Package: clamav-milter
Version: 0.94.dfsg-2
Severity: wishlist
Tags: patch
When Sendmail is acting as a SmartHost, it is useful to skip scanning when
the connection is authenticated. This patch adds the --no-scan-auth option
to do this (off by default).
Shane
diff -ur clamav-0.94.dfsg.2.orig/clamav-milter/clamav-milter.c clamav-0.94.dfsg.2/clamav-milter/clamav-milter.c
--- clamav-0.94.dfsg.2.orig/clamav-milter/clamav-milter.c 2009-03-12 22:11:18.000000000 -0700
+++ clamav-0.94.dfsg.2/clamav-milter/clamav-milter.c 2009-03-12 23:19:24.000000000 -0700
@@ -383,6 +383,7 @@
static int oflag = 0; /* scan messages from our machine? */
static int lflag = 0; /* scan messages from our site? */
static int Iflag = 0; /* Added an IP addr to localNets? */
+static int auflag = 1;/* scan authenticated users */
static const char *progname; /* our name - usually clamav-milter */
/* Variables for --external */
@@ -685,6 +686,7 @@
puts(_("\t--ignore IPaddr\t\t-I IPaddr\tAdd IPaddr to LAN IP list (see --local)."));
puts(_("\t--local\t\t\t-l\tScan messages sent from machines on our LAN."));
puts(_("\t--max-childen\t\t-m\tMaximum number of concurrent scans."));
+ puts(_("\t--no-scan-auth\t\tSkip scanning of authenticated users"));
puts(_("\t--outgoing\t\t-o\tScan outgoing messages from this machine."));
puts(_("\t--noreject\t\t-N\tDon't reject viruses, silently throw them away."));
puts(_("\t--noxheader\t\t-n\tSuppress X-Virus-Scanned/X-Virus-Status headers."));
@@ -868,6 +870,9 @@
"local", 0, NULL, 'l'
},
{
+ "no-scan-auth", 0, &auflag, 0
+ },
+ {
"noreject", 0, NULL, 'N'
},
{
@@ -2990,6 +2995,13 @@
logg("*clamfi_envfrom: %s\n", argv[0]);
+ if (!auflag) {
+ char *auth_authen;
+ auth_authen = smfi_getsymval(ctx, "{auth_authen}");
+ if (auth_authen)
+ return SMFIS_ACCEPT;
+ }
+
if(isWhitelisted(argv[0], 0)) {
logg(_("*clamfi_envfrom: ignoring whitelisted message"));
return SMFIS_ACCEPT;
