6110 Commits (57549ff4806e30374e84d1cfa0e1e0cd3c3932af)

 

All Branches   

Search

Author	SHA1	Message	Date
Török Edvin	57549ff480	Obey HeuristicScanPrecedence for pdf.	15 years ago
Török Edvin	cf0f529bb3	pdf: give low priority to Heuristic signature.	15 years ago
Török Edvin	76cdacdd92	pdf: flush on stream end too.	15 years ago
Török Edvin	89590e9974	Output partially extracted blocks in pdf. ... Sometimes PDF claims the zlib data is longer/shorter than it really is. We always prefer the longest one, which can lead zlib to return an error when we run off the end. So dump the remaining extracted data from zlib's buffer to disk, it usually contains all we need already (and if not we're going to dump the raw inflate stream anyway). This fixes 3 missed samples of Exploit.PDF-60 in the regression test.	15 years ago
aCaB	1bb5a24d3e	win32 fixes: bb#2152 and bb#2153	15 years ago
Török Edvin	70c222c99c	save lsig counts/offsets (bb #2055).	15 years ago
Török Edvin	d1a28db048	Fix off by two in new pdf parser.	15 years ago
Török Edvin	762d46e8ea	Fix matchicon bytecode API (bb #2139). ... Now you can call it both from a normal lsig triggered BC, and from a PE hook BC. The normal lsig triggered BC has exe_info (but not PE info) which allows it to invoke the icon matcher API. Also putting ICONGROUP1 into the ldb trigger of the bytecode works.	15 years ago
Török Edvin	e865b2d8e3	typo	15 years ago
Török Edvin	7882e72107	Reset virname after iconscan API called from bytecode.	15 years ago
Török Edvin	a8935f90b9	Update startup.cbc (bb #2151). ... It is a compiler bug, shortcircuiting the bigendian path to return 0xdead11. Since this test is meant to test libclamav, disable this test for now. When the compiler is fixed (bb #2157) the test can be readded.	15 years ago
Török Edvin	213dfdff06	run 1 unit-test at least in test mode (bb #2151). ... Also allow running test mode if JIT is not available, still checking for failed startup.cbc execution.	15 years ago
Török Edvin	1dae00ebf4	bytecode: add icon match API.	15 years ago
Török Edvin	dc200c6b19	Add bytecode API for pdf.	15 years ago
Török Edvin	f14bf644de	Guard Heuristics.PDF.ObfuscatedNameObject by CL_SCAN_ALGORITHMIC.	15 years ago
aCaB	5b4b8ddff6	be fixes - bb#2151	15 years ago
Tomasz Kojm	e64cde8d5d	freshclam/manager.c: don't call cli_bytecode_prepare() when Bytecode is disabled in freshclam.conf (bb#2149)	15 years ago
Tomasz Kojm	9d10f054a5	libclamav/matcher: make icon sigs work with bytecode (bb#2137)	15 years ago
Török Edvin	9acc81d603	pdf: improve handling of truncated files, and fix some filter handling bugs. ... Also don't dump images by default, this will be overridable from bytecode.	15 years ago
Török Edvin	cacd0927b4	pdf: fix uninitialized values, and bytesleft.	15 years ago
Török Edvin	e8c7cc2185	pdf: avoid negative lengths. ... Thanks to nitrox for reporting.	15 years ago
Török Edvin	80db7712ec	Add filter abbreviations used in images.	15 years ago
Török Edvin	b835a528db	Some more fixes for signed/encrypted pdfs.	15 years ago
Török Edvin	edeb59b344	Some flag fixes for pdf.	15 years ago
Török Edvin	f984f75bbc	Improve handling of pdf streams. ... Also dump undecompressable streams, since we are not decrypting.	15 years ago
aCaB	a66201acd1	bump CLI_MAX_ALLOCATION - bb#2124	15 years ago
aCaB	08b5aec381	fix previous: typo in unit_tests, order in cli_exe_info	15 years ago
aCaB	453d818022	use cached metadata in icon parser, add icon unit tests	15 years ago
Tomasz Kojm	3f82dac01f	freshclam: fix parsing of extended log entries	15 years ago
Török Edvin	2a599782aa	Disable debug code in pdf.	15 years ago
Török Edvin	eb270d5a36	Improve extraction of PDF objects (bb #1596, #1994, #2029). ... Seems to extract most pdf/openaction/and streams (flate, ascii85, asciihex). Doesn't normalize extracted JS, that will be done once bytecode hooks are added.	15 years ago
Török Edvin	69650bea38	win32 build fix. ... forgot to commit.	15 years ago
Török Edvin	82f711fb28	Use FLAG_REQUIRED. ... As suggested by Tomasz.	15 years ago
Török Edvin	1e7ad51763	Fix segfault with --bytecode-mode, make it require an argument. ... Thanks to nitrox for reporting.	15 years ago
Török Edvin	d3f99af1ea	Remove duplicate header.	15 years ago
Török Edvin	dbd3ed9345	Make BC_STARTUP run a minimal self-test. ... Also change return value to something else than 0. It is too easy for buggy bytecode to return 0.	15 years ago
