clamav/unit_tests/clamscan/fuzzy_img_hash_test.py

# Copyright (C) 2020-2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

"""
Run clamscan tests.
"""

import sys

sys.path.append('../unit_tests')
import testcase


class TC(testcase.TestCase):
    @classmethod
    def setUpClass(cls):
        super(TC, cls).setUpClass()

        # Testing with our logo png file.
        TC.testfiles = TC.path_source / 'logo.png'

    @classmethod
    def tearDownClass(cls):
        super(TC, cls).tearDownClass()

    def setUp(self):
        super(TC, self).setUp()

    def tearDown(self):
        super(TC, self).tearDown()
        self.verify_valgrind_log()

    #
    # First check with the good database in all-match mode.
    #

    def test_sigs_good_allmatch(self):
        self.step_name('Test with a good database in all-match mode.')

        (TC.path_tmp / 'good.ldb').write_text(
            "logo.png.good;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7#0\n"
            "logo.png.bad.with.second.subsig;Engine:150-255,Target:0;0&1;deadbeef;fuzzy_img#af2ad01ed42993c7#0\n"
            "logo.png.good.with.second.subsig;Engine:150-255,Target:0;0&1;49484452;fuzzy_img#af2ad01ed42993c7#0\n"
        )

        command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(
            valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
            path_db=TC.path_tmp / 'good.ldb',
            testfiles=TC.testfiles,
        )
        output = self.execute_command(command)

        assert output.ec == 1  # virus

        expected_stdout = [
            'logo.png.good.UNOFFICIAL FOUND',
            'logo.png.good.with.second.subsig.UNOFFICIAL FOUND',
        ]
        unexpected_stdout = [
            'logo.png.bad.with.second.subsig.UNOFFICIAL FOUND',
        ]
        self.verify_output(output.out, expected=expected_stdout)

        # Try again with image fuzzy hashing disabled to verify the flag will disable this feature (at least for PNG files)
        command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch --scan-image-fuzzy-hash=no'.format(
            valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
            path_db=TC.path_tmp / 'good.ldb',
            testfiles=TC.testfiles,
        )
        output = self.execute_command(command)

        assert output.ec == 0  # virus

        # Try again with image scanning disabled to verify that the flag disables this feature (at least for PNG files)
        command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch --scan-image=no'.format(
            valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
            path_db=TC.path_tmp / 'good.ldb',
            testfiles=TC.testfiles,
        )
        output = self.execute_command(command)

        assert output.ec == 0  # virus

    #
    # Next check with the bad signatures
    #

    def test_sigs_bad_hash(self):
        self.step_name('Test Invalid hash')

        # Invalid hash
        (TC.path_tmp / 'invalid-hash.ldb').write_text(
            "logo.png.bad;Engine:150-255,Target:0;0;fuzzy_img#abcdef#0\n"
        )
        command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(
            valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
            path_db=TC.path_tmp / 'invalid-hash.ldb',
            testfiles=TC.testfiles,
        )
        output = self.execute_command(command)

        assert output.ec == 2  # error

        expected_stderr = [
            'LibClamAV Error: Failed to load',
            'Invalid hash: ImageFuzzyHash hash must be 16 characters in length: abcdef',
        ]
        unexpected_stdout = [
            'logo.png.bad.UNOFFICIAL FOUND',
        ]
        self.verify_output(output.err, expected=expected_stderr)
        self.verify_output(output.out, unexpected=unexpected_stdout)

    def test_sigs_bad_hamming(self):
        self.step_name('Test Unsupported hamming distance')

        # Unsupported hamming distance
        (TC.path_tmp / 'invalid-ham.ldb').write_text(
            "logo.png.bad;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7#1\n"
        )
        command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(
            valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
            path_db=TC.path_tmp / 'invalid-ham.ldb',
            testfiles=TC.testfiles,
        )
        output = self.execute_command(command)

        assert output.ec == 2  # error

        expected_stderr = [
            'LibClamAV Error: Failed to load',
            'Invalid hamming distance: 1',
        ]
        unexpected_stdout = [
            'logo.png.bad.UNOFFICIAL FOUND',
        ]
        self.verify_output(output.err, expected=expected_stderr)
        self.verify_output(output.out, unexpected=unexpected_stdout)

    def test_sigs_bad_algorithm(self):
        self.step_name('Test invalid fuzzy image hash algorithm')

