.
CLAM-1583
2025-06-09 20:42:31 -04:00
|
|
|
/* Also set the engine to create temporary directory structure */
|
|
|
|
|
cl_engine_set_num(engine, CL_ENGINE_TMPDIR_RECURSION, 1);
|
|
|
|
|
}
|
2014-01-25 17:29:26 -05:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "ForceToDisk")->enabled)
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_set_num(engine, CL_ENGINE_FORCETODISK, 1);
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "PhishingSignatures")->enabled)
|
2014-01-25 17:29:26 -05:00
|
|
|
dboptions |= CL_DB_PHISHING;
|
|
|
|
|
else
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Not loading phishing signatures.\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "Bytecode")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
dboptions |= CL_DB_BYTECODE;
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "BytecodeSecurity"))->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
enum bytecode_security s;
|
|
|
|
|
|
|
|
|
|
if (!strcmp(opt->strarg, "TrustSigned")) {
|
|
|
|
|
s = CL_BYTECODE_TRUST_SIGNED;
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Bytecode: Security mode set to \"TrustSigned\".\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
} else if (!strcmp(opt->strarg, "Paranoid")) {
|
|
|
|
|
s = CL_BYTECODE_TRUST_NOTHING;
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Bytecode: Security mode set to \"Paranoid\".\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
} else {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Unable to parse bytecode security setting:%s\n",
|
2018-12-03 12:40:13 -05:00
|
|
|
opt->strarg);
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((ret = cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, s))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_WARNING, "Invalid bytecode security setting %s: %s\n", opt->strarg, cl_strerror(ret));
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "BytecodeUnsigned"))->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
dboptions |= CL_DB_BYTECODE_UNSIGNED;
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Bytecode: Enabled support for unsigned bytecode.\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "BytecodeMode"))->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
enum bytecode_mode mode;
|
|
|
|
|
|
|
|
|
|
if (!strcmp(opt->strarg, "ForceJIT"))
|
|
|
|
|
mode = CL_BYTECODE_MODE_JIT;
|
2018-12-03 12:40:13 -05:00
|
|
|
else if (!strcmp(opt->strarg, "ForceInterpreter"))
|
2014-01-25 17:29:26 -05:00
|
|
|
mode = CL_BYTECODE_MODE_INTERPRETER;
|
2018-12-03 12:40:13 -05:00
|
|
|
else if (!strcmp(opt->strarg, "Test"))
|
2014-01-25 17:29:26 -05:00
|
|
|
mode = CL_BYTECODE_MODE_TEST;
|
|
|
|
|
else
|
|
|
|
|
mode = CL_BYTECODE_MODE_AUTO;
|
|
|
|
|
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "BytecodeTimeout"))->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Bytecode support disabled.\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2007-11-08 15:17:08 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "PhishingScanURLs")->enabled)
|
2014-01-25 17:29:26 -05:00
|
|
|
dboptions |= CL_DB_PHISHING_URLS;
|
|
|
|
|
else
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Disabling URL based phishing detection.\n");
|
2007-11-08 15:17:08 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "DevACOnly")->enabled) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Only using the A-C matcher.\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_set_num(engine, CL_ENGINE_AC_ONLY, 1);
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "DevACDepth"))->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
cl_engine_set_num(engine, CL_ENGINE_AC_MAXDEPTH, opt->numarg);
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Max A-C depth set to %u\n", (unsigned int)opt->numarg);
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2012-11-30 09:57:25 -05:00
|
|
|
|
2021-07-13 15:31:20 -04:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
if (optget(opts, "daemon")->enabled) {
|
|
|
|
|
cl_engine_set_clcb_sigload(engine, svc_checkpoint, NULL);
|
|
|
|
|
svc_register("clamd");
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2023-03-29 00:22:48 +03:00
|
|
|
if (optget(opts, "fail-if-cvd-older-than")->enabled) {
|
|
|
|
|
if (check_if_cvd_outdated(dbdir, optget(opts, "fail-if-cvd-older-than")->numarg) != CL_SUCCESS) {
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-13 15:31:20 -04:00
|
|
|
|
FIPS & FIPS-like limits on hash algs for cryptographic uses
ClamAV will not function when using a FIPS-enabled OpenSSL 3.x.
