clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder	bed65c96c0	Update cert trust test after fix, and add new test The PE cert test can be enabled now that the cert trust feature is fixed. In so doing I found an issue with it -- it was also using the block-certificate signature, which overrides the trust-certificate signatures. This made me realize that we should also have a test to make sure the block-cert signatures take predence over the trust-cert sigs. I fixed the original sig and added this second test case.	3 years ago
Micah Snyder	798587c6b3	Tests: add pe-allmatch test set Adds a test set authored by Andrew Williams that validates correct allmatch behavior using as many features as possible to alert on a test.exe program. Source for building the test.exe program is provided, for those who are curious what it is and what it does, or in case it needs to be re-built for some reason. In addition to adding a test that verifies each of the sigs that should alert, do alert, this adds a test to verify that if an authenticode trust signature is added, none of the signatures alert. That test is presently failing (expected failure, so the tests all pass) and should be updated when the certificate verification bug is fixed.	3 years ago
Micah Snyder	6b1d93fcf5	Tests: add allmatch regression tests Add tests: - Test an import hash with wildcard size when all-match mode is disabled. - Test that bytecode rules will run after content match alerts in all-match mode.	3 years ago
Micah Snyder	d788844cd0	Test: Add basic LDB Container & Intermediates tests Add basic tests for the Container and Intermediates logical signature features. The Intermediates test verifies that a text file containing: v1rusv1rus and wrapped in a 7z and then zip archives can be correctly detected when Intermediates is set to: CL_TYPE_7Z>CL_TYPE_ZIP The Container test just checks the container is CL_TYPE_ZIP	3 years ago
micasnyd	140c88aa4e	Bump copyright for 2022 Includes minor format corrections.	3 years ago
Alexander Sulfrian	c5c3b7558e	CMake: Fix race condition with parallel builds If running multiple parallel processes of "xor_testfile.py" there was a race condition between checking for the existence of the directory and creating it. Now this is handled as a dependency in CMake.	4 years ago
Micah Snyder	4b400b9b1e	Test: Verify that pdf bytecode hooks execute	4 years ago
Micah Snyder	b406e7e4d6	Add feature test for XLS image (JPG & PNG) extraction Added a test to verify that clamscan can extract images from an XLS document. The document has 2 images: a PNG and JPEG version of the clamav demon/logo. The test requires the json metadata feature to verify that the MD5 of the images are correct. No other image formats were tested because despite the format allegedly supporting other imate formats, Excel converts TIFF, BMP, and GIF images to PNG files when you insert them.	4 years ago
Micah Snyder	201e1b12a7	XOR test files; clean up tests directory The split test files are flagged by some AV's because they look like broken executables. Instead of splitting the test files to prevent detections, we should encrypt them. This commit replaces the "reassemble testfiles" script with a basic "XOR testfiles" script that can be used to encrypt or decrypt test files. This commit also of course then replaces all the split files with xor'ed files. The test and unit_tests directories were a bit of a mess, so I reorganized them all into unit_tests with all of the test files placed under "unit_tests/input" using subdirectories for different types of files.	4 years ago
Andrew	319bfb51a5	Fix several coverity warnings 290424 Missing break in switch - In hash_match: Missing break statement between cases in switch statement 290414 Resource leak - In cli_scanishield_msi: Leak of memory or pointers to system resources. Memory leak in a fail case 288197 Resource leak - In decrypt_any: Leak of memory or pointers to system resources. Memory leak in a fail case 290426 Resource leak - In cli_magic_scan: Leak of memory or pointers to system resources. Leaked a file prefix when running with --save-temps 192923 Resource leak - In cli_scanrar: Leak of memory or pointers to system resources. Leaked a file descriptor if a virus