clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder	e01ba94e36	bb12506: Fix phishing/heuristic alert verbosity Some detections, like phishing, are considered heuristic alerts because they match based on behavior more than on content. A subset of these are considered "potentially unwanted" (low-severity). These low-severity alerts include: - phishing - PDFs with obfuscated object names - bytecode signature alerts that start with "BC.Heuristics" The concept is that unless you enable "heuristic precedence" (a method of lowing the threshold to immediateley alert on low-severity detections), the scan should continue after a match in case a higher severity match is found. Only at the end will it print the low-severity match if nothing else was found. The current implementation is buggy though. Scanning of archives does not correctly bail out for the entire archive if one email contains a phishing link. Instead, it sets the "heuristic found" flag then and alerts for every subsequent file in the archive because it doesn't know if the heuristic was found in an embedded file or the target file. Because it's just a heuristic and the status is "clean", it keeps scanning. This patch corrects the behavior by checking if a low-severity alerts were found at the end of scanning the target file, instead of at the end of each embedded file. Additionally, this patch fixes an in issue with phishing alerts wherein heuristic precedence mode did not cause a scan to stop after the first alert. The above changes required restructuring to create an fmap inside of cl_scandesc_callback() so that scan_common() could be modified to require an fmap and set up so that the current *ctx->fmap pointer is never NULL when scan_common() evaluates match results. Also fixed a couple minor bugs in the phishing unit tests and cleaned up the test code for improved legitibility and type safety.	5 years ago
Micah Snyder	206dbaefe8	Update copyright dates for 2020	5 years ago
Micah Snyder	5f4f69102d	Correcting types from int to cl_error_t where appropriate. Eliminating unused variables and referencing unused parameters to remove warnings.	6 years ago
Micah Snyder	52cddcbcfd	Updating and cleaning up copyright notices.	6 years ago
Micah Snyder	72fd33c8b2	clang-format'd using new .clang-format rules.	6 years ago
Mickey Sola	46a35abe56	mass update of copyright headers	10 years ago
Török Edvin	a1c9ad2cf3	fix distcheck. git-svn: trunk@4836	17 years ago
Török Edvin	4e46d65d39	use sha256 instead of md5 in phishcheck. move sha256 to libclamav. add more tests. git-svn: trunk@4822	17 years ago
Török Edvin	08402afa4c	fix more compiler warnings (bb #273 ) git-svn: trunk@4353	17 years ago
Török Edvin	7d4b5f164a	use clistrdup/free instead of blobs (bb #828 ) git-svn: trunk@4203	17 years ago
Török Edvin	1126559f77	flag for U: lines, format is one of: U:MD5 U1:MD5 U2:MD5 add unit test for md5 url match git-svn: trunk@4053	17 years ago
Török Edvin	b611b5ff71	initial support for matching URLs against MD5 hashes git-svn: trunk@4049	17 years ago
Török Edvin	2b9e5d2971	drop a redundant check from phishcheck. enable debug output in unit tests, they are dumped to unit_tests/test-stderr.log. git-svn: trunk@4028	17 years ago
Török Edvin	2e11bcdfd9	performance improvements for URL matching (bb #725 , bb #650 ): * use a suffix AC-trie and a shift-or FSM to filter * rewrite the URL regex in C * use a perfect hash to lookup TLD and ccTLD, instead of a regex * TODO: suffixes having a common prefix: loop over all of them cli_ac_free: multiple virname pointing to same location git-svn: trunk@3978	17 years ago
Tomasz Kojm	2023340a41	update copyrights and stick more files to GPLv2; move and add more credits to the AUTHORS file; add COPYING.BSD git-svn: trunk@3749	17 years ago
Török Edvin	5a9a9989b8	avoid holes in data-structures due to alignment. git-svn: trunk@3459	18 years ago
aCaB	813864ce6b	(hopefully) all the stuff lost git-svn-id: file:///var/lib/svn/clamav-devel/branches/not_for_0.92_tempbranch@3388 77e5149b-7576-45b1-b177-96237e5ba77b	18 years ago
Török Edvin	88c90922be	revert change from trunk and move to branch. git-svn: trunk@3370	18 years ago
Török Edvin	a4e6ac4d78	remove "all domain scan" feature from phishcheck (--no-phishing-restrictedscan). Nobody is using it. Don't care why an url is clean, just state it is clean. Various cleanups resulting from this. Prepare to introduce selective turn on of sub-features. git-svn: trunk@3369	18 years ago
Török Edvin	830c1eaed2	avoid false positives with outbind:// URLs git-svn: trunk@3260	18 years ago
Török Edvin	b5341ac052	more improvements to the url extraction algorithm (more to come later). Reduces false negatives. False positives ratio should be same. git-svn: trunk@3254	18 years ago
Török Edvin	53ff1b0490	add regcomp(), regexec() impl. from OpenBSD's libc. This code is licensed under the 3-clause BSD. This will be used instead of system provided regexec()/regcomp() to have consistent behaviour across platforms. git-svn: trunk@3225	18 years ago
Török Edvin	38a0019993	stick to GPLv2 git-svn: trunk@3121	18 years ago
Török Edvin	462e8e5eb3	apply next set of patches for enabling phishing code git-svn: trunk@3043	18 years ago
Török Edvin	293b4d909d	Remove cl_experimental wrapper for phishcheck, and entconv git-svn-id: file:///var/lib/svn/clamav-devel/branches/temp_dconf_phishenable@2980 77e5149b-7576-45b1-b177-96237e5ba77b	18 years ago
Török Edvin	43ecd9a14b	#include cleanup, Code cleanup, remove commented-out code, fix some gcc -W* warnings git-svn: trunk@2931	18 years ago
Sven Strickroth	a99111f050	remove old CVS-stuff and make the repository look more like SVN git-svn: trunk@2755	19 years ago
Tomasz Kojm	fc83da8244	remove some gcc warnings git-svn: trunk@2701	19 years ago
Tomasz Kojm	6e9650525a	phishing fixes (bb#157) git-svn: trunk@2621	19 years ago
Tomasz Kojm	c7090d88b6	add img url link-type filtering git-svn: trunk@2608	19 years ago
Tomasz Kojm	19b3e18271	phishing patch from Edwin (closes bb#157, #174 , #222 , #224 ) git-svn: trunk@2607	19 years ago
Tomasz Kojm	15b08fbbe2	code cleanup git-svn: trunk@2379	19 years ago
Tomasz Kojm	ec48102709	apply patches for the anti-phish code from Edwin git-svn: trunk@2371	19 years ago
Tomasz Kojm	3da4dd4c77	make the experimental anti-phishing code more thread safe git-svn: trunk@2340	19 years ago
Nigel Horne	4c6599aaea	Fix compilation error on Solaris 10 git-svn: trunk@2290	19 years ago
Nigel Horne	5c23fc2fda	Fixed some NULL pointers git-svn: trunk@2259	19 years ago
aCaB	bd912dd866	Phishing module merge - libclamav git-svn: trunk@2244	19 years ago

24 Commits (034cc770585228a2c51d59324826679ff89fa017)