support whitelisting of individual .mdb sigs

git-svn: trunk@3427
18 years ago · ac9aab8bec
parent 7891ef0bc0
commit ac9aab8bec
2 changed files with 12 additions and 0 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+Sun Dec 16 19:09:36 CET 2007 (tk)
+---------------------------------
+  * libclamav/pe.c: support whitelisting of individual .mdb sigs
+
 Sat Dec 15 20:50:02 CET 2007 (tk)
 ---------------------------------
  * libclamav: - use B-M to handle .hdb and .fp databases
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@ -804,9 +804,17 @@ int cli_scanpe(int desc, cli_ctx *ctx)
 		    if(md5_sect->soff[j] == exe_sections[i].rsz) {
 			unsigned char md5_dig[16];
 			if(cli_md5sect(desc, &exe_sections[i], md5_dig) && cli_bm_scanbuff(md5_dig, 16, ctx->virname, ctx->engine->md5_mdb, 0, 0, -1) == CL_VIRUS) {
+			    /* Since .mdb sigs are not fp-prone, to save
+			     * performance we don't call cli_checkfp() here,
+			     * just give the possibility of whitelisting
+			     * idividual .mdb entries via daily.fp
+			     */
+			    if(cli_bm_scanbuff(md5_dig, 16, NULL, ctx->engine->md5_fp, 0, 0, -1) != CL_VIRUS) {
+
 				free(section_hdr);
 				free(exe_sections);
 				return CL_VIRUS;
+			    }
 			}
 			break;
 		    }