2003-07-29 15:48:06 +00:00
|
|
|
/*
|
2025-02-14 10:24:30 -05:00
|
|
|
* Copyright (C) 2013-2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
|
2019-01-25 10:15:50 -05:00
|
|
|
* Copyright (C) 2007-2013 Sourcefire, Inc.
|
2009-02-13 10:55:45 +00:00
|
|
|
*
|
|
|
|
|
* Authors: Tomasz Kojm
|
2003-07-29 15:48:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
2007-03-31 20:31:04 +00:00
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
|
* published by the Free Software Foundation.
|
2003-07-29 15:48:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2006-04-09 19:59:28 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301, USA.
|
2003-07-29 15:48:06 +00:00
|
|
|
*/
|
|
|
|
|
|
2004-02-06 13:46:08 +00:00
|
|
|
#if HAVE_CONFIG_H
|
|
|
|
|
#include "clamav-config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
2008-07-30 15:20:30 +00:00
|
|
|
#include <signal.h>
|
2020-08-21 20:20:36 -07:00
|
|
|
#include <locale.h>
|
2008-07-30 15:20:30 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
#ifdef HAVE_UNISTD_H
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <unistd.h>
|
2007-02-25 02:54:38 +00:00
|
|
|
#endif
|
2009-09-24 19:23:21 +02:00
|
|
|
#ifndef _WIN32
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <sys/time.h>
|
2007-02-25 02:54:38 +00:00
|
|
|
#endif
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <time.h>
|
2007-01-30 21:11:32 +00:00
|
|
|
#ifdef C_LINUX
|
|
|
|
|
#include <sys/resource.h>
|
|
|
|
|
#endif
|
2003-07-29 15:48:06 +00:00
|
|
|
|
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
|
|
|
// libclamav
|
|
|
|
|
#include "clamav.h"
|
2003-07-29 15:48:06 +00:00
|
|
|
#include "others.h"
|
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
|
|
|
#include "str.h"
|
2004-03-29 00:00:58 +00:00
|
|
|
|
2021-03-04 19:39:50 -08:00
|
|
|
// common
|
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
|
|
|
#include "misc.h"
|
|
|
|
|
#include "output.h"
|
|
|
|
|
#include "actions.h"
|
|
|
|
|
#include "optparser.h"
|
2003-11-09 19:26:44 +00:00
|
|
|
|
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
|
|
|
#include "global.h"
|
|
|
|
|
#include "manager.h"
|
2008-02-08 17:50:44 +00:00
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
void help(void);
|
|
|
|
|
|
2007-01-30 21:11:32 +00:00
|
|
|
struct s_info info;
|
2012-08-10 11:39:48 -04:00
|
|
|
short recursion = 0, bell = 0;
|
|
|
|
|
short printinfected = 0, printclean = 1;
|
2004-03-30 21:11:25 +00:00
|
|
|
|
ClamScan & libclamav: improve precision of bytes-scanned, bytes-read
The ClamScan scan summary prints bytes scanned and bytes read in
multiples of 4096 (aka `CL_COUNT_PRECISION`), as is provided by the
`cl_scanfile()`, `cl_scandesc()`, `cl_scanfile_callback()`, and
`cl_scandesc_callback()` functions.
I believe this imprecision was the result of using an `unsigned long int`
which may be 64bit or 32bit, depending on platform. I believe the
intention was to be able to support scanning more than 4 GiB of data.
Since the new `cl_scan*_ex()` functions use a `uint64_t`, which
guarantees a 64bit integer and supports ~16,777,216 terabytes, I find no
reason not to report an accurate count.
For the legacy scan functions (above) I've kept the `CL_COUNT_PRECISION`
behavior to maintain backwards compatibility.
I have also improved the bytes scanned/read output to report GiB, MiB,
KiB, or B as appropriate. Previously, it always report "MB".
CLAM-1433
2025-06-25 14:39:11 -04:00
|
|
|
static void loggBytes(uint64_t bytes)
|
|
|
|
|
{
|
|
|
|
|
if (bytes >= (1024 * 1024 * 1024)) {
|
|
|
|
|
logg(LOGG_INFO, "%.02f GiB", bytes / (double)(1024 * 1024 * 1024));
|
|
|
|
|
} else if (bytes >= (1024 * 1024)) {
|
|
|
|
|
logg(LOGG_INFO, "%.02f MiB", bytes / (double)(1024 * 1024));
|
|
|
|
|
} else if (bytes >= 1024) {
|
|
|
|
|
logg(LOGG_INFO, "%.02f KiB", bytes / (double)(1024));
|
|
|
|
|
} else {
|
|
|
|
|
logg(LOGG_INFO, "%" PRIu64 " B", bytes);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-05-15 18:30:18 +00:00
|
|
|
int main(int argc, char **argv)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
2018-12-03 12:40:13 -05:00
|
|
|
int ds, dms, ret;
|
|
|
|
|
struct timeval t1, t2;
|
2020-01-03 15:53:29 -05:00
|
|
|
time_t date_start, date_end;
|
2019-11-03 17:05:25 -05:00
|
|
|
|
2019-09-16 13:43:02 -07:00
|
|
|
char buffer[26];
|
2025-07-25 22:42:43 +01:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
SetConsoleOutputCP(CP_UTF8);
|
|
|
|
|
#else /* !_WIN32 */
|
2018-12-03 12:40:13 -05:00
|
|
|
sigset_t sigset;
|
2007-02-25 02:54:38 +00:00
|
|
|
#endif
|
2018-12-03 12:40:13 -05:00
|
|
|
struct optstruct *opts;
|
|
|
|
|
const struct optstruct *opt;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-07-30 20:19:28 -04:00
|
|
|
if (check_flevel())
|
2018-12-03 12:40:13 -05:00
|
|
|
exit(2);
|
2010-05-10 17:05:16 +02:00
|
|
|
|
2020-08-21 20:20:36 -07:00
|
|
|
#if !defined(_WIN32)
|
GIF, PNG bugfixes; Add AlertBrokenMedia option
Added a new scan option to alert on broken media (graphics) file
formats. This feature mitigates the risk of malformed media files
intended to exploit vulnerabilities in other software. At present
media validation exists for JPEG, TIFF, PNG, and GIF files.
