some corrections and refinements identified during 0.97 retrofit

13 years ago · b81cbc263c
parent 03b99d0311
commit b81cbc263c
6 changed files with 35 additions and 38 deletions
--- a/libclamav/blob.c
+++ b/libclamav/blob.c
@ -575,7 +575,7 @@ fileblobAddData(fileblob *fb, const unsigned char *data, size_t len)
 				fb->bytes_scanned += (unsigned long)len;
 				
 				if((len > 5) && cli_updatelimits(ctx, len)==CL_CLEAN && (cli_scanbuff(data, (unsigned int)len, 0, ctx->virname, ctx->engine, CL_TYPE_BINARY_DATA, NULL) == CL_VIRUS)) {
-					cli_dbgmsg("fileblobAddData: found %s\n", *ctx->virname);
+				    cli_dbgmsg("fileblobAddData: found %s\n", cli_get_last_virus_str(ctx->virname));
 					fb->isInfected = 1;
 				}
 			}
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@ -138,23 +138,21 @@ static inline int matcher_run(const struct cli_matcher *root,
 	if (ret == CL_VIRUS) {
 	    if (ctx) {
 		cli_append_virus(ctx, *virname);
-#if 1
 		if (SCAN_ALL)
 		    viruses_found++;
 		else
-#endif
 		    return ret;
 	    }
 	}
    }
    PERF_LOG_TRIES(acmode, 0, length);
    ret = cli_ac_scanbuff(buffer, length, virname, NULL, acres, root, mdata, offset, ftype, ftoffset, acmode, NULL);
-#if 1
+
    if (ctx && ret == CL_VIRUS)
 	cli_append_virus(ctx, *virname);
    if (ctx && SCAN_ALL && viruses_found)
 	return CL_VIRUS;
-#endif
+
    return ret;
 }

@ -190,8 +188,6 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,

 	ret = matcher_run(troot, buffer, length, &virname, acdata ? (acdata[0]): (&mdata), offset, NULL, ftype, NULL, AC_SCAN_VIR, NULL, *ctx->fmap, NULL, NULL, ctx);

-	//	if (virname)
-	//	    cli_append_virus(ctx, virname);
 	if(!acdata)
 	    cli_ac_freedata(&mdata);

@ -206,8 +202,6 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,

    ret = matcher_run(groot, buffer, length, &virname, acdata ? (acdata[1]): (&mdata), offset, NULL, ftype, NULL, AC_SCAN_VIR, NULL, *ctx->fmap, NULL, NULL, ctx);

-    //  if (virname)
-    //	cli_append_virus(ctx, virname);
    if(!acdata)
 	cli_ac_freedata(&mdata);

@ -492,7 +486,7 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)
            for(i=0; i<SHA1_HASH_SIZE; i++)
                sprintf((char *)shash1+i*2, "%02x", shash1[SHA1_HASH_SIZE+i]);

-	    cli_errmsg("COLLECT:%s:%s:%u:%s:%s\n", shash256, shash1, size, *ctx->virname, ctx->entry_filename);
+	    cli_errmsg("COLLECT:%s:%s:%u:%s:%s\n", shash256, shash1, size, cli_get_last_virus(ctx), ctx->entry_filename);
        } else
            cli_errmsg("can't compute sha\n!");
        ctx->sha_collect = -1;
@ -803,7 +797,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
 	    ret = matcher_run(troot, buff, bytes, &virname, &tdata, offset, &info, ftype, ftoffset, acmode, acres, map, bm_offmode ? &toff : NULL, &viroffset, ctx);

 	    if (virname) {
-		//		cli_append_virus(ctx, virname);
 		viruses_found++;
 	    }
 	    if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) {
@ -825,7 +818,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
 	    ret = matcher_run(groot, buff, bytes, &virname, &gdata, offset, &info, ftype, ftoffset, acmode, acres, map, NULL, &viroffset, ctx);

            if (virname) {
-		//              cli_append_virus(ctx, virname);
 		viruses_found++;
 	    }
 	    if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) {
@ -866,8 +858,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
    }

    if(!ftonly && hdb) {
-	enum CLI_HASH_TYPE hashtype;
-	unsigned int hvirs = 0, hfps = 0;
+	enum CLI_HASH_TYPE hashtype, hashtype2;

 	if(compute_hash[CLI_HASH_MD5])
 	    cli_md5_final(digest[CLI_HASH_MD5], &md5ctx);
@ -880,23 +871,26 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

