open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

clamd: add new config option BytecodeUnsigned (bb#2537); drop

Browse Source 
"None" from BytecodeSecurity
clamscan: add new switch --bytecode-unsigned and drop --bytecode-trust-all
remotes/push_mirror/vc9-vt-dnd
Tomasz Kojm 14 years ago
parent a771899ab6
commit 62315ce69a
13 changed files with 89 additions and 101 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      ChangeLog
  2. 75
      clamd/clamd.c
  3. 2
      clamscan/clamscan.c
  4. 5
      clamscan/manager.c
  5. 47
      configure
  6. 9
      configure.in
  7. 7
      docs/man/clamd.conf.5.in
  8. 4
      docs/man/clamscan.1.in
  9. 3
      libclamav/clamav.h
  10. 6
      libclamav/others.c
  11. 11
      libclamav/readdb.c
  12. 13
      shared/optparser.c
  13. 2
      win32/clamav-config.h

6
ChangeLog
Unescape View File

@ -1,3 +1,9 @@
Thu Feb 17 19:13:15 CET 2011 (tk)
---------------------------------
* clamd: add new config option BytecodeUnsigned (bb#2537); drop
"None" from BytecodeSecurity
* clamscan: add new switch --bytecode-unsigned and drop --bytecode-trust-all
Tue Feb 15 19:19:31 CET 2011 (tk)
---------------------------------
* sigtool/sigtool.c: improve handling of bytecode.info (bb#2292)

75
clamd/clamd.c
Unescape View File

@ -436,44 +436,49 @@ int main(int argc, char **argv)
else
logg("#Not loading phishing signatures.\n");
if(optget(opts,"Bytecode")->enabled)
if(optget(opts,"Bytecode")->enabled) {
dboptions |= CL_DB_BYTECODE;
if((opt = optget(opts,"BytecodeSecurity"))->enabled) {
enum bytecode_security s;
if (!strcmp(opt->strarg, "TrustSigned"))
s = CL_BYTECODE_TRUST_SIGNED;
else if (!strcmp(opt->strarg, "None"))
s = CL_BYTECODE_TRUST_ALL;
else if (!strcmp(opt->strarg, "Paranoid"))
s = CL_BYTECODE_TRUST_NOTHING;
else {
logg("!Unable to parse bytecode security setting:%s\n",
opt->strarg);
ret = 1;
break;
if((opt = optget(opts,"BytecodeSecurity"))->enabled) {
enum bytecode_security s;
if (!strcmp(opt->strarg, "TrustSigned")) {
s = CL_BYTECODE_TRUST_SIGNED;
logg("Bytecode: Security mode set to \"TrustSigned\".\n");
} else if (!strcmp(opt->strarg, "Paranoid")) {
s = CL_BYTECODE_TRUST_NOTHING;
logg("Bytecode: Security mode set to \"Paranoid\".\n");
} else {
logg("!Unable to parse bytecode security setting:%s\n",
opt->strarg);
ret = 1;
break;
}
if ((ret = cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, s))) {
logg("Invalid bytecode security setting %s: %s\n", opt->strarg, cl_strerror(ret));
ret = 1;
break;
}
}
if ((ret = cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, s))) {
logg("Invalid bytecode security setting %s: %s\n", opt->strarg, cl_strerror(ret));
ret = 1;
break;
if((opt = optget(opts,"BytecodeUnsigned"))->enabled) {
dboptions |= CL_DB_BYTECODE_UNSIGNED;
logg("Bytecode: Enabled support for unsigned bytecode.\n");
}
}
if((opt = optget(opts,"BytecodeMode"))->enabled) {
enum bytecode_mode mode;
if (!strcmp(opt->strarg, "ForceJIT"))
mode = CL_BYTECODE_MODE_JIT;
else if(!strcmp(opt->strarg, "ForceInterpreter"))
mode = CL_BYTECODE_MODE_INTERPRETER;
else if(!strcmp(opt->strarg, "Test"))
mode = CL_BYTECODE_MODE_TEST;
else
mode = CL_BYTECODE_MODE_AUTO;
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
}
if((opt = optget(opts,"BytecodeTimeout"))->enabled) {
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
}
if((opt = optget(opts,"BytecodeMode"))->enabled) {
enum bytecode_mode mode;
if (!strcmp(opt->strarg, "ForceJIT"))
mode = CL_BYTECODE_MODE_JIT;
else if(!strcmp(opt->strarg, "ForceInterpreter"))
mode = CL_BYTECODE_MODE_INTERPRETER;
else if(!strcmp(opt->strarg, "Test"))
mode = CL_BYTECODE_MODE_TEST;
else
mode = CL_BYTECODE_MODE_AUTO;
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
}
if((opt = optget(opts,"BytecodeTimeout"))->enabled) {
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
}
} else
logg("Bytecode support disabled.\n");
if(optget(opts,"PhishingScanURLs")->enabled)
dboptions |= CL_DB_PHISHING_URLS;

