2003-07-29 15:48:06 +00:00
|
|
|
/*
|
2020-01-03 15:44:07 -05:00
|
|
|
* Copyright (C) 2013-2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
|
2014-04-30 15:42:11 -04:00
|
|
|
* Copyright (C) 2007-2013 Sourcefire, Inc.
|
2008-02-08 17:50:44 +00:00
|
|
|
*
|
2008-04-02 15:24:51 +00:00
|
|
|
* Authors: Tomasz Kojm
|
2003-07-29 15:48:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
2007-03-31 20:31:04 +00:00
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
|
* published by the Free Software Foundation.
|
2003-07-29 15:48:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2006-04-09 19:59:28 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301, USA.
|
2003-07-29 15:48:06 +00:00
|
|
|
*/
|
|
|
|
|
|
2008-11-10 17:39:58 +00:00
|
|
|
#include "matcher.h"
|
|
|
|
|
|
2004-07-19 17:54:40 +00:00
|
|
|
#ifndef __OTHERS_H_LC
|
|
|
|
|
#define __OTHERS_H_LC
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2007-03-01 22:31:22 +00:00
|
|
|
#if HAVE_CONFIG_H
|
|
|
|
|
#include "clamav-config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2009-07-17 02:30:21 +02:00
|
|
|
#ifdef HAVE_UNISTD_H
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-10-31 12:30:55 -05:00
|
|
|
#if HAVE_PTHREAD_H
|
|
|
|
|
#include <pthread.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2003-10-08 12:51:07 +00:00
|
|
|
#include <stdio.h>
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
2006-10-28 12:54:36 +00:00
|
|
|
#include "clamav.h"
|
2007-01-09 20:06:51 +00:00
|
|
|
#include "dconf.h"
|
2009-08-30 19:46:26 +02:00
|
|
|
#include "filetypes.h"
|
2009-08-30 19:14:49 +02:00
|
|
|
#include "fmap.h"
|
2008-11-13 02:11:21 +00:00
|
|
|
#include "libclamunrar_iface/unrar_iface.h"
|
2009-05-15 11:53:22 +00:00
|
|
|
#include "regex/regex.h"
|
2009-09-21 19:24:16 +03:00
|
|
|
#include "bytecode.h"
|
2009-10-02 17:33:11 +03:00
|
|
|
#include "bytecode_api.h"
|
2011-02-14 19:19:20 +02:00
|
|
|
#include "events.h"
|
2011-12-21 22:52:46 +01:00
|
|
|
#include "crtmgr.h"
|
2015-07-21 16:35:48 -04:00
|
|
|
|
2014-04-16 16:40:56 -04:00
|
|
|
#ifdef HAVE_JSON
|
2019-04-25 16:11:39 -04:00
|
|
|
#include "json-c/json.h"
|
2014-04-16 16:40:56 -04:00
|
|
|
#endif
|
2015-07-21 16:35:48 -04:00
|
|
|
|
|
|
|
|
#ifdef HAVE_YARA
|
2015-05-07 15:50:37 -04:00
|
|
|
#include "yara_clam.h"
|
2015-07-21 16:35:48 -04:00
|
|
|
#endif
|
2006-10-28 12:54:36 +00:00
|
|
|
|
2014-08-26 13:47:27 -04:00
|
|
|
#if HAVE_LIBXML2
|
|
|
|
|
#define CLAMAV_MIN_XMLREADER_FLAGS (XML_PARSE_NOERROR | XML_PARSE_NONET)
|
|
|
|
|
#endif
|
|
|
|
|
|
2008-12-10 19:02:40 +00:00
|
|
|
/*
|
|
|
|
|
* CL_FLEVEL is the signature f-level specific to the current code and
|
|
|
|
|
* should never be modified
|
|
|
|
|
* CL_FLEVEL_DCONF is used in the dconf module and can be bumped by
|
|
|
|
|
* distribution packagers provided they fix *all* security issues found
|
|
|
|
|
* in the old versions of ClamAV. Updating CL_FLEVEL_DCONF will result
|
|
|
|
|
* in re-enabling affected modules.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-10-03 18:32:41 -04:00
|
|
|
#define CL_FLEVEL 120
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CL_FLEVEL_DCONF CL_FLEVEL
|
2010-03-16 12:18:08 +01:00
|
|
|
#define CL_FLEVEL_SIGTOOL CL_FLEVEL
|
2008-12-10 19:02:40 +00:00
|
|
|
|
2008-11-14 22:23:39 +00:00
|
|
|
extern uint8_t cli_debug_flag;
|
2013-10-09 15:57:56 -04:00
|
|
|
extern uint8_t cli_always_gen_section_hash;
|
2007-08-31 19:55:09 +00:00
|
|
|
|
2006-03-12 15:21:32 +00:00
|
|
|
/*
|
2017-08-15 16:50:01 -04:00
|
|
|
* CLI_ISCONTAINED(bb, bb_size, sb, sb_size) checks if sb (sub buffer) is contained
|
|
|
|
|
* within bb (buffer).
|
2006-03-12 15:21:32 +00:00
|
|
|
*
|
2017-08-15 16:50:01 -04:00
|
|
|
* bb and sb are pointers (or offsets) for the main buffer and the
|
|
|
|
|
* sub-buffer respectively, and bb_size and sb_size are their sizes
|
2006-03-12 15:21:32 +00:00
|
|
|
*
|
|
|
|
|
* The macro can be used to protect against wraps.
|
|
|
|
|
*/
|
2017-08-15 16:50:01 -04:00
|
|
|
#define CLI_ISCONTAINED(bb, bb_size, sb, sb_size) \
|
|
|
|
|
( \
|
|
|
|
|
(size_t)(bb_size) > 0 && (size_t)(sb_size) > 0 && \
|
|
|
|
|
(size_t)(sb_size) <= (size_t)(bb_size) && \
|
|
|
|
|
(ptrdiff_t)(sb) >= (ptrdiff_t)(bb) && \
|
|
|
|
|
(ptrdiff_t)(sb) + (ptrdiff_t)(sb_size) <= (ptrdiff_t)(bb) + (ptrdiff_t)(bb_size) && \
|
|
|
|
|
(ptrdiff_t)(sb) + (ptrdiff_t)(sb_size) > (ptrdiff_t)(bb) && \
|
2018-12-03 12:40:13 -05:00
|
|
|
(ptrdiff_t)(sb) < (ptrdiff_t)(bb) + (ptrdiff_t)(bb_size))
|
2006-01-09 18:49:41 +00:00
|
|
|
|
2017-08-15 16:50:01 -04:00
|
|
|
/*
|
|
|
|
|
* CLI_ISCONTAINED2(bb, bb_size, sb, sb_size) checks if sb (sub buffer) is contained
|
|
|
|
|
* within bb (buffer).
|
|
|
|
|
*
|
|
|
|
|
* CLI_ISCONTAINED2 is the same as CLI_ISCONTAINED except that it allows for sub-
|
|
|
|
|
* buffers with sb_size == 0.
|
|
|
|
|
*/
|
|
|
|
|
#define CLI_ISCONTAINED2(bb, bb_size, sb, sb_size) \
|
|
|
|
|
( \
|
|
|
|
|
(size_t)(bb_size) > 0 && (size_t)(sb_size) >= 0 && \
|
|
|
|
|
(size_t)(sb_size) <= (size_t)(bb_size) && \
|
|
|
|
|
(ptrdiff_t)(sb) >= (ptrdiff_t)(bb) && \
|
|
|
|
|
(ptrdiff_t)(sb) + (ptrdiff_t)(sb_size) <= (ptrdiff_t)(bb) + (ptrdiff_t)(bb_size) && \
|
|
|
|
|
(ptrdiff_t)(sb) + (ptrdiff_t)(sb_size) >= (ptrdiff_t)(bb) && \
|
2018-12-03 12:40:13 -05:00
|
|
|
(ptrdiff_t)(sb) < (ptrdiff_t)(bb) + (ptrdiff_t)(bb_size))
|
2006-01-14 18:57:41 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CLI_MAX_ALLOCATION (182 * 1024 * 1024)
|
2006-04-04 22:58:33 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
#ifdef HAVE_SYS_PARAM_H
|
|
|
|
|
#include <sys/param.h> /* for NAME_MAX */
|
2007-03-01 22:31:22 +00:00
|
|
|
#endif
|
|
|
|
|
|
2007-01-13 16:57:58 +00:00
|
|
|
/* Maximum filenames under various systems - njh */
|
2018-12-03 12:40:13 -05:00
|
|
|
#ifndef NAME_MAX /* e.g. Linux */
|
|
|
|
|
#ifdef MAXNAMELEN /* e.g. Solaris */
|
|
|
|
|
#define NAME_MAX MAXNAMELEN
|
|
|
|
|
#else
|
|
|
|
|
#ifdef FILENAME_MAX /* e.g. SCO */
|
|
|
|
|
#define NAME_MAX FILENAME_MAX
|
|
|
|
|
#else
|
|
|
|
|
#define NAME_MAX 256
|
|
|
|
|
#endif
|
|
|
|
|
#endif
|
2007-01-13 16:57:58 +00:00
|
|
|
#endif
|
|
|
|
|
|
2007-03-01 00:40:34 +00:00
|
|
|
#if NAME_MAX < 256
|
|
|
|
|
#undef NAME_MAX
|
|
|
|
|
#define NAME_MAX 256
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
typedef struct bitset_tag {
|
|
|
|
|
unsigned char *bitset;
|
|
|
|
|
unsigned long length;
|
2010-01-19 16:38:12 +02:00
|
|
|
} bitset_t;
|
|
|
|
|
|
2017-01-19 12:24:46 -05:00
|
|
|
typedef struct cli_ctx_container_tag {
|
|
|
|
|
cli_file_t type;
|
|
|
|
|
size_t size;
|
2017-05-23 15:56:41 -04:00
|
|
|
unsigned char flag;
|
2017-01-19 12:24:46 -05:00
|
|
|
} cli_ctx_container;
|
2017-05-23 15:56:41 -04:00
|
|
|
#define CONTAINER_FLAG_VALID 0x01
|
2017-01-19 12:24:46 -05:00
|
|
|
|
2006-02-15 00:41:40 +00:00
|
|
|
/* internal clamav context */
|
2010-01-19 16:38:12 +02:00
|
|
|
typedef struct cli_ctx_tag {
|
2020-03-19 21:23:54 -04:00
|
|
|
char *target_filepath; /**< (optional) The filepath of the original scan target */
|
|
|
|
|
const char *sub_filepath; /**< (optional) The filepath of the current file being parsed. May be a temp file. */
|
|
|
|
|
char *sub_tmpdir; /**< The directory to store tmp files at this recursion depth. */
|
2006-02-15 00:41:40 +00:00
|
|
|
const char **virname;
|
2015-10-01 17:47:37 -04:00
|
|
|
unsigned int num_viruses;
|
2006-02-15 00:41:40 +00:00
|
|
|
unsigned long int *scanned;
|
|
|
|
|
const struct cli_matcher *root;
|
|
|
|
|
const struct cl_engine *engine;
|
2008-01-27 18:34:40 +00:00
|
|
|
unsigned long scansize;
|
2018-07-20 22:28:48 -04:00
|
|
|
struct cl_scan_options *options;
|
2008-01-28 01:46:00 +00:00
|
|
|
unsigned int recursion;
|
2008-02-06 21:19:10 +00:00
|
|
|
unsigned int scannedfiles;
|
2007-06-20 15:24:53 +00:00
|
|
|
unsigned int found_possibly_unwanted;
|
2010-06-15 18:09:12 +02:00
|
|
|
unsigned int corrupted_input;
|
2011-04-05 16:33:38 +02:00
|
|
|
unsigned int img_validate;
|
2017-01-19 12:24:46 -05:00
|
|
|
cli_ctx_container *containers; /* set container type after recurse */
|
2011-01-03 16:42:04 +01:00
|
|
|
unsigned char handlertype_hash[16];
|
2007-01-09 20:06:51 +00:00
|
|
|
struct cli_dconf *dconf;
|
2020-02-28 18:29:35 -05:00
|
|
|
fmap_t **fmap; /* pointer to current fmap in an allocated array, incremented with recursion depth */
|
2018-12-03 12:40:13 -05:00
|
|
|
bitset_t *hook_lsig_matches;
|
2010-07-07 03:01:55 +02:00
|
|
|
void *cb_ctx;
|
2018-12-03 12:40:13 -05:00
|
|
|
cli_events_t *perf;
|
2010-05-07 19:47:11 +02:00
|
|
|
#ifdef HAVE__INTERNAL__SHA_COLLECT
|
|
|
|
|
int sha_collect;
|
|
|
|
|
#endif
|
2014-04-16 16:40:56 -04:00
|
|
|
#ifdef HAVE_JSON
|
|
|
|
|
struct json_object *properties;
|
2014-04-23 11:47:30 -04:00
|
|
|
struct json_object *wrkproperty;
|
2014-04-16 16:40:56 -04:00
|
|
|
#endif
|
2014-06-13 16:11:15 -04:00
|
|
|
struct timeval time_limit;
|
2016-08-24 17:39:20 -04:00
|
|
|
int limit_exceeded;
|
2006-02-15 00:41:40 +00:00
|
|
|
} cli_ctx;
|
|
|
|
|
|
2013-10-25 10:17:22 -04:00
|
|
|
#define STATS_ANON_UUID "5b585e8f-3be5-11e3-bf0b-18037319526c"
|
2013-10-28 11:21:51 -04:00
|
|
|
#define STATS_MAX_SAMPLES 50
|
2018-12-03 12:40:13 -05:00
|
|
|
#define STATS_MAX_MEM 1024 * 1024
|
2013-10-25 10:17:22 -04:00
|
|
|
|
|
|
|
|
typedef struct cli_flagged_sample {
|
|
|
|
|
char **virus_name;
|
|
|
|
|
char md5[16];
|
2014-05-29 15:52:43 -04:00
|
|
|
uint32_t size; /* A size of zero means size is unavailable (why would this ever happen?) */
|
2013-10-25 10:17:22 -04:00
|
|
|
uint32_t hits;
|
2014-01-21 11:30:27 -05:00
|
|
|
stats_section_t *sections;
|
2013-10-25 10:17:22 -04:00
|
|
|
|
|
|
|
|
struct cli_flagged_sample *prev;
|
|
|
|
|
struct cli_flagged_sample *next;
|
|
|
|
|
} cli_flagged_sample_t;
|
|
|
|
|
|
|
|
|
|
typedef struct cli_clamav_intel {
|
|
|
|
|
char *hostid;
|
2014-01-08 08:55:52 -05:00
|
|
|
char *host_info;
|
2013-10-25 10:17:22 -04:00
|
|
|
cli_flagged_sample_t *samples;
|
|
|
|
|
uint32_t nsamples;
|
|
|
|
|
uint32_t maxsamples;
|
|
|
|
|
uint32_t maxmem;
|
2014-02-03 17:23:26 -05:00
|
|
|
uint32_t timeout;
|
2013-10-25 10:17:22 -04:00
|
|
|
time_t nextupdate;
|
|
|
|
|
struct cl_engine *engine;
|
|
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
pthread_mutex_t mutex;
|
|
|
|
|
#endif
|
|
|
|
|
} cli_intel_t;
|
2009-12-11 23:04:18 +01:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
typedef struct {
|
|
|
|
|
uint64_t v[2][4];
|
|
|
|
|
} icon_groupset;
|
2009-12-11 23:04:18 +01:00
|
|
|
|
2009-12-06 19:49:40 +01:00
|
|
|
struct icomtr {
|
2009-12-11 23:04:18 +01:00
|
|
|
unsigned int group[2];
|
2009-12-06 19:49:40 +01:00
|
|
|
unsigned int color_avg[3];
|
|
|
|
|
unsigned int color_x[3];
|
|
|
|
|
unsigned int color_y[3];
|
|
|
|
|
unsigned int gray_avg[3];
|
|
|
|
|
unsigned int gray_x[3];
|
|
|
|
|
unsigned int gray_y[3];
|
|
|
|
|
unsigned int bright_avg[3];
|
|
|
|
|
unsigned int bright_x[3];
|
|
|
|
|
unsigned int bright_y[3];
|
|
|
|
|
unsigned int dark_avg[3];
|
|
|
|
|
unsigned int dark_x[3];
|
|
|
|
|
unsigned int dark_y[3];
|
|
|
|
|
unsigned int edge_avg[3];
|
|
|
|
|
unsigned int edge_x[3];
|
|
|
|
|
unsigned int edge_y[3];
|
|
|
|
|
unsigned int noedge_avg[3];
|
|
|
|
|
unsigned int noedge_x[3];
|
|
|
|
|
unsigned int noedge_y[3];
|
|
|
|
|
unsigned int rsum;
|
|
|
|
|
unsigned int gsum;
|
|
|
|
|
unsigned int bsum;
|
|
|
|
|
unsigned int ccount;
|
|
|
|
|
char *name;
|
|
|
|
|
};
|
|
|
|
|
|
2009-12-11 00:52:16 +01:00
|
|
|
struct icon_matcher {
|
|
|
|
|
char **group_names[2];
|
|
|
|
|
unsigned int group_counts[2];
|
|
|
|
|
struct icomtr *icons[3];
|
|
|
|
|
unsigned int icon_counts[3];
|
|
|
|
|
};
|
|
|
|
|
|
2010-01-20 22:10:56 +01:00
|
|
|
struct cli_dbinfo {
|
|
|
|
|
char *name;
|
2017-08-08 17:38:17 -04:00
|
|
|
char *hash;
|
2010-01-20 22:10:56 +01:00
|
|
|
size_t size;
|
|
|
|
|
struct cl_cvd *cvd;
|
|
|
|
|
struct cli_dbinfo *next;
|
|
|
|
|
};
|
|
|
|
|
|
2015-07-20 15:00:18 -04:00
|
|
|
#define CLI_PWDB_COUNT 3
|
|
|
|
|
typedef enum {
|
|
|
|
|
CLI_PWDB_ANY = 0,
|
|
|
|
|
CLI_PWDB_ZIP = 1,
|
|
|
|
|
CLI_PWDB_RAR = 2
|
|
|
|
|
} cl_pwdb_t;
|
|
|
|
|
|
|
|
|
|
struct cli_pwdb {
|
2015-07-14 17:23:43 -04:00
|
|
|
char *name;
|
2017-08-08 17:38:17 -04:00
|
|
|
char *passwd;
|
2015-07-09 17:30:47 -04:00
|
|
|
uint16_t length;
|
2015-07-20 15:00:18 -04:00
|
|
|
struct cli_pwdb *next;
|
2015-07-09 17:30:47 -04:00
|
|
|
};
|
|
|
|
|
|
2008-11-10 17:39:58 +00:00
|
|
|
struct cl_engine {
|
|
|
|
|
uint32_t refcount; /* reference counter */
|
|
|
|
|
uint32_t sdb;
|
|
|
|
|
uint32_t dboptions;
|
|
|
|
|
uint32_t dbversion[2];
|
2008-11-13 19:06:42 +00:00
|
|
|
uint32_t ac_only;
|
|
|
|
|
uint32_t ac_mindepth;
|
|
|
|
|
uint32_t ac_maxdepth;
|
2008-11-14 22:23:39 +00:00
|
|
|
char *tmpdir;
|
|
|
|
|
uint32_t keeptmp;
|
2013-11-15 19:15:20 +00:00
|
|
|
uint64_t engine_options;
|
2008-11-10 17:39:58 +00:00
|
|
|
|
|
|
|
|
/* Limits */
|
2019-08-16 17:18:59 -07:00
|
|
|
uint32_t maxscantime; /* Time limit (in milliseconds) */
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t maxscansize; /* during the scanning of archives this size
|
2019-08-16 17:18:59 -07:00
|
|
|
* will never be exceeded
|
|
|
|
|
*/
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t maxfilesize; /* compressed files will only be decompressed
|
2019-08-16 17:18:59 -07:00
|
|
|
* and scanned up to this size
|
|
|
|
|
*/
|
2018-12-03 12:40:13 -05:00
|
|
|
uint32_t maxreclevel; /* maximum recursion level for archives */
|
|
|
|
|
uint32_t maxfiles; /* maximum number of files to be scanned
|
2019-08-16 17:18:59 -07:00
|
|
|
* within a single archive
|
|
|
|
|
*/
|
2008-11-10 17:39:58 +00:00
|
|
|
/* This is for structured data detection. You can set the minimum
|
2016-10-19 15:57:45 -04:00
|
|
|
* number of occurrences of an CC# or SSN before the system will
|
2008-11-10 17:39:58 +00:00
|
|
|
* generate a notification.
|
|
|
|
|
*/
|
|
|
|
|
uint32_t min_cc_count;
|
|
|
|
|
uint32_t min_ssn_count;
|
|
|
|
|
|
|
|
|
|
/* Roots table */
|
|
|
|
|
struct cli_matcher **root;
|
|
|
|
|
|
2011-01-07 02:59:41 +01:00
|
|
|
/* hash matcher for standard MD5 sigs */
|
|
|
|
|
struct cli_matcher *hm_hdb;
|
|
|
|
|
/* hash matcher for MD5 sigs for PE sections */
|
|
|
|
|
struct cli_matcher *hm_mdb;
|
2016-06-22 16:28:02 -04:00
|
|
|
/* hash matcher for MD5 sigs for PE import tables */
|
2016-06-30 11:11:03 -04:00
|
|
|
struct cli_matcher *hm_imp;
|
2011-01-07 02:59:41 +01:00
|
|
|
/* hash matcher for whitelist db */
|
|
|
|
|
struct cli_matcher *hm_fp;
|
|
|
|
|
|
2010-01-07 18:26:12 +01:00
|
|
|
/* Container metadata */
|
|
|
|
|
struct cli_cdb *cdb;
|
2008-11-10 17:39:58 +00:00
|
|
|
|
|
|
|
|
/* Phishing .pdb and .wdb databases*/
|
|
|
|
|
struct regex_matcher *whitelist_matcher;
|
|
|
|
|
struct regex_matcher *domainlist_matcher;
|
|
|
|
|
struct phishcheck *phishcheck;
|
|
|
|
|
|
|
|
|
|
/* Dynamic configuration */
|
|
|
|
|
struct cli_dconf *dconf;
|
|
|
|
|
|
|
|
|
|
/* Filetype definitions */
|
|
|
|
|
struct cli_ftype *ftypes;
|
2013-09-17 16:45:48 -04:00
|
|
|
struct cli_ftype *ptypes;
|
2008-11-10 17:39:58 +00:00
|
|
|
|
2015-07-09 17:30:47 -04:00
|
|
|
/* Container password storage */
|
2015-07-20 15:00:18 -04:00
|
|
|
struct cli_pwdb **pwdbs;
|
2015-07-09 17:30:47 -04:00
|
|
|
|
2016-02-23 10:29:36 -05:00
|
|
|
/* Pre-loading test matcher
|
|
|
|
|
* Test for presence before using; cleared on engine compile.
|
|
|
|
|
*/
|
|
|
|
|
struct cli_matcher *test_root;
|
|
|
|
|
|
2008-11-10 17:39:58 +00:00
|
|
|
/* Ignored signatures */
|
2009-09-28 19:33:59 +02:00
|
|
|
struct cli_matcher *ignored;
|
2008-11-10 17:39:58 +00:00
|
|
|
|
|
|
|
|
/* PUA categories (to be included or excluded) */
|
|
|
|
|
char *pua_cats;
|
|
|
|
|
|
2009-12-06 19:49:40 +01:00
|
|
|
/* Icon reference storage */
|
2009-12-11 00:52:16 +01:00
|
|
|
struct icon_matcher *iconcheck;
|
2009-12-06 19:49:40 +01:00
|
|
|
|
2010-01-14 18:54:53 +01:00
|
|
|
/* Negative cache storage */
|
|
|
|
|
struct CACHE *cache;
|
|
|
|
|
|
2010-01-20 22:10:56 +01:00
|
|
|
/* Database information from .info files */
|
|
|
|
|
struct cli_dbinfo *dbinfo;
|
|
|
|
|
|
2008-11-10 17:39:58 +00:00
|
|
|
/* Used for memory pools */
|
2009-01-26 19:47:02 +00:00
|
|
|
mpool_t *mempool;
|
2009-09-21 19:24:16 +03:00
|
|
|
|
2011-12-21 22:52:46 +01:00
|
|
|
/* crtmgr stuff */
|
|
|
|
|
crtmgr cmgr;
|
|
|
|
|
|
2010-06-22 15:41:19 +02:00
|
|
|
/* Callback(s) */
|
2011-06-14 17:00:06 +02:00
|
|
|
clcb_pre_cache cb_pre_cache;
|
2010-06-22 15:41:19 +02:00
|
|
|
clcb_pre_scan cb_pre_scan;
|
|
|
|
|
clcb_post_scan cb_post_scan;
|
2015-10-01 17:47:37 -04:00
|
|
|
clcb_virus_found cb_virus_found;
|
2010-06-22 15:41:19 +02:00
|
|
|
clcb_sigload cb_sigload;
|
|
|
|
|
void *cb_sigload_ctx;
|
2010-11-02 12:26:33 +02:00
|
|
|
clcb_hash cb_hash;
|
2011-08-22 15:22:55 +03:00
|
|
|
clcb_meta cb_meta;
|
2014-06-03 13:31:50 -04:00
|
|
|
clcb_file_props cb_file_props;
|
2010-06-22 15:41:19 +02:00
|
|
|
|
2009-09-21 19:24:16 +03:00
|
|
|
/* Used for bytecode */
|
|
|
|
|
struct cli_all_bc bcs;
|
2009-10-02 17:33:11 +03:00
|
|
|
unsigned *hooks[_BC_LAST_HOOK - _BC_START_HOOKS];
|
|
|
|
|
unsigned hooks_cnt[_BC_LAST_HOOK - _BC_START_HOOKS];
|
2010-01-19 16:38:12 +02:00
|
|
|
unsigned hook_lsig_ids;
|
2010-01-22 14:36:56 +02:00
|
|
|
enum bytecode_security bytecode_security;
|
2010-03-22 17:16:07 +02:00
|
|
|
