Docs: Warn against running untrusted bytecode

Add notices to man pages and help strings cautioning against running
bytecode signatures from untrusted sources.

Also adds missing BytecodeUnsigned option to clamd.conf.sample files.

clambc/bcrun.c

@@ -67,6 +67,8 @@ static void help(void)
     printf("    --statistics=bytecode             Collect and print bytecode execution statistics\n");
     printf("    file                              File to test\n");
     printf("\n");
+    printf("**Caution**: You should NEVER run bytecode signatures from untrusted sources.\nDoing so may result in arbitrary code execution.\n");
+    printf("\n");
     return;
 }
 

clamscan/clamscan.c

@@ -263,6 +263,8 @@ void help(void)
     mprintf("\n");
     mprintf("    --bytecode[=yes(*)/no]               Load bytecode from the database\n");
     mprintf("    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode\n");
+    mprintf("                                         **Caution**: You should NEVER run bytecode signatures from untrusted sources.\n");
+    mprintf("                                         Doing so may result in arbitrary code execution.\n");
     mprintf("    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)\n");
     mprintf("    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics\n");
     mprintf("    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications\n");

docs/man/clambc.1.in

@@ -5,45 +5,51 @@ clambc \- Bytecode Analysis and Testing Tool
 .PP
 clambc <file> [function] [param1 ...]
 .SH DESCRIPTION
+Bytecode signatures are a platform independent executable plugin format that
+extend ClamAV's malware detection capabilities. This tool is provided for
+signature authors and ClamAV developers to test bytecode signatures and bytecode
+runtime performance. **Caution**: You should NEVER run bytecode signatures from
+untrusted sources. Doing so may result in arbitrary code execution.
+.SH "OPTIONS"
 .TP
 \fB\-\-help\fR                 \fB\-h\fR
-Show help
+Show help.
 .TP
 \fB\-\-version\fR              \fB\-V\fR
 Show version
 .TP
 \fB\-\-debug\fR
-Show debug
+Show debug.
 .TP
 \fB\-\-force\-interpreter\fR   \fB\-f\fR
-Force using the interpreter instead of the JIT
+Force using the interpreter instead of the JIT.
 .TP
 \fB\-\-trust\-bytecode\fR      \fB\-t\fR
-Trust loaded bytecode (default yes)
+Trust loaded bytecode (default yes).
 .TP
 \fB\-\-info\fR                 \fB\-i\fR
-Print information about bytecode
+Print information about bytecode.
 .TP
 \fB\-\-printsrc\fR             \fB\-p\fR
-Print bytecode source
+Print bytecode source.
 .TP
 \fB\-\-printbcir\fR            \fB\-c\fR
-Print IR of bytecode signature
+Print IR of bytecode signature.
 .TP
 \fB\-\-input\fR                \fB\-r\fR
-Input file to run the bytecode on
+Input file to run the bytecode on.
 .TP
 \fB\-\-trace\fR <level>        \fB\-T\fR
-Set bytecode trace level 0..7 (default 7)
+Set bytecode trace level 0..7 (default 7).
 .TP
 \fB\-\-no\-trace\-showsource\fR
-Don't show source line during tracing
+Don't show source line during tracing.
 .TP
 \fB\-\-statistics=bytecode\fR
-Collect and print bytecode execution statistics
+Collect and print bytecode execution statistics.
 .TP
 file
-file to test
+File to test.
 .SH "CREDITS"
 Please check the full documentation for credits.
 .SH "AUTHOR"

docs/man/clamd.conf.5.in

@@ -307,6 +307,8 @@ Default: 5000
 .TP
 \fBBytecodeUnsigned BOOL\fR
 Allow loading bytecode from outside digitally signed .c[lv]d files.
+**Caution**: You should NEVER run bytecode signatures from untrusted sources.
+Doing so may result in arbitrary code execution.
 .br
 Default: no
 .TP

docs/man/clamscan.1.in

@@ -100,7 +100,7 @@ Only scan file/directory matching regular expression. These options can be used
 With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses.
 .TP
 \fB\-\-bytecode\-unsigned[=yes/no(*)]\fR
-Allow loading bytecode from outside digitally signed .c[lv]d files.
+Allow loading bytecode from outside digitally signed .c[lv]d files. **Caution**: You should NEVER run bytecode signatures from untrusted sources. Doing so may result in arbitrary code execution.
 .TP
 \fB\-\-bytecode\-timeout=N\fR
 Set bytecode timeout in milliseconds (default: 5000 = 5s)

etc/clamd.conf.sample

@@ -769,6 +769,12 @@ Example
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
 
+# Allow loading bytecode from outside digitally signed .c[lv]d files.
+# **Caution**: You should NEVER run bytecode signatures from untrusted sources.
+# Doing so may result in arbitrary code execution.
+# Default: no
+#BytecodeUnsigned yes
+
 # Set bytecode timeout in milliseconds.
 #
 # Default: 5000

libclamav/clamav.h

@@ -140,7 +140,7 @@ typedef enum cl_error_t {
 #define CL_DB_OFFICIAL_ONLY     0x1000
 #define CL_DB_BYTECODE          0x2000
 #define CL_DB_SIGNED            0x4000  /* internal */
-#define CL_DB_BYTECODE_UNSIGNED 0x8000
+#define CL_DB_BYTECODE_UNSIGNED 0x8000  /* Caution: You should never run bytecode signatures from untrusted sources. Doing so may result in arbitrary code execution. */
 #define CL_DB_UNSIGNED          0x10000 /* internal */
 #define CL_DB_BYTECODE_STATS    0x20000
 #define CL_DB_ENHANCED          0x40000

win32/conf_examples/clamd.conf.sample

@@ -637,6 +637,12 @@ TCPAddr 127.0.0.1
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
 
+# Allow loading bytecode from outside digitally signed .c[lv]d files.
+# **Caution**: You should NEVER run bytecode signatures from untrusted sources.
+# Doing so may result in arbitrary code execution.
+# Default: no
+#BytecodeUnsigned yes
+
 # Set bytecode timeout in milliseconds.
 #
 # Default: 5000