open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

shared/optparser.c, clamscan: use the new option parser

Browse Source 
git-svn: trunk@4580
0.95
Tomasz Kojm 17 years ago
parent 9d91ff71f0
commit 269d520dfb
9 changed files with 343 additions and 398 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      ChangeLog
  2. 6
      clamscan/Makefile.am
  3. 47
      clamscan/Makefile.in
  4. 171
      clamscan/clamscan.c
  5. 266
      clamscan/manager.c
  6. 4
      clamscan/manager.h
  7. 68
      docs/man/clamscan.1.in
  8. 163
      shared/optparser.c
  9. 6
      shared/optparser.h

10
ChangeLog
Unescape View File

@ -1,3 +1,13 @@
Tue Dec 30 11:43:10 CET 2008 (tk)
---------------------------------
* shared/optparser.c, clamscan: use the new option parser; changes in switches:
--no-mail -> --scan-mail, --no-phishing-sigs -> --phishing-sigs,
--no-phishing-scan-urls -> --phishing-scan-urls,
--no-algorithmic -> --algorithmic-detection, --no-pe -> --scan-pe,
--no-elf -> --scan-elf, --no-ole2 -> --scan-ole2, --no-pdf -> --scan-pdf,
--no-html -> --scan-html, --no-archive -> --scan-archive
See clamscan(1) for more information
Mon Dec 29 19:08:25 CET 2008 (tk)
---------------------------------
* libclamav: add default.h

6
clamscan/Makefile.am
Unescape View File

@ -24,12 +24,10 @@ clamscan_SOURCES = \
$(top_srcdir)/shared/output.h \
$(top_srcdir)/shared/getopt.c \
$(top_srcdir)/shared/getopt.h \
$(top_srcdir)/shared/cfgparser.c \
$(top_srcdir)/shared/cfgparser.h \
$(top_srcdir)/shared/optparser.c \
$(top_srcdir)/shared/optparser.h \
$(top_srcdir)/shared/misc.c \
$(top_srcdir)/shared/misc.h \
$(top_srcdir)/shared/options.c \
$(top_srcdir)/shared/options.h \
clamscan.c \
clamscan_opt.h \
others.c \

47
clamscan/Makefile.in
Unescape View File

@ -73,8 +73,8 @@ am__installdirs = "$(DESTDIR)$(bindir)"
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(bin_PROGRAMS)
am_clamscan_OBJECTS = output.$(OBJEXT) getopt.$(OBJEXT) \
cfgparser.$(OBJEXT) misc.$(OBJEXT) options.$(OBJEXT) \
clamscan.$(OBJEXT) others.$(OBJEXT) manager.$(OBJEXT)
optparser.$(OBJEXT) misc.$(OBJEXT) clamscan.$(OBJEXT) \
others.$(OBJEXT) manager.$(OBJEXT)
clamscan_OBJECTS = $(am_clamscan_OBJECTS)
clamscan_LDADD = $(LDADD)
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
@ -255,12 +255,10 @@ clamscan_SOURCES = \
$(top_srcdir)/shared/output.h \
$(top_srcdir)/shared/getopt.c \
$(top_srcdir)/shared/getopt.h \
$(top_srcdir)/shared/cfgparser.c \
$(top_srcdir)/shared/cfgparser.h \
$(top_srcdir)/shared/optparser.c \
$(top_srcdir)/shared/optparser.h \
$(top_srcdir)/shared/misc.c \
$(top_srcdir)/shared/misc.h \
$(top_srcdir)/shared/options.c \
$(top_srcdir)/shared/options.h \
clamscan.c \
clamscan_opt.h \
others.c \
@ -358,12 +356,11 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cfgparser.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clamscan.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getopt.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/manager.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/options.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optparser.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/others.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/output.Po@am__quote@
@ -416,19 +413,19 @@ getopt.obj: $(top_srcdir)/shared/getopt.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o getopt.obj `if test -f '$(top_srcdir)/shared/getopt.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/getopt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/getopt.c'; fi`
cfgparser.o: $(top_srcdir)/shared/cfgparser.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cfgparser.o -MD -MP -MF $(DEPDIR)/cfgparser.Tpo -c -o cfgparser.o `test -f '$(top_srcdir)/shared/cfgparser.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/cfgparser.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cfgparser.Tpo $(DEPDIR)/cfgparser.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/cfgparser.c' object='cfgparser.o' libtool=no @AMDEPBACKSLASH@
optparser.o: $(top_srcdir)/shared/optparser.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT optparser.o -MD -MP -MF $(DEPDIR)/optparser.Tpo -c -o optparser.o `test -f '$(top_srcdir)/shared/optparser.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/optparser.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/optparser.Tpo $(DEPDIR)/optparser.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/optparser.c' object='optparser.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cfgparser.o `test -f '$(top_srcdir)/shared/cfgparser.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/cfgparser.c
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o optparser.o `test -f '$(top_srcdir)/shared/optparser.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/optparser.c
cfgparser.obj: $(top_srcdir)/shared/cfgparser.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cfgparser.obj -MD -MP -MF $(DEPDIR)/cfgparser.Tpo -c -o cfgparser.obj `if test -f '$(top_srcdir)/shared/cfgparser.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/cfgparser.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/cfgparser.c'; fi`
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cfgparser.Tpo $(DEPDIR)/cfgparser.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/cfgparser.c' object='cfgparser.obj' libtool=no @AMDEPBACKSLASH@
optparser.obj: $(top_srcdir)/shared/optparser.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT optparser.obj -MD -MP -MF $(DEPDIR)/optparser.Tpo -c -o optparser.obj `if test -f '$(top_srcdir)/shared/optparser.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/optparser.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/optparser.c'; fi`
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/optparser.Tpo $(DEPDIR)/optparser.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/optparser.c' object='optparser.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cfgparser.obj `if test -f '$(top_srcdir)/shared/cfgparser.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/cfgparser.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/cfgparser.c'; fi`
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o optparser.obj `if test -f '$(top_srcdir)/shared/optparser.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/optparser.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/optparser.c'; fi`
misc.o: $(top_srcdir)/shared/misc.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT misc.o -MD -MP -MF $(DEPDIR)/misc.Tpo -c -o misc.o `test -f '$(top_srcdir)/shared/misc.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/misc.c
@ -444,20 +441,6 @@ misc.obj: $(top_srcdir)/shared/misc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o misc.obj `if test -f '$(top_srcdir)/shared/misc.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/misc.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/misc.c'; fi`
options.o: $(top_srcdir)/shared/options.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT options.o -MD -MP -MF $(DEPDIR)/options.Tpo -c -o options.o `test -f '$(top_srcdir)/shared/options.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/options.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/options.Tpo $(DEPDIR)/options.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/options.c' object='options.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o options.o `test -f '$(top_srcdir)/shared/options.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/options.c
options.obj: $(top_srcdir)/shared/options.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT options.obj -MD -MP -MF $(DEPDIR)/options.Tpo -c -o options.obj `if test -f '$(top_srcdir)/shared/options.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/options.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/options.c'; fi`
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/options.Tpo $(DEPDIR)/options.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/options.c' object='options.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o options.obj `if test -f '$(top_srcdir)/shared/options.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/options.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/options.c'; fi`
mostlyclean-libtool:
-rm -f *.lo

