engine: added max-iconspe(MaxIconsPE) option and docs

2025-10-19 10:23:17 +00:00 · 2014-03-06 18:19:11 -05:00 · 2014-03-06 18:19:11 -05:00 · 067bce5fbc
commit 067bce5fbc
parent b22b423066
12 changed files with 75 additions and 13 deletions
--- a/clamd/server-th.c
+++ b/clamd/server-th.c
@ -867,6 +867,16 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi
    val = cl_engine_get_num(engine, CL_ENGINE_MAX_PARTITIONS, NULL);
    logg("Limits: MaxPartitions limit set to %llu.\n", val);

+    if((opt = optget(opts, "MaxIconsPE"))->active) {
+        if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {
+            logg("!cli_engine_set_num(MaxIconsPE) failed: %s\n", cl_strerror(ret));
+            cl_engine_free(engine);
+            return 1;
+        }
+    }
+    val = cl_engine_get_num(engine, CL_ENGINE_MAX_ICONSPE, NULL);
+    logg("Limits: MaxIconsPE limit set to %llu.\n", val);
+
    if(optget(opts, "ScanArchive")->enabled) {
 	logg("Archive support enabled.\n");
 	options |= CL_SCAN_ARCHIVE;
--- a/clamscan/clamscan.c
+++ b/clamscan/clamscan.c
@ -278,6 +278,7 @@ void help(void)
    mprintf("    --max-scriptnormalize=#n             Maximum size of script file to normalize\n");
    mprintf("    --max-ziptypercg=#n                  Maximum size zip to type reanalyze\n");
    mprintf("    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned\n");
+    mprintf("    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned\n");
    mprintf("\n");
    mprintf("(*) Default scan settings\n");
    mprintf("(**) Certain files (e.g. documents, archives, etc.) may in turn contain other\n");
--- a/clamscan/manager.c
+++ b/clamscan/manager.c
@ -839,6 +839,14 @@ int scanmanager(const struct optstruct *opts)
 	}
    }

+    if((opt = optget(opts, "max-iconspe"))->active) {
+	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {
+	    logg("!cli_engine_set_num(CL_ENGINE_MAX_ICONSPE) failed: %s\n", cl_strerror(ret));
+	    cl_engine_free(engine);
+	    return 2;
+	}
+    }
+
    /* set scan options */
    if(optget(opts, "allmatch")->enabled)
 	options |= CL_SCAN_ALLMATCHES;
--- a/docs/man/clamd.conf.5.in
+++ b/docs/man/clamd.conf.5.in
@ -586,6 +586,17 @@ Negative values are not allowed.
 WARNING: setting this limit too high may result in severe damage or impact performance.
 .br
 Default: 50
+.TP 
+\fBMaxIconsPE SIZE\fR
+This option sets the maximum number of icons within a PE to be scanned.
+.br
+PE files with more icons than this value will have up to the value number icons scanned.
+.br
+Negative values are not allowed.
+.br
+WARNING: setting this limit too high may result in severe damage or impact performance.
+.br
+Default: 100
 .TP
 \fBClamukoScanOnAccess (OBSOLETE)\fR
 \fBWARNING:\fR This option is no longer accepted. See \fBScanOnAccess\fR.
--- a/docs/man/clamscan.1.in
+++ b/docs/man/clamscan.1.in
@ -205,11 +205,14 @@ Maximum size of normalized HTML file to scan. You may pass the value in kilobyte
 \fB\-\-max\-scriptnormalize=#n\fR
 Maximum size of script file to normalize. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number (default: 5 MB, max: <4 GB).
 .TP
-\fB\-\-max-ziptypercg=#n\fR
+\fB\-\-max\-ziptypercg=#n\fR
 Maximum size zip to type reanalyze. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number (default: 1 MB, max: <4 GB).
 .TP
-\fB\-\-max-partitions=#n\fR
+\fB\-\-max\-partitions=#n\fR
 This option sets the maximum number of partitions of a raw disk image to be scanned. This must be a positive integer (default: 50).
+.TP
+\fB\-\-max\-iconspe=#n\fR
+This option sets the maximum number of icons within a PE to be scanned. This must be a positive integer (default: 100).
 .SH "EXAMPLES"
 .LP 
 .TP 
--- a/etc/clamd.conf.sample
+++ b/etc/clamd.conf.sample
@ -514,6 +514,13 @@ Example
 # Default: 50
 #MaxPartitions 128