This is because ClamAV uses MD5 and SHA1 algorithms for a variety of
purposes including matching for malware detection, matching to prevent
false positives on known-clean files, and for verification of MD5-based
RSA digital signatures for determining CVD (signature database archive)
authenticity.
Interestingly, FIPS had been intentionally bypassed when creating hashes
based whole buffers and whole files (by descriptor or `FILE`-pointer):
https://github.com/Cisco-Talos/clamav/commit/78d4a9985a06a418dd1338c94ee5db461035d75b
Note: this bypassed FIPS the 1.x way with:
`EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);`
It was NOT disabled when using `cl_hash_init()` / `cl_update_hash()` /
`cl_finish_hash()`. That likely worked by coincidence in that the hash
was already calculated most of the time. It certainly would have made
use of those functions if the hash had not been calculated prior:
https://github.com/Cisco-Talos/clamav/blob/78d4a9985a06a418dd1338c94ee5db461035d75b/libclamav/matcher.c#L743
Regardless, bypassing FIPS entirely is not the correct solution.
The FIPS restrictions against using MD5 and SHA1 are valid, particularly
when verifying CVD digital siganatures, but also I think when using a
hash to determine if the file is known-clean (i.e. the "clean cache" and
also MD5-based and SHA1-based FP signatures).
This commit extends the work to bypass FIPS using the newer 3.x method:
`md = EVP_MD_fetch(NULL, alg, "-fips");`
It does this for the legacy `cl_hash*()` functions including
`cl_hash_init()` / `cl_update_hash()` / `cl_finish_hash()`.
It also introduces extended versions that allow the caller to choose if
they want to bypass FIPS:
- `cl_hash_data_ex()`
- `cl_hash_init_ex()`
- `cl_update_hash_ex()`
- `cl_finish_hash_ex()`
- `cl_hash_destroy_ex()`
- `cl_hash_file_fd_ex()`
See the `flags` parameter for each.
Ironically, this commit does NOT use the new functions at this time.
The rational is that ClamAV may need MD5, SHA1, and SHA-256 hashes of
the same files both for determining if the file is malware, and for
determining if the file is clean.
So instead, this commit will do a checks when:
1. Creating a new ClamAV scanning engine. If FIPS-mode enabled, it will
automatically toggle the "FIPS limits" engine option.
When loading signatures, if the engine "FIPS limits" option is enabled,
then MD5 and SHA1 FP signatures will be skipped.
2. Before verifying a CVD (e.g. also for loading, unpacking when
verification enabled).
If "FIPS limits" or FIPS-mode are enabled, then the legacy MD5-based RSA
method is disabled.
Note: This commit also refactors the interface for `cl_cvdverify_ex()`
and `cl_cvdunpack_ex()` so they take a `flags` parameters, rather than a
single `bool`. As these functions are new in this version, it does not
break the ABI.
The cache was already switched to use SHA2-256, so that's not a concern
for checking FIPS-mode / FIPS limits options.
This adds an option for `freshclam.conf` and `clamd.conf`:
FIPSCryptoHashLimits yes
And an equivalent command-line option for `clamscan` and `sigtool`:
--fips-limits
You may programmatically enable FIPS-limits for a ClamAV engine like this:
```C
cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1);
```
CLAM-2792
2025-07-01 20:41:47 -04:00
|
|
|
if (optget(opts, "FIPSCryptoHashLimits")->enabled) {
|
|
|
|
|
dboptions |= CL_DB_FIPS_LIMITS;
|
|
|
|
|
cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1);
|
|
|
|
|
logg(LOGG_INFO_NF, "FIPS crypto hash limits enabled.\n");
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((ret = cl_load(dbdir, engine, &sigs, dboptions))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "%s\n", cl_strerror(ret));
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2020-06-02 15:46:31 -04:00
|
|
|
if ((ret = statinidir(dbdir))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "%s\n", cl_strerror(ret));
|
2015-06-16 14:56:32 -04:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-25 17:29:26 -05:00
|
|
|
if (optget(opts, "DisableCertCheck")->enabled)
|
2016-03-16 15:42:35 -04:00
|
|
|
cl_engine_set_num(engine, CL_ENGINE_DISABLE_PE_CERTS, 1);
|
2005-06-22 15:54:28 +00:00
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO_NF, "Loaded %u signatures.\n", sigs);
|
2014-01-25 17:29:26 -05:00
|
|
|
|
2016-02-08 15:24:30 -05:00
|
|
|