171
clamscan/clamscan.c
Unescape View File

@ -38,14 +38,13 @@
#include <sys/resource.h>
#endif
#include "clamscan_opt.h"
#include "others.h"
#include "global.h"
#include "manager.h"
#include "shared/misc.h"
#include "shared/output.h"
#include "shared/options.h"
#include "shared/optparser.h"
#include "libclamav/str.h"
#include "libclamav/clamav.h"
@ -68,8 +67,8 @@ int main(int argc, char **argv)
struct timezone tz;
sigset_t sigset;
#endif
struct optstruct *opt;
const char *pt;
struct optstruct *opts;
const struct optstruct *opt;
#if defined(C_WINDOWS) && defined(CL_THREAD_SAFE)
if(!pthread_win32_process_attach_np()) {
@ -84,25 +83,25 @@ int main(int argc, char **argv)
sigprocmask(SIG_SETMASK, &sigset, NULL);
#endif
opt = opt_parse(argc, argv, clamscan_shortopt, clamscan_longopt, NULL, clamscan_deprecated);
if(!opt) {
mprintf("!Can't parse the command line\n");
if((opts = optparse(NULL, argc, argv, 1, OPT_CLAMSCAN, NULL)) == NULL) {
mprintf("!Can't parse command line options\n");
return 40;
}
if(opt_check(opt, "verbose")) {
if(optget(opts, "verbose")->enabled) {
mprintf_verbose = 1;
logg_verbose = 1;
}
if(opt_check(opt, "quiet"))
if(optget(opts, "quiet")->enabled)
mprintf_quiet = 1;
if(opt_check(opt, "stdout"))
if(optget(opts, "stdout")->enabled)
mprintf_stdout = 1;
if(opt_check(opt, "debug")) {
if(optget(opts, "debug")->enabled) {
#if defined(C_LINUX)
/* njh@bandsman.co.uk: create a dump if needed */
struct rlimit rlim;
@ -114,103 +113,39 @@ int main(int argc, char **argv)
cl_debug(); /* enable debug messages */
}
if(opt_check(opt, "version")) {
print_version(opt_arg(opt, "database"));
opt_free(opt);
if(optget(opts, "version")->enabled) {
print_version(optget(opts, "database")->strarg);
optfree(opts);
return 0;
}
if(opt_check(opt, "help")) {
opt_free(opt);
if(optget(opts, "help")->enabled) {
optfree(opts);
help();
return 0;
}
if(opt_check(opt, "recursive"))
if(optget(opts, "recursive")->enabled)
recursion = 1;
if(opt_check(opt, "infected"))
if(optget(opts, "infected")->enabled)
printinfected = 1;
if(opt_check(opt, "bell"))
if(optget(opts, "bell")->enabled)
bell = 1;
/* initialize logger */
if(opt_check(opt, "log")) {
logg_file = opt_arg(opt, "log");
if((opt = optget(opts, "log"))->enabled) {
logg_file = opt->strarg;
if(logg("#\n-------------------------------------------------------------------------------\n\n")) {
mprintf("!Problem with internal logger.\n");
opt_free(opt);
optfree(opts);
return 62;
}
} else
logg_file = NULL;
/* validate some numerical options */
if(opt_check(opt, "max-scansize")) {
pt = opt_arg(opt, "max-scansize");
if(!strchr(pt, 'M') && !strchr(pt, 'm')) {
if(!cli_isnumber(pt)) {
logg("!--max-scansize requires a natural number\n");
opt_free(opt);
return 40;
}
}
}
if(opt_check(opt, "max-filesize")) {
pt = opt_arg(opt, "max-filesize");
if(!strchr(pt, 'M') && !strchr(pt, 'm')) {
if(!cli_isnumber(pt)) {
logg("!--max-filesize requires a natural number\n");
opt_free(opt);
return 40;
}
}
}
if(opt_check(opt, "max-files")) {
if(!cli_isnumber(opt_arg(opt, "max-files"))) {
logg("!--max-files requires a natural number\n");
opt_free(opt);
return 40;
}
}
if(opt_check(opt, "max-recursion")) {
if(!cli_isnumber(opt_arg(opt, "max-recursion"))) {
logg("!--max-recursion requires a natural number\n");
opt_free(opt);
return 40;
}
}
if(opt_check(opt, "max-mail-recursion")) {
if(!cli_isnumber(opt_arg(opt, "max-mail-recursion"))) {
logg("!--max-mail-recursion requires a natural number\n");
opt_free(opt);
return 40;
}
}
if(opt_check(opt, "max-dir-recursion")) {
if(!cli_isnumber(opt_arg(opt, "max-dir-recursion"))) {
logg("!--max-dir-recursion requires a natural number\n");
opt_free(opt);
return 40;
}
}
if(opt_check(opt, "max-ratio")) {
if(!cli_isnumber(opt_arg(opt, "max-ratio"))) {
logg("!--max-ratio requires a natural number\n");
opt_free(opt);
return 40;
}
}
memset(&info, 0, sizeof(struct s_info));
#ifdef C_WINDOWS
@ -226,9 +161,9 @@ int main(int argc, char **argv)
gettimeofday(&t1, &tz);
#endif
ret = scanmanager(opt);
ret = scanmanager(opts);
if(!opt_check(opt, "disable-summary") && !opt_check(opt, "no-summary")) {
if(!optget(opts, "no-summary")->enabled) {
#ifdef C_WINDOWS
gettimeofday(&t2, NULL);
#else
@ -248,14 +183,14 @@ int main(int argc, char **argv)
logg("Not removed: %u\n", info.notremoved);
}
if(info.notmoved) {
logg("Not %s: %u\n", opt_check(opt, "copy") ? "moved" : "copied", info.notmoved);
logg("Not %s: %u\n", optget(opts, "copy")->enabled ? "moved" : "copied", info.notmoved);
}
mb = info.blocks * (CL_COUNT_PRECISION / 1024) / 1024.0;
logg("Data scanned: %2.2lf MB\n", mb);
logg("Time: %u.%3.3u sec (%u m %u s)\n", ds, dms/1000, ds/60, ds%60);
}
opt_free(opt);
optfree(opts);
#if defined(C_WINDOWS) && defined(CL_THREAD_SAFE)
if(!pthread_win32_process_detach_np()) {
@ -285,15 +220,14 @@ void help(void)
mprintf(" --no-summary Disable summary at end of scanning\n");
mprintf(" --infected -i Only print infected files\n");
