clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder (micasnyd)	8db5fcae6f	Add unit tests for conv to UTF-8 Also relocated codepage table from msdoc.h to entconv.h Also adds new macros for codepages to reduce use of magic numbers when referencing code pages elsewhere in libclamav.	5 years ago
Micah Snyder (micasnyd)	407407c98c	clamd clients: Mitigate move/remove symlink attack A malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the `--move` or `--remove` options for clamscan, clamdscan, and clamonacc. This patch gets the real path for the scan target before the scan, and if the file alerts and the --move or --remove quarantine features are used, it mitigates the symlink attack by traversing the path one directory at a time until reaching the leaf directory where the scan target file resides before unlinking (or renaming) the file directly. This commit applies a similar tactic used in the previous commit for Windows builds, using the Win32 Native API to traverse a path and delete or move files by handle rather than by file path. I had some trouble using SetFileInformationByHandle to rename a file by handle, so for Windows instead it will copy the file to the new location and then use the safe unlink technique to remove the old file. If the symlink attack occurs, the unlink will fail, and the system will not be damaged. For more information about AV quarantine attacks using links, see the [RACK911 Lab's report](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software)	5 years ago
Micah Snyder	9b9999d778	Rename core scanning functions Many of the core scanning functions' names no longer represent their specific purpose or arguments. This commit aims to make the names more intuitive. Names are now prefixed with "magic" if they involve file-typing and file-type parsing. In addition, each function now includes the type of input being scanned whether its "desc", "fmap", or "buff". Some of the APIs also now specify "type" to indicate that a type other than "ANY" may be passed in to select the type rather than use file type magic for type recognition. \| current name \| new name \| \| ------------------------- \| --------------------------------- \| \| magic_scandesc() \| cli_magic_scan() \| \| cli_magic_scandesc_type() \| <delete> \| \| cli_magic_scandesc() \| cli_magic_scan_desc() \| \| cli_base_scandesc() \| cli_magic_scan_desc_type() \| \| cli_partition_scandesc() \| <delete> \| \| cli_map_scandesc() \| magic_scan_nested_fmap_type() \| \| cli_map_scan() \| cli_magic_scan_nested_fmap_type() \| \| cli_mem_scandesc() \| cli_magic_scan_buff() \| \| cli_scanbuff() \| cli_scan_buff() \| \| cli_scandesc() \| cli_scan_desc() \| \| cli_fmap_scandesc() \| cli_scan_fmap() \| \| cli_scanfile() \| cli_magic_scan_file() \| \| cli_scandir() \| cli_magic_scan_dir() \| \| cli_filetype2() \| cli_determine_fmap_type() \| \| cli_filetype() \| cli_compare_ftm_file() \| \| cli_partitiontype() \| cli_compare_ftm_partition() \| \| cli_scanraw() \| scanraw() \|	5 years ago
Mickey Sola	5e3322d58d	str - add cli_strntoul to libclamav.map	5 years ago
Micah Snyder	f907e4b4d7	bb12431: Freshclam progress bar fixes Disable line wrap when printing the progress bar so that small terminal windows do not see excessive lines printed. Reduce the number of characters in the progress bar to accomodate 80-char width terminals. Correctly display number of kilobytes (KiB) in progress bar. Previously was showing # of MiB but printing "KiB".	5 years ago
Micah Snyder	bcb4505e60	bb12370 - cli_strndup and other str* replacements must be built and exported for every OS to be used outside of libclamav on systems that don't have the original functions (e.g. strndup). This commit renames the macros to be uppercase, renames the replacement functions to be preceeded with two understores (e.g. __cli_strndup), and removes the ifdef's so that they are built regardless, because there are no ifdefs in libclamav.map.	6 years ago
Micah Snyder (micasnyd)	83e19b9634	Removed exported but unused symbols from .map files due to complaints by the compiler on Solaris 11, gcc 7.	6 years ago
Andrew	92088f91f1	Add support for cert blacklisting and whitelisting upfront Instead of checking the Authenticode header as an FP prevention mechanism, we now check it in the beginning if it exists. Also, we can now do actual blacklisting with .crb rules (previously, a blacklist rule just let you override a whitelist rule).	6 years ago
