clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder	5fef7399da	Autojunk'ed	6 years ago
Micah Snyder	737ec1ef21	Corrections to freshclam logging initialization. Added notation to --help output for --stdout option to indicate that debug messages will not be redirected. Changing direct calls to cli_dbgmsg_internal to use cli_dbgmsg, as cli_dbgmsg_internal always prints, even when --debug is not enabled.	6 years ago
Micah Snyder	cef54eaf8f	Freshclam refresh. This update makes libcurl a hard requirement for ClamAV. New features added to freshclam: - Update signature definitions over HTTPS. - Support for HTTP protocol v1.1 (formerly v1.0). - New libfreshclam library with an all new API and versioning separate from libclamav (v2.0.0). This library is now build and installed alongside libclamav as a hard dependency of freshclam. - The ability to opt-in and opt-out of standard and optional official ClamAV databases (ExtraDatabase, ExcludeDatabase) - The option to specify the protocol and port number of official and private mirror servers. - Support for additional types of proxy servers beyond plain HTTP (SOCKS 4, SOCKS 5). Features removed from freshclam: - Mirror management (mirrors.dat) file. This feature is no longer needed as official signature databases are distributed using a paid content delivery network (Cloudflare). This commit also adds the following features for Windows users: - The clamsubmit tool. - The json-c library dependency, which will enable the --gen-json option in clamscan. - Third party libraries under the win32/3rdparty directory have been removed. Developers will need to build the libraries separately from ClamAV and provide the headers and lib/dll library files the same way they do for OpenSSL. This includes libxml2, pthread-win32, bzip2, zlib, pcre2 as well as new dependencies: curl, json-c. Developers are encouraged to use the build tool Mussels to simplify this task.	6 years ago
Andrew	bc6ea0c30a	Fix memleaks in sigtool Primarily addresses an issue with --test-sigs that causes the process to run out of memory if testing many sigs against a given file	6 years ago
Andrew	e8169c7053	Multiple blacklist sigs can now match with allmatch Also, move the cert-related DCONF cfg checks to more appropriate locations. One change in behavior: PE_CONF_CATALOG will disable loading trusted hashes from .cat files, but won't disable Authenticode hash checking completely (PE_CONF_CERTS does this).	6 years ago
Andrew	92088f91f1	Add support for cert blacklisting and whitelisting upfront Instead of checking the Authenticode header as an FP prevention mechanism, we now check it in the beginning if it exists. Also, we can now do actual blacklisting with .crb rules (previously, a blacklist rule just let you override a whitelist rule).	6 years ago
Andrew	14d52d0c63	Use genhash_pe instead of checkfp_pe for section hash computation cli_checkfp_pe is now effectively the function that just checks the Authenticode hash. This makes the code less complicated, and adds some minor improvements: - section hashes are no longer computed if there is no stats callback function (at least in that part of the code) - We now actually set the len field in the stats_section_t structure - If an error occurs when computing a section hash, we skip that section instead of not computing any hashes	6 years ago
Andrew	ef24839531	Add TODOs in sigtool.c	6 years ago
Micah Snyder (micasnyd)	0f128f20b8	bb12250 & bb12277: Fixes for sigtools vba scanner. Scanner engine, scan options, and context creation routines were incomplete.	6 years ago
Micah Snyder	fe4433b01f	Autojunk'd	6 years ago
Micah Snyder	50f178dc63	fuzz - 12166 - Fix for 4-byte out of bounds write wherein the an invalid struct pointer member variable is set to zero. The fix adds bounds checking to the Uniq storage 'add' function as well as error code checks. Included a lot of new inline documentation.	6 years ago
chips	8a5f206964	Update sigtool.c fix bug: fd open but no close,it makes handle is occupied	6 years ago
Mickey Sola	393edc437d	automake'd	6 years ago
Micah Snyder	52cddcbcfd	Updating and cleaning up copyright notices.	6 years ago
