Added setup support for TCP stream virus scanners

ChangeLog

@@ -3,6 +3,9 @@ $Id$
 
 v0.95.1		07-Jan-2008
 
+	mbselib.h:
+		Added file virscan function.
+
 	mbtask:
 		Added last changes for MIB counters.
 
@@ -12,6 +15,9 @@ v0.95.1		07-Jan-2008
 	mbsebbs:
 		Added MIB counters.
 
+	mbsetup:
+		Added support for TCP stream scanners.
+
 	script:
 		Added support for Zenwalk.
 

lib/Makefile

@@ -11,14 +11,14 @@ COMMON_SRCS	= clcomm.c client.c crc.c semafore.c signame.c charset.c remask.c \
 		  dostran.c ftnmsg.c mbfile.c nodelock.c rawio.c strcasestr.c \
 		  execute.c expipe.c getheader.c noderecord.c rfcaddr.c strutil.c \
 		  faddr.c gmtoffset.c packet.c rfcdate.c term.c endian.c timers.c \
-		  pidinfo.c tmpwork.c
+		  pidinfo.c tmpwork.c virscan.c
 COMMON_OBJS	= clcomm.o client.o crc.o semafore.o signame.o charset.o remask.o \
 		  ftscprod.o attach.o falists.o hdr.o parsedate.o rfcmsg.o unpacker.o \
 		  batchrd.o ftn.o pktname.o mangle.o sectest.o proglock.o rearc.o \
 		  dostran.o ftnmsg.o mbfile.o nodelock.o rawio.o strcasestr.o magic.o \
 		  execute.o expipe.o getheader.o noderecord.o rfcaddr.o strutil.o \
 		  faddr.o gmtoffset.o packet.o rfcdate.o term.o endian.o timers.o \
-		  pidinfo.o tmpwork.o
+		  pidinfo.o tmpwork.o virscan.o
 COMMON_HDRS	= mbselib.h
 NODELIST_SRCS	= nodelist.c
 NODELIST_OBJS	= nodelist.o
@@ -158,6 +158,7 @@ endian.o: ../config.h mbselib.h
 timers.o: ../config.h mbselib.h
 pidinfo.o: ../config.h mbselib.h
 tmpwork.o: ../config.h mbselib.h
+virscan.o: ../config.h mbselib.h
 dbcfg.o: ../config.h mbselib.h mbse.h users.h mbsedb.h
 dbdupe.o: ../config.h mbselib.h mbse.h users.h mbsedb.h
 dbftn.o: ../config.h mbselib.h users.h mbsedb.h
@@ -166,7 +167,7 @@ dbnode.o: ../config.h mbselib.h users.h mbsedb.h
 dbtic.o: ../config.h mbselib.h users.h mbsedb.h
 dbuser.o: ../config.h mbselib.h users.h mbsedb.h
 dbfdb.o: ../config.h mbselib.h users.h mbsedb.h
-jammsg.o: ../config.h mbselib.h msgtext.h msg.h jam.h jammsg.h
+jammsg.o: ../config.h mbselib.h msgtext.h msg.h jam.h jammsg.h users.h
 msg.o: ../config.h mbselib.h msgtext.h msg.h jammsg.h
 msgtext.o: ../config.h mbselib.h msgtext.h msg.h
 nntp.o: ../config.h mbselib.h mbinet.h

lib/mbselib.h

@@ -489,6 +489,7 @@ typedef enum {E_NOISP, E_TMPISP, E_PRMISP} EMODE;
 typedef enum {AREAMGR, FILEMGR, EMAIL} SERVICE;
 typedef enum {FEEDINN, FEEDRNEWS, FEEDUUCP} NEWSFEED;
 typedef enum {S_DIRECT, S_DIR, S_FTP} SESSIONTYPE;
+typedef enum {SCAN_EXTERN, CLAM_STREAM, FP_STREAM} SCANTYPE;
 
 
 
