diff -urN exim-4.20-orig/OS/Makefile-Base exim-4.20/OS/Makefile-Base --- exim-4.20-orig/OS/Makefile-Base Mon May 12 15:39:15 2003 +++ exim-4.20/OS/Makefile-Base Wed May 14 12:07:55 2003 @@ -246,14 +246,14 @@ # Targets for final binaries; the main one has a build number which is # updated each time. We don't bother with that for the auxiliaries. -OBJ_EXIM = acl.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \ +OBJ_EXIM = acl.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o demime.o \ directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \ filtertest.o globals.o \ - header.o host.o ip.o log.o lss.o match.o moan.o \ + header.o host.o ip.o log.o lss.o malware.o match.o moan.o \ os.o parse.o queue.o \ - rda.o readconf.o receive.o retry.o rewrite.o \ - route.o search.o smtp_in.o smtp_out.o spool_in.o spool_out.o \ - store.o string.o tls.o tod.o transport.o tree.o verify.o \ + rda.o readconf.o receive.o regex.o retry.o rewrite.o \ + route.o search.o smtp_in.o smtp_out.o spam.o spool_in.o spool_mbox.o spool_out.o \ + store.o string.o tls.o tnef.o tod.o transport.o tree.o verify.o \ local_scan.o $(EXIM_PERL) exim: pcre/libpcre.a lookups/lookups.a auths/auths.a \ @@ -465,6 +465,7 @@ dbfn.o: $(HDRS) dbfn.c debug.o: $(HDRS) debug.c deliver.o: $(HDRS) deliver.c +demime.o: $(HDRS) demime.c directory.o: $(HDRS) directory.c dns.o: $(HDRS) dns.c enq.o: $(HDRS) enq.c @@ -478,6 +479,7 @@ ip.o: $(HDRS) ip.c log.o: $(HDRS) log.c lss.o: $(HDRS) lss.c +malware.o: $(HDRS) malware.c match.o: $(HDRS) match.c moan.o: $(HDRS) moan.c os.o: $(HDRS) os.c @@ -486,17 +488,21 @@ rda.o: $(HDRS) rda.c readconf.o: $(HDRS) readconf.c receive.o: $(HDRS) receive.c +regex.o: $(HDRS) regex.c retry.o: $(HDRS) retry.c rewrite.o: $(HDRS) rewrite.c route.o: $(HDRS) route.c search.o: $(HDRS) search.c smtp_in.o: $(HDRS) smtp_in.c smtp_out.o: $(HDRS) smtp_out.c +spam.o: $(HDRS) spam.c spool_in.o: $(HDRS) spool_in.c +spool_mbox.o: $(HDRS) spool_mbox.c spool_out.o: $(HDRS) spool_out.c store.o: $(HDRS) store.c string.o: $(HDRS) string.c tls.o: $(HDRS) tls.c tls-gnu.c tls-openssl.c +tnef.o: $(HDRS) tnef.c tod.o: $(HDRS) tod.c transport.o: $(HDRS) transport.c tree.o: $(HDRS) tree.c diff -urN exim-4.20-orig/README.EXISCAN exim-4.20/README.EXISCAN --- exim-4.20-orig/README.EXISCAN Thu Jan 1 01:00:00 1970 +++ exim-4.20/README.EXISCAN Wed May 14 12:04:24 2003 @@ -0,0 +1 @@ +Please refer to doc/exiscan-acl-spec.txt diff -urN exim-4.20-orig/doc/exiscan-acl-spec.txt exim-4.20/doc/exiscan-acl-spec.txt --- exim-4.20-orig/doc/exiscan-acl-spec.txt Thu Jan 1 01:00:00 1970 +++ exim-4.20/doc/exiscan-acl-spec.txt Wed May 14 12:45:29 2003 @@ -0,0 +1,412 @@ +-------------------------------------------------------------- +The exiscan-acl patch for exim4 - Documentation +-------------------------------------------------------------- +(c) Tom Kistner 2003-???? +License: GPL + +The exiscan-acl patch adds content scanning to the exim4 ACL +system. It supports the following scanning facilities: + + - MIME unpacking, sanity checking, file extension blocking + - Antivirus using 3rd party scanners + - Antispam using SpamAssassin + - Regular expression match against headers and body + +These facilities are hooked into exim by adding new conditions +to exim's ACL system. These conditions are designed to be used +in the acl_smtp_data ACL. It is run when the sending host has +completed the DATA phase and is waiting for our final response +to his end-of-data marker. This allows us to reject messages +containing unwanted content at that stage. + +The exiscan-acl patch also defines several expansion variables +that can be used to customise the error responses sent to the +remote server. + +The default exim configure file contains commented +configuration examples for all facilites. + + +0. Overall concept +-------------------------------------------------------------- + +The exiscan-acl patch adds the following conditions +(facilities), which can ONLY be used in the ACL after DATA +(acl_smtp_data): + +- demime (MIME unpacking and file extension checks) +- regex (match regular expressions against message headers + and body) +- malware (attach 3rd party virus/malware scanner) +- spam (attach SpamAssassin) + +Each of these facilities has its own chapter further below in +this document. There is also a commented sample configuration +in the "configure" file of the exim distribution. + +All facilites work on a MBOX copy of the message that is +temporarily spooled up in a file called: + + /scan//.eml + +The .eml extension is a friendly hint to virus scanners that +they can expect an MBOX-like structure inside that file. The +file is only spooled up once, when the first exiscan facility +condition is called. Subsequent calls to exiscan conditions +will just open the file again. The directory is recursively +removed when the acl_smtp_data has finished running. When the +"demime" condition has been used, this directory will also +contain files produced by the MIME decoder. + + +1. The "demime" facility + MIME unpacking, sanity checking and file extension blocking +-------------------------------------------------------------- + +The demime facility unpacks MIME containers in the message. It +detects errors in MIME containers and can match file +extensions found in the message against a list. Using this +facility will produce additional files in the temporary scan +directory that contain the unpacked MIME parts of the message. +If you do antivirus scanning, it is recommened to use the +"demime" condition before the antivirus ("malware") condition. + +The condition name of this facility is "demime". On the right +hand side, you can pass a colon-separated list of file +extensions that it should match against. If one of the file +extensions is found, the condition will return "OK" (or +"true"), otherwise it will return FAIL (or "false"). If there +was any TEMPORARY error while demimeing (mostly "disk full"), +the condition will return DEFER, and the message will be +temporarily rejected. + +The right-hand side gets "expanded" before being treated as a +list, so you can have conditions and lookups there. If it +expands to an empty string, "false", or zero ("0"), no +demimeing is done and the conditions returns FALSE. + +A short example: + +/* ------------ +deny message = Found blacklisted file attachment + demime = vbs:com:bat:pif:prf:lnk +--------------- */ + +When the condition is run, it sets up the following expansion +variables: + + $demime_errorlevel When an error was detected in a MIME + container, this variable contains the + "severity" of the error, as an integer + number. The higher the value, the + more severe the error. If this + variable is unset or zero, no error has + occured. + + $demime_reason When $demime_errorlevel is greater than + zero, this variable contains a human + -readable text string describing the + MIME error that occured. + + $found_extension When the "demime" condition returns + "true", this variable contains the file + extension it has found. + +Both $demime_errorlevel and $demime_reason are set with the +first call of the "demime" condition, and are not changed on +subsequent calls. + +If do not want to check for any file extensions, but rather +use the demime facility for unpacking or error checking +purposes, just pass "*" as the right-hand side value. + +Here is a more elaborate example on how to use this facility: + +/* ----------------- +# Reject messages with serious MIME container errors +deny message = Found MIME error ($demime_reason). + demime = * + condition = ${if >{$demime_errorlevel}{2}{1}{0}} + +# Reject known virus spreading file extensions. +# Accepting these is pretty much braindead. +deny message = contains $found_extension file (blacklisted). + demime = com:vbs:bat:pif:scr + +# Freeze .exe and .doc files. Postmaster can +# examine them and eventually thaw them up. +deny log_message = Another $found_extension file. + demime = exe:doc + control = freeze +--------------------- */ + + + +2. The "spam" facility + Antispam measures with SpamAssassin +-------------------------------------------------------------- + +The "spam" facility calls SpamAssassin's "spamd" daemon to get +a spam-score and a report for the message. You must first +install SpamAssassin. You can get it at +http://www.spamassassin.org, or, if you have a working Perl +installation, you can use CPAN by calling + +perl -MCPAN -e 'install Mail::SpamAssassin' + +SpamAssassin has it's own set of configuration files. Please +review its documentation to see how you can tweak it. The +default installation should work nicely, however. + +After having installed and configured SpamAssassin, start the +"spamd" daemon. By default, it listens on 127.0.0.1, TCP port +783. If you use another host or port for spamd, you must set +the spamd_address option in Section 1 of the exim +configuration as follows (example): + +spamd_address = 127.0.0.1 783 + +If you use the above mentioned default, you do NOT need to set +this option. + +To use the antispam facility, put the "spam" condition in a +DATA ACL block. Here is a very simple example: + +/* --------------- +deny message = This message was classified as SPAM + spam = joe +---------------- */ + +On the right-hand side of the spam condition, you can put the +username that SpamAssassin should scan for. That allows you to +use per-domain or per-user antispam profiles. The right-hand +side is expanded before being used, so you can put lookups or +conditions there. When the right-hand side evaluates to "0" or +"false", no scanning will be done and the condition will fail +immediately. + +If you do not want to scan for a particular user, but rather +use the SpamAssassin system-wide default profile, you can scan +for an unknown user, or simply use "nobody". + +The "spam" condition will return true if the threshold +specified in the user's SpamAssassin profile has been matched +or exceeded. If you want to use the spam condition for it's +side effects (see the variables below), you can make it always +return "true" by appending ":true" to the username. + +When the condition is run, it sets up the following expansion +variables: + + $spam_score The spam score of the message, for example + "3.4" or "30.5". This is useful for + inclusion in log or reject messages. + + $spam_score_int The spam score of the message, multiplied + by ten, as an integer value. For example + "34" or "305". This is useful for numeric + comparisons in conditions. See further + below for a more complicated example. This + variable is special, since it is written + to the spool file, so it can be used + during the whole life of the message on + your exim system, even in routers + or transports. + + $spam_bar A string consisting of a number of '+' or + '-' characters, representing the + spam_score value. A spam score of "4.4" + would have a spam_bar of '++++'. This is + useful for inclusion in warning headers, + since MUAs can match on such strings. + + $spam_report A multiline text table, containing the + full SpamAssassin report for the message. + Useful for inclusion in headers or reject + messages. + +The spam condition caches its results. If you call it again +with the same user name, it will not really scan again, but +rather return the same values as before. + +Finally, here is a commented example on how to use the spam +condition: + +/* ---------------- +# put headers in all messages (no matter if spam or not) +warn message = X-Spam-Score: $spam_score ($spam_bar) + spam = nobody:true +warn message = X-Spam-Report: $spam_report + spam = nobody:true + +# add second subject line with *SPAM* marker when message +# is over threshold +warn message = Subject: *SPAM* $h_Subject + spam = nobody + +# reject spam at high scores (> 12) +deny message = This message scored $spam_score spam points. + spam = nobody:true + condition = ${if >{$spam_score_int}{120}{1}{0}} +----------------- */ + + + +3. The "regex" facility + Match headers and body lines of the message against regular + expressions +-------------------------------------------------------------- + +The "regex" condition takes one or more regular expressions as +arguments and matches them against the full message, that is +all headers and the complete body. It is particularly useful +to filter trash that cannot be recognized by the spam or +malware conditions. With large messages, this condition can be +fairly CPU-intensive. + +The regular expressions are matched linewise, with a maximum +line length of 32k characters. + +The regular expressions are passed as a colon-separated list. +To include a literal colon, you must double it. Since the +whole right-hand side string is expanded before being used, +you must also escape dollar ($) signs with backslashes. + +Here is a simple example: + +/* ---------------------- +deny message = contains blacklisted regex ($regex_match_string) + regex = [Mm]ortgage : URGENT BUSINESS PROPOSAL +----------------------- */ + +The condition returns true if one of the regular expressions +has matched a line of the message. The $regex_match_string +variable is then set up and contains the matching regular +expression. + + + +4. The "malware" facility + Scan messages for viruses using an external virus scanner +-------------------------------------------------------------- + +This facility lets you connect virus scanner software to exim. +It supports a "generic" interface to scanners called via the +shell, and specialized interfaces for "daemon" type virus +scanners, who are resident in memory and thus are much faster. + +To use this facility, you MUST set the "av_scanner" option in +section 1 of the exim config file. It specifies the scanner +type to use, and any additional options it needs to run. The +basic syntax is as follows: + + av_scanner = :::[...] + +The following scanner-types are supported in this release: + + sophie Sophie is a daemon that uses Sophos' libsavi + library to scan for viruses. You can get Sophie + at http://www.vanja.com/tools/sophie/. The only + option for this scanner type is the path to the + UNIX socket that Sophie uses for client + communication. The default path is + /var/run/sophie, so if you are using this, you + can omit the option. Example: + + av_scanner = sophie:/tmp/sophie + + + kavdaemon Kapersky's kavdaemon is a daemon-type scanner. + You can get a trial version at + http://www.kapersky.com. This scanner type takes + one option, which is the path to the daemon's + UNIX socket. The default is "/var/run/AvpCtl". + Example: + + av_scanner = kavdaemon:/opt/AVP/AvpCtl + + + cmdline This is the keyword for the generic command line + scanner interface. It can be used to attach + virus scanners that are invoked on the shell. + This scanner type takes 3 mantadory options: + + - full path and name of the scanner binary, with + all command line options and a placeholder + (%s) for the directory to scan. + + - A regular expression to match against the + STDOUT and STDERR output of the virus scanner. + If the expression matches, a virus was found. + You must make absolutely sure that this + expression only matches on "virus found". This + is called the "trigger" expression. + + - Another regular expression, containing exactly + ONE pair of braces, to match the name of the + virus found in the scanners output. This is + called the "name" expression. + + Example: + + Sophos Sweep reports a virus on a line like + this: + + Virus 'W32/Magistr-B' found in file ./those.bat + + For the "trigger" expression, we just use the + "found" word. For the "name" expression, we want + to get the W32/Magistr-B string, so we can match + for the single quotes left and right of it, + resulting in the regex '(.*)' (WITH the quotes!) + + Altogether, this makes the configuration + setting: + + av_scanner = cmdline:\ + /path/to/sweep -all -rec -archive %s:\ + found:'(.+)' + + +When av_scanner is correcly set, you can use the "malware" +condition in the DATA ACL. The condition takes a right-hand +argument that is expanded before use. It can then be one of + + - "true", "*", or "1", in which case the message is scanned + for viruses. The condition will succeed if a virus was + found, or fail otherwise. This is the recommended usage. + + - "false" or "0", in which case no scanning is done and the + condition will fail immediately. + + - a regular expression, in which case the message is scanned + for viruses. The condition will succeed if a virus found + found and its name matches the regular expression. This + allows you to take special actions on certain types of + viruses. + +When a virus was found, the condition sets up an expansion +variable called $malware_name that contains the name of the +virus found. You should use it in a "message" modifier that +contains the error returned to the sender. + +The malware condition caches its results, so when you use it +multiple times, the actual scanning process is only carried +out once. + +If your virus scanner cannot unpack MIME and TNEF containers +itself, you should use the demime condition prior to the +malware condition. + +Here is a simple example: + +/* ---------------------- +deny message = This message contains malware ($malware_name) + demime = * + malware = * +---------------------- */ + + +-------------------------------------------------------------- +End of file +-------------------------------------------------------------- diff -urN exim-4.20-orig/exim_monitor/em_globals.c exim-4.20/exim_monitor/em_globals.c --- exim-4.20-orig/exim_monitor/em_globals.c Mon May 12 15:39:23 2003 +++ exim-4.20/exim_monitor/em_globals.c Wed May 14 12:04:24 2003 @@ -133,6 +133,7 @@ BOOL local_error_message = FALSE; uschar *local_scan_data = NULL; +uschar *spam_score_int = NULL; BOOL log_timezone = FALSE; int message_age = 0; uschar *message_id; diff -urN exim-4.20-orig/scripts/MakeLinks exim-4.20/scripts/MakeLinks --- exim-4.20-orig/scripts/MakeLinks Mon May 12 15:39:17 2003 +++ exim-4.20/scripts/MakeLinks Wed May 14 12:04:24 2003 @@ -166,6 +166,7 @@ ln -s ../src/dbfunctions.h dbfunctions.h ln -s ../src/dbstuff.h dbstuff.h +ln -s ../src/demime.h demime.h ln -s ../src/exim.h exim.h ln -s ../src/functions.h functions.h ln -s ../src/globals.h globals.h @@ -173,8 +174,10 @@ ln -s ../src/macros.h macros.h ln -s ../src/mytypes.h mytypes.h ln -s ../src/osfunctions.h osfunctions.h +ln -s ../src/spam.h spam.h ln -s ../src/store.h store.h ln -s ../src/structs.h structs.h +ln -s ../src/tnef.h tnef.h ln -s ../src/acl.c acl.c ln -s ../src/buildconfig.c buildconfig.c @@ -184,6 +187,7 @@ ln -s ../src/dbfn.c dbfn.c ln -s ../src/debug.c debug.c ln -s ../src/deliver.c deliver.c +ln -s ../src/demime.c demime.c ln -s ../src/directory.c directory.c ln -s ../src/dns.c dns.c ln -s ../src/drtables.c drtables.c @@ -202,6 +206,7 @@ ln -s ../src/ip.c ip.c ln -s ../src/log.c log.c ln -s ../src/lss.c lss.c +ln -s ../src/malware.c malware.c ln -s ../src/match.c match.c ln -s ../src/moan.c moan.c ln -s ../src/parse.c parse.c @@ -210,19 +215,23 @@ ln -s ../src/rda.c rda.c ln -s ../src/readconf.c readconf.c ln -s ../src/receive.c receive.c +ln -s ../src/regex.c regex.c ln -s ../src/retry.c retry.c ln -s ../src/rewrite.c rewrite.c ln -s ../src/route.c route.c ln -s ../src/search.c search.c ln -s ../src/smtp_in.c smtp_in.c ln -s ../src/smtp_out.c smtp_out.c +ln -s ../src/spam.c spam.c ln -s ../src/spool_in.c spool_in.c +ln -s ../src/spool_mbox.c spool_mbox.c ln -s ../src/spool_out.c spool_out.c ln -s ../src/store.c store.c ln -s ../src/string.c string.c ln -s ../src/tls.c tls.c ln -s ../src/tls-gnu.c tls-gnu.c ln -s ../src/tls-openssl.c tls-openssl.c +ln -s ../src/tnef.c tnef.c ln -s ../src/tod.c tod.c ln -s ../src/transport.c transport.c ln -s ../src/tree.c tree.c diff -urN exim-4.20-orig/src/acl.c exim-4.20/src/acl.c --- exim-4.20-orig/src/acl.c Mon May 12 15:39:17 2003 +++ exim-4.20/src/acl.c Fri May 16 09:11:35 2003 @@ -7,6 +7,8 @@ /* Code for handling Access Control Lists (ACLs) */ +/* This file has been modified by the exiscan-acl patch. */ + #include "exim.h" @@ -32,19 +34,19 @@ /* ACL condition and modifier codes - keep in step with the table that follows. */ -enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL, ACLC_DELAY, +enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL, ACLC_DELAY, ACLC_DEMIME, ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, ACLC_HOSTS, - ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_MESSAGE, ACLC_RECIPIENTS, - ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY }; + ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_MALWARE, ACLC_MESSAGE, ACLC_RECIPIENTS, + ACLC_REGEX, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, ACLC_SPAM, ACLC_VERIFY }; /* ACL conditions/modifiers: "delay", "control", "endpass", "message", -"log_message", and "set" are modifiers that look like conditions but always +"log_message", "set" and "spam" are modifiers that look like conditions but always return TRUE. They are used for their side effects. */ static uschar *conditions[] = { US"acl", US"authenticated", US"condition", - US"control", US"delay", US"dnslists", US"domains", US"encrypted", - US"endpass", US"hosts", US"local_parts", US"log_message", US"message", - US"recipients", US"sender_domains", US"senders", US"set", US"verify" }; + US"control", US"delay", US"demime", US"dnslists", US"domains", US"encrypted", + US"endpass", US"hosts", US"local_parts", US"log_message", US"malware", US"message", + US"recipients", US"regex", US"sender_domains", US"senders", US"set", US"spam", US"verify" }; /* Flags to indicate for which conditions /modifiers a string expansion is done at the outer level. In the other cases, expansion already occurs in the @@ -56,6 +58,7 @@ TRUE, /* condition */ TRUE, /* control */ TRUE, /* delay */ + FALSE, /* demime */ TRUE, /* dnslists */ FALSE, /* domains */ FALSE, /* encrypted */ @@ -63,11 +66,14 @@ FALSE, /* hosts */ FALSE, /* local_parts */ TRUE, /* log_message */ + TRUE, /* malware */ TRUE, /* message */ FALSE, /* recipients */ + TRUE, /* regex */ FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ + TRUE, /* spam */ TRUE /* verify */ }; @@ -79,6 +85,7 @@ FALSE, /* condition */ TRUE, /* control */ TRUE, /* delay */ + FALSE, /* demime */ FALSE, /* dnslists */ FALSE, /* domains */ FALSE, /* encrypted */ @@ -86,11 +93,14 @@ FALSE, /* hosts */ FALSE, /* local_parts */ TRUE, /* log_message */ + FALSE, /* malware */ TRUE, /* message */ FALSE, /* recipients */ + FALSE, /* regex */ FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ + FALSE, /* spam */ FALSE /* verify */ }; @@ -109,6 +119,13 @@ (1<domain, &arg, 0, &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, &deliver_domain_data); @@ -1618,6 +1671,10 @@ return DISCARD; } +/* Remove spooled mbox and demimed files. +Will immediately return if no files had been created */ +unspool_mbox(); + /* Before giving an error response, take a look at the length of any user message, and split it up into multiple lines if possible. */ diff -urN exim-4.20-orig/src/configure.default exim-4.20/src/configure.default --- exim-4.20-orig/src/configure.default Mon May 12 15:39:18 2003 +++ exim-4.20/src/configure.default Wed May 14 12:04:24 2003 @@ -108,6 +108,25 @@ # You should not change that setting until you understand how ACLs work. +# The following ACL entry is used if you want to do content scanning with the +# exiscan-acl patch. When you uncomment this line, you must also review the +# acl_check_content entry in the ACL section further below. + +# acl_smtp_data = acl_check_content + +# This configuration variable defines the virus scanner that is used with +# the 'malware' ACL condition of the exiscan acl-patch. If you do not use +# virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt +# for a list of supported scanners. + +# av_scanner = sophie:/var/run/sophie + +# The following setting is only needed if you use the 'spam' ACL condition +# of the exiscan-acl patch. It specifies on which host and port the SpamAssassin +# "spamd" daemon is listening. If you do not use this condition, or you use +# the default of "127.0.0.1 783", you can omit this option. + +# spamd_address = 127.0.0.1 783 # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character @@ -308,6 +327,52 @@ deny message = relay not permitted +# This access control list is used for content scanning with the exiscan-acl +# patch. You must also uncomment the entry for acl_smtp_data (scroll up), +# otherwise the ACL will not be used. IMPORTANT: the default entries here +# should be treated as EXAMPLES. You MUST read the file doc/exiscan-acl-spec.txt +# to fully understand what you are doing ... + +acl_check_content: + + # First unpack MIME containers and reject serious errors. + deny message = This message contains a MIME error ($demime_reason) + demime = * + condition = ${if >{$demime_errorlevel}{2}{1}{0}} + + # Reject typically wormish file extensions. There is almost no + # sense in sending such files by email. + deny message = This message contains an unwanted file extension ($found_extension) + demime = src:vbs:bat:lnk:pif + + # Reject virus infested messages. + deny message = This message contains malware ($malware_name) + malware = * + + # Reject messages containing "viagra" in all kinds of whitespace/case combinations + # WARNING: this is an example ! + deny message = This message matches a blacklisted regular expression ($regex_match_string) + regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa] + + # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings + # (user "nobody"), no matter if over threshold or not. + warn message = X-Spam-Score: $spam_score ($spam_bar) + spam = nobody:true + warn message = X-Spam-Report: $spam_report + spam = nobody:true + + # Add X-Spam-Flag if spam is over system-wide threshold + warn message = X-Spam-Flag: YES + spam = nobody + + # Reject spam messages with score over 10, using an extra condition. + deny message = This message scored $spam_score points. Congratulations! + spam = nobody:true + condition = ${if >{$spam_score_int}{100}{1}{0}} + + # finally accept all the rest + accept + ###################################################################### # ROUTERS CONFIGURATION # diff -urN exim-4.20-orig/src/demime.c exim-4.20/src/demime.c --- exim-4.20-orig/src/demime.c Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/demime.c Thu May 15 20:22:44 2003 @@ -0,0 +1,1243 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ + +/* Code for unpacking MIME containers. Called from acl.c. */ + +#include "exim.h" +#include "demime.h" + +uschar demime_reason_buffer[1024]; +int demime_ok = 0; +struct