clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder	d0cba11ea7	adding back changes to eliminate warnings from mspack, matcher, others, and readdb.	8 years ago
Micah Snyder	169af0fc67	Revert "eliminating warnings. mostly correcting variable types. also correcting struct initialization in a couple instances (var = {0} does not zero the memory on all platforms). Also some minor formatting corrections in areas I was already working. eliminated some unused variables." This reverts commit `84a7f40288`.	8 years ago
Micah Snyder	84a7f40288	eliminating warnings. mostly correcting variable types. also correcting struct initialization in a couple instances (var = {0} does not zero the memory on all platforms). Also some minor formatting corrections in areas I was already working. eliminated some unused variables.	8 years ago
Steven Morgan	cbf5017a7d	bb11805 fix multiple results. Refactor false positive and heuristic precedence logic.	8 years ago
Kevin Lin	87b2a1a9e3	add 'Intermediates' field to target description block (allows specification of any number of intermediate containers)	8 years ago
Kevin Lin	984f90ca4f	bb#11587 - track linked bcs on matchers for target 7 normalization	9 years ago
Mickey Sola	46a35abe56	mass update of copyright headers	10 years ago
Kevin Lin	e7b3198df2	bb#9858 - added target 14 for binary (unidentified) files	10 years ago
Steven Morgan	7665e02d5b	Add support for YARA private rules and referencing other rules in a YARA condition.	10 years ago
Steven Morgan	b7999b89c9	YARA: capture offsets in matcher and use for processing YARA condition 'at' clauses.	10 years ago
Steven Morgan	f51f42e95c	Capture YARA compiled condition string and anchor in struct cli_ac_lsig.	10 years ago
Steven Morgan	9de400559d	refactor and simplify cli_lsig_eval, add new function cli_exp_eval to loop thru the lsig table and call either lsig_eval or yara_eval.	10 years ago
Kevin Lin	b5b3fecd6c	unioned lsig logic and future yara conditional	10 years ago
Kevin Lin	3e265c461c	added direct memory freeing of cli_ac_list cli_ac_pattlist renamed to cli_ac_list	10 years ago
Kevin Lin	23d7c6e6f4	removed nocase changes to ac tree operation	10 years ago
Kevin Lin	7fc5eab81a	finished support for AC trie nocase variant added check to prevent adding nocase signatures to case-sensitive AC tries	10 years ago
Kevin Lin	a02acd50b6	[WIP] added nocase support to clamav ac algorithm	10 years ago
Kevin Lin	7ab4eec702	pcre: support for clamav styled offsets pcre: added encompass ('e') option to matcher	11 years ago
Kevin Lin	35a05ff85f	pcre: update matcher structure to allow for additional fields pcre: changed trigger from content match to logical trigger	11 years ago
Kevin Lin	7afaa9bd22	pcre: encased pcre segments in macros to fix build without pcre support	11 years ago
Kevin Lin	5fa733692a	pcre: support and linking for parsing and freeing	11 years ago
Steven Morgan	de46d3e356	Add new target type for json properties file and scanning of the same.	11 years ago
Kevin Lin	2c0fa85f2c	bb#10363 - allowed for multiple filetypes for a single target	11 years ago
Steven Morgan	c1206103b1	bb#9595 fix for sigs targeted for ascii files containing offsets of the form EOF-n.	12 years ago
David Raynor	e37613ad27	libclamav: SHA1/SHA256 handling changes and wildcard-size support	12 years ago
David Raynor	703a9258ea	bb #6702 : Add Java class type and target	12 years ago
David Raynor	9100c3a1ec	bb #6534 : SWF signature category	13 years ago
David Raynor	85b7038857	bb#5356: Add PDF target	13 years ago
Tomasz Kojm	e067b3b45a	libclamav/matcher.c: add new offset modifier SEx (bb#4008)	14 years ago
Tomasz Kojm	b33354e55c	cosmetics (bb#2207)	14 years ago
aCaB	3faa97834c	new hash matching	15 years ago
aCaB	c802edd50e	add loadhash	15 years ago
Tomasz Kojm	b240ee01e3	libclamav: improve handling of HandlerType (bb#2298)	15 years ago
Tomasz Kojm	7770d314ff	libclamav: allow logical sigs to be used as file type sigs (bb#2228)	15 years ago
aCaB	2445be8c34	cli_lsig_eval use cached info	15 years ago
Tomasz Kojm	44712fcbe7	libclamav: reduce memory usage for MD5 sigs (bb#2057)	15 years ago
Tomasz Kojm	294558a535	libclamav: minimize header parsing (bb#2065)	15 years ago
Tomasz Kojm	ffa9b06093	sigtool: print match count and offsets in --test-sigs mode (bb#2054) IMPORTANT NOTE: --test-sigs now only works against the final target file (after all processing, normalization, etc. for which the tested signature was directly created)	15 years ago
Török Edvin	2545f9767c	Rearrange some fields in structs to avoid holes.	15 years ago
Tomasz Kojm	60dbee52c8	libclamav: make lsigs working in cli_scanscript() (bb#1998)	15 years ago
aCaB	548b55beb8	don't let scandesc rehash when we already have an hash	15 years ago
aCaB	32b1e04e64	simplify checkfp	16 years ago
Török Edvin	02eabc6d1e	Add the rest of the prefiltering glue code. This is still disabled for now (see the & 0).	16 years ago
Török Edvin	ab89360583	Support for macros in logical subsignatures (bb #164 ). In the LDB there is (one or more) special subsignature ${min-max}MACROID$, which means: must match any signature from group MACROID (for current filetype), and the match must occur at a distance of min-max from the start(!) of the previous logical subsignature match. It also has the sideeffect of making the previous subsignature considered a match only if both that and the macro matches. The offset of first match for the previous logical subsig will be the offset where the {min-max} distance is satisfied. The macro logical subsignature will have a count of 0 (if it didn't match together with the previous subsig), or a count of 1 if it did. The matches can occur anywhere (even in different ac scan buffers), since I don't call cli_ac_scanbuff I just use the offset of first match (which we have for the bytecode anyway). There can be at most 32 macro groups, signatures are added to a macro group by using $MACROID$ as offset. For example pdb entries could be converted to PDB:3:$0:<hexsig of domainname> if we assign macro id 0 to PDB (and we can assign 31 more macro ids to whatever). Example: test.ldb: TestMacro;Target:0;0&1;616161;${3-4}12$ test.ndb: D:0:$12:6262 D:0:$12:6363 D:0:$11:6262 test.dat: aaaaxccdd test-nomatch.dat: aaaaxxxccdd	16 years ago
aCaB	59098a112e	drop type-8 sigs (bb#895)	16 years ago
Török Edvin	57f14280a7	Fix use-after-free on bytecode load/execution. lsig->bc was referring to the bytecode directly (via a pointer), but the bytecode struct changes place in memory (it is realloced on each .cbc load). So use an index instead of the direct pointer.	16 years ago
Tomasz Kojm	570b1d0050	libclamav: cdb: drop FileType; cover ARJ, CAB, TAR, CPIO and 7Z	16 years ago
Tomasz Kojm	4168b01087	libclamav: allow lsigs be anchored to specific containers (bb#1293), eg. Container:CL_TYPE_ZIP	16 years ago
Tomasz Kojm	15f413d157	libclamav: handle zmd/rmd with cdb (bb#1579)	16 years ago
Tomasz Kojm	55094a9c76	libclamav: base code for unified container metadata matcher (bb#1579)	16 years ago

1 2 3

101 Commits (d0cba11ea7b132e13e28f54719effbc86c165145)