@@ -1526,6 +1527,9 @@ struct	_virscan {
 	unsigned	deleted  	: 1;	/* Scanner is deleted	   */
 	char		options[65];		/* Scanner options	   */
 	int		error;			/* Error level for OK	   */
+	int		scantype;		/* Virus scanner type	   */
+	char		host[65];		/* Stream scanner host	   */
+	unsigned int	port;			/* Stream scanner port	   */
 };
 
 
@@ -2600,6 +2604,12 @@ void clean_tmpwork(void);	    /* Remove tmp workdir		*/
 int  create_tmpwork(void);	    /* Create tmp workdir		*/
 
 
+/*
+ * virscan.c
+ */
+int VirScanFile(char *);		/* VirScan a file		*/
+
+
 /*************************************************************************
  *
  *  Charset mapping

lib/virscan.c

@@ -0,0 +1,119 @@
+/*****************************************************************************
+ *
+ * $Id$
+ * Purpose ...............: Scan a file for virusses
+ *
+ *****************************************************************************
+ * Copyright (C) 1997-2008
+ *   
+ * Michiel Broek		FIDO:		2:280/2802
+ * Beekmansbos 10
+ * 1971 BV IJmuiden
+ * the Netherlands
+ *
+ * This file is part of MBSE BBS.
+ *
+ * This BBS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2, or (at your option) any
+ * later version.
+ *
+ * MBSE BBS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with MBSE BBS; see the file COPYING.  If not, write to the Free
+ * Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ *****************************************************************************/
+
+#include "../config.h"
+#include "mbselib.h"
+
+
+extern pid_t	mypid;
+
+/*
+ *  Virusscan on a file.
+ */
+int VirScanFile(char *filename)
+{
+    char    *temp, *stdlog, *errlog, buf[256];
+    FILE    *fp, *lp;
+    int	    vrc, rc = FALSE, has_scan = FALSE;
+
+    temp = calloc(PATH_MAX, sizeof(char));
+    snprintf(temp,   PATH_MAX, "%s/etc/virscan.data", getenv("MBSE_ROOT"));
+
+    if ((fp = fopen(temp, "r")) == NULL) {
+	WriteError("No virus scanners defined");
+	free(temp);
+	return FALSE;
+    }
+    fread(&virscanhdr, sizeof(virscanhdr), 1, fp);
+
+    while (fread(&virscan, virscanhdr.recsize, 1, fp) == 1) {
+	if (virscan.available) {
+	    if (file_exist(virscan.scanner, X_OK) == 0) {
+	    	has_scan = TRUE;
+	    } else {
+		Syslog('+', "Warning: virusscanner %s marked active but not present", virscan.comment);
+	    }
+	}
+    }
+    if (!has_scan) {
+	Syslog('+', "No active virus scanners, skipping scan");
+	fclose(fp);
+	free(temp);
+	return FALSE;
+    }
+    
+    stdlog = calloc(PATH_MAX, sizeof(char));
+    errlog = calloc(PATH_MAX, sizeof(char));
+    snprintf(stdlog, PATH_MAX, "%s/tmp/stdlog%d", getenv("MBSE_ROOT"), mypid);
+    snprintf(errlog, PATH_MAX, "%s/tmp/errlog%d", getenv("MBSE_ROOT"), mypid);
+
+    fseek(fp, virscanhdr.hdrsize, SEEK_SET);
+    while (fread(&virscan, virscanhdr.recsize, 1, fp) == 1) {
+        if (virscan.available && (file_exist(virscan.scanner, X_OK) ==0)) {
+	    Syslog('+', "Scanning %s with %s", filename, virscan.comment);
+	    Altime(3600);
+	    vrc = execute_str(virscan.scanner, virscan.options, filename, (char *)"/dev/null", stdlog, errlog);
+	    if (file_size(stdlog)) {
+		if ((lp = fopen(stdlog, "r"))) {
+		    while (fgets(buf, sizeof(buf) -1, lp)) {
+			Striplf(buf);
+			Syslog('+', "stdout: \"%s\"", printable(buf, 0));
+		    }
+		    fclose(lp);
+		}
+	    }
+	    if (file_size(errlog)) {
+		if ((lp = fopen(errlog, "r"))) {
+		    while (fgets(buf, sizeof(buf) -1, lp)) {
+			Striplf(buf);
+			Syslog('+', "stderr: \"%s\"", printable(buf, 0));
+		    }
+		    fclose(lp);
+		}
+	    }
+	    unlink(stdlog);
+	    unlink(errlog);
+            if (vrc != virscan.error) {
+                Syslog('!', "Virus found by %s", virscan.comment);
+		rc = TRUE;
+            }
+	    Altime(0);
+	    Nopper();
+        }
+    }
+    fclose(fp);
+
+    free(temp);
+    free(stdlog);
+    free(errlog);
+    return rc;
+}
+
+

mbsetup/ledit.c

@@ -4,7 +4,7 @@
  * Purpose ...............: Line Editor
  *
  *****************************************************************************
- * Copyright (C) 1997-2007
+ * Copyright (C) 1997-2008
  *   
  * Michiel Broek		FIDO:		2:280/2802
  * Beekmansbos 10
@@ -2033,6 +2033,50 @@ int edit_sessiontype(int y, int x, int val)
 
 
 
+char *get_scannertype(int val)
+{
+    switch (val) {
+	case SCAN_EXTERN:   return (char *)"External commandline ";
+	case CLAM_STREAM:   return (char *)"ClamAV stream scanner";
+	case FP_STREAM:     return (char *)"F-Prot stream scanner";
+	default:            return NULL;
+    }
+}
+
+
+
+void show_scannertype(int y, int x, int val)
+{
+    mbse_mvprintw(y, x, get_scannertype(val));
+}
+
+
+
+int edit_scannertype(int y, int x, int val)
+{
+    int ch;
+
+    showhelp((char *)"Toggle ^Scanner type^ with spacebar, press <Enter> whene done.");
+    do {
+	set_color(YELLOW, BLUE);
+	show_scannertype(y, x, val);
+
+	ch = readkey(y, x, YELLOW, BLUE);
+
+	if (ch == ' ') {
+	    if (val < FP_STREAM)
+		val++;
+	    else
+		val = SCAN_EXTERN;
+	}
+    } while (ch != KEY_ENTER && ch != '\012');
+    set_color(WHITE, BLACK);
+    show_scannertype(y, x, val);
+    return val;
+}
+
+
+
 char *get_routetype(int val)
 {
     switch (val) {

mbsetup/ledit.h

@@ -78,6 +78,9 @@ int		edit_asktype(int, int, int, char *);
 char		*get_sessiontype(int);
 void		show_sessiontype(int, int, int);
 int		edit_sessiontype(int, int, int);
+char		*get_scannertype(int);
+void		show_scannertype(int, int, int);
+int		edit_scannertype(int, int, int);
 char		*get_routetype(int);
 void		show_routetype(int, int, int);
 int		edit_routetype(int, int, int);

mbsetup/m_virus.c

@@ -4,7 +4,7 @@
  * Purpose ...............: Setup Virus structure.
  *
  *****************************************************************************
- * Copyright (C) 1997-2005
+ * Copyright (C) 1997-2008
  *   
  * Michiel Broek		FIDO:		2:280/2802
  * Beekmansbos 10
@@ -62,7 +62,7 @@ int CountVirus(void)
 	    fwrite(&virscanhdr, sizeof(virscanhdr), 1, fil);
 	    
 	    /*
-			 *  Create some default records but don't enable them.
+	     *  Create some default records and enable them if they exist.
 	     */
 	    memset(&virscan, 0, sizeof(virscan));
 	    snprintf(virscan.comment, 41, "AntiVir/Linux Scanner");
@@ -74,10 +74,11 @@ int CountVirus(void)
 		virscan.available = FALSE;
 	    }
 	    snprintf(virscan.options, 65, "-allfiles -s -q");
+	    virscan.scantype = SCAN_EXTERN;
 	    fwrite(&virscan, sizeof(virscan), 1, fil);
 