To enable this feature, set `AlertBrokenMedia yes` in clamd.conf, or
use the `--alert-broken-media` option when using `clamscan`.
These options are disabled by default for now.
Application developers may enable this scan option by enabling
`CL_SCAN_HEURISTIC_BROKEN_MEDIA` for the `heuristic` scan option bit
field.
Fixed PNG parser logic bugs that caused an excess of parsing errors
and fixed a stack exhaustion issue affecting some systems when
scanning PNG files. PNG file type detection was disabled via
signature database update for 0.103.0 to mitigate effects from these
bugs.
Fixed an issue where PNG and GIF files no longer work with Target:5
(graphics) signatures if detected as CL_TYPE_PNG/GIF rather than as
CL_TYPE_GRAPHICS. Target types now support up to 10 possible file
types to make way for additional graphics types in future releases.
Scanning JPEG, TIFF, PNG, and GIF files will no longer return "parse"
errors when file format validation fails. Instead, the scan will alert
with the "Heuristics.Broken.Media" signature prefix and a descriptive
suffix to indicate the issue, provided that the "alert broken media"
feature is enabled.
GIF format validation will no longer fail if the GIF image is missing
the trailer byte, as this appears to be a relatively common issue in
otherwise functional GIF files.
Added a TIFF dynamic configuration (DCONF) option, which was missing.
This will allow us to disable TIFF format validation via signature
database update in the event that it proves to be problematic.
This feature already exists for many other file types.
Added CL_TYPE_JPEG and CL_TYPE_TIFF types.
2020-11-04 15:49:43 -08:00
|
|
|
if (!setlocale(LC_CTYPE, "")) {
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_WARNING, "Failed to set locale\n");
|
2020-08-21 20:20:36 -07:00
|
|
|
}
|
|
|
|
|
#if !defined(C_BEOS)
|
2008-07-30 15:20:30 +00:00
|
|
|
sigemptyset(&sigset);
|
|
|
|
|
sigaddset(&sigset, SIGXFSZ);
|
|
|
|
|
sigprocmask(SIG_SETMASK, &sigset, NULL);
|
2020-08-21 20:20:36 -07:00
|
|
|
#endif /* !C_BEOS */
|
|
|
|
|
#endif /* !_WIN32 */
|
2008-07-30 15:20:30 +00:00
|
|
|
|
2014-03-07 14:09:46 -05:00
|
|
|
cl_initialize_crypto();
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opts = optparse(NULL, argc, argv, 1, OPT_CLAMSCAN, 0, NULL)) == NULL) {
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_ERROR, "Can't parse command line options\n");
|
2018-12-03 12:40:13 -05:00
|
|
|
return 2;
|
2006-05-15 18:30:18 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "verbose")->enabled) {
|
|
|
|
|
mprintf_verbose = 1;
|
|
|
|
|
logg_verbose = 1;
|
2004-03-29 00:00:58 +00:00
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "quiet")->enabled)
|
|
|
|
|
mprintf_quiet = 1;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "stdout")->enabled)
|
|
|
|
|
mprintf_stdout = 1;
|
2006-05-15 18:30:18 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "debug")->enabled) {
|
2003-11-09 19:26:44 +00:00
|
|
|
#if defined(C_LINUX)
|
2018-12-03 12:40:13 -05:00
|
|
|
/* njh@bandsman.co.uk: create a dump if needed */
|
|
|
|
|
struct rlimit rlim;
|
2003-11-09 19:26:44 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
|
|
|
|
|
if (setrlimit(RLIMIT_CORE, &rlim) < 0)
|
|
|
|
|
perror("setrlimit");
|
2003-11-09 19:26:44 +00:00
|
|
|
#endif
|
2018-12-03 12:40:13 -05:00
|
|
|
cl_debug(); /* enable debug messages */
|
2003-11-09 19:26:44 +00:00
|
|
|
}
|
2003-08-02 22:37:52 +00:00
|
|
|
|
2013-10-09 15:57:56 -04:00
|
|
|
if (optget(opts, "gen-mdb")->enabled) {
|
|
|
|
|
cl_always_gen_section_hash();
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "version")->enabled) {
|
|
|
|
|
print_version(optget(opts, "database")->strarg);
|
|
|
|
|
optfree(opts);
|
|
|
|
|
return 0;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "help")->enabled) {
|
|
|
|
|
optfree(opts);
|
|
|
|
|
help();
|
|
|
|
|
