open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add spam to cache and magicscan

Browse Source
0.96
aCaB 15 years ago
parent d2a0d381fc
commit aef8d4acbf
2 changed files with 37 additions and 19 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      libclamav/cache.c
  2. 50
      libclamav/scanners.c

6
libclamav/cache.c
Unescape View File

@ -716,6 +716,7 @@ void cache_add(unsigned char *md5, size_t size, cli_ctx *ctx) {
#endif
pthread_mutex_unlock(&c->mutex);
cli_dbgmsg("cache_add: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", md5[0], md5[1], md5[2], md5[3], md5[4], md5[5], md5[6], md5[7], md5[8], md5[9], md5[10], md5[11], md5[12], md5[13], md5[14], md5[15]);
return;
}
@ -725,6 +726,7 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {
fmap_t *map;
size_t todo, at = 0;
cli_md5_ctx md5;
int ret;
if(!ctx || !ctx->engine || !ctx->engine->cache)
return CL_VIRUS;
@ -743,5 +745,7 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {
cli_md5_update(&md5, buf, readme);
}
cli_md5_final(hash, &md5);
return cache_lookup_hash(hash, map->len, ctx->engine->cache);
ret = cache_lookup_hash(hash, map->len, ctx->engine->cache);
cli_dbgmsg("cache_check: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x is %s\n", hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9], hash[10], hash[11], hash[12], hash[13], hash[14], hash[15], (ret == CL_VIRUS) ? "negative" : "positive");
return ret;
}

50
libclamav/scanners.c
Unescape View File

@ -1868,6 +1868,14 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
return ret;
}
#define LINESTR(x) #x
#define LINESTR2(x) LINESTR(x)
#define __AT__ " at line "LINESTR2(__LINE__)
#define ret_from_magicscan(retcode) { \
cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", retcode, __AT__); \
return retcode; \
} while(0)
int cli_magic_scandesc(int desc, cli_ctx *ctx)
{
int ret = CL_CLEAN;
@ -1879,45 +1887,46 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
unsigned char hash[16];
bitset_t *old_hook_lsig_matches;
cli_dbgmsg("in cli_magic_scandesc (reclevel: %u/%u)\n", ctx->recursion, ctx->engine->maxreclevel);
if(ctx->engine->maxreclevel && ctx->recursion > ctx->engine->maxreclevel) {
cli_dbgmsg("cli_magic_scandesc: Archive recursion limit exceeded (%u, max: %u)\n", ctx->recursion, ctx->engine->maxreclevel);
return CL_CLEAN;
ret_from_magicscan(CL_CLEAN); /* FIXMEDONTCACHE */
}
if(fstat(desc, &sb) == -1) {
cli_errmsg("magic_scandesc: Can't fstat descriptor %d\n", desc);
return CL_ESTAT;
ret_from_magicscan(CL_ESTAT);
}
if(sb.st_size <= 5) {
cli_dbgmsg("Small data (%u bytes)\n", (unsigned int) sb.st_size);
return CL_CLEAN;
ret_from_magicscan(CL_CLEAN);
}
if(!ctx->engine) {
cli_errmsg("CRITICAL: engine == NULL\n");
return CL_ENULLARG;
ret_from_magicscan(CL_ENULLARG);
}
if(!(ctx->engine->dboptions & CL_DB_COMPILED)) {
cli_errmsg("CRITICAL: engine not compiled\n");
return CL_EMALFDB;
ret_from_magicscan(CL_EMALFDB);
}
if(cli_updatelimits(ctx, sb.st_size)!=CL_CLEAN)
return CL_CLEAN;
ret_from_magicscan(CL_CLEAN); /* FIXMEDONTCACHE */
ctx->fmap++;
if(!(*ctx->fmap = fmap(desc, 0, sb.st_size))) {
cli_errmsg("CRITICAL: fmap() failed\n");
ctx->fmap--;
return CL_EMEM;
ret_from_magicscan(CL_EMEM);
}
if(cache_check(hash, ctx) == CL_CLEAN) {
funmap(*ctx->fmap);
ctx->fmap--;
return CL_CLEAN;
ret_from_magicscan(CL_CLEAN);
}
hashed_size = (*ctx->fmap)->len;
old_hook_lsig_matches = ctx->hook_lsig_matches;
@ -1931,11 +1940,16 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
if((ret = cli_fmap_scandesc(ctx, 0, 0, NULL, AC_SCAN_VIR, hash)) == CL_VIRUS)
cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, desc);
else if(ctx->recursion != ctx->engine->maxreclevel)
cache_add(hash, hashed_size, ctx); /* Only cache if limits are not reached */
else if(ret == CL_CLEAN) {
if(ctx->recursion != ctx->engine->maxreclevel)
cache_add(hash, hashed_size, ctx); /* Only cache if limits are not reached */
else
{} /* FIXMEDONTCACHE */
}
funmap(*ctx->fmap);
ctx->fmap--;
return ret;
ret_from_magicscan(ret);
}
type = cli_filetype2(*ctx->fmap, ctx->engine); /* FIXMEFMAP: port to fmap */
@ -1943,13 +1957,13 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
cli_dbgmsg("cli_magic_scandesc: cli_filetype2 returned CL_TYPE_ERROR\n");
funmap(*ctx->fmap);
ctx->fmap--;
return CL_EREAD;
ret_from_magicscan(CL_EREAD);
}
lseek(desc, 0, SEEK_SET); /* FIXMEFMAP: remove ? */
ctx->hook_lsig_matches = cli_bitset_init();
if (!ctx->hook_lsig_matches)
return CL_EMEM;
ret_from_magicscan(CL_EMEM);
if(type != CL_TYPE_IGNORED && ctx->engine->sdb) {
if((ret = cli_scanraw(ctx, type, 0, &dettype, hash)) == CL_VIRUS) {
@ -1958,7 +1972,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
ctx->fmap--;
cli_bitset_free(ctx->hook_lsig_matches);
ctx->hook_lsig_matches = old_hook_lsig_matches;
return ret;
ret_from_magicscan(ret);
}
lseek(desc, 0, SEEK_SET); /* FIXMEFMAP: remove ? */
}
@ -2207,7 +2221,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
ctx->fmap--;
cli_bitset_free(ctx->hook_lsig_matches);
ctx->hook_lsig_matches = old_hook_lsig_matches;
return ret;
ret_from_magicscan(ret);
}
if(type == CL_TYPE_ZIP && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ZIP)) {
@ -2225,7 +2239,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
ctx->fmap--;
cli_bitset_free(ctx->hook_lsig_matches);
ctx->hook_lsig_matches = old_hook_lsig_matches;
return ret;
ret_from_magicscan(ret);
}
}
@ -2272,9 +2286,9 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
cli_dbgmsg("Descriptor[%d]: %s\n", desc, cl_strerror(ret));
case CL_CLEAN:
cache_add(hash, hashed_size, ctx);
return CL_CLEAN;
ret_from_magicscan(CL_CLEAN);
default:
return ret;
ret_from_magicscan(ret);
}
}

Write Preview
Loading…
Cancel
Save