Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
9847 commits 35 branches 233 tags 197 MiB
Commit graph

98 commits

Author SHA1 Message Date
Micah Snyder
72fd33c8b2 clang-format'd using new .clang-format rules. 2019-10-02 16:08:16 -04:00
Micah Snyder
d39cb6581f Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames. 2018-12-02 23:06:59 -05:00
Micah Snyder (micasnyd)
f61e92da8f Changing numerous scan options' names, primarily those of heuristic signatature alert options. Original options (command line and clamd) will remain as deprecated & undocumented for a couple releases. Added 2 extra scan options to allow users to differentiate between alerting on encrypted archives vs encrypted documents (bb11911). 2018-12-02 23:06:59 -05:00
Micah Snyder
d7979d4ff7 Restructured scan options flags from a single bitflag field to a structure containing multiple bitflag fields. This also required adding a new function to the bytecode API to get scan options a la carte, and modifying the existing function to hand back scan options in the old/deprecated uint32_t bitflag format. Re-generated bytecode iface header files. 
Updated libclamav documentation detailing new scan options structure.
Renamed references to 'algorithmic' detection to 'heuristic' detection. Renaming references to 'properties' to 'collect metadata'.
Renamed references to 'scan all' to 'scan all match'.
Renamed a couple of 'Hueristic.*' signature names as 'Heuristics.*' signatures (plural) to match majority of other heuristics.
 2018-12-02 23:06:59 -05:00
Micah Snyder (micasnyd)
89d5207b31 Added new pdf object stream parsing capability. 2018-12-02 23:06:58 -05:00
Josh Soref
7cd9337a70 Spelling Adjustments (#30) 
* spelling: accessed

