open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Extend prescan_cb with file type

Browse Source 
WARNING: THIS BREAKS THE ABI! - See clamav.h
remotes/push_mirror/vc9-vt-dnd
aCaB 14 years ago
parent da1396c763
commit c27d40568a
5 changed files with 52 additions and 28 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      ChangeLog
  2. 5
      libclamav/clamav.h
  3. 11
      libclamav/filetypes.c
  4. 1
      libclamav/filetypes.h
  5. 59
      libclamav/scanners.c

4
ChangeLog
Unescape View File

@ -1,3 +1,7 @@
Fri Mar 4 18:26:44 CET 2011 (acab)
-----------------------------------
* libclamav: Extend prescan_cb with file types
Mon Feb 28 21:46:50 CET 2011 (tk)
---------------------------------
* clamd: add new option ClamukoExcludeUID (bb#2260)

5
libclamav/clamav.h
Unescape View File

@ -196,13 +196,14 @@ extern int cl_engine_addref(struct cl_engine *engine);
extern int cl_engine_free(struct cl_engine *engine);
/* CALLBACKS - WARNING: unstable API - WIP */
/* CALLBACKS */
typedef cl_error_t (*clcb_pre_scan)(int fd, void *context);
typedef cl_error_t (*clcb_pre_scan)(int fd, const char *type, void *context);
/* PRE-SCAN
Input:
fd = File descriptor which is about to be scanned
type = File type detected via magic - i.e. NOT on the fly - (e.g. "CL_TYPE_MSEXE")
context = Opaque application provided data
Output:

11
libclamav/filetypes.c
Unescape View File

@ -110,6 +110,17 @@ cli_file_t cli_ftcode(const char *name)
return CL_TYPE_ERROR;
}
const char *cli_ftname(cli_file_t code)
{
unsigned int i;
for(i = 0; ftmap[i].name; i++)
if(ftmap[i].code == code)
return ftmap[i].name;
return NULL;
}
void cli_ftfree(const struct cl_engine *engine)
{
struct cli_ftype *ftypes=engine->ftypes, *pt;

1
libclamav/filetypes.h
Unescape View File

@ -104,6 +104,7 @@ struct cli_matched_type {
};
cli_file_t cli_ftcode(const char *name);
const char *cli_ftname(cli_file_t code);
void cli_ftfree(const struct cl_engine *engine);
cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine);
cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine);

59
libclamav/scanners.c
Unescape View File

@ -2089,6 +2089,35 @@ static void emax_reached(cli_ctx *ctx) {
return retcode; \
} while(0)
#define CALL_PRESCAN_CB(type_name) \
if(ctx->engine->cb_pre_scan) { \
perf_start(ctx, PERFT_PRECB); \
switch(ctx->engine->cb_pre_scan(desc, (type_name), ctx->cb_ctx)) { \
case CL_BREAK: \
cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n"); \
funmap(*ctx->fmap); \
ctx->fmap--; \
perf_stop(ctx, PERFT_PRECB); \
ret_from_magicscan(CL_CLEAN); \
case CL_VIRUS: \
cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n"); \
if(ctx->virname) \
*ctx->virname = "Detected.By.Callback"; \
funmap(*ctx->fmap); \
ctx->fmap--; \
perf_stop(ctx, PERFT_PRECB); \
ret_from_magicscan(CL_VIRUS); \
case CL_CLEAN: \
break; \
default: \
cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n"); \
} \
perf_stop(ctx, PERFT_PRECB); \
}
static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)
{
int ret = CL_CLEAN;
@ -2146,31 +2175,6 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)
}
perf_stop(ctx, PERFT_MAP);
if(ctx->engine->cb_pre_scan) {
perf_start(ctx, PERFT_PRECB);
switch(ctx->engine->cb_pre_scan(desc, ctx->cb_ctx)) {
case CL_BREAK:
cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n");
funmap(*ctx->fmap);
ctx->fmap--;
perf_stop(ctx, PERFT_PRECB);
ret_from_magicscan(CL_CLEAN);
case CL_VIRUS:
cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n");
if(ctx->virname)
*ctx->virname = "Detected.By.Callback";
funmap(*ctx->fmap);
ctx->fmap--;
perf_stop(ctx, PERFT_PRECB);
ret_from_magicscan(CL_VIRUS);
case CL_CLEAN:
break;
default:
cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n");
}
perf_stop(ctx, PERFT_PRECB);
}
perf_start(ctx, PERFT_CACHE);
if(cache_check(hash, ctx) == CL_CLEAN) {
funmap(*ctx->fmap);
@ -2189,6 +2193,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)
else
cli_dbgmsg("Raw mode: No support for special files\n");
CALL_PRESCAN_CB("CL_TYPE_BINARY_DATA");
if((ret = cli_fmap_scandesc(ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, hash)) == CL_VIRUS)
cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, desc);
else if(ret == CL_CLEAN) {
@ -2206,7 +2211,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)
perf_start(ctx, PERFT_FT);
if(type == CL_TYPE_ANY)
type = cli_filetype2(*ctx->fmap, ctx->engine); /* FIXMEFMAP: port to fmap */
type = cli_filetype2(*ctx->fmap, ctx->engine);
perf_stop(ctx, PERFT_FT);
if(type == CL_TYPE_ERROR) {
cli_dbgmsg("cli_magic_scandesc: cli_filetype2 returned CL_TYPE_ERROR\n");
@ -2216,6 +2221,8 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)
ret_from_magicscan(CL_EREAD);
}
CALL_PRESCAN_CB(cli_ftname(type));
#ifdef HAVE__INTERNAL__SHA_COLLECT
if(!ctx->sha_collect && type==CL_TYPE_MSEXE) ctx->sha_collect = 1;
#endif

Write Preview
Loading…
Cancel
Save