 	    memset(&virscan, 0, sizeof(virscan));
-			snprintf(virscan.comment, 41, "F-Prot scanner");
+	    snprintf(virscan.comment, 41, "F-Prot commandline scanner");
 	    if (strlen(_PATH_FPROT)) {
 		snprintf(virscan.scanner, 65, "%s .", _PATH_FPROT);
 		virscan.available = TRUE;
@@ -86,6 +87,7 @@ int CountVirus(void)
 		virscan.available = FALSE;
 	    }
 	    snprintf(virscan.options, 65, "-archive -silent");
+	    virscan.scantype = SCAN_EXTERN;
 	    fwrite(&virscan, sizeof(virscan), 1, fil);
 
 	    memset(&virscan, 0, sizeof(virscan));
@@ -98,10 +100,11 @@ int CountVirus(void)
 		virscan.available = FALSE;
 	    }
             snprintf(virscan.options, 65, "--noboot --noexpire -r --secure -");
+	    virscan.scantype = SCAN_EXTERN;
             fwrite(&virscan, sizeof(virscan), 1, fil);
 
 	    memset(&virscan, 0, sizeof(virscan));
-			snprintf(virscan.comment, 41, "Clam AntiVirus");
+	    snprintf(virscan.comment, 41, "Clam AntiVirus commandline scanner");
 	    if (strlen(_PATH_CLAMAV)) {
 		snprintf(virscan.scanner, 65, "%s", _PATH_CLAMAV);
 		virscan.available = TRUE;
@@ -110,11 +113,28 @@ int CountVirus(void)
 		virscan.available = FALSE;
 	    }
 	    snprintf(virscan.options, 65, "--quiet --recursive");
+	    virscan.scantype = SCAN_EXTERN;
+	    fwrite(&virscan, sizeof(virscan), 1, fil);
+
+	    memset(&virscan, 0, sizeof(virscan));
+	    snprintf(virscan.comment, 41, "Clam AntiVirus stream scanner");
+	    virscan.available = FALSE;
+	    virscan.scantype = CLAM_STREAM;
+	    snprintf(virscan.host, 65, "localhost");
+	    virscan.port = 3310;
+	    fwrite(&virscan, sizeof(virscan), 1, fil);
+
+	    memset(&virscan, 0, sizeof(virscan));
+	    snprintf(virscan.comment, 41, "F-Prot stream scanner");
+	    virscan.available = FALSE;
+	    virscan.scantype = FP_STREAM;
+	    snprintf(virscan.host, 65, "localhost");
+	    virscan.port = 10200;
 	    fwrite(&virscan, sizeof(virscan), 1, fil);
 			
 	    fclose(fil);
 	    chmod(ffile, 0640);
-			return 4;
+	    return 6;
 	} else
 	    return -1;
     }
@@ -139,7 +159,7 @@ int OpenVirus(void)
 {
     FILE	*fin, *fout;
     char	fnin[PATH_MAX], fnout[PATH_MAX];
-	int	oldsize;
+    int		oldsize, has_stream = FALSE;
 
     snprintf(fnin,  PATH_MAX, "%s/etc/virscan.data", getenv("MBSE_ROOT"));
     snprintf(fnout, PATH_MAX, "%s/etc/virscan.temp", getenv("MBSE_ROOT"));
@@ -168,11 +188,34 @@ int OpenVirus(void)
 	     */
 	    memset(&virscan, 0, sizeof(virscan));
 	    while (fread(&virscan, oldsize, 1, fin) == 1) {
+		/*
+		 * Check if we already have defined stream scanners
+		 */
+		if (virscan.scantype != SCAN_EXTERN)
+		    has_stream = TRUE;
 		fwrite(&virscan, sizeof(virscan), 1, fout);
 		memset(&virscan, 0, sizeof(virscan));
 	    }
 
