Location: PHPKode > projects > Gateway Anti-Virus > gatewayav-4.1/src/VirusCheck.php
<?php
/*
 * gatewayav - an anti-virus web service.
 * Copyright (C) 2007, 2008 Vermont Department of Taxes
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * Contributor(s):
 *   Tom Cort <hide@address.com>
 */

function getmicrotime() {
	list($usec, $sec) = explode(' ', microtime());
	return ((float)$usec + (float)$sec);
}

$start_time = getmicrotime();

if (!extension_loaded('clamav')) {
	dl('clamav' . '.' . PHP_SHLIB_SUFFIX);
}

if (!in_array('cl_scanfile', get_extension_funcs('clamav')) || !in_array('clam_get_version', get_extension_funcs('clamav'))) {
	die('A recent version of PHP ClamAV Lib needs to be installed on this server.');
}

require_once('./config.php');
require_once('./lib/adodb5/adodb-exceptions.inc.php');
require_once('./lib/adodb5/adodb.inc.php');
require_once('./lib/db.php');
require_once('./lib/clamav.php');

function bailout($short_msg, $long_msg) {
	$agent = (isset($_SERVER['HTTP_USER_AGENT']) && trim($_SERVER['HTTP_USER_AGENT']) != "") ? substr($_SERVER['HTTP_USER_AGENT'], 0, 255) : "Unknown";

	db_connect();
	db_log_error($_SERVER['REMOTE_ADDR'], $agent, substr($short_msg . ': ' . $long_msg, 0, 255));
	db_disconnect();

	return new soap_fault('SERVER', '', $short_msg, $long_msg);
}

/**
 * Scan base64 encoded data for viruses.
 * @param $file an array containing the filename (key: "!name") and file data (key: "!")
 * @return an array the scan results.
 */
function VirusCheck($security, $file) {
	global $start_time, $server;

	if (!isset($security) || !isset($file) || !is_array($security) || !is_array($file)) {
		return bailout('Missing Element(s)', 'Both the Security element and the File element must be present.');
	}

	if (!isset($security["Username"]) || $security["Username"] == "") {
		return bailout('Invalid Parameter', 'Username element must exist and must not be empty.');
	}

	if (!isset($security["Password"]) || $security["Password"] == "") {
		return bailout('Invalid Parameter', 'Password element must exist and must not be empty.');
	}

	$username = $security["Username"];
	$password = $security["Password"];

	db_connect();
	$authOK = db_users_auth($username, $password);
	db_disconnect();

	if (!($authOK)) {
		return bailout('Authentication Failure', 'Either Username or Password was not valid or did not match.');
	}

	if (!isset($file["!"])) {
		return bailout('Missing Parameter', 'File element must contain base64 encoded data.');
	}

	if (!isset($file["!name"]) || $file["!name"] == "") {
		return bailout('Missing Parameter', 'name attribute must contain a file name.');
	}

	if (!preg_match("/^[a-zA-Z0-9\-\/\._ ]{1,255}$/", $file["!name"])) {
		return bailout('Invalid Parameter', 'name attribute must be between 1 and 255 characters long and must only contain numbers, letters, spaces, periods, underscores and hyphens.');
	}

	$rawdata = base64_decode($file["!"]);
	if (!$rawdata) {
		return bailout('Server Error', 'Could not decode base64 encoded file.');
	}

	$tmpfile = tempnam('/tmp/', 'gatewayav');
	if (!$tmpfile) {
		return bailout('Server Error', 'Could not create temporary file.');
	}

	$fp = fopen($tmpfile, "w");
	if (!$fp) {
		$rc = unlink($tmpfile); /* remove the temporary file */
		if (!$rc) {
			return bailout('Server Error', 'Could not open temporary file, nor remove it.');
		}
		return bailout('Server Error', 'Could not open temporary file.');
	}

	$rc = fwrite($fp, $rawdata);
	if (!$rc) {
		$rc = fclose($fp);
		if (!$rc) {
			$rc = unlink($tmpfile); /* remove the temporary file */
			if (!$rc) {
				return bailout('Server Error', 'Could not write to temporary file, nor close it, nor remove it.');
			}
			return bailout('Server Error', 'Could not write to temporary file, nor close it.');
		}

		$rc = unlink($tmpfile); /* remove the temporary file */
		if (!$rc) {
			return bailout('Server Error', 'Could not write to temporary file, nor remove it.');
		}
		return bailout('Server Error', 'Could not write to temporary file.');
	}

	$rc = fclose($fp);
	if (!$rc) {
		$rc = unlink($tmpfile); /* remove the temporary file */
		if (!$rc) {
			return bailout('Server Error', 'Could not close the temporary file, nor remove it.');
		}
		return bailout('Server Error', 'Could not close the temporary file.');
	}

	$virusName = cl_scanfile($tmpfile);
	if (!$virusName) {
		$virusName = "OK";
		$containsVirus = "false";
	} else {
		$containsVirus = "true";
	}

	$fileSize = filesize($tmpfile);
	$fileHash = sha1_file($tmpfile);

	$rc = unlink($tmpfile); /* remove the temporary file */
	if (!$rc) {
		return bailout('Server Error', 'Could not remove the temporary file.');
	}

	$agent = (isset($_SERVER['HTTP_USER_AGENT']) && trim($_SERVER['HTTP_USER_AGENT']) != "") ? substr($_SERVER['HTTP_USER_AGENT'], 0, 255) : "Unknown";
	$username = substr($username, 0, 255);
	$signatures = clamav_signatures_loaded();

	db_connect();
	db_log_access($_SERVER['REMOTE_ADDR'], $username, $agent, $file["!name"], $fileSize, $fileHash, round(getmicrotime() - $start_time, 2), memory_get_peak_usage(), clam_get_version(), $signatures, $containsVirus, $virusName);
	db_disconnect();

	if ($containsVirus == "true") {
		return array("Software" => array("Name" => $server->title, "Version" => $server->version . ' (' . $server->revision . ')'), "Scanner" => array("File" => array("name" => $file["!name"], "size" => $fileSize, "hash" => $fileHash, "infected" => $containsVirus, "virus" => $virusName), "name" => "clamav", "version" => clam_get_version(), "signatures" => $signatures));
	} else {
		return array("Software" => array("Name" => $server->title, "Version" => $server->version . ' (' . $server->revision . ')'), "Scanner" => array("File" => array("name" => $file["!name"], "size" => $fileSize, "hash" => $fileHash, "infected" => $containsVirus), "name" => "clamav", "version" => clam_get_version(), "signatures" => $signatures));
	}
}

require_once('./lib/nusoap/nusoap.php');

$server = new nusoap_server('VirusCheck.wsdl');

$server->title = 'Gateway Anti-Virus';
$server->version = '4.1';
$server->revision = '$Revision: 266 $';

if (isset($HTTP_RAW_POST_DATA)) {
        $server->service($HTTP_RAW_POST_DATA);
} else {
        $server->service('');
}

?>
Return current item: Gateway Anti-Virus