uint32_t bytecode_timeout;
|
2010-07-29 13:22:35 +03:00
|
|
|
enum bytecode_mode bytecode_mode;
|
2012-11-27 17:15:02 -05:00
|
|
|
|
|
|
|
|
/* Engine max settings */
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t maxembeddedpe; /* max size to scan MSEXE for PE */
|
|
|
|
|
uint64_t maxhtmlnormalize; /* max size to normalize HTML */
|
|
|
|
|
uint64_t maxhtmlnotags; /* max size for scanning normalized HTML */
|
2012-11-27 17:15:02 -05:00
|
|
|
uint64_t maxscriptnormalize; /* max size to normalize scripts */
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t maxziptypercg; /* max size to re-do zip filetype */
|
2013-10-25 10:17:22 -04:00
|
|
|
|
|
|
|
|
/* Statistics/intelligence gathering */
|
|
|
|
|
void *stats_data;
|
|
|
|
|
clcb_stats_add_sample cb_stats_add_sample;
|
|
|
|
|
clcb_stats_remove_sample cb_stats_remove_sample;
|
|
|
|
|
clcb_stats_decrement_count cb_stats_decrement_count;
|
|
|
|
|
clcb_stats_submit cb_stats_submit;
|
|
|
|
|
clcb_stats_flush cb_stats_flush;
|
|
|
|
|
clcb_stats_get_num cb_stats_get_num;
|
|
|
|
|
clcb_stats_get_size cb_stats_get_size;
|
|
|
|
|
clcb_stats_get_hostid cb_stats_get_hostid;
|
2014-02-06 18:55:40 -05:00
|
|
|
|
2014-03-06 18:19:11 -05:00
|
|
|
/* Raw disk image max settings */
|
2014-05-09 13:33:01 -04:00
|
|
|
uint32_t maxpartitions; /* max number of partitions to scan in a disk image */
|
2014-03-06 18:19:11 -05:00
|
|
|
|
|
|
|
|
/* Engine max settings */
|
|
|
|
|
uint32_t maxiconspe; /* max number of icons to scan for PE */
|
2016-01-19 14:25:55 -05:00
|
|
|
uint32_t maxrechwp3; /* max recursive calls for HWP3 parsing */
|
2014-06-13 16:11:15 -04:00
|
|
|
|
2014-08-25 19:11:12 -04:00
|
|
|
/* PCRE matching limitations */
|
|
|
|
|
uint64_t pcre_match_limit;
|
|
|
|
|
uint64_t pcre_recmatch_limit;
|
2014-09-19 02:39:52 -04:00
|
|
|
uint64_t pcre_max_filesize;
|
2015-05-28 13:36:09 -04:00
|
|
|
|
2015-07-21 16:35:48 -04:00
|
|
|
#ifdef HAVE_YARA
|
2015-05-28 13:36:09 -04:00
|
|
|
/* YARA */
|
2018-12-03 12:40:13 -05:00
|
|
|
struct _yara_global *yara_global;
|
2015-07-21 16:35:48 -04:00
|
|
|
#endif
|
2008-11-10 17:39:58 +00:00
|
|
|
};
|
|
|
|
|
|
2009-03-02 18:56:03 +00:00
|
|
|
struct cl_settings {
|
|
|
|
|
/* don't store dboptions here; it needs to be provided to cl_load() and
|
|
|
|
|
* can be optionally obtained with cl_engine_get() or from the original
|
|
|
|
|
* settings stored by the application
|
|
|
|
|
*/
|
|
|
|
|
uint32_t ac_only;
|
|
|
|
|
uint32_t ac_mindepth;
|
|
|
|
|
uint32_t ac_maxdepth;
|
|
|
|
|
char *tmpdir;
|
|
|
|
|
uint32_t keeptmp;
|
2019-08-16 17:18:59 -07:00
|
|
|
uint32_t maxscantime;
|
2009-03-02 18:56:03 +00:00
|
|
|
uint64_t maxscansize;
|
|
|
|
|
uint64_t maxfilesize;
|
|
|
|
|
uint32_t maxreclevel;
|
|
|
|
|
uint32_t maxfiles;
|
|
|
|
|
uint32_t min_cc_count;
|
|
|
|
|
uint32_t min_ssn_count;
|
2010-12-10 11:05:04 +02:00
|
|
|
enum bytecode_security bytecode_security;
|
|
|
|
|
uint32_t bytecode_timeout;
|
|
|
|
|
enum bytecode_mode bytecode_mode;
|
2009-03-02 18:56:03 +00:00
|
|
|
char *pua_cats;
|
2013-11-15 19:15:20 +00:00
|
|
|
uint64_t engine_options;
|
2010-12-09 13:31:17 +01:00
|
|
|
|
|
|
|
|
/* callbacks */
|
2011-06-14 17:00:06 +02:00
|
|
|
clcb_pre_cache cb_pre_cache;
|
2010-12-09 13:31:17 +01:00
|
|
|
clcb_pre_scan cb_pre_scan;
|
|
|
|
|
clcb_post_scan cb_post_scan;
|
2015-10-01 17:47:37 -04:00
|
|
|
clcb_virus_found cb_virus_found;
|
2010-12-09 13:31:17 +01:00
|
|
|
clcb_sigload cb_sigload;
|
|
|
|
|
void *cb_sigload_ctx;
|
|
|
|
|
clcb_msg cb_msg;
|
|
|
|
|
clcb_hash cb_hash;
|
2013-03-26 16:51:51 -04:00
|
|
|
clcb_meta cb_meta;
|
2014-06-03 13:31:50 -04:00
|
|
|
clcb_file_props cb_file_props;
|
2012-11-27 17:15:02 -05:00
|
|
|
|
|
|
|
|
/* Engine max settings */
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t maxembeddedpe; /* max size to scan MSEXE for PE */
|
|
|
|
|
uint64_t maxhtmlnormalize; /* max size to normalize HTML */
|
|
|
|
|
uint64_t maxhtmlnotags; /* max size for scanning normalized HTML */
|
2012-11-27 17:15:02 -05:00
|
|
|
uint64_t maxscriptnormalize; /* max size to normalize scripts */
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t maxziptypercg; /* max size to re-do zip filetype */
|
2014-01-15 19:22:53 +00:00
|
|
|
|
|
|
|
|
/* Statistics/intelligence gathering */
|
|
|
|
|
void *stats_data;
|
|
|
|
|
clcb_stats_add_sample cb_stats_add_sample;
|
|
|
|
|
clcb_stats_remove_sample cb_stats_remove_sample;
|
|
|
|
|
clcb_stats_decrement_count cb_stats_decrement_count;
|
|
|
|
|
clcb_stats_submit cb_stats_submit;
|
|
|
|
|
clcb_stats_flush cb_stats_flush;
|
|
|
|
|
clcb_stats_get_num cb_stats_get_num;
|
|
|
|
|
clcb_stats_get_size cb_stats_get_size;
|
|
|
|
|
clcb_stats_get_hostid cb_stats_get_hostid;
|
2014-02-06 18:55:40 -05:00
|
|
|
|
2014-03-06 18:19:11 -05:00
|
|
|
/* Raw disk image max settings */
|
|
|
|
|
uint32_t maxpartitions; /* max number of partitions to scan in a disk image */
|
|
|
|
|
|
|
|
|
|
/* Engine max settings */
|
|
|
|
|
uint32_t maxiconspe; /* max number of icons to scan for PE */
|
2016-01-19 14:25:55 -05:00
|
|
|
uint32_t maxrechwp3; /* max recursive calls for HWP3 parsing */
|
2014-08-25 19:11:12 -04:00
|
|
|
|
|
|
|
|
/* PCRE matching limitations */
|
|
|
|
|
uint64_t pcre_match_limit;
|
|
|
|
|
uint64_t pcre_recmatch_limit;
|
2014-09-19 02:39:52 -04:00
|
|
|
uint64_t pcre_max_filesize;
|
2009-03-02 18:56:03 +00:00
|
|
|
};
|
|
|
|
|
|
2018-07-30 20:19:28 -04:00
|
|
|
extern cl_unrar_error_t (*cli_unrar_open)(const char *filename, void **hArchive, char **comment, uint32_t *comment_size, uint8_t debug_flag);
|
|
|
|
|
extern cl_unrar_error_t (*cli_unrar_peek_file_header)(void *hArchive, unrar_metadata_t *file_metadata);
|
2018-12-03 12:40:13 -05:00
|
|
|
extern cl_unrar_error_t (*cli_unrar_extract_file)(void *hArchive, const char *destPath, char *outputBuffer);
|
2018-07-30 20:19:28 -04:00
|
|
|
extern cl_unrar_error_t (*cli_unrar_skip_file)(void *hArchive);
|
|
|
|
|
extern void (*cli_unrar_close)(void *hArchive);
|
|
|
|
|
|
2008-11-13 02:11:21 +00:00
|
|
|
extern int have_rar;
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
#define SCAN_ALLMATCHES (ctx->options->general & CL_SCAN_GENERAL_ALLMATCHES)
|
|
|
|
|
#define SCAN_COLLECT_METADATA (ctx->options->general & CL_SCAN_GENERAL_COLLECT_METADATA)