Micah Snyder	b3e82e5e61	Replacing libclamav/cltypes.h with clamav-types.h.in, which generates a header clamav-types.h that we install alongside clamav.h.	6 years ago
Micah Snyder (micasnyd)	ce6402f7fe	Added oss-fuzz integration.	6 years ago
Micah Snyder	72fd33c8b2	clang-format'd using new .clang-format rules.	6 years ago
Andrew	64ecd1099c	Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat file	7 years ago
Mickey Sola	17360f03be	scan_options - fixing up segfault caused by zeroed out scan_options struct when using sigtool to test signatures	7 years ago
Micah Snyder	7b563ca798	Enabling configure option --with-system-libmspack that will allow use of libmspack installations in /usr or /usr/local in favor of the version provided by ClamAV.	7 years ago
Micah Snyder	b563e84083	Moved libmspack-0.5alpha from libclamav to libclammspack, and restructured the build so that there should be no need to modify the libmspack build files in the future (i.e. libmspack autoconf and automake files aren't actually used).	7 years ago
Micah Snyder	d39cb6581f	Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.	7 years ago
Micah Snyder	d7979d4ff7	Restructured scan options flags from a single bitflag field to a structure containing multiple bitflag fields. This also required adding a new function to the bytecode API to get scan options a la carte, and modifying the existing function to hand back scan options in the old/deprecated uint32_t bitflag format. Re-generated bytecode iface header files. Updated libclamav documentation detailing new scan options structure. Renamed references to 'algorithmic' detection to 'heuristic' detection. Renaming references to 'properties' to 'collect metadata'. Renamed references to 'scan all' to 'scan all match'. Renamed a couple of 'Hueristic.' signature names as 'Heuristics.' signatures (plural) to match majority of other heuristics.	7 years ago
Mickey Sola	8c2fae4a89	bb12087 - 0.101 - updating to libtool v2.4.6, autojunking, and adding markdown files to make dist target	7 years ago
Micah Snyder	e96b53b68b	Autoreconf with stock libtool 2.4.2	7 years ago
Micah Snyder	964a1e7321	Converting http urls to https urls. Primary focus was on clamav.net urls. I updated a couple others and fixes a few broken links as well. There are many (non-clamav.net) urls I didn't address, especially in 3rd party or contrib code.	7 years ago
Josh Soref	7cd9337a70	Spelling Adjustments (#30 ) * spelling: accessed * spelling: alignment * spelling: amalgamated * spelling: answers * spelling: another * spelling: acquisition * spelling: apitid * spelling: ascii * spelling: appending * spelling: appropriate * spelling: arbitrary * spelling: architecture * spelling: asynchronous * spelling: attachments * spelling: argument * spelling: authenticode * spelling: because * spelling: boundary * spelling: brackets * spelling: bytecode * spelling: calculation * spelling: cannot * spelling: changes * spelling: check * spelling: children * spelling: codegen * spelling: commands * spelling: container * spelling: concatenated * spelling: conditions * spelling: continuous * spelling: conversions * spelling: corresponding * spelling: corrupted * spelling: coverity * spelling: crafting * spelling: daemon * spelling: definition * spelling: delivered * spelling: delivery * spelling: delimit * spelling: dependencies * spelling: dependency * spelling: detection * spelling: determine * spelling: disconnects * spelling: distributed * spelling: documentation * spelling: downgraded * spelling: downloading * spelling: endianness * spelling: entities * spelling: especially * spelling: empty * spelling: expected * spelling: explicitly * spelling: existent * spelling: finished * spelling: flexibility * spelling: flexible * spelling: freshclam * spelling: functions * spelling: guarantee * spelling: hardened * spelling: headaches * spelling: heighten * spelling: improper * spelling: increment * spelling: indefinitely * spelling: independent * spelling: inaccessible * spelling: infrastructure Conflicts: docs/html/node68.html * spelling: initializing * spelling: inited * spelling: instream * spelling: installed * spelling: initialization * spelling: initialize * spelling: interface * spelling: intrinsics * spelling: interpreter * spelling: introduced * spelling: invalid * spelling: latency * spelling: lawyers * spelling: libclamav * spelling: likelihood * spelling: loop * spelling: maximum * spelling: million * spelling: milliseconds * spelling: minimum * spelling: minzhuan * spelling: multipart * spelling: misled * spelling: modifiers * spelling: notifying * spelling: objects * spelling: occurred * spelling: occurs * spelling: occurrences * spelling: optimization * spelling: original * spelling: originated * spelling: output * spelling: overridden * spelling: parenthesis * spelling: partition * spelling: performance * spelling: permission * spelling: phishing * spelling: portions * spelling: positives * spelling: preceded * spelling: properties * spelling: protocol * spelling: protos * spelling: quarantine * spelling: recursive * spelling: referring * spelling: reorder * spelling: reset * spelling: resources * spelling: resume * spelling: retrieval * spelling: rewrite * spelling: sanity * spelling: scheduled * spelling: search * spelling: section * spelling: separator * spelling: separated * spelling: specify * spelling: special * spelling: statement * spelling: streams * spelling: succession * spelling: suggests * spelling: superfluous * spelling: suspicious * spelling: synonym * spelling: temporarily * spelling: testfiles * spelling: transverse * spelling: turkish * spelling: typos * spelling: unable * spelling: unexpected * spelling: unexpectedly * spelling: unfinished * spelling: unfortunately * spelling: uninitialized * spelling: unlocking * spelling: unnecessary * spelling: unpack * spelling: unrecognized * spelling: unsupported * spelling: usable * spelling: wherever * spelling: wishlist * spelling: white * spelling: infrastructure * spelling: directories * spelling: overridden * spelling: permission * spelling: yesterday * spelling: initialization * spelling: intrinsics * space adjustment for spelling changes * minor modifications by klin	7 years ago
Micah Snyder	e098cdc557	Updating help strings, to include a couple missing items as well as copyrights. updating man page files as well.	7 years ago
Micah Snyder	77b50dbc5c	autoreconf -ivf.	7 years ago
Kevin Lin	99d459b477	autoreconf	7 years ago
Micah Snyder	c0ac544738	autoreconf one more time with newer version of autotools to account for issues with argz_.h under make dist.	7 years ago
Micah Snyder	545216bb68	autoreconf -fi this time to correctly update libmspack linking changes.	7 years ago
Micah Snyder	6c59352535	autoreconf, regenerated pdfs, html docs.	7 years ago
Mickey Sola	9f620604c9	autojunk'd	8 years ago
Steven Morgan	ed47868b3f	bb11823 - command line copyright dates.	8 years ago
Mickey Sola	3f363b73bf	autojunk'd Conflicts: configure	8 years ago
Steven Morgan	631f3e1165	Autojunks.	8 years ago
Mickey Sola	631cb6a005	Fixes and updates to intermediate container sig rules based on code review	8 years ago
klin	031fe00a4d	restructure container typing system to use array (#2 )	8 years ago
Mickey Sola	0da5ca0259	bb11062 - defaulting build to internal libmspack and creating configure option to specify use of external library	9 years ago
Steven Morgan	7286695f58	bb17595 (FireAmp) - add sigtool support for building fp-only virus databases.	9 years ago
Mickey Sola	d3699d5723	bb11062 - adding support for external libmspack Conflicts: configure configure.ac	9 years ago
Kevin Lin	9c30a4fc6e	sigtool: patch hybrid cvd generation	9 years ago
Kevin Lin	8d37842072	win32: fixes for sigtool imphash linking	9 years ago
Kevin Lin	634c859458	imphash: code review and clean up	9 years ago
Kevin Lin	832d44e748	sig: convert .ith to .imp; add .imp to sigtool	9 years ago
Kevin Lin	3cc632adc8	sigtool: properly generates and reports pe section hashes (mdb)	9 years ago
Mickey Sola	97930c2400	updating prelude hook to work with allmatch	9 years ago
Ningirsu	f4265a5acd	Adds a module to use Prelude and connect to a prelude manager To enable prelude compile with ./configure --enable-prelude In ClamAV configuration file set Prelude Enable on yes and choose an analyzer name with PreludeAnalyzerName (default ClamAV). You need to have a prelude manager to use this module.	9 years ago
Kevin Lin	98bab6b66e	autoreconf	9 years ago

1 2 3 4 5 ...

383 Commits (3690b811961564b3477f313e720382e340bd7c7b)