 	virname = NULL;
 	for(hashtype = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype++) {
-	    if(compute_hash[hashtype] && (ret = cli_hm_scan(digest[hashtype], map->len, &virname, hdb, hashtype)) == CL_VIRUS) {
-
-		if(fp && cli_hm_scan(digest[hashtype], map->len, NULL, fp, hashtype) == CL_VIRUS) {
-		    hfps++;
-		    continue;
+	    if(compute_hash[hashtype] &&
+	       (ret = cli_hm_scan(digest[hashtype], map->len, &virname, hdb, hashtype)) == CL_VIRUS) {
+		if(fp) {
+		    for(hashtype2 = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype2++) {
+			if(compute_hash[hashtype2] &&
+			   cli_hm_scan(digest[hashtype2], map->len, NULL, fp, hashtype2) == CL_VIRUS) {
+			    ret = CL_CLEAN;
+			    break;
+			}
+		    }
+		}
+		if (ret == CL_VIRUS) {
+		    viruses_found++;
+		    cli_append_virus(ctx, virname);
+		    if (!SCAN_ALL)
+			break;
 		}
-		hvirs++;
-		cli_append_virus(ctx, virname);
 		virname = NULL;
-		if(!SCAN_ALL)
-		    break;
 	    }
 	}
-	if(hvirs > hfps)
-	    ret = CL_VIRUS;
-	else
-	    ret = CL_CLEAN;
    }

    if(troot) {
--- a/libclamav/mbox.c
+++ b/libclamav/mbox.c
@ -545,15 +545,9 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)
 		messageDestroy(body);
 	}
 	
-#if 0
-	if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted && (*ctx->virname == NULL)) {
-	    *ctx->virname = "Heuristics.Phishing.Email";
-#else
-	/* TBD: Breaks unit_test/check1_clamscan.sh and check2_clamd.sh w/SCAN_ALL */
 	if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted &&
 	   (*ctx->virname == NULL || SCAN_ALL)) {
 	    cli_append_virus(ctx, "Heuristics.Phishing.Email");
-#endif
 	    ctx->found_possibly_unwanted = 0;
 	    retcode = CL_VIRUS;
 	}
--- a/libclamav/others.c
+++ b/libclamav/others.c
@ -797,16 +797,24 @@ void cli_append_virus(cli_ctx * ctx, const char * virname)

 const char * cli_get_last_virus(const cli_ctx * ctx)
 {
-    if (!ctx->virname)
+    if (!ctx || !ctx->virname || !(*ctx->virname))
 	return NULL;

-    if (SCAN_ALL && ctx->num_viruses) {
+    if (SCAN_ALL && ctx->num_viruses)
 	return ctx->virname[ctx->num_viruses-1];
-    }
    else
 	return *ctx->virname;
 }

+const char * cli_get_last_virus_str(const cli_ctx * ctx)
+{
+    const char * ret;
+    if ((ret = cli_get_last_virus(ctx)))
+	return ret;
+    return "";
+}
+
+

 #ifdef	C_WINDOWS
 /*
--- a/libclamav/others.h
+++ b/libclamav/others.h
@ -427,6 +427,7 @@ static inline void cli_writeint32(char *offset, uint32_t value)

 void cli_append_virus(cli_ctx *ctx, const char *virname);
 const char *cli_get_last_virus(const cli_ctx *ctx);
+const char *cli_get_last_virus_str(const cli_ctx *ctx);

 /* used by: spin, yc (C) aCaB */
 #define __SHIFTBITS(a) (sizeof(a)<<3)
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@ -1675,7 +1675,7 @@ static int cli_scan_structured(cli_ctx *ctx)
 	size_t pos = 0;
 	int (*ccfunc)(const unsigned char *buffer, int length);
 	int (*ssnfunc)(const unsigned char *buffer, int length);
-	unsigned int viruses_found;
+	unsigned int viruses_found = 0;

    if(ctx == NULL)
 	return CL_ENULLARG;
@ -2202,7 +2202,7 @@ static void emax_reached(cli_ctx *ctx) {
 	cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", retcode, __AT__); \
 	if(ctx->engine->cb_post_scan) {					\
 	    perf_start(ctx, PERFT_POSTCB);				\
-	    switch(ctx->engine->cb_post_scan(fmap_fd(*ctx->fmap), retcode, ret == CL_VIRUS ? cli_get_last_virus(ctx) : NULL, ctx->cb_ctx)) { \
+	    switch(ctx->engine->cb_post_scan(fmap_fd(*ctx->fmap), retcode, retcode == CL_VIRUS ? cli_get_last_virus(ctx) : NULL, ctx->cb_ctx)) { \
 	    case CL_BREAK:									\
 		cli_dbgmsg("cli_magic_scandesc: file whitelisted by post_scan callback\n"); 	\
 		perf_stop(ctx, PERFT_POSTCB);							\