mprintf(" --bell Sound bell on virus detection\n");
mprintf("\n");
mprintf(" --tempdir=DIRECTORY Create temporary files in DIRECTORY\n");
mprintf(" --leave-temps Do not remove temporary files\n");
mprintf(" --leave-temps[=yes/no(*)] Do not remove temporary files\n");
mprintf(" --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load\n");
mprintf(" all .cvd and .db[2] files from DIR\n");
mprintf(" all supported db files from DIR\n");
mprintf(" --log=FILE -l FILE Save scan report to FILE\n");
mprintf(" --recursive -r Scan subdirectories recursively\n");
mprintf(" --remove Remove infected files. Be careful!\n");
mprintf(" --recursive[=yes/no(*)] -r Scan subdirectories recursively\n");
mprintf(" --remove[=yes/no(*)] Remove infected files. Be careful!\n");
mprintf(" --move=DIRECTORY Move infected files into DIRECTORY\n");
mprintf(" --copy=DIRECTORY Copy infected files into DIRECTORY\n");
#ifdef HAVE_REGEX_H
@ -308,37 +242,38 @@ void help(void)
mprintf(" --include-dir=PATT Only scan directories containing PATT\n");
#endif
mprintf("\n");
mprintf(" --detect-pua Detect Possibly Unwanted Applications\n");
mprintf(" --detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications\n");
mprintf(" --exclude-pua=CAT Skip PUA sigs of category CAT\n");
mprintf(" --include-pua=CAT Load PUA sigs of category CAT\n");
mprintf(" --detect-structured Detect structured data (SSN, Credit Card)\n");
mprintf(" --detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card)\n");
mprintf(" --structured-ssn-format=X SSN format (0=normal,1=stripped,2=both)\n");
mprintf(" --structured-ssn-count=N Min SSN count to generate a detect\n");
mprintf(" --structured-cc-count=N Min CC count to generate a detect\n");
mprintf(" --no-mail Disable mail file support\n");
mprintf(" --no-phishing-sigs Disable signature-based phishing detection\n");
mprintf(" --no-phishing-scan-urls Disable url-based phishing detection\n");
mprintf(" --heuristic-scan-precedence Stop scanning as soon as a heuristic match is found\n");
mprintf(" --phishing-ssl Always block SSL mismatches in URLs (phishing module)\n");
mprintf(" --phishing-cloak Always block cloaked URLs (phishing module)\n");
mprintf(" --no-algorithmic Disable algorithmic detection\n");
mprintf(" --no-pe Disable PE analysis\n");
mprintf(" --no-elf Disable ELF support\n");
mprintf(" --no-ole2 Disable OLE2 support\n");
mprintf(" --no-pdf Disable PDF support\n");
mprintf(" --no-html Disable HTML support\n");
mprintf(" --no-archive Disable archive support\n");
mprintf(" --detect-broken Try to detect broken executable files\n");
mprintf(" --block-encrypted Block encrypted archives\n");
mprintf(" --mail-follow-urls Download and scan URLs\n");
mprintf(" --scan-mail[=yes(*)/no] Scan mail files\n");
mprintf(" --phishing-sigs[=yes(*)/no] Signature-based phishing detection\n");
mprintf(" --phishing-scan-urls[=yes(*)/no] URL-based phishing detection\n");
mprintf(" --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found\n");
mprintf(" --phishing-ssl[=yes/no(*)] Always block SSL mismatches in URLs (phishing module)\n");
mprintf(" --phishing-cloak[=yes/no(*)] Always block cloaked URLs (phishing module)\n");
mprintf(" --algorithmic-detection[=yes(*)/no] Algorithmic detection\n");
mprintf(" --scan-pe[=yes(*)/no] Scan PE files\n");
mprintf(" --scan-elf[=yes(*)/no] Scan ELF files\n");
mprintf(" --scan-ole2[=yes(*)/no] Scan OLE2 containers\n");
mprintf(" --scan-pdf[=yes(*)/no] Scan PDF files\n");
mprintf(" --scan-html[=yes(*)/no] Scan HTML files\n");
mprintf(" --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)\n");
mprintf(" --detect-broken[=yes/no(*)] Try to detect broken executable files\n");
mprintf(" --block-encrypted[=yes/no(*)] Block encrypted archives\n");
mprintf(" --mail-follow-urls[=yes/no(*)] Download and scan URLs\n");
mprintf("\n");
mprintf(" --max-filesize=#n Files larger than this will be skipped and assumed clean\n");
mprintf(" --max-scansize=#n The maximum amount of data to scan for each container file (*)\n");
mprintf(" --max-files=#n The maximum number of files to scan for each container file (*)\n");
mprintf(" --max-recursion=#n Maximum archive recursion level for container file (*)\n");
mprintf(" --max-scansize=#n The maximum amount of data to scan for each container file (**)\n");
mprintf(" --max-files=#n The maximum number of files to scan for each container file (**)\n");
mprintf(" --max-recursion=#n Maximum archive recursion level for container file (**)\n");
mprintf(" --max-dir-recursion=#n Maximum directory recursion level\n");
mprintf("\n");
mprintf("(*) Certain files (e.g. documents, archives, etc.) may in turn contain other\n");
mprintf(" files inside. The above options ensure safe processing of this kind of data.\n\n");
mprintf("(*) Default scan settings\n");
mprintf("(**) Certain files (e.g. documents, archives, etc.) may in turn contain other\n");
mprintf(" files inside. The above options ensure safe processing of this kind of data.\n\n");
}