file_extension *file_extensions = NULL; + +int demime(uschar **listptr) { + int sep = 0; + uschar *list = *listptr; + uschar *option; + uschar option_buffer[64]; + unsigned long long mbox_size; + FILE *mbox_file; + uschar defer_error_buffer[1024]; + int demime_rc; + + /* reset found_extension variable */ + found_extension = NULL; + + /* try to find 1st option */ + if ((option = string_nextinlist(&list, &sep, + option_buffer, + sizeof(option_buffer))) != NULL) { + + /* parse 1st option */ + if ( (Ustrcmp(option,"false") == 0) || (Ustrcmp(option,"0") == 0) ) { + /* explicitly no demimeing */ + return FAIL; + }; + } + else { + /* no options -> no demimeing */ + return FAIL; + }; + + /* make sure the eml mbox file is spooled up */ + mbox_file = spool_mbox(&mbox_size); + + if (mbox_file == NULL) { + /* error while spooling */ + log_write(0, LOG_MAIN|LOG_PANIC, + "demime acl condition: error while creating mbox spool file"); + return DEFER; + }; + + /* call demimer if not already done earlier */ + if (!demime_ok) + demime_rc = mime_demux(mbox_file, defer_error_buffer); + + fclose(mbox_file); + + if (demime_rc == DEFER) { + /* temporary failure (DEFER => DEFER) */ + log_write(0, LOG_MAIN|LOG_PANIC, + "demime acl condition: %s", defer_error_buffer); + return DEFER; + }; + + /* set demime_ok to avoid unpacking again */ + demime_ok = 1; + + /* check for file extensions, if there */ + while (option != NULL) { + struct file_extension *this_extension = file_extensions; + + /* Look for the wildcard. If it is found, we always return true. + The user must then use a custom condition to evaluate demime_errorlevel */ + if (Ustrcmp(option,"*") == 0) { + found_extension = NULL; + return OK; + }; + + /* loop thru extension list */ + while (this_extension != NULL) { + if (strcmpic(option, this_extension->file_extension_string) == 0) { + /* found one */ + found_extension = this_extension->file_extension_string; + return OK; + }; + this_extension = this_extension->next; + }; + + /* grab next extension from option list */ + option = string_nextinlist(&list, &sep, + option_buffer, + sizeof(option_buffer)); + }; + + /* nothing found */ + return FAIL; +} + + +/************************************************* +* unpack TNEF in given directory * +*************************************************/ + +int mime_unpack_tnef(uschar *directory) { + uschar filepath[1024]; + int n; + struct dirent *entry; + DIR *tempdir; + + /* open the dir */ + tempdir = opendir(CS directory); + if (tempdir == NULL) { + return -2; + }; + + /* loop thru dir */ + n = 0; + do { + entry = readdir(tempdir); + /* break on end of list */ + if (entry == NULL) break; + snprintf(CS filepath,1024,"%s/%s",directory,entry->d_name); + if ( (Ustrcmp(entry->d_name,"..") != 0) && (Ustrcmp(entry->d_name,".") != 0) ) { + TNEF_set_path(CS directory); + n = TNEF_main(CS filepath); + }; + } while (1); + + closedir(tempdir); + return 0; +} + + +/************************************************* +* small hex_str -> integer conversion function * +*************************************************/ + +/* needed for quoted-printable +*/ + +unsigned int mime_hstr_i(uschar *cptr) { + unsigned int i, j = 0; + + while (cptr && *cptr && isxdigit(*cptr)) { + i = *cptr++ - '0'; + if (9 < i) i -= 7; + j <<= 4; + j |= (i & 0x0f); + } + + return(j); +} + + +/************************************************* +* decode quoted-printable chars * +*************************************************/ + +/* gets called when we hit a = + returns: new pointer position + result code in c: + -2 - decode error + -1 - soft line break, no char + 0-255 - char to write +*/ + +uschar *mime_decode_qp(uschar *qp_p,int *c) { + uschar hex[] = {0,0,0}; + int nan = 0; + uschar *initial_pos = qp_p; + + /* advance one char */ + qp_p++; + + REPEAT_FIRST: + if ( (*qp_p == '\t') || (*qp_p == ' ') || (*qp_p == '\r') ) { + /* tab or whitespace may follow + just ignore it, but remember + that this is not a valid hex + encoding any more */ + nan = 1; + qp_p++; + goto REPEAT_FIRST; + } + else if ( (('0' <= *qp_p) && (*qp_p <= '9')) || (('A' <= *qp_p) && (*qp_p <= 'F')) || (('a' <= *qp_p) && (*qp_p <= 'f')) ) { + /* this is a valid hex char, if nan is unset */ + if (nan) { + /* this is illegal */ + *c = -2; + return initial_pos; + } + else { + hex[0] = *qp_p; + qp_p++; + }; + } + else if (*qp_p == '\n') { + /* hit soft line break already, continue */ + *c = -1; + return qp_p; + } + else { + /* illegal char here */ + *c = -2; + return initial_pos; + }; + + if ( (('0' <= *qp_p) && (*qp_p <= '9')) || (('A' <= *qp_p) && (*qp_p <= 'F')) || (('a' <= *qp_p) && (*qp_p <= 'f')) ) { + if (hex[0] > 0) { + hex[1] = *qp_p; + /* do hex conversion */ + *c = mime_hstr_i(hex); + qp_p++; + return qp_p; + } + else { + /* huh ? */ + *c = -2; + return initial_pos; + }; + } + else { + /* illegal char */ + *c = -2; + return initial_pos; + }; + +} + + +/************************************************* +* open new dump file * +*************************************************/ + +/* open new dump file + returns: -2 soft error + or file #, FILE * in f +*/ + +int mime_get_dump_file(uschar *extension, FILE **f, uschar *info) { + uschar file_name[1024]; + int result; + unsigned int file_nr; + uschar default_extension[] = ".com"; + uschar *p; + + if (extension == NULL) + extension = default_extension; + + /* scan the proposed extension. + if it is longer than 4 chars, or + contains exotic chars, use the default extension */ + +/* if (Ustrlen(extension) > 4) { + extension = default_extension; + }; +*/ + + p = extension+1; + + while (*p != 0) { + *p = (uschar)tolower((uschar)*p); + if ( (*p < 97) || (*p > 122) ) { + extension = default_extension; + break; + }; + p++; + }; + + /* find a new file to write to */ + file_nr = 0; + do { + struct stat mystat; + + snprintf(CS file_name,1024,"%s/scan/%s/%s-%05u%s",spool_directory,message_id,message_id,file_nr,extension); + file_nr++; + if (file_nr >= MIME_SANITY_MAX_DUMP_FILES) { + /* max parts reached */ + mime_trigger_error(MIME_ERRORLEVEL_TOO_MANY_PARTS); + break; + }; + result = stat(CS file_name,&mystat); + } + while(result != -1); + + *f = fopen(CS file_name,"w"); + if (*f == NULL) { + /* cannot open new dump file, disk full ? -> soft error */ + snprintf(CS info, 1024,"unable to open dump file"); + return -2; + }; + + return file_nr; +} + + +/************************************************* +* Find a string in a mime header * +*************************************************/ + +/* Find a string in a mime header, and optionally fill in + the value associated with it into *value + + returns: 0 - nothing found + 1 - found param + 2 - found param + value +*/ + +int mime_header_find(uschar *header, uschar *param, uschar **value) { + uschar *needle; + + needle = strstric(header,param,FALSE); + if (needle != NULL) { + if (value != NULL) { + needle += Ustrlen(param); + if (*needle == '=') { + uschar *value_start; + uschar *value_end; + + value_start = needle + 1; + value_end = strstric(value_start,US";",FALSE); + if (value_end != NULL) { + /* allocate mem for value */ + *value = (uschar *)malloc((value_end - value_start)+1); + if (*value == NULL) + return 0; + + Ustrncpy(*value,value_start,(value_end - value_start)); + (*value)[(value_end - value_start)] = '\0'; + return 2; + }; + }; + }; + return 1; + }; + return 0; +} + + +/************************************************* +* Read a line of MIME input * +*************************************************/ +/* returns status code, one of + MIME_READ_LINE_EOF 0 + MIME_READ_LINE_OK 1 + MIME_READ_LINE_OVERFLOW 2 + + In header mode, the line will be "cooked". +*/ + +int mime_read_line(FILE *f, int mime_demux_mode, uschar *buffer, long *num_copied) { + int c; + int done = 0; + int header_value_mode = 0; + int header_open_brackets = 0; + + *num_copied = 0; + + while(!done) { + + c = fgetc(f); + if (c == EOF) break; + + /* --------- header mode -------------- */ + if (mime_demux_mode == MIME_DEMUX_MODE_MIME_HEADERS) { + + /* always skip CRs */ + if (c == '\r') continue; + + if (c == '\n') { + /* look if next char is '\t' or ' ' */ + c = fgetc(f); + if (c == EOF) break; + if ( (c == '\t') || (c == ' ') ) continue; + /* end of the header, terminate with ';' */ + ungetc(c,f); + c = ';'; + done = 1; + }; + + /* skip control characters */ + if (c < 32) continue; + + /* skip whitespace + tabs */ + if ( (c == ' ') || (c == '\t') ) + continue; + + if (header_value_mode) { + /* --------- value mode ----------- */ + /* skip quotes */ + if (c == '"') continue; + + /* leave value mode on ';' */ + if (c == ';') { + header_value_mode = 0; + }; + /* -------------------------------- */ + } + else { + /* -------- non-value mode -------- */ + if (c == '\\') { + /* quote next char. can be used + to escape brackets. */ + c = fgetc(f); + if (c == EOF) break; + } + else if (c == '(') { + header_open_brackets++; + continue; + } + else if ((c == ')') && header_open_brackets) { + header_open_brackets--; + continue; + } + else if ( (c == '=') && !header_open_brackets ) { + /* enter value mode */ + header_value_mode = 1; + }; + + /* skip chars while we are in a comment */ + if (header_open_brackets > 0) + continue; + /* -------------------------------- */ + }; + } + /* ------------------------------------ */ + else { + /* ----------- non-header mode -------- */ + /* break on '\n' */ + if (c == '\n') + done = 1; + /* ------------------------------------ */ + }; + + /* copy the char to the buffer */ + buffer[*num_copied] = (uschar)c; + /* raise counter */ + (*num_copied)++; + + /* break if buffer is full */ + if (*num_copied > MIME_SANITY_MAX_LINE_LENGTH-1) { + done = 1; + }; + } + + /* 0-terminate */ + buffer[*num_copied] = '\0'; + + if (*num_copied > MIME_SANITY_MAX_LINE_LENGTH-1) + return MIME_READ_LINE_OVERFLOW; + else + if (c == EOF) + return MIME_READ_LINE_EOF; + else + return MIME_READ_LINE_OK; +} + + +/************************************************* +* Check for a MIME boundary * +*************************************************/ + +/* returns: 0 - no boundary found + 1 - start boundary found + 2 - end boundary found +*/ + +int mime_check_boundary(uschar *line, struct boundary *boundaries) { + struct boundary *thisboundary = boundaries; + + /* check for '--' first */ + if (Ustrncmp(line,"--",2) == 0) { + while(thisboundary != NULL) { + if (Ustrncmp(&line[2],thisboundary->boundary_string,Ustrlen(thisboundary->boundary_string)) == 0) { + if (Ustrncmp(&line[(2+Ustrlen(thisboundary->boundary_string))],"--",2) == 0) { + /* final boundary found */ + return 2; + }; + return 1; + }; + thisboundary = thisboundary->next; + }; + }; + + return 0; +} + + +/************************************************* +* Check for start of a UUENCODE block * +*************************************************/ + +/* returns 0 for no hit, + >0 for hit +*/ + +int mime_check_uu_start(uschar *line, uschar *uu_file_extension, int *has_tnef) { + + if ( (strncmpic(line,US"begin ",6) == 0)) { + uschar *uu_filename = &line[6]; + + /* skip perms, if present */ + Ustrtoul(&line[6],&uu_filename,10); + + /* advance one char */ + uu_filename++; + + /* This should be the filename. + Check if winmail.dat is present, + which indicates TNEF. */ + if (strncmpic(uu_filename,US"winmail.dat",11) == 0) { + *has_tnef = 1; + }; + + /* reverse to dot if present, + copy up to 4 chars for the extension */ + if (Ustrrchr(uu_filename,'.') != NULL) + uu_filename = Ustrrchr(uu_filename,'.'); + + return sscanf(CS uu_filename, "%4[.0-9A-Za-z]",CS uu_file_extension); + } + else { + /* nothing found */ + return 0; + }; +} + + +/************************************************* +* Decode a uu line * +*************************************************/ + +/* returns number of decoded bytes + -2 for soft errors +*/ + +int warned_about_uudec_line_sanity_1 = 0; +int warned_about_uudec_line_sanity_2 = 0; +long uu_decode_line(uschar *line, uschar **data, long line_len, uschar *info) { + uschar *p; + long num_decoded = 0; + uschar tmp_c; + uschar *work; + int uu_decoded_line_len, uu_encoded_line_len; + + /* allocate memory for data and work buffer */ + *data = (uschar *)malloc(line_len); + if (*data == NULL) { + snprintf(CS info, 1024,"unable to allocate %u bytes",line_len); + return -2; + }; + + work = (uschar *)malloc(line_len); + if (work == NULL) { + snprintf(CS info, 1024,"unable to allocate %u bytes",line_len); + return -2; + }; + + memcpy(work,line,line_len); + + /* First char is line length + This is microsofts way of getting it. Scary. */ + if (work[0] < 32) { + /* ignore this line */ + return 0; + } + else { + uu_decoded_line_len = uudec[work[0]]; + }; + + p = &work[1]; + + while (*p > 32) { + *p = uudec[*p]; + p++; + }; + + uu_encoded_line_len = (p - &work[1]); + p = &work[1]; + + /* check that resulting line length is a multiple of 4 */ + if ( ( uu_encoded_line_len % 4 ) != 0) { + if (!warned_about_uudec_line_sanity_1) { + mime_trigger_error(MIME_ERRORLEVEL_UU_MISALIGNED); + warned_about_uudec_line_sanity_1 = 1; + }; + return -1; + }; + + /* check that the line length matches */ + if ( ( (((uu_encoded_line_len/4)*3)-2) > uu_decoded_line_len ) || (((uu_encoded_line_len/4)*3) < uu_decoded_line_len) ) { + if (!warned_about_uudec_line_sanity_2) { + mime_trigger_error(MIME_ERRORLEVEL_UU_LINE_LENGTH); + warned_about_uudec_line_sanity_2 = 1; + }; + return -1; + }; + + while ( ((p - &work[1]) < uu_encoded_line_len) && (num_decoded < uu_decoded_line_len)) { + + /* byte 0 ---------------------- */ + if ((p - &work[1] + 1) >= uu_encoded_line_len) { + return 0; + } + + (*data)[num_decoded] = *p; + (*data)[num_decoded] <<= 2; + + tmp_c = *(p+1); + tmp_c >>= 4; + (*data)[num_decoded] |= tmp_c; + + num_decoded++; + p++; + + /* byte 1 ---------------------- */ + if ((p - &work[1] + 1) >= uu_encoded_line_len) { + return 0; + } + + (*data)[num_decoded] = *p; + (*data)[num_decoded] <<= 4; + + tmp_c = *(p+1); + tmp_c >>= 2; + (*data)[num_decoded] |= tmp_c; + + num_decoded++; + p++; + + /* byte 2 ---------------------- */ + if ((p - &work[1] + 1) >= uu_encoded_line_len) { + return 0; + } + + (*data)[num_decoded] = *p; + (*data)[num_decoded] <<= 6; + + (*data)[num_decoded] |= *(p+1); + + num_decoded++; + p+=2; + + }; + + return uu_decoded_line_len; +} + + +/************************************************* +* Decode a b64 or qp line * +*************************************************/ + +/* returns number of decoded bytes + -1 for hard errors + -2 for soft errors +*/ + +int warned_about_b64_line_length = 0; +int warned_about_b64_line_sanity = 0; +int warned_about_b64_illegal_char = 0; +int warned_about_qp_line_sanity = 0; +long mime_decode_line(int mime_demux_mode,uschar *line, uschar **data, long max_data_len, uschar *info) { + uschar *p; + long num_decoded = 0; + int offset = 0; + uschar tmp_c; + + /* allocate memory for data */ + *data = (uschar *)malloc(max_data_len); + if (*data == NULL) { + snprintf(CS info, 1024,"unable to allocate %u bytes",max_data_len); + return -2; + }; + + if (mime_demux_mode == MIME_DEMUX_MODE_BASE64) { + /* ---------------------------------------------- */ + + /* NULL out trailing '\r' and '\n' chars */ + while (Ustrrchr(line,'\r') != NULL) { + *(Ustrrchr(line,'\r')) = '\0'; + }; + while (Ustrrchr(line,'\n') != NULL) { + *(Ustrrchr(line,'\n')) = '\0'; + }; + + /* check maximum base 64 line length */ + if (Ustrlen(line) > MIME_SANITY_MAX_B64_LINE_LENGTH ) { + if (!warned_about_b64_line_length) { + mime_trigger_error(MIME_ERRORLEVEL_B64_LINE_LENGTH); + warned_about_b64_line_length = 1; + }; + }; + + p = line; + offset = 0; + while (*(p+offset) != '\0') { + /* hit illegal char ? */ + if (b64[*(p+offset)] == 128) { + if (!warned_about_b64_illegal_char) { + mime_trigger_error(MIME_ERRORLEVEL_B64_ILLEGAL_CHAR); + warned_about_b64_illegal_char = 1; + }; + offset++; + } + else { + *p = b64[*(p+offset)]; + p++; + }; + }; + *p = 255; + + /* check that resulting line length is a multiple of 4 */ + if ( ( (p - &line[0]) % 4 ) != 0) { + if (!warned_about_b64_line_sanity) { + mime_trigger_error(MIME_ERRORLEVEL_B64_MISALIGNED); + warned_about_b64_line_sanity = 1; + }; + }; + + /* line is translated, start bit shifting */ + p = line; + num_decoded = 0; + + while(*p != 255) { + + /* byte 0 ---------------------- */ + if (*(p+1) == 255) { + break; + } + + (*data)[num_decoded] = *p; + (*data)[num_decoded] <<= 2; + + tmp_c = *(p+1); + tmp_c >>= 4; + (*data)[num_decoded] |= tmp_c; + + num_decoded++; + p++; + + /* byte 1 ---------------------- */ + if (*(p+1) == 255) { + break; + } + + (*data)[num_decoded] = *p; + (*data)[num_decoded] <<= 4; + + tmp_c = *(p+1); + tmp_c >>= 2; + (*data)[num_decoded] |= tmp_c; + + num_decoded++; + p++; + + /* byte 2 ---------------------- */ + if (*(p+1) == 255) { + break; + } + + (*data)[num_decoded] = *p; + (*data)[num_decoded] <<= 6; + + (*data)[num_decoded] |= *(p+1); + + num_decoded++; + p+=2; + + }; + return num_decoded; + /* ---------------------------------------------- */ + } + else if (mime_demux_mode == MIME_DEMUX_MODE_QP) { + /* ---------------------------------------------- */ + p = line; + + while (*p != 0) { + if (*p == '=') { + int decode_qp_result; + + p = mime_decode_qp(p,&decode_qp_result); + + if (decode_qp_result == -2) { + /* Error from decoder. p is unchanged. */ + if (!warned_about_qp_line_sanity) { + mime_trigger_error(MIME_ERRORLEVEL_QP_ILLEGAL_CHAR); + warned_about_qp_line_sanity = 1; + }; + (*data)[num_decoded] = '='; + num_decoded++; + p++; + } + else if (decode_qp_result == -1) { + /* End of the line with soft line break. + Bail out. */ + goto QP_RETURN; + } + else if (decode_qp_result >= 0) { + (*data)[num_decoded] = decode_qp_result; + num_decoded++; + }; + } + else { + (*data)[num_decoded] = *p; + num_decoded++; + p++; + }; + }; + QP_RETURN: + return num_decoded; + /* ---------------------------------------------- */ + }; + + return 0; +} + + + +/************************************************* +* Log demime errors and set mime error level * +*************************************************/ + +/* This sets the global demime_reason expansion +variable and the demime_errorlevel gauge. */ + +void mime_trigger_error(int level, uschar *format, ...) { + char *f; + va_list ap; + + if( (f = malloc(16384+23)) != NULL ) { + /* first log the incident */ + sprintf(f,"demime acl condition: "); + f+=22; + va_start(ap, format); + vsnprintf(f, 16383,(char *)format, ap); + va_end(ap); + f-=22; + log_write(0, LOG_MAIN|LOG_PANIC, f); + /* then copy to demime_reason_buffer if new + level is greater than old level */ + if (level > demime_errorlevel) { + demime_errorlevel = level; + Ustrcpy(demime_reason_buffer, US f); + demime_reason = demime_reason_buffer; + }; + free(f); + }; +} + +/************************************************* +* Demultiplex MIME stream. * +*************************************************/ + +/* We can handle BASE64, QUOTED-PRINTABLE, and UUENCODE. + UUENCODE does not need to have a proper + transfer-encoding header, we detect it with "begin" + + This function will report human parsable errors in + *info. + + returns DEFER -> soft error (see *info) + OK -> EOF hit, all ok +*/ + +int mime_demux(FILE *f, uschar *info) { + int mime_demux_mode = MIME_DEMUX_MODE_MIME_HEADERS; + int uu_mode = MIME_UU_MODE_OFF; + FILE *mime_dump_file = NULL; + FILE *uu_dump_file = NULL; + uschar *line; + int mime_read_line_status = MIME_READ_LINE_OK; + long line_len; + struct boundary *boundaries = NULL; + struct mime_part mime_part_p; + int has_tnef = 0; + + /* allocate room for our linebuffer */ + line = (uschar *)malloc(MIME_SANITY_MAX_LINE_LENGTH); + if (line == NULL) { + snprintf(CS info, 1024,"unable to allocate %u bytes",MIME_SANITY_MAX_LINE_LENGTH); + return DEFER; + }; + + /* clear MIME header structure */ + memset(&mime_part_p,0,sizeof(mime_part)); + + /* ----------------------- start demux loop --------------------- */ + while (mime_read_line_status == MIME_READ_LINE_OK) { + + /* read a line of input. Depending on the mode we are in, + the returned format will differ. */ + mime_read_line_status = mime_read_line(f,mime_demux_mode,line,&line_len); + if (mime_read_line_status == MIME_READ_LINE_OVERFLOW) { + mime_trigger_error(MIME_ERRORLEVEL_LONG_LINE); + /* despite the error, continue .. */ + mime_read_line_status == MIME_READ_LINE_OK; + continue; + } + else if (mime_read_line_status == MIME_READ_LINE_EOF) { + break; + }; + + if (mime_demux_mode == MIME_DEMUX_MODE_MIME_HEADERS) { + /* -------------- header mode --------------------- */ + + /* Check for an empty line, which is the end of the headers. + In HEADER mode, the line is returned "cooked", with the + final '\n' replaced by a ';' */ + if (line_len == 1) { + int tmp; + + /* We have reached the end of the headers. Start decoding + with the collected settings. */ + if (mime_part_p.seen_content_transfer_encoding > 1) { + mime_demux_mode = mime_part_p.seen_content_transfer_encoding; + } + else { + /* default to plain mode if no specific encoding type found */ + mime_demux_mode = MIME_DEMUX_MODE_PLAIN; + }; + + /* open new dump file */ + tmp = mime_get_dump_file(mime_part_p.extension, &mime_dump_file, info); + if (tmp < 0) { + return DEFER; + }; + + /* clear out mime_part */ + memset(&mime_part_p,0,sizeof(mime_part)); + } + else { + /* Another header to check for file extensions, + encoding type and boundaries */ + if (strncmpic(US"content-type:",line,Ustrlen("content-type:")) == 0) { + /* ---------------------------- Content-Type header ------------------------------- */ + uschar *value = line; + + /* check for message/partial MIME type and reject it */ + if (mime_header_find(line,US"message/partial",NULL) > 0) + mime_trigger_error(MIME_ERRORLEVEL_MESSAGE_PARTIAL); + + /* check for TNEF content type, remember to unpack TNEF later. */ + if (mime_header_find(line,US"application/ms-tnef",NULL) > 0) + has_tnef = 1; + + /* find the file extension, but do not fill it in + it is already set, since content-disposition has + precedence. */ + if (mime_part_p.extension == NULL) { + if (mime_header_find(line,US"name",&value) == 2) { + if (Ustrlen(value) > MIME_SANITY_MAX_FILENAME) + mime_trigger_error(MIME_ERRORLEVEL_FILENAME_LENGTH); + mime_part_p.extension = value; + mime_part_p.extension = Ustrrchr(value,'.'); + if (mime_part_p.extension == NULL) { + /* file without extension, setting + NULL will use the default extension later */ + mime_part_p.extension = NULL; + } + else { + struct file_extension *this_extension = + (struct file_extension *)malloc(sizeof(file_extension)); + + this_extension->file_extension_string = + (uschar *)malloc(Ustrlen(mime_part_p.extension)+1); + Ustrcpy(this_extension->file_extension_string, + mime_part_p.extension+1); + this_extension->next = file_extensions; + file_extensions = this_extension; + }; + }; + }; + + /* find a boundary and add it to the list, if present */ + value = line; + if (mime_header_find(line,US"boundary",&value) == 2) { + struct boundary *thisboundary; + + if (Ustrlen(value) > MIME_SANITY_MAX_BOUNDARY_LENGTH) { + mime_trigger_error(MIME_ERRORLEVEL_BOUNDARY_LENGTH); + } + else { + thisboundary = (struct boundary*)malloc(sizeof(boundary)); + thisboundary->next = boundaries; + thisboundary->boundary_string = value; + boundaries = thisboundary; + }; + }; + + if (mime_part_p.seen_content_type == 0) { + mime_part_p.seen_content_type = 1; + } + else { + mime_trigger_error(MIME_ERRORLEVEL_DOUBLE_HEADERS); + }; + /* ---------------------------------------------------------------------------- */ + } + else if (strncmpic(US"content-transfer-encoding:",line,Ustrlen("content-transfer-encoding:")) == 0) { + /* ---------------------------- Content-Transfer-Encoding header -------------- */ + + if (mime_part_p.seen_content_transfer_encoding == 0) { + if (mime_header_find(line,US"base64",NULL) > 0) { + mime_part_p.seen_content_transfer_encoding = MIME_DEMUX_MODE_BASE64; + } + else if (mime_header_find(line,US"quoted-printable",NULL) > 0) { + mime_part_p.seen_content_transfer_encoding = MIME_DEMUX_MODE_QP; + } + else { + mime_part_p.seen_content_transfer_encoding = MIME_DEMUX_MODE_PLAIN; + }; + } + else { + mime_trigger_error(MIME_ERRORLEVEL_DOUBLE_HEADERS); + }; + /* ---------------------------------------------------------------------------- */ + } + else if (strncmpic(US"content-disposition:",line,Ustrlen("content-disposition:")) == 0) { + /* ---------------------------- Content-Disposition header -------------------- */ + uschar *value = line; + + if (mime_part_p.seen_content_disposition == 0) { + mime_part_p.seen_content_disposition = 1; + + if (mime_header_find(line,US"filename",&value) == 2) { + if (Ustrlen(value) > MIME_SANITY_MAX_FILENAME) + mime_trigger_error(MIME_ERRORLEVEL_FILENAME_LENGTH); + mime_part_p.extension = value; + mime_part_p.extension = Ustrrchr(value,'.'); + if (mime_part_p.extension == NULL) { + /* file without extension, setting + NULL will use the default extension later */ + mime_part_p.extension = NULL; + } + else { + struct file_extension *this_extension = + (struct file_extension *)malloc(sizeof(file_extension)); + + this_extension->file_extension_string = + (uschar *)malloc(Ustrlen(mime_part_p.extension)+1); + Ustrcpy(this_extension->file_extension_string, + mime_part_p.extension+1); + this_extension->next = file_extensions; + file_extensions = this_extension; + }; + }; + } + else { + mime_trigger_error(MIME_ERRORLEVEL_DOUBLE_HEADERS); + }; + /* ---------------------------------------------------------------------------- */ + }; + }; /* End of header checks */ + /* ------------------------------------------------ */ + } + else { + /* -------------- non-header mode ----------------- */ + int tmp; + + if (uu_mode == MIME_UU_MODE_OFF) { + uschar uu_file_extension[5]; + /* We are not currently decoding UUENCODE + Check for possible UUENCODE start tag. */ + if (mime_check_uu_start(line,uu_file_extension,&has_tnef)) { + /* possible UUENCODING start detected. + Set unconfirmed mode first. */ + uu_mode = MIME_UU_MODE_UNCONFIRMED; + /* open new uu dump file */ + tmp = mime_get_dump_file(uu_file_extension, &uu_dump_file, info); + if (tmp < 0) { + free(line); + return DEFER; + }; + }; + } + else { + uschar *data; + long data_len = 0; + + if (uu_mode == MIME_UU_MODE_UNCONFIRMED) { + /* We are in unconfirmed UUENCODE mode. */ + + data_len = uu_decode_line(line,&data,line_len,info); + + if (data_len == -2) { + /* temp error, turn off uudecode mode */ + if (uu_dump_file != NULL) { + fclose(uu_dump_file); uu_dump_file = NULL; + }; + uu_mode = MIME_UU_MODE_OFF; + return DEFER; + } + else if (data_len == -1) { + if (uu_dump_file != NULL) { + fclose(uu_dump_file); uu_dump_file = NULL; + }; + uu_mode = MIME_UU_MODE_OFF; + data_len = 0; + } + else if (data_len > 0) { + /* we have at least decoded a valid byte + turn on confirmed mode */ + uu_mode = MIME_UU_MODE_CONFIRMED; + }; + } + else if (uu_mode == MIME_UU_MODE_CONFIRMED) { + /* If we are in confirmed UU mode, + check for single "end" tag on line */ + if ((strncmpic(line,US"end",3) == 0) && (line[3] < 32)) { + if (uu_dump_file != NULL) { + fclose(uu_dump_file); uu_dump_file = NULL; + }; + uu_mode = MIME_UU_MODE_OFF; + } + else { + data_len = uu_decode_line(line,&data,line_len,info); + if (data_len == -2) { + /* temp error, turn off uudecode mode */ + if (uu_dump_file != NULL) { + fclose(uu_dump_file); uu_dump_file = NULL; + }; + uu_mode = MIME_UU_MODE_OFF; + return DEFER; + } + else if (data_len == -1) { + /* skip this line */ + data_len = 0; + }; + }; + }; + + /* write data to dump file, if available */ + if (data_len > 0) { + if (fwrite(data,1,data_len,uu_dump_file) < data_len) { + /* short write */ + snprintf(CS info, 1024,"short write on uudecode dump file"); + free(line); + return DEFER; + }; + }; + }; + + if (mime_demux_mode != MIME_DEMUX_MODE_SCANNING) { + /* Non-scanning and Non-header mode. That means + we are currently decoding data to the dump + file. */ + + /* Check for a known boundary. */ + tmp = mime_check_boundary(line,boundaries); + if (tmp == 1) { + /* We have hit a known start boundary. + That will put us back in header mode. */ + mime_demux_mode = MIME_DEMUX_MODE_MIME_HEADERS; + if (mime_dump_file != NULL) { + fclose(mime_dump_file); mime_dump_file = NULL; + }; + } + else if (tmp == 2) { + /* We have hit a known end boundary. + That puts us into scanning mode, which will end when we hit another known start boundary */ + mime_demux_mode = MIME_DEMUX_MODE_SCANNING; + if (mime_dump_file != NULL) { + fclose(mime_dump_file); mime_dump_file = NULL; + }; + } + else { + uschar *data; + long data_len; + + /* decode the line with the appropriate method */ + if (mime_demux_mode == MIME_DEMUX_MODE_PLAIN) { + /* in plain mode, just dump the line */ + data = line; + data_len = line_len; + } + else if ( (mime_demux_mode == MIME_DEMUX_MODE_QP) || (mime_demux_mode == MIME_DEMUX_MODE_BASE64) ) { + data_len = mime_decode_line(mime_demux_mode,line,&data,line_len,info); + if (data_len < 0) { + /* Error reported from the line decoder. */ + data_len = 0; + }; + }; + + /* write data to dump file */ + if (data_len > 0) { + if (fwrite(data,1,data_len,mime_dump_file) < data_len) { + /* short write */ + snprintf(CS info, 1024,"short write on dump file"); + free(line); + return DEFER; + }; + }; + + }; + } + else { + /* Scanning mode. We end up here after a end boundary. + This will usually be at the end of a message or at + the end of a MIME container. + We need to look for another start boundary to get + back into header mode. */ + if (mime_check_boundary(line,boundaries) == 1) { + mime_demux_mode = MIME_DEMUX_MODE_MIME_HEADERS; + }; + + }; + /* ------------------------------------------------ */ + }; + }; + /* ----------------------- end demux loop ----------------------- */ + + /* close files, they could still be open */ + if (mime_dump_file != NULL) + fclose(mime_dump_file); + if (uu_dump_file != NULL) + fclose(uu_dump_file); + + /* release line buffer */ + free(line); + + /* FIXME: release boundary buffers. + Not too much of a problem since + this instance of exim is not resident. */ + + if (has_tnef) { + uschar file_name[1024]; + /* at least one file could be TNEF encoded. + attempt to send all decoded files thru the TNEF decoder */ + + snprintf(CS file_name,1024,"%s/scan/%s",spool_directory,message_id); + mime_unpack_tnef(file_name); + }; + + return 0; +} + diff -urN exim-4.20-orig/src/demime.h exim-4.20/src/demime.h --- exim-4.20-orig/src/demime.h Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/demime.h Wed May 14 12:04:24 2003 @@ -0,0 +1,146 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ + +/* demime defines */ + +#define MIME_DEMUX_MODE_SCANNING 0 +#define MIME_DEMUX_MODE_MIME_HEADERS 1 +#define MIME_DEMUX_MODE_BASE64 2 +#define MIME_DEMUX_MODE_QP 3 +#define MIME_DEMUX_MODE_PLAIN 4 + +#define MIME_UU_MODE_OFF 0 +#define MIME_UU_MODE_UNCONFIRMED 1 +#define MIME_UU_MODE_CONFIRMED 2 + +#define MIME_MAX_EXTENSION 128 + +#define MIME_READ_LINE_EOF 0 +#define MIME_READ_LINE_OK 1 +#define MIME_READ_LINE_OVERFLOW 2 + +#define MIME_SANITY_MAX_LINE_LENGTH 131071 +#define MIME_SANITY_MAX_FILENAME 512 +#define MIME_SANITY_MAX_HEADER_OPTION_VALUE 1024 +#define MIME_SANITY_MAX_B64_LINE_LENGTH 76 +#define MIME_SANITY_MAX_BOUNDARY_LENGTH 1024 +#define MIME_SANITY_MAX_DUMP_FILES 1024 + + + +/* MIME errorlevel settings */ + +#define MIME_ERRORLEVEL_LONG_LINE 3,US"line length in message or single header size exceeds %u bytes",MIME_SANITY_MAX_LINE_LENGTH +#define MIME_ERRORLEVEL_TOO_MANY_PARTS 3,US"too many MIME parts (max %u)",MIME_SANITY_MAX_DUMP_FILES +#define MIME_ERRORLEVEL_MESSAGE_PARTIAL 3,US"'message/partial' MIME type" +#define MIME_ERRORLEVEL_FILENAME_LENGTH 3,US"proposed filename exceeds %u characters",MIME_SANITY_MAX_FILENAME +#define MIME_ERRORLEVEL_BOUNDARY_LENGTH 3,US"boundary length exceeds %u characters",MIME_SANITY_MAX_BOUNDARY_LENGTH +#define MIME_ERRORLEVEL_DOUBLE_HEADERS 2,US"double headers (content-type, content-disposition or content-transfer-encoding)" +#define MIME_ERRORLEVEL_UU_MISALIGNED 1,US"uuencoded line length is not a multiple of 4 characters" +#define MIME_ERRORLEVEL_UU_LINE_LENGTH 1,US"uuencoded line length does not match advertised number of bytes" +#define MIME_ERRORLEVEL_B64_LINE_LENGTH 1,US"base64 line length exceeds %u characters",MIME_SANITY_MAX_B64_LINE_LENGTH +#define MIME_ERRORLEVEL_B64_ILLEGAL_CHAR 2,US"base64 line contains illegal character" +#define MIME_ERRORLEVEL_B64_MISALIGNED 1,US"base64 line length is not a multiple of 4 characters" +#define MIME_ERRORLEVEL_QP_ILLEGAL_CHAR 1,US"quoted-printable encoding contains illegal character" + + +/* demime structures */ + +typedef struct mime_part { + /* true if there was a content-type header */ + int seen_content_type; + /* true if there was a content-transfer-encoding header + contains the encoding type */ + int seen_content_transfer_encoding; + /* true if there was a content-disposition header */ + int seen_content_disposition; + /* pointer to a buffer with the proposed file extension */ + uschar *extension; +} mime_part; + +typedef struct boundary { + struct boundary *next; + uschar *boundary_string; +} boundary; + +typedef struct file_extension { + struct file_extension *next; + uschar *file_extension_string; +} file_extension; + +/* available functions for the TNEF library (tnef.c & tnef.h) */ + +extern int TNEF_main( char *filename ); +extern int TNEF_set_verbosity( int level ); +extern int TNEF_set_debug( int level ); +extern int TNEF_set_syslogging( int level ); +extern int TNEF_set_stderrlogging( int level ); +extern int TNEF_set_path( char *path ); + + + +/* demime.c prototypes */ + +int mime_unpack_tnef(uschar *); +unsigned int mime_hstr_i(uschar *); +uschar *mime_decode_qp(uschar *, int *); +int mime_get_dump_file(uschar *, FILE **, uschar *); +int mime_header_find(uschar *, uschar *, uschar **); +int mime_read_line(FILE *, int, uschar *, long *); +int mime_check_boundary(uschar *, struct boundary *); +int mime_check_uu_start(uschar *, uschar *, int *); +long uu_decode_line(uschar *, uschar **, long, uschar *); +long mime_decode_line(int ,uschar *, uschar **, long, uschar *); +void mime_trigger_error(int, uschar *, ...); +int mime_demux(FILE *, uschar *); + + + +/* BASE64 decoder matrix */ +static unsigned char b64[256]={ +/* 0 */ 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, +/* 16 */ 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, +/* 32 */ 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 62, 128, 128, 128, 63, +/* 48 */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 128, 128, 128, 255, 128, 128, +/* 64 */ 128, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, +/* 80 */ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 128, 128, 128, 128, 128, +/* 96 */ 128, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, + 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128 +}; + + +/* Microsoft-Style uudecode matrix */ +static unsigned char uudec[256]={ +/* 0 */ 0, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +/* 16 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +/* 32 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +/* 48 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, +/* 64 */ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +/* 80 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +/* 96 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +/* 112 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, +/* 128 */ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +/* 144 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +/* 160 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +/* 176 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, +/* 192 */ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, +/* 208 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, +/* 224 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +/* 240 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 +}; + diff -urN exim-4.20-orig/src/expand.c exim-4.20/src/expand.c --- exim-4.20-orig/src/expand.c Mon May 12 15:39:19 2003 +++ exim-4.20/src/expand.c Wed May 14 12:04:24 2003 @@ -218,11 +218,14 @@ { "caller_uid", vtype_int, &real_uid }, { "compile_date", vtype_stringptr, &version_date }, { "compile_number", vtype_stringptr, &version_cnumber }, + { "demime_errorlevel", vtype_int, &demime_errorlevel }, + { "demime_reason", vtype_stringptr, &demime_reason }, { "dnslist_domain", vtype_stringptr, &dnslist_domain }, { "dnslist_text", vtype_stringptr, &dnslist_text }, { "dnslist_value", vtype_stringptr, &dnslist_value }, { "domain", vtype_stringptr, &deliver_domain }, { "domain_data", vtype_stringptr, &deliver_domain_data }, + { "found_extension", vtype_stringptr, &found_extension }, { "home", vtype_stringptr, &deliver_home }, { "host", vtype_stringptr, &deliver_host }, { "host_address", vtype_stringptr, &deliver_host_address }, @@ -241,6 +244,7 @@ { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix }, { "local_scan_data", vtype_stringptr, &local_scan_data }, { "localhost_number", vtype_int, &host_number }, + { "malware_name", vtype_stringptr, &malware_name }, { "message_age", vtype_int, &message_age }, { "message_body", vtype_msgbody, &message_body }, { "message_body_end", vtype_msgbody_end, &message_body_end }, @@ -275,6 +279,7 @@ { "received_protocol", vtype_stringptr, &received_protocol }, { "recipients", vtype_recipients, NULL }, { "recipients_count", vtype_int, &recipients_count }, + { "regex_match_string", vtype_stringptr, ®ex_match_string }, { "reply_address", vtype_reply, NULL }, { "return_path", vtype_stringptr, &return_path }, { "return_size_limit", vtype_int, &return_size_limit }, @@ -302,6 +307,10 @@ { "sn7", vtype_filter_int, &filter_sn[7] }, { "sn8", vtype_filter_int, &filter_sn[8] }, { "sn9", vtype_filter_int, &filter_sn[9] }, + { "spam_bar", vtype_stringptr, &spam_bar }, + { "spam_report", vtype_stringptr, &spam_report }, + { "spam_score", vtype_stringptr, &spam_score }, + { "spam_score_int", vtype_stringptr, &spam_score_int }, { "spool_directory", vtype_stringptr, &spool_directory }, { "thisaddress", vtype_stringptr, &filter_thisaddress }, { "tls_certificate_verified", vtype_int, &tls_certificate_verified }, diff -urN exim-4.20-orig/src/functions.h exim-4.20/src/functions.h --- exim-4.20-orig/src/functions.h Mon May 12 15:39:19 2003 +++ exim-4.20/src/functions.h Wed May 14 12:04:24 2003 @@ -64,6 +64,7 @@ extern void deliver_set_expansions(address_item *); extern int deliver_split_address(address_item *); extern void deliver_succeeded(address_item *); +extern int demime(uschar **); extern BOOL directory_make(uschar *, uschar *, int, BOOL); extern dns_address *dns_address_from_rr(dns_answer *, dns_record *); extern void dns_init(BOOL, BOOL); @@ -114,6 +115,7 @@ extern void log_close_all(void); +extern int malware(uschar **); extern int match_address_list(uschar *, BOOL, uschar **, unsigned int *, int, int); extern int match_check_list(uschar **, int, tree_node **, unsigned int **, @@ -227,6 +229,8 @@ extern BOOL smtp_start_session(void); extern int smtp_ungetc(int); extern int smtp_write_command(smtp_outblock *, BOOL, char *, ...); +extern int spam(uschar **); +extern FILE *spool_mbox(unsigned long long *); extern BOOL spool_move_message(uschar *, uschar *, uschar *, uschar *); extern BOOL spool_open_datafile(uschar *); extern int spool_open_temp(uschar *); @@ -277,6 +281,8 @@ extern tree_node *tree_search(tree_node *, uschar *); extern void tree_write(tree_node *, FILE *); +extern void unspool_mbox(void); + extern int verify_address(address_item *, FILE *, int, int, BOOL *); extern int verify_check_dnsbl(uschar **); extern int verify_check_header_address(uschar **, uschar **, int); diff -urN exim-4.20-orig/src/globals.c exim-4.20/src/globals.c --- exim-4.20-orig/src/globals.c Mon May 12 15:39:19 2003 +++ exim-4.20/src/globals.c Wed May 14 12:04:24 2003 @@ -286,6 +286,7 @@ uschar *auth_defer_msg = US"reason not recorded"; uschar *auth_defer_user_msg = US""; int auto_thaw = 0; +uschar *av_scanner = US"sophie|/var/run/sophie"; BOOL background_daemon = TRUE; uschar *base62_chars= @@ -400,6 +401,8 @@ BOOL deliver_selectstring_regex = FALSE; uschar *deliver_selectstring_sender = NULL; BOOL deliver_selectstring_sender_regex = FALSE; +int demime_errorlevel = 0; +uschar *demime_reason = NULL; BOOL disable_logging = FALSE; uschar *dns_again_means_nonexist = NULL; @@ -443,6 +446,7 @@ uschar *filter_test = NULL; uschar *filter_thisaddress = NULL; int finduser_retries = 0; +uschar *found_extension = NULL; uschar *freeze_tell = NULL; uschar *gecos_name = NULL; @@ -565,6 +569,7 @@ uschar *lookup_value = NULL; macro_item *macros = NULL; +uschar *malware_name = NULL; int max_username_length = 0; int message_age = 0; uschar *message_body = NULL; @@ -680,6 +685,7 @@ const pcre *regex_PIPELINING = NULL; const pcre *regex_SIZE = NULL; const pcre *regex_ismsgid = NULL; +uschar *regex_match_string = NULL; int remote_delivery_count = 0; int remote_max_parallel = 2; uschar *remote_sort_domains = NULL; @@ -846,6 +852,11 @@ int smtp_rlr_threshold = INT_MAX; BOOL smtp_use_pipelining = FALSE; BOOL smtp_use_size = FALSE; +uschar *spamd_address = US"127.0.0.1 783"; +uschar *spam_bar = NULL; +uschar *spam_report = NULL; +uschar *spam_score = NULL; +uschar *spam_score_int = NULL; BOOL split_spool_directory = FALSE; uschar *spool_directory = US SPOOL_DIRECTORY "\0<--------------Space to patch spool_directory->"; diff -urN exim-4.20-orig/src/globals.h exim-4.20/src/globals.h --- exim-4.20-orig/src/globals.h Mon May 12 15:39:19 2003 +++ exim-4.20/src/globals.h Wed May 14 12:04:24 2003 @@ -129,6 +129,7 @@ extern uschar *auth_defer_msg; /* Error message for log */ extern uschar *auth_defer_user_msg; /* Error message for user */ extern int auto_thaw; /* Auto-thaw interval */ +extern uschar *av_scanner; /* AntiVirus scanner to use for the malware condition */ extern BOOL background_daemon; /* Set FALSE to keep in foreground */ extern uschar *base62_chars; /* Table of base-62 characters */ @@ -210,6 +211,8 @@ extern BOOL deliver_selectstring_regex; /* String is regex */ extern uschar *deliver_selectstring_sender; /* For selecting by sender */ extern BOOL deliver_selectstring_sender_regex; /* String is regex */ +extern int demime_errorlevel; /* Severity of MIME error */ +extern uschar *demime_reason; /* Reason for broken MIME container */ extern BOOL disable_logging; /* Disables log writing when TRUE */ extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */ @@ -250,6 +253,7 @@ extern uschar *filter_test; /* Run as a filter tester on this file */ extern uschar *filter_thisaddress; /* For address looping */ extern int finduser_retries; /* Retry count for getpwnam() */ +extern uschar *found_extension; /* demime acl condition: file extension found */ extern uschar *freeze_tell; /* Message on (some) freezings */ extern uschar *gecos_name; /* To be expanded when pattern matches */ @@ -322,6 +326,7 @@ extern uschar *lookup_value; /* Value looked up from file */ extern macro_item *macros; /* Configuration macros */ +extern uschar *malware_name; /* Name of virus or malware ("W32/Klez-H") */ extern int max_username_length; /* For systems with broken getpwnam() */ extern int message_age; /* In seconds */ extern uschar *message_body; /* Start of message body for filter */ @@ -421,6 +426,7 @@ extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */ extern const pcre *regex_SIZE; /* For recognizing SIZE settings */ extern const pcre *regex_ismsgid; /* Compiled r.e. for message it */ +extern uschar *regex_match_string; /* regex that matched a line (regex ACL condition) */ extern int remote_delivery_count; /* Number of remote addresses */ extern int remote_max_parallel; /* Maximum parallel delivery */ extern uschar *remote_sort_domains; /* Remote domain sorting order */ @@ -511,6 +517,11 @@ extern BOOL smtp_use_pipelining; /* Global for passed connections */ extern BOOL smtp_use_size; /* Global for passed connections */ extern BOOL split_spool_directory; /* TRUE to use multiple subdirs */ +extern uschar *spamd_address; /* address for the spamassassin daemon */ +extern uschar *spam_bar; /* the spam "bar" (textual representation of spam_score) */ +extern uschar *spam_report; /* the spamd report (multiline) */ +extern uschar *spam_score; /* the spam score (float) */ +extern uschar *spam_score_int; /* spam_score * 10 (int) */ extern uschar *spool_directory; /* Name of spool directory */ extern int string_datestamp_offset;/* After insertion by string_format */ extern BOOL strip_excess_angle_brackets; /* Surrounding route-addrs */ diff -urN exim-4.20-orig/src/malware.c exim-4.20/src/malware.c --- exim-4.20-orig/src/malware.c Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/malware.c Wed May 14 12:04:24 2003 @@ -0,0 +1,470 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ + +/* Code for calling virus (malware) scanners. Called from acl.c. */ + +#include "exim.h" + +uschar malware_name_buffer[256]; +int malware_ok = 0; + +int malware(uschar **listptr) { + int sep = 0; + uschar *list = *listptr; + uschar *av_scanner_work = av_scanner; + uschar *scanner_name; + uschar scanner_name_buffer[16]; + uschar *malware_regex; + uschar malware_regex_buffer[64]; + uschar malware_regex_default[] = ".+"; + unsigned long long mbox_size; + FILE *mbox_file; + int roffset; + const pcre *re; + const uschar *rerror; + + /* make sure the eml mbox file is spooled up */ + mbox_file = spool_mbox(&mbox_size); + if (mbox_file == NULL) { + /* error while spooling */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: error while creating mbox spool file"); + return DEFER; + }; + /* none of our current scanners need the mbox + file as a stream, so we can close it right away */ + fclose(mbox_file); + + /* extract the malware regex to match against from the option list */ + if ((malware_regex = string_nextinlist(&list, &sep, + malware_regex_buffer, + sizeof(malware_regex_buffer))) != NULL) { + + /* parse 1st option */ + if ( (strcmpic(malware_regex,US"false") == 0) || + (Ustrcmp(malware_regex,"0") == 0) ) { + /* explicitly no matching */ + return FAIL; + }; + + /* special cases (match anything except empty) */ + if ( (strcmpic(malware_regex,US"true") == 0) || + (Ustrcmp(malware_regex,"*") == 0) || + (Ustrcmp(malware_regex,"1") == 0) ) { + malware_regex = malware_regex_default; + }; + } + else { + /* empty means "don't match anything" */ + return FAIL; + }; + + /* compile the regex, see if it works */ + re = pcre_compile(CS malware_regex, PCRE_COPT, (const char **)&rerror, &roffset, NULL); + if (re == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: regular expression error in '%s': %s at offset %d", malware_regex, rerror, roffset); + return DEFER; + }; + + /* Do not scan twice. */ + if (malware_ok == 0) { + + /* find the scanner type from the av_scanner option */ + if ((scanner_name = string_nextinlist(&av_scanner_work, &sep, + scanner_name_buffer, + sizeof(scanner_name_buffer))) == NULL) { + /* no scanner given */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: av_scanner configuration variable is empty"); + return DEFER; + }; + + + + /* "kavdaemon" scanner type ------------------------------------------------ */ + if (strcmpic(scanner_name,US"kavdaemon") == 0) { + uschar *kav_options; + uschar kav_options_buffer[1024]; + uschar kav_options_default[] = "/var/run/AvpCtl"; + struct sockaddr_un server; + int sock; + time_t t; + uschar tmpbuf[1024]; + uschar scanrequest[1024]; + uschar kav_match_string[128]; + int kav_rc; + unsigned long kav_reportlen, bread; + pcre *kav_re; + + if ((kav_options = string_nextinlist(&av_scanner_work, &sep, + kav_options_buffer, + sizeof(kav_options_buffer))) == NULL) { + /* no options supplied, use default options */ + kav_options = kav_options_default; + }; + + /* open the kavdaemon socket */ + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: can't open UNIX socket."); + return DEFER; + } + server.sun_family = AF_UNIX; + Ustrcpy(server.sun_path, kav_options); + if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to connect to kavdaemon UNIX socket (%s). errno=%d", kav_options, errno); + return DEFER; + } + + /* get current date and time, build scan request */ + time(&t); + strftime(CS tmpbuf, sizeof(tmpbuf), "<0>%d %b %H:%M:%S:%%s/scan/%%s", localtime(&t)); + snprintf(CS scanrequest, 1024,CS tmpbuf, spool_directory, message_id); + + /* send scan request */ + if (send(sock, scanrequest, Ustrlen(scanrequest)+1, 0) < 0) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to write to kavdaemon UNIX socket (%s)", kav_options); + return DEFER; + } + + /* wait for result */ + if ((bread = recv(sock, tmpbuf, 2, 0) != 2)) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to read 2 bytes from kavdaemon socket."); + return DEFER; + } + + /* get errorcode from lower nibble */ + kav_rc = tmpbuf[0] & 0x0F; + + /* improper kavdaemon configuration */ + if ( (kav_rc == 5) || (kav_rc == 6) ) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: please reconfigure kavdaemon to NOT disinfect or remove infected files."); + return DEFER; + }; + + if (kav_rc == 1) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: kavdaemon reported 'scanning not completed' (code 1)."); + return DEFER; + }; + + if (kav_rc == 7) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: kavdaemon reported 'kavdaemon damaged' (code 7)."); + return DEFER; + }; + + /* code 8 is not handled, since it is ambigous. It appears mostly on + bounces where part of a file has been cut off */ + + /* "virus found" return codes (2-4) */ + if ((kav_rc > 1) && (kav_rc < 5)) { + + /* setup default virus name */ + Ustrcpy(malware_name_buffer,"unknown"); + malware_name = malware_name_buffer; + + /* read the report, if available */ + if( tmpbuf[1] == 1 ) { + /* read report size */ + if ((bread = recv(sock, &kav_reportlen, 4, 0)) != 4) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: cannot read report size from kavdaemon"); + return DEFER; + }; + + /* it's possible that avp returns av_buffer[1] == 1 but the + reportsize is 0 (!?) */ + if (kav_reportlen > 0) { + /* set up match regex, depends on retcode */ + if( kav_rc == 3 ) + Ustrcpy(kav_match_string, "suspicion:\\s*(.+?)\\s*$"); + else + Ustrcpy(kav_match_string, "infected:\\s*(.+?)\\s*$"); + + kav_re = pcre_compile( CS kav_match_string, + PCRE_COPT, + (const char **)&rerror, + &roffset, + NULL ); + + /* read report, linewise */ + while (kav_reportlen > 0) { + int result = 0; + int ovector[30]; + + bread = 0; + while ( recv(sock, &tmpbuf[bread], 1, 0) == 1 ) { + kav_reportlen--; + if ( (tmpbuf[bread] == '\n') || (bread > 1021) ) break; + bread++; + }; + bread++; + tmpbuf[bread] = '\0'; + + /* try matcher on the line, grab substring */ + result = pcre_exec(kav_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30); + if (result >= 2) { + pcre_copy_substring(CS tmpbuf, ovector, result, 1, CS malware_name_buffer, 255); + break; + }; + }; + }; + }; + } + else { + /* no virus found */ + malware_name = NULL; + }; + + close(sock); + } + + + + /* "cmdline" scanner type ------------------------------------------------ */ + else if (strcmpic(scanner_name,US"cmdline") == 0) { + uschar *cmdline_scanner; + uschar cmdline_scanner_buffer[1024]; + uschar *cmdline_trigger; + uschar cmdline_trigger_buffer[1024]; + const pcre *cmdline_trigger_re; + uschar *cmdline_regex; + uschar cmdline_regex_buffer[1024]; + const pcre *cmdline_regex_re; + uschar file_name[1024]; + uschar commandline[1024]; + FILE *scanner_out = NULL; + FILE *scanner_record = NULL; + uschar linebuffer[32767]; + int trigger = 0; + int result; + int ovector[30]; + + /* find scanner command line */ + if ((cmdline_scanner = string_nextinlist(&av_scanner_work, &sep, + cmdline_scanner_buffer, + sizeof(cmdline_scanner_buffer))) == NULL) { + /* no command line supplied */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: missing commandline specification for cmdline scanner type."); + return DEFER; + }; + + /* find scanner output trigger */ + if ((cmdline_trigger = string_nextinlist(&av_scanner_work, &sep, + cmdline_trigger_buffer, + sizeof(cmdline_trigger_buffer))) == NULL) { + /* no trigger regex supplied */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: missing trigger specification for cmdline scanner type."); + return DEFER; + }; + + /* precompile trigger regex */ + cmdline_trigger_re = pcre_compile(CS cmdline_trigger, PCRE_COPT, (const char **)&rerror, &roffset, NULL); + if (cmdline_trigger_re == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger_re, rerror, roffset); + return DEFER; + }; + + /* find scanner name regex */ + if ((cmdline_regex = string_nextinlist(&av_scanner_work, &sep, + cmdline_regex_buffer, + sizeof(cmdline_regex_buffer))) == NULL) { + /* no name regex supplied */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: missing virus name regex specification for cmdline scanner type."); + return DEFER; + }; + + /* precompile name regex */ + cmdline_regex_re = pcre_compile(CS cmdline_regex, PCRE_COPT, (const char **)&rerror, &roffset, NULL); + if (cmdline_regex_re == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex_re, rerror, roffset); + return DEFER; + }; + + /* prepare scanner