|
|
|
|
|
#define SCAN_HEURISTICS (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS)
|
|
|
|
|
#define SCAN_HEURISTIC_PRECEDENCE (ctx->options->general & CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE)
|
2020-01-23 17:42:33 -08:00
|
|
|
#define SCAN_UNPRIVILEGED (ctx->options->general & CL_SCAN_GENERAL_UNPRIVILEGED)
|
2018-12-03 12:40:13 -05:00
|
|
|
|
|
|
|
|
#define SCAN_PARSE_ARCHIVE (ctx->options->parse & CL_SCAN_PARSE_ARCHIVE)
|
|
|
|
|
#define SCAN_PARSE_ELF (ctx->options->parse & CL_SCAN_PARSE_ELF)
|
|
|
|
|
#define SCAN_PARSE_PDF (ctx->options->parse & CL_SCAN_PARSE_PDF)
|
|
|
|
|
#define SCAN_PARSE_SWF (ctx->options->parse & CL_SCAN_PARSE_SWF)
|
|
|
|
|
#define SCAN_PARSE_HWP3 (ctx->options->parse & CL_SCAN_PARSE_HWP3)
|
|
|
|
|
#define SCAN_PARSE_XMLDOCS (ctx->options->parse & CL_SCAN_PARSE_XMLDOCS)
|
|
|
|
|
#define SCAN_PARSE_MAIL (ctx->options->parse & CL_SCAN_PARSE_MAIL)
|
|
|
|
|
#define SCAN_PARSE_OLE2 (ctx->options->parse & CL_SCAN_PARSE_OLE2)
|
|
|
|
|
#define SCAN_PARSE_HTML (ctx->options->parse & CL_SCAN_PARSE_HTML)
|
|
|
|
|
#define SCAN_PARSE_PE (ctx->options->parse & CL_SCAN_PARSE_PE)
|
|
|
|
|
|
|
|
|
|
#define SCAN_HEURISTIC_BROKEN (ctx->options->heuristic & CL_SCAN_HEURISTIC_BROKEN)
|
|
|
|
|
#define SCAN_HEURISTIC_EXCEEDS_MAX (ctx->options->heuristic & CL_SCAN_HEURISTIC_EXCEEDS_MAX)
|
|
|
|
|
#define SCAN_HEURISTIC_PHISHING_SSL_MISMATCH (ctx->options->heuristic & CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH)
|
|
|
|
|
#define SCAN_HEURISTIC_PHISHING_CLOAK (ctx->options->heuristic & CL_SCAN_HEURISTIC_PHISHING_CLOAK)
|
|
|
|
|
#define SCAN_HEURISTIC_MACROS (ctx->options->heuristic & CL_SCAN_HEURISTIC_MACROS)
|
|
|
|
|
#define SCAN_HEURISTIC_ENCRYPTED_ARCHIVE (ctx->options->heuristic & CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE)
|
|
|
|
|
#define SCAN_HEURISTIC_ENCRYPTED_DOC (ctx->options->heuristic & CL_SCAN_HEURISTIC_ENCRYPTED_DOC)
|
|
|
|
|
#define SCAN_HEURISTIC_PARTITION_INTXN (ctx->options->heuristic & CL_SCAN_HEURISTIC_PARTITION_INTXN)
|
|
|
|
|
#define SCAN_HEURISTIC_STRUCTURED (ctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED)
|
|
|
|
|
#define SCAN_HEURISTIC_STRUCTURED_SSN_NORMAL (ctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED_SSN_NORMAL)
|
|
|
|
|
#define SCAN_HEURISTIC_STRUCTURED_SSN_STRIPPED (ctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED_SSN_STRIPPED)
|
|
|
|
|
|
|
|
|
|
#define SCAN_MAIL_PARTIAL_MESSAGE (ctx->options->mail & CL_SCAN_MAIL_PARTIAL_MESSAGE)
|
|
|
|
|
|
|
|
|
|
#define SCAN_DEV_COLLECT_SHA (ctx->options->dev & CL_SCAN_DEV_COLLECT_SHA)
|
|
|
|
|
#define SCAN_DEV_COLLECT_PERF_INFO (ctx->options->dev & CL_SCAN_DEV_COLLECT_PERFORMANCE_INFO)
|
2006-02-15 00:41:40 +00:00
|
|
|
|
2007-12-21 23:47:52 +00:00
|
|
|
/* based on macros from A. Melnikoff */
|
|
|
|
|
#define cbswap16(v) (((v & 0xff) << 8) | (((v) >> 8) & 0xff))
|
2018-12-03 12:40:13 -05:00
|
|
|
#define cbswap32(v) ((((v)&0x000000ff) << 24) | (((v)&0x0000ff00) << 8) | \
|
|
|
|
|
(((v)&0x00ff0000) >> 8) | (((v)&0xff000000) >> 24))
|
|
|
|
|
#define cbswap64(v) ((((v)&0x00000000000000ffULL) << 56) | \
|
|
|
|
|
(((v)&0x000000000000ff00ULL) << 40) | \
|
|
|
|
|
(((v)&0x0000000000ff0000ULL) << 24) | \
|
|
|
|
|
(((v)&0x00000000ff000000ULL) << 8) | \
|
|
|
|
|
(((v)&0x000000ff00000000ULL) >> 8) | \
|
|
|
|
|
(((v)&0x0000ff0000000000ULL) >> 24) | \
|
|
|
|
|
(((v)&0x00ff000000000000ULL) >> 40) | \
|
|
|
|
|
(((v)&0xff00000000000000ULL) >> 56))
|
|
|
|
|
|
|
|
|
|
#ifndef HAVE_ATTRIB_PACKED
|
2010-01-29 12:17:07 +02:00
|
|
|
#define __attribute__(x)
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_PRAGMA_PACK
|
|
|
|
|
#pragma pack(1)
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_PRAGMA_PACK_HPPA
|
|
|
|
|
#pragma pack 1
|
|
|
|
|
#endif
|
2007-12-21 23:47:52 +00:00
|
|
|
|
2009-08-22 11:35:04 +03:00
|
|
|
union unaligned_64 {
|
2018-12-03 12:40:13 -05:00
|
|
|
uint64_t una_u64;
|
|
|
|
|
int64_t una_s64;
|
2009-08-22 11:35:04 +03:00
|
|
|
} __attribute__((packed));
|
|
|
|
|
|
|
|
|
|
union unaligned_32 {
|
2018-12-03 12:40:13 -05:00
|
|
|
uint32_t una_u32;
|
|
|
|
|
int32_t una_s32;
|
2009-08-22 11:35:04 +03:00
|
|
|
} __attribute__((packed));
|
|
|
|
|
|
|
|
|
|
union unaligned_16 {
|
2018-12-03 12:40:13 -05:00
|
|
|
uint16_t una_u16;
|
|
|
|
|
int16_t una_s16;
|
2009-08-22 11:35:04 +03:00
|
|
|
} __attribute__((packed));
|
2008-04-07 14:12:24 +00:00
|
|
|
|
2010-06-29 12:09:29 +03:00
|
|
|
struct unaligned_ptr {
|
|
|
|
|
void *ptr;
|
|
|
|
|
} __attribute__((packed));
|
|
|
|
|
|
2008-04-07 14:12:24 +00:00
|
|
|
#ifdef HAVE_PRAGMA_PACK
|
|
|
|
|
#pragma pack()
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_PRAGMA_PACK_HPPA
|
|
|
|
|
#pragma pack
|
|
|
|
|
#endif
|
2010-01-29 12:17:07 +02:00
|
|
|
|
|
|
|
|
#if WORDS_BIGENDIAN == 0
|
2018-12-03 12:40:13 -05:00
|
|
|
/* Little endian */
|
|
|
|
|
#define le16_to_host(v) (v)
|
|
|
|
|
#define le32_to_host(v) (v)
|
|
|
|
|
#define le64_to_host(v) (v)
|
|
|
|
|
#define be16_to_host(v) cbswap16(v)
|
|
|
|
|
#define be32_to_host(v) cbswap32(v)
|
|
|
|
|
#define be64_to_host(v) cbswap64(v)
|
|
|
|
|
#define cli_readint64(buff) (((const union unaligned_64 *)(buff))->una_s64)
|
|
|
|
|
#define cli_readint32(buff) (((const union unaligned_32 *)(buff))->una_s32)
|
|
|
|
|
#define cli_readint16(buff) (((const union unaligned_16 *)(buff))->una_s16)
|
|
|
|
|
#define cli_writeint32(offset, value) (((union unaligned_32 *)(offset))->una_u32 = (uint32_t)(value))
|
2006-04-07 23:31:41 +00:00
|
|
|
#else
|
2018-12-03 12:40:13 -05:00
|
|
|
/* Big endian */
|
|
|
|
|
#define le16_to_host(v) cbswap16(v)
|
|
|
|
|
#define le32_to_host(v) cbswap32(v)
|
|
|
|
|
#define le64_to_host(v) cbswap64(v)
|
|
|
|
|
#define be16_to_host(v) (v)
|
|
|
|
|
#define be32_to_host(v) (v)
|
|
|
|
|
#define be64_to_host(v) (v)
|
|
|
|
|
|
|
|
|
|
static inline int64_t cli_readint64(const void *buff)
|
|
|
|
|
{
|
|
|
|
|
int64_t ret;
|
|
|
|
|
ret = (int64_t)((const char *)buff)[0] & 0xff;
|
|
|
|
|
ret |= (int64_t)(((const char *)buff)[1] & 0xff) << 8;
|
|
|
|
|
ret |= (int64_t)(((const char *)buff)[2] & 0xff) << 16;
|
|
|
|
|
ret |= (int64_t)(((const char *)buff)[3] & 0xff) << 24;
|
|
|
|
|
|
|
|
|
|