266
clamscan/manager.c
Unescape View File

@ -51,7 +51,7 @@
#include "others.h"
#include "global.h"
#include "shared/options.h"
#include "shared/optparser.h"
#include "shared/output.h"
#include "shared/misc.h"
@ -75,13 +75,12 @@ dev_t procdev;
#define O_BINARY 0
#endif
static void move_infected(const char *filename, const struct optstruct *opt);
static void move_infected(const char *filename, const struct optstruct *opts);
static int scanfile(const char *filename, struct cl_engine *engine, const struct optstruct *opt, unsigned int options)
static int scanfile(const char *filename, struct cl_engine *engine, const struct optstruct *opts, unsigned int options)
{
int ret = 0, fd, included, printclean = 1;
const struct optnode *optnode;
char *argument;
const struct optstruct *opt;
const char *virname;
#ifdef C_LINUX
struct stat sb;
@ -96,29 +95,26 @@ static int scanfile(const char *filename, struct cl_engine *engine, const struct
}
#endif
if(opt_check(opt, "exclude")) {
argument = opt_firstarg(opt, "exclude", &optnode);
while(argument) {
if(match_regex(filename, argument) == 1) {
if((opt = optget(opts, "exclude"))->enabled) {
while(opt) {
if(match_regex(filename, opt->strarg) == 1) {
if(!printinfected)
logg("~%s: Excluded\n", filename);
return 0;
}
argument = opt_nextarg(&optnode, "exclude");
opt = opt->nextarg;
}
}
if(opt_check(opt, "include")) {
if((opt = optget(opts, "include"))->enabled) {
included = 0;
argument = opt_firstarg(opt, "include", &optnode);
while(argument && !included) {
if(match_regex(filename, argument) == 1) {
while(opt) {
if(match_regex(filename, opt->strarg) == 1) {
included = 1;
break;
}
argument = opt_nextarg(&optnode, "include");
opt = opt->nextarg;
}
if(!included) {
if(!printinfected)
logg("~%s: Excluded\n", filename);
@ -167,55 +163,50 @@ static int scanfile(const char *filename, struct cl_engine *engine, const struct
close(fd);
if(ret == CL_VIRUS) {
if(opt_check(opt, "remove")) {
if(optget(opts, "remove")->enabled) {
if(unlink(filename)) {
logg("^%s: Can't remove\n", filename);
info.notremoved++;
} else {
logg("~%s: Removed\n", filename);
}
} else if(opt_check(opt, "move") || opt_check(opt, "copy"))
move_infected(filename, opt);
} else if(optget(opts, "move")->enabled || optget(opts, "copy")->enabled)
move_infected(filename, opts);
}
return ret;
}
static int scandirs(const char *dirname, struct cl_engine *engine, const struct optstruct *opt, unsigned int options, unsigned int depth)
static int scandirs(const char *dirname, struct cl_engine *engine, const struct optstruct *opts, unsigned int options, unsigned int depth)
{
DIR *dd;
struct dirent *dent;
struct stat statbuf;
char *fname;
int scanret = 0, included;
unsigned int maxdepth;
const struct optnode *optnode;
char *argument;
const struct optstruct *opt;
if(opt_check(opt, "exclude-dir")) {
argument = opt_firstarg(opt, "exclude-dir", &optnode);
while(argument) {
if(match_regex(dirname, argument) == 1) {
if((opt = optget(opts, "exclude-dir"))->enabled) {
while(opt) {
if(match_regex(dirname, opt->strarg) == 1) {
if(!printinfected)
logg("~%s: Excluded\n", dirname);
return 0;
}
argument = opt_nextarg(&optnode, "exclude-dir");
opt = opt->nextarg;
}
}
if(opt_check(opt, "include-dir")) {
if((opt = optget(opts, "include-dir"))->enabled) {
included = 0;
argument = opt_firstarg(opt, "include-dir", &optnode);
while(argument && !included) {
if(match_regex(dirname, argument) == 1) {
while(opt) {
if(match_regex(dirname, opt->strarg) == 1) {
included = 1;
break;
}
argument = opt_nextarg(&optnode, "include-dir");
opt = opt->nextarg;
}
if(!included) {
if(!printinfected)
logg("~%s: Excluded\n", dirname);
@ -223,12 +214,7 @@ static int scandirs(const char *dirname, struct cl_engine *engine, const struct
}
}
if(opt_check(opt, "max-dir-recursion"))
maxdepth = atoi(opt_arg(opt, "max-dir-recursion"));
else
maxdepth = 15;
if(depth > maxdepth)
if(depth > (unsigned int) optget(opts, "max-dir-recursion")->numarg)
return 0;
info.dirs++;
@ -251,11 +237,11 @@ static int scandirs(const char *dirname, struct cl_engine *engine, const struct
/* stat the file */
if(lstat(fname, &statbuf) != -1) {
if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode) && recursion) {
if(scandirs(fname, engine, opt, options, depth) == 1)
if(scandirs(fname, engine, opts, options, depth) == 1)
scanret++;
} else {
if(S_ISREG(statbuf.st_mode))
scanret += scanfile(fname, engine, opt, options);
scanret += scanfile(fname, engine, opts, options);
}
}
free(fname);
@ -278,7 +264,7 @@ static int scandirs(const char *dirname, struct cl_engine *engine, const struct
}
static int scanstdin(const struct cl_engine *engine, const struct optstruct *opt, int options)
static int scanstdin(const struct cl_engine *engine, const struct optstruct *opts, int options)
{
int ret;
const char *virname, *tmpdir;
@ -286,8 +272,8 @@ static int scanstdin(const struct cl_engine *engine, const struct optstruct *opt
size_t bread;
FILE *fs;
if(opt_check(opt, "tempdir")) {
tmpdir = opt_arg(opt, "tempdir");
if(optget(opts, "tempdir")->enabled) {
tmpdir = optget(opts, "tempdir")->strarg;
} else {
/* check write access */
tmpdir = getenv("TMPDIR");
@ -344,36 +330,26 @@ static int scanstdin(const struct cl_engine *engine, const struct optstruct *opt
return ret;
}
int scanmanager(const struct optstruct *opt)
int scanmanager(const struct optstruct *opts)
{
mode_t fmode;
int ret = 0, fmodeint, i, x;
unsigned int options = 0, dboptions = 0;
struct cl_engine *engine;
struct stat sb;
char *file, cwd[1024], *pua_cats = NULL, *argument;
const char *pt;
const struct optnode *optnode;
char *file, cwd[1024], *pua_cats = NULL;
const struct optstruct *opt;
#ifndef C_WINDOWS
struct rlimit rlim;
#endif
uint64_t val64;
uint32_t val32;
if(!opt_check(opt, "no-phishing-sigs"))
if(optget(opts, "phishing-sigs")->enabled)
dboptions |= CL_DB_PHISHING;
if(!opt_check(opt,"no-phishing-scan-urls"))
if(optget(opts,"phishing-scan-urls")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
if(opt_check(opt,"phishing-ssl")) {
options |= CL_SCAN_PHISHING_BLOCKSSL;
}
if(opt_check(opt,"phishing-cloak")) {
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
}
if(opt_check(opt,"heuristic-scan-precedence")) {
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
}
if((ret = cl_init(CL_INIT_DEFAULT))) {
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret));
@ -385,29 +361,26 @@ int scanmanager(const struct optstruct *opt)
return 50;
}
if(opt_check(opt, "detect-pua")) {
if(optget(opts, "detect-pua")->enabled) {
dboptions |= CL_DB_PUA;
if(opt_check(opt, "exclude-pua")) {
if((opt = optget(opts, "exclude-pua"))->enabled) {
dboptions |= CL_DB_PUA_EXCLUDE;
argument = opt_firstarg(opt, "exclude-pua", &optnode);
i = 0;
while(argument) {
if(!(pua_cats = realloc(pua_cats, i + strlen(argument) + 3))) {
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
cl_engine_free(engine);
return 70;
}
sprintf(pua_cats + i, ".%s", argument);
i += strlen(argument) + 1;
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
argument = opt_nextarg(&optnode, "exclude-pua");
opt = opt->nextarg;
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if(opt_check(opt, "include-pua")) {
if((opt = optget(opts, "include-pua"))->enabled) {
if(pua_cats) {
logg("!--exclude-pua and --include-pua cannot be used at the same time\n");
cl_engine_free(engine);
@ -415,17 +388,16 @@ int scanmanager(const struct optstruct *opt)
return 40;
}
dboptions |= CL_DB_PUA_INCLUDE;
argument = opt_firstarg(opt, "include-pua", &optnode);
i = 0;
while(argument) {
if(!(pua_cats = realloc(pua_cats, i + strlen(argument) + 3))) {
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
return 70;
}
sprintf(pua_cats + i, ".%s", argument);
i += strlen(argument) + 1;
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
argument = opt_nextarg(&optnode, "include-pua");
opt = opt->nextarg;
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
@ -442,32 +414,31 @@ int scanmanager(const struct optstruct *opt)
}
}
if(opt_check(opt, "dev-ac-only")) {
if(optget(opts, "dev-ac-only")->enabled) {
val32 = 1;
cl_engine_set(engine, CL_ENGINE_AC_ONLY, &val32);
}
if(opt_check(opt, "dev-ac-depth")) {