 	    fclose(fin);
+	    if ((oldsize != sizeof(virscan)) && (! has_stream)) {
+		memset(&virscan, 0, sizeof(virscan));
+		snprintf(virscan.comment, 41, "Clam AntiVirus stream scanner");
+		virscan.available = FALSE;
+		virscan.scantype = CLAM_STREAM;
+		snprintf(virscan.host, 65, "localhost");
+		virscan.port = 3310;
+		fwrite(&virscan, sizeof(virscan), 1, fout);
+
+		memset(&virscan, 0, sizeof(virscan));
+		snprintf(virscan.comment, 41, "F-Prot stream scanner");
+		virscan.available = FALSE;
+		virscan.scantype = FP_STREAM;
+		snprintf(virscan.host, 65, "localhost");
+		virscan.port = 10200;
+		fwrite(&virscan, sizeof(virscan), 1, fout);
+	    }
+
 	    fclose(fout);
 	    return 0;
 	} else
@@ -247,6 +290,29 @@ int AppendVirus(void)
 
 
 
+void ScanScreen(void)
+{
+    clr_index();
+    set_color(WHITE, BLACK);
+    mbse_mvprintw( 5, 2, "4.  EDIT VIRUS SCANNER");
+    set_color(CYAN, BLACK);
+    mbse_mvprintw( 7, 2, "1.  Comment");
+    mbse_mvprintw( 8, 2, "2.  Type");
+    mbse_mvprintw( 9, 2, "3.  Available");
+    mbse_mvprintw(10, 2, "4.  Deleted");
+    mbse_mvprintw(11, 2, "5.  Error lvl");
+
+    if (virscan.scantype == SCAN_EXTERN) {
+    	mbse_mvprintw(12, 2, "6.  Command");
+    	mbse_mvprintw(13, 2, "7.  Options");
+    } else {
+	mbse_mvprintw(12, 2, "6.  Host");
+	mbse_mvprintw(13, 2, "7.  Port");
+    }
+}
+
+
+
 /*
  * Edit one record, return -1 if there are errors, 0 if ok.
  */
@@ -254,8 +320,7 @@ int EditVirRec(int Area)
 {
     FILE		*fil;
     char		mfile[PATH_MAX];
-	int	offset;
+    int			offset, j;
-	int	j;
     unsigned int	crc, crc1;
 
     clr_index();
@@ -279,26 +344,25 @@ int EditVirRec(int Area)
     crc = 0xffffffff;
     crc = upd_crc32((char *)&virscan, crc, sizeof(virscan));
 
-	set_color(WHITE, BLACK);
+    ScanScreen();
-	mbse_mvprintw( 5, 2, "4.  EDIT VIRUS SCANNER");
-	set_color(CYAN, BLACK);
-	mbse_mvprintw( 7, 2, "1.  Comment");
-	mbse_mvprintw( 8, 2, "2.  Command");
-	mbse_mvprintw( 9, 2, "3.  Options");
-	mbse_mvprintw(10, 2, "4.  Available");
-	mbse_mvprintw(11, 2, "5.  Deleted");
-	mbse_mvprintw(12, 2, "6.  Error lvl");
 	
     for (;;) {
 	set_color(WHITE, BLACK);
 	show_str(  7,16,40, virscan.comment);
-		show_str(  8,16,64, virscan.scanner);
+	show_scannertype(8, 16, virscan.scantype);
-		show_str(  9,16,64, virscan.options);
+	show_bool( 9,16,    virscan.available);
-		show_bool(10,16,    virscan.available);
+	show_bool(10,16,    virscan.deleted);
-		show_bool(11,16,    virscan.deleted);
+	show_int( 11,16,    virscan.error);
-		show_int( 12,16,    virscan.error);
 