ret |= (int64_t)(((const char *)buff)[4] & 0xff) << 32;
|
|
|
|
|
ret |= (int64_t)(((const char *)buff)[5] & 0xff) << 40;
|
|
|
|
|
ret |= (int64_t)(((const char *)buff)[6] & 0xff) << 48;
|
|
|
|
|
ret |= (int64_t)(((const char *)buff)[7] & 0xff) << 56;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline int32_t cli_readint32(const void *buff)
|
|
|
|
|
{
|
|
|
|
|
int32_t ret;
|
|
|
|
|
ret = (int32_t)((const char *)buff)[0] & 0xff;
|
|
|
|
|
ret |= (int32_t)(((const char *)buff)[1] & 0xff) << 8;
|
|
|
|
|
ret |= (int32_t)(((const char *)buff)[2] & 0xff) << 16;
|
|
|
|
|
ret |= (int32_t)(((const char *)buff)[3] & 0xff) << 24;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline int16_t cli_readint16(const void *buff)
|
|
|
|
|
{
|
|
|
|
|
int16_t ret;
|
|
|
|
|
ret = (int16_t)((const char *)buff)[0] & 0xff;
|
|
|
|
|
ret |= (int16_t)(((const char *)buff)[1] & 0xff) << 8;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline void cli_writeint32(void *offset, uint32_t value)
|
|
|
|
|
{
|
|
|
|
|
((char *)offset)[0] = value & 0xff;
|
|
|
|
|
((char *)offset)[1] = (value & 0xff00) >> 8;
|
|
|
|
|
((char *)offset)[2] = (value & 0xff0000) >> 16;
|
|
|
|
|
((char *)offset)[3] = (value & 0xff000000) >> 24;
|
|
|
|
|
}
|
2006-04-07 23:31:41 +00:00
|
|
|
#endif
|
|
|
|
|
|
2020-04-18 10:46:57 -04:00
|
|
|
/**
|
|
|
|
|
* @brief Append an alert.
|
|
|
|
|
*
|
|
|
|
|
* An FP-check will verify that the file is not whitelisted.
|
|
|
|
|
* The whitelist check does not happen before the scan because file whitelisting
|
|
|
|
|
* is so infrequent that such action would be detrimental to performance.
|
|
|
|
|
*
|
|
|
|
|
* TODO: Replace implementation with severity scale, and severity threshold
|
|
|
|
|
* wherein signatures that do not meet the threshold are documented in JSON
|
|
|
|
|
* metadata but do not halt the scan.
|
|
|
|
|
*
|
|
|
|
|
* @param ctx The scan context.
|
|
|
|
|
* @param virname The alert name.
|
|
|
|
|
* @return cl_error_t CL_VIRUS if scan should be halted due to an alert, CL_CLEAN if scan should continue.
|
|
|
|
|
*/
|
2019-02-27 00:47:38 -05:00
|
|
|
cl_error_t cli_append_virus(cli_ctx *ctx, const char *virname);
|
2020-04-18 10:46:57 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Append a PUA (low severity) alert.
|
|
|
|
|
*
|
|
|
|
|
* This function will return CLEAN unless in all-match or Heuristic-precedence
|
|
|
|
|
* modes. The intention is for the scan to continue in case something more
|
|
|
|
|
* malicious is found.
|
|
|
|
|
*
|
|
|
|
|
* TODO: Replace implementation with severity scale, and severity threshold
|
|
|
|
|
* wherein signatures that do not meet the threshold are documented in JSON
|
|
|
|
|
* metadata but do not halt the scan.
|
|
|
|
|
*
|
|
|
|
|
* BUG: In normal scan mode (see above), the alert is not FP-checked!
|
|
|
|
|
*
|
|
|
|
|
* @param ctx The scan context.
|
|
|
|
|
* @param virname The alert name.
|
|
|
|
|
* @return cl_error_t CL_VIRUS if scan should be halted due to an alert, CL_CLEAN if scan should continue.
|
|
|
|
|
*/
|
|
|
|
|
cl_error_t cli_append_possibly_unwanted(cli_ctx *ctx, const char *virname);
|
|
|
|
|
|
2012-10-18 14:12:58 -07:00
|
|
|
const char *cli_get_last_virus(const cli_ctx *ctx);
|
2012-10-25 12:36:05 -07:00
|
|
|
const char *cli_get_last_virus_str(const cli_ctx *ctx);
|
2017-04-18 12:03:36 -04:00
|
|
|
void cli_virus_found_cb(cli_ctx *ctx);
|
2012-10-18 14:12:58 -07:00
|
|
|
|
2017-01-19 12:24:46 -05:00
|
|
|
void cli_set_container(cli_ctx *ctx, cli_file_t type, size_t size);
|
2017-05-23 15:56:41 -04:00
|
|
|
cli_file_t cli_get_container(cli_ctx *ctx, int index);
|
2017-01-19 12:24:46 -05:00
|
|
|
size_t cli_get_container_size(cli_ctx *ctx, int index);
|
2017-05-23 15:56:41 -04:00
|
|
|
cli_file_t cli_get_container_intermediate(cli_ctx *ctx, int index);
|
2017-01-19 12:24:46 -05:00
|
|
|
|
2006-04-07 23:31:41 +00:00
|
|
|
/* used by: spin, yc (C) aCaB */
|
2018-12-03 12:40:13 -05:00
|
|
|
#define __SHIFTBITS(a) (sizeof(a) << 3)
|
|
|
|
|
#define __SHIFTMASK(a) (__SHIFTBITS(a) - 1)
|
|
|
|
|
#define CLI_ROL(a, b) a = (a << ((b)&__SHIFTMASK(a))) | (a >> ((__SHIFTBITS(a) - (b)) & __SHIFTMASK(a)))
|
|
|
|
|
#define CLI_ROR(a, b) a = (a >> ((b)&__SHIFTMASK(a))) | (a << ((__SHIFTBITS(a) - (b)) & __SHIFTMASK(a)))
|
2006-04-07 23:31:41 +00:00
|
|
|
|
2007-07-08 16:43:56 +00:00
|
|
|
/* Implementation independent sign-extended signed right shift */
|
|
|
|
|
#ifdef HAVE_SAR
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CLI_SRS(n, s) ((n) >> (s))
|
2007-07-08 16:43:56 +00:00
|
|
|
#else
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CLI_SRS(n, s) ((((n) >> (s)) ^ (1 << (sizeof(n) * 8 - 1 - s))) - (1 << (sizeof(n) * 8 - 1 - s)))
|
2007-07-08 16:43:56 +00:00
|
|
|
#endif
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CLI_SAR(n, s) n = CLI_SRS(n, s)
|
2007-07-08 16:43:56 +00:00
|
|
|
|
2007-02-10 13:44:16 +00:00
|
|
|
#ifdef __GNUC__
|
|
|
|
|
void cli_warnmsg(const char *str, ...) __attribute__((format(printf, 1, 2)));
|
|
|
|
|
#else
|
2003-07-29 15:48:06 +00:00
|
|
|
void cli_warnmsg(const char *str, ...);
|
2007-02-10 13:44:16 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef __GNUC__
|
|
|
|
|
void cli_errmsg(const char *str, ...) __attribute__((format(printf, 1, 2)));
|
|
|
|
|
#else
|
2003-07-29 15:48:06 +00:00
|
|
|
void cli_errmsg(const char *str, ...);
|
2007-02-10 13:44:16 +00:00
|
|
|
#endif
|
|
|
|
|
|
2010-10-18 10:32:18 +03:00
|
|
|
#ifdef __GNUC__
|
2018-12-03 12:40:13 -05:00
|
|
|
void cli_infomsg(const cli_ctx *ctx, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
|
2010-10-18 10:32:18 +03:00
|
|
|
#else
|
2018-12-03 12:40:13 -05:00
|
|
|
void cli_infomsg(const cli_ctx *ctx, const char *fmt, ...);
|
2010-10-18 10:32:18 +03:00
|
|
|
#endif
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
void cli_logg_setup(const cli_ctx *ctx);
|
2010-11-02 22:17:27 +02:00
|
|
|
void cli_logg_unsetup(void);
|
2010-10-18 10:32:18 +03:00
|
|
|
|
2008-02-15 20:45:51 +00:00
|
|
|
/* tell compiler about branches that are very rarely taken,
|
|
|
|
|
* such as debug paths, and error paths */
|
|
|
|
|
#if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 2)
|
|
|
|
|
#define UNLIKELY(cond) __builtin_expect(!!(cond), 0)
|
2009-12-08 23:02:49 +02:00
|