val32 = atoi(opt_arg(opt, "dev-ac-depth"));
if(optget(opts, "dev-ac-depth")->enabled) {
val32 = optget(opts, "dev-ac-depth")->numarg;
cl_engine_set(engine, CL_ENGINE_AC_MAXDEPTH, &val32);
}
if(opt_check(opt, "leave-temps")) {
if(optget(opts, "leave-temps")->enabled) {
val32 = 1;
cl_engine_set(engine, CL_ENGINE_KEEPTMP, &val32);
}
if(opt_check(opt, "tempdir")) {
pt = opt_arg(opt, "tempdir");
if((ret = cl_engine_set(engine, CL_ENGINE_TMPDIR, pt))) {
if((opt = optget(opts, "tempdir"))->enabled) {
if((ret = cl_engine_set(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
logg("!cli_engine_set(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 50;
}
}
if(opt_check(opt, "database")) {
if((ret = cl_load(opt_arg(opt, "database"), engine, &info.sigs, dboptions))) {
if((opt = optget(opts, "database"))->enabled) {
if((ret = cl_load(opt->strarg, engine, &info.sigs, dboptions))) {
logg("!%s\n", cl_strerror(ret));
cl_engine_free(engine);
return 50;
@ -493,18 +464,8 @@ int scanmanager(const struct optstruct *opt)
/* set limits */
if(opt_check(opt, "max-scansize")) {
char *cpy, *ptr;
ptr = opt_arg(opt, "max-scansize");
if(tolower(ptr[strlen(ptr) - 1]) == 'm') {
cpy = calloc(strlen(ptr), 1);
strncpy(cpy, ptr, strlen(ptr) - 1);
cpy[strlen(ptr)-1]='\0';
val64 = atoi(cpy) * 1024 * 1024;
free(cpy);
} else
val64 = atoi(ptr) * 1024;
if((opt = optget(opts, "max-scansize"))->enabled) {
val64 = opt->numarg;
if((ret = cl_engine_set(engine, CL_ENGINE_MAX_SCANSIZE, &val64))) {
logg("!cli_engine_set(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
@ -512,18 +473,8 @@ int scanmanager(const struct optstruct *opt)
}
}
if(opt_check(opt, "max-filesize")) {
char *cpy, *ptr;
ptr = opt_arg(opt, "max-filesize");
if(tolower(ptr[strlen(ptr) - 1]) == 'm') {
cpy = calloc(strlen(ptr), 1);
strncpy(cpy, ptr, strlen(ptr) - 1);
cpy[strlen(ptr)-1]='\0';
val64 = atoi(cpy) * 1024 * 1024;
free(cpy);
} else
val64 = atoi(ptr) * 1024;
if((opt = optget(opts, "max-filesize"))->enabled) {
val64 = opt->numarg;
if((ret = cl_engine_set(engine, CL_ENGINE_MAX_FILESIZE, &val64))) {
logg("!cli_engine_set(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
@ -544,8 +495,8 @@ int scanmanager(const struct optstruct *opt)
}
#endif
if(opt_check(opt, "max-files")) {
val32 = atoi(opt_arg(opt, "max-files"));
if((opt = optget(opts, "max-files"))->enabled) {
val32 = opt->numarg;
if((ret = cl_engine_set(engine, CL_ENGINE_MAX_FILES, &val32))) {
logg("!cli_engine_set(CL_ENGINE_MAX_FILES) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
@ -553,8 +504,8 @@ int scanmanager(const struct optstruct *opt)
}
}
if(opt_check(opt, "max-recursion")) {
val32 = atoi(opt_arg(opt, "max-recursion"));
if((opt = optget(opts, "max-recursion"))->enabled) {
val32 = opt->numarg;
if((ret = cl_engine_set(engine, CL_ENGINE_MAX_RECURSION, &val32))) {
logg("!cli_engine_set(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
@ -562,63 +513,55 @@ int scanmanager(const struct optstruct *opt)
}
}
/* set options */
/* set scan options */
if(optget(opts,"phishing-ssl")->enabled)
options |= CL_SCAN_PHISHING_BLOCKSSL;
if(opt_check(opt, "disable-archive") || opt_check(opt, "no-archive"))
options &= ~CL_SCAN_ARCHIVE;
else
if(optget(opts,"phishing-cloak")->enabled)
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
if(optget(opts,"heuristic-scan-precedence")->enabled)
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
if(optget(opts, "scan-archive")->enabled)
options |= CL_SCAN_ARCHIVE;
if(opt_check(opt, "detect-broken"))
if(optget(opts, "detect-broken")->enabled)
options |= CL_SCAN_BLOCKBROKEN;
if(opt_check(opt, "block-encrypted"))
if(optget(opts, "block-encrypted")->enabled)
options |= CL_SCAN_BLOCKENCRYPTED;
if(opt_check(opt, "no-pe"))
options &= ~CL_SCAN_PE;
else
if(optget(opts, "scan-pe")->enabled)
options |= CL_SCAN_PE;
if(opt_check(opt, "no-elf"))
options &= ~CL_SCAN_ELF;
else
if(optget(opts, "scan-elf")->enabled)
options |= CL_SCAN_ELF;
if(opt_check(opt, "no-ole2"))
options &= ~CL_SCAN_OLE2;
else
if(optget(opts, "scan-ole2")->enabled)
options |= CL_SCAN_OLE2;
if(opt_check(opt, "no-pdf"))
options &= ~CL_SCAN_PDF;
else
if(optget(opts, "scan-pdf")->enabled)
options |= CL_SCAN_PDF;
if(opt_check(opt, "no-html"))
options &= ~CL_SCAN_HTML;
else
if(optget(opts, "scan-html")->enabled)
options |= CL_SCAN_HTML;
if(opt_check(opt, "no-mail")) {
options &= ~CL_SCAN_MAIL;
} else {
if(optget(opts, "scan-mail")->enabled) {
options |= CL_SCAN_MAIL;
if(opt_check(opt, "mail-follow-urls"))
if(optget(opts, "mail-follow-urls")->enabled)
options |= CL_SCAN_MAILURL;
}
if(opt_check(opt, "no-algorithmic"))
options &= ~CL_SCAN_ALGORITHMIC;
else
if(optget(opts, "algorithmic-detection")->enabled)
options |= CL_SCAN_ALGORITHMIC;
if(opt_check(opt, "detect-structured")) {
if(optget(opts, "detect-structured")->enabled) {
options |= CL_SCAN_STRUCTURED;
if(opt_check(opt, "structured-ssn-format")) {
switch(atoi(opt_arg(opt, "structured-ssn-format"))) {
if((opt = optget(opts, "structured-ssn-format"))->enabled) {
switch(opt->numarg) {
case 0:
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
break;
@ -636,8 +579,8 @@ int scanmanager(const struct optstruct *opt)
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
}
if(opt_check(opt, "structured-ssn-count")) {
val32 = atoi(opt_arg(opt, "structured-ssn-count"));
if((opt = optget(opts, "structured-ssn-count"))->enabled) {
val32 = opt->numarg;
if((ret = cl_engine_set(engine, CL_ENGINE_MIN_SSN_COUNT, &val32))) {
logg("!cli_engine_set(CL_ENGINE_MIN_SSN_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
@ -645,8 +588,8 @@ int scanmanager(const struct optstruct *opt)
}
}
if(opt_check(opt, "structured-cc-count")) {
val32 = atoi(opt_arg(opt, "structured-cc-count"));
if((opt = optget(opts, "structured-cc-count"))->enabled) {
val32 = opt->numarg;
if((ret = cl_engine_set(engine, CL_ENGINE_MIN_CC_COUNT, &val32))) {
logg("!cli_engine_set(CL_ENGINE_MIN_CC_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
@ -654,8 +597,9 @@ int scanmanager(const struct optstruct *opt)
}
}
} else
} else {
options &= ~CL_SCAN_STRUCTURED;
}
#ifdef C_LINUX
procdev = (dev_t) 0;
@ -664,20 +608,20 @@ int scanmanager(const struct optstruct *opt)
#endif
/* check filetype */
if(opt->filename == NULL || strlen(opt->filename) == 0) {
if(opts->filename == NULL || strlen(opts->filename) == 0) {
/* we need full path for some reasons (eg. archive handling) */
if(!getcwd(cwd, sizeof(cwd))) {
logg("!Can't get absolute pathname of current working directory\n");
ret = 57;
} else
ret = scandirs(cwd, engine, opt, options, 1);
ret = scandirs(cwd, engine, opts, options, 1);
} else if(!strcmp(opt->filename, "-")) { /* read data from stdin */
ret = scanstdin(engine, opt, options);
} else if(!strcmp(opts->filename, "-")) { /* read data from stdin */
ret = scanstdin(engine, opts, options);
} else {
for (x = 0; (file = cli_strtok(opt->filename, x, "\t")) != NULL; x++) {
for (x = 0; (file = cli_strtok(opts->filename, x, "\t")) != NULL; x++) {
if((fmodeint = fileinfo(file, 2)) == -1) {
logg("^Can't access file %s\n", file);
perror(file);
@ -694,11 +638,11 @@ int scanmanager(const struct optstruct *opt)
switch(fmode & S_IFMT) {
case S_IFREG:
ret = scanfile(file, engine, opt, options);
ret = scanfile(file, engine, opts, options);
break;
case S_IFDIR:
ret = scandirs(file, engine, opt, options, 1);
ret = scandirs(file, engine, opts, options, 1);
break;
default:
@ -722,18 +666,18 @@ int scanmanager(const struct optstruct *opt)
return ret;
}
static void move_infected(const char *filename, const struct optstruct *opt)
static void move_infected(const char *filename, const struct optstruct *opts)
{
char *movedir, *movefilename, numext[4 + 1];
const char *tmp;
struct stat ofstat, mfstat;
int n, len, movefilename_size;
int moveflag = opt_check(opt, "move");
int moveflag = optget(opts, "move")->enabled;
struct utimbuf ubuf;
if((moveflag && !(movedir = opt_arg(opt, "move"))) ||
(!moveflag && !(movedir = opt_arg(opt, "copy")))) {
if((moveflag && !(movedir = optget(opts, "move")->strarg)) ||
(!moveflag && !(movedir = optget(opts, "copy")->strarg))) {
/* Should never reach here */
logg("!opt_arg() returned NULL\n");
info.notmoved++;