return 0;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "recursive")->enabled)
|
|
|
|
|
recursion = 1;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "infected")->enabled)
|
|
|
|
|
printinfected = 1;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "suppress-ok-results")->enabled)
|
|
|
|
|
printclean = 0;
|
2012-08-10 11:39:48 -04:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (optget(opts, "bell")->enabled)
|
|
|
|
|
bell = 1;
|
2004-01-09 01:10:52 +00:00
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
/* initialize logger */
|
2018-12-03 12:40:13 -05:00
|
|
|
if ((opt = optget(opts, "log"))->enabled) {
|
|
|
|
|
logg_file = opt->strarg;
|
2022-02-16 00:13:55 +01:00
|
|
|
if (logg(LOGG_INFO_NF, "\n-------------------------------------------------------------------------------\n\n")) {
|
|
|
|
|
mprintf(LOGG_ERROR, "Problem with internal logger.\n");
|
2018-12-03 12:40:13 -05:00
|
|
|
optfree(opts);
|
|
|
|
|
return 2;
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
logg_file = NULL;
|
|
|
|
|
|
|
|
|
|
if (actsetup(opts)) {
|
|
|
|
|
optfree(opts);
|
|
|
|
|
logg_close();
|
|
|
|
|
exit(2);
|
2009-02-12 15:14:12 +00:00
|
|
|
}
|
2006-05-15 18:30:18 +00:00
|
|
|
|
2007-01-30 21:11:32 +00:00
|
|
|
memset(&info, 0, sizeof(struct s_info));
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2020-01-03 15:53:29 -05:00
|
|
|
date_start = time(NULL);
|
2009-10-12 23:38:38 +02:00
|
|
|
gettimeofday(&t1, NULL);
|
2007-02-25 02:54:38 +00:00
|
|
|
|
2008-12-30 10:33:43 +00:00
|
|
|
ret = scanmanager(opts);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
if (!optget(opts, "no-summary")->enabled) {
|
2020-01-03 15:53:29 -05:00
|
|
|
struct tm tmp;
|
2018-12-03 12:40:13 -05:00
|
|
|
|
2020-01-03 15:53:29 -05:00
|
|
|
date_end = time(NULL);
|
2019-11-03 17:05:25 -05:00
|
|
|
gettimeofday(&t2, NULL);
|
2018-12-03 12:40:13 -05:00
|
|
|
ds = t2.tv_sec - t1.tv_sec;
|
|
|
|
|
dms = t2.tv_usec - t1.tv_usec;
|
|
|
|
|
ds -= (dms < 0) ? (1) : (0);
|
|
|
|
|
dms += (dms < 0) ? (1000000) : (0);
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "\n----------- SCAN SUMMARY -----------\n");
|
|
|
|
|
logg(LOGG_INFO, "Known viruses: %u\n", info.sigs);
|
|
|
|
|
logg(LOGG_INFO, "Engine version: %s\n", get_version());
|
|
|
|
|
logg(LOGG_INFO, "Scanned directories: %u\n", info.dirs);
|
|
|
|
|
logg(LOGG_INFO, "Scanned files: %u\n", info.files);
|
|
|
|
|
logg(LOGG_INFO, "Infected files: %u\n", info.ifiles);
|
2018-12-03 12:40:13 -05:00
|
|
|
if (info.errors)
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "Total errors: %u\n", info.errors);
|
2018-12-03 12:40:13 -05:00
|
|
|
if (notremoved) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "Not removed: %u\n", notremoved);
|
2018-12-03 12:40:13 -05:00
|
|
|
}
|
|
|
|
|
if (notmoved) {
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "Not %s: %u\n", optget(opts, "copy")->enabled ? "moved" : "copied", notmoved);
|
2018-12-03 12:40:13 -05:00
|
|
|
}
|
ClamScan & libclamav: improve precision of bytes-scanned, bytes-read
The ClamScan scan summary prints bytes scanned and bytes read in
multiples of 4096 (aka `CL_COUNT_PRECISION`), as is provided by the
`cl_scanfile()`, `cl_scandesc()`, `cl_scanfile_callback()`, and
`cl_scandesc_callback()` functions.
I believe this imprecision was the result of using an `unsigned long int`
which may be 64bit or 32bit, depending on platform. I believe the
intention was to be able to support scanning more than 4 GiB of data.
Since the new `cl_scan*_ex()` functions use a `uint64_t`, which
guarantees a 64bit integer and supports ~16,777,216 terabytes, I find no
reason not to report an accurate count.
For the legacy scan functions (above) I've kept the `CL_COUNT_PRECISION`
behavior to maintain backwards compatibility.
I have also improved the bytes scanned/read output to report GiB, MiB,
KiB, or B as appropriate. Previously, it always report "MB".