+# This option sets the maximum number of icons within a PE to be scanned.
+# PE files with more icons than this value will have up to the value number icons scanned.
+# Negative values are not allowed.
+# WARNING: setting this limit too high may result in severe damage or impact performance.
+# Default: 100
+#MaxIconsPE 200
+
 ##
 ## On-access Scan Settings
 ##
--- a/libclamav/clamav.h
+++ b/libclamav/clamav.h
@ -207,7 +207,8 @@ enum cl_engine_field {
    CL_ENGINE_DISABLE_CACHE,        /* uint32_t */
    CL_ENGINE_DISABLE_PE_STATS,     /* uint32_t */
    CL_ENGINE_STATS_TIMEOUT,        /* uint32_t */
-    CL_ENGINE_MAX_PARTITIONS        /* uint32_t */
+    CL_ENGINE_MAX_PARTITIONS,       /* uint32_t */
+    CL_ENGINE_MAX_ICONSPE           /* uint32_t */
 };

 enum bytecode_security {
--- a/libclamav/default.h
+++ b/libclamav/default.h
@ -42,5 +42,8 @@
 #define CLI_DEFAULT_MAXHTMLNOTAGS       2097152
 #define CLI_DEFAULT_MAXSCRIPTNORMALIZE  5242880
 #define CLI_DEFAULT_MAXZIPTYPERCG       1048576
+#define CLI_DEFAULT_MAXICONSPE          100
+
+#define CLI_DEFAULT_MAXPARTITIONS       50

 #endif
--- a/libclamav/others.c
+++ b/libclamav/others.c
@ -417,8 +417,11 @@ struct cl_engine *cl_engine_new(void)
    new->cb_stats_get_size = clamav_stats_get_size;
    new->cb_stats_get_hostid = clamav_stats_get_hostid;

-    /* Setup raw dmg max settings */
-    new->maxpartitions = 50;
+    /* Setup raw disk image max settings */
+    new->maxpartitions = CLI_DEFAULT_MAXPARTITIONS;
+
+    /* Engine max settings */
+    new->maxiconspe = CLI_DEFAULT_MAXICONSPE;

    cli_dbgmsg("Initialized %s engine\n", cl_retver());
    return new;
@ -562,6 +565,9 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long
 	case CL_ENGINE_MAX_PARTITIONS:
 	    engine->maxpartitions = (uint32_t)num;
 	    break;
+	case CL_ENGINE_MAX_ICONSPE:
+	   engine->maxiconspe = (uint32_t)num;
+	   break;
 	default:
 	    cli_errmsg("cl_engine_set_num: Incorrect field number\n");
 	    return CL_EARG;
@ -633,6 +639,8 @@ long long cl_engine_get_num(const struct cl_engine *engine, enum cl_engine_field
 	    return ((cli_intel_t *)(engine->stats_data))->timeout;
 	case CL_ENGINE_MAX_PARTITIONS:
 	    return engine->maxpartitions;
+	case CL_ENGINE_MAX_ICONSPE:
+	    return engine->maxiconspe;
 	default:
 	    cli_errmsg("cl_engine_get: Incorrect field number\n");
 	    if(err)
@ -741,6 +749,8 @@ struct cl_settings *cl_engine_settings_copy(const struct cl_engine *engine)

    settings->maxpartitions = engine->maxpartitions;

