clamscan/manager.c
e3aaff8e
 /*
54402320
  *  Copyright (C) 2007-2012 Sourcefire, Inc.
086eab5c
  *
  *  Authors: Tomasz Kojm
e3aaff8e
  *
  *  This program is free software; you can redistribute it and/or modify
bb34cb31
  *  it under the terms of the GNU General Public License version 2 as
  *  published by the Free Software Foundation.
e3aaff8e
  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software
48b7b4a7
  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  *  MA 02110-1301, USA.
e3aaff8e
  *
  */
 
5c07666a
 #if HAVE_CONFIG_H
 #include "clamav-config.h"
 #endif
 
e3aaff8e
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
 #include <sys/stat.h>
 #include <sys/types.h>
8c57a6c1
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
4cd80898
 #include <dirent.h>
 #ifndef _WIN32
e3aaff8e
 #include <sys/wait.h>
4790a32f
 #include <utime.h>
9a03413e
 #include <sys/time.h>
 #include <sys/resource.h>
34f71e0e
 #endif
e3aaff8e
 #include <fcntl.h>
34f71e0e
 #ifdef	HAVE_UNISTD_H
e3aaff8e
 #include <unistd.h>
34f71e0e
 #endif
e3aaff8e
 #include <sys/types.h>
 #include <signal.h>
 #include <errno.h>
8c57a6c1
 #include <target.h>
e3aaff8e
 
 #include "manager.h"
7a2997f1
 #include "global.h"
 
269d520d
 #include "shared/optparser.h"
ee6702ab
 #include "shared/actions.h"
7a2997f1
 #include "shared/output.h"
 #include "shared/misc.h"
 
 #include "libclamav/clamav.h"
 #include "libclamav/others.h"
 #include "libclamav/matcher-ac.h"
 #include "libclamav/str.h"
05f92e64
 #include "libclamav/readdb.h"
370892d0
 #include "libclamav/cltypes.h"
e3aaff8e
 
 #ifdef C_LINUX
 dev_t procdev;
 #endif
 
8c57a6c1
 #ifdef _WIN32
 /* FIXME: If possible, handle users correctly */
 static int checkaccess(const char *path, const char *username, int mode)
 {
4b6af09e
     return !access(path, mode);
8c57a6c1
 }
 #else
 static int checkaccess(const char *path, const char *username, int mode)
 {
 	struct passwd *user;
 	int ret = 0, status;
 
     if(!geteuid()) {
 
 	if((user = getpwnam(username)) == NULL) {
 	    return -1;
 	}
 
 	switch(fork()) {
 	    case -1:
 		return -2;
 
 	    case 0:
 		if(setgid(user->pw_gid)) {
 		    fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid);
 		    exit(0);
 		}
 
 		if(setuid(user->pw_uid)) {
 		    fprintf(stderr, "ERROR: setuid(%d) failed.\n", (int) user->pw_uid);
 		    exit(0);
 		}
 
 		if(access(path, mode))
 		    exit(0);
 		else
 		    exit(1);
 
 	    default:
 		wait(&status);
 		if(WIFEXITED(status) && WEXITSTATUS(status) == 1)
 		    ret = 1;
 	}
 
     } else {
 	if(!access(path, mode))
 	    ret = 1;
     }
 
     return ret;
 }
 #endif
 
248c2f4d
 struct metachain {
     char **chains;
     unsigned lastadd;
     unsigned lastvir;
     unsigned level;
     unsigned n;
 };
 
 static cl_error_t pre(int fd, const char *type, void *context)
 {
     struct metachain *c = context;
     if (c) {
 	c->level++;
     }
     return CL_CLEAN;
 }
 
