Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Scan_all: make sure flag reaches ac_scanbuff and cleaner clamd support

Browse source
This commit is contained in:
David Raynor 2013-06-13 15:01:39 -04:00
parent 73fd57a40c
commit aec1e3be24
3 changed files with 41 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

8
clamd/scanner.c
View file

@ -238,14 +238,14 @@ int scan_callback(STATBUF *sb, char *filename, const char *msg, enum cli_ftw_rea
if (thrmgr_group_need_terminate(scandata->conn->group)) {
free(filename);
if (ret == CL_VIRUS && scandata->options & CL_SCAN_ALLMATCHES)
if (scandata->options & CL_SCAN_ALLMATCHES)
free((void *)virpp);
logg("*Client disconnected while scanjob was active\n");
return ret == CL_ETIMEOUT ? ret : CL_BREAK;
}
if ((ret == CL_VIRUS) && (virname == NULL)) {
logg("*%s: reported infected but no virname returned!\n", filename);
logg("*%s: reported CL_VIRUS but no virname returned!\n", filename);
ret = CL_EMEM;
}
@ -281,6 +281,8 @@ int scan_callback(STATBUF *sb, char *filename, const char *msg, enum cli_ftw_rea
} else if (ret != CL_CLEAN) {
scandata->errors++;
if (conn_reply(scandata->conn, filename, cl_strerror(ret), "ERROR") == -1) {
if (scandata->options & CL_SCAN_ALLMATCHES)
free((void *)virpp);
free(filename);
return CL_ETIMEOUT;
}
@ -290,7 +292,7 @@ int scan_callback(STATBUF *sb, char *filename, const char *msg, enum cli_ftw_rea
}
free(filename);
if (ret == CL_VIRUS && scandata->options & CL_SCAN_ALLMATCHES)
if (scandata->options & CL_SCAN_ALLMATCHES)
free((void *)virpp);
if(ret == CL_EMEM) /* stop scanning */
return ret;

30
libclamav/matcher-ac.c
View file

@ -1050,6 +1050,7 @@ void cli_ac_freedata(struct cli_ac_data *data)
}
}
free(data->offmatrix);
data->offmatrix = NULL;
data->partsigs = 0;
}
@ -1069,6 +1070,7 @@ void cli_ac_freedata(struct cli_ac_data *data)
}
}
/* returns only CL_SUCCESS or CL_EMEM */
inline static int ac_addtype(struct cli_matched_type **list, cli_file_t type, off_t offset, const cli_ctx *ctx)
{
struct cli_matched_type *tnode, *tnode_last;
@ -1168,8 +1170,8 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
struct cli_ac_patt *patt, *pt;
uint32_t i, bp, realoff, matchend;
uint16_t j;
uint8_t found, viruses_found = 0;
int32_t **offmatrix, swp;
uint8_t found;
int type = CL_CLEAN;
struct cli_ac_result *newres;
@ -1253,6 +1255,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
}
if(pt->sigid) { /* it's a partial signature */
/* if 2nd or later part, confirm some prior part has matched */
if(pt->partno != 1 && (!mdata->offmatrix[pt->sigid - 1] || !mdata->offmatrix[pt->sigid - 1][pt->partno - 2][0])) {
pt = pt->next_same;
continue;
@ -1261,6 +1264,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
if(pt->partno + 1 > mdata->min_partno)
mdata->min_partno = pt->partno + 1;
/* sparsely populated matrix, so allocate and initialize if NULL */
if(!mdata->offmatrix[pt->sigid - 1]) {
mdata->offmatrix[pt->sigid - 1] = cli_malloc(pt->parts * sizeof(int32_t *));
if(!mdata->offmatrix[pt->sigid - 1]) {
@ -1315,7 +1319,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
if(pt->partno == 1 || (found && (pt->partno != pt->parts))) {
if(offmatrix[pt->partno - 1][0] == CLI_DEFAULT_AC_TRACKLEN + 1)
offmatrix[pt->partno - 1][0] = 1;
offmatrix[pt->partno - 1][0] = 1; /* wrap, ends up at 2 */
offmatrix[pt->partno - 1][0]++;
offmatrix[pt->partno - 1][offmatrix[pt->partno - 1][0]] = offset + matchend;
@ -1366,12 +1370,12 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
pt = pt->next_same;
continue;
} else {
if(virname) {
if (ctx && SCAN_ALL && virname == ctx->virname)
cli_append_virus(ctx, (const char *)pt->virname);
else
*virname = pt->virname;
if(ctx && SCAN_ALL) {
cli_append_virus(ctx, (const char *)pt->virname);
viruses_found = 1;
}
if (virname)
*virname = pt->virname;
if(customdata)
*customdata = pt->customdata;
if (!ctx || !SCAN_ALL)
@ -1419,12 +1423,12 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
pt = pt->next_same;
continue;
} else {
if(virname) {
if (ctx && SCAN_ALL && virname == ctx->virname)
cli_append_virus(ctx, pt->virname);
else
*virname = pt->virname;
if(ctx && SCAN_ALL) {
cli_append_virus(ctx, (const char *)pt->virname);
viruses_found = 1;
}
if (virname)
*virname = pt->virname;
if(customdata)
*customdata = pt->customdata;
if (!ctx || !SCAN_ALL)
@ -1442,6 +1446,8 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
}
}
if (viruses_found)
return CL_VIRUS;
return (mode & AC_SCAN_FT) ? type : CL_CLEAN;
}