Török Edvin	b3b8b6dd40	Pointers are always 64-bit for interpreter. ... pointers in the interpreter are of the form: | pointer id | pointer offset |, where pointer id is an offset into an array that contains information about the pointer like its bounds.	15 years ago
Török Edvin	c09f9b2941	Fix bytecode on bigendian. ... The last commits broke it: we store bytecode constants little-endian-like, so an 8-bit constant is at offset 0, a 16-bit one at offsets 0,1; a 32-bit one at 0,1,2,3; and a 64-bit one 0,1,2,3,4,5,6,7,8. Of course the constant itself is in host-endianness.	15 years ago
Török Edvin	88d54dcb72	Fix distcheck warnings.	15 years ago
aCaB	2445be8c34	cli_lsig_eval use cached info	15 years ago
aCaB	6e76f77c44	update win32 projs	15 years ago
Török Edvin	09eeb17619	Add changelog for last commits ... For these commits: e67790c658 Add clamd handling. d049a2f72b Make bytecode tests use testmode if they want. 9f3afdb874 Add clamscan flag --bytecode-mode. b1018ea52e Fix another interpreter bug accessing structs. 669623d5a6 Fix computation of type sizes in interpreter. 9f1715ccea Add new bytecode APIs to access the environment. 0d4c99465e Add the builtin bytecode. d5ffa2acff Introduce BC_STARTUP bytecode (bb #2101, #2078). 927d054838 Add engine param to bytecode, and remove dconf from _init. ed6cd43ef0 Make clamconf use cli_detect_environment. 78f73f0f77 Add new files to build system. c85060ff79 Move environment detection code to bytecode_detect.c.	15 years ago
Török Edvin	e67790c658	Add clamd handling.	15 years ago
Török Edvin	d049a2f72b	Make bytecode tests use testmode if they want. ... None uses it yet.	15 years ago
Török Edvin	9f3afdb874	Add clamscan flag --bytecode-mode. ... This allows access to the newly introduced testmode.	15 years ago
Török Edvin	b1018ea52e	Fix another interpreter bug accessing structs. ... Now that structs are not size 0, fix accessing their fields: need to map field reads to byte offsets, not struct field index!	15 years ago
Török Edvin	669623d5a6	Fix computation of type sizes in interpreter. ... It was not computing the size of structs. Bug: all bytecodes that had structs on the stack failed with internal out-of-bounds errors. Workaround: compiler will need to avoid putting structs on stack, or do so only for FLEVEL == 0.96.2	15 years ago
Török Edvin	9f1715ccea	Add new bytecode APIs to access the environment. ... check_platform(...) is an API that can be used to: - blacklist JIT/bytecode on just a very specific platform (not recommended) - mask (with 0xf/0xff) some fields, and keep just the flags that uniquely identify the system where a bug occurs (for example linux + ppc32). - it returns a bool so you can do further checks if needed. The bytecode also has access to all the information collected from the environment, so it can make more detailed decisions (based on CPU, presence of SELinux/PaX, etc.). You can't introduce new detections via bytecode, but you can write new conditions using existing ones. The previously added builtin bytecode moved all the JIT disable logic to bytecode for easy updating.	15 years ago
Török Edvin	0d4c99465e	Add the builtin bytecode.	15 years ago
Török Edvin	d5ffa2acff	Introduce BC_STARTUP bytecode (bb #2101, #2078). ... This bytecode will be run in interpreter mode on startup: it can disable the JIT, or disable all further bytecodes. There will be a builtin copy of it that is loaded if no BC_STARTUP bytecodes were loaded (like filetypes_int.h and daily.ftm). Only one BC_STARTUP bytecode is accepted, so as soon as bytecode.cvd will contain one, it won't be overridable! This bytecode will replace all the JIT checks (CPU, selinux, pax) etc., and allows to disable the JIT on just specific OS/arch/compiler/etc. combinations. There are too many combinations to have a dconf flag for each. Also fix the bytecode dconf so that the individual JIT_* flags actually work (previously we could disable the entire JIT, or none at all). Also introduce preliminary support for bytecode test mode (we already have auto, jit and interpreter mode, introducing another mode here is easiest). The test mode doesn't actually compare the outputs yet, but it does fail if the JIT is disabled / falls back to interpreter.	15 years ago