clamav

Commit Graph

Author	SHA1	Message	Date
Micah Snyder	e01ba94e36	bb12506: Fix phishing/heuristic alert verbosity Some detections, like phishing, are considered heuristic alerts because they match based on behavior more than on content. A subset of these are considered "potentially unwanted" (low-severity). These low-severity alerts include: - phishing - PDFs with obfuscated object names - bytecode signature alerts that start with "BC.Heuristics" The concept is that unless you enable "heuristic precedence" (a method of lowing the threshold to immediateley alert on low-severity detections), the scan should continue after a match in case a higher severity match is found. Only at the end will it print the low-severity match if nothing else was found. The current implementation is buggy though. Scanning of archives does not correctly bail out for the entire archive if one email contains a phishing link. Instead, it sets the "heuristic found" flag then and alerts for every subsequent file in the archive because it doesn't know if the heuristic was found in an embedded file or the target file. Because it's just a heuristic and the status is "clean", it keeps scanning. This patch corrects the behavior by checking if a low-severity alerts were found at the end of scanning the target file, instead of at the end of each embedded file. Additionally, this patch fixes an in issue with phishing alerts wherein heuristic precedence mode did not cause a scan to stop after the first alert. The above changes required restructuring to create an fmap inside of cl_scandesc_callback() so that scan_common() could be modified to require an fmap and set up so that the current *ctx->fmap pointer is never NULL when scan_common() evaluates match results. Also fixed a couple minor bugs in the phishing unit tests and cleaned up the test code for improved legitibility and type safety.	6 years ago
Micah Snyder	206dbaefe8	Update copyright dates for 2020	6 years ago
Micah Snyder	ee40795fe2	Converted mpool calls to macros when USE_MPOOL is defined to clearly differentiate between function and macro behavior.	6 years ago
Andrew	7ba310e605	PE parsing code improvements, db loading bug fixes Consolidate the PE parsing code into one function. I tried to preserve all existing functionality from the previous, distinct implementations to a large extent (with the exceptions mentioned below). If I noticed potential bugs/improvements, I added a TODO statement about those so that they can be fixed in a smaller commit later. Also, there are more TODOs in places where I'm not entirely sure why certain actions are performed - more research is needed for these. I'm submitting a pull request now so that regression testing can be done, and because merging what I have thus far now will likely have fewer conflicts than if I try to merge later PE parsing code improvements: - PEs without all 16 data directories are parsed more appropriately now - Added lots more debug statements Also: - Allow MAX_BC and MAX_TRACKED_PCRE to be specified via CFLAGS When doing performance testing with the latest CVD, MAX_BC and MAX_TRACKED_PCRE need to be raised to track all the events. Allow these to be specified via CFLAGS by not redefining them if they are already defined - Fix an issue preventing wildcard sizes in .MDB/.MSB rules I'm not sure what the original intent of the check I removed was, but it prevents using wildcard sizes in .MDB/.MSB rules. AFAICT these wildcard sizes should be handled appropriately by the MD5 section hash computation code, so I don't think a check on that is needed. - Fix several issues related to db loading - .imp files will now get loaded if they exist in a directory passed via clamscan's '-d' flag - .pwdb files will now get loaded if they exist in a directory passed via clamscan's '-d' flag even when compiling without yara support - Changes to .imp, .ign, and .ign2 files will now be reflected in calls to cl_statinidir and cl_statchkdir (and also .pwdb files, even when compiling without yara support) - The contents of .sfp files won't be included in some of the signature counts, and the contents of .cud files will be - Any local.gdb files will no longer be loaded twice - For .imp files, you are no longer required to specify a minimum flevel for wildcard rules, since this isn't needed	6 years ago
Micah Snyder	52cddcbcfd	Updating and cleaning up copyright notices.	6 years ago
Micah Snyder	72fd33c8b2	clang-format'd using new .clang-format rules.	6 years ago