CLAM-1433
2025-06-25 14:39:11 -04:00
|
|
|
|
|
|
|
|
logg(LOGG_INFO, "Data scanned: ");
|
|
|
|
|
loggBytes(info.bytes_scanned);
|
|
|
|
|
logg(LOGG_INFO, "\n");
|
|
|
|
|
|
|
|
|
|
logg(LOGG_INFO, "Data read: ");
|
|
|
|
|
loggBytes(info.bytes_read);
|
|
|
|
|
logg(LOGG_INFO, " (ratio %.2f:1)\n", info.bytes_read ? (double)info.bytes_scanned / (double)info.bytes_read : 0);
|
|
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "Time: %u.%3.3u sec (%u m %u s)\n", ds, dms / 1000, ds / 60, ds % 60);
|
2019-11-03 17:05:25 -05:00
|
|
|
|
|
|
|
|
#ifdef _WIN32
|
2020-01-03 15:53:29 -05:00
|
|
|
if (0 != localtime_s(&tmp, &date_start)) {
|
2019-11-03 17:05:25 -05:00
|
|
|
#else
|
2020-01-03 15:53:29 -05:00
|
|
|
if (!localtime_r(&date_start, &tmp)) {
|
2019-11-03 17:05:25 -05:00
|
|
|
#endif
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Failed to get local time for Start Date.\n");
|
2020-01-03 15:53:29 -05:00
|
|
|
}
|
|
|
|
|
strftime(buffer, sizeof(buffer), "%Y:%m:%d %H:%M:%S", &tmp);
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "Start Date: %s\n", buffer);
|
2019-11-03 17:05:25 -05:00
|
|
|
|
|
|
|
|
#ifdef _WIN32
|
2020-01-03 15:53:29 -05:00
|
|
|
if (0 != localtime_s(&tmp, &date_end)) {
|
2019-11-03 17:05:25 -05:00
|
|
|
#else
|
2020-01-03 15:53:29 -05:00
|
|
|
if (!localtime_r(&date_end, &tmp)) {
|
2019-11-03 17:05:25 -05:00
|
|
|
#endif
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_ERROR, "Failed to get local time for End Date.\n");
|
2020-01-03 15:53:29 -05:00
|
|
|
}
|
|
|
|
|
strftime(buffer, sizeof(buffer), "%Y:%m:%d %H:%M:%S", &tmp);
|
2022-02-16 00:13:55 +01:00
|
|
|
logg(LOGG_INFO, "End Date: %s\n", buffer);
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2008-12-30 10:33:43 +00:00
|
|
|
optfree(opts);
|
2014-05-09 17:09:29 -04:00
|
|
|
|
2004-03-13 20:08:10 +00:00
|
|
|
return ret;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void help(void)
|
|
|
|
|
{
|
|
|
|
|
mprintf_stdout = 1;
|
|
|
|
|
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, "\n");
|
|
|
|
|
mprintf(LOGG_INFO, " Clam AntiVirus: Scanner %s\n", get_version());
|
|
|
|
|
mprintf(LOGG_INFO, " By The ClamAV Team: https://www.clamav.net/about.html#credits\n");
|
2025-02-14 10:24:30 -05:00
|
|
|
mprintf(LOGG_INFO, " (C) 2025 Cisco Systems, Inc.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, "\n");
|
|
|
|
|
mprintf(LOGG_INFO, " clamscan [options] [file/directory/-]\n");
|
|
|
|
|
mprintf(LOGG_INFO, "\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --help -h Show this help.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --version -V Print version number.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --verbose -v Be verbose.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --archive-verbose -a Show filenames inside scanned archives.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --debug Enable libclamav's debug messages.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --quiet Only output error messages.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, " --stdout Write to stdout instead of stderr. Does not affect 'debug' messages.\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --no-summary Disable summary at end of scanning.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --infected -i Only print infected files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --suppress-ok-results -o Skip printing OK files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --bell Sound bell on virus detection.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, "\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --tempdir=DIRECTORY Create temporary files in DIRECTORY.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --leave-temps[=yes/no(*)] Do not remove temporary files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --force-to-disk[=yes/no(*)] Create temporary files for nested file scans that would otherwise be in-memory only.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, " --gen-json[=yes/no(*)] Generate JSON metadata for the scanned file(s). For testing & development use ONLY.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " JSON will be printed if --debug is enabled.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " A JSON file will dropped to the temp directory if --leave-temps is enabled.\n");
|
2025-04-07 16:50:09 -07:00
|
|
|
mprintf(LOGG_INFO, " --json-store-html-uris[=yes(*)/no] Store html URIs in metadata.\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " URIs will be written to the metadata.json file in an array called 'URIs'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --json-store-pdf-uris[=yes(*)/no] Store pdf URIs in metadata.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " URIs will be written to the metadata.json file in an array called 'URIs'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --json-store-extra-hashes[=yes(*)/no] Store md5 and sha1 in addition to sha2-256 in metadata.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load all supported db files from DIR.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --official-db-only[=yes/no(*)] Only load official signatures.\n");
|
2023-03-29 00:22:48 +03:00
|
|
|
mprintf(LOGG_INFO, " --fail-if-cvd-older-than=days Return with a nonzero error code if virus database outdated.\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --log=FILE -l FILE Save scan report to FILE.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --recursive[=yes/no(*)] -r Scan subdirectories recursively.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --allmatch[=yes/no(*)] -z Continue scanning within file after finding a match.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --cross-fs[=yes(*)/no] Scan files and directories on other filesystems.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0 = never, 1 = direct, 2 = always).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0 = never, 1 = direct, 2 = always).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --file-list=FILE -f FILE Scan files from FILE.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, " --remove[=yes/no(*)] Remove infected files. Be careful!\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --move=DIRECTORY Move infected files into DIRECTORY.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --copy=DIRECTORY Copy infected files into DIRECTORY.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --exclude=REGEX Don't scan file names matching REGEX.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --exclude-dir=REGEX Don't scan directories matching REGEX.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --include=REGEX Only scan file names matching REGEX.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --include-dir=REGEX Only scan directories matching REGEX.\n");
|
2021-08-27 09:14:45 -07:00
|
|
|
#ifdef _WIN32
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --memory Scan loaded executable modules.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --kill Kill/Unload infected loaded modules.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --unload Unload infected modules from processes.\n");
|
2021-08-27 09:14:45 -07:00
|
|
|
#endif