 static int print_chain(struct metachain *c, char *str, unsigned len)
 {
     unsigned i;
     unsigned na = 0;
     for (i=0;i<c->n-1;i++) {
 	unsigned int n = strlen(c->chains[i]);
 	if (na)
 	    str[na++] = '!';
 	if (n + na + 2 > len)
 	    break;
 	memcpy(str + na, c->chains[i], n);
 	na += n;
     }
     str[na] = '\0';
     str[len-1] = '\0';
     return i == c->n-1 ? 0 : 1;
 }
 
 static cl_error_t post(int fd, int result, const char *virname, void *context)
 {
     struct metachain *c = context;
     if (c && c->n) {
 	char str[128];
 	int toolong = print_chain(c, str, sizeof(str));
 	if (c->level == c->lastadd && !virname)
 	    free(c->chains[--c->n]);
 	if (virname && !c->lastvir)
 	    c->lastvir = c->level;
     }
     if (c)
 	c->level--;
     return CL_CLEAN;
 }
 
 static cl_error_t meta(const char* container_type, unsigned long fsize_container, const char *filename,
 		       unsigned long fsize_real,  int is_encrypted, unsigned int filepos_container, void *context)
 {
     int na = 0;
     char prev[128];
     struct metachain *c = context;
     const char *type = !strncmp(container_type,"CL_TYPE_",8) ? container_type + 8 : container_type;
     unsigned n = strlen(type) + 1 + strlen(filename) + 1;
     char *chain;
     char **chains;
     int toolong;
 
     if (!c)
 	return CL_CLEAN;
     chain = malloc(n);
     if (!chain)
 	return CL_CLEAN;
     if (!strcmp(type, "ANY"))
 	snprintf(chain, n,"%s", filename);
     else
 	snprintf(chain, n,"%s:%s", type, filename);
     if (c->lastadd != c->level) {
 	n = c->n + 1;
 	chains = realloc(c->chains, n * sizeof(*chains));
 	if (!chains) {
 	    free(chain);
 	    return CL_CLEAN;
 	}
 	c->chains = chains;
 	c->n = n;
 	c->lastadd = c->level;
     } else {
 	free(c->chains[c->n-1]);
     }
     c->chains[c->n-1] = chain;
     toolong = print_chain(c, prev, sizeof(prev));
     logg("*Scanning %s%s!%s\n", prev,toolong ? "..." : "", chain);
     return CL_CLEAN;
 }
 
8c57a6c1
 static void scanfile(const char *filename, struct cl_engine *engine, const struct optstruct *opts, unsigned int options)
7a2997f1
 {
9c025fb3
 	int ret = 0, fd, included;
a058e0b1
 	unsigned i;
269d520d
 	const struct optstruct *opt;
ec6429ab
 	const char *virname;
6ad45a29
 	const char **virpp = &virname;
a2a004df
 	STATBUF sb;
248c2f4d
 	struct metachain chain;
ec6429ab
 
269d520d
     if((opt = optget(opts, "exclude"))->enabled) {
 	while(opt) {
 	    if(match_regex(filename, opt->strarg) == 1) {
ec6429ab
 		if(!printinfected)
 		    logg("~%s: Excluded\n", filename);
8770404a
 		return;
ec6429ab
 	    }
269d520d
 	    opt = opt->nextarg;
ec6429ab
 	}
     }
 
269d520d
     if((opt = optget(opts, "include"))->enabled) {
ec6429ab
 	included = 0;
269d520d
 	while(opt) {
 	    if(match_regex(filename, opt->strarg) == 1) {
ec6429ab
 		included = 1;
 		break;
 	    }
269d520d
 	    opt = opt->nextarg;
ec6429ab
 	}
 	if(!included) {
 	    if(!printinfected)
 		logg("~%s: Excluded\n", filename);
8770404a
 	    return;
ec6429ab
 	}
     }
 
