dconf: support added for imptbl and imphash

10 years ago · 4adb74a45a
parent 66c20d21c3
commit 4adb74a45a
3 changed files with 16 additions and 12 deletions
--- a/libclamav/dconf.c
+++ b/libclamav/dconf.c
@ -74,6 +74,7 @@ static struct dconf_module modules[] = {
    { "PE",     "CATALOG",      PE_CONF_CATALOG,        1 },
    { "PE",     "CERTS",        PE_CONF_CERTS,      1 },
    { "PE",     "MATCHICON",    PE_CONF_MATCHICON,       1 },
+    { "PE",     "IMPTBL",       PE_CONF_IMPTBL,          1 },

    { "ELF",        NULL,       0x1,            1 },

--- a/libclamav/dconf.h
+++ b/libclamav/dconf.h
@ -65,6 +65,7 @@ struct cli_dconf {
 #define PE_CONF_CATALOG	    0x10000
 #define PE_CONF_CERTS       0x20000
 #define PE_CONF_MATCHICON   0x40000
+#define PE_CONF_IMPTBL      0x80000

 /* Archive flags */
 #define ARCH_CONF_RAR	    0x1
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@ -3360,7 +3360,8 @@ int cli_scanpe(cli_ctx *ctx)
    cli_bytecode_context_destroy(bc_ctx);

    /* Attempt to run scans on import table */
-    /* TODO: should this be target-tree-only? */
+    /* Run if there are existing signatures and/or preclassing */
+    if (ctx->dconf->pe & PE_CONF_IMPTBL) {
        ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus);
        switch (ret) {
            case CL_ENULLARG:
@ -3374,6 +3375,7 @@ int cli_scanpe(cli_ctx *ctx)
                free(exe_sections);
                return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN;
        }
+    }
    /* Attempt to detect some popular polymorphic viruses */

    /* W32.Parite.B */