s3:modules: Implement dummy virus scanner that uses filename matching

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9f34babec7c6aca3d91f226705d3b3996792e5f1)

diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c
index 524e7dfbad91ccc6e72073d7c5a2080207649e7e..5ae8a02a369740f1499f5aa0ccd50bc7c291d5d4 100644 (file)
--- a/source3/modules/vfs_virusfilter.c
+++ b/source3/modules/vfs_virusfilter.c
@@ -35,12 +35,14 @@
 
 enum virusfilter_scanner_enum {
        VIRUSFILTER_SCANNER_CLAMAV,
+       VIRUSFILTER_SCANNER_DUMMY,
        VIRUSFILTER_SCANNER_FSAV,
        VIRUSFILTER_SCANNER_SOPHOS
 };
 
 static const struct enum_list scanner_list[] = {
        { VIRUSFILTER_SCANNER_CLAMAV,   "clamav" },
+       { VIRUSFILTER_SCANNER_DUMMY,    "dummy" },
        { VIRUSFILTER_SCANNER_FSAV,     "fsav" },
        { VIRUSFILTER_SCANNER_SOPHOS,   "sophos" },
        { -1,                           NULL }
@@ -199,6 +201,7 @@ static int virusfilter_vfs_connect(
        int snum = SNUM(handle->conn);
        struct virusfilter_config *config = NULL;
        const char *exclude_files = NULL;
+       const char *infected_files = NULL;
        const char *temp_quarantine_dir_mode = NULL;
        const char *infected_file_command = NULL;
        const char *scan_error_command = NULL;
@@ -255,6 +258,12 @@ static int virusfilter_vfs_connect(
                set_namearray(&config->exclude_files, exclude_files);
        }
 
+       infected_files = lp_parm_const_string(
+               snum, "virusfilter", "infected files", NULL);
+       if (infected_files != NULL) {
+               set_namearray(&config->infected_files, infected_files);
+       }
+
        config->cache_entry_limit = lp_parm_int(
                snum, "virusfilter", "cache entry limit", 100);
 
@@ -532,6 +541,9 @@ static int virusfilter_vfs_connect(
        case VIRUSFILTER_SCANNER_CLAMAV:
                ret = virusfilter_clamav_init(config);
                break;
+       case VIRUSFILTER_SCANNER_DUMMY:
+               ret = virusfilter_dummy_init(config);
+               break;
        default:
                DBG_ERR("Unhandled scanner %d\n", backend);
                return -1;

diff --git a/source3/modules/vfs_virusfilter_common.h b/source3/modules/vfs_virusfilter_common.h
index f71b0b949a7e122f68fa8db07a1bf231a7c13f0c..463a9d74e9cf784e3a2ee38172cc6bb4ca6f4ff7 100644 (file)
--- a/source3/modules/vfs_virusfilter_common.h
+++ b/source3/modules/vfs_virusfilter_common.h
@@ -83,6 +83,9 @@ struct virusfilter_config {
        /* Exclude files */
        name_compare_entry              *exclude_files;
 
+       /* Infected files */
+       name_compare_entry              *infected_files;
+
        /* Scan result cache */
        struct virusfilter_cache        *cache;
        int                             cache_entry_limit;
@@ -149,5 +152,6 @@ struct virusfilter_backend {
 int virusfilter_sophos_init(struct virusfilter_config *config);
 int virusfilter_fsav_init(struct virusfilter_config *config);
 int virusfilter_clamav_init(struct virusfilter_config *config);
+int virusfilter_dummy_init(struct virusfilter_config *config);
 
 #endif /* _VIRUSFILTER_COMMON_H */

diff --git a/source3/modules/vfs_virusfilter_dummy.c b/source3/modules/vfs_virusfilter_dummy.c
new file mode 100644 (file)
index 0000000..03405cd
--- /dev/null
+++ b/source3/modules/vfs_virusfilter_dummy.c
@@ -0,0 +1,58 @@
+/*
+   Samba-VirusFilter VFS modules
+   Dummy scanner with infected files support.
+   Copyright (C) 2022 Pavel Filipenský <pfilipen@redhat.com>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "modules/vfs_virusfilter_utils.h"
+
+static virusfilter_result virusfilter_dummy_scan(
+       struct vfs_handle_struct *handle,
+       struct virusfilter_config *config,
+       const struct files_struct *fsp,
+       char **reportp)
+{
+       bool ok;
+
+       DBG_INFO("Scanning file: %s\n", fsp_str_dbg(fsp));
+       ok = is_in_path(fsp->fsp_name->base_name,
+                       config->infected_files,
+                       false);
+       return ok ? VIRUSFILTER_RESULT_INFECTED : VIRUSFILTER_RESULT_CLEAN;
+}
+
+static struct virusfilter_backend_fns virusfilter_backend_dummy = {
+       .connect = NULL,
+       .disconnect = NULL,
+       .scan_init = NULL,
+       .scan = virusfilter_dummy_scan,
+       .scan_end = NULL,
+};
+
+int virusfilter_dummy_init(struct virusfilter_config *config)
+{
+       struct virusfilter_backend *backend = NULL;
+
+       backend = talloc_zero(config, struct virusfilter_backend);
+       if (backend == NULL) {
+               return -1;
+       }
+
+       backend->fns = &virusfilter_backend_dummy;
+       backend->name = "dummy";
+       config->backend = backend;
+       return 0;
+}

diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 36b047ef79b1a79785e0eb46a6e3b79095cebabc..444a16f2cc08e4508cc9c61802c5deab314978df 100644 (file)
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -598,6 +598,7 @@ bld.SAMBA3_MODULE('vfs_virusfilter',
                  vfs_virusfilter_sophos.c
                  vfs_virusfilter_fsav.c
                  vfs_virusfilter_clamav.c
+                 vfs_virusfilter_dummy.c
                  ''',
                  deps='samba-util VFS_VIRUSFILTER_UTILS',
                  init_function='',