was found in a RAR file comment 225146 Resource leak - In cli_scanegg: Leak of memory or pointers to system resources. Leaked a file descriptor if unable to write a comment file to disk 290425 Resource leak - In scan_common: Leak of memory or pointers to system resources. Memory leaks in various fail cases. Also changes cli_scanrar to write out the file comment only if --leave-temps is specified and scan the buffer (like what is done in cli_scanegg) instead of writing the file out, scanning that, and then deleting the file if --leave-temps is not specified. The unit tests stopped working when correcting an issue with a switch statement that determined what type of signature had matched on a Google SafeBrowsing GDB rule. Looking into the unit tests, it looks like the code had always assumed that the test cases would be detected by a malware test rule in unit_tests/input/daily.gdb, but now some of the tests get matched on the phishing test rule. I updated the test logic to be more clear, and added tests for both cases now. Fix some memory leaks in libclamav/scanners.c	5 years ago
Micah Snyder (micasnyd)	9c58ba7bd7	Update to clamav-devel to synchronize with the clamav-bytecode-compiler project.	6 years ago
Török Edvin	d5f7afdded	testcase for cl_scan APIs (partially ported from fmapify branch)	14 years ago
Török Edvin	62ee12b2f8	unit tests for new fmap scan API	14 years ago
Török Edvin	1ab57a63c7	Add bytecode.cvd load test.	15 years ago
Török Edvin	7c394b5a9d	Update these tests.	15 years ago
Török Edvin	8a06c645ad	Fix unit test.	15 years ago
Török Edvin	3d2808c218	bytecode: update unit tests for improved arithmetic test.	15 years ago
Török Edvin	fc01c6476f	Fix interpreter.	15 years ago
Török Edvin	a969167b6c	Add new bytecode API unit tests.	15 years ago
Török Edvin	08d7e5f07d	Restore the previous cbc testfiles.	15 years ago
Török Edvin	7a7365efe9	0.96.1 new APIs (cli_map etc.)	15 years ago
Török Edvin	d772904022	Fix matchwithread.cbc ImageBase is little-endian, need to use conversion function to access it.	15 years ago
Török Edvin	1bef6a803d	Update pdf.cbc.	15 years ago
Török Edvin	1678ef9e43	Fix inflate.cbc for the interpreter.	15 years ago
Török Edvin	e439954b51	Fix valgrind warnings.	15 years ago
Török Edvin	778df8c22f	Fix more leaks.	15 years ago
Török Edvin	6ea339aeab	Fix bswap.	15 years ago
Török Edvin	48fc8b9852	Leak testcase.	15 years ago
Török Edvin	b26d43809a	Add matchwithread.cbc to unit tests.	15 years ago
Török Edvin	b63681a52b	Introduce BytecodeTimeout.	15 years ago
Török Edvin	353dafc9c4	Update unit tests.	15 years ago
Török Edvin	b56bea54d3	New API for buffer fill.	15 years ago
Török Edvin	1e30496d2a	runtime checks verifier.	15 years ago
Török Edvin	0eb864b461	update unit tests.	15 years ago
Török Edvin	236fb13647	New pointer handling rules.	15 years ago
Török Edvin	2d45ef0616	Support for malloc in bytecode. Fix crash with mismatched api/flevel versions.	16 years ago
Török Edvin	9463f9fd90	Stack protector support.	16 years ago
Török Edvin	688799d126	yc_bytecode is able to unpack a file now!	16 years ago
Török Edvin	482e97dbb2	Support for bytecode lines >8k. Size is specified on first line (which must be <8k).	16 years ago
Török Edvin	284ffd21f2	Add support for null constant.	16 years ago
Török Edvin	65c740d7d8	Add support for tracing (if bytecode compiled with support). TODO: global id 0 is now a null pointer, need to adjust rest of conversion code accordingly.	16 years ago
Török Edvin	aee2f72436	Fix compiler version check for C++: autoconf needs [] to be escaped. Also sync unit tests with compiler.	16 years ago
Török Edvin	3ae0a76d03	Support for scanning files created by bytecode.	16 years ago
Török Edvin	322a0ea653	Fix bytecode load bugs. Make loading more robust: print error message instead of crashing. Able to load and dry-run yc_bytecode.o1.cbc now.	16 years ago
Török Edvin	b8656613c0	Doxygenize API headers.	16 years ago
Török Edvin	250d92c533	Sync with compiler.	16 years ago
Török Edvin	f564b09e9a	More WiP.	16 years ago
Török Edvin	ec41017bba	WiP	16 years ago
Török Edvin	88815fd801	Sync with compiler.	16 years ago
Török Edvin	d38d6dadef	Logical signature hook for bytecode.	16 years ago

1 2

77 Commits (43a28da37471b2f30efa9e814d9c23bac352fb01)