[Avcheck] PARANOID define

Max Kalika max@lsit.ucsb.edu
Wed, 1 May 2002 16:05:38 -0700


Greetings avcheck list.

I just got all the peices for virus scanning to work nice and fast.

  o postfix 1.1.7 (+tls +rbl_headers)
  o avcheck 0.8
  o sophie 1.33rc6
  o libsavi.so 3.56n (with latest patterns)

I had to start sophie by doing

  # su sophie -c "/path/to/sophie -D"

because avcheck checks the owner of the socket that sophie creates.  If sophie 
was started by root, the socket is created as root and avcheck complains about 
BUGGY scanners.  Sophie, however drops its privileges on startup and binding 
and any children processes that it starts are owned by whatever was set during 
compile time (--with-user).  I propose the following patch then to avcheck that 
can override the PARANOID setting at compile time (without the need to edit 
files).

-------------------------------------------------------------------------
diff -ruN avcheck-0.8/avcheck.c avcheck-0.8.new/avcheck.c
--- avcheck-0.8/avcheck.c       Sat Feb  9 05:16:04 2002
+++ avcheck-0.8.new/avcheck.c   Wed May  1 15:48:36 2002
@@ -27,7 +27,9 @@
 # define INADDR_NONE ((unsigned long) -1)
 #endif
 
-#define PARANOID
+#ifndef PARANOID
+# define PARANOID 1
+#endif
 #ifndef AVP
 # define AVP 1
 #endif
@@ -790,7 +792,7 @@
   if (avsocket[0] == '/')
   { /* connect to socket and verify */
     struct sockaddr_un s;
-#ifdef PARANOID
+#if PARANOID
     struct stat st;
 #endif
     avfd = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -802,7 +804,7 @@
     if (connect(avfd, (struct sockaddr*)&s,
                 sizeof(s.sun_family) + strlen(s.sun_path) + 1) != 0)
       err(errno, "unable to connect to antivirus daemon");
-#ifdef PARANOID
+#if PARANOID
     if (stat(s.sun_path, &st) != 0)
       err(errno, "unable to fstat() socket");
     if (st.st_uid == 0 || st.st_uid == getuid())
======================================================================

What do you all think?

p.s. the website says that 0.7 is the latest version, but 0.8 is available on 
ftp.  Which one should be used in production environments?

-- 
---max kalika
--max@lsit.ucsb.edu
-lsit systems administrator