clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder	20dfea9d98	fuzz - 12142 - Fix for potential memory and file descriptor leak in HTML normalization code.	6 years ago
Micah Snyder	c500b68021	fuzz - 12133 - Fix for memory leak in ARJ decoder failure condition.	6 years ago
Micah Snyder	da8d941cc8	fuzz - 12131, 12132, 12205 - Speed up PDF parse speed for truncated (or otherwise malformed) PDFs.	6 years ago
Micah Snyder	098d2adb09	fuzz - 12122 - Fix to memory leak by properly free'ing the dirname variable in OLE2 parser.	6 years ago
Mickey Sola	d86e0a3be7	fuzz - 12528 - fixing left shift issue with OLE2 and utf16 to ascii decoding	6 years ago
Mickey Sola	a478126302	fuzz - 12306 - ARJ decode left shift and int storage checks added	6 years ago
Mickey Sola	1feebda93b	fuzz - 12260 - fixing undefined shift issue when handling javascript escape sequences during hex to int conversion	6 years ago
Mickey Sola	9d283802bb	fuzz - 12183, 12311 - fixing screnc base64 undefined leftshifts, correcting types, and placing checks to fix int storage size issues with HTML normalizer	6 years ago
Mickey Sola	0cff42fbc3	fuzz - 12251, 12194 - fixing left shifting issue with upx decoding when determining back offsets	6 years ago
Jonas Zaddach	d1f7ff12a3	Prettify printing of bytecode arguments	6 years ago
Mickey Sola	393edc437d	automake'd	6 years ago
Micah Snyder	8e765853d0	Updating generated yara_grammar and yara_lexer files. Including modification to yara_grammar.y to include yara_compiler.h in both the .h and .c file, as previously it was manually added to the .h file which causes build failures if you don't realize this and need to recompile the yacc file.	6 years ago
Micah Snyder	52cddcbcfd	Updating and cleaning up copyright notices.	6 years ago
Micah Snyder (micasnyd)	2b5c743d1e	bb12232: Message should have been printed at the debug level instead of error level.	6 years ago
Micah Snyder	748fa6b09e	Adding static clamav-types.h for native Windows builds. Supporting changes to hashtab appear to be needed because cltypes.h no longer automatically brings in claamav-config.h.	6 years ago
Micah Snyder	8d53f30804	Added 0.101.1 version information, flevel enum value. Increased the FLEVEL setting to 110 for 0.102.0 devel. Increased the libclamav revision value to account for the clamav-types.h change.	6 years ago
Micah Snyder	b3e82e5e61	Replacing libclamav/cltypes.h with clamav-types.h.in, which generates a header clamav-types.h that we install alongside clamav.h.	6 years ago
Mickey Sola	9ca0e9f3ef	j475 - fixing invalid read issue caused by uninitialized buffer	6 years ago
Micah Snyder	2e26e12cab	Changing ClamAV version number from 0.101.0 to 0.102.0-devel.	6 years ago
Micah Snyder (micasnyd)	ce6402f7fe	Added oss-fuzz integration.	6 years ago
Micah Snyder	72fd33c8b2	clang-format'd using new .clang-format rules.	6 years ago
Micah Snyder	38fe8b69a0	Added .clang-format style rules, clam-format script to automate formatting of ClamAV code, and preparing select files so that clang-format does not alter carefully formatted sections.	6 years ago
Micah Snyder	9ad37622ae	Fixing variable name in #else condition that broke the build on freebsd, other non-linux, non-mac, non-windows os's.	7 years ago
Mickey Sola	29267a8859	bcomp - removing const qualifier from working comp buffers	7 years ago
Mickey Sola	0ef888f546	bcomp - reverting change that forced scanning on raw files only	7 years ago
Mickey Sola	dbb60dc9a8	bcomp - fixing signedness issue with large extracted binary values	7 years ago
Micah Snyder (micasnyd)	cc12e21dd2	bb12221: Fix for subtle type-mismatch that could result in an infinite loop with a large number of sigs.	7 years ago
Micah Snyder (micasnyd)	7e7663abf6	libclamav / clamav.h documentation updated both to clean up existing documentation and to add new documentation.	7 years ago
Micah Snyder	3c43fffda7	Improvements to signature writing documentation. Notably the inclusion of a comprehensive CL_TYPE file type reference, requested by in bb11408.	7 years ago
Micah Snyder (micasnyd)	2f28382694	Updated version string to 0.101-rc and incremented the FLEVEL to 101.	7 years ago
Micah Snyder (micasnyd)	4d3feda9c1	Aligning libclammspack version-info with upstream libmspack version-info (1:0:1 for libmspack 0.8alpha).	7 years ago