+    settings->maxiconspe = engine->maxiconspe;
+
    return settings;
 }

@ -813,6 +823,8 @@ int cl_engine_settings_apply(struct cl_engine *engine, const struct cl_settings

    engine->maxpartitions = settings->maxpartitions;

+    engine->maxiconspe = settings->maxiconspe;
+
    return CL_SUCCESS;
 }

--- a/libclamav/others.h
+++ b/libclamav/others.h
@ -329,8 +329,11 @@ struct cl_engine {
    clcb_stats_get_size cb_stats_get_size;
    clcb_stats_get_hostid cb_stats_get_hostid;

-    /* Raw dmg max settings */
+    /* Raw disk image max settings */
    uint32_t maxpartitions;
+
+    /* Engine max settings */
+    uint32_t maxiconspe; /* max number of icons to scan for PE */
 };

 struct cl_settings {
@ -383,8 +386,11 @@ struct cl_settings {
    clcb_stats_get_size cb_stats_get_size;
    clcb_stats_get_hostid cb_stats_get_hostid;

-    /* Raw dmg max settings */
-    uint32_t maxpartitions;
+    /* Raw disk image max settings */
+    uint32_t maxpartitions; /* max number of partitions to scan in a disk image */
+
+    /* Engine max settings */
+    uint32_t maxiconspe; /* max number of icons to scan for PE */
 };

 extern int (*cli_unrar_open)(int fd, const char *dirname, unrar_state_t *state);
--- a/libclamav/pe_icons.c
+++ b/libclamav/pe_icons.c
@ -32,8 +32,6 @@
 #include "pe_icons.h"
 #include "others.h"

-#define PE_MAXICONS 1000
-
 #define READ32(x) cli_readint32(&(x))
 #define READ16(x) cli_readint16(&(x))
 #define USE_FLOATS
@ -115,7 +113,7 @@ int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct c
    icon_env.nsections = nsections;
    icon_env.hdr_size = hdr_size;

-    icon_env.max_icons = PE_MAXICONS;
+    icon_env.max_icons = ctx->engine->maxiconspe;

    /* icon group scan callback --> groupicon_scan_cb() */
    findres(14, 0xffffffff, resdir_rva, map, exe_sections, nsections, hdr_size, groupicon_scan_cb, &icon_env);
@ -124,7 +122,7 @@ int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct c
    if (icon_env.result == CL_EMAXSIZE) {
 	cli_dbgmsg("cli_scanicon: max icon count reached\n");
    }
-    cli_dbgmsg("cli_scanicon: scanned a total of %u icons across %u icon groups\n", icon_env.icnt, icon_env.gcnt);
+    cli_dbgmsg("cli_scanicon: scanned a total of %u[%u actual] icons across %u groups\n", icon_env.icnt, icon_env.hcnt, icon_env.gcnt);

    /* ignore all error returns (previous behavior) */
    if (icon_env.result == CL_VIRUS) {
--- a/shared/optparser.c
+++ b/shared/optparser.c
@ -375,7 +375,9 @@ const struct clam_option __clam_options[] = {

    { "MaxZipTypeRcg", "max-ziptypercg", 0, TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXZIPTYPERCG, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a ZIP file to reanalyze type recognition.\nZIP files larger than this value will skip the step to potentially reanalyze as PE.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "1M" },

-    { "MaxPartitions", "max-partitions", 0, TYPE_NUMBER, MATCH_NUMBER, 50, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of partitions of a raw disk image to be scanned.\nRaw disk images with more partitions than this value will have up to the value number partitions scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "128" },
+    { "MaxPartitions", "max-partitions", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXPARTITIONS, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of partitions of a raw disk image to be scanned.\nRaw disk images with more partitions than this value will have up to the value number partitions scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "128" },
+
+    { "MaxIconsPE", "max-iconspe", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXICONSPE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of icons within a PE to be scanned.\nPE files with more icons than this value will have up to the value number icons scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "100" },

    /* OnAccess settings */
    { "ScanOnAccess", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables on-access scanning (Linux only)", "no" },