sig: convert .ith to .imp; add .imp to sigtool

9 years ago · 832d44e748
parent 3cc632adc8
commit 832d44e748
5 changed files with 23 additions and 17 deletions
--- a/libclamav/others.h
+++ b/libclamav/others.h
@ -285,7 +285,7 @@ struct cl_engine {
    /* hash matcher for MD5 sigs for PE sections */
    struct cli_matcher *hm_mdb;
    /* hash matcher for MD5 sigs for PE import tables */
-    struct cli_matcher *hm_ith;
+    struct cli_matcher *hm_imp;
    /* hash matcher for whitelist db */
    struct cli_matcher *hm_fp;

--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@ -2340,7 +2340,7 @@ static inline int scan_pe_impfuncs(cli_ctx *ctx, void *md5ctx, uint32_t *itsz, s
 }

 static int scan_pe_imptbl(cli_ctx *ctx, struct pe_image_data_dir *dirs, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size, int pe_plus) {
-    struct cli_matcher *ith = ctx->engine->hm_ith;
+    struct cli_matcher *imp = ctx->engine->hm_imp;
    struct pe_image_data_dir *datadir = &(dirs[1]);
    struct pe_image_import_descriptor *image;
    fmap_t *map = *ctx->fmap;
@ -2435,10 +2435,10 @@ static int scan_pe_imptbl(cli_ctx *ctx, struct pe_image_data_dir *dirs, struct c
            free(dstr);
    }

-    if (ith) {
-        if ((ret = cli_hm_scan(digest, itsz, &virname, ith, CLI_HASH_MD5)) == CL_VIRUS)
+    if (imp) {
+        if ((ret = cli_hm_scan(digest, itsz, &virname, imp, CLI_HASH_MD5)) == CL_VIRUS)
            cli_append_virus(ctx, virname);
-        else if ((ret = cli_hm_scan_wild(digest, &virname, ith, CLI_HASH_MD5)) == CL_VIRUS)
+        else if ((ret = cli_hm_scan_wild(digest, &virname, imp, CLI_HASH_MD5)) == CL_VIRUS)
            cli_append_virus(ctx, virname);
    }

@ -3356,9 +3356,9 @@ int cli_scanpe(cli_ctx *ctx)
    /* Attempt to run scans on import table */
    /* Run if there are existing signatures and/or preclassing */
 #if HAVE_JSON
-    if (DCONF & PE_CONF_IMPTBL && (ctx->engine->hm_ith || ctx->wrkproperty)) {
+    if (DCONF & PE_CONF_IMPTBL && (ctx->engine->hm_imp || ctx->wrkproperty)) {
 #else
-    if (DCONF & PE_CONF_IMPTBL && ctx->engine->hm_ith) {
+    if (DCONF & PE_CONF_IMPTBL && ctx->engine->hm_imp) {
 #endif
        ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus);
        switch (ret) {
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@ -2380,7 +2380,7 @@ static int cli_loadign(FILE *fs, struct cl_engine *engine, unsigned int options,
 #define MD5_HDB	    0
 #define MD5_MDB	    1
 #define MD5_FP	    2
-#define MD5_ITH	    3
+#define MD5_IMP	    3

 #define MD5_TOKENS 5
 static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int mode, unsigned int options, struct cli_dbio *dbio, const char *dbname)
@ -2401,8 +2401,8 @@ static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 	db = engine->hm_mdb;
    } else if(mode == MD5_HDB)
 	db = engine->hm_hdb;
-    else if(mode == MD5_ITH)
-	db = engine->hm_ith;
+    else if(mode == MD5_IMP)
+	db = engine->hm_imp;
    else
 	db = engine->hm_fp;

@ -2416,8 +2416,8 @@ static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 	    engine->hm_hdb = db;
 	else if(mode == MD5_MDB)
 	    engine->hm_mdb = db;
-	else if(mode == MD5_ITH)
-	    engine->hm_ith = db;
+	else if(mode == MD5_IMP)
+	    engine->hm_imp = db;
 	else
 	    engine->hm_fp = db;
    }
@ -4285,8 +4285,8 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
 	ret = cli_loadhash(fs, engine, signo, MD5_FP, options, dbio, dbname);
    } else if(cli_strbcasestr(dbname, ".mdb") || cli_strbcasestr(dbname, ".msb")) {
 	ret = cli_loadhash(fs, engine, signo, MD5_MDB, options, dbio, dbname);
-    } else if(cli_strbcasestr(dbname, ".ith")) {
-	ret = cli_loadhash(fs, engine, signo, MD5_ITH, options, dbio, dbname);
+    } else if(cli_strbcasestr(dbname, ".imp")) {
+	ret = cli_loadhash(fs, engine, signo, MD5_IMP, options, dbio, dbname);

