clamav

Commit Graph

Author	SHA1	Message	Date
Tomasz Kojm	b33354e55c	cosmetics (bb#2207)	14 years ago
aCaB	b99de64c6d	extend checkfp to sha1 and sha256 TODO: - add optional token in cli_loadhash - enforce md5 only in md[bu] - tune mpool?	15 years ago
aCaB	c32c98e55a	make the hdb matcher scan and whitleist with any hash type TODO: - make cli_checkfp whitelist on sha's too - enforce md5 only in md[bu] - tune mpool?	15 years ago
aCaB	3faa97834c	new hash matching	15 years ago
aCaB	125827cf0b	this commit is sponsored by Bar da Ciano	15 years ago
aCaB	2296ab0f00	add hash matching	15 years ago
Tomasz Kojm	b240ee01e3	libclamav: improve handling of HandlerType (bb#2298)	15 years ago
Tomasz Kojm	0d71068897	libclamav: pass array with initial matches to bytecode (bb#2397)	15 years ago
Török Edvin	769f37a6f6	Default off, you can turn on via 'DevLiblog'. This also replaces the cli__stats variants with a callback for stats, so that clamd can call the cl__callback variants instead, and pass the filename as context.	15 years ago
Tomasz Kojm	a0fff76f60	libclamav/matcher.c: fix stack smash with HandlerType (bb#2298)	15 years ago
Tomasz Kojm	04ec2e1977	libclamav: versioninfo hashset was not properly cached (bb#2065)	15 years ago
Török Edvin	4abbeb3a6c	Sync headers with bytecode compiler.	15 years ago
Tomasz Kojm	661e8e3f5a	minor code cleanup	15 years ago
Tomasz Kojm	7770d314ff	libclamav: allow logical sigs to be used as file type sigs (bb#2228)	15 years ago
Török Edvin	762d46e8ea	Fix matchicon bytecode API (bb #2139 ). Now you can call it both from a normal lsig triggered BC, and from a PE hook BC. The normal lsig triggered BC has exe_info (but not PE info) which allows it to invoke the icon matcher API. Also putting ICONGROUP1 into the ldb trigger of the bytecode works.	15 years ago
Török Edvin	e865b2d8e3	typo	15 years ago
Török Edvin	7882e72107	Reset virname after iconscan API called from bytecode.	15 years ago
Török Edvin	a8935f90b9	Update startup.cbc (bb #2151 ). It is a compiler bug, shortcircuiting the bigendian path to return 0xdead11. Since this test is meant to test libclamav, disable this test for now. When the compiler is fixed (bb #2157) the test can be readded.	15 years ago
Török Edvin	1dae00ebf4	bytecode: add icon match API.	15 years ago
Tomasz Kojm	9d10f054a5	libclamav/matcher: make icon sigs work with bytecode (bb#2137)	15 years ago
aCaB	453d818022	use cached metadata in icon parser, add icon unit tests	15 years ago
aCaB	2445be8c34	cli_lsig_eval use cached info	15 years ago
Tomasz Kojm	edbba730b3	clamd: add ExtendedDetectionInfo (bb#1228, #1626 )	15 years ago
Tomasz Kojm	44712fcbe7	libclamav: reduce memory usage for MD5 sigs (bb#2057)	15 years ago
Tomasz Kojm	2eafc97321	libclamav/matcher.c: fix possible use of uninit value (bb#2084)	15 years ago
Tomasz Kojm	294558a535	libclamav: minimize header parsing (bb#2065)	15 years ago
Tomasz Kojm	ffa9b06093	sigtool: print match count and offsets in --test-sigs mode (bb#2054) IMPORTANT NOTE: --test-sigs now only works against the final target file (after all processing, normalization, etc. for which the tested signature was directly created)	15 years ago
Török Edvin	cbb9db1941	Fix some error path leaks (bb #1990 ). This doesn't actually fix bb #1990 (which is about high memory usage on RHEL6), but fixes some leaks found while investigating that bug.	15 years ago
aCaB	3d7547cf6a	add collect hashes options to clamd and clamscan	15 years ago
aCaB	16b28d07ec	collect sha256 compute sha256 sha collector - build system	15 years ago
