clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder	6eebecc303	Bump copyright for 2023	2 years ago
mko-x	a21cc6dcd7	Add explicit log level parameter to application logging API * Added loglevel parameter to logg() * Fix logg and mprintf internals with new loglevels * Update all logg calls to set loglevel * Update all mprintf calls to set loglevel * Fix hidden logg calls * Executed clam-format	3 years ago
micasnyd	140c88aa4e	Bump copyright for 2022 Includes minor format corrections.	3 years ago
Micah Snyder (micasnyd)	b9ca6ea103	Update copyright dates for 2021 Also fixes up clang-format.	4 years ago
Jim Klimov	3a8537207e	Add newlines at end of sources to satisfy strict warnings (C/C++ standard requires them)	5 years ago
Micah Snyder	206dbaefe8	Update copyright dates for 2020	5 years ago
Micah Snyder (micasnyd)	9c58ba7bd7	Update to clamav-devel to synchronize with the clamav-bytecode-compiler project.	6 years ago
Andrew	df8dfda9cd	Address code-review comments, fix several memleaks Changes include: - Fixing several memory leaks noticed when running with ASan - Adds documentation for several functions and structs - Simplifies the interface for using cli_targetinfo_init/destroy and cli_exe_info_init/destroy - A few other minor changes	6 years ago
Andrew	7ba310e605	PE parsing code improvements, db loading bug fixes Consolidate the PE parsing code into one function. I tried to preserve all existing functionality from the previous, distinct implementations to a large extent (with the exceptions mentioned below). If I noticed potential bugs/improvements, I added a TODO statement about those so that they can be fixed in a smaller commit later. Also, there are more TODOs in places where I'm not entirely sure why certain actions are performed - more research is needed for these. I'm submitting a pull request now so that regression testing can be done, and because merging what I have thus far now will likely have fewer conflicts than if I try to merge later PE parsing code improvements: - PEs without all 16 data directories are parsed more appropriately now - Added lots more debug statements Also: - Allow MAX_BC and MAX_TRACKED_PCRE to be specified via CFLAGS When doing performance testing with the latest CVD, MAX_BC and MAX_TRACKED_PCRE need to be raised to track all the events. Allow these to be specified via CFLAGS by not redefining them if they are already defined - Fix an issue preventing wildcard sizes in .MDB/.MSB rules I'm not sure what the original intent of the check I removed was, but it prevents using wildcard sizes in .MDB/.MSB rules. AFAICT these wildcard sizes should be handled appropriately by the MD5 section hash computation code, so I don't think a check on that is needed. - Fix several issues related to db loading - .imp files will now get loaded if they exist in a directory passed via clamscan's '-d' flag - .pwdb files will now get loaded if they exist in a directory passed via clamscan's '-d' flag even when compiling without yara support - Changes to .imp, .ign, and .ign2 files will now be reflected in calls to cl_statinidir and cl_statchkdir (and also .pwdb files, even when compiling without yara support) - The contents of .sfp files won't be included in some of the signature counts, and the contents of .cud files will be - Any local.gdb files will no longer be loaded twice - For .imp files, you are no longer required to specify a minimum flevel for wildcard rules, since this isn't needed	6 years ago
Micah Snyder	52cddcbcfd	Updating and cleaning up copyright notices.	6 years ago
Micah Snyder	b3e82e5e61	Replacing libclamav/cltypes.h with clamav-types.h.in, which generates a header clamav-types.h that we install alongside clamav.h.	6 years ago
Micah Snyder	72fd33c8b2	clang-format'd using new .clang-format rules.	6 years ago
Andrew	64ecd1099c	Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat file	7 years ago
