206dbaefe8
Update copyright dates for 2020
6 years ago
97a0647e88
Additional variable type changes for correctness and to silence warnings. A handful of other minor changes to silence warnings. Corrected a number of function definitions so they return cl_error_t rather than int.
6 years ago
4de072327a
Rename MAX_BC to MAX_TRACKED_BC for consistency
6 years ago
1b5a59c416
bytecode - J867 - fix memory leak that occurs withn the bytecode interpreter while libjson is enabled
6 years ago
c84683f2f4
Mach-O bytecode unpackers
6 years ago
2b776e4b89
Linux bytecode unpackers
6 years ago
df8dfda9cd
Address code-review comments, fix several memleaks
...
Changes include:
- Fixing several memory leaks noticed when running with ASan
- Adds documentation for several functions and structs
- Simplifies the interface for using cli_targetinfo_init/destroy
and cli_exe_info_init/destroy
- A few other minor changes
6 years ago
7ba310e605
PE parsing code improvements, db loading bug fixes
...
Consolidate the PE parsing code into one function. I tried to preserve all existing functionality from the previous, distinct implementations to a large extent (with the exceptions mentioned below). If I noticed potential bugs/improvements, I added a TODO statement about those so that they can be fixed in a smaller commit later. Also, there are more TODOs in places where I'm not entirely sure why certain actions are performed - more research is needed for these.
I'm submitting a pull request now so that regression testing can be done, and because merging what I have thus far now will likely have fewer conflicts than if I try to merge later
PE parsing code improvements:
- PEs without all 16 data directories are parsed more appropriately now
- Added lots more debug statements
Also:
- Allow MAX_BC and MAX_TRACKED_PCRE to be specified via CFLAGS
When doing performance testing with the latest CVD, MAX_BC and
MAX_TRACKED_PCRE need to be raised to track all the events.
Allow these to be specified via CFLAGS by not redefining them
if they are already defined
- Fix an issue preventing wildcard sizes in .MDB/.MSB rules
I'm not sure what the original intent of the check I removed was,
but it prevents using wildcard sizes in .MDB/.MSB rules. AFAICT
these wildcard sizes should be handled appropriately by the MD5
section hash computation code, so I don't think a check on that
is needed.
- Fix several issues related to db loading
- .imp files will now get loaded if they exist in a directory passed
via clamscan's '-d' flag
- .pwdb files will now get loaded if they exist in a directory passed
via clamscan's '-d' flag even when compiling without yara support
- Changes to .imp, .ign, and .ign2 files will now be reflected in calls
to cl_statinidir and cl_statchkdir (and also .pwdb files, even when
compiling without yara support)
- The contents of .sfp files won't be included in some of the signature
counts, and the contents of .cud files will be
- Any local.gdb files will no longer be loaded twice
- For .imp files, you are no longer required to specify a minimum flevel for wildcard rules, since this isn't needed
6 years ago
d1f7ff12a3
Prettify printing of bytecode arguments
6 years ago
52cddcbcfd
Updating and cleaning up copyright notices.
6 years ago
72fd33c8b2
clang-format'd using new .clang-format rules.
6 years ago
d39cb6581f
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
7 years ago
d7979d4ff7
Restructured scan options flags from a single bitflag field to a structure containing multiple bitflag fields. This also required adding a new function to the bytecode API to get scan options a la carte, and modifying the existing function to hand back scan options in the old/deprecated uint32_t bitflag format. Re-generated bytecode iface header files.
...
Updated libclamav documentation detailing new scan options structure.
Renamed references to 'algorithmic' detection to 'heuristic' detection. Renaming references to 'properties' to 'collect metadata'.
Renamed references to 'scan all' to 'scan all match'.
Renamed a couple of 'Hueristic.*' signature names as 'Heuristics.*' signatures (plural) to match majority of other heuristics.
7 years ago
964a1e7321
Converting http urls to https urls. Primary focus was on clamav.net urls. I updated a couple others and fixes a few broken links as well. There are many (non-clamav.net) urls I didn't address, especially in 3rd party or contrib code.
8 years ago
7cd9337a70
Spelling Adjustments ( #30 )
...