2
clamscan/clamscan.c
Unescape View File

@ -222,7 +222,7 @@ void help(void)
mprintf(" --include-dir=REGEX Only scan directories matching REGEX\n");
mprintf("\n");
mprintf(" --bytecode[=yes(*)/no] Load bytecode from the database\n");
mprintf(" --bytecode-trust-all[=yes/no(*)] Trust all loaded bytecode\n");
mprintf(" --bytecode-unsigned[=yes/no(*)] Load unsigned bytecode\n");
mprintf(" --bytecode-timeout=N Set bytecode timeout (in milliseconds)\n");
mprintf(" --detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications\n");
mprintf(" --exclude-pua=CAT Skip PUA sigs of category CAT\n");

5
clamscan/manager.c
Unescape View File

@ -488,8 +488,9 @@ int scanmanager(const struct optstruct *opts)
if(optget(opts, "leave-temps")->enabled)
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
if(optget(opts, "bytecode-trust-all")->enabled)
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL);
if(optget(opts, "bytecode-unsigned")->enabled)
dboptions |= CL_DB_BYTECODE_UNSIGNED;
if((opt = optget(opts,"bytecode-timeout"))->enabled)
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
if((opt = optget(opts,"bytecode-mode"))->enabled) {

47
configure vendored
Unescape View File

@ -974,7 +974,6 @@ with_user
with_group
enable_clamav
enable_debug
enable_unsigned_bytecode
enable_no_cache
enable_dns_fix
enable_bigstack
@ -1652,7 +1651,6 @@ Optional Features:
--enable-yp-check use ypmatch utility instead of /etc/passwd parsing
--disable-clamav disable test for clamav user/group
--enable-debug enable debug code
--enable-unsigned-bytecode enable load of unsigned bytecode
--enable-no-cache use "Cache-Control: no-cache" in freshclam
--enable-dns-fix enable workaround for broken DNS servers (as in SpeedTouch 510)
--enable-bigstack increase thread stack size
@ -5182,13 +5180,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
(eval echo "\"\$as_me:5185: $ac_compile\"" >&5)
(eval echo "\"\$as_me:5183: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
(eval echo "\"\$as_me:5188: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval echo "\"\$as_me:5186: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
(eval echo "\"\$as_me:5191: output\"" >&5)
(eval echo "\"\$as_me:5189: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@ -6383,7 +6381,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 6386 "configure"' > conftest.$ac_ext
echo '#line 6384 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@ -7910,11 +7908,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7913: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7911: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:7917: \$? = $ac_status" >&5
echo "$as_me:7915: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -8249,11 +8247,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8252: $lt_compile\"" >&5)
(eval echo "\"\$as_me:8250: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:8256: \$? = $ac_status" >&5
echo "$as_me:8254: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -8354,11 +8352,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8357: $lt_compile\"" >&5)
(eval echo "\"\$as_me:8355: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:8361: \$? = $ac_status" >&5
echo "$as_me:8359: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -8409,11 +8407,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8412: $lt_compile\"" >&5)
(eval echo "\"\$as_me:8410: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:8416: \$? = $ac_status" >&5
echo "$as_me:8414: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -10793,7 +10791,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 10796 "configure"
#line 10794 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -10889,7 +10887,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 10892 "configure"
#line 10890 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -11561,7 +11559,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 11564 "configure"
#line 11562 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -16651,21 +16649,6 @@ $as_echo "#define NDEBUG 1" >>confdefs.h
fi
# Check whether --enable-unsigned-bytecode was given.
if test "${enable_unsigned_bytecode+set}" = set; then :
enableval=$enable_unsigned_bytecode; enable_unsignedbytecode="$enableval"
else
enable_unsignedbytecode="no"
fi
if test "$enable_unsignedbytecode" = "yes"; then
VERSION_SUFFIX="$VERSION_SUFFIX-unsigned-bc"
$as_echo "#define CL_BCUNSIGNED 1" >>confdefs.h
fi
# Check whether --enable-no-cache was given.
if test "${enable_no_cache+set}" = set; then :
enableval=$enable_no_cache; enable_nocache=$enableval