Andrew	18a813afb6	Update PE parsing code related to Authenticode verification The following changes were made - The code to calculate the authenticode hash was not properly accounting for the case where a PE had sections that either overlapped with each other or overlapped with the PE header. One common case for this is UPX-packed binaries, where the first section with data on disk starts at offset 0x400, which overlaps with the specified PE header by 0xC00 bytes. - The code didn't wrap accesses to fields in the Security DataDirectory with EC32(), so it seems likely that authenticode parsing always encountered issues on big endian systems. I think I fixed all of the accesses in cli_checkfp_pe, but there might still be issues here. I'll test this further. - We parse the authenticode data header to better ensure that it's PCKS7 we are trying to parse, and not one of the other types - cli_checkfp_pe should now finish faster in the case where there is no authenticode data and we don't want to compute the section hashes. - Fixed a potential memory leak in one cli_checkfp_pe failure case	7 years ago
Micah Snyder	6289eda8e0	Eliminating AUTHORS file, and moving acknowledgements for various source code contributions to the file comment blocks for the individual files, as appropriate.	7 years ago
Kevin Lin	3cc632adc8	sigtool: properly generates and reports pe section hashes (mdb)	9 years ago
Mickey Sola	46a35abe56	mass update of copyright headers	10 years ago
Shawn Webb	3c29ca0b10	Phase 1 of reporting hashes of PE sections Conflicts: libclamav/stats.h	11 years ago
aCaB	7dfd90ecff	enable catalog based and embedded authenticode checking	14 years ago
Török Edvin	4abbeb3a6c	Sync headers with bytecode compiler.	15 years ago
aCaB	453d818022	use cached metadata in icon parser, add icon unit tests	15 years ago
Török Edvin	1c4683acd1	add match_offsets support.	15 years ago
Török Edvin	50829fbf12	Fix read of pedata in interpreter.	15 years ago
Török Edvin	c80f26a2b8	distcheck	16 years ago
Török Edvin	236fb13647	New pointer handling rules.	16 years ago
Török Edvin	0fa95ef231	filesize, and pe_rawaddr API.	16 years ago
aCaB	d2ba6f98bb	matching complete	16 years ago
aCaB	419e2be44d	icon scan interface rework	16 years ago
aCaB	cca2995351	icon matching functions	16 years ago
Török Edvin	34da9ae405	change bytecode format to allow structs with more than 16 fields.	16 years ago
aCaB	235464bb82	resource parser and icon collector	16 years ago
Török Edvin	b8656613c0	Doxygenize API headers.	16 years ago
aCaB	49cc1e3c35	s/struct F_MAP/fmap_t/	16 years ago
Török Edvin	ab63657088	Add generic and PE hooks.	16 years ago
aCaB	048d76777f	scanners to fmap - hackish peheader to fmap lacks review + elf + macho	16 years ago
aCaB	a5241d274c	scanpe to fmap	16 years ago
Tomasz Kojm	2023340a41	update copyrights and stick more files to GPLv2; move and add more credits to the AUTHORS file; add COPYING.BSD git-svn: trunk@3749	17 years ago
Sven Strickroth	a99111f050	remove old CVS-stuff and make the repository look more like SVN git-svn: trunk@2755	19 years ago
Tomasz Kojm	355450c954	add missing cltypes.h git-svn: trunk@2602	19 years ago
Tomasz Kojm	48b7b4a747	update GPL headers with new address for FSF git-svn: trunk@1901	19 years ago
Tomasz Kojm	3c91998bb4	simplify internal function declarations by passing a context structure git-svn: trunk@1845	20 years ago
Tomasz Kojm	667a4b3538	add support for PE32+ executables git-svn: trunk@1772	20 years ago
Tomasz Kojm	5612732cad	add support for cl_engine and cli_matcher git-svn: trunk@1726	20 years ago
Tomasz Kojm	01302683b7	add support for ELF files in signatures git-svn: trunk@1723	20 years ago
Tomasz Kojm	33f89aa5ab	fix compiler warnings git-svn: trunk@1407	20 years ago
Tomasz Kojm	7ec67e9466	add support for new signature format git-svn: trunk@893	21 years ago
Tomasz Kojm	3805ebcbe2	minor cleanup git-svn: trunk@855	21 years ago
Tomasz Kojm	cdbf8c8e65	include new function cli_peheader(); fix crash when bm_shift is not initialised git-svn: trunk@804	21 years ago
Tomasz Kojm	85dd846059	libclamav: pe: integrate Petite unpacker from aCaB (not yet activated) git-svn: trunk@715	21 years ago
Tomasz Kojm	a9082ea2fd	activate pe and upx code git-svn: trunk@651	21 years ago

9 Commits (dc8b3e78c795f7e683236d3080088c9e31eb10b1)