|
|
#define LIKELY(cond) __builtin_expect(!!(cond), 1)
|
2008-02-15 20:45:51 +00:00
|
|
|
#else
|
|
|
|
|
#define UNLIKELY(cond) (cond)
|
2009-12-08 23:02:49 +02:00
|
|
|
#define LIKELY(cond) (cond)
|
2008-02-15 20:45:51 +00:00
|
|
|
#endif
|
|
|
|
|
|
2009-07-13 19:34:03 +03:00
|
|
|
#ifdef __GNUC__
|
|
|
|
|
#define always_inline inline __attribute__((always_inline))
|
2010-03-21 19:47:25 +02:00
|
|
|
#define never_inline __attribute__((noinline))
|
2009-07-13 19:34:03 +03:00
|
|
|
#else
|
2010-03-22 17:31:38 +02:00
|
|
|
#define never_inline
|
2009-07-13 19:34:03 +03:00
|
|
|
#define always_inline inline
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
#if defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
|
2010-02-09 12:28:23 +02:00
|
|
|
#define __hot__ __attribute__((hot))
|
2010-02-09 12:01:31 +02:00
|
|
|
#else
|
2010-02-09 12:28:23 +02:00
|
|
|
#define __hot__
|
2010-02-09 12:01:31 +02:00
|
|
|
#endif
|
|
|
|
|
|
2008-02-16 15:05:27 +00:00
|
|
|
#define cli_dbgmsg (!UNLIKELY(cli_debug_flag)) ? (void)0 : cli_dbgmsg_internal
|
2008-02-15 20:45:51 +00:00
|
|
|
|
2007-02-10 13:44:16 +00:00
|
|
|
#ifdef __GNUC__
|
2008-02-15 20:45:51 +00:00
|
|
|
void cli_dbgmsg_internal(const char *str, ...) __attribute__((format(printf, 1, 2)));
|
2007-02-10 13:44:16 +00:00
|
|
|
#else
|
2008-02-15 20:45:51 +00:00
|
|
|
void cli_dbgmsg_internal(const char *str, ...);
|
2007-02-10 13:44:16 +00:00
|
|
|
#endif
|
|
|
|
|
|
2009-07-17 02:52:39 +02:00
|
|
|
#ifdef HAVE_CLI_GETPAGESIZE
|
|
|
|
|
#undef HAVE_CLI_GETPAGESIZE
|
|
|
|
|
#endif
|
|
|
|
|
|
2009-10-10 20:46:05 +02:00
|
|
|
#ifdef _WIN32
|
2018-12-03 12:40:13 -05:00
|
|
|
static inline int cli_getpagesize(void)
|
|
|
|
|
{
|
2009-10-10 19:10:15 +02:00
|
|
|
SYSTEM_INFO si;
|
|
|
|
|
GetSystemInfo(&si);
|
|
|
|
|
return si.dwPageSize;
|
|
|
|
|
}
|
2009-10-10 20:46:05 +02:00
|
|
|
#else /* ! _WIN32 */
|
2009-07-16 13:22:28 +02:00
|
|
|
#if HAVE_SYSCONF_SC_PAGESIZE
|
2018-12-03 12:40:13 -05:00
|
|
|
static inline int cli_getpagesize(void)
|
|
|
|
|
{
|
|
|
|
|
return sysconf(_SC_PAGESIZE);
|
|
|
|
|
}
|
2009-07-16 13:22:28 +02:00
|
|
|
#define HAVE_CLI_GETPAGESIZE 1
|
|
|
|
|
#else
|
|
|
|
|
#if HAVE_GETPAGESIZE
|
2018-12-03 12:40:13 -05:00
|
|
|
static inline int cli_getpagesize(void)
|
|
|
|
|
{
|
|
|
|
|
return getpagesize();
|
|
|
|
|
}
|
2009-07-16 13:22:28 +02:00
|
|
|
#define HAVE_CLI_GETPAGESIZE 1
|
2009-10-10 19:10:15 +02:00
|
|
|
#endif /* HAVE_GETPAGESIZE */
|
|
|
|
|
#endif /* HAVE_SYSCONF_SC_PAGESIZE */
|
2009-10-10 20:46:05 +02:00
|
|
|
#endif /* _WIN32 */
|
2009-07-16 13:22:28 +02:00
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
void *cli_malloc(size_t nmemb);
|
|
|
|
|
void *cli_calloc(size_t nmemb, size_t size);
|
2003-09-29 11:44:52 +00:00
|
|
|
void *cli_realloc(void *ptr, size_t size);
|
2007-05-25 20:16:30 +00:00
|
|
|
void *cli_realloc2(void *ptr, size_t size);
|
2006-11-01 18:16:57 +00:00
|
|
|
char *cli_strdup(const char *s);
|
2003-07-29 15:48:06 +00:00
|
|
|
int cli_rmdirs(const char *dirname);
|
2011-01-18 15:00:37 +01:00
|
|
|
char *cli_hashstream(FILE *fs, unsigned char *digcpy, int type);
|
|
|
|
|
char *cli_hashfile(const char *filename, int type);
|
2008-04-08 17:45:05 +00:00
|
|
|
int cli_unlink(const char *pathname);
|
2019-05-04 15:54:54 -04:00
|
|
|
size_t cli_readn(int fd, void *buff, size_t count);
|
|
|
|
|
size_t cli_writen(int fd, const void *buff, size_t count);
|
2009-09-24 16:21:51 +02:00
|
|
|
const char *cli_gettmpdir(void);
|
2018-07-30 20:19:28 -04:00
|
|
|
|
2019-03-02 13:05:17 -05:00
|
|
|
/**
|
|
|
|
|
* @brief Sanitize a relative path, so it cannot have a negative depth.
|
|
|
|
|
*
|
|
|
|
|
* Caller is responsible for freeing the filename.
|
|
|
|
|
*
|
|
|
|
|
* @return char* filename or NULL.
|
|
|
|
|
*/
|
|
|
|
|
char *cli_sanitize_filepath(const char *filepath, size_t filepath_len);
|
|
|
|
|
|
2018-07-30 20:19:28 -04:00
|
|
|
/**
|
|
|
|
|
* @brief Generate tempfile filename (no path) with a random MD5 hash.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* Caller is responsible for freeing the filename.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* @return char* filename or NULL.
|
|
|
|
|
*/
|
|
|
|
|
char *cli_genfname(const char *prefix);
|
|
|
|
|
|
2019-05-23 22:50:04 -04:00
|
|
|
/**
|
|
|
|
|
* @brief Generate a full tempfile filepath with a provided the name.
|
|
|
|
|
*
|
|
|
|
|
* Caller is responsible for freeing the filename.
|
|
|
|
|
* If the dir is not provided, the engine->tmpdir will be used.
|
|
|
|
|
*
|
|
|
|
|
* @param dir Alternative directory. (optional)
|
|
|
|
|
* @return char* filename or NULL.
|
|
|
|
|
*/
|
|
|
|
|
char *cli_newfilepath(const char *dir, const char *fname);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Generate a full tempfile filepath with a provided the name.
|
|
|
|
|
*
|
|
|
|
|
* Caller is responsible for freeing the filename.
|
|
|
|
|
* If the dir is not provided, the engine->tmpdir will be used.
|
|
|
|
|
*
|
|
|
|
|
* @param dir Alternative temp directory (optional).
|
|
|
|
|
* @param prefix (Optional) Base filename for new file.
|
|
|
|
|
* @param[out] name Allocated filepath, must be freed by caller.
|
|
|
|
|
* @param[out] fd File descriptor of open temp file.
|
|
|
|
|
*/
|
|
|
|
|
cl_error_t cli_newfilepathfd(const char *dir, char *fname, char **name, int *fd);
|
|
|
|
|
|
2018-07-30 20:19:28 -04:00
|
|
|
/**
|
|
|
|
|
* @brief Generate a full tempfile filepath with a random MD5 hash and prefix the name, if provided.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* Caller is responsible for freeing the filename.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* @param dir Alternative temp directory. (optional)
|
|
|
|
|
* @return char* filename or NULL.
|
|
|
|
|
*/
|
2018-12-03 12:40:13 -05:00
|
|
|
char *cli_gentemp_with_prefix(const char *dir, const char *prefix);
|
2018-07-30 20:19:28 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Generate a full tempfile filepath with a random MD5 hash.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* Caller is responsible for freeing the filename.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* @param dir Alternative temp directory. (optional)
|
|
|
|
|
* @return char* filename or NULL.
