Adds LZMA and BZip2 decompression routines to the bytecode API.
The ability to decompress LZMA and BZip2 streams is particularly
useful for bytecode signatures that extend clamav executable
unpacking capabilities.
Of note, the LZMA format is not well standardized. This API
expects the stream to start with the LZMA_Alone header.
Also fixed a bug in LZMA dictionary size setting.
Updated libclamav documentation detailing new scan options structure.
Renamed references to 'algorithmic' detection to 'heuristic' detection. Renaming references to 'properties' to 'collect metadata'.
Renamed references to 'scan all' to 'scan all match'.
Renamed a couple of 'Hueristic.*' signature names as 'Heuristics.*' signatures (plural) to match majority of other heuristics.
memcpy() crashes because GCC sees 'struct cli_exe_section*'
and assumes that section is aligned to at least 4 bytes.
But it isn't, so change the parameter to just 'void*'.
(Casting doesn't help, as GCC sees through it).
Also fixes part 1 of bb #3789.
check_platform(...) is an API that can be used to:
- blacklist JIT/bytecode on just a very specific platform (not recommended)
- mask (with 0xf/0xff) some fields, and keep just the flags that uniquely
identify the system where a bug occurs (for example linux + ppc32).
- it returns a bool so you can do further checks if needed.
The bytecode also has access to all the information collected from the
environment, so it can make more detailed decisions (based on CPU, presence of
SELinux/PaX, etc.).
You can't introduce new detections via bytecode, but you can write new
conditions using existing ones.
The previously added builtin bytecode moved all the JIT disable logic to
bytecode for easy updating.
