mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
31dcec1e42
Temp directory recursion in ClamAV is when each layer of a scan gets its
own temp directory in the parent layer's temp directory.
In addition to temp directory recursion, ClamAV has been creating a new
subdirectory for each file scan as a risk-adverse method to ensure
no temporary file leaks fill up the disk.
Creating a directory is relatively slow on Windows in particular if
scanning a lot of very small files.
This commit:
1. Separates the temp directory recursion feature from the leave-temps
feature so that libclamav can leave temp files without making
subdirectories for each file scanned.
2. Makes it so that when temp directory recursion is off, libclamav
will just use the configure temp directory for all files.
The new option to enable temp directory recursion is for libclamav-only
at this time. It is off by default, and you can enable it like this:
```c
cl_engine_set_num(engine, CL_ENGINE_TMPDIR_RECURSION, 1);
```
For the `clamscan` and `clamd` programs, temp directory recursion will
be enabled when `--leave-temps` / `LeaveTemporaryFiles` is enabled.
The difference is that when disabled, it will return to using the
configured temp directory without making a subdirectory for each file
scanned, so as to improve scan performance for small files, mostly on
Windows.
Under the hood, this commit also:
1. Cleans up how we keep track of tmpdirs for each layer.
The goal here is to align how we keep track of layer-specific stuff
using the scan_layer structure.
2. Cleans up how we record metadata JSON for embedded files.
Note: Embedded files being different from Contained files, as they
are extracted not with a parser, but by finding them with
file type magic signatures.
CLAM-1583
177 lines
5.5 KiB
C
177 lines
5.5 KiB
C
/*
|
|
* Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
|
|
*
|
|
* Author: Shawn Webb
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
* MA 02110-1301, USA.
|
|
*
|
|
* In addition, as a special exception, the copyright holders give
|
|
* permission to link the code of portions of this program with the
|
|
* OpenSSL library under certain conditions as described in each
|
|
* individual source file, and distribute linked combinations
|
|
* including the two.
|
|
*
|
|
* You must obey the GNU General Public License in all respects
|
|
* for all of the code used other than OpenSSL. If you modify
|
|
* file(s) with this exception, you may extend this exception to your
|
|
* version of the file(s), but you are not obligated to do so. If you
|
|
* do not wish to do so, delete this exception statement from your
|
|
* version. If you delete this exception statement from all source
|
|
* files in the program, then also delete it here.
|
|
*/
|
|
|
|
#if HAVE_CONFIG_H
|
|
#include "clamav-config.h"
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#if !defined(_WIN32)
|
|
#include <unistd.h>
|
|
#endif
|
|
#include <errno.h>
|
|
|
|
#include "xar.h"
|
|
#include "fmap.h"
|
|
|
|
#include <libxml/xmlreader.h>
|
|
|
|
#include "clamav.h"
|
|
#include "str.h"
|
|
#include "scanners.h"
|
|
#include "conv.h"
|
|
#include "xdp.h"
|
|
#include "filetypes.h"
|
|
|
|
static char *dump_xdp(cli_ctx *ctx, const char *start, size_t sz);
|
|
|
|
static char *dump_xdp(cli_ctx *ctx, const char *start, size_t sz)
|
|
{
|
|
int fd;
|
|
char *filename;
|
|
size_t nwritten = 0;
|
|
ssize_t writeret;
|
|
|
|
if (cli_gentempfd(ctx->this_layer_tmpdir, &filename, &fd) != CL_SUCCESS)
|
|
return NULL;
|
|
|
|
while (nwritten < sz) {
|
|
writeret = write(fd, start + nwritten, sz - nwritten);
|
|
if (writeret < 0) {
|
|
if (errno == EAGAIN)
|
|
continue;
|
|
|
|
close(fd);
|
|
cli_unlink(filename);
|
|
free(filename);
|
|
|
|
return NULL;
|
|
}
|
|
|
|
nwritten += writeret;
|
|
}
|
|
|
|
cli_dbgmsg("dump_xdp: Dumped payload to %s\n", filename);
|
|
|
|
close(fd);
|
|
|
|
return filename;
|
|
}
|
|
|
|
cl_error_t cli_scanxdp(cli_ctx *ctx)
|
|
{
|
|
xmlTextReaderPtr reader = NULL;
|
|
const char *buf;
|
|
const xmlChar *name, *value;
|
|
char *decoded;
|
|
size_t decodedlen;
|
|
int rc = CL_SUCCESS;
|
|
char *dumpname;
|
|
size_t i;
|
|
|
|
buf = (const char *)fmap_need_off_once(ctx->fmap, 0, ctx->fmap->len);
|
|
if (!(buf))
|
|
return CL_EREAD;
|
|
|
|
if (ctx->engine->keeptmp) {
|
|
dumpname = dump_xdp(ctx, buf, ctx->fmap->len);
|
|
if (dumpname)
|
|
free(dumpname);
|
|
}
|
|
|
|
/*
|
|
* Since a PDF file can contain embedded XDP documents,
|
|
* it's possible that the filetyping code matched an embedded XDP document.
|
|
* If that's the case, then xmlReaderForMemory will throw an error. For now,
|
|
* silently ignore the error and return CL_SUCCESS so the filetyping code can
|
|
* continue on.
|
|
*/
|
|
reader = xmlReaderForMemory(buf, (int)(ctx->fmap->len), "noname.xml", NULL, CLAMAV_MIN_XMLREADER_FLAGS);
|
|
if (!(reader))
|
|
return CL_SUCCESS;
|
|
|
|
while (xmlTextReaderRead(reader) == 1) {
|
|
name = xmlTextReaderConstLocalName(reader);
|
|
if (!(name))
|
|
continue;
|
|
|
|
if (!strcmp((const char *)name, "chunk") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) {
|
|
value = xmlTextReaderReadInnerXml(reader);
|
|
if (value) {
|
|
decoded = cl_base64_decode((char *)value, strlen((const char *)value), NULL, &decodedlen, 0);
|
|
if (decoded) {
|
|
unsigned int shouldscan = 0;
|
|
|
|
if (decodedlen > 5) {
|
|
for (i = 0; i < MIN(MAGIC_BUFFER_SIZE, decodedlen - 5); i++) {
|
|
if (decoded[i] != '%')
|
|
continue;
|
|
|
|
if (decoded[i + 1] == 'P' || decoded[i + 1] == 'p') {
|
|
if (decoded[i + 2] == 'D' || decoded[i + 2] == 'd') {
|
|
if (decoded[i + 3] == 'F' || decoded[i + 3] == 'f') {
|
|
if (decoded[i + 4] == '-') {
|
|
shouldscan = 1;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!shouldscan) {
|
|
free(decoded);
|
|
xmlFree((void *)value);
|
|
break;
|
|
}
|
|
|
|
rc = cli_magic_scan_buff(decoded, decodedlen, ctx, NULL, LAYER_ATTRIBUTES_NONE);
|
|
free(decoded);
|
|
if (rc != CL_SUCCESS) {
|
|
xmlFree((void *)value);
|
|
break;
|
|
}
|
|
}
|
|
|
|
xmlFree((void *)value);
|
|
}
|
|
}
|
|
}
|
|
|
|
xmlFreeTextReader(reader);
|
|
|
|
return rc;
|
|
}
|