9
configure.in
Unescape View File

@ -856,15 +856,6 @@ else
AC_DEFINE([NDEBUG],1,[disable assertions])
fi
AC_ARG_ENABLE([unsigned-bytecode],
[ --enable-unsigned-bytecode enable load of unsigned bytecode],
enable_unsignedbytecode="$enableval", enable_unsignedbytecode="no")
if test "$enable_unsignedbytecode" = "yes"; then
VERSION_SUFFIX="$VERSION_SUFFIX-unsigned-bc"
AC_DEFINE([CL_BCUNSIGNED],1,[enable loading of unsigned bytecode])
fi
AC_ARG_ENABLE([no-cache],
[ --enable-no-cache use "Cache-Control: no-cache" in freshclam],
enable_nocache=$enableval, enable_nocache="no")

7
docs/man/clamd.conf.5.in
Unescape View File

@ -250,10 +250,15 @@ With this option enabled ClamAV will load bytecode from the database. It is high
Default: yes
.TP
\fBBytecodeSecurity STRING\fR
Set bytecode security level. Possible values: \fBNone\fR: no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS, \fBTrustSigned\fR: trust bytecode loaded from signed .c[lv]d files and insert runtime safety checks for bytecode loaded from other sources, \fBParanoid\fR: don't trust any bytecode, insert runtime checks for all. The recommended setting is \fBTrustSigned\fR, because bytecode in .cvd files already has safety checks inserted into it.
Set bytecode security level. Possible values: \fBTrustSigned\fR: trust bytecode loaded from signed .c[lv]d files and insert runtime safety checks for bytecode loaded from other sources, \fBParanoid\fR: don't trust any bytecode, insert runtime checks for all. The recommended setting is \fBTrustSigned\fR, because bytecode in .cvd files already has safety checks inserted into it.
.br
Default: TrustSigned
.TP
\fBBytecodeUnsigned BOOL\fR
Allow loading bytecode from outside digitally signed .c[lv]d files.
.br
Default: no
.TP
\fBBytecodeTimeout NUMBER\fR
Set bytecode timeout in milliseconds.
.br

4
docs/man/clamscan.1.in
Unescape View File

@ -87,8 +87,8 @@ Copy infected files into DIRECTORY. Directory must be writable for the '@CLAMAVU
\fB\-\-bytecode[=yes(*)/no]\fR
With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses.
.TP
\fB\-\-bytecode\-trust\-all[=yes/no(*)]\fR
This option disables safety checks and makes ClamAV trust all bytecode. It should only be used for debugging.
\fB\-\-bytecode\-unsigned[=yes/no(*)]\fR
Allow loading bytecode from outside digitally signed .c[lv]d files.
.TP
\fB\-\-bytecode\-timeout=N\fR
Set bytecode timeout in milliseconds (default: 60000 = 60s)

3
libclamav/clamav.h
Unescape View File

@ -92,6 +92,7 @@ typedef enum {
#define CL_DB_OFFICIAL_ONLY 0x1000
#define CL_DB_BYTECODE 0x2000
#define CL_DB_SIGNED 0x4000 /* internal */
#define CL_DB_BYTECODE_UNSIGNED 0x8000
/* recommended db settings */
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE)
@ -160,7 +161,7 @@ enum cl_engine_field {
};
enum bytecode_security {
CL_BYTECODE_TRUST_ALL=0, /* insecure, debug setting */
CL_BYTECODE_TRUST_ALL=0, /* obsolete */
CL_BYTECODE_TRUST_SIGNED, /* default */
CL_BYTECODE_TRUST_NOTHING /* paranoid setting */
};