call */ + snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id); + snprintf(CS commandline,1024, CS cmdline_scanner,file_name); + /* redirect STDERR too */ + Ustrcat(commandline," 2>&1"); + + scanner_out = popen(CS commandline,"r"); + if (scanner_out == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: calling cmdline scanner (%s) failed: %s.", commandline, strerror(errno)); + return DEFER; + }; + + snprintf(CS file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id); + scanner_record = fopen(CS file_name,"w"); + + if (scanner_record == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: opening scanner output file (%s) failed: %s.", file_name, strerror(errno)); + pclose(scanner_out); + return DEFER; + }; + + /* look for trigger while recording output */ + while(fgets(CS linebuffer,32767,scanner_out) != NULL) { + if ( Ustrlen(linebuffer) > fwrite(linebuffer, 1, Ustrlen(linebuffer), scanner_record) ) { + /* short write */ + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: short write on scanner output file (%s).", file_name); + pclose(scanner_out); + return DEFER; + }; + /* try trigger match */ + if (!trigger && regex_match_and_setup(cmdline_trigger_re, linebuffer, 0, -1)) + trigger = 1; + }; + + fclose(scanner_record); + pclose(scanner_out); + + if (trigger) { + /* setup default virus name */ + Ustrcpy(malware_name_buffer,"unknown"); + malware_name = malware_name_buffer; + + /* re-open the scanner output file, look for name match */ + scanner_record = fopen(CS file_name,"r"); + while(fgets(CS linebuffer,32767,scanner_record) != NULL) { + /* try match */ + result = pcre_exec(cmdline_regex_re, NULL, CS linebuffer, Ustrlen(linebuffer), 0, 0, ovector, 30); + if (result >= 2) { + pcre_copy_substring(CS linebuffer, ovector, result, 1, CS malware_name_buffer, 255); + }; + }; + fclose(scanner_record); + } + else { + /* no virus found */ + malware_name = NULL; + }; + } + + + + /* "sophie" scanner type ------------------------------------------------- */ + else if (strcmpic(scanner_name,US"sophie") == 0) { + uschar *sophie_options; + uschar sophie_options_buffer[1024]; + uschar sophie_options_default[] = "/var/run/sophie"; + int bread = 0; + struct sockaddr_un server; + int sock; + uschar file_name[1024]; + uschar av_buffer[1024]; + + if ((sophie_options = string_nextinlist(&av_scanner_work, &sep, + sophie_options_buffer, + sizeof(sophie_options_buffer))) == NULL) { + /* no options supplied, use default options */ + sophie_options = sophie_options_default; + }; + + /* open the sophie socket */ + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: can't open UNIX socket."); + return DEFER; + } + server.sun_family = AF_UNIX; + Ustrcpy(server.sun_path, sophie_options); + if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to connect to sophie UNIX socket (%s). errno=%d", sophie_options, errno); + return DEFER; + } + + /* pass the scan directory to sophie */ + snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id); + if (write(sock, file_name, Ustrlen(file_name)) < 0) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options); + return DEFER; + }; + + write(sock, "\n", 1); + + /* wait for result */ + memset(av_buffer, 0, sizeof(av_buffer)); + if ((!(bread = read(sock, av_buffer, sizeof(av_buffer))) > 0)) { + close(sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options); + return DEFER; + }; + + close(sock); + + /* infected ? */ + if (av_buffer[0] == '1') { + if (Ustrchr(av_buffer, '\n')) *Ustrchr(av_buffer, '\n') = '\0'; + Ustrcpy(malware_name_buffer,&av_buffer[2]); + malware_name = malware_name_buffer; + } + else if (!strncmp(CS av_buffer, "-1", 2)) { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware acl condition: malware acl condition: sophie reported error"); + return DEFER; + } + else { + /* all ok, no virus */ + malware_name = NULL; + }; + } + /* ----------------------------------------------------------------------- */ + + + + /* "unknown" scanner type ------------------------------------------------- */ + else { + log_write(0, LOG_MAIN|LOG_PANIC, + "malware condition: unknown scanner type '%s'", scanner_name); + return DEFER; + }; + /* ----------------------------------------------------------------------- */ + + /* set "been here, done that" marker */ + malware_ok = 1; + }; + + /* match virus name against pattern (caseless ------->----------v) */ + if ( (malware_name != NULL) && + (regex_match_and_setup(re, malware_name, 0, -1)) ) { + return OK; + } + else { + return FAIL; + }; +} diff -urN exim-4.20-orig/src/readconf.c exim-4.20/src/readconf.c --- exim-4.20-orig/src/readconf.c Mon May 12 15:39:21 2003 +++ exim-4.20/src/readconf.c Wed May 14 12:04:24 2003 @@ -152,6 +152,7 @@ { "allow_utf8_domains", opt_bool, &allow_utf8_domains }, { "auth_advertise_hosts", opt_stringptr, &auth_advertise_hosts }, { "auto_thaw", opt_time, &auto_thaw }, + { "av_scanner", opt_stringptr, &av_scanner }, { "bi_command", opt_stringptr, &bi_command }, { "bounce_message_file", opt_stringptr, &bounce_message_file }, { "bounce_message_text", opt_stringptr, &bounce_message_text }, @@ -297,6 +298,7 @@ { "smtp_receive_timeout", opt_time, &smtp_receive_timeout }, { "smtp_reserve_hosts", opt_stringptr, &smtp_reserve_hosts }, { "smtp_return_error_details",opt_bool, &smtp_return_error_details }, + { "spamd_address", opt_stringptr, &spamd_address }, { "split_spool_directory", opt_bool, &split_spool_directory }, { "spool_directory", opt_stringptr, &spool_directory }, { "strip_excess_angle_brackets", opt_bool, &strip_excess_angle_brackets }, diff -urN exim-4.20-orig/src/regex.c exim-4.20/src/regex.c --- exim-4.20-orig/src/regex.c Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/regex.c Wed May 14 12:04:24 2003 @@ -0,0 +1,110 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ + +/* Code for matching regular expressions against headers and body. + Called from acl.c. */ + +#include "exim.h" + +/* Structure to hold a list of Regular expressions */ +typedef struct pcre_list { + pcre *re; + uschar *pcre_text; + struct pcre_list *next; +} pcre_list; + +uschar regex_match_string_buffer[1024]; + +int regex(uschar **listptr) { + int sep = 0; + uschar *list = *listptr; + uschar *regex_string; + uschar regex_string_buffer[1024]; + unsigned long long mbox_size; + FILE *mbox_file; + pcre *re; + pcre_list *re_list_head = NULL; + pcre_list *re_list_item; + const char *pcre_error; + int pcre_erroffset; + uschar *linebuffer; + + /* reset expansion variable */ + regex_match_string = NULL; + + /* make sure the eml mbox file is spooled up */ + mbox_file = spool_mbox(&mbox_size); + if (mbox_file == NULL) { + /* error while spooling */ + log_write(0, LOG_MAIN|LOG_PANIC, + "regex acl condition: error while creating mbox spool file"); + return DEFER; + }; + + /* precompile our regexes */ + while ((regex_string = string_nextinlist(&list, &sep, + regex_string_buffer, + sizeof(regex_string_buffer))) != NULL) { + + /* parse option */ + if ( (strcmpic(regex_string,US"false") == 0) || + (Ustrcmp(regex_string,"0") == 0) ) { + /* explicitly no matching */ + continue; + }; + + /* compile our regular expression */ + re = pcre_compile( CS regex_string, + 0, + &pcre_error, + &pcre_erroffset, + NULL ); + + if (re == NULL) { + log_write(0, LOG_MAIN, + "regex acl condition warning - error in regex '%s': %s at offset %d, skipped.", regex_string, pcre_error, pcre_erroffset); + continue; + } + else { + re_list_item = store_get(sizeof(pcre_list)); + re_list_item->re = re; + re_list_item->pcre_text = string_copy(regex_string); + re_list_item->next = re_list_head; + re_list_head = re_list_item; + }; + }; + + /* no regexes -> nothing to do */ + if (re_list_head == NULL) { + return FAIL; + }; + + /* match each line against all regexes */ + linebuffer = store_get(32767); + while (fgets(CS linebuffer, 32767, mbox_file) != NULL) { + re_list_item = re_list_head; + do { + /* try matcher on the line */ + if (pcre_exec(re_list_item->re, NULL, CS linebuffer, + (int)Ustrlen(linebuffer), 0, 0, NULL, 0) >= 0) { + Ustrncpy(regex_match_string_buffer, re_list_item->pcre_text, 1023); + regex_match_string = regex_match_string_buffer; + fclose(mbox_file); + return OK; + }; + re_list_item = re_list_item->next; + } while (re_list_item != NULL); + }; + + fclose(mbox_file); + + /* no matches ... */ + return FAIL; +} diff -urN exim-4.20-orig/src/spam.c exim-4.20/src/spam.c --- exim-4.20-orig/src/spam.c Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/spam.c Wed May 14 12:04:24 2003 @@ -0,0 +1,256 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ + +/* Code for calling spamassassin's spamd. Called from acl.c. */ + +#include "exim.h" +#include "spam.h" + +uschar spam_score_buffer[16]; +uschar spam_score_int_buffer[16]; +uschar spam_bar_buffer[128]; +uschar spam_report_buffer[32600]; +uschar prev_user_name[128]; +int spam_ok = 0; +int spam_rc = 0; + +int spam(uschar **listptr) { + int sep = 0; + uschar *list = *listptr; + uschar *user_name; + uschar user_name_buffer[128]; + unsigned long long mbox_size; + FILE *mbox_file; + int spamd_sock; + uschar tcp_addr[24]; + unsigned int tcp_port; + uschar spamd_buffer[32600]; + int i, j, offset; + uschar spamd_version[8]; + uschar spamd_score_char; + double spamd_threshold, spamd_score; + int spamd_report_offset; + uschar *p,*q; + int override = 0; + + /* find the username from the option list */ + if ((user_name = string_nextinlist(&list, &sep, + user_name_buffer, + sizeof(user_name_buffer))) == NULL) { + /* no username given, this means no scanning should be done */ + return FAIL; + }; + + /* if username is "0" or "false", do not scan */ + if ( (Ustrcmp(user_name,"0") == 0) || + (strcmpic(user_name,US"false") == 0) ) { + return FAIL; + }; + + /* if there is an additional option, check if it is "true" */ + if (strcmpic(list,US"true") == 0) { + /* in that case, always return true later */ + override = 1; + }; + + /* if we scanned for this username last time, just return */ + if ( spam_ok && ( Ustrcmp(prev_user_name, user_name) == 0 ) ) + if (override) + return OK; + else + return spam_rc; + + /* make sure the eml mbox file is spooled up */ + mbox_file = spool_mbox(&mbox_size); + + if (mbox_file == NULL) { + /* error while spooling */ + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: error while creating mbox spool file"); + return DEFER; + }; + + /* contact spamd */ + spamd_sock = ip_socket(SOCK_STREAM, AF_INET); + if (spamd_sock < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: error creating IP socket for spamd"); + fclose(mbox_file); + return DEFER; + }; + + if (ip_bind(spamd_sock, AF_INET, US"0.0.0.0", 0) < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: bind socket for spamd failed: %s",strerror(errno)); + fclose(mbox_file); + close(spamd_sock); + return DEFER; + }; + + /* grok spamd address and port */ + if( sscanf(CS spamd_address, "%s %u", tcp_addr, &tcp_port) != 2 ) { + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: invalid spamd address: '%s'", spamd_address); + fclose(mbox_file); + close(spamd_sock); + return DEFER; + }; + + if (ip_connect(spamd_sock, AF_INET, tcp_addr, tcp_port, 5) < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: spamd connection to %s, port %u failed: %s", tcp_addr, tcp_port, strerror(errno)); + fclose(mbox_file); + close(spamd_sock); + return DEFER; + }; + + /* now we are connected to spamd on spamd_sock */ + snprintf(CS spamd_buffer, + sizeof(spamd_buffer), + "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %lld\r\n\r\n", + user_name, + mbox_size); + + /* send our request */ + if (send(spamd_sock, spamd_buffer, Ustrlen(spamd_buffer), 0) < 0) { + close(spamd_sock); + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: spamd send failed: %s", strerror(errno)); + fclose(mbox_file); + close(spamd_sock); + return DEFER; + }; + + /* now send the file */ + do { + j = fread(spamd_buffer,1,sizeof(spamd_buffer),mbox_file); + if (j > 0) { + i = send(spamd_sock,spamd_buffer,j,0); + if (i != j) { + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: error/short send to spamd"); + close(spamd_sock); + fclose(mbox_file); + return DEFER; + }; + }; + } + while (j > 0); + + fclose(mbox_file); + + /* we're done sending, close socket for writing */ + shutdown(spamd_sock,SHUT_WR); + + /* read spamd response */ + memset(spamd_buffer, 0, sizeof(spamd_buffer)); + offset = 0; + while((i = ip_recv(spamd_sock, + spamd_buffer + offset, + sizeof(spamd_buffer) - offset - 1, + SPAMD_READ_TIMEOUT)) > 0 ) { + offset += i; + } + + /* error handling */ + if((i <= 0) && (errno != 0)) { + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: error reading from spamd socket: %s", strerror(errno)); + close(spamd_sock); + return DEFER; + } + + /* reading done */ + close(spamd_sock); + + /* dig in the spamd output and put the report in a multiline header, if requested */ + if( sscanf(CS spamd_buffer,"SPAMD/%s 0 EX_OK\r\nContent-length: %*u\r\n\r\n%lf/%lf\r\n%n", + spamd_version,&spamd_score,&spamd_threshold,&spamd_report_offset) != 3 ) { + + /* try to fall back to pre-2.50 spamd output */ + if( sscanf(CS spamd_buffer,"SPAMD/%s 0 EX_OK\r\nSpam: %*s ; %lf / %lf\r\n\r\n%n", + spamd_version,&spamd_score,&spamd_threshold,&spamd_report_offset) != 3 ) { + log_write(0, LOG_MAIN|LOG_PANIC, + "spam acl condition: cannot parse spamd output"); + return