From c0bad34b09ed60140f9d68a9ca6970d3a7c17fbf Mon Sep 17 00:00:00 2001 From: Mickey Sola Date: Mon, 10 Feb 2020 16:14:47 -0500 Subject: [PATCH] Fix all-match mode FP checks The `cli_append_virus()` function does an FP check. If it is an FP, it will return `CL_CLEAN` and the match/alert/virus should be discarded. This fix will respect FP verdicts when appending virus name in ac and bm matchers in all match mode. --- libclamav/matcher-ac.c | 13 +++++++++---- libclamav/matcher-bm.c | 16 +++++++++++----- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/libclamav/matcher-ac.c b/libclamav/matcher-ac.c index 7aefe2932..a29bff1b1 100644 --- a/libclamav/matcher-ac.c +++ b/libclamav/matcher-ac.c @@ -1712,6 +1712,7 @@ cl_error_t cli_ac_scanbuff( int type = CL_CLEAN; struct cli_ac_result *newres; int rc; + int ret; if (!root->ac_root) return CL_CLEAN; @@ -1923,8 +1924,10 @@ cl_error_t cli_ac_scanbuff( continue; } else { if (ctx && SCAN_ALLMATCHES) { - cli_append_virus(ctx, (const char *)pt->virname); - viruses_found = 1; + ret = cli_append_virus(ctx, (const char *)pt->virname); + if(ret == CL_VIRUS) { + viruses_found = 1; + } } if (virname) *virname = pt->virname; @@ -1978,8 +1981,10 @@ cl_error_t cli_ac_scanbuff( continue; } else { if (ctx && SCAN_ALLMATCHES) { - cli_append_virus(ctx, (const char *)pt->virname); - viruses_found = 1; + ret = cli_append_virus(ctx, (const char *)pt->virname); + if(ret == CL_VIRUS) { + viruses_found = 1; + } } if (virname) diff --git a/libclamav/matcher-bm.c b/libclamav/matcher-bm.c index 16643eed0..5f817d856 100644 --- a/libclamav/matcher-bm.c +++ b/libclamav/matcher-bm.c @@ -379,17 +379,21 @@ cl_error_t cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const c continue; } } + + viruses_found += 1; if (virname) { *virname = p->virname; if (ctx != NULL && SCAN_ALLMATCHES) { - cli_append_virus(ctx, *virname); - //*viroffset = offset + i + j - BM_MIN_LENGTH + BM_BLOCK_SIZE; + ret = cli_append_virus(ctx, *virname); + if (ret == CL_CLEAN && viruses_found > 0) { + viruses_found -= 1; + } } } + if (patt) *patt = p; - viruses_found = 1; if (ctx != NULL && !SCAN_ALLMATCHES) return CL_VIRUS; @@ -404,8 +408,9 @@ cl_error_t cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const c for (; offdata->pos < offdata->cnt && off >= offdata->offtab[offdata->pos]; offdata->pos++) ; if (offdata->pos == offdata->cnt || off >= offdata->offtab[offdata->pos]) { - if (viruses_found) + if (viruses_found > 0) { return CL_VIRUS; + } return CL_CLEAN; } i += offdata->offtab[offdata->pos] - off; @@ -414,7 +419,8 @@ cl_error_t cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const c } } - if (viruses_found) + if (viruses_found > 0) { return CL_VIRUS; + } return CL_CLEAN; }