        # invalid algorithm
        (TC.path_tmp / 'invalid-alg.ldb').write_text(
            "logo.png.bad;Engine:150-255,Target:0;0;fuzzy_imgy#af2ad01ed42993c7#0\n"
        )
        command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(
            valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
            path_db=TC.path_tmp / 'invalid-alg.ldb',
            testfiles=TC.testfiles,
        )
        output = self.execute_command(command)

        assert output.ec == 2  # error

        expected_stderr = [
            'cli_loadldb: failed to parse subsignature 0 in logo.png',
        ]
        unexpected_stdout = [
            'logo.png.bad.UNOFFICIAL FOUND',
        ]
        self.verify_output(output.err, expected=expected_stderr)
        self.verify_output(output.out, unexpected=unexpected_stdout)
Bump copyright dates for 2025 2025-02-14 10:24:30 -05:00			`# Copyright (C) 2020-2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.`
Tests: break out clamscan tests into separate files The `clamscan_test.py` file is getting way too long. Created a new `unit_tests/clamscan` directory and separated all tests into separate test files. I also fixed an issue with the clamscan `ign2` test: The `ign2` test wasn't written correctly and was actually testing detection despite using the `-d` parameter to try to ignore a signature. There is a minor bug where `ign2` files may be loaded after other files when using the `-d` option. It is only guaranteed to be loaded first if you load all the sigs from the same directory. I fixed the test. In the future, we should make it so all database files are sorted in a list before load time regardless of where they're sourced from. 2022-08-23 12:51:49 -07:00
			`"""`
			`Run clamscan tests.`
			`"""`

			`import sys`

			`sys.path.append('../unit_tests')`
			`import testcase`


			`class TC(testcase.TestCase):`
			`@classmethod`
			`def setUpClass(cls):`
			`super(TC, cls).setUpClass()`

			`# Testing with our logo png file.`
			`TC.testfiles = TC.path_source / 'logo.png'`

			`@classmethod`
			`def tearDownClass(cls):`
			`super(TC, cls).tearDownClass()`

			`def setUp(self):`
			`super(TC, self).setUp()`

			`def tearDown(self):`
			`super(TC, self).tearDown()`
			`self.verify_valgrind_log()`

			`#`
			`# First check with the good database in all-match mode.`
			`#`

			`def test_sigs_good_allmatch(self):`
			`self.step_name('Test with a good database in all-match mode.')`

			`(TC.path_tmp / 'good.ldb').write_text(`
			`"logo.png.good;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7#0\n"`
			`"logo.png.bad.with.second.subsig;Engine:150-255,Target:0;0&1;deadbeef;fuzzy_img#af2ad01ed42993c7#0\n"`
			`"logo.png.good.with.second.subsig;Engine:150-255,Target:0;0&1;49484452;fuzzy_img#af2ad01ed42993c7#0\n"`
			`)`

			`command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(`
			`valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,`
			`path_db=TC.path_tmp / 'good.ldb',`
			`testfiles=TC.testfiles,`
			`)`
			`output = self.execute_command(command)`

			`assert output.ec == 1 # virus`

			`expected_stdout = [`
			`'logo.png.good.UNOFFICIAL FOUND',`
			`'logo.png.good.with.second.subsig.UNOFFICIAL FOUND',`
			`]`
			`unexpected_stdout = [`
			`'logo.png.bad.with.second.subsig.UNOFFICIAL FOUND',`
			`]`
			`self.verify_output(output.out, expected=expected_stdout)`

test: Check clamscan --scan-image and --scan-image-fuzzy-hash Use the existing clamscan image fuzzy hash tests to verify that both --scan-image=no and also --scan-image-fuzzy-hash=no will disable image fuzzy hash based detection (at least for PNG files). 2024-02-25 13:20:43 -05:00			`# Try again with image fuzzy hashing disabled to verify the flag will disable this feature (at least for PNG files)`
			`command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch --scan-image-fuzzy-hash=no'.format(`
			`valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,`
			`path_db=TC.path_tmp / 'good.ldb',`
			`testfiles=TC.testfiles,`
			`)`
			`output = self.execute_command(command)`

			`assert output.ec == 0 # virus`

			`# Try again with image scanning disabled to verify that the flag disables this feature (at least for PNG files)`
			`command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch --scan-image=no'.format(`
			`valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,`
			`path_db=TC.path_tmp / 'good.ldb',`
			`testfiles=TC.testfiles,`
			`)`
			`output = self.execute_command(command)`

			`assert output.ec == 0 # virus`

Tests: break out clamscan tests into separate files The `clamscan_test.py` file is getting way too long. Created a new `unit_tests/clamscan` directory and separated all tests into separate test files. I also fixed an issue with the clamscan `ign2` test: The `ign2` test wasn't written correctly and was actually testing detection despite using the `-d` parameter to try to ignore a signature. There is a minor bug where `ign2` files may be loaded after other files when using the `-d` option. It is only guaranteed to be loaded first if you load all the sigs from the same directory. I fixed the test. In the future, we should make it so all database files are sorted in a list before load time regardless of where they're sourced from. 2022-08-23 12:51:49 -07:00			`#`
			`# Next check with the bad signatures`
			`#`