-		j = select_menu(6);
+	if (virscan.scantype == SCAN_EXTERN) {
+	    show_str( 12,16,64, virscan.scanner);
+	    show_str( 13,16,64, virscan.options);
+	} else {
+	    show_str( 12,16,64, virscan.host);
+	    show_int( 13,16,    virscan.port);
+	}
+
+	j = select_menu(7);
 	switch(j) {
 	case 0:	crc1 = 0xffffffff;
 		crc1 = upd_crc32((char *)&virscan, crc1, sizeof(virscan));
@@ -319,14 +383,25 @@ int EditVirRec(int Area)
 		IsDoing("Browsing Menu");
 		return 0;
 	case 1: E_STR(  7,16,40,virscan.comment,  "The ^Comment^ for this record")
-		case 2:	E_STR(  8,16,64,virscan.scanner,  "The full ^name and path^ to the binary of this scanner")
+	case 2: virscan.scantype = edit_scannertype( 8,16,virscan.scantype);
-		case 3:	E_STR(  9,16,64,virscan.options,  "The ^commandline options^ for this scanner")
+		ScanScreen();
-		case 4:	E_BOOL(10,16,   virscan.available,"Switch if this virus scanner is ^Available^ for use.")
+		break;
-		case 5:	E_BOOL(11,16,   virscan.deleted,  "Is this scanner ^deleted^")
+	case 3: E_BOOL( 9,16,   virscan.available,"Switch if this virus scanner is ^Available^ for use.")
-		case 6:	E_INT( 12,16,   virscan.error,    "The ^Error Level^ the scanner returns when no virus is found")
+	case 4: E_BOOL(10,16,   virscan.deleted,  "Is this scanner ^deleted^")
-		}
+	case 5: E_INT( 11,16,   virscan.error,    "The ^Error Level^ the scanner returns when no virus is found")
-	}
 
+	case 6:	if (virscan.scantype == SCAN_EXTERN) {
+		    E_STR( 12,16,64,virscan.scanner,  "The full ^name and path^ to the binary of this scanner")
+		} else {
+		    E_STR( 12,16,64,virscan.host,  "The ^FQDN hostname^ or ^IP address^ where the stream scanner is running")
+		}
+	case 7:	if (virscan.scantype == SCAN_EXTERN) {
+		    E_STR( 13,16,64,virscan.options,  "The ^commandline options^ for this scanner")
+		} else {
+		    E_INT( 13,16,   virscan.port,     "The ^port number^ for this stream scanner")
+		}
+	}
+    }
     return 0;
 }
 
@@ -465,20 +540,32 @@ int virus_doc(FILE *fp, FILE *toc, int page)
 	    fprintf(wp, "<COL width='30%%'><COL width='70%%'>\n");
 	    fprintf(wp, "<TBODY>\n");
 	    add_webtable(wp, (char *)"Scanner name", virscan.comment);
-	    add_webtable(wp, (char *)"Command line", virscan.scanner);
+	    add_webtable(wp, (char *)"Scanner type", get_scannertype(virscan.scantype));
-	    add_webtable(wp, (char *)"Options", virscan.options);
 	    add_webtable(wp, (char *)"Available", getboolean(virscan.available));
 	    add_webdigit(wp, (char *)"Errorlevel OK", virscan.error);
+	    if (virscan.scantype == SCAN_EXTERN) {
+		add_webtable(wp, (char *)"Command line", virscan.scanner);
+		add_webtable(wp, (char *)"Options", virscan.options);
+	    } else {
+		add_webtable(wp, (char *)"Host", virscan.host);
+		add_webdigit(wp, (char *)"Port", virscan.port);
+	    }
 	    fprintf(wp, "</TBODY>\n");
 	    fprintf(wp, "</TABLE>\n");
 	    close_webdoc(wp);
 	}
 
 	fprintf(fp, "      Scanner name   %s\n", virscan.comment);
-	fprintf(fp, "      Command line   %s\n", virscan.scanner);
+	fprintf(fp, "      Scanner type   %s\n", get_scannertype(virscan.scantype));
-	fprintf(fp, "      Options        %s\n", virscan.options);
 	fprintf(fp, "      Available      %s\n", getboolean(virscan.available));
 	fprintf(fp, "      Errorlevel OK  %d\n", virscan.error); 
+	if (virscan.scantype == SCAN_EXTERN) {
+	    fprintf(fp, "      Command line   %s\n", virscan.scanner);
+	    fprintf(fp, "      Options        %s\n", virscan.options);
+	} else {
+	    fprintf(fp, "      Host           %s\n", virscan.host);
+	    fprintf(fp, "      Port           %d\n", virscan.port);
+	}
 	fprintf(fp, "\n\n\n");
 	j++;
     }