vs_svc.c revision 53c110294d8b1410cabc201a52f94b03ae2ef448
911106dfb16696472af8c1b7b4c554a829354fa8jm * CDDL HEADER START
911106dfb16696472af8c1b7b4c554a829354fa8jm * The contents of this file are subject to the terms of the
911106dfb16696472af8c1b7b4c554a829354fa8jm * Common Development and Distribution License (the "License").
911106dfb16696472af8c1b7b4c554a829354fa8jm * You may not use this file except in compliance with the License.
911106dfb16696472af8c1b7b4c554a829354fa8jm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
911106dfb16696472af8c1b7b4c554a829354fa8jm * See the License for the specific language governing permissions
911106dfb16696472af8c1b7b4c554a829354fa8jm * and limitations under the License.
911106dfb16696472af8c1b7b4c554a829354fa8jm * When distributing Covered Code, include this CDDL HEADER in each
911106dfb16696472af8c1b7b4c554a829354fa8jm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
911106dfb16696472af8c1b7b4c554a829354fa8jm * If applicable, add the following below this CDDL HEADER, with the
911106dfb16696472af8c1b7b4c554a829354fa8jm * fields enclosed by brackets "[]" replaced with your own identifying
911106dfb16696472af8c1b7b4c554a829354fa8jm * information: Portions Copyright [yyyy] [name of copyright owner]
911106dfb16696472af8c1b7b4c554a829354fa8jm * CDDL HEADER END
53c110294d8b1410cabc201a52f94b03ae2ef448jm * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
911106dfb16696472af8c1b7b4c554a829354fa8jm * Use is subject to license terms.
911106dfb16696472af8c1b7b4c554a829354fa8jm#pragma ident "%Z%%M% %I% %E% SMI"
911106dfb16696472af8c1b7b4c554a829354fa8jm * Implementation of the "scan file" interface
911106dfb16696472af8c1b7b4c554a829354fa8jm/* local functions */
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_init, vs_svc_fini
911106dfb16696472af8c1b7b4c554a829354fa8jm * Invoked on daemon load and unload
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_scan_file
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_scan_file is responsible for:
911106dfb16696472af8c1b7b4c554a829354fa8jm * - determining if a scan is required
911106dfb16696472af8c1b7b4c554a829354fa8jm * - obtaining & releasing a scan engine connection
911106dfb16696472af8c1b7b4c554a829354fa8jm * - invoking the scan engine interface code to do the scan
911106dfb16696472af8c1b7b4c554a829354fa8jm * - retrying a failed scan (up to VS_MAX_RETRY times)
911106dfb16696472af8c1b7b4c554a829354fa8jm * - updating scan statistics
911106dfb16696472af8c1b7b4c554a829354fa8jm * - logging virus information
911106dfb16696472af8c1b7b4c554a829354fa8jm * Returns:
53c110294d8b1410cabc201a52f94b03ae2ef448jm * VS_STATUS_NO_SCAN - scan not reqd, or daemon shutting down
53c110294d8b1410cabc201a52f94b03ae2ef448jm * VS_STATUS_CLEAN - scan success. File clean.
53c110294d8b1410cabc201a52f94b03ae2ef448jm * new scanstamp returned in scanstamp param.
53c110294d8b1410cabc201a52f94b03ae2ef448jm * VS_STATUS_INFECTED - scan success. File infected.
53c110294d8b1410cabc201a52f94b03ae2ef448jm * VS_STATUS_ERROR - scan failure either in vscand or scan engine.
53c110294d8b1410cabc201a52f94b03ae2ef448jmvs_svc_scan_file(char *devname, char *fname, vs_attr_t *fattr, int flags,
53c110294d8b1410cabc201a52f94b03ae2ef448jm /* initialize response scanstamp to current scanstamp value */
53c110294d8b1410cabc201a52f94b03ae2ef448jm /* No scan if file quarantined */
53c110294d8b1410cabc201a52f94b03ae2ef448jm /* No scan if file not modified AND scanstamp is current */
911106dfb16696472af8c1b7b4c554a829354fa8jm /* identify available engine connection */
911106dfb16696472af8c1b7b4c554a829354fa8jm /* connect to engine and scan file */
911106dfb16696472af8c1b7b4c554a829354fa8jm /* if no error, clear error state on engine and break */
53c110294d8b1410cabc201a52f94b03ae2ef448jm /* treat error on shutdown as scan not required */
911106dfb16696472af8c1b7b4c554a829354fa8jm /* set engine's error state and update engine stats */
53c110294d8b1410cabc201a52f94b03ae2ef448jm * VS_RESULT_CLEANED - file infected, cleaned data available
53c110294d8b1410cabc201a52f94b03ae2ef448jm * VS_RESULT_FORBIDDEN - file infected, no cleaned data
53c110294d8b1410cabc201a52f94b03ae2ef448jm * Log virus, write audit record and return INFECTED status
53c110294d8b1410cabc201a52f94b03ae2ef448jm /* VS_RESULT_CLEAN - Set the scanstamp and return CLEAN status */
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_vlog
911106dfb16696472af8c1b7b4c554a829354fa8jm * log details of infections detected in file
911106dfb16696472af8c1b7b4c554a829354fa8jm * If virus log is not configured or cannot be opened, use syslog.
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm (void) strftime(timebuf, sizeof (timebuf), "%D %T", timestamp);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_audit
911106dfb16696472af8c1b7b4c554a829354fa8jm * Generate AUE_vscan_quarantine audit record containing name
911106dfb16696472af8c1b7b4c554a829354fa8jm * of infected file, and violation details if available.
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm "adt_load_ttyname(/dev/console): %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm if (adt_set_user(ah, ADT_NO_ATTRIB, ADT_NO_ATTRIB, ADT_NO_ATTRIB,
911106dfb16696472af8c1b7b4c554a829354fa8jm syslog(LOG_AUTH | LOG_ALERT, "adt_set_user(ADT_NO_ATTRIB): %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm if ((event = adt_alloc_event(ah, ADT_vscan_quarantine)) == NULL) {
911106dfb16696472af8c1b7b4c554a829354fa8jm "adt_alloc_event(ADT_vscan_quarantine)): %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm /* populate vscan audit event */
911106dfb16696472af8c1b7b4c554a829354fa8jm event->adt_vscan_quarantine.violations = (char **)violations;