added BC_PRECLASS hook support; replaces target type 13

10 years ago · 47c2d618cd
parent 0e7442f11e
commit 47c2d618cd
3 changed files with 35 additions and 13 deletions
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@ -3000,6 +3000,12 @@ void cli_bytecode_describe(const struct cli_bc *bc)
 	    else
 		puts("all PE files!");
 	    break;
+	case BC_PRECLASS:
+	    if (bc->lsig)
+		puts("PRECLASS files matching logical signature");
+	    else
+		puts("all PRECLASS files!");
+	    break;
 	default:
 	    puts("N/A (unknown type)\n");
 	    break;
--- a/libclamav/bytecode_api.h
+++ b/libclamav/bytecode_api.h
@ -61,6 +61,9 @@ enum BytecodeKind {
    /** specifies a PE hook, executes at a predetermined point in PE parsing for PE files,
      * both packed and unpacked files */
    BC_PE_ALL,
+    /** specifies a PRECLASS hook, executes at the end of file property collection and
+      * operates on the original file targeted for property collection */
+    BC_PRECLASS,
    _BC_LAST_HOOK
 };

@ -97,12 +100,13 @@ enum FunctionalityLevels {
    FUNC_LEVEL_097_6     = 67, /**< LibClamAV release 0.97.6 */
    FUNC_LEVEL_097_7     = 68, /**< LibClamAV release 0.97.7 */
    FUNC_LEVEL_097_8     = 69, /**< LibClamAV release 0.97.8 */
-    FUNC_LEVEL_098_1     = 76, /**< LibClamAV release 0.98.2 */ /*last syncing to clamav*/
+    FUNC_LEVEL_098_1     = 76, /**< LibClamAV release 0.98.1 */ /*last syncing to clamav*/
    FUNC_LEVEL_098_2     = 77, /**< LibClamAV release 0.98.2 */
    FUNC_LEVEL_098_3     = 77, /**< LibClamAV release 0.98.3 */
    FUNC_LEVEL_098_4     = 77, /**< LibClamAV release 0.98.4 */
    FUNC_LEVEL_098_5     = 79, /**< LibClamAV release 0.98.5: JSON reading API requires this minimum level */
    FUNC_LEVEL_098_6     = 79, /**< LibClamAV release 0.98.6 */
+    FUNC_LEVEL_098_7     = 80, /**< LibClamAV release 0.98.7: BC_PRECLASS bytecodes require minimum level */
    FUNC_LEVEL_100       = 100 /*future release candidate*/
 };

@ -111,7 +115,7 @@ enum FunctionalityLevels {
 * Phase of PDF parsing used for PDF Hooks
 */
 enum pdf_phase {
-    PDF_PHASE_NONE,     /* not a PDF */
+    PDF_PHASE_NONE,     /**< not a PDF */
    PDF_PHASE_PARSED,   /**< after parsing a PDF, object flags can be set etc. */
    PDF_PHASE_POSTDUMP, /**< after an obj was dumped and scanned */
    PDF_PHASE_END,      /**< after the pdf scan finished */
@ -1123,14 +1127,14 @@ int32_t get_file_reliability(void);
 /* ----------------- END 0.96.4 APIs ---------------------------------- */
 /* ----------------- BEGIN 0.98.4 APIs -------------------------------- */
 /* ----------------- JSON Parsing APIs -------------------------------- */
-/*
+/**
 \group_json
 * @return 0 - json is disabled or option not specified
 * @return 1 - json is active and properties are available
 */
 int32_t json_is_active(void);

-/*
+/**
 \group_json
 * @return objid of json object with specified name
 * @return 0 if json object of specified name cannot be found
@ -1142,7 +1146,7 @@ int32_t json_is_active(void);
 */
 int32_t json_get_object(const int8_t* name, int32_t name_len, int32_t objid);

-/*
+/**
 \group_json
 * @return type (json_type) of json object specified
 * @return -1 if type unknown or invalid id
@ -1150,7 +1154,7 @@ int32_t json_get_object(const int8_t* name, int32_t name_len, int32_t objid);
 */
 int32_t json_get_type(int32_t objid);

-/*
+/**
 \group_json
 * @return number of elements in the json array of objid
 * @return -1 if an error has occurred
@ -1159,7 +1163,7 @@ int32_t json_get_type(int32_t objid);
 */
 int32_t json_get_array_length(int32_t objid);

-/*
+/**
 \group_json
 * @return objid of json object at idx of json array of objid
 * @return 0 if invalid idx
@ -1170,7 +1174,7 @@ int32_t json_get_array_length(int32_t objid);
 */
 int32_t json_get_array_idx(int32_t idx, int32_t objid);

-/*
+/**
 \group_json
 * @return length of json string of objid, not including terminating null-character
 * @return -1 if an error has occurred
@ -1179,7 +1183,7 @@ int32_t json_get_array_idx(int32_t idx, int32_t objid);
 */
 int32_t json_get_string_length(int32_t objid);

-/*
+/**
 \group_json
 * @return number of characters transferred (capped by str_len), 
 *         including terminating null-character
@ -1192,20 +1196,21 @@ int32_t json_get_string_length(int32_t objid);
 */
 int32_t json_get_string(int8_t* str, int32_t str_len, int32_t objid);

-/*
+/**
 \group_json
 * @return boolean value of queried objid; will force other types to boolean
 * @param[in] objid - id value of json object to query
 */
 int32_t json_get_boolean(int32_t objid);

-/*
+/**
 \group_json
 * @return integer value of queried objid; will force other types to integer
 * @param[in] objid - id value of json object to query
 */
 int32_t json_get_int(int32_t objid);

+//int64_t json_get_int64(int32_t objid);
 /* bytecode does not support double type */
 //double json_get_double(int32_t objid);

--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@ -3469,8 +3469,19 @@ static int scan_common(int desc, cl_fmap_t *map, const char **virname, unsigned

           /* Scan the json string unless a virus was detected */
            if (rc != CL_VIRUS) {
-                ctx.options &= ~CL_SCAN_FILE_PROPERTIES;
-                rc = cli_mem_scandesc(jstring, strlen(jstring), &ctx);
+                /* CONSTRUCTION */
+                struct cli_bc_ctx *bc_ctx = cli_bytecode_context_alloc();
+                if (!bc_ctx) {
+                    cli_errmsg("scan_common: can't allocate memory for bc_ctx\n");
+                    rc = CL_EMEM;
+                }
+                else {
+                    cli_bytecode_context_setctx(bc_ctx, &ctx);
+                    rc = cli_bytecode_runhook(&ctx, ctx.engine, bc_ctx, BC_PRECLASS, map);
+                    cli_bytecode_context_destroy(bc_ctx);
+                }
+                //ctx.options &= ~CL_SCAN_FILE_PROPERTIES;
+                //rc = cli_mem_scandesc(jstring, strlen(jstring), &ctx);
            }

            /* Invoke file props callback */