clamav

Commit Graph

Author	SHA1	Message	Date
Andrew	1b5c9f72e3	[WIP] Add support for SHA256 signatures Everything should be working, but I'm having a hard time finding a binary to test with that doesn't encounter other parsing issues (no countersignature, extra data in the unauthenticatedAttributes section, etc.)	7 years ago
Andrew	12341e15de	Add more debug messages in fail cases, more comments, minor changes	7 years ago
Andrew	ee769cc765	Replace (most) ASN1 magic values with #defines	7 years ago
Andrew	937c42e113	Fix white space formatting, replace tabs with spaces	7 years ago
Micah Snyder (micasnyd)	9280b4ea0f	Fix for 3 pdf parsing bugs introduced with the addition of object stream parsing, identified in regression testing.	7 years ago
Mickey Sola	821b1f5182	bcomp - fixing issue where whitespace normalization buffer wasn't being freed, fixing issue where little endian normalization was being done on the file buffer and not the normalized whitepsace buffer, fixed issue where auto detection wasn't being done on normalized whitespace buffer	7 years ago
Mickey Sola	4bc3b6c3c1	bcomp - fixing issue with little-endian odd-nibble hex evaluation where the normalized numbered of bytes were not being read via strntoul	7 years ago
Mickey Sola	ad94912c86	bcomp - fixing issue where autodetect would not identify decimals when bytelen was less than 3, fixing issue with little endian hex normalization where unwanted nibbles were being evaluated	7 years ago
Mickey Sola	371d43083d	bcomp - fixing issue with whitespacing padding, fixing issue with little endian extraction of odd nibbled hex sequences, refactoring hex/decimal auto checking and hex buffer normalization code, fixing issue with normalization where it was possible to evaluate unwanted hex bytes, fixing issue with big endian conversion of decimal extracted sequence values after use of cli_strntoul	7 years ago
Mickey Sola	6ad41ab25f	bcomp - fixing case where automatic detection would fail against little endian hex values; removing code for little endian decimal support; fixing some clang warnings; fixes for hexidecimal detection in sli_strnto functions; updating documentation	7 years ago
Mickey Sola	65a6842272	bcomp - normalizing buffer for little endian hex comparison and simplifying automatic hex or decimal checks	7 years ago
Mickey Sola	85f528e8aa	bcomp - adding option for automatic detection and extraction of decimal or hex values from the buffer	7 years ago
Mickey Sola	e2e36c9f01	bcomp - updating documentation to account for new byte extraction options and comma separated comparisons	7 years ago
Mickey Sola	d7d58a5847	bcomp - changing map to use original scan buffer to account for normalization offset discrepancies--patch based on suggested solution by Micah	7 years ago
Mickey Sola	dc3b273fbc	bcomp - adding comma seperated comparison statement evaluations for single subsigs	7 years ago
Mickey Sola	4617e707c9	bcomp - adding ac_chklsig verification to fix reference subsig match checking; fixing double result print when using all match; fix to ensure extracted binary bytes retain their signedness	7 years ago
Mickey Sola	70170a6600	bcomp - updating messaging output to be consistent across the matcher file	7 years ago
Mickey Sola	178d030380	bcomp - updating and fixing binary extraction based on Micah's suggested solution; adding ability to compare and extract negative values	7 years ago
Mickey Sola	b7001d680e	bcomp - revamping option parsing; adding binary byte extraction; adding exact byte length matching option	7 years ago
Mickey Sola	2b6c456a1b	bcomp - updates and fixes following code review	7 years ago
Mickey Sola	f662034bc1	bcomp - adding initial sigtool support for byte compare signatures	7 years ago
Mickey Sola	17360f03be	scan_options - fixing up segfault caused by zeroed out scan_options struct when using sigtool to test signatures	7 years ago
Mickey Sola	88567a4291	bcomp - adding best effort matching when no offset is found for a referenced subsigid	7 years ago
Mickey Sola	efad2ac142	bcomp - updating signatures.md with byte compare info	7 years ago
Mickey Sola	d2f48a2c68	bcomp - updating SCAN_ALL to comply with new SCAN_ALLMATCHES check	7 years ago
Mickey Sola	dfa92896d2	bcomp - general fixups and cleanup for byte compare code	7 years ago
Mickey Sola	18ff502920	refactoring byte compare functionality as a subsig; adding loader and matchers for bytecompare subsig	7 years ago
Mickey Sola	9e408e7658	bb4007 - adding pcre byte sequence comparison functions	7 years ago
Mickey Sola	ecbdd3864f	bb4007 - adding pcre flag for byte sequence comparison	7 years ago