|
|
|
|
|
*/
|
2004-07-19 17:54:40 +00:00
|
|
|
char *cli_gentemp(const char *dir);
|
2018-07-30 20:19:28 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Create a temp filename, create the file, open it, and pass back the filepath and open file descriptor.
|
|
|
|
|
*
|
|
|
|
|
* @param dir Alternative temp directory (optional).
|
|
|
|
|
* @param[out] name Allocated filepath, must be freed by caller.
|
|
|
|
|
* @param[out] fd File descriptor of open temp file.
|
2019-03-02 13:05:17 -05:00
|
|
|
* @return cl_error_t CL_SUCCESS, CL_ECREAT, or CL_EMEM.
|
2018-07-30 20:19:28 -04:00
|
|
|
*/
|
|
|
|
|
cl_error_t cli_gentempfd(const char *dir, char **name, int *fd);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Create a temp filename, create the file, open it, and pass back the filepath and open file descriptor.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* @param dir Alternative temp directory (optional).
|
|
|
|
|
* @param prefix (Optional) Prefix for new file tempfile.
|
|
|
|
|
* @param[out] name Allocated filepath, must be freed by caller.
|
|
|
|
|
* @param[out] fd File descriptor of open temp file.
|
2019-03-02 13:05:17 -05:00
|
|
|
* @return cl_error_t CL_SUCCESS, CL_ECREAT, or CL_EMEM.
|
2018-07-30 20:19:28 -04:00
|
|
|
*/
|
2018-12-03 12:40:13 -05:00
|
|
|
cl_error_t cli_gentempfd_with_prefix(const char *dir, char *prefix, char **name, int *fd);
|
2018-07-30 20:19:28 -04:00
|
|
|
|
2004-07-19 17:54:40 +00:00
|
|
|
unsigned int cli_rndnum(unsigned int max);
|
2004-12-20 02:04:58 +00:00
|
|
|
int cli_filecopy(const char *src, const char *dest);
|
2005-12-10 18:50:26 +00:00
|
|
|
bitset_t *cli_bitset_init(void);
|
2005-10-18 10:32:06 +00:00
|
|
|
void cli_bitset_free(bitset_t *bs);
|
|
|
|
|
int cli_bitset_set(bitset_t *bs, unsigned long bit_offset);
|
|
|
|
|
int cli_bitset_test(bitset_t *bs, unsigned long bit_offset);
|
2018-12-03 12:40:13 -05:00
|
|
|
const char *cli_ctime(const time_t *timep, char *buf, const size_t bufsize);
|
2016-08-24 17:39:20 -04:00
|
|
|
void cli_check_blockmax(cli_ctx *, int);
|
2019-08-16 17:18:59 -07:00
|
|
|
cl_error_t cli_checklimits(const char *, cli_ctx *, unsigned long, unsigned long, unsigned long);
|
|
|
|
|
cl_error_t cli_updatelimits(cli_ctx *, unsigned long);
|
2008-02-06 21:19:10 +00:00
|
|
|
unsigned long cli_getsizelimit(cli_ctx *, unsigned long);
|
2008-07-18 17:57:27 +00:00
|
|
|
int cli_matchregex(const char *str, const char *regex);
|
2009-11-16 19:27:35 +01:00
|
|
|
void cli_qsort(void *a, size_t n, size_t es, int (*cmp)(const void *, const void *));
|
2018-12-03 12:40:13 -05:00
|
|
|
void cli_qsort_r(void *a, size_t n, size_t es, int (*cmp)(const void *, const void *, const void *), void *arg);
|
2019-08-16 17:18:59 -07:00
|
|
|
cl_error_t cli_checktimelimit(cli_ctx *ctx);
|
2009-02-12 16:40:35 +00:00
|
|
|
|
|
|
|
|
/* symlink behaviour */
|
|
|
|
|
#define CLI_FTW_FOLLOW_FILE_SYMLINK 0x01
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CLI_FTW_FOLLOW_DIR_SYMLINK 0x02
|
2009-02-12 16:40:35 +00:00
|
|
|
|
|
|
|
|
/* if the callback needs the stat */
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CLI_FTW_NEED_STAT 0x04
|
2009-02-12 16:40:35 +00:00
|
|
|
|
2009-02-24 13:21:27 +00:00
|
|
|
/* remove leading/trailing slashes */
|
2018-12-03 12:40:13 -05:00
|
|
|
#define CLI_FTW_TRIM_SLASHES 0x08
|
2009-02-24 13:21:27 +00:00
|
|
|
#define CLI_FTW_STD (CLI_FTW_NEED_STAT | CLI_FTW_TRIM_SLASHES)
|
2009-02-12 16:40:35 +00:00
|
|
|
|
|
|
|
|
enum cli_ftw_reason {
|
|
|
|
|
visit_file,
|
|
|
|
|
visit_directory_toplev, /* this is a directory at toplevel of recursion */
|
2018-12-03 12:40:13 -05:00
|
|
|
error_mem, /* recommended to return CL_EMEM */
|
2009-02-12 16:40:35 +00:00
|
|
|
/* recommended to return CL_SUCCESS below */
|
|
|
|
|
error_stat,
|
|
|
|
|
warning_skipped_link,
|
|
|
|
|
warning_skipped_special,
|
|
|
|
|
warning_skipped_dir
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* wrap void*, so that we don't mix it with some other pointer */
|
|
|
|
|
struct cli_ftw_cbdata {
|
|
|
|
|
void *data;
|
|
|
|
|
};
|
|
|
|
|
|
2019-03-02 13:05:17 -05:00
|
|
|
/*
|
2009-02-12 16:40:35 +00:00
|
|
|
* return CL_BREAK to break out without an error, CL_SUCCESS to continue,
|
|
|
|
|
* or any CL_E* to break out due to error.
|
|
|
|
|
* The callback is responsible for freeing filename when it is done using it.
|
2019-03-02 13:05:17 -05:00
|
|
|
* Note that callback decides if directory traversal should continue
|
2009-02-12 16:40:35 +00:00
|
|
|
* after an error, we call the callback with reason == error,
|
|
|
|
|
* and if it returns CL_BREAK we break.
|
|
|
|
|
*/
|
2012-07-16 15:36:49 -04:00
|
|
|
typedef int (*cli_ftw_cb)(STATBUF *stat_buf, char *filename, const char *path, enum cli_ftw_reason reason, struct cli_ftw_cbdata *data);
|
2009-02-12 16:40:35 +00:00
|
|
|
|
2009-07-31 21:28:55 +02:00
|
|
|
/*
|
|
|
|
|
* returns 1 if the path should be skipped and 0 otherwise
|
|
|
|
|
* uses callback data
|
|
|
|
|
*/
|
|
|
|
|
typedef int (*cli_ftw_pathchk)(const char *path, struct cli_ftw_cbdata *data);
|
|
|
|
|
|
2009-02-12 16:40:35 +00:00
|
|
|
/*
|
2019-03-02 13:05:17 -05:00
|
|
|
* returns
|
2009-02-12 16:40:35 +00:00
|
|
|
* CL_SUCCESS if it traversed all files and subdirs
|
|
|
|
|
* CL_BREAK if traversal has stopped at some point
|
|
|
|
|
* CL_E* if error encountered during traversal and we had to break out
|
|
|
|
|
* This is regardless of virus found/not, that is the callback's job to store.
|
|
|
|
|
* Note that the callback may dispatch async the scan, so that when cli_ftw
|
|
|
|
|
* returns we don't know the infected/notinfected status of the directory yet!
|
|
|
|
|
* Due to this if the callback scans synchronously it should store the infected
|
|
|
|
|
* status in its cbdata.
|
|
|
|
|
* This works for both files and directories. It stats the path to determine
|
|
|
|
|
* which one it is.
|
|
|
|
|
* If it is a file, it simply calls the callback once, otherwise recurses.
|
|
|
|
|
*/
|
2009-07-31 21:28:55 +02:00
|
|
|
int cli_ftw(char *base, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk);
|
2009-02-12 16:40:35 +00:00
|
|
|
|
2018-12-03 12:40:13 -05:00
|
|
|
const char *cli_strerror(int errnum, char *buf, size_t len);
|
2018-07-30 20:19:28 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Attempt to get a filename from an open file descriptor.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* Caller is responsible for free'ing the filename.
|
|
|
|
|
* Should work on Linux, macOS, Windows.
|
2019-03-02 13:05:17 -05:00
|
|
|
*
|
2018-07-30 20:19:28 -04:00
|
|
|
* @param desc File descriptor
|
|
|
|
|
* @param[out] filepath Will be set to file path if found, or NULL.
|
|
|
|
|
* @return cl_error_t CL_SUCCESS if found, else an error code.
|
|
|
|
|
*/
|
2018-12-03 12:40:13 -05:00
|
|
|
cl_error_t cli_get_filepath_from_filedesc(int desc, char **filepath);
|
2018-07-30 20:19:28 -04:00
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
#endif
|