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, "\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --bytecode[=yes(*)/no] Load bytecode from the database.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --bytecode-unsigned[=yes/no(*)] Load unsigned bytecode.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, " **Caution**: You should NEVER run bytecode signatures from untrusted sources.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " Doing so may result in arbitrary code execution.\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --bytecode-timeout=N Set bytecode timeout (in milliseconds).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --exclude-pua=CAT Skip PUA sigs of category CAT.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --include-pua=CAT Load PUA sigs of category CAT.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --structured-ssn-format=X SSN format (0=normal,1=stripped,2=both).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --structured-ssn-count=N Min SSN count to generate a detect.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --structured-cc-count=N Min CC count to generate a detect.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --structured-cc-mode=X CC mode (0=credit debit and private label, 1=credit cards only.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-mail[=yes(*)/no] Scan mail files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --phishing-sigs[=yes(*)/no] Enable email signature-based phishing detection.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --phishing-scan-urls[=yes(*)/no] Enable URL signature-based phishing detection.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --heuristic-alerts[=yes(*)/no] Heuristic alerts.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --normalize[=yes(*)/no] Normalize html, script, and text files. Use normalize=no for yara compatibility.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-pe[=yes(*)/no] Scan PE files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-elf[=yes(*)/no] Scan ELF files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-ole2[=yes(*)/no] Scan OLE2 containers.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-pdf[=yes(*)/no] Scan PDF files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-swf[=yes(*)/no] Scan SWF files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-html[=yes(*)/no] Scan HTML files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-xmldocs[=yes(*)/no] Scan xml-based document files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-hwp3[=yes(*)/no] Scan HWP3 files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-onenote[=yes(*)/no] Scan OneNote files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-image[=yes(*)/no] Scan image (graphics) files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --scan-image-fuzzy-hash[=yes(*)/no] Detect files by calculating image (graphics) fuzzy hashes.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-broken[=yes/no(*)] Alert on broken executable files (PE & ELF).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-broken-media[=yes/no(*)] Alert on broken graphics files (JPEG, TIFF, PNG, GIF).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-encrypted[=yes/no(*)] Alert on encrypted archives and documents.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-encrypted-archive[=yes/no(*)] Alert on encrypted archives.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-encrypted-doc[=yes/no(*)] Alert on encrypted documents.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-macros[=yes/no(*)] Alert on OLE2 files containing VBA macros.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-exceeds-max[=yes/no(*)] Alert on files that exceed max file size, max scan size, or max recursion limit.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-phishing-ssl[=yes/no(*)] Alert on emails containing SSL mismatches in URLs.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-phishing-cloak[=yes/no(*)] Alert on emails containing cloaked URLs.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --alert-partition-intersection[=yes/no(*)] Alert on raw DMG image files containing partition intersections.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --nocerts Disable authenticode certificate chain verification in PE files.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --dumpcerts Dump authenticode certificate chain in PE files.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, "\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " --max-scantime=#n Scan time longer than this will be skipped and assumed clean (milliseconds).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-filesize=#n Files larger than this will be skipped and assumed clean.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-scansize=#n The maximum amount of data to scan for each container file (**).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-files=#n The maximum number of files to scan for each container file (**).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-recursion=#n Maximum archive recursion level for container file (**).\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-dir-recursion=#n Maximum directory recursion level.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-embeddedpe=#n Maximum size file to check for embedded PE.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-htmlnormalize=#n Maximum size of HTML file to normalize.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-htmlnotags=#n Maximum size of normalized HTML file to scan.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-scriptnormalize=#n Maximum size of script file to normalize.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-ziptypercg=#n Maximum size zip to type reanalyze.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-partitions=#n Maximum number of partitions in disk image to be scanned.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-iconspe=#n Maximum number of icons in PE file to be scanned.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --max-rechwp3=#n Maximum recursive calls to HWP3 parsing function.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, " --pcre-match-limit=#n Maximum calls to the PCRE match function.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --pcre-recmatch-limit=#n Maximum recursive calls to the PCRE match function.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --pcre-max-filesize=#n Maximum size file to perform PCRE subsig matching.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --disable-cache Disable caching and cache checks for hash sums of scanned files.\n");
|
2025-06-16 14:23:45 -04:00
|
|
|
mprintf(LOGG_INFO, " --hash-hint The file hash so that libclamav does not need to calculate it.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " The type of hash must match the '--hash-alg'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --log-hash Print the file hash after each file scanned.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " The type of hash printed will match the '--hash-alg'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --hash-alg The hashing algorithm used for either '--hash-hint' or '--log-hash'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " Supported algorithms are 'md5', 'sha1', 'sha2-256'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " If not specified, the default is 'sha2-256'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --file-type-hint The file type hint so that libclamav can optimize scanning.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " E.g. 'pe', 'elf', 'zip', etc.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " You may also use ClamAV type names such as 'CL_TYPE_PE'.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " ClamAV will ignore the hint if it is not familiar with the specified type.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " See also: https://docs.clamav.net/appendix/FileTypes.html#file-types\n");
|
|
|
|
|
mprintf(LOGG_INFO, " --log-file-type Print the file type after each file scanned.\n");
|
FIPS-compliant CVD signing and verification
Add X509 certificate chain based signing with PKCS7-PEM external
signatures distributed alongside CVD's in a custom .cvd.sign format.