Tomasz Kojm	60dbee52c8	libclamav: make lsigs working in cli_scanscript() (bb#1998)	15 years ago
aCaB	a0c381973b	bb#1968	15 years ago
Tomasz Kojm	9e61b08595	libclamav/matcher.c: return proper virus name in icon detector (bb#1933)	15 years ago
aCaB	742b3a0e06	set dont_cache_flag on the fmap stack	15 years ago
Török Edvin	e8c2df8fbd	Be consistent about matcher_run (prefiltering) calls. cli_scanbuff called matcher_run for both troot and groot, fmap_scandesc only for one.	15 years ago
Török Edvin	fc7541f6f6	Fix NULL dereference.	15 years ago
Török Edvin	7ba110bdb3	Don't use prefiltering for BM offset mode. BM offset mode keeps tracks of offsets itself, and gets confused if chunks of input are skipped.	15 years ago
aCaB	32b1e04e64	simplify checkfp	15 years ago
Török Edvin	02eabc6d1e	Add the rest of the prefiltering glue code. This is still disabled for now (see the & 0).	16 years ago
Török Edvin	2a94c08e19	move matching code to matcher_run. No functionality change.	16 years ago
Török Edvin	ab89360583	Support for macros in logical subsignatures (bb #164 ). In the LDB there is (one or more) special subsignature ${min-max}MACROID$, which means: must match any signature from group MACROID (for current filetype), and the match must occur at a distance of min-max from the start(!) of the previous logical subsignature match. It also has the sideeffect of making the previous subsignature considered a match only if both that and the macro matches. The offset of first match for the previous logical subsig will be the offset where the {min-max} distance is satisfied. The macro logical subsignature will have a count of 0 (if it didn't match together with the previous subsig), or a count of 1 if it did. The matches can occur anywhere (even in different ac scan buffers), since I don't call cli_ac_scanbuff I just use the offset of first match (which we have for the bytecode anyway). There can be at most 32 macro groups, signatures are added to a macro group by using $MACROID$ as offset. For example pdb entries could be converted to PDB:3:$0:<hexsig of domainname> if we assign macro id 0 to PDB (and we can assign 31 more macro ids to whatever). Example: test.ldb: TestMacro;Target:0;0&1;616161;${3-4}12$ test.ndb: D:0:$12:6262 D:0:$12:6363 D:0:$11:6262 test.dat: aaaaxccdd test-nomatch.dat: aaaaxxxccdd	16 years ago
Török Edvin	57f14280a7	Fix use-after-free on bytecode load/execution. lsig->bc was referring to the bytecode directly (via a pointer), but the bytecode struct changes place in memory (it is realloced on each .cbc load). So use an index instead of the direct pointer.	16 years ago
Tomasz Kojm	baf2e702e2	libclamav: provide information about lsig matches to bytecode (bb#1799)	16 years ago
Török Edvin	f4e3421592	Support PE hook bytecodes triggered by logical signature.	16 years ago
Tomasz Kojm	570b1d0050	libclamav: cdb: drop FileType; cover ARJ, CAB, TAR, CPIO and 7Z	16 years ago
Tomasz Kojm	4168b01087	libclamav: allow lsigs be anchored to specific containers (bb#1293), eg. Container:CL_TYPE_ZIP	16 years ago
Tomasz Kojm	15f413d157	libclamav: handle zmd/rmd with cdb (bb#1579)	16 years ago
Tomasz Kojm	55094a9c76	libclamav: base code for unified container metadata matcher (bb#1579)	16 years ago
aCaB	d2ba6f98bb	matching complete	16 years ago
Tomasz Kojm	17cfd76f5b	libclamav: add support for FileSize, EntryPoint and NumberOfSections in lsig's tdb	16 years ago

1 2 3

112 Commits (738b05d5fcfd1d08cdf3d3e3a0136232c87c17e2)