4
clamscan/manager.h
Unescape View File

@ -19,8 +19,8 @@
#ifndef __MANAGER_H
#define __MANAGER_H
#include "shared/options.h"
#include "shared/optparser.h"
int scanmanager(const struct optstruct *opt);
int scanmanager(const struct optstruct *opts);
#endif

68
docs/man/clamscan.1.in
Unescape View File

@ -1,4 +1,4 @@
.TH "clamscan" "1" "February 12, 2007" "ClamAV @VERSION@" "Clam AntiVirus"
.TH "clamscan" "1" "December 30, 2008" "ClamAV @VERSION@" "Clam AntiVirus"
.SH "NAME"
.LP
clamscan \- scan files and directories for viruses
@ -10,7 +10,7 @@ clamscan [options] [file/directory/\-]
clamscan is a command line anti\-virus scanner.
.SH "OPTIONS"
.LP
Most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting for a given option.
.TP
\fB\-h, \-\-help\fR
Print help information and exit.
@ -60,7 +60,7 @@ Only scan file/directory names containing PATT. It may be used multiple times.
\fB\-i, \-\-infected\fR
Only print infected files.
.TP
\fB\-\-remove\fR
\fB\-\-remove[=yes/no(*)]\fR
Remove infected files. \fBBe careful.\fR
.TP
\fB\-\-move=DIRECTORY\fR
@ -69,7 +69,7 @@ Move infected files into DIRECTORY. Directory must be writable for the '@CLAMAVU
\fB\-\-copy=DIRECTORY\fR
Copy infected files into DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan.
.TP
\fB\-\-detect\-pua\fR
\fB\-\-detect\-pua[=yes/no(*)]\fR
Detect Possibly Unwanted Applications.
.TP
\fB\-\-exclude\-pua=CATEGORY\fR
@ -78,8 +78,8 @@ Exclude a specific PUA category. This option can be used multiple times. See htt
\fB\-\-include\-pua=CATEGORY\fR
Only include a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA
.TP
\fB\-\-detect\-structured\fR
Enable the DLP (Data Loss Prevention) module which provides detection of SSN and Credit Card numbers.
\fB\-\-detect\-structured[=yes/no(*)]\fR
Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.
.TP
\fB\-\-structured\-ssn\-format=X\fR
X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid SSNs formatted as xxxyyzzzz (stripped); X=2: search for both formats. Default is 0.
@ -90,52 +90,52 @@ This option sets the lowest number of Social Security Numbers found in a file to
\fB\-\-structured\-cc\-count=#n\fR
This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).
.TP
\fB\-\-no\-mail\fR
Disable scanning of mail files.
\fB\-\-scan\-mail[=yes(*)/no]\fR
Scan mail files.
.TP
\fB\-\-no\-phishing\-sigs\fR
Disable signature-based phishing detection.
\fB\-\-phishing\-sigs[=yes(*)/no]\fR
Use the signature-based phishing detection.
.TP
\fB\-\-no\-phishing\-scan\-urls\fR
Disable url-based heuristic phishing detection. This disables Phishing.Heuristics.Email.*
\fB\-\-phishing\-scan\-urls[=yes(*)/no]\fR
Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)
.TP
\fB\-\-heuristic\-scan\-precedence\fR
\fB\-\-heuristic\-scan\-precedence[=yes/no(*)]\fR
Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it will stop scan immediately. Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phish, and a real malware, the real malware will be reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses differently from "real" malware. If a non-heuristically-detected virus (signature-based) is found first, the scan is interrupted immediately, regardless of this config option.
.TP
\fB\-\-phishing\-ssl\fR
Always block SSL mismatches in URLs (might lead to false positives!).
\fB\-\-phishing\-ssl[=yes/no(*)]\fR
Block SSL mismatches in URLs (might lead to false positives!).
.TP
\fB\-\-phishing\-cloak\fR
Always block cloaked URLs (might lead to some false positives).
\fB\-\-phishing\-cloak[=yes/no(*)]\fR
Block cloaked URLs (might lead to some false positives).
.TP
\fB\-\-no\-algorithmic\fR
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option disables the algorithmic detection.
\fB\-\-algorithmic\-detection[=yes(*)/no]\fR
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option can be used to control the algorithmic detection.
.TP
\fB\-\-no\-pe\fR
PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG. This option \fBdisables\fR PE support and should be used with care!
\fB\-\-scan\-pe[=yes(*)/no]\fR
PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG.
.TP
\fB\-\-no\-elf\fR
Executable and Linking Format is a standard format for UN*X executables. This option \fBdisables\fR ELF support.
\fB\-\-scan\-elf[=yes(*)/no]\fR
Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.
.TP
\fB\-\-no\-ole2\fR
Disable support for Microsoft Office documents and .msi files.
\fB\-\-scan\-ole2[=yes(*)/no]\fR
Scan Microsoft Office documents and .msi files.
.TP
\fB\-\-no\-pdf\fR
Disable scanning within PDF files.
\fB\-\-scan\-pdf[=yes(*)/no]\fR
Scan within PDF files.
.TP
\fB\-\-no\-html\fR
Disable support for HTML detection and normalisation.
\fB\-\-scan\-html[=yes(*)/no]\fR
Detect, normalize/decrypt and scan HTML files and embedded scripts.
.TP
\fB\-\-no\-archive\fR
Disable archive support built in libclamav.
\fB\-\-scan\-archive[=yes(*)/no]\fR
Scan archives supported by libclamav.
.TP
\fB\-\-detect\-broken\fR
\fB\-\-detect\-broken[=yes/no(*)]\fR
Mark broken executables as viruses (Broken.Executable).
.TP
\fB\-\-block\-encrypted\fR
\fB\-\-block\-encrypted[=yes/no(*)]\fR
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
.TP
\fB\-\-mail\-follow\-urls\fR
\fB\-\-mail\-follow\-urls[=yes/no(*)]\fR
If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR
.TP
\fB\-\-max\-files=#n\fR