Micah Snyder (micasnyd)	fef94048c8	bb12220: Converting strnlen() calls to cli_strnlen() for systems such as Solaris 10 where strnlen() is not available. Adding #else clause to cli_get_filepath_from_filedesc() for platforms where we have not implemented a mechanism to determine the filename from the file descriptor.	7 years ago
Micah Snyder	e766303b2f	Removing final references to libmspack-0.5alpha, preventing make dist.	7 years ago
Micah Snyder	ebea41ed64	Moving variable declaration to top of function because ‘for’ loop initial declarations are only allowed in C99 mode.	7 years ago
Micah Snyder	311c3501e4	Autojunk'd	7 years ago
Micah Snyder	420426dd5f	Incrementing the libclamav version numbers to 9.0.0 and setting the version strings to 0.101.0-beta.	7 years ago
Andrew	7f46503595	Allow the NULL to be missing on all AlgorithmIds Some of the MS samples previously covered by ClamAV have AlgorithmIdentifiers that omit the (required) NULL byte, and I had changed the code to make this a hard requirement in some places. Now we allow this is in all cases. Also, I simplified the countersignature parsing code so that any valid RSA OID is supported in the digestEncryptionAlgorithm field... This makes the code cleaner and should avoid any future variations from the specification (if SHA1RSA is an acceptable value to pass, SHA256RSA probably is too)	7 years ago
Andrew	64ecd1099c	Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat file	7 years ago
Andrew	b9b4c36c8b	Update tbshash to have enough space for SHA512 hashes	7 years ago
Andrew	50d1a0b6e9	Make --dumpcerts be more consistent, improve cert processing This commit makes the following changes: - --dumpcerts will print certificates even if they already exist in any .crb files loaded - --dumpcerts will print certificates only once - Having a whitelist CRB rule on a leaf certificate should no longer prevent signature verification from happening. NOTE, this doesn't mean that you can have whitelist rules for leaf certificates and have that result in a trusted signature - that doesn't work yet - Determining whether a certificate is blacklisted now includes comparing the public key data (modulus and exponent) in addition to the subject and serial hashes - If a blacklisted certificate is detected, the code will return immediately instead of continuing on to parse the rest of the signature	7 years ago
Andrew	db39ba2a4d	Add debug message in the case where a seemingly useless cert is detected	7 years ago
Andrew	5df252e7cd	Set the certSign flag for certificates without a KeyUsage The MS MD5 root cert doesn't have the KeyUsage set and appears to validate just fine	7 years ago
Andrew	4ef79cfcbf	Fix a memory leak that occurs when a PE is whitelisted due to a valid signature	7 years ago
Andrew	b1c135393b	Allow x509 certs with v1 TBSCertificate sections in the timestamp chain There are some Windows binaries that have certificates with version 1 TBSCertificate sections. This technically isn't allowed by the spec, but the Windows API still seems to report these are being OK	7 years ago
Andrew	0bbf4e13a6	Fix a bug causing nested signatures to trigger the no-countersignature case In an earlier commit, I mistakenly check for whether a nested signature has been seen when determining whether a countersignature is present instead of checking that the countersignature has been seen	7 years ago
Andrew	d28779ec6a	Allow for the timestampToken OID in place of pkcs7-data OID in the countersignature	7 years ago
Andrew	796cf4ced9	Allow '0' as a counterSignature version The spec says this value should be 1, but some binaries have it at zero and still appear to validate successfully by the Windows API	7 years ago
Andrew	0973eb97be	Add more support for SHA384/SHA512 I think SHA384/SHA512 hashes are supported in all parts of the authenticode signature now	7 years ago
Andrew	15c54ab6ba	Allow <hashtype>WithRSAEncryption OIDs when expecting <hashtype> OIDs Some of the signature seem to use the former instead, and it appears to be accepted as legitimate, so allow it.	7 years ago
Andrew	ecae7f1976	Fix bug in how ptrs to file data are used for computing Authenticode hash We used to get a pointer to file data without locking and for some samples this pointer would be invalidated by the time we used it. Now, we just store the offset for the sections that should be hashed as part of the Authenticode hash computation and get the file data pointer right before it's needed.	7 years ago

1 2 3 4 5 ...

4451 Commits (5383eeae49d18bf59de427d16ea3f12d61d8b899)