dconf: support added for imptbl and imphash

libclamav/dconf.c

@@ -74,6 +74,7 @@ static struct dconf_module modules[] = {
     { "PE",     "CATALOG",      PE_CONF_CATALOG,        1 },
     { "PE",     "CERTS",        PE_CONF_CERTS,      1 },
     { "PE",     "MATCHICON",    PE_CONF_MATCHICON,       1 },
+    { "PE",     "IMPTBL",       PE_CONF_IMPTBL,          1 },
 
     { "ELF",        NULL,       0x1,            1 },
 

libclamav/dconf.h

@@ -65,6 +65,7 @@ struct cli_dconf {
 #define PE_CONF_CATALOG	    0x10000
 #define PE_CONF_CERTS       0x20000
 #define PE_CONF_MATCHICON   0x40000
+#define PE_CONF_IMPTBL      0x80000
 
 /* Archive flags */
 #define ARCH_CONF_RAR	    0x1

libclamav/pe.c

@@ -3360,19 +3360,21 @@ int cli_scanpe(cli_ctx *ctx)
     cli_bytecode_context_destroy(bc_ctx);
 
     /* Attempt to run scans on import table */
-    /* TODO: should this be target-tree-only? */
+    /* Run if there are existing signatures and/or preclassing */
-    ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus);
+    if (ctx->dconf->pe & PE_CONF_IMPTBL) {
-    switch (ret) {
+        ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus);
-        case CL_ENULLARG:
+        switch (ret) {
-            cli_warnmsg("cli_scanpe: NULL argument supplied\n");
+            case CL_ENULLARG:
-            break;
+                cli_warnmsg("cli_scanpe: NULL argument supplied\n");
-        case CL_VIRUS:
-            if (SCAN_ALL)
                 break;
-            /* intentional fall-through */
+            case CL_VIRUS:
-        case CL_BREAK:
+                if (SCAN_ALL)
-            free(exe_sections);
+                    break;
-            return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN;
+                /* intentional fall-through */
+            case CL_BREAK:
+                free(exe_sections);
+                return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN;
+        }
     }
     /* Attempt to detect some popular polymorphic viruses */