From 3f97a1e787b80b984b74105d54defe2210294859 Mon Sep 17 00:00:00 2001 From: Tomasz Kojm Date: Sat, 28 Oct 2006 22:01:51 +0000 Subject: [PATCH] add ScanELF and --no-elf git-svn: trunk@2449 --- clamav-devel/ChangeLog | 5 +++++ clamav-devel/clamd/server-th.c | 14 +++++++++++--- clamav-devel/clamscan/clamscan.c | 1 + clamav-devel/clamscan/clamscan_opt.h | 1 + clamav-devel/clamscan/manager.c | 5 +++++ clamav-devel/docs/man/clamd.conf.5.in | 7 ++++++- clamav-devel/docs/man/clamscan.1 | 3 +++ clamav-devel/etc/clamd.conf | 9 +++++++-- clamav-devel/libclamav/clamav.h | 3 ++- clamav-devel/libclamav/others.h | 1 + clamav-devel/libclamav/scanners.c | 3 ++- clamav-devel/shared/cfgparser.c | 1 + 12 files changed, 45 insertions(+), 8 deletions(-) diff --git a/clamav-devel/ChangeLog b/clamav-devel/ChangeLog index 7c71241e7..74c082a36 100644 --- a/clamav-devel/ChangeLog +++ b/clamav-devel/ChangeLog @@ -1,3 +1,8 @@ +Sun Oct 29 00:00:10 CEST 2006 (tk) +---------------------------------- + * clamd: new directive ScanELF + * clamscan: new command line option --no-elf + Sat Oct 28 22:44:46 CEST 2006 (tk) ---------------------------------- * libclamav/elf.c: parse program headers and properly calculate file offset diff --git a/clamav-devel/clamd/server-th.c b/clamav-devel/clamd/server-th.c index 14a1f2f36..66bf07e4e 100644 --- a/clamav-devel/clamd/server-th.c +++ b/clamav-devel/clamd/server-th.c @@ -372,14 +372,22 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_node *root, unsigned in if(cfgopt(copt, "ScanPE")->enabled) { logg("Portable Executable support enabled.\n"); options |= CL_SCAN_PE; + } else { + logg("Portable Executable support disabled.\n"); + } + if(cfgopt(copt, "ScanELF")->enabled) { + logg("ELF support enabled.\n"); + options |= CL_SCAN_ELF; + } else { + logg("ELF support disabled.\n"); + } + + if(cfgopt(copt, "ScanPE")->enabled || cfgopt(copt, "ScanELF")->enabled) { if(cfgopt(copt, "DetectBrokenExecutables")->enabled) { logg("Detection of broken executables enabled.\n"); options |= CL_SCAN_BLOCKBROKEN; } - - } else { - logg("Portable Executable support disabled.\n"); } if(cfgopt(copt, "ScanMail")->enabled) { diff --git a/clamav-devel/clamscan/clamscan.c b/clamav-devel/clamscan/clamscan.c index 56b745f64..9fb695928 100644 --- a/clamav-devel/clamscan/clamscan.c +++ b/clamav-devel/clamscan/clamscan.c @@ -258,6 +258,7 @@ void help(void) #endif mprintf(" --no-algorithmic Disable algorithmic detection\n"); mprintf(" --no-pe Disable PE analysis\n"); + mprintf(" --no-elf Disable ELF support\n"); mprintf(" --no-ole2 Disable OLE2 support\n"); mprintf(" --no-html Disable HTML support\n"); mprintf(" --no-archive Disable libclamav archive support\n"); diff --git a/clamav-devel/clamscan/clamscan_opt.h b/clamav-devel/clamscan/clamscan_opt.h index c5d70bfed..a6b73fe34 100644 --- a/clamav-devel/clamscan/clamscan_opt.h +++ b/clamav-devel/clamscan/clamscan_opt.h @@ -70,6 +70,7 @@ static struct option clamscan_longopt[] = { {"block-encrypted", 0, 0, 0}, {"block-max", 0, 0, 0}, {"no-pe", 0, 0, 0}, + {"no-elf", 0, 0, 0}, {"no-ole2", 0, 0, 0}, {"no-html", 0, 0, 0}, {"mbox", 0, 0, 'm'}, /* not used */ diff --git a/clamav-devel/clamscan/manager.c b/clamav-devel/clamscan/manager.c index c016940af..4dfcded69 100644 --- a/clamav-devel/clamscan/manager.c +++ b/clamav-devel/clamscan/manager.c @@ -186,6 +186,11 @@ int scanmanager(const struct optstruct *opt) else options |= CL_SCAN_PE; + if(opt_check(opt, "no-elf")) + options &= ~CL_SCAN_ELF; + else + options |= CL_SCAN_ELF; + if(opt_check(opt, "no-ole2")) options &= ~CL_SCAN_OLE2; else diff --git a/clamav-devel/docs/man/clamd.conf.5.in b/clamav-devel/docs/man/clamd.conf.5.in index 5b7e0b486..75e9ac317 100644 --- a/clamav-devel/docs/man/clamd.conf.5.in +++ b/clamav-devel/docs/man/clamd.conf.5.in @@ -199,8 +199,13 @@ PE stands for Portable Executable \- it's an executable file format used in all .br Default: enabled .TP +\fBScanELF\fR +Executable and Linking Format is a standard format for UN*X executables. This option allows you to control the scanning of ELF files. +.br +Default: enabled +.TP \fBDetectBrokenExecutables\fR -With this option clamd will try to detect broken executables and mark them as Broken.Executable. +With this option clamd will try to detect broken executables (both PE and ELF) and mark them as Broken.Executable. .br Default: disabled .TP diff --git a/clamav-devel/docs/man/clamscan.1 b/clamav-devel/docs/man/clamscan.1 index bf6c32ec3..0f314b67c 100644 --- a/clamav-devel/docs/man/clamscan.1 +++ b/clamav-devel/docs/man/clamscan.1 @@ -85,6 +85,9 @@ In some cases (eg. complex malware, exploits in graphic files, and others), Clam \fB\-\-no\-pe\fR PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG. This option \fBdisables\fR PE support and should be used with care! .TP +\fB\-\-no\-elf\fR +Executable and Linking Format is a standard format for UN*X executables. This option \fBdisables\fR ELF support. +.TP \fB\-\-no\-ole2\fR Disable support for Microsoft Office document files. .TP diff --git a/clamav-devel/etc/clamd.conf b/clamav-devel/etc/clamd.conf index 457a25744..921e435db 100644 --- a/clamav-devel/etc/clamd.conf +++ b/clamav-devel/etc/clamd.conf @@ -180,8 +180,13 @@ LocalSocket /tmp/clamd # Default: yes #ScanPE yes -# With this option clamav will try to detect broken executables and mark -# them as Broken.Executable +# Executable and Linking Format is a standard format for UN*X executables. +# This option allows you to control the scanning of ELF files. +# Default: yes +#ScanELF yes + +# With this option clamav will try to detect broken executables (both PE and +# ELF) and mark them as Broken.Executable. # Default: no #DetectBrokenExecutables yes diff --git a/clamav-devel/libclamav/clamav.h b/clamav-devel/libclamav/clamav.h index fe752a998..cd134a4e0 100644 --- a/clamav-devel/libclamav/clamav.h +++ b/clamav-devel/libclamav/clamav.h @@ -90,7 +90,8 @@ extern "C" #define CL_SCAN_BLOCKMAX 256 #define CL_SCAN_ALGO 512 #define CL_SCAN_NOPHISHING 1024 -#define CL_PHISH_NO_DOMAINLIST 4096 +#define CL_PHISH_NO_DOMAINLIST 4096 +#define CL_SCAN_ELF 8192 /* recommended options */ #define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGO) diff --git a/clamav-devel/libclamav/others.h b/clamav-devel/libclamav/others.h index feeeb5d4a..b01f8cfdc 100644 --- a/clamav-devel/libclamav/others.h +++ b/clamav-devel/libclamav/others.h @@ -62,6 +62,7 @@ typedef struct { #define SCAN_OLE2 (ctx->options & CL_SCAN_OLE2) #define SCAN_HTML (ctx->options & CL_SCAN_HTML) #define SCAN_PE (ctx->options & CL_SCAN_PE) +#define SCAN_ELF (ctx->options & CL_SCAN_ELF) #define SCAN_ALGO (ctx->options & CL_SCAN_ALGO) #define DETECT_ENCRYPTED (ctx->options & CL_SCAN_BLOCKENCRYPTED) #define BLOCKMAX (ctx->options & CL_SCAN_BLOCKMAX) diff --git a/clamav-devel/libclamav/scanners.c b/clamav-devel/libclamav/scanners.c index 033c1aa60..55cc92442 100644 --- a/clamav-devel/libclamav/scanners.c +++ b/clamav-devel/libclamav/scanners.c @@ -1838,7 +1838,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) ret = cli_scancryptff(desc, ctx); break; - case CL_TYPE_ELF: /* TODO: Add ScanELF option */ + case CL_TYPE_ELF: + if(SCAN_ELF) ret = cli_scanelf(desc, ctx); break; diff --git a/clamav-devel/shared/cfgparser.c b/clamav-devel/shared/cfgparser.c index dc4bcc814..5ffd10667 100644 --- a/clamav-devel/shared/cfgparser.c +++ b/clamav-devel/shared/cfgparser.c @@ -44,6 +44,7 @@ struct cfgoption cfg_options[] = { {"PidFile", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM}, {"TemporaryDirectory", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD}, {"ScanPE", OPT_BOOL, 1, NULL, 0, OPT_CLAMD}, + {"ScanELF", OPT_BOOL, 1, NULL, 0, OPT_CLAMD}, {"DetectBrokenExecutables", OPT_BOOL, 0, NULL, 0, OPT_CLAMD}, {"ScanMail", OPT_BOOL, 1, NULL, 0, OPT_CLAMD}, {"MailFollowURLs", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},