add script to whitelist gdb entries (bb #1482).

git-svn: trunk@5016
16 years ago · 467bb4e0d7
parent 816d66a876
commit 467bb4e0d7
3 changed files with 14 additions and 0 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Thu Apr  2 23:50:36 EEST 2009 (edwin)
+-------------------------------------
+ * contrib/phishing/gdbwhitelist.sh, libclamav/phishcheck.c: add
+ script to whitelist gdb entries (bb #1482).
+
 Thu Apr  2 23:35:36 EEST 2009 (edwin)
 -------------------------------------
 * docs/phishsigs_howto.tex, libclamav/phishcheck.c,
--- a/contrib/phishing/gdbwhitelist.sh
+++ b/contrib/phishing/gdbwhitelist.sh
@ -0,0 +1,8 @@
+#!/bin/sh
+if test $# -ne 1; then
+    echo "Usage: $0 /path/to/sample\n";
+    exit 1;
+fi
+
+clamscan  --debug $1 >/dev/null 2>debugout
+grep "This hash matched" debugout | sed -e 's/.*matched: \(.*\)/S:W:\1/'
--- a/libclamav/phishcheck.c
+++ b/libclamav/phishcheck.c
@ -1205,6 +1205,7 @@ static int hash_match(const struct regex_matcher *rlist, const char *host, size_
 		    return CL_SUCCESS;
 	    }
 	    if (cli_bm_scanbuff(sha256_dig, 32, &virname, &rlist->sha256_hashes,0,0,-1) == CL_VIRUS) {
+		cli_dbgmsg("This hash matched: %s\n", h);
 		switch(*virname) {
 		    case 'W':
 			cli_dbgmsg("Hash is whitelisted, skipping\n");