6
libclamav/others.c
Unescape View File

@ -413,12 +413,6 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long
engine->keeptmp = num;
break;
case CL_ENGINE_BYTECODE_SECURITY:
#ifndef CL_BCUNSIGNED
if (num == CL_BYTECODE_TRUST_ALL) {
cli_errmsg("cl_engine_set_num: CL_BYTECODE_TRUST_ALL is only supported when ClamAV is built with ./configure --enable-unsigned-bytecode\n");
return CL_EARG;
}
#endif
if (engine->dboptions & CL_DB_COMPILED) {
cli_errmsg("cl_engine_set_num: CL_ENGINE_BYTECODE_SECURITY cannot be set after engine was compiled\n");
return CL_EARG;

11
libclamav/readdb.c
Unescape View File

@ -1430,13 +1430,12 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
return CL_SUCCESS;
}
#ifndef CL_BCUNSIGNED
if (!(options & CL_DB_SIGNED)) {
if (!(options & CL_DB_BYTECODE_UNSIGNED) && !(options & CL_DB_SIGNED)) {
cli_warnmsg("Only loading signed bytecode, skipping load of unsigned bytecode!\n");
cli_warnmsg("Build with ./configure --enable-unsigned-bytecode to enable loading of unsigned bytecode\n");
cli_warnmsg("Turn on BytecodeUnsigned/--bytecode-unsigned to enable loading of unsigned bytecode\n");
return CL_SUCCESS;
}
#endif
bcs->all_bcs = cli_realloc2(bcs->all_bcs, sizeof(*bcs->all_bcs)*(bcs->count+1));
if (!bcs->all_bcs) {
cli_errmsg("cli_loadcbc: Can't allocate memory for bytecode entry\n");
@ -1446,10 +1445,6 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
bc = &bcs->all_bcs[bcs->count-1];
switch (engine->bytecode_security) {
case CL_BYTECODE_TRUST_ALL:
security_trust = 1;
cli_dbgmsg("bytecode: trusting all bytecode!\n");
break;
case CL_BYTECODE_TRUST_SIGNED:
security_trust = !!(options & CL_DB_SIGNED);
break;

13
shared/optparser.c
Unescape View File

@ -126,7 +126,6 @@ const struct clam_option __clam_options[] = {
{ NULL, "force-interpreter", 'f', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Force using the interpreter instead of the JIT", "" },
{ NULL, "trust-bytecode", 't', TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMBC, "Trust loaded bytecode (default yes)", ""},
{ NULL, "bytecode-trust-all", 't', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Trust loaded bytecode (default: only if signed)", ""},
{ NULL, "info", 'i', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Load and print bytecode information without executing", ""},
{ NULL, "printsrc", 'p', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Print source code of bytecode", ""},
{ NULL, "input", 'r', TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMBC, "Input file to run the bytecode n", ""},
@ -134,6 +133,7 @@ const struct clam_option __clam_options[] = {
{ NULL, "no-trace-showsource", 's', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Don't show source line during tracing",""},
/* cmdline only - deprecated */
{ NULL, "bytecode-trust-all", 't', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
{ NULL, "http-proxy", 0, TYPE_STRING, NULL, 0, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
{ NULL, "proxy-user", 0, TYPE_STRING, NULL, 0, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
{ NULL, "log-verbose", 0, TYPE_BOOL, NULL, 0, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
@ -254,12 +254,19 @@ const struct clam_option __clam_options[] = {
/* Scan options */
{ "Bytecode", "bytecode", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
{ "BytecodeSecurity", NULL, 0, TYPE_STRING, "^(None|TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD,
"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
{ "BytecodeSecurity", NULL, 0, TYPE_STRING, "^(TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD,
"Set bytecode security level.\nPossible values:\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
{ "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 5000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
"Set bytecode timeout in miliseconds.\n","5000"},
{ "BytecodeUnsigned", "bytecode-unsigned", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
"Allow loading bytecode from outside digitally signed .c[lv]d files.\n","no"},
{ "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
"Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceIntepreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal\n","Auto"},
{ "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
{ "ExcludePUA", "exclude-pua", 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_CLAMSCAN, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool\nPWTool" },

2
win32/clamav-config.h
Unescape View File

@ -505,7 +505,7 @@
/* #undef USE_SYSLOG */
/* Version number of package */
#define VERSION "devel-clamav-0.97-17-ge0aab5d"
#define VERSION "devel-clamav-0.97-23-ga771899"
/* Version suffix for package */
#define VERSION_SUFFIX ""

Write Preview
Loading…
Cancel
Save