clamav

Commit Graph

Author	SHA1	Message	Date
Mickey Sola	0ef888f546	bcomp - reverting change that forced scanning on raw files only	7 years ago
Andrew	64ecd1099c	Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat file	7 years ago
Andrew	4ef79cfcbf	Fix a memory leak that occurs when a PE is whitelisted due to a valid signature	7 years ago
Mickey Sola	d7d58a5847	bcomp - changing map to use original scan buffer to account for normalization offset discrepancies--patch based on suggested solution by Micah	7 years ago
Mickey Sola	4617e707c9	bcomp - adding ac_chklsig verification to fix reference subsig match checking; fixing double result print when using all match; fix to ensure extracted binary bytes retain their signedness	7 years ago
Mickey Sola	d2f48a2c68	bcomp - updating SCAN_ALL to comply with new SCAN_ALLMATCHES check	7 years ago
Mickey Sola	dfa92896d2	bcomp - general fixups and cleanup for byte compare code	7 years ago
Mickey Sola	18ff502920	refactoring byte compare functionality as a subsig; adding loader and matchers for bytecompare subsig	7 years ago
Micah Snyder	d39cb6581f	Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.	7 years ago
Micah Snyder	d7979d4ff7	Restructured scan options flags from a single bitflag field to a structure containing multiple bitflag fields. This also required adding a new function to the bytecode API to get scan options a la carte, and modifying the existing function to hand back scan options in the old/deprecated uint32_t bitflag format. Re-generated bytecode iface header files. Updated libclamav documentation detailing new scan options structure. Renamed references to 'algorithmic' detection to 'heuristic' detection. Renaming references to 'properties' to 'collect metadata'. Renamed references to 'scan all' to 'scan all match'. Renamed a couple of 'Hueristic.' signature names as 'Heuristics.' signatures (plural) to match majority of other heuristics.	7 years ago
Micah Snyder	d0cba11ea7	adding back changes to eliminate warnings from mspack, matcher, others, and readdb.	8 years ago
Micah Snyder	169af0fc67	Revert "eliminating warnings. mostly correcting variable types. also correcting struct initialization in a couple instances (var = {0} does not zero the memory on all platforms). Also some minor formatting corrections in areas I was already working. eliminated some unused variables." This reverts commit `84a7f40288`.	8 years ago
Micah Snyder	84a7f40288	eliminating warnings. mostly correcting variable types. also correcting struct initialization in a couple instances (var = {0} does not zero the memory on all platforms). Also some minor formatting corrections in areas I was already working. eliminated some unused variables.	8 years ago
Steven Morgan	167c007929	fix 0.99.3 false negative of virus Pdf.Exploit.CVE_2016_1046-1.	9 years ago
Steven Morgan	cbf5017a7d	bb11805 fix multiple results. Refactor false positive and heuristic precedence logic.	9 years ago
Kevin Lin	87b2a1a9e3	add 'Intermediates' field to target description block (allows specification of any number of intermediate containers)	9 years ago
klin	031fe00a4d	restructure container typing system to use array (#2 )	9 years ago
Steven Morgan	484edf6608	bb11684 - consistently set file size for yara condition handling.	9 years ago
Steven Morgan	5c89a90bee	bb17169 - compute MD5 file hashsums when using wildcard hdb signatures with caching disabled.	9 years ago
Kevin Lin	91e495f10b	matcher: fix issue where filetyping may be lost	10 years ago
Kevin Lin	6565fe451e	matcher: perform regex match if ac has filetype detected	10 years ago
Kevin Lin	059ca61484	compiler warning suppression	10 years ago
Mickey Sola	46a35abe56	mass update of copyright headers	10 years ago
Kevin Lin	e85c777585	triage cid 12202	11 years ago
Mickey Sola	baeb625351	bb11343: Adding configure option to remove yara at compile-time.	11 years ago
Steven Morgan	7665e02d5b	Add support for YARA private rules and referencing other rules in a YARA condition.	11 years ago
Kevin Lin	2d785c9611	added virname argument for matcher-pcre (use for later filetyping and test cases)	11 years ago
Kevin Lin	b289385d32	various fixes for windows build	11 years ago
Steven Morgan	8bbaf7f9e5	Revert "bb11092: fix up printf format with LFS using patch by Sebastian Andrzej Siewior." - Unit test failing and no windows support. This reverts commit `8f50c4a179`.	11 years ago
Steven Morgan	8f50c4a179	bb11092: fix up printf format with LFS using patch by Sebastian Andrzej Siewior.	11 years ago
Steven Morgan	c9f0bba431	YARA: support condition data access functions int8, int16, int32, uint8, uint16, and uint32.	11 years ago
Steven Morgan	b7999b89c9	YARA: capture offsets in matcher and use for processing YARA condition 'at' clauses.	11 years ago
Steven Morgan	c436e3b7b2	YARA: enable filesize and entrypoint keywords.	11 years ago
Steven Morgan	d25549807f	Add YARA condition evaluation function. Add support for YARA 'of' clauses.	11 years ago
Steven Morgan	9de400559d	refactor and simplify cli_lsig_eval, add new function cli_exp_eval to loop thru the lsig table and call either lsig_eval or yara_eval.	11 years ago
Kevin Lin	38dc186fb9	bb#11269 - bm matcher no longer sets scanning window offset reason: certain segments could be hashed multiple times	11 years ago
Kevin Lin	05fa78fd04	bb#11269 - hash does not compute on segments smaller than the maxpatlen	11 years ago
Kevin Lin	b5b3fecd6c	unioned lsig logic and future yara conditional	11 years ago
Kevin Lin	10aaf4c389	added pcre modes to matcher	11 years ago
Kevin Lin	8c85efcd1e	pcre: developer notes	11 years ago
Kevin Lin	5e572e2f98	matcher: adjusted pcre_recaloff calls for cleaner exits on error pcre: fixed various issues with dconf checks	11 years ago
Kevin Lin	045d184a7b	moved pcre maxfilesize check to matcher_run from cli_pcre_scanbuf	11 years ago
Kevin Lin	03889c4935	re-added end-of-map check for fmap-based pcre scanning	11 years ago
Kevin Lin	a0efe9cfd9	check for map prior to redefining buffer for cli_pcre_scanbuf	11 years ago
Kevin Lin	7f5c687b39	windows build: removed inline tag	11 years ago
Kevin Lin	3c333c78af	pcre: moved cli_pcre_scanbuff from cli_fmap_scandesc to matcher_run matcher: adjusted pcre offset storage and recalculation location various changes to commented developer notes	11 years ago
Kevin Lin	82fa5ba043	pcre: added disabling mechanism to metas and matcher dconf: added field specific for pcre features dconf: added overall support dconf for pcre	11 years ago
Kevin Lin	0d37009816	sigtool/pcre: pcre subsig id and exe support in sigtool	11 years ago
Kevin Lin	7ab4eec702	pcre: support for clamav styled offsets pcre: added encompass ('e') option to matcher	11 years ago
Kevin Lin	3ee96ac228	pcre: set default to logically triggered regex execution	11 years ago

1 2 3 4 5

204 Commits (38fe8b69a074d51eddf2024bf7cd7c20a324bd0c)