Micah Snyder	964a1e7321	Converting http urls to https urls. Primary focus was on clamav.net urls. I updated a couple others and fixes a few broken links as well. There are many (non-clamav.net) urls I didn't address, especially in 3rd party or contrib code.	8 years ago
Micah Snyder	6289eda8e0	Eliminating AUTHORS file, and moving acknowledgements for various source code contributions to the file comment blocks for the individual files, as appropriate.	8 years ago
Micah Snyder	7b1f1aaf9a	fixed minor warnings regarding type conversions.	9 years ago
Kevin Lin	52da917589	bb#11421 - CUD digital signature verification and empty files	10 years ago
Mickey Sola	46a35abe56	mass update of copyright headers	10 years ago
Steven Morgan	dfbb1604fd	bb#11195 - change html links in code to match the current clamav.net website.	11 years ago
Joel Esler	00fb0d9118	Fixed broken links. Across the whole of the product.	12 years ago
Shawn Webb	cd94be7a52	Silence a bunch of compiler warnings in libclamav	12 years ago
Shawn Webb	60d8d2c352	Move all the crypto API to clamav.h	12 years ago
Shawn Webb	da6e06dd68	Provide further abstractions to the OpenSSL integration work	12 years ago
Shawn Webb	f077c6174f	Fix some race conditions. Fix some memory leaks.	12 years ago
Shawn Webb	a1cbd793f3	Fix all memory leaks introduce by OpenSSL backport.	12 years ago
Shawn Webb	7fb5036fb2	Make Valgrind happy. Rely less on EVP_MD_CTX_create.	12 years ago
Shawn Webb	b2e7c931d0	Use OpenSSL for hashing.	12 years ago
Shawn Webb	7c92a662d9	Add functions to set the stats callbacks. Don't submit stats when verifying CVDs.	12 years ago
David Raynor	a6c9b78168	libclamav: cli_cvdverify() patch	13 years ago
David Raynor	0944b8eeb9	cid #10234	13 years ago
David Raynor	003a784077	cid #11136	13 years ago
David Raynor	e828f534df	Log messages for malformed DB cases	14 years ago
Ryan Pentney	23b89d6b34	Bug 5554, double-close bug	14 years ago
Shawn webb	a2a004df25	BB#3737 - Value too large for specified data type Create compile-time preprocessor defines for switching from calling stat() to stat64(). Add --enable-stat64 switch in configure script.	14 years ago
David Raynor	bebd86a60b	bb#5343	14 years ago
Török Edvin	3afedd0761	fix GCC warnings. especially the one about gzFile vs gzFile*, gzopen returns gzFile!	14 years ago
Tomasz Kojm	cdddd014ff	sigtool: add support for building unsigned dbs (--unsigned) libclamav: handle unsigned db files (.cud)	15 years ago
Tomasz Kojm	d5fde2eb61	sigtool: add new options --sha1 and --sha256	15 years ago
Tomasz Kojm	f820268196	freshclam: detect and fix corruptions of existing db files	15 years ago
Tomasz Kojm	f75ae61b1c	libclamav/cvd.c: load daily.ign[2] files from CVDs (bb#2061)	16 years ago
Török Edvin	a26333ecf3	Fix cvdload memory leak.	16 years ago
Tomasz Kojm	02e46f3fdb	libclamav: avoid loading duplicate databases (bb#1962)	16 years ago
Tomasz Kojm	4f3997d67a	libclamav: fix cl_cvdparse() leak (bb#1859)	16 years ago
Tomasz Kojm	a2b0a11edf	libclamav/cvd.c: enable new dsig check for main db	16 years ago
Tomasz Kojm	de351ee1bc	libclamav: handle digitally signed .info files	16 years ago
Török Edvin	be43f951c6	BytecodeSecurity setting.	16 years ago
Tomasz Kojm	b2742f8878	sigtool: create digitally signed .info files libclamav: temporarily disable .info checking - needs to be updated to the new format; sigtool/signd must be updated on SI	16 years ago
Tomasz Kojm	ace26bfe08	libclamav: check .info files while loading CVD/CLD	16 years ago
Tomasz Kojm	0c234f5ffd	CL_DB_CVDNOTMP is now the only way to load .cvd/.cld files; prepare for .info signing	16 years ago
aCaB	58481352d5	win32 paths handling	17 years ago
aCaB	081f64735d	win32#2	17 years ago
Tomasz Kojm	a6a9845602	libclamav: improve loading speed of compressed databases (bb#1105)	17 years ago
Tomasz Kojm	871177cdd9	return codes cleanup (bb#1159) git-svn: trunk@4749	17 years ago
Tomasz Kojm	72a82dd679	libclamav/cvd.c: fix warning when cvd timestamp is in the future (bb#1381) git-svn: trunk@4731	17 years ago
Tomasz Kojm	afff80efb9	libclamav, shared: minor cleanups; fix handling of long file names (bb#1349) git-svn: trunk@4670	17 years ago
Tomasz Kojm	47d40feb7a	libclamav: use LibTomMath by Tom St Denis instead of libgmp for multiple precision integer arithmetic (bb#1366) git-svn: trunk@4650	17 years ago
Tomasz Kojm	33068e0973	libclamav: drop cl_settempdir(); use cl_engine_set() with CL_ENGINE_TMPDIR and CL_ENGINE_KEEPTMP instead git-svn: trunk@4416	17 years ago

1 2

69 Commits (e01ba94e36f1786a0bbd04631f12ed5f2afdd094)