* spelling: alignment

* spelling: amalgamated

* spelling: answers

* spelling: another

* spelling: acquisition

* spelling: apitid

* spelling: ascii

* spelling: appending

* spelling: appropriate

* spelling: arbitrary

* spelling: architecture

* spelling: asynchronous

* spelling: attachments

* spelling: argument

* spelling: authenticode

* spelling: because

* spelling: boundary

* spelling: brackets

* spelling: bytecode

* spelling: calculation

* spelling: cannot

* spelling: changes

* spelling: check

* spelling: children

* spelling: codegen

* spelling: commands

* spelling: container

* spelling: concatenated

* spelling: conditions

* spelling: continuous

* spelling: conversions

* spelling: corresponding

* spelling: corrupted

* spelling: coverity

* spelling: crafting

* spelling: daemon

* spelling: definition

* spelling: delivered

* spelling: delivery

* spelling: delimit

* spelling: dependencies

* spelling: dependency

* spelling: detection

* spelling: determine

* spelling: disconnects

* spelling: distributed

* spelling: documentation

* spelling: downgraded

* spelling: downloading

* spelling: endianness

* spelling: entities

* spelling: especially

* spelling: empty

* spelling: expected

* spelling: explicitly

* spelling: existent

* spelling: finished

* spelling: flexibility

* spelling: flexible

* spelling: freshclam

* spelling: functions

* spelling: guarantee

* spelling: hardened

* spelling: headaches

* spelling: heighten

* spelling: improper

* spelling: increment

* spelling: indefinitely

* spelling: independent

* spelling: inaccessible

* spelling: infrastructure

Conflicts:
	docs/html/node68.html

* spelling: initializing

* spelling: inited

* spelling: instream

* spelling: installed

* spelling: initialization

* spelling: initialize

* spelling: interface

* spelling: intrinsics

* spelling: interpreter

* spelling: introduced

* spelling: invalid

* spelling: latency

* spelling: lawyers

* spelling: libclamav

* spelling: likelihood

* spelling: loop

* spelling: maximum

* spelling: million

* spelling: milliseconds

* spelling: minimum

* spelling: minzhuan

* spelling: multipart

* spelling: misled

* spelling: modifiers

* spelling: notifying

* spelling: objects

* spelling: occurred

* spelling: occurs

* spelling: occurrences

* spelling: optimization

* spelling: original

* spelling: originated

* spelling: output

* spelling: overridden

* spelling: parenthesis

* spelling: partition

* spelling: performance

* spelling: permission

* spelling: phishing

* spelling: portions

* spelling: positives

* spelling: preceded

* spelling: properties

* spelling: protocol

* spelling: protos

* spelling: quarantine

* spelling: recursive

* spelling: referring

* spelling: reorder

* spelling: reset

* spelling: resources

* spelling: resume

* spelling: retrieval

* spelling: rewrite

* spelling: sanity

* spelling: scheduled

* spelling: search

* spelling: section

* spelling: separator

* spelling: separated

* spelling: specify

* spelling: special

* spelling: statement

* spelling: streams

* spelling: succession

* spelling: suggests

* spelling: superfluous

* spelling: suspicious

* spelling: synonym

* spelling: temporarily

* spelling: testfiles

* spelling: transverse

* spelling: turkish

* spelling: typos

* spelling: unable

* spelling: unexpected

* spelling: unexpectedly

* spelling: unfinished

* spelling: unfortunately

* spelling: uninitialized

* spelling: unlocking

* spelling: unnecessary

* spelling: unpack

* spelling: unrecognized

* spelling: unsupported

* spelling: usable

* spelling: wherever

* spelling: wishlist

* spelling: white

* spelling: infrastructure

* spelling: directories

* spelling: overridden

* spelling: permission

* spelling: yesterday

* spelling: initialization

* spelling: intrinsics

* space adjustment for spelling changes

* minor modifications by klin
 2018-02-27 22:00:09 -05:00
Steven Morgan
48fef7b8ec 11898 - fix unit test failure with zlib 1.2.9+. Patch provided by Marc Deslauriers. 2017-08-18 16:06:26 -04:00
Steven Morgan
ea4ab2bccc bb11742 fix compile error in bytecode_api.c on Mac OS X. 2017-02-15 14:07:50 -05:00
Mickey Sola
631cb6a005 Fixes and updates to intermediate container sig rules based on code review 2017-02-01 17:33:15 -05:00
klin
031fe00a4d restructure container typing system to use array (#2) 2017-01-19 12:24:46 -05:00
Mickey Sola
46a35abe56 mass update of copyright headers 2015-09-17 13:41:26 -04:00
Shawn Webb
cd94be7a52 Silence a bunch of compiler warnings in libclamav 2014-07-10 18:11:49 -04:00
Shawn Webb
60d8d2c352 Move all the crypto API to clamav.h 2014-07-01 19:38:01 -04:00
Steven Morgan
6c048b8a30 Use json_object_object_get_ex() rather than json_object_object_get(), which is deprecated in json-c 0.10 2014-06-06 14:38:45 -04:00
Kevin Lin
9048572cec bytecode_api: fixed variable assignment issue 2014-06-03 12:43:23 -04:00
Kevin Lin
c6a3b294a9 bytecode: fixed a compiler issue and warnings 2014-06-03 11:47:57 -04:00
Kevin Lin
3107a6c24f bytecode: fixed issue with older versions of g++ 2014-06-03 11:19:01 -04:00
Steven Morgan
51f8cc3c18 More json header includes. 2014-05-23 10:11:32 -04:00
Kevin Lin
546e168bb7 api: added safety checks 2014-05-06 18:18:05 -04:00
Kevin Lin
61e3637d08 bytecode api: added support for querying int and booleans from json properties 2014-05-06 16:15:08 -04:00
Kevin Lin
fa7ae4ccbc bytecode api: updated copyright information 
bytecode api: added json properties reading implementation
 2014-05-06 16:13:48 -04:00
Shawn Webb
b2e7c931d0 Use OpenSSL for hashing. 2014-02-08 00:31:12 -05:00
Kevin Lin
90c0acc762 formatted a number of bytecode files, converted tabs to spaces 2014-01-16 17:57:40 -05:00
Shawn Webb
9691454612 bb6091 - check lseek() return 2013-02-28 19:32:29 -05:00
David Raynor
4a836f4310 CID #10418 2013-02-13 14:21:37 -05:00
Ryan Pentney
791868e80e I don't always test my code, but when I do... I do it in production. 2013-02-07 11:23:31 -08:00
Steve Morgan
6ad45a2931 add initial allscan/allmatch mode to libclamav, clamd, clamdscan, and clamscan with unit tests 2012-10-18 14:12:58 -07:00
Shawn webb
6a049897d9 BB#5455 2012-07-10 13:17:45 -04:00
Török Edvin
cc4d540831 bb #4324 
memcpy() crashes because GCC sees 'struct cli_exe_section*'
and assumes that section is aligned to at least 4 bytes.
But it isn't, so change the parameter to just 'void*'.

