open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ClamAV is an open source (GPLv2) anti-virus toolkit.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9816 Commits
38 Branches
228 Tags
219 MiB
 
 
 
 
 
 
Tag: Branch: Tree: e766303b2f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e766303b2f'
${ noResults }
clamav/clamd/onaccess_others.c

121 lines
3.5 KiB
Raw Blame History

/*
* Copyright (C) 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
*
* Authors: Mickey Sola
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
#if defined(FANOTIFY)
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
//#include <fcntl.h>
#include <sys/stat.h>
#include <errno.h>
#include <pthread.h>
//#include <limits.h>
#include "libclamav/clamav.h"
//#include "libclamav/scanners.h"
#include "shared/optparser.h"
#include "shared/output.h"
//#include "shared/misc.h"
//#include "libclamav/others.h"
//#include "others.h"
#include "onaccess_others.h"
#include "scanner.h"
static pthread_mutex_t onas_scan_lock = PTHREAD_MUTEX_INITIALIZER;
int onas_fan_checkowner(int pid, const struct optstruct *opts)
{
char path[32];
STATBUF sb;
const struct optstruct *opt = NULL;
const struct optstruct *opt_root = NULL;
/* always ignore ourselves */
if (pid == (int) getpid()) {
return CHK_SELF;
}
/* look up options */
opt = optget (opts, "OnAccessExcludeUID");
opt_root = optget (opts, "OnAccessExcludeRootUID");
/* we can return immediately if no uid exclusions were requested */
if (!(opt->enabled || opt_root->enabled))
return CHK_CLEAN;
/* perform exclusion checks if we can stat OK */
snprintf (path, sizeof (path), "/proc/%u", pid);
if (CLAMSTAT (path, &sb) == 0) {
/* check all our non-root UIDs first */
if (opt->enabled) {
while (opt)
{
if (opt->numarg == (long long) sb.st_uid)
return CHK_FOUND;
opt = opt->nextarg;
}
}
/* finally check root UID */
if (opt_root->enabled) {
if (0 == (long long) sb.st_uid)
return CHK_FOUND;
}
} else if (errno == EACCES) {
logg("*Permission denied to stat /proc/%d to exclude UIDs... perhaps SELinux denial?\n", pid);
} else if (errno == ENOENT) {
/* FIXME: should this be configurable? */
logg("$/proc/%d vanished before UIDs could be excluded; scanning anyway\n", pid);
}
return CHK_CLEAN;
}
int onas_scan(const char *fname, int fd, const char **virname, const struct cl_engine *engine, struct cl_scan_options *options, int extinfo)
{
int ret = 0;
struct cb_context context;
pthread_mutex_lock(&onas_scan_lock);
context.filename = fname;
context.virsize = 0;
context.scandata = NULL;
ret = cl_scandesc_callback(fd, fname, virname, NULL, engine, options, &context);
if (ret) {
if (extinfo && context.virsize)
logg("ScanOnAccess: %s: %s(%s:%llu) FOUND\n", fname, *virname, context.virhash, context.virsize);
else
logg("ScanOnAccess: %s: %s FOUND\n", fname, *virname);
}
pthread_mutex_unlock(&onas_scan_lock);
return ret;
}
#endif