Micah Snyder (micasnyd)	f3fd2ac2e3	Adjustment to Zip extraction logic to make Z_BUF_ERROR error code non-fatal, allowing scans of partially decompressed files.	7 years ago
Micah Snyder (micasnyd)	9a54f5ccd7	Documentation improvements regarding ClamAV installation, initial setup.	7 years ago
Micah Snyder	3b789ae6a4	Updated from libmspack-0.7.1alpha to libmspack-0.8alpha.	7 years ago
Micah Snyder	7b563ca798	Enabling configure option --with-system-libmspack that will allow use of libmspack installations in /usr or /usr/local in favor of the version provided by ClamAV.	7 years ago
Micah Snyder	4010925608	Re-applying libmspack adjustments to extract and scan files from archives that are non-standard and may appear to be corrupted or may in fact be corrupted. Differences from previous implementation: Fewer debug log messages. No normalization of filenames found in CAB archives. Implemented new param that enabled the best-effort attempt to extract possibly malformed archives. Used set_param() to enabled the FIXMSZIP option where it was previously hardcoded. Opted to provide the -Wno-unused-parameter CFLAG to the compiler in place of explicitely indicating unused parameters in each function. Omitted changes to mszipd.c and also omitted quantum decompression (qtmd.c) infinite loop protection because it appears to have been fixed in the newer libmspack.	7 years ago
Micah Snyder	d3f2158617	Win32 build system updates to account for relocating libmspack and updating to libmspack 0.7.1alpha (had to re-add mspack.def)	7 years ago
Micah Snyder	3e6a202642	Replaced modified libmspack-0.5alpha with libmspack-0.7alpha (vanilla).	7 years ago
Micah Snyder	b563e84083	Moved libmspack-0.5alpha from libclamav to libclammspack, and restructured the build so that there should be no need to modify the libmspack build files in the future (i.e. libmspack autoconf and automake files aren't actually used).	7 years ago
Micah Snyder (micasnyd)	78606d72ed	Correction to logic enabling/disabling heuristic alerts.	7 years ago
Micah Snyder	20e3cfc08a	bb12170: Added pointer arithmetic guards to PE MEW unpacking code.	7 years ago
Micah Snyder	a8370a7a1e	Adjusted log verbosity for the OnAccessExtraScanning message to only print if LogVerbose is enabled.	7 years ago
Micah Snyder	531ba0a361	Adding FUNC_LEVEL_0100_2 to bytecode api following recent 0.100.2 release.	7 years ago
Micah Snyder (micasnyd)	3d9620db54	Disabled OnAccessExtraScanning and provided a warning when starting clamd if it's enabled as well as a note in the sample clamd.conf.	7 years ago
Russ Kubik	6a591aa48e	Prevent shared libraries from being loaded by libclam when statically linking unrar libraries (#148 )	7 years ago
Micah Snyder (micasnyd)	cca445ee87	Correction to enabling dev-performance bug introduced with the scan options change, and enablig dev-performance on Mac.	7 years ago
Micah Snyder (micasnyd)	56bb195e07	bb12102: adding CL_TYPE_LNK for Windows Shortcut Files.	7 years ago
Micah Snyder	8cf9b527b0	Updated win32 3rdparty libxml2 to version 2.9.8.	7 years ago
Micah Snyder (micasnyd)	48bbb12a79	Updated win32 3rdparty pcre library to pcre2 version 10.31.	7 years ago
Micah Snyder	d77b8ae0fb	Fixes to a handful of bugs identified during regression testing of PDF and UnRAR changes. Fix for minor memory leak in fmap_dump_to_file(). Fix to PDF object stream logic, accounting for a realloc() issue when the only pdf object stream fails to parse, and for when pdf objects in a stream appear to extend further than the size of the stream. Fix for memory leak cleaning up PDF object stream buffer in error condition. Fix to bug in pdf_decodestream wherein objects were found in an object stream, but the object stream could later be free'd if max scansize was exceeded, resulting in a NULL dereference. General cleanup of pdf_decodestream/pdf_decodestream_internal exit code logic.	7 years ago
Micah Snyder	24f225c21f	Modification to unrar codebase allowing skipping of files within Solid archives when parsing in extraction mode, enabling us to skip encrypted files while still scanning metadata and potentially scanning unencrypted files later in the archive.	7 years ago
Micah Snyder	9739293e54	Removing unRAR SFX Check from scanners.c. Flawed feature was skipping scans of files in RAR archives that had the same CRC in the RAR file entry header as a previously scanned entry. Archives CRC's cannot be trusted. Removing the SFX Check eliminated false negatives in regression testing.	7 years ago

... 2 3 4 5 6 ...

9927 Commits (cef54eaf8fcc160a143820caf6bcdbb6ed415688) All Branches Search

9927 Commits (cef54eaf8fcc160a143820caf6bcdbb6ed415688)

All Branches