This new signing and verification mechanism is primarily in support
of FIPS compliance.
Fixes: https://github.com/Cisco-Talos/clamav/issues/564
Add a Rust implementation for parsing, verifying, and unpacking CVD
files.
Now installs a 'certs' directory in the app config directory
(e.g. <prefix>/etc/certs). The install location is configurable.
The CMake option to configure the CVD certs directory is:
`-D CVD_CERTS_DIRECTORY=PATH`
New options to set an alternative CVD certs directory:
- Commandline for freshclam, clamd, clamscan, and sigtool is:
`--cvdcertsdir PATH`
- Env variable for freshclam, clamd, clamscan, and sigtool is:
`CVD_CERTS_DIR`
- Config option for freshclam and clamd is:
`CVDCertsDirectory PATH`
Sigtool:
- Add sign/verify commands.
- Also verify CDIFF external digital signatures when applying CDIFFs.
- Place commonly used commands at the top of --help string.
- Fix up manpage.
Freshclam:
- Will try to download .sign files to verify CVDs and CDIFFs.
- Fix an issue where making a CLD would only include the CFG file for
daily and not if patching any other database.
libclamav.so:
- Bump version to 13:0:1 (aka 12.1.0).
- Also remove libclamav.map versioning.
Resolves: https://github.com/Cisco-Talos/clamav/issues/1304
- Add two new API's to the public clamav.h header:
```c
extern cl_error_t cl_cvdverify_ex(const char *file,
const char *certs_directory);
extern cl_error_t cl_cvdunpack_ex(const char *file,
const char *dir,
bool dont_verify,
const char *certs_directory);
```
The original `cl_cvdverify` and `cl_cvdunpack` are deprecated.
- Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`.
You may set this option with `cl_engine_set_str` and get it
with `cl_engine_get_str`, to override the compiled in default
CVD certs directory.
libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0).
Add sigtool sign/verify tests and test certs.
Make it so downloadFile doesn't throw a warning if the server
doesn't have the .sign file.
Replace use of md5-based FP signatures in the unit tests with
sha256-based FP signatures because the md5 implementation used
by Python may be disabled in FIPS mode.
Fixes: https://github.com/Cisco-Talos/clamav/issues/1411
CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates
to build against the same OpenSSL library as is used for the C build.
The Rust unit test application must also link directly with libcrypto
and libssl.
Fix some log messages with missing new lines.
Fix missing environment variable notes in --help messages and manpages.
Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in
clamav-config.h.in for libclamav from variable that had the same name
for use in clamav applications that use the optparser.
The 'clamav-test' certs for the unit tests will live for 10 years.
The 'clamav-beta.crt' public cert will only live for 120 days and will
be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
|
|
|
mprintf(LOGG_INFO, " --cvdcertsdir=DIRECTORY Specify a directory containing the root\n");
|
|
|
|
|
mprintf(LOGG_INFO, " CA cert needed to verify detached CVD digital signatures.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " If not provided, then clamscan will look in the default directory.\n");
|
FIPS & FIPS-like limits on hash algs for cryptographic uses
ClamAV will not function when using a FIPS-enabled OpenSSL 3.x.
This is because ClamAV uses MD5 and SHA1 algorithms for a variety of
purposes including matching for malware detection, matching to prevent
false positives on known-clean files, and for verification of MD5-based
RSA digital signatures for determining CVD (signature database archive)
authenticity.
Interestingly, FIPS had been intentionally bypassed when creating hashes
based whole buffers and whole files (by descriptor or `FILE`-pointer):
https://github.com/Cisco-Talos/clamav/commit/78d4a9985a06a418dd1338c94ee5db461035d75b
Note: this bypassed FIPS the 1.x way with:
`EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);`
It was NOT disabled when using `cl_hash_init()` / `cl_update_hash()` /
`cl_finish_hash()`. That likely worked by coincidence in that the hash
was already calculated most of the time. It certainly would have made
use of those functions if the hash had not been calculated prior:
https://github.com/Cisco-Talos/clamav/blob/78d4a9985a06a418dd1338c94ee5db461035d75b/libclamav/matcher.c#L743
Regardless, bypassing FIPS entirely is not the correct solution.