    } else if(cli_strbcasestr(dbname, ".mdu") || cli_strbcasestr(dbname, ".msu")) {
 	if(options & CL_DB_PUA)
--- a/shared/optparser.c
+++ b/shared/optparser.c
@ -111,6 +111,7 @@ const struct clam_option __clam_options[] = {
    { NULL, "sha1", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },
    { NULL, "sha256", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },
    { NULL, "mdb", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },
+    { NULL, "imp", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },
    { NULL, "print-certs", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
    { NULL, "html-normalise", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
    { NULL, "ascii-normalise", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
--- a/sigtool/sigtool.c
+++ b/sigtool/sigtool.c
@ -118,6 +118,7 @@ static const struct dblist_s {
    { "wdb",   0 },
    { "crb",   1 },
    { "cdb",   1 },
+    { "imp",   1 },

    { NULL,	    0 }
 };
@ -1415,7 +1416,8 @@ static int listdir(const char *dirname, const regex_t *regex)
 	     cli_strbcasestr(dent->d_name, ".cbc") ||
 	     cli_strbcasestr(dent->d_name, ".cld") ||
 	     cli_strbcasestr(dent->d_name, ".cvd") ||  
-	     cli_strbcasestr(dent->d_name, ".crb"))) {
+	     cli_strbcasestr(dent->d_name, ".crb") ||
+	     cli_strbcasestr(dent->d_name, ".imp"))) {

 		dbfile = (char *) malloc(strlen(dent->d_name) + strlen(dirname) + 2);
 		if(!dbfile) {
@ -1559,7 +1561,7 @@ static int listdb(const char *filename, const regex_t *regex)
            line++;
            mprintf("%s\n", buffer);
        }
-    } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".hdu") || cli_strbcasestr(filename, ".mdb") || cli_strbcasestr(filename, ".mdu") || cli_strbcasestr(filename, ".hsb") || cli_strbcasestr(filename, ".hsu") || cli_strbcasestr(filename, ".msb") || cli_strbcasestr(filename, ".msu")) { /* hash database */
+    } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".hdu") || cli_strbcasestr(filename, ".mdb") || cli_strbcasestr(filename, ".mdu") || cli_strbcasestr(filename, ".hsb") || cli_strbcasestr(filename, ".hsu") || cli_strbcasestr(filename, ".msb") || cli_strbcasestr(filename, ".msu") || cli_strbcasestr(filename, ".imp")) { /* hash database */

 	while(fgets(buffer, FILEBUFF, fh)) {
 	    cli_chomp(buffer);
@ -3490,7 +3492,8 @@ static void help(void)
    mprintf("                                           or SHA1 sigs for FILES\n");
    mprintf("    --sha256 [FILES]                       generate SHA256 checksum from stdin\n");
    mprintf("                                           or SHA256 sigs for FILES\n");
-    mprintf("    --mdb [FILES]                          generate .mdb sigs\n");
+    mprintf("    --mdb [FILES]                          generate .mdb (section hash) sigs\n");
+    mprintf("    --imp [FILES]                          generate .imp (import table hash) sigs\n");
    mprintf("    --html-normalise=FILE                  create normalised parts of HTML file\n");
    mprintf("    --ascii-normalise=FILE                 create normalised text file from ascii source\n");
    mprintf("    --utf16-decode=FILE                    decode UTF16 encoded files\n");
@ -3585,6 +3588,8 @@ int main(int argc, char **argv)
 	ret = hashsig(opts, 0, 3);
    else if(optget(opts, "mdb")->enabled)
 	ret = hashsig(opts, 1, 1);
+    else if(optget(opts, "imp")->enabled)
+	ret = hashsig(opts, 2, 1);
    else if(optget(opts, "html-normalise")->enabled)
 	ret = htmlnorm(opts);
    else if(optget(opts, "ascii-normalise")->enabled)