Way to tell if smb_fname->base_name is a fully qualified path (w/ possible streams_depot bug)
Trever L. Adams
trever at middleearth.sapphiresunday.org
Thu Dec 1 15:10:23 UTC 2016
On 11/30/2016 10:39 AM, Trever L. Adams wrote:
> With most files, the virus filter code has to prepend the connectpath.
> With streams_depot the connectpath appears to be already prepended, in
> the case of the default setting for where the streams are stored. I am
> aware it can be outside the connectpath, which is one reason I need to
> fix the above.
> In the case of smb_fname->base_name (fname above) with streams_depot,
> when one is working with the non-default stream, contains a fully
> qualified path. In other words, with the default streams_depot setting,
> you end up with something like this:
> Actual file: /CONNECTPATH/.streams/0F/17/02FD000000000000EF005C0400000000/:attached.txt:$DATA: Eicar-Test-Signature
> Appending connect path: /CONNECTPATH//CONNECTPATH/.streams/0F/17/02FD000000000000EF005C0400000000/:attached.txt:$DATA
> When not a stream and appending connect path: /CONNECTPATH/actualfile.txt
> Is there any way to tell easily when one needs to prepend the connect
> path and when one doesn't?
> Thank you.
One possible bug in streams_depot, the file name above
"OF/17/02FD000...." will not store in /tmp/streams or /home/streams on
Fedora 25, but will in the default streams directory
(CONNECTPATH/.streams). I do not know why. Permissions and all seem ok.
Another stream named ok.txt does. So, the below hasn't been tested there
yet, but seems like it would work.
The solution appears to be rather simple. I have tested it for the
file/default stream and for alternative data streams. The answer is just
check the first character to see if it is '/'.
I am sorry for the noise.
P.S. If anyone has f-protect/f-sav or Sophos on Linux (with licenses,
not the test/free versions), please test this out as I do not have the
products and cannot test some of the changes being made.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 872 bytes
Desc: OpenPGP digital signature
More information about the samba-technical