			`def test_sigs_bad_hash(self):`
			`self.step_name('Test Invalid hash')`

			`# Invalid hash`
			`(TC.path_tmp / 'invalid-hash.ldb').write_text(`
			`"logo.png.bad;Engine:150-255,Target:0;0;fuzzy_img#abcdef#0\n"`
			`)`
			`command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(`
			`valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,`
			`path_db=TC.path_tmp / 'invalid-hash.ldb',`
			`testfiles=TC.testfiles,`
			`)`
			`output = self.execute_command(command)`

			`assert output.ec == 2 # error`

			`expected_stderr = [`
			`'LibClamAV Error: Failed to load',`
Support for extracting attachments from OneNote section files Includes rudimentary support for getting slices from FMap's and for interacting with libclamav's context structure. For now will use a Cisco-Talos org fork of the onenote_parser until the feature to read open a onenote section from a slice (instead of from a filepath) is added to the upstream. 2023-09-29 12:49:29 -07:00			`'Invalid hash: ImageFuzzyHash hash must be 16 characters in length: abcdef',`
Tests: break out clamscan tests into separate files The `clamscan_test.py` file is getting way too long. Created a new `unit_tests/clamscan` directory and separated all tests into separate test files. I also fixed an issue with the clamscan `ign2` test: The `ign2` test wasn't written correctly and was actually testing detection despite using the `-d` parameter to try to ignore a signature. There is a minor bug where `ign2` files may be loaded after other files when using the `-d` option. It is only guaranteed to be loaded first if you load all the sigs from the same directory. I fixed the test. In the future, we should make it so all database files are sorted in a list before load time regardless of where they're sourced from. 2022-08-23 12:51:49 -07:00			`]`
			`unexpected_stdout = [`
			`'logo.png.bad.UNOFFICIAL FOUND',`
			`]`
			`self.verify_output(output.err, expected=expected_stderr)`
			`self.verify_output(output.out, unexpected=unexpected_stdout)`

			`def test_sigs_bad_hamming(self):`
Fix typos (no functional changes) 2024-01-19 09:08:36 -08:00			`self.step_name('Test Unsupported hamming distance')`
Tests: break out clamscan tests into separate files The `clamscan_test.py` file is getting way too long. Created a new `unit_tests/clamscan` directory and separated all tests into separate test files. I also fixed an issue with the clamscan `ign2` test: The `ign2` test wasn't written correctly and was actually testing detection despite using the `-d` parameter to try to ignore a signature. There is a minor bug where `ign2` files may be loaded after other files when using the `-d` option. It is only guaranteed to be loaded first if you load all the sigs from the same directory. I fixed the test. In the future, we should make it so all database files are sorted in a list before load time regardless of where they're sourced from. 2022-08-23 12:51:49 -07:00
			`# Unsupported hamming distance`
			`(TC.path_tmp / 'invalid-ham.ldb').write_text(`
			`"logo.png.bad;Engine:150-255,Target:0;0;fuzzy_img#af2ad01ed42993c7#1\n"`
			`)`
			`command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(`
			`valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,`
			`path_db=TC.path_tmp / 'invalid-ham.ldb',`
			`testfiles=TC.testfiles,`
			`)`
			`output = self.execute_command(command)`

			`assert output.ec == 2 # error`

			`expected_stderr = [`
			`'LibClamAV Error: Failed to load',`
			`'Invalid hamming distance: 1',`
			`]`
			`unexpected_stdout = [`
			`'logo.png.bad.UNOFFICIAL FOUND',`
			`]`
			`self.verify_output(output.err, expected=expected_stderr)`
			`self.verify_output(output.out, unexpected=unexpected_stdout)`

			`def test_sigs_bad_algorithm(self):`
			`self.step_name('Test invalid fuzzy image hash algorithm')`

			`# invalid algorithm`
			`(TC.path_tmp / 'invalid-alg.ldb').write_text(`
			`"logo.png.bad;Engine:150-255,Target:0;0;fuzzy_imgy#af2ad01ed42993c7#0\n"`
			`)`
			`command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --allmatch'.format(`
			`valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,`
			`path_db=TC.path_tmp / 'invalid-alg.ldb',`
			`testfiles=TC.testfiles,`
			`)`
			`output = self.execute_command(command)`

			`assert output.ec == 2 # error`

			`expected_stderr = [`
			`'cli_loadldb: failed to parse subsignature 0 in logo.png',`
			`]`
			`unexpected_stdout = [`
			`'logo.png.bad.UNOFFICIAL FOUND',`
			`]`
			`self.verify_output(output.err, expected=expected_stderr)`
			`self.verify_output(output.out, unexpected=unexpected_stdout)`