/* pcre engine limits - required for cl_engine_compile */
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "PCREMatchLimit"))->active) {
|
|
|
|
|
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MATCH_LIMIT, opt->numarg))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "cli_engine_set_num(PCREMatchLimit) failed: %s\n", cl_strerror(ret));
|
2016-02-08 15:24:30 -05:00
|
|
|
cl_engine_free(engine);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "PCRERecMatchLimit"))->active) {
|
|
|
|
|
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_RECMATCH_LIMIT, opt->numarg))) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "cli_engine_set_num(PCRERecMatchLimit) failed: %s\n", cl_strerror(ret));
|
2016-02-08 15:24:30 -05:00
|
|
|
cl_engine_free(engine);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((ret = cl_engine_compile(engine)) != 0) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Database initialization error: %s\n", cl_strerror(ret));
|
2013-02-28 19:42:41 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2014-01-25 17:29:26 -05:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (tcpsock || num_fd > 0) {
|
2014-01-25 21:50:33 -05:00
|
|
|
opt = optget(opts, "TCPAddr");
|
|
|
|
|
if (opt->enabled) {
|
|
|
|
|
int breakout = 0;
|
|
|
|
|
|
|
|
|
|
while (opt && opt->strarg) {
|
|
|
|
|
char *ipaddr = (!strcmp(opt->strarg, "all") ? NULL : opt->strarg);
|
|
|
|
|
|
|
|
|
|
if (tcpserver(&lsockets, &nlsockets, ipaddr, opts) == -1) {
|
2018-12-03 12:40:13 -05:00
|
|
|
ret = 1;
|
2014-01-25 21:50:33 -05:00
|
|
|
breakout = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
opt = opt->nextarg;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (breakout)
|
|
|
|
|
break;
|
|
|
|
|
} else {
|
|
|
|
|
if (tcpserver(&lsockets, &nlsockets, NULL, opts) == -1) {
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#ifndef _WIN32
|
2018-12-03 12:40:13 -05:00
|
|
|
if (localsock && num_fd == 0) {
|
2014-01-25 21:50:33 -05:00
|
|
|
int *t;
|
2014-01-25 17:29:26 -05:00
|
|
|
mode_t sock_mode, umsk = umask(0777); /* socket is created with 000 to avoid races */
|
2014-01-25 21:50:33 -05:00
|
|
|
|
|
|
|
|
t = realloc(lsockets, sizeof(int) * (nlsockets + 1));
|
|
|
|
|
if (!(t)) {
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
lsockets = t;
|
|
|
|
|
|
2014-01-25 17:29:26 -05:00
|
|
|
if ((lsockets[nlsockets] = localserver(opts)) == -1) {
|
|
|
|
|
ret = 1;
|
|
|
|
|
umask(umsk);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
umask(umsk); /* restore umask */
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "LocalSocketGroup")->enabled) {
|
|
|
|
|
char *gname = optget(opts, "LocalSocketGroup")->strarg, *end;
|
2014-01-25 17:29:26 -05:00
|
|
|
gid_t sock_gid = strtol(gname, &end, 10);
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (*end) {
|
2014-01-25 17:29:26 -05:00
|
|
|
struct group *pgrp = getgrnam(gname);
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (!pgrp) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Unknown group %s\n", gname);
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sock_gid = pgrp->gr_gid;
|
|
|
|
|
}
|
2018-12-03 12:40:13 -05:00
|
|
|
if (chown(optget(opts, "LocalSocket")->strarg, -1, sock_gid)) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Failed to change socket ownership to group %s\n", gname);
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "LocalSocketMode")->enabled) {
|
2014-01-25 17:29:26 -05:00
|
|
|
char *end;
|
|
|
|
|
|
|
|
|
|
sock_mode = strtol(optget(opts, "LocalSocketMode")->strarg, &end, 8);
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (*end) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Invalid LocalSocketMode %s\n", optget(opts, "LocalSocketMode")->strarg);
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
sock_mode = 0777 /* & ~umsk*/; /* conservative default: umask was 0 in clamd < 0.96 */
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (chmod(optget(opts, "LocalSocket")->strarg, sock_mode & 0666)) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Cannot set socket permission for %s to %3o\n", optget(opts, "LocalSocket")->strarg, sock_mode & 0666);
|
2014-01-25 17:29:26 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nlsockets++;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-09 13:46:13 -05:00
|
|
|
/* check for local sockets passed by systemd */
