mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
6d9b57eeeb
It is a shortcoming of existing scan APIs that it is not possible to return an error without masking a verdict. We presently work around this limitation by counting up detections at the end and then overriding the error code with `CL_VIRUS`, if necessary. The `cl_scanfile_ex()`, `cl_scandesc_ex()`, and `cl_scanmap_ex()` functions should provide the scan verdict separately from the error code. This introduces a new enum for recording and reporting a verdict: `cl_verdict_t` with options: - `CL_VERDICT_NOTHING_FOUND` - `CL_VERDICT_TRUSTED` - `CL_VERDICT_STRONG_INDICATOR` - `CL_VERDICT_POTENTIALLY_UNWANTED` Notably, the newer scan APIs may set the verdict to `CL_VERDICT_TRUSTED` if there is a (hash-based) FP signature for a file, or in the cause where Authenticode or similar certificate-based verification was performed, or in the case where an application scan callback returned `CL_VERIFIED`. CLAM-763 CLAM-865 |
||
|---|---|---|
| .. | ||
| linux | ||
| mac | ||
| win | ||
| actions.c | ||
| actions.h | ||
| cert_util.c | ||
| cert_util.h | ||
| cert_util_internal.h | ||
| clamdcom.c | ||
| clamdcom.h | ||
| CMakeLists.txt | ||
| exeScanner.c | ||
| exeScanner.h | ||
| fdpassing.h | ||
| getopt.c | ||
| getopt.h | ||
| hostid.c | ||
| hostid.h | ||
| idmef_logging.c | ||
| idmef_logging.h | ||
| misc.c | ||
| misc.h | ||
| optparser.c | ||
| optparser.h | ||
| output.c | ||
| output.h | ||
| scanmem.c | ||
| scanmem.h | ||
| service.c | ||
| service.h | ||
| tar.c | ||
| tar.h | ||