26
libclamav/matcher.c
View file

@ -146,9 +146,9 @@ static inline int matcher_run(const struct cli_matcher *root,
}
}
PERF_LOG_TRIES(acmode, 0, length);
ret = cli_ac_scanbuff(buffer, length, virname, NULL, acres, root, mdata, offset, ftype, ftoffset, acmode, NULL);
ret = cli_ac_scanbuff(buffer, length, virname, NULL, acres, root, mdata, offset, ftype, ftoffset, acmode, ctx);
if (ctx && ret == CL_VIRUS)
if (ctx && !SCAN_ALL && ret == CL_VIRUS)
cli_append_virus(ctx, *virname);
if (ctx && SCAN_ALL && viruses_found)
return CL_VIRUS;
@ -159,7 +159,7 @@ static inline int matcher_run(const struct cli_matcher *root,
int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata)
{
int ret = CL_CLEAN;
unsigned int i;
unsigned int i, viruses_found = 0;
struct cli_ac_data mdata;
struct cli_matcher *groot, *troot = NULL;
const char *virname = NULL;
@ -191,8 +191,14 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,
if(!acdata)
cli_ac_freedata(&mdata);
if(ret == CL_VIRUS || ret == CL_EMEM)
if(ret == CL_EMEM)
return ret;
if(ret == CL_VIRUS) {
viruses_found = 1;
if(ctx && !SCAN_ALL) {
return ret;
}
}
}
virname = NULL;
@ -205,6 +211,8 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,
if(!acdata)
cli_ac_freedata(&mdata);
if(viruses_found)
return CL_VIRUS;
return ret;
}
@ -814,7 +822,8 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
ret = matcher_run(troot, buff, bytes, &virname, &tdata, offset, &info, ftype, ftoffset, acmode, acres, map, bm_offmode ? &toff : NULL, &viroffset, ctx);
if (virname) {
viruses_found++;
/* virname already appended by matcher_run */
viruses_found = 1;
}
if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) {
if(!ftonly)
@ -835,7 +844,8 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
ret = matcher_run(groot, buff, bytes, &virname, &gdata, offset, &info, ftype, ftoffset, acmode, acres, map, NULL, &viroffset, ctx);
if (virname) {
viruses_found++;
/* virname already appended by matcher_run */
viruses_found = 1;
}
if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) {
cli_ac_freedata(&gdata);
@ -924,7 +934,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
/* If matched size-based hash ... */
if (found % 2) {
viruses_found++;
viruses_found = 1;
cli_append_virus(ctx, virname);
if (!SCAN_ALL)
break;
@ -932,7 +942,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
}
/* If matched size-agnostic hash ... */
if (found > 1) {
viruses_found++;
viruses_found = 1;
cli_append_virus(ctx, virname_w);
if (!SCAN_ALL)
break;