From c19477ec23b955d70f7fe71a00a01e203bf5ea09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=B6r=C3=B6k=20Edvin?= Date: Thu, 20 Jan 2011 16:12:11 +0200 Subject: [PATCH] Reduce bytecodetimeout to 5s instead of 60. In case of buggy bytecode limits the amount of resources consumed. --- ChangeLog | 4 ++++ etc/clamd.conf | 4 ++-- shared/optparser.c | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c1114833a..cfa840c8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Thu Jan 20 16:11:43 EET 2011 (edwin) +------------------------------------ + * shared/optparser.c: reduce BytecodeTimeout to 5s (instead of 60). + Thu Jan 20 16:09:29 EET 2011 (edwin) ----------------------------------- * libclamav/bytecode_vm.c: fix memset on bigendian arch (bb #2478). diff --git a/etc/clamd.conf b/etc/clamd.conf index 000d8f7f8..67ebee1dd 100644 --- a/etc/clamd.conf +++ b/etc/clamd.conf @@ -480,5 +480,5 @@ Example # Set bytecode timeout in miliseconds. # -# Default: 60000 -# BytecodeTimeout 60000 +# Default: 5000 +# BytecodeTimeout 1000 diff --git a/shared/optparser.c b/shared/optparser.c index e6fb017ef..900cefdff 100644 --- a/shared/optparser.c +++ b/shared/optparser.c @@ -256,8 +256,8 @@ const struct clam_option __clam_options[] = { { "Bytecode", "bytecode", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" }, { "BytecodeSecurity", NULL, 0, TYPE_STRING, "^(None|TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD, "Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"}, - { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, - "Set bytecode timeout in miliseconds.\n","60000"}, + { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 5000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, + "Set bytecode timeout in miliseconds.\n","5000"}, { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN, "Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceIntepreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal\n","Auto"}, { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },