cmadams at hiwaay
Jan 3, 2007, 11:50 AM
Post #1 of 2
(911 views)
Permalink
|
|
Patch for clamav-milter for opt-in/out control from sendmail
|
|
I'm working on migrating to ClamAV for virus filtering, and I have a few
addresses that I need to opt-out of virus filtering. Here is a patch
that allows sendmail to tell clamav-milter to skip a recipient (and the
entire message if no non-skipped recipients are included).
This is against 0.90rc2.
The patch is only compile-tested so far (I don't have ClamAV in
production yet), but it is based on how I'm skipping recipients in my
current milter (that I wrote).
--
Chris Adams <cmadams [at] hiwaay>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
diff -urN clamav-0.90rc2-dist/clamav-milter/INSTALL clamav-0.90rc2/clamav-milter/INSTALL
--- clamav-0.90rc2-dist/clamav-milter/INSTALL Wed Jan 3 13:39:27 2007
+++ clamav-0.90rc2/clamav-milter/INSTALL Wed Jan 3 13:37:09 2007
@@ -237,6 +237,18 @@
You should always start clamd before clamav-milter.
+To control which recipients are filtered by clamav (for example, to be able to
+opt-out recipients), add "skip_rcpt" to the list of macros passed to clamav
+ define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`,{skip_rcpt}')
+
+You will need to write a custom Local_check_rcpt ruleset that clears and sets
+the skip_rcpt macro as appropriate. If it is set to any non-empty string,
+clamav-milter will not process that recipient. If there are no non-skipped
+recipients of a message, no clamav processing will be performed for that
+message. Note however that if you have clamav-milter configured to reject bad
+messages (as opposed to discarding them), messages with some skipped and some
+non-skipped recipients will still be rejected.
+
You may also think about the F= entry in sendmail.mc, since it tells sendmail
what to do with emails if clamav-milter is not running. Setting F=T will tell
the remote end to resend later (temporary failure), setting F=R will reject
diff -urN clamav-0.90rc2-dist/clamav-milter/clamav-milter.c clamav-0.90rc2/clamav-milter/clamav-milter.c
--- clamav-0.90rc2-dist/clamav-milter/clamav-milter.c Wed Jan 3 13:39:27 2007
+++ clamav-0.90rc2/clamav-milter/clamav-milter.c Wed Jan 3 13:38:53 2007
@@ -226,6 +226,7 @@
char **to; /* Who is the message going to */
char ip[INET_ADDRSTRLEN]; /* IP address of the other end */
int numTo; /* Number of people the message is going to */
+ int numToSkip; /* Number of skipped people the message is going to */
#ifndef SESSION
int cmdSocket; /*
* Socket to send/get commands e.g. PORT for
@@ -2658,10 +2659,17 @@
clamfi_envrcpt(SMFICTX *ctx, char **argv)
{
struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
- const char *to;
+ const char *skip, *to;
logg("*clamfi_envrcpt: %s\n", argv[0]);
+ /* see if this recipient should be skipped */
+ skip = smfi_getsymval(ctx, "{skip_rcpt}");
+ if((skip != NULL) && (skip[0] != '\0')) {
+ privdata->numToSkip++;
+ return SMFIS_CONTINUE;
+ }
+
if(privdata->to == NULL) {
privdata->to = cli_malloc(sizeof(char *) * 2);
@@ -2696,6 +2704,12 @@
logg("*clamfi_header: %s\n", headerf);
#endif
+ /* no recipients to be checked */
+ if(privdata->numTo == 0) {
+ clamfi_cleanup(ctx);
+ return SMFIS_ACCEPT;
+ }
+
/*
* The DATA instruction from SMTP (RFC2821) must have been sent
*/
@@ -3601,6 +3615,14 @@
}
}
}
+ }
+
+ if((rc == SMFIS_DISCARD) && privdata->numToSkip) {
+ /* Delete unwanted recipients and let skipped recipients get the msg */
+ char **to;
+ rc = SMFIS_ACCEPT;
+ for(to = privdata->to; *to; to++)
+ smfi_delrcpt(ctx, *to);
}
return rc;
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
|