DEFER; + }; + }; + + /* Create report. Since this is a multiline string, + we must hack it into shape first */ + p = &spamd_buffer[spamd_report_offset]; + q = spam_report_buffer; + while (*p != '\0') { + if (*p == '\r') { + p++; + continue; + }; + *q = *p; + q++; + if (*p == '\n') { + *q = '\t'; + q++; + }; + p++; + }; + *q = '\0'; + q--; + while (*q <= ' ') { + *q = '\0'; + q--; + }; + spam_report = spam_report_buffer; + + /* create spam bar */ + spamd_score_char = spamd_score > 0 ? '+' : '-'; + j = abs((int)(spamd_score)); + i = 0; + if( j != 0 ) { + while((i < j) && (i <= MAX_SPAM_BAR_CHARS)) + spam_bar_buffer[i++] = spamd_score_char; + } + else{ + spam_bar_buffer[0] = '/'; + i = 1; + } + spam_bar_buffer[i] = '\0'; + spam_bar = spam_bar_buffer; + + /* create "float" spam score */ + snprintf(CS spam_score_buffer, sizeof(spam_score_buffer),"%.1f", spamd_score); + spam_score = spam_score_buffer; + + /* create "int" spam score */ + j = (int)(spamd_score*10); + snprintf(CS spam_score_int_buffer, sizeof(spam_score_int_buffer), "%d", j); + spam_score_int = spam_score_int_buffer; + + /* compare threshold against score */ + if (spamd_score >= spamd_threshold) { + /* spam as determined by user's threshold */ + spam_rc = OK; + } + else { + /* not spam */ + spam_rc = FAIL; + }; + + /* remember user name and "been here" for it */ + Ustrcpy(prev_user_name, user_name); + spam_ok = 1; + + if (override) { + /* always return OK, no matter what the score */ + return OK; + } + else { + return spam_rc; + }; +} diff -urN exim-4.20-orig/src/spam.h exim-4.20/src/spam.h --- exim-4.20-orig/src/spam.h Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/spam.h Wed May 14 12:04:24 2003 @@ -0,0 +1,23 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ + +/* spam defines */ + +/* timeout for reading from spamd */ +#define SPAMD_READ_TIMEOUT 3600 + +/* maximum length of the spam bar */ +#define MAX_SPAM_BAR_CHARS 50 + +/* SHUT_WR seems to be undefined on Unixware ? */ +#ifndef SHUT_WR +#define SHUT_WR 1 +#endif + diff -urN exim-4.20-orig/src/spool_in.c exim-4.20/src/spool_in.c --- exim-4.20-orig/src/spool_in.c Mon May 12 15:39:22 2003 +++ exim-4.20/src/spool_in.c Wed May 14 12:04:24 2003 @@ -248,6 +248,7 @@ interface_port = 0; local_error_message = FALSE; local_scan_data = NULL; +spam_score_int = NULL; message_linecount = 0; received_protocol = NULL; recipients_list = NULL; @@ -347,6 +348,8 @@ local_error_message = TRUE; else if (Ustrncmp(big_buffer, "-local_scan ", 12) == 0) local_scan_data = string_copy(big_buffer + 12); + else if (Ustrncmp(big_buffer, "-spam_score_int ", 16) == 0) + spam_score_int = string_copy(big_buffer + 16); else if (Ustrcmp(big_buffer, "-host_lookup_failed") == 0) host_lookup_failed = TRUE; else if (Ustrncmp(big_buffer, "-body_linecount", 15) == 0) diff -urN exim-4.20-orig/src/spool_mbox.c exim-4.20/src/spool_mbox.c --- exim-4.20-orig/src/spool_mbox.c Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/spool_mbox.c Thu May 15 15:50:16 2003 @@ -0,0 +1,142 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ + +/* Code for setting up a MBOX style spool file inside a /scan/ +sub directory of exim's spool directory. */ + +#include "exim.h" + +int spool_mbox_ok = 0; + +/* returns a pointer to the FILE, and puts the size in bytes into mbox_file_size */ + +FILE *spool_mbox(unsigned long long *mbox_file_size) { + uschar mbox_path[1024]; + uschar message_subdir[2]; + uschar data_buffer[65535]; + FILE *mbox_file; + FILE *data_file; + header_line *my_headerlist; + struct stat statbuf; + int i,j; + + if (!spool_mbox_ok) { + /* create scan directory, if not present */ + if (!directory_make(spool_directory, US "scan", 0750, FALSE)) { + debug_printf("unable to create directory: %s/scan\n", spool_directory); + return NULL; + }; + + /* create temp directory inside scan dir */ + snprintf(CS mbox_path, 1024, "%s/scan/%s", spool_directory, message_id); + if (!directory_make(NULL, mbox_path, 0750, FALSE)) { + debug_printf("unable to create directory: %s/scan/%s\n", spool_directory, message_id); + return NULL; + }; + + /* open [message_id].eml file for writing */ + snprintf(CS mbox_path, 1024, "%s/scan/%s/%s.eml", spool_directory, message_id, message_id); + mbox_file = Ufopen(mbox_path,"w"); + + if (mbox_file == NULL) { + debug_printf("unable to open file for writing: %s\n", mbox_path); + return NULL; + }; + + /* write all header lines to mbox file */ + my_headerlist = header_list; + while (my_headerlist != NULL) { + + /* skip deleted headers */ + if (my_headerlist->type == '*') { + my_headerlist = my_headerlist->next; + continue; + }; + + i = fwrite(my_headerlist->text, 1, my_headerlist->slen, mbox_file); + if (i != my_headerlist->slen) { + debug_printf("error/short write on writing in: %s", mbox_path); + fclose(mbox_file); + return NULL; + }; + + my_headerlist = my_headerlist->next; + }; + + /* copy body file */ + message_subdir[1] = '\0'; + for (i = 0; i < 2; i++) { + message_subdir[0] = (split_spool_directory == (i == 0))? message_id[5] : 0; + sprintf(CS mbox_path, "%s/input/%s/%s-D", spool_directory, message_subdir, message_id); + data_file = Ufopen(mbox_path,"r"); + if (data_file != NULL) + break; + }; + + fread(data_buffer, 1, 18, data_file); + + do { + j = fread(data_buffer, 1, sizeof(data_buffer), data_file); + if (j > 0) { + i = fwrite(data_buffer, 1, j, mbox_file); + if (i != j) { + debug_printf("error/short write on writing in: %s", mbox_path); + fclose(mbox_file); + fclose(data_file); + return NULL; + }; + }; + } while (j > 0); + + fclose(data_file); + fclose(mbox_file); + spool_mbox_ok = 1; + }; + + snprintf(CS mbox_path, 1024, "%s/scan/%s/%s.eml", spool_directory, message_id, message_id); + + /* get the size of the mbox message */ + stat(CS mbox_path, &statbuf); + *mbox_file_size = statbuf.st_size; + + /* open [message_id].eml file for reading */ + mbox_file = Ufopen(mbox_path,"r"); + + return mbox_file; +} + +/* remove mbox spool file, demimed files and temp directory */ +void unspool_mbox(void) { + if (spool_mbox_ok) { + uschar mbox_path[1024]; + uschar file_path[1024]; + int n; + struct dirent *entry; + DIR *tempdir; + + snprintf(CS mbox_path, 1024, "%s/scan/%s", spool_directory, message_id); + + tempdir = opendir(CS mbox_path); + /* loop thru dir & delete entries */ + n = 0; + do { + entry = readdir(tempdir); + if (entry == NULL) break; + snprintf(CS file_path, 1024,"%s/scan/%s/%s", spool_directory, message_id, entry->d_name); + if ( (Ustrcmp(entry->d_name,"..") != 0) && (Ustrcmp(entry->d_name,".") != 0) ) + n = unlink(CS file_path); + } while (n > -1); + + closedir(tempdir); + + /* remove directory, return its ret code */ + n = rmdir(CS mbox_path); + }; +} diff -urN exim-4.20-orig/src/spool_out.c exim-4.20/src/spool_out.c --- exim-4.20-orig/src/spool_out.c Mon May 12 15:39:22 2003 +++ exim-4.20/src/spool_out.c Wed May 14 12:04:24 2003 @@ -200,6 +200,7 @@ if (sender_local) fprintf(f, "-local\n"); if (local_error_message) fprintf(f, "-localerror\n"); if (local_scan_data != NULL) fprintf(f, "-local_scan %s\n", local_scan_data); +if (spam_score_int != NULL) fprintf(f,"-spam_score_int %s\n", spam_score_int); if (deliver_manual_thaw) fprintf(f, "-manual_thaw\n"); if (sender_set_untrusted) fprintf(f, "-sender_set_untrusted\n"); diff -urN exim-4.20-orig/src/tnef.c exim-4.20/src/tnef.c --- exim-4.20-orig/src/tnef.c Thu Jan 1 01:00:00 1970 +++ exim-4.20/src/tnef.c Wed May 14 12:04:24 2003 @@ -0,0 +1,741 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* This file is part of the exiscan-acl content scanner +patch. It is NOT part of the standard exim distribution. */ + +/* Code for unpacking TNEF containers. Called from demime.c. */ + +/*************************************************************************** + * tnef2txt +* A program to decode application/ms-tnef MIME attachments into text +* for those fortunate enough not to be running either a Microsoft +* operating system or mailer. +* + * 18/10/2001 +* Brutally cropped by Paul L Daniels (pldaniels@pldaniels.com) in order +* to accommodate the needs of ripMIME/Xamime/Inflex without carrying too +* much excess baggage. +* + * Brandon Long (blong@uiuc.edu), April 1997 +* 1.0 Version +* Supports most types, but doesn't decode properties. Maybe some other +* time. +* + * 1.1 Version (7/1/97) +* Supports saving of attAttachData to a file given by attAttachTitle +* start of property decoding support +* + * 1.2 Version (7/19/97) +* Some architectures don't like reading 16/32 bit data on unaligned +* boundaries. Fixed, losing efficiency, but this doesn't really +* need efficiency anyways. (Still...) +* Also, the #pragma pack from the MSVC include file wasn't liked +* by most Unix compilers, replaced with a GCCism. This should work +* with GCC, but other compilers I don't know. +* + * 1.3 Version (7/22/97) +* Ok, take out the DTR over the stream, now uses read_16. +* + * NOTE: THIS SOFTWARE IS FOR YOUR PERSONAL GRATIFICATION ONLY. I DON'T +* IMPLY IN ANY LEGAL SENSE THAT THIS SOFTWARE DOES ANYTHING OR THAT IT WILL +* BE USEFULL IN ANY WAY. But, you can send me fixes to it, I don't mind. +***************************************************************************/ + +#include +#include +#include +#include +#include +#include +#include "tnef.h" + + +#define VERSION "pldtnef/0.0.1" + +int _TNEF_syslogging = 0; +int _TNEF_stderrlogging = 0; +int _TNEF_verbose = 0; +int _TNEF_debug = 0; + +int Verbose = FALSE; +int SaveData = FALSE; + +char _TNEF_path[1024]=""; + +uint8 *tnef_home; +uint8 *tnef_limit; + +/*------------------------------------------------------------------------ +Procedure: TNEF_set_path ID:1 +Purpose: +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +int TNEF_set_path( char *path ) +{ + snprintf(_TNEF_path,1023,"%s",path); + + return 0; +} + + +/*------------------------------------------------------------------------ +Procedure: TNEF_set_verbosity ID:1 +Purpose: +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +int TNEF_set_verbosity( int level ) +{ + _TNEF_verbose = level; + return _TNEF_verbose; +} + + + + +/*------------------------------------------------------------------------ +Procedure: TNEF_set_debug ID:1 +Purpose: +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +int TNEF_set_debug( int level ) +{ + _TNEF_debug = level; + TNEF_set_verbosity( level ); + return _TNEF_debug; +} + + + +/*------------------------------------------------------------------------ +Procedure: TNEF_set_syslogging ID:1 +Purpose: Turns on/off the syslog feature for TNEF error messages +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +int TNEF_set_syslogging( int level ) +{ + _TNEF_syslogging = level; + return _TNEF_syslogging; +} + + + + +/*------------------------------------------------------------------------ +Procedure: TNEF_set_stderrlogging ID:1 +Purpose: Turns on/off the stderr feature for TNEF error messages +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +int TNEF_set_stderrlogging( int level ) +{ + _TNEF_stderrlogging = level; + return _TNEF_stderrlogging; +} + + +/* Some systems don't like to read unaligned data */ +/*------------------------------------------------------------------------ +Procedure: read_32 ID:1 +Purpose: +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +uint32 read_32(uint8 *tsp) +{ + uint8 a,b,c,d; + uint32 ret; + + if (tsp > tnef_limit) + { + if ((_TNEF_verbose)||(_TNEF_stderrlogging)||(_TNEF_debug)) fprintf(stderr,"TNEF read_32() Attempting to read past end\n"); + return -1; + } + + a = *tsp; + b = *(tsp+1); + c = *(tsp+2); + d = *(tsp+3); + + ret = long_little_endian(a<<24 | b<<16 | c<<8 | d); + + return ret; +} + +/*------------------------------------------------------------------------ +Procedure: read_16 ID:1 +Purpose: +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +uint16 read_16(uint8 *tsp) +{ + uint8 a,b; + uint16 ret; + + if (tsp > tnef_limit) + { + if ((_TNEF_verbose)||(_TNEF_stderrlogging)||(_TNEF_debug)) fprintf(stderr,"TNEF read_16() Attempting to read past end\n"); + return -1; + } + + + a = *tsp; + b = *(tsp + 1); + + ret = little_endian(a<<8 | b); + + return ret; +} + + + +/*------------------------------------------------------------------------ +Procedure: make_string ID:1 +Purpose: +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +char *make_string(uint8 *tsp, int size) +{ + static char s[256] = ""; + int len = (size>sizeof(s)-1) ? sizeof(s)-1 : size; + + strncpy(s,(char *)tsp, len); + s[len] = '\0'; + return s; +} + + +/*------------------------------------------------------------------------ +Procedure: handle_props ID:1 +Purpose: +Input: +Output: +Errors: +------------------------------------------------------------------------*/ +int handle_props(uint8 *tsp) +{ + int bytes = 0; + uint32 num_props = 0; + uint32 x = 0; + + + num_props = read_32(tsp); + bytes += sizeof(num_props); + + while (x < num_props) + { + uint32 prop_tag; + uint32 num; + char filename[256]; + static int file_num = 0; + + prop_tag = read_32(tsp+bytes); + bytes += sizeof(prop_tag); + + switch (prop_tag & PROP_TYPE_MASK) + { + case PT_BINARY: + num = read_32(tsp+bytes); + bytes += sizeof(num); + num = read_32(tsp+bytes); + bytes += sizeof(num); + if (prop_tag == PR_RTF_COMPRESSED) + { + sprintf (filename, "XAM_%d.rtf", file_num); + file_num++; + save_attach_data(filename