The FIPS restrictions against using MD5 and SHA1 are valid, particularly
when verifying CVD digital siganatures, but also I think when using a
hash to determine if the file is known-clean (i.e. the "clean cache" and
also MD5-based and SHA1-based FP signatures).
This commit extends the work to bypass FIPS using the newer 3.x method:
`md = EVP_MD_fetch(NULL, alg, "-fips");`
It does this for the legacy `cl_hash*()` functions including
`cl_hash_init()` / `cl_update_hash()` / `cl_finish_hash()`.
It also introduces extended versions that allow the caller to choose if
they want to bypass FIPS:
- `cl_hash_data_ex()`
- `cl_hash_init_ex()`
- `cl_update_hash_ex()`
- `cl_finish_hash_ex()`
- `cl_hash_destroy_ex()`
- `cl_hash_file_fd_ex()`
See the `flags` parameter for each.
Ironically, this commit does NOT use the new functions at this time.
The rational is that ClamAV may need MD5, SHA1, and SHA-256 hashes of
the same files both for determining if the file is malware, and for
determining if the file is clean.
So instead, this commit will do a checks when:
1. Creating a new ClamAV scanning engine. If FIPS-mode enabled, it will
automatically toggle the "FIPS limits" engine option.
When loading signatures, if the engine "FIPS limits" option is enabled,
then MD5 and SHA1 FP signatures will be skipped.
2. Before verifying a CVD (e.g. also for loading, unpacking when
verification enabled).
If "FIPS limits" or FIPS-mode are enabled, then the legacy MD5-based RSA
method is disabled.
Note: This commit also refactors the interface for `cl_cvdverify_ex()`
and `cl_cvdunpack_ex()` so they take a `flags` parameters, rather than a
single `bool`. As these functions are new in this version, it does not
break the ABI.
The cache was already switched to use SHA2-256, so that's not a concern
for checking FIPS-mode / FIPS limits options.
This adds an option for `freshclam.conf` and `clamd.conf`:
FIPSCryptoHashLimits yes
And an equivalent command-line option for `clamscan` and `sigtool`:
--fips-limits
You may programmatically enable FIPS-limits for a ClamAV engine like this:
```C
cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1);
```
CLAM-2792
2025-07-01 20:41:47 -04:00
|
|
|
mprintf(LOGG_INFO, " --fips-limits Enforce FIPS-like limits on using hash algorithms for\n");
|
2025-07-18 16:58:23 -04:00
|
|
|
mprintf(LOGG_INFO, " cryptographic purposes. Will disable MD5 & SHA1.\n");
|
FIPS & FIPS-like limits on hash algs for cryptographic uses
ClamAV will not function when using a FIPS-enabled OpenSSL 3.x.
This is because ClamAV uses MD5 and SHA1 algorithms for a variety of
purposes including matching for malware detection, matching to prevent
false positives on known-clean files, and for verification of MD5-based
RSA digital signatures for determining CVD (signature database archive)
authenticity.
Interestingly, FIPS had been intentionally bypassed when creating hashes
based whole buffers and whole files (by descriptor or `FILE`-pointer):
https://github.com/Cisco-Talos/clamav/commit/78d4a9985a06a418dd1338c94ee5db461035d75b
Note: this bypassed FIPS the 1.x way with:
`EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);`
It was NOT disabled when using `cl_hash_init()` / `cl_update_hash()` /
`cl_finish_hash()`. That likely worked by coincidence in that the hash
was already calculated most of the time. It certainly would have made
use of those functions if the hash had not been calculated prior:
https://github.com/Cisco-Talos/clamav/blob/78d4a9985a06a418dd1338c94ee5db461035d75b/libclamav/matcher.c#L743
Regardless, bypassing FIPS entirely is not the correct solution.
The FIPS restrictions against using MD5 and SHA1 are valid, particularly
when verifying CVD digital siganatures, but also I think when using a
hash to determine if the file is known-clean (i.e. the "clean cache" and
also MD5-based and SHA1-based FP signatures).
This commit extends the work to bypass FIPS using the newer 3.x method:
`md = EVP_MD_fetch(NULL, alg, "-fips");`
It does this for the legacy `cl_hash*()` functions including
`cl_hash_init()` / `cl_update_hash()` / `cl_finish_hash()`.
It also introduces extended versions that allow the caller to choose if
they want to bypass FIPS:
- `cl_hash_data_ex()`
- `cl_hash_init_ex()`
- `cl_update_hash_ex()`
- `cl_finish_hash_ex()`
- `cl_hash_destroy_ex()`
- `cl_hash_file_fd_ex()`
See the `flags` parameter for each.
Ironically, this commit does NOT use the new functions at this time.
The rational is that ClamAV may need MD5, SHA1, and SHA-256 hashes of
the same files both for determining if the file is malware, and for
determining if the file is clean.
So instead, this commit will do a checks when:
1. Creating a new ClamAV scanning engine. If FIPS-mode enabled, it will
automatically toggle the "FIPS limits" engine option.
When loading signatures, if the engine "FIPS limits" option is enabled,
then MD5 and SHA1 FP signatures will be skipped.
2. Before verifying a CVD (e.g. also for loading, unpacking when
verification enabled).
If "FIPS limits" or FIPS-mode are enabled, then the legacy MD5-based RSA
method is disabled.
