1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3:modules: Implement dummy virus scanner that uses filename matching

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Pavel Filipenský 2022-02-08 12:07:03 +01:00 committed by Jeremy Allison
parent 9693f7ea73
commit 9f34babec7
4 changed files with 75 additions and 0 deletions

View File

@ -35,12 +35,14 @@
enum virusfilter_scanner_enum { enum virusfilter_scanner_enum {
VIRUSFILTER_SCANNER_CLAMAV, VIRUSFILTER_SCANNER_CLAMAV,
VIRUSFILTER_SCANNER_DUMMY,
VIRUSFILTER_SCANNER_FSAV, VIRUSFILTER_SCANNER_FSAV,
VIRUSFILTER_SCANNER_SOPHOS VIRUSFILTER_SCANNER_SOPHOS
}; };
static const struct enum_list scanner_list[] = { static const struct enum_list scanner_list[] = {
{ VIRUSFILTER_SCANNER_CLAMAV, "clamav" }, { VIRUSFILTER_SCANNER_CLAMAV, "clamav" },
{ VIRUSFILTER_SCANNER_DUMMY, "dummy" },
{ VIRUSFILTER_SCANNER_FSAV, "fsav" }, { VIRUSFILTER_SCANNER_FSAV, "fsav" },
{ VIRUSFILTER_SCANNER_SOPHOS, "sophos" }, { VIRUSFILTER_SCANNER_SOPHOS, "sophos" },
{ -1, NULL } { -1, NULL }
@ -199,6 +201,7 @@ static int virusfilter_vfs_connect(
int snum = SNUM(handle->conn); int snum = SNUM(handle->conn);
struct virusfilter_config *config = NULL; struct virusfilter_config *config = NULL;
const char *exclude_files = NULL; const char *exclude_files = NULL;
const char *infected_files = NULL;
const char *temp_quarantine_dir_mode = NULL; const char *temp_quarantine_dir_mode = NULL;
const char *infected_file_command = NULL; const char *infected_file_command = NULL;
const char *scan_error_command = NULL; const char *scan_error_command = NULL;
@ -255,6 +258,12 @@ static int virusfilter_vfs_connect(
set_namearray(&config->exclude_files, exclude_files); set_namearray(&config->exclude_files, exclude_files);
} }
infected_files = lp_parm_const_string(
snum, "virusfilter", "infected files", NULL);
if (infected_files != NULL) {
set_namearray(&config->infected_files, infected_files);
}
config->cache_entry_limit = lp_parm_int( config->cache_entry_limit = lp_parm_int(
snum, "virusfilter", "cache entry limit", 100); snum, "virusfilter", "cache entry limit", 100);
@ -537,6 +546,9 @@ static int virusfilter_vfs_connect(
case VIRUSFILTER_SCANNER_CLAMAV: case VIRUSFILTER_SCANNER_CLAMAV:
ret = virusfilter_clamav_init(config); ret = virusfilter_clamav_init(config);
break; break;
case VIRUSFILTER_SCANNER_DUMMY:
ret = virusfilter_dummy_init(config);
break;
default: default:
DBG_ERR("Unhandled scanner %d\n", backend); DBG_ERR("Unhandled scanner %d\n", backend);
return -1; return -1;

View File

@ -83,6 +83,9 @@ struct virusfilter_config {
/* Exclude files */ /* Exclude files */
name_compare_entry *exclude_files; name_compare_entry *exclude_files;
/* Infected files */
name_compare_entry *infected_files;
/* Scan result cache */ /* Scan result cache */
struct virusfilter_cache *cache; struct virusfilter_cache *cache;
int cache_entry_limit; int cache_entry_limit;
@ -149,5 +152,6 @@ struct virusfilter_backend {
int virusfilter_sophos_init(struct virusfilter_config *config); int virusfilter_sophos_init(struct virusfilter_config *config);
int virusfilter_fsav_init(struct virusfilter_config *config); int virusfilter_fsav_init(struct virusfilter_config *config);
int virusfilter_clamav_init(struct virusfilter_config *config); int virusfilter_clamav_init(struct virusfilter_config *config);
int virusfilter_dummy_init(struct virusfilter_config *config);
#endif /* _VIRUSFILTER_COMMON_H */ #endif /* _VIRUSFILTER_COMMON_H */

View File

@ -0,0 +1,58 @@
/*
Samba-VirusFilter VFS modules
Dummy scanner with infected files support.
Copyright (C) 2022 Pavel Filipenský <pfilipen@redhat.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "modules/vfs_virusfilter_utils.h"
static virusfilter_result virusfilter_dummy_scan(
struct vfs_handle_struct *handle,
struct virusfilter_config *config,
const struct files_struct *fsp,
char **reportp)
{
bool ok;
DBG_INFO("Scanning file: %s\n", fsp_str_dbg(fsp));
ok = is_in_path(fsp->fsp_name->base_name,
config->infected_files,
false);
return ok ? VIRUSFILTER_RESULT_INFECTED : VIRUSFILTER_RESULT_CLEAN;
}
static struct virusfilter_backend_fns virusfilter_backend_dummy = {
.connect = NULL,
.disconnect = NULL,
.scan_init = NULL,
.scan = virusfilter_dummy_scan,
.scan_end = NULL,
};
int virusfilter_dummy_init(struct virusfilter_config *config)
{
struct virusfilter_backend *backend = NULL;
backend = talloc_zero(config, struct virusfilter_backend);
if (backend == NULL) {
return -1;
}
backend->fns = &virusfilter_backend_dummy;
backend->name = "dummy";
config->backend = backend;
return 0;
}

View File

@ -591,6 +591,7 @@ bld.SAMBA3_MODULE('vfs_virusfilter',
vfs_virusfilter_sophos.c vfs_virusfilter_sophos.c
vfs_virusfilter_fsav.c vfs_virusfilter_fsav.c
vfs_virusfilter_clamav.c vfs_virusfilter_clamav.c
vfs_virusfilter_dummy.c
''', ''',
deps='samba-util VFS_VIRUSFILTER_UTILS', deps='samba-util VFS_VIRUSFILTER_UTILS',
init_function='', init_function='',