163
shared/optparser.c
Unescape View File

@ -20,7 +20,7 @@
/*
* TODO:
* - freshclam, clamscan, clamdscan, clamconf, milter
* - clamdscan, clamconf, milter
* - clamconf: generation/verification/updating of config files and man page entries
* - automatically generate --help pages (use the first line from the description)
*/
@ -44,7 +44,7 @@
#include "getopt.h"
#define MAXCMDOPTS 64
#define MAXCMDOPTS 80
#define MAX(a,b) (a > b ? a : b)
#define MATCH_NUMBER "^[0-9]+$"
@ -67,21 +67,66 @@ static const struct clam_option {
/* name, longopt, sopt, argtype, regex, num, str, mul, owner, description, suggested */
/* cmdline only */
{ NULL, "help", 'h', OPT_BOOL, NULL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM, "", "" },
{ NULL, "config-file", 'c', OPT_STRING, NULL, 0, CONFDIR"/clamd.conf", 0, OPT_CLAMD, "", "" },
{ NULL, "help", 'h', OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN, "", "" },
{ NULL, "config-file", 'c', OPT_STRING, NULL, 0, CONFDIR"/clamd.conf", 0, OPT_CLAMD | OPT_CLAMDSCAN, "", "" },
{ NULL, "config-file", 0, OPT_STRING, NULL, 0, CONFDIR"/freshclam.conf", 0, OPT_FRESHCLAM, "", "" },
{ NULL, "version", 'V', OPT_BOOL, NULL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM, "", "" },
{ NULL, "debug", 0, OPT_BOOL, NULL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM, "", "" },
{ NULL, "verbose", 'v', OPT_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "quiet", 0, OPT_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "no-warnings", 0, OPT_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "stdout", 0, OPT_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "daemon", 'd', OPT_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "no-dns", 0, OPT_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "version", 'V', OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN, "", "" },
{ NULL, "debug", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN, "", "" },
{ NULL, "verbose", 'v', OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN, "", "" },
{ NULL, "quiet", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN, "", "" },
{ NULL, "leave-temps", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "no-warnings", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "stdout", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN, "", "" },
{ NULL, "daemon", 'd', OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "no-dns", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "list-mirrors", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "submit-stats", 0, OPT_STRING, NULL, 0, CONFDIR"/clamd.conf", 0, OPT_FRESHCLAM, "", "" }, /* Don't merge this one with SubmitDetectionStats */
{ NULL, "reload", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMDSCAN, "", "" },
{ NULL, "multiscan", 'm', OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMDSCAN, "", "" },
{ NULL, "database", 'd', OPT_STRING, NULL, -1, DATADIR, 0, OPT_CLAMSCAN, "", "" }, /* merge it with DatabaseDirectory (and fix conflict with --datadir */
{ NULL, "recursive", 'r', OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "bell", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "no-summary", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "infected", 'i', OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "log", 'l', OPT_STRING, NULL, -1, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "move", 0, OPT_STRING, NULL, -1, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "copy", 0, OPT_STRING, NULL, -1, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "remove", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" },
{ NULL, "exclude", 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMSCAN, "", "" },
{ NULL, "exclude-dir", 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMSCAN, "", "" },
{ NULL, "include", 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMSCAN, "", "" },
{ NULL, "include-dir", 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMSCAN, "", "" },
{ NULL, "structured-ssn-format", 0, OPT_NUMBER, MATCH_NUMBER, 0, NULL, 1, OPT_CLAMSCAN, "", "" },
/* cmdline only - deprecated */
{ NULL, "http-proxy", 0, OPT_STRING, NULL, 0, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
{ NULL, "proxy-user", 0, OPT_STRING, NULL, 0, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
{ NULL, "list-mirrors", 0, OPT_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM, "", "" },
{ NULL, "submit-stats", 0, OPT_STRING, NULL, 0, CONFDIR"/clamd.conf", 0, OPT_FRESHCLAM, "", "" }, /* Don't merge this one with SubmitDetectionStats */
{ NULL, "force", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "disable-summary", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "disable-archive", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-archive", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-pe", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-elf", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-ole2", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-pdf", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-html", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-mail", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-phishing-sigs", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-phishing-scan-urls", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-algorithmic", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "no-phishing-restrictedscan", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "max-ratio", 0, OPT_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "max-space", 0, OPT_SIZE, MATCH_SIZE, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "block-max", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "unzip", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "unrar", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "arj", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "unzoo", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "lha", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "jar", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "tar", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "tgz", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
{ NULL, "deb", 0, OPT_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
/* config file/cmdline options */
{ "LogFile", "log", 'l', OPT_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Save all reports to a log file.", "/tmp/clamav.log" },
@ -102,7 +147,7 @@ static const struct clam_option {
{ "PidFile", "pid", 'p', OPT_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Save the process ID to a file.", "/var/run/clamd.pid" },
{ "TemporaryDirectory", NULL, 0, OPT_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "This option allows you to change the default temporary directory.", "/tmp" },
{ "TemporaryDirectory", "tempdir", 0, OPT_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN, "This option allows you to change the default temporary directory.", "/tmp" },
{ "DatabaseDirectory", "datadir", 0, OPT_STRING, NULL, -1, DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "/var/lib/clamav" },
@ -131,7 +176,7 @@ static const struct clam_option {
{ "ExcludePath", NULL, 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMD, "Don't scan files/directories whose names match the provided\nregular expression. This option can be specified multiple times.", "^/proc/" },
{ "MaxDirectoryRecursion", NULL, 0, OPT_NUMBER, MATCH_NUMBER, 15, NULL, 0, OPT_CLAMD, "Maximum depth the directories are scanned at.", "15" },
{ "MaxDirectoryRecursion", "max-dir-recursion", 0, OPT_NUMBER, MATCH_NUMBER, 15, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Maximum depth the directories are scanned at.", "15" },
{ "FollowDirectorySymlinks", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Follow directory symlinks.", "no" },
@ -155,63 +200,63 @@ static const struct clam_option {
/* Scan options */
{ "DetectPUA", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Detect Potentially Unwanted Applications.", "yes" },
{ "DetectPUA", "detect-pua", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
{ "ExcludePUA", NULL, 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMD, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool" },
{ "ExcludePUA", "exclude-pua", 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMD | OPT_CLAMSCAN, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool" },
{ "IncludePUA", NULL, 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMD, "Only include a specific PUA category. This directive can be used multiple\ntimes.", "Spy" },
{ "IncludePUA", "include-pua", 0, OPT_STRING, NULL, -1, NULL, 1, OPT_CLAMD | OPT_CLAMSCAN, "Only include a specific PUA category. This directive can be used multiple\ntimes.", "Spy" },
{ "AlgorithmicDetection", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "In some cases (eg. complex malware, exploits in graphic files, and others),\nClamAV uses special algorithms to provide accurate detection. This option\ncontrols the algorithmic detection.", "yes" },
{ "AlgorithmicDetection", "algorithmic-detection", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "In some cases (eg. complex malware, exploits in graphic files, and others),\nClamAV uses special algorithms to provide accurate detection. This option\ncontrols the algorithmic detection.", "yes" },
{ "ScanPE", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "PE stands for Portable Executable - it's an executable file format used\nin all 32- and 64-bit versions of Windows operating systems. This option\nallows ClamAV to perform a deeper analysis of executable files and it's also\nrequired for decompression of popular executable packers such as UPX or FSG.", "yes" },
{ "ScanPE", "scan-pe", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "PE stands for Portable Executable - it's an executable file format used\nin all 32- and 64-bit versions of Windows operating systems. This option\nallows ClamAV to perform a deeper analysis of executable files and it's also\nrequired for decompression of popular executable packers such as UPX or FSG.", "yes" },
{ "ScanELF", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "Executable and Linking Format is a standard format for UN*X executables.\nThis option allows you to control the scanning of ELF files.", "yes" },
{ "ScanELF", "scan-elf", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Executable and Linking Format is a standard format for UN*X executables.\nThis option allows you to control the scanning of ELF files.", "yes" },
{ "DetectBrokenExecutables", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "With this option enabled clamav will try to detect broken executables\n(both PE and ELF) and mark them as Broken.Executable.", "yes" },
{ "DetectBrokenExecutables", "detect-broken", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled clamav will try to detect broken executables\n(both PE and ELF) and mark them as Broken.Executable.", "yes" },
{ "ScanMail", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "Enable the built in email scanner.", "yes" },
{ "ScanMail", "scan-mail", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Enable the built in email scanner.", "yes" },
{ "MailFollowURLs", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "If an email contains URLs ClamAV can download and scan them.\nWARNING: This option may open your system to a DoS attack. Please don't use\nthis feature on highly loaded servers.", "no" },
{ "MailFollowURLs", "mail-follow-urls", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "If an email contains URLs ClamAV can download and scan them.\nWARNING: This option may open your system to a DoS attack. Please don't use\nthis feature on highly loaded servers.", "no" },