Note: This commit also refactors the interface for `cl_cvdverify_ex()`
and `cl_cvdunpack_ex()` so they take a `flags` parameters, rather than a
single `bool`. As these functions are new in this version, it does not
break the ABI.
The cache was already switched to use SHA2-256, so that's not a concern
for checking FIPS-mode / FIPS limits options.
This adds an option for `freshclam.conf` and `clamd.conf`:
FIPSCryptoHashLimits yes
And an equivalent command-line option for `clamscan` and `sigtool`:
--fips-limits
You may programmatically enable FIPS-limits for a ClamAV engine like this:
```C
cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1);
```
CLAM-2792
2025-07-01 20:41:47 -04:00
|
|
|
mprintf(LOGG_INFO, " FP sigs and will require '.sign' files to verify CVD\n");
|
|
|
|
|
mprintf(LOGG_INFO, " authenticity.\n");
|
FIPS-compliant CVD signing and verification
Add X509 certificate chain based signing with PKCS7-PEM external
signatures distributed alongside CVD's in a custom .cvd.sign format.
This new signing and verification mechanism is primarily in support
of FIPS compliance.
Fixes: https://github.com/Cisco-Talos/clamav/issues/564
Add a Rust implementation for parsing, verifying, and unpacking CVD
files.
Now installs a 'certs' directory in the app config directory
(e.g. <prefix>/etc/certs). The install location is configurable.
The CMake option to configure the CVD certs directory is:
`-D CVD_CERTS_DIRECTORY=PATH`
New options to set an alternative CVD certs directory:
- Commandline for freshclam, clamd, clamscan, and sigtool is:
`--cvdcertsdir PATH`
- Env variable for freshclam, clamd, clamscan, and sigtool is:
`CVD_CERTS_DIR`
- Config option for freshclam and clamd is:
`CVDCertsDirectory PATH`
Sigtool:
- Add sign/verify commands.
- Also verify CDIFF external digital signatures when applying CDIFFs.
- Place commonly used commands at the top of --help string.
- Fix up manpage.
Freshclam:
- Will try to download .sign files to verify CVDs and CDIFFs.
- Fix an issue where making a CLD would only include the CFG file for
daily and not if patching any other database.
libclamav.so:
- Bump version to 13:0:1 (aka 12.1.0).
- Also remove libclamav.map versioning.
Resolves: https://github.com/Cisco-Talos/clamav/issues/1304
- Add two new API's to the public clamav.h header:
```c
extern cl_error_t cl_cvdverify_ex(const char *file,
const char *certs_directory);
extern cl_error_t cl_cvdunpack_ex(const char *file,
const char *dir,
bool dont_verify,
const char *certs_directory);
```
The original `cl_cvdverify` and `cl_cvdunpack` are deprecated.
- Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`.
You may set this option with `cl_engine_set_str` and get it
with `cl_engine_get_str`, to override the compiled in default
CVD certs directory.
libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0).
Add sigtool sign/verify tests and test certs.
Make it so downloadFile doesn't throw a warning if the server
doesn't have the .sign file.
Replace use of md5-based FP signatures in the unit tests with
sha256-based FP signatures because the md5 implementation used
by Python may be disabled in FIPS mode.
Fixes: https://github.com/Cisco-Talos/clamav/issues/1411
CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates
to build against the same OpenSSL library as is used for the C build.
The Rust unit test application must also link directly with libcrypto
and libssl.
Fix some log messages with missing new lines.
Fix missing environment variable notes in --help messages and manpages.
Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in
clamav-config.h.in for libclamav from variable that had the same name
for use in clamav applications that use the optparser.
The 'clamav-test' certs for the unit tests will live for 10 years.
The 'clamav-beta.crt' public cert will only live for 120 days and will
be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
|
|
|
mprintf(LOGG_INFO, "\n");
|
|
|
|
|
mprintf(LOGG_INFO, "Environment Variables:\n");
|
|
|
|
|
mprintf(LOGG_INFO, "\n");
|
|
|
|
|
mprintf(LOGG_INFO, " LD_LIBRARY_PATH May be used on startup to find the libclamunrar_iface\n");
|
|
|
|
|
mprintf(LOGG_INFO, " shared library module to enable RAR archive support.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " CVD_CERTS_DIR Specify a directory containing the root CA cert needed\n");
|
|
|
|
|
mprintf(LOGG_INFO, " to verify detached CVD digital signatures.\n");
|
|
|
|
|
mprintf(LOGG_INFO, " If not provided, then clamscan will look in the default directory.\n");
|
2022-02-16 00:13:55 +01:00
|
|
|
mprintf(LOGG_INFO, "\n");
|
|
|
|
|
mprintf(LOGG_INFO, "Pass in - as the filename for stdin.\n");
|
|
|
|
|
mprintf(LOGG_INFO, "\n");
|
|
|
|
|
mprintf(LOGG_INFO, "(*) Default scan settings\n");
|
|
|
|
|
mprintf(LOGG_INFO, "(**) Certain files (e.g. documents, archives, etc.) may in turn contain other\n");
|
|
|
|
|
mprintf(LOGG_INFO, " files inside. The above options ensure safe processing of this kind of data.\n\n");
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|