|
2018-12-03 12:40:13 -05:00
|
|
|
if (num_fd > 0) {
|
2016-02-09 13:46:13 -05:00
|
|
|
int *t;
|
|
|
|
|
t = realloc(lsockets, sizeof(int) * (nlsockets + 1));
|
|
|
|
|
if (!(t)) {
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
lsockets = t;
|
|
|
|
|
|
|
|
|
|
lsockets[nlsockets] = localserver(opts);
|
2018-12-03 12:40:13 -05:00
|
|
|
if (lsockets[nlsockets] == -1) {
|
2016-02-09 13:46:13 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
2018-12-03 12:40:13 -05:00
|
|
|
} else if (lsockets[nlsockets] > 0) {
|
2016-02-09 13:46:13 -05:00
|
|
|
nlsockets++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-24 10:47:20 -07:00
|
|
|
if (0 == foreground) {
|
|
|
|
|
if (!debug_mode) {
|
|
|
|
|
if (chdir("/") == -1) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_WARNING, "Can't change current working directory to root\n");
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
|
|
|
|
}
|
2020-07-24 10:47:20 -07:00
|
|
|
|
|
|
|
|
#ifndef _WIN32
|
|
|
|
|
|
|
|
|
|
/*Since some of the logging is written to stderr, and some of it
|
2020-11-25 09:46:19 -08:00
|
|
|
* is written to a log file, close stdin, stderr, and stdout
|
2020-07-24 10:47:20 -07:00
|
|
|
* now, since everything is initialized.*/
|
|
|
|
|
|
|
|
|
|
/*signal the parent process.*/
|
CMake: Add CTest support to match Autotools checks
An ENABLE_TESTS CMake option is provided so that users can disable
testing if they don't want it. Instructions for how to use this
included in the INSTALL.cmake.md file.
If you run `ctest`, each testcase will write out a log file to the
<build>/unit_tests directory.
As with Autotools' make check, the test files are from test/.split
and unit_tests/.split files, but for CMake these are generated at
build time instead of at test time.
On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled
libraries can be loaded when running tests.
On Windows systems, CTest will identify and collect all library
dependencies and assemble a temporarily install under the
build/unit_tests directory so that the libraries can be loaded when
running tests.
The same feature is used on Windows when using CMake to install to
collect all DLL dependencies so that users don't have to install them
manually afterwards.
Each of the CTest tests are run using a custom wrapper around Python's
unittest framework, which is also responsible for finding and inserting
valgrind into the valgrind tests on Posix systems.
Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by
default, if Valgrind can be found. There's no need to set VG=1.
CTest's memcheck module is NOT supported, because we use Python to
orchestrate our tests.
Added a bunch of Windows compatibility changes to the unit tests.
These were primarily changing / to PATHSEP and making adjustments
to use Win32 C headers and ifdef out the POSIX ones which aren't
available on Windows. Also disabled a bunch of tests on Win32
that don't work on Windows, notably the mmap ones and FD-passing
(i.e. FILEDES) ones.
Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate
warnings on Windows where json.h is included after inttypes.h because
json-c's inttypes replacement relies on it.
This is a it of a hack and may be removed if json-c fixes their
inttypes header stuff in the future.
Add preprocessor definitions on Windows to disable MSVC warnings about
CRT secure and nonstandard functions. While there may be a better
solution, this is needed to be able to see other more serious warnings.
Add missing file comment block and copyright statement for clamsubmit.c.
Also change json-c/json.h include filename to json.h in clamsubmit.c.
The directory name is not required.
Changed the hash table data integer type from long, which is poorly
defined, to size_t -- which is capable of storing a pointer. Fixed a
bunch of casts regarding this variable to eliminate warnings.
Fixed two bugs causing utf8 encoding unit tests to fail on Windows:
- The in_size variable should be the number of bytes, not the character
count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8
transcoding test to only transcode half the bytes.
- It turns out that the MultiByteToWideChar() API can't transcode
UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer
and flip the bytes on each uint16_t. This but was causing the UTF16-BE
to UTF8 tests to fail.