Micah Snyder	155eaaad8b	bb12284 - Fix to prevent path traversal when using cli_genfname() to generate filenames that may retain path and filename information. Changed scanrar so that it will no longer retain path information for extracted files.	6 years ago
Micah Snyder	50f178dc63	fuzz - 12166 - Fix for 4-byte out of bounds write wherein the an invalid struct pointer member variable is set to zero. The fix adds bounds checking to the Uniq storage 'add' function as well as error code checks. Included a lot of new inline documentation.	6 years ago
Mickey Sola	da0f732049	cli - exporting cli_strndup	8 years ago
Kevin Lin	3cc632adc8	sigtool: properly generates and reports pe section hashes (mdb)	9 years ago
Steven Morgan	1f1bf36b8e	Add 'virus found' callback. Refactor scan-all API.	10 years ago
Kevin Lin	d002f43eef	sigtool: added usage of cli_ldbtokenize to sigtool sigtool: handles signature modifiers	10 years ago
Mickey Sola	c1bc49e71c	Adding ascii file normalization option to sigtool.	10 years ago
Kevin Lin	b2197a09ce	unit_test: pcre and sigopt test cases added to check_matchers	10 years ago
Kevin Lin	69cfee94e5	unit_test: basis for pcre subsig testing	10 years ago
Shawn Webb	929090d615	Add strlcat functionality. Rely on existing strlcat and strlcpy if they are available.	11 years ago
Kevin Lin	5c2c723361	added pcre execution time and match performance tracking fixed an issue with statistics reporting with no signatures loaded	11 years ago
Kevin Lin	0ff13b3138	clambc: added diagnostic tools for bytecode IR clambc: added option to print bytecode IR TODO: add diagnostic functions to win32 project Conflicts: shared/optparser.c	11 years ago
Kevin Lin	152a0e3900	added cl_engine_set_clcb_file_props to libclamav map added file_props_cb and data settings transfer	11 years ago
Shawn Webb	d1d9d14674	Fix typo	11 years ago
Shawn Webb	387021619b	Turn stats into an opt-in feature rather than an opt-out feature for the 0.98.2 release	11 years ago
Shawn Webb	da6e06dd68	Provide further abstractions to the OpenSSL integration work	11 years ago
Shawn Webb	4fa2f50832	Revert "bb9735 - Add ability to purge engine cache" This reverts commit `433a335fb9`.	11 years ago
Shawn Webb	433a335fb9	bb9735 - Add ability to purge engine cache	11 years ago
Shawn Webb	b2e7c931d0	Use OpenSSL for hashing.	11 years ago
Shawn Webb	f2571e344b	First initial commit of the stats gathering feature Conflicts: libclamav/Makefile.am libclamav/Makefile.in libclamav/others.c libclamav/others.h unit_tests/Makefile.in	11 years ago
Steven Morgan	4896ecf6b7	bb#5341 - Change floating point byte order check from compile time to run time.	12 years ago
Shawn Webb	3ca11170c7	bb#8847 - ClamAV 0.97.x - 0.98 fail to match mdb signatures	12 years ago
David Raynor	9bbe52b843	sigtool: Add print-certs command to allow dumping certs without a scan	12 years ago
Steve Morgan	54402320c0	Add bytecode performance statistics	13 years ago
Török Edvin	09c443576f	these are macros now	14 years ago
Török Edvin	8d9abc9669	funmap is inline func now.	14 years ago
Török Edvin	e86311ab4e	archive metadata callback	14 years ago
Török Edvin	e2c4bf6921	export cl_fmap_close	14 years ago
Török Edvin	0eafa898e9	fix utf16_to_utf8, and add testcase	14 years ago
Török Edvin	2c507c4107	fix map	14 years ago
Török Edvin	c74f32a686	export filetype cb	14 years ago
Török Edvin	3f87732935	export filetype cb	14 years ago
Török Edvin	62ee12b2f8	unit tests for new fmap scan API	14 years ago
Tomasz Kojm	d5fde2eb61	sigtool: add new options --sha1 and --sha256	15 years ago
Török Edvin	769f37a6f6	Default off, you can turn on via 'DevLiblog'. This also replaces the cli__stats variants with a callback for stats, so that clamd can call the cl__callback variants instead, and pass the filename as context.	15 years ago
Török Edvin	12d486d95c	Add disasmer function to private symbols.	15 years ago
Török Edvin	540fc128a0	freshclam is using private symbol that changed proto (bb #2187 ). Change name to prevent crash with 0.96.1 freshclam and 0.96.2 libclamav. You'll get a missing symbol error.	15 years ago
Török Edvin	78f73f0f77	Add new files to build system.	15 years ago
Tomasz Kojm	edbba730b3	clamd: add ExtendedDetectionInfo (bb#1228, #1626 )	15 years ago
Tomasz Kojm	9309eff041	freshclam: fix memleak when testing safebrowsing.cvd (bb#2091)	15 years ago
aCaB	eb422a03cf	callback draft - WIP	15 years ago
Tomasz Kojm	ffa9b06093	sigtool: print match count and offsets in --test-sigs mode (bb#2054) IMPORTANT NOTE: --test-sigs now only works against the final target file (after all processing, normalization, etc. for which the tested signature was directly created)	15 years ago

1 2 3

124 Commits (b849bbd02eabc0f948930e893bee2e0590a6e8b2)