* spelling: accessed
* spelling: alignment
* spelling: amalgamated
* spelling: answers
* spelling: another
* spelling: acquisition
* spelling: apitid
* spelling: ascii
* spelling: appending
* spelling: appropriate
* spelling: arbitrary
* spelling: architecture
* spelling: asynchronous
* spelling: attachments
* spelling: argument
* spelling: authenticode
* spelling: because
* spelling: boundary
* spelling: brackets
* spelling: bytecode
* spelling: calculation
* spelling: cannot
* spelling: changes
* spelling: check
* spelling: children
* spelling: codegen
* spelling: commands
* spelling: container
* spelling: concatenated
* spelling: conditions
* spelling: continuous
* spelling: conversions
* spelling: corresponding
* spelling: corrupted
* spelling: coverity
* spelling: crafting
* spelling: daemon
* spelling: definition
* spelling: delivered
* spelling: delivery
* spelling: delimit
* spelling: dependencies
* spelling: dependency
* spelling: detection
* spelling: determine
* spelling: disconnects
* spelling: distributed
* spelling: documentation
* spelling: downgraded
* spelling: downloading
* spelling: endianness
* spelling: entities
* spelling: especially
* spelling: empty
* spelling: expected
* spelling: explicitly
* spelling: existent
* spelling: finished
* spelling: flexibility
* spelling: flexible
* spelling: freshclam
* spelling: functions
* spelling: guarantee
* spelling: hardened
* spelling: headaches
* spelling: heighten
* spelling: improper
* spelling: increment
* spelling: indefinitely
* spelling: independent
* spelling: inaccessible
* spelling: infrastructure
Conflicts:
docs/html/node68.html
* spelling: initializing
* spelling: inited
* spelling: instream
* spelling: installed
* spelling: initialization
* spelling: initialize
* spelling: interface
* spelling: intrinsics
* spelling: interpreter
* spelling: introduced
* spelling: invalid
* spelling: latency
* spelling: lawyers
* spelling: libclamav
* spelling: likelihood
* spelling: loop
* spelling: maximum
* spelling: million
* spelling: milliseconds
* spelling: minimum
* spelling: minzhuan
* spelling: multipart
* spelling: misled
* spelling: modifiers
* spelling: notifying
* spelling: objects
* spelling: occurred
* spelling: occurs
* spelling: occurrences
* spelling: optimization
* spelling: original
* spelling: originated
* spelling: output
* spelling: overridden
* spelling: parenthesis
* spelling: partition
* spelling: performance
* spelling: permission
* spelling: phishing
* spelling: portions
* spelling: positives
* spelling: preceded
* spelling: properties
* spelling: protocol
* spelling: protos
* spelling: quarantine
* spelling: recursive
* spelling: referring
* spelling: reorder
* spelling: reset
* spelling: resources
* spelling: resume
* spelling: retrieval
* spelling: rewrite
* spelling: sanity
* spelling: scheduled
* spelling: search
* spelling: section
* spelling: separator
* spelling: separated
* spelling: specify
* spelling: special
* spelling: statement
* spelling: streams
* spelling: succession
* spelling: suggests
* spelling: superfluous
* spelling: suspicious
* spelling: synonym
* spelling: temporarily
* spelling: testfiles
* spelling: transverse
* spelling: turkish
* spelling: typos
* spelling: unable
* spelling: unexpected
* spelling: unexpectedly
* spelling: unfinished
* spelling: unfortunately
* spelling: uninitialized
* spelling: unlocking
* spelling: unnecessary
* spelling: unpack
* spelling: unrecognized
* spelling: unsupported
* spelling: usable
* spelling: wherever
* spelling: wishlist
* spelling: white
* spelling: infrastructure
* spelling: directories
* spelling: overridden
* spelling: permission
* spelling: yesterday
* spelling: initialization
* spelling: intrinsics
* space adjustment for spelling changes
* minor modifications by klin
8 years ago
c9a070c9d3
More cleanup re: variables possibly used before initialized.
8 years ago
653b471b5b
eliminating format-string related warnings that appear on ubuntu 16.04 x64.
8 years ago
7e64560ce5
eliminating warnings that cropped up in 32bit ubuntu (16.04)
8 years ago
d18d72219f
Eliminating warnings, converting iterator variables to size_t when used to compare against sizeof(). added a couple of missing #includes.
8 years ago
60aad52faf
bc - adding bc_idx sanity check when running bc lsigs
9 years ago
d32e039654
fix cli_bcapi_extract_new() return code path virus reporting.
9 years ago
cbf5017a7d
bb11805 fix multiple results. Refactor false positive and heuristic precedence logic.
9 years ago
fd43d6103c
bb11742 - fix compiler warnings. Patch contributed by Ruga.
9 years ago
22cb38ed24
pull request #53(2/4): Spelling fix by klemens(ka7).
9 years ago
46a35abe56
mass update of copyright headers
10 years ago
8bbaf7f9e5
Revert "bb11092: fix up printf format with LFS using patch by Sebastian Andrzej Siewior."
...
- Unit test failing and no windows support.
This reverts commit 8f50c4a179
11 years ago
8f50c4a179
bb11092: fix up printf format with LFS using patch by Sebastian Andrzej Siewior.
11 years ago
fe54f710fc
clambc info option updated for new hook type
11 years ago
47c2d618cd
added BC_PRECLASS hook support; replaces target type 13
11 years ago
90379a9e98
fixed formatting for short names in perf tracking
11 years ago
5c2c723361
added pcre execution time and match performance tracking
...
fixed an issue with statistics reporting with no signatures loaded
11 years ago
99e22630f4
opts: converted bytecode-statistics to generic statistics w/ strarg
11 years ago
032ec2192e
fixed issue in bytecode statistics avg time reporting
11 years ago
7c9c4fab22
bytecode: various changes from code review
12 years ago
0b28c74878
Assign the right type in cli_bytetype_helper
12 years ago
5b5be2a65d
win32: fixed additional OS specific build issues
...
bc2llvm: removed redundant macro causing issues in win32
12 years ago
0ff13b3138
clambc: added diagnostic tools for bytecode IR
...
clambc: added option to print bytecode IR
TODO: add diagnostic functions to win32 project
Conflicts:
shared/optparser.c
12 years ago
cd94be7a52
Silence a bunch of compiler warnings in libclamav
12 years ago
60d8d2c352
Move all the crypto API to clamav.h
12 years ago
c6a3b294a9
bytecode: fixed a compiler issue and warnings
12 years ago
3107a6c24f
bytecode: fixed issue with older versions of g++
12 years ago
f3575db23c
bytecode: added json-specific ctx members
12 years ago
b2e7c931d0
Use OpenSSL for hashing.
12 years ago
dac4e48755
libclamav: non-LLVM interpreter, fix edge check, cid #10432 & #10446
13 years ago
6a9086d240
libclamav: cli_bytecode_prepare_interpreter() free in error case, cid #10504 & #10505
13 years ago
241e7eb147
bb6258 - Add warnings when allocations fail
13 years ago
9691454612
bb6091 - check lseek() return
13 years ago
8254e4adb5
cwu_cid#_10269: fix 10269
13 years ago
3bd9a14c8c
Fixed coverity bugs 11378, 11379, 11380
13 years ago
16c4fcdd10
performance statistics for bytecode hooks
13 years ago
Micah Snyder