From ac9aab8bec915612684e6237229d9d2babcb246b Mon Sep 17 00:00:00 2001
From: Tomasz Kojm <tkojm@clamav.net>
Date: Sun, 16 Dec 2007 18:49:51 +0000
Subject: [PATCH] support whitelisting of individual .mdb sigs

git-svn: trunk@3427
---
 ChangeLog      | 4 ++++
 libclamav/pe.c | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 2977728ea..ca7f0f7f4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sun Dec 16 19:09:36 CET 2007 (tk)
+---------------------------------
+  * libclamav/pe.c: support whitelisting of individual .mdb sigs
+
 Sat Dec 15 20:50:02 CET 2007 (tk)
 ---------------------------------
   * libclamav: - use B-M to handle .hdb and .fp databases
diff --git a/libclamav/pe.c b/libclamav/pe.c
index 2f09eab1f..873217c36 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -804,9 +804,17 @@ int cli_scanpe(int desc, cli_ctx *ctx)
 		    if(md5_sect->soff[j] == exe_sections[i].rsz) {
 			unsigned char md5_dig[16];
 			if(cli_md5sect(desc, &exe_sections[i], md5_dig) && cli_bm_scanbuff(md5_dig, 16, ctx->virname, ctx->engine->md5_mdb, 0, 0, -1) == CL_VIRUS) {
+			    /* Since .mdb sigs are not fp-prone, to save
+			     * performance we don't call cli_checkfp() here,
+			     * just give the possibility of whitelisting
+			     * idividual .mdb entries via daily.fp
+			     */
+			    if(cli_bm_scanbuff(md5_dig, 16, NULL, ctx->engine->md5_fp, 0, 0, -1) != CL_VIRUS) {
+
 				free(section_hdr);
 				free(exe_sections);
 				return CL_VIRUS;
+			    }
 			}
 			break;
 		    }