Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
clamav/libclamav/scan_layer.h
Valerie Snyder 6d9b57eeeb
libclamav: cl_scan*_ex() functions provide verdict separate from errors 
It is a shortcoming of existing scan APIs that it is not possible
to return an error without masking a verdict.
We presently work around this limitation by counting up detections at
the end and then overriding the error code with `CL_VIRUS`, if necessary.

The `cl_scanfile_ex()`, `cl_scandesc_ex()`, and `cl_scanmap_ex()` functions
should provide the scan verdict separately from the error code.

This introduces a new enum for recording and reporting a verdict:
`cl_verdict_t` with options:

- `CL_VERDICT_NOTHING_FOUND`
- `CL_VERDICT_TRUSTED`
- `CL_VERDICT_STRONG_INDICATOR`
- `CL_VERDICT_POTENTIALLY_UNWANTED`

Notably, the newer scan APIs may set the verdict to `CL_VERDICT_TRUSTED`
if there is a (hash-based) FP signature for a file, or in the cause where
Authenticode or similar certificate-based verification was performed, or
in the case where an application scan callback returned `CL_VERIFIED`.

CLAM-763
CLAM-865
2025-08-14 22:40:46 -04:00

52 lines
2.4 KiB
C
Raw Permalink Blame History

/*
* Copyright (C) 2021-2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
*
* Authors: Valerie Snyder
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#ifndef __SCAN_LAYER_H_LC
#define __SCAN_LAYER_H_LC
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
#include "clamav.h"
#include "filetypes.h"
#include "other_types.h"
#include "json.h"
typedef struct cli_scan_layer {
cli_file_t type;
size_t size;
cl_fmap_t *fmap; /* The fmap for this layer. This used to be in an array in the ctx. */
uint32_t recursion_level; /* The recursion level of this layer in the scan stack. */
uint32_t recursion_level_buffer; /* Which buffer layer in scan recursion. */
uint32_t recursion_level_buffer_fmap; /* Which fmap layer in this buffer. */
uint32_t attributes; /* layer attributes. */
image_fuzzy_hash_t image_fuzzy_hash; /* Used for image/graphics files to store a fuzzy hash. */
bool calculated_image_fuzzy_hash; /* Used for image/graphics files to store a fuzzy hash. */
size_t object_id; /* Unique ID for this object. */
json_object *metadata_json; /* JSON object for this recursion level, e.g. for JSON metadata. */
evidence_t evidence; /* Store signature matches for this layer and its children. */
cl_verdict_t verdict; /* Verdict for this layer, e.g. CL_VERDICT_STRONG_INDICATOR, CL_VERDICT_NOTHING_FOUND, CL_VERDICT_TRUSTED. */
char *tmpdir; /* The directory to store tmp files created when processing this layer. */
struct cli_scan_layer *parent; /* Pointer to the parent layer, if any. */
} cli_scan_layer_t;
#endif /* __SCAN_LAYER_H_LC */
Reference in a new issue View git blame Copy permalink