(Casting doesn't help, as GCC sees through it).

Also fixes part 1 of bb #3789.
 2012-02-29 17:04:16 +02:00
Török Edvin
f304dc688a fmapify: fix const-ness warnings 2012-01-05 14:16:09 +02:00
Török Edvin
3d664817f6 fix recursion level crash (bb #3706). 
Thanks to Stephane Chazelas for the analysis.
 2011-10-08 12:12:22 +03:00
Török Edvin
acc8bccb89 bb #2307. 2010-10-19 16:23:19 +03:00
Török Edvin
e4fedabef4 Warn about zlib version mismatches (bb #2072). 
In libclamav: if zlib version at runtime is older than at compile time, warn.
If they are the same, or newer don't warn.

clamconf warns always on mismatch.

Mismatch can happen if:
 - you build zlib yourself, but as static lib and compiler picks old shared lib
 (but new headers!)
 - you have 2 zlibs installed, and the old one takes precedence

Libclamav doesn't warn about mismatches due to zlib upgrades since this is
normal.
 2010-10-18 14:16:43 +03:00
Török Edvin
4116c65d1b Add bytecode API to determine whether running under JIT. 2010-10-18 12:35:39 +03:00
Török Edvin
d7531f2ad2 Fix warnings. 2010-10-18 12:24:11 +03:00
Török Edvin
ae8dc8c2bc Gather bytecode events from bytecode API. 2010-10-18 10:48:18 +03:00
Török Edvin
f73212dc62 Fix bytecode virusname reporting (bb #2255). 
Also adds possibility to stop a hook from executing, and set
a virus as heuristic (by using BC.Heuristic* name)
 2010-09-10 22:11:32 +03:00
Török Edvin
1dae00ebf4 bytecode: add icon match API. 2010-08-02 18:21:24 +03:00
Török Edvin
dc200c6b19 Add bytecode API for pdf. 2010-08-02 18:21:24 +03:00
Török Edvin
69650bea38 win32 build fix. 
forgot to commit.
 2010-07-29 22:17:30 +03:00
Török Edvin
88d54dcb72 Fix distcheck warnings. 2010-07-29 18:22:57 +03:00
Török Edvin
9f1715ccea Add new bytecode APIs to access the environment. 
check_platform(...) is an API that can be used to:
 - blacklist JIT/bytecode on just a very specific platform (not recommended)
 - mask (with 0xf/0xff) some fields, and keep just the flags that uniquely
 identify the system where a bug occurs (for example linux + ppc32).
 - it returns a bool so you can do further checks if needed.

The bytecode also has access to all the information collected from the
environment, so it can make more detailed decisions (based on CPU, presence of
SELinux/PaX, etc.).
You can't introduce new detections via bytecode, but you can write new
conditions using existing ones.

The previously added builtin bytecode moved all the JIT disable logic to
bytecode for easy updating.
 2010-07-29 14:06:59 +03:00
Török Edvin
51d25fde43 Solaris9 doesn't have round. 
Use a simple implementation instead, this is not performance critical.
 2010-05-14 11:09:16 +03:00
Török Edvin
da91503d8e Properly round ilog/iexp/... 2010-05-14 10:41:42 +03:00
Török Edvin
aadccfd1c8 Fix valgrind warnings. 2010-05-13 23:35:47 +03:00
Török Edvin
fc01c6476f Fix interpreter. 2010-05-13 23:25:11 +03:00
Török Edvin
e01a81ba2a Fix map API. 2010-05-13 20:37:06 +03:00
Török Edvin
3de9627110 Fixes for bytecode debug api. 2010-05-13 20:02:02 +03:00
Török Edvin
a5b201c81f Fix distcheck. 2010-05-13 00:27:00 +03:00
Török Edvin
7a7365efe9 0.96.1 new APIs (cli_map etc.) 2010-05-12 23:51:20 +03:00