{ "ScanPartialMessages", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Scan RFC1341 messages split over many emails. You will need to\nperiodically clean up $TemporaryDirectory/clamav-partial directory.\nWARNING: This option may open your system to a DoS attack. Please don't use\nthis feature on highly loaded servers.", "no" },
{ "PhishingSignatures", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "With this option enabled ClamAV will try to detect phishing attempts by using\nsignatures.", "yes" },
{ "PhishingSignatures", "phishing-sigs", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will try to detect phishing attempts by using\nsignatures.", "yes" },
{ "PhishingScanURLs", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "Scan URLs found in mails for phishing attempts using heuristics.", "yes" },
{ "PhishingScanURLs", "phishing-scan-urls", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Scan URLs found in mails for phishing attempts using heuristics.", "yes" },
{ "PhishingAlwaysBlockCloak", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Always block cloaked URLs, even if they're not in the database.\nThis feature can lead to false positives.", "no" },
{ "PhishingAlwaysBlockCloak", "phishing-cloak", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Always block cloaked URLs, even if they're not in the database.\nThis feature can lead to false positives.", "no" },
{ "PhishingAlwaysBlockSSLMismatch", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Always block SSL mismatches in URLs, even if they're not in the database.\nThis feature can lead to false positives.", "" },
{ "PhishingAlwaysBlockSSLMismatch", "phishing-ssl", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Always block SSL mismatches in URLs, even if they're not in the database.\nThis feature can lead to false positives.", "" },
{ "HeuristicScanPrecedence", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Allow heuristic match to take precedence.\nWhen enabled, if a heuristic scan (such as phishingScan) detects\na possible virus/phish it will stop scan immediately. Recommended, saves CPU\nscan-time.\nWhen disabled, virus/phish detected by heuristic scans will be reported only\nat the end of a scan. If an archive contains both a heuristically detected\nvirus/phish, and a real malware, the real malware will be reported.\nKeep this disabled if you intend to handle \"*.Heuristics.*\" viruses\ndifferently from \"real\" malware.\nIf a non-heuristically-detected virus (signature-based) is found first,\nthe scan is interrupted immediately, regardless of this config option.", "yes" },
{ "HeuristicScanPrecedence", "heuristic-scan-precedence", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Allow heuristic match to take precedence.\nWhen enabled, if a heuristic scan (such as phishingScan) detects\na possible virus/phish it will stop scan immediately. Recommended, saves CPU\nscan-time.\nWhen disabled, virus/phish detected by heuristic scans will be reported only\nat the end of a scan. If an archive contains both a heuristically detected\nvirus/phish, and a real malware, the real malware will be reported.\nKeep this disabled if you intend to handle \"*.Heuristics.*\" viruses\ndifferently from \"real\" malware.\nIf a non-heuristically-detected virus (signature-based) is found first,\nthe scan is interrupted immediately, regardless of this config option.", "yes" },
{ "StructuredDataDetection", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Enable the Data Loss Prevention module.", "no" },
{ "StructuredDataDetection", "detect-structured", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Enable the Data Loss Prevention module.", "no" },
{ "StructuredMinCreditCardCount", NULL, 0, OPT_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_CLAMD, "This option sets the lowest number of Credit Card numbers found in a file\nto generate a detect.", "5" },
{ "StructuredMinCreditCardCount", "structured-cc-count", 0, OPT_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the lowest number of Credit Card numbers found in a file\nto generate a detect.", "5" },
{ "StructuredMinSSNCount", NULL, 0, OPT_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_CLAMD, "This option sets the lowest number of Social Security Numbers found\nin a file to generate a detect.", "5" },
{ "StructuredMinSSNCount", "structured-ssn-count", 0, OPT_NUMBER, MATCH_NUMBER, 3, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the lowest number of Social Security Numbers found\nin a file to generate a detect.", "5" },
{ "StructuredSSNFormatNormal", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "With this option enabled the DLP module will search for valid\nSSNs formatted as xxx-yy-zzzz.", "yes" },
{ "StructuredSSNFormatStripped", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "With this option enabled the DLP module will search for valid\nSSNs formatted as xxxyyzzzz", "no" },
{ "ScanHTML", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "Perform HTML/JavaScript/ScriptEncoder normalisation and decryption.", "yes" },
{ "ScanHTML", "scan-html", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Perform HTML/JavaScript/ScriptEncoder normalisation and decryption.", "yes" },
{ "ScanOLE2", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "This option enables scanning of OLE2 files, such as Microsoft Office\ndocuments and .msi files.", "yes" },
{ "ScanOLE2", "scan-ole2", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning of OLE2 files, such as Microsoft Office\ndocuments and .msi files.", "yes" },
{ "ScanPDF", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "This option enables scanning within PDF files.", "yes" },
{ "ScanPDF", "scan-pdf", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning within PDF files.", "yes" },
{ "ScanArchive", NULL, 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "Scan within archives and compressed files.", "yes" },
{ "ScanArchive", "scan-archive", 0, OPT_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Scan within archives and compressed files.", "yes" },
{ "ArchiveBlockEncrypted", NULL, 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).", "no" },
{ "ArchiveBlockEncrypted", "block-encrypted", 0, OPT_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).", "no" },
{ "MaxScanSize", NULL, 0, OPT_SIZE, MATCH_SIZE, -1, NULL, 0, OPT_CLAMD, "This option sets the maximum amount of data to be scanned for each input file.\nArchives and other containers are recursively extracted and scanned up to this\nvalue.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage.", "100M" },
{ "MaxScanSize", "max-scansize", 0, OPT_SIZE, MATCH_SIZE, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum amount of data to be scanned for each input file.\nArchives and other containers are recursively extracted and scanned up to this\nvalue.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage.", "100M" },
{ "MaxFileSize", NULL, 0, OPT_SIZE, MATCH_SIZE, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Files larger than this limit won't be scanned. Affects the input file itself\nas well as files contained inside it (when the input file is an archive, a\ndocument or some other kind of container).\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.", "25M" },
{ "MaxFileSize", "max-filesize", 0, OPT_SIZE, MATCH_SIZE, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN, "Files larger than this limit won't be scanned. Affects the input file itself\nas well as files contained inside it (when the input file is an archive, a\ndocument or some other kind of container).\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.", "25M" },
{ "MaxRecursion", NULL, 0, OPT_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD, "Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR\nfile, all files within it will also be scanned. This option specifies how\ndeeply the process should be continued.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.", "16" },
{ "MaxRecursion", "max-recursion", 0, OPT_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR\nfile, all files within it will also be scanned. This option specifies how\ndeeply the process should be continued.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.", "16" },
{ "MaxFiles", NULL, 0, OPT_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD, "Number of files to be scanned within an archive, a document, or any other\ncontainer file.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.", "10000" },
{ "MaxFiles", "max-files", 0, OPT_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Number of files to be scanned within an archive, a document, or any other\ncontainer file.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.", "10000" },
{ "ClamukoScanOnAccess", NULL, 0, OPT_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables Clamuko. Dazuko needs to be already configured and\nrunning.", "no" },
@ -228,9 +273,9 @@ static const struct clam_option {
{ "ClamukoMaxFileSize", NULL, 0, OPT_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned.", "5M" },
/* FIXME: mark these as private and don't output into clamd.conf/man */
{ "DevACOnly", NULL, 0, OPT_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "", "" },
{ "DevACOnly", "dev-ac-only", 0, OPT_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "", "" },
{ "DevACDepth", NULL, 0, OPT_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD, "", "" },
{ "DevACDepth", "dev-ac-depth", 0, OPT_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "", "" },
/* Freshclam-only entries */
@ -291,8 +336,8 @@ static const struct clam_option {
{ "ArchiveMaxRecursion", NULL, 0, OPT_NUMBER, NULL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ArchiveMaxFiles", NULL, 0, OPT_NUMBER, NULL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ArchiveMaxCompressionRatio", NULL, 0, OPT_NUMBER, NULL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ArchiveBlockMax", NULL, 0, OPT_BOOL, NULL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ArchiveLimitMemoryUsage", NULL, 0, OPT_BOOL, NULL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ArchiveBlockMax", NULL, 0, OPT_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ArchiveLimitMemoryUsage", NULL, 0, OPT_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
/* Milter specific options */
/*
@ -427,6 +472,7 @@ static int optadd(struct optstruct **opts, const char *name, const char *cmd, co
newnode->active = 0;
newnode->multiple = multiple;
newnode->idx = idx;
newnode->filename = NULL;
newnode->next = *opts;
*opts = newnode;
@ -500,6 +546,9 @@ void optfree(struct optstruct *opts)
{
struct optstruct *h, *a;
if(opts && opts->filename)
free(opts->filename);
while(opts) {
a = opts->nextarg;
while(a) {
@ -828,6 +877,28 @@ struct optstruct *optparse(const char *cfgfile, int argc, char * const *argv, in
return NULL;
}
if(!cfgfile && (optind < argc)) {
lc = 0;
/* count length of non-option arguments */
for(i = optind; i < argc; i++)
lc += strlen(argv[i]);
lc += argc - optind + 1;
opts->filename = (char *) calloc(lc, sizeof(char));
if(!opts->filename) {
fprintf(stderr, "ERROR: optparse: calloc failed\n");
optfree(opt);
return NULL;
}
for(i = optind; i < argc; i++) {
strncat(opts->filename, argv[i], strlen(argv[i]));
if(i != argc - 1)
strncat(opts->filename, "\t", 1);
}
}
/* optprint(opts); */
return opts;

6
shared/optparser.h
Unescape View File

@ -30,7 +30,9 @@
#define OPT_CLAMD 1
#define OPT_FRESHCLAM 2
#define OPT_MILTER 4
#define OPT_DEPRECATED 8
#define OPT_CLAMSCAN 8
#define OPT_CLAMDSCAN 16
#define OPT_DEPRECATED 32
struct optstruct {
char *name;
@ -43,6 +45,8 @@ struct optstruct {
int idx;
struct optstruct *nextarg;
struct optstruct *next;
char *filename; /* cmdline */
};
const struct optstruct *optget(const struct optstruct *opts, const char *name);

Write Preview
Loading…
Cancel
Save