From: Eric Bollengier <eric@baculasystems.com>
Date: Wed, 4 May 2022 17:27:59 +0000 (+0200)
Subject: Check malware with Verify jobs
X-Git-Tag: Beta-15.0.0~466
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0bcafab23a073d933213942083175a798b50f50;p=thirdparty%2Fbacula.git

Check malware with Verify jobs
---

diff --git a/bacula/src/dird/malware.c b/bacula/src/dird/malware.c
index 8e027c539..3430935dc 100644
--- a/bacula/src/dird/malware.c
+++ b/bacula/src/dird/malware.c
@@ -347,8 +347,8 @@ int check_malware(JCR *jcr, const char *jobids, POOLMEM **errmsg)
    db_escape_string(jcr, jcr->db, source_esc.c_str(), source, slen);
    
    /* We keep track of the infected files in the FileEvents table */
-   Mmsg(q, "INSERT INTO FileEvents (SourceJobId, JobId, FileId, Type, Description, Severity, Source) "
-        "SELECT %ld, JobId, FileId, 'M', 'Malware found', 100, '%s' FROM File JOIN Malware%s USING (MD5) "
+   Mmsg(q, "INSERT INTO FileEvents (SourceJobId, JobId, FileIndex, Type, Description, Severity, Source) "
+        "SELECT %ld, JobId, FileIndex, 'M', 'Malware found', 100, '%s' FROM File JOIN Malware%s USING (MD5) "
         "WHERE JobId IN (%s)", jcr->JobId, source_esc.c_str(), type, jobids);
 
    if (!db_sql_query(jcr->db, q.c_str(), NULL, NULL)) {
@@ -357,7 +357,7 @@ int check_malware(JCR *jcr, const char *jobids, POOLMEM **errmsg)
    }
 
    uint32_t nb=0;
-   Mmsg(q, "SELECT 1 FROM FileEvents JOIN File USING (FileId) "
+   Mmsg(q, "SELECT 1 FROM FileEvents JOIN File USING (JobId, FileIndex) "
         "WHERE FileEvents.JobId IN (%s) AND Type = 'M' LIMIT 1\n", jobids);
 
    if (!db_sql_query(jcr->db, q.c_str(), db_int_handler, &nb)) {
@@ -377,7 +377,7 @@ int check_malware(JCR *jcr, const char *jobids, POOLMEM **errmsg)
 #if 0
    char *f;
    lst.destroy();
-   Mmsg(q, "SELECT Filename FROM SecurityEvents JOIN File USING (FileId) WHERE SecurityEvents.JobId IN (%s) LIMIT 1000\n", jobids);
+   Mmsg(q, "SELECT Filename FROM SecurityEvents JOIN File USING (JobId, FileIndex) WHERE SecurityEvents.JobId IN (%s) LIMIT 1000\n", jobids);
    if (!db_sql_query(jcr->db, q.c_str(), db_string_list_handler, &l)) {
       Mmsg(errmsg, "[DE0006] Unable to check malware for JobIds %s\n", jobids);
       return false;
diff --git a/bacula/src/dird/verify.c b/bacula/src/dird/verify.c
index 87079d316..1b7adb574 100644
--- a/bacula/src/dird/verify.c
+++ b/bacula/src/dird/verify.c
@@ -172,6 +172,22 @@ bool do_verify(JCR *jcr)
       }
       Jmsg(jcr, M_INFO, 0, _("Verifying against JobId=%d Job=%s\n"),
          jcr->previous_jr.JobId, jcr->previous_jr.Job);
+
+         /* Check for Malware */
+      if ( jcr->previous_jr.JobFiles > 0 &&
+          !jcr->previous_jr.PurgedFiles  &&
+           jcr->job->CheckMalware)
+      {
+         POOL_MEM buf;
+         Jmsg(jcr, M_INFO, 0, _("[DI0002] Checking file metadata for Malwares\n"));
+         edit_int64(jcr->previous_jr.JobId, ed1);
+         if (check_malware(jcr, ed1, buf.handle()) != 0) {
+            Jmsg(jcr, M_ERROR, 0, "%s", buf.c_str());
+
+         } else {
+            Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
+         }
+      }
    }
 
    /*