I also split up the utf8 transcoding tests into separate tests so I
could see all of the failures instead of just the first one.
Added a flags parameter to the unit test function to open testfiles
because it turns out that on Windows if a file contains the \r\n it will
replace it with just \n if you opened the file as a text file instead of
as binary. However, if we open the CBC files as binary, then a bunch of
bytecode tests fail. So I've changed the tests to open the CBC files in
the bytecode tests as text files and open all other files as binary.
Ported the feature tests from shell scripts to Python using a modified
version of our QA test-framework, which is largely compatible and will
allow us to migrate some QA tests into this repo. I'd like to add GitHub
Actions pipelines in the future so that all public PR's get some testing
before anyone has to manually review them.
The clamd --log option was missing from the help string, though it
definitely works. I've added it in this commit.
It appears that clamd.c was never clang-format'd, so this commit also
reformats clamd.c.
Some of the check_clamd tests expected the path returned by clamd to
match character for character with original path sent to clamd. However,
as we now evaluate real paths before a scan, the path returned by clamd
isn't going to match the relative (and possibly symlink-ridden) path
passed to clamdscan. I fixed this test by changing the test to search
for the basename: <signature> FOUND within the response instead of
matching the exact path.
Autotools: Link check_clamd with libclamav so we can use our utility
functions in check_clamd.c.
2020-08-25 23:14:23 -07:00
|
|
|
if (parentPid != getpid()) {
|
2020-07-24 10:47:20 -07:00
|
|
|
daemonize_signal_parent(parentPid);
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2008-08-01 15:45:10 +00:00
|
|
|
#endif
|
2014-01-25 17:29:26 -05:00
|
|
|
}
|
2020-07-24 10:47:20 -07:00
|
|
|
|
2021-07-13 15:31:20 -04:00
|
|
|
#elif defined(_WIN32)
|
|
|
|
|
if (optget(opts, "service-mode")->enabled) {
|
|
|
|
|
cl_engine_set_clcb_sigload(engine, NULL, NULL);
|
|
|
|
|
svc_ready();
|
|
|
|
|
}
|
2009-09-24 16:08:52 +02:00
|
|
|
#endif
|
2008-02-15 17:37:53 +00:00
|
|
|
|
2014-01-27 14:34:02 -05:00
|
|
|
if (nlsockets == 0) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Not listening on any interfaces\n");
|
2014-01-27 14:34:02 -05:00
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-02 15:46:31 -04:00
|
|
|
ret = recvloop(lsockets, nlsockets, engine, dboptions, opts);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2009-02-12 21:14:45 +00:00
|
|
|
} while (0);
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (num_fd == 0) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_DEBUG, "Closing the main socket%s.\n", (nlsockets > 1) ? "s" : "");
|
2009-02-12 21:14:45 +00:00
|
|
|
|
2016-02-09 13:46:13 -05:00
|
|
|
for (i = 0; i < nlsockets; i++) {
|
|
|
|
|
closesocket(lsockets[i]);
|
|
|
|
|
}
|
2009-09-24 19:10:27 +02:00
|
|
|
#ifndef _WIN32
|
2018-12-03 12:40:13 -05:00
|
|
|
if (nlsockets && localsock) {
|
2016-02-09 13:46:13 -05:00
|
|
|
opt = optget(opts, "LocalSocket");
|
2014-01-25 17:29:26 -05:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (unlink(opt->strarg) == -1)
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Can't unlink the socket file %s\n", opt->strarg);
|
2016-02-09 13:46:13 -05:00
|
|
|
else
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "Socket file removed.\n");
|
2016-02-09 13:46:13 -05:00
|
|
|
}
|
2009-02-12 21:14:45 +00:00
|
|
|
#endif
|
2016-02-09 13:46:13 -05:00
|
|
|
}
|
2009-02-12 21:14:45 +00:00
|
|
|
|
2014-01-28 09:43:33 -05:00
|
|
|
free(lsockets);
|
|
|
|
|
|
2003-12-01 19:28:40 +00:00
|
|
|
logg_close();
|
2008-12-17 21:42:54 +00:00
|
|
|
optfree(opts);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2006-09-05 20:45:39 +00:00
|
|
|
return ret;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|