8c57a6c1
     /* argh, don't scan /proc files */
a2a004df
     if(STAT(filename, &sb) != -1) {
8c57a6c1
 #ifdef C_LINUX
 	if(procdev && sb.st_dev == procdev) {
 	    if(!printinfected)
 		logg("~%s: Excluded (/proc)\n", filename);
 		return;
 	}
 #endif    
 	if(!sb.st_size) {
 	    if(!printinfected)
 		logg("~%s: Empty file\n", filename);
 	    return;
 	}
 	info.rblocks += sb.st_size / CL_COUNT_PRECISION;
ec6429ab
     }
8c57a6c1
 
be4bf7f4
 #ifndef _WIN32
ec6429ab
     if(geteuid())
 	if(checkaccess(filename, NULL, R_OK) != 1) {
 	    if(!printinfected)
 		logg("~%s: Access denied\n", filename);
8770404a
 	    info.errors++;
 	    return;
ec6429ab
 	}
 #endif
 
248c2f4d
     memset(&chain, 0, sizeof(chain));
     if(optget(opts, "archive-verbose")->enabled) {
 	chain.chains = malloc(sizeof(*chain.chains));
 	if (chain.chains) {
 	    chain.chains[0] = strdup(filename);
 	    chain.n = 1;
 	}
     }
ec6429ab
     logg("*Scanning %s\n", filename);
 
6e246c11
     if((fd = safe_open(filename, O_RDONLY|O_BINARY)) == -1) {
be4bf7f4
 	logg("^Can't open file %s: %s\n", filename, strerror(errno));
8770404a
 	info.errors++;
 	return;
ec6429ab
     }
 
248c2f4d
 
6ad45a29
     if((ret = cl_scandesc_callback(fd, virpp, &info.blocks, engine, options, &chain)) == CL_VIRUS) {
248c2f4d
 	if(optget(opts, "archive-verbose")->enabled) {
 	    if (chain.n > 1) {
 		char str[128];
 		int toolong = print_chain(&chain, str, sizeof(str));
 		logg("~%s%s!(%d)%s: %s FOUND\n", str, toolong ? "..." : "", chain.lastvir-1, chain.chains[chain.n-1], virname);
 	    } else if (chain.lastvir)
 		logg("~%s!(%d): %s FOUND\n", filename, chain.lastvir-1, virname);
 	}
6ad45a29
 	if (options & CL_SCAN_ALLMATCHES) {
 	    int i = 0;
 	    virpp = (const char **)*virpp; /* horrible */
 	    virname = virpp[0];
 	    while (virpp[i])
 		logg("~%s: %s FOUND\n", filename, virpp[i++]);
 	    free((void *)virpp);
 	}
 	else
 	    logg("~%s: %s FOUND\n", filename, virname);
8770404a
 	info.files++;
ec6429ab
 	info.ifiles++;
 
 	if(bell)
 	    fprintf(stderr, "\007");
 
     } else if(ret == CL_CLEAN) {
 	if(!printinfected && printclean)
 	    mprintf("~%s: OK\n", filename);
8770404a
 	info.files++;
     } else {
ec6429ab
 	if(!printinfected)
52b40b1e
 	    logg("~%s: %s ERROR\n", filename, cl_strerror(ret));
8770404a
 	info.errors++;
     }
ec6429ab
 
248c2f4d
     for (i=0;i<chain.n;i++)
 	free(chain.chains[i]);
     free(chain.chains);
ec6429ab
     close(fd);
 
ee6702ab
     if(ret == CL_VIRUS && action)
 	action(filename);
ec6429ab
 }
 
8c57a6c1
 static void scandirs(const char *dirname, struct cl_engine *engine, const struct optstruct *opts, unsigned int options, unsigned int depth, dev_t dev)
ec6429ab
 {
 	DIR *dd;
 	struct dirent *dent;
a2a004df
 	STATBUF sb;
ec6429ab
 	char *fname;
8770404a
 	int included;
269d520d
 	const struct optstruct *opt;
8c57a6c1
 	unsigned int dirlnk, filelnk;
ec6429ab
 
 
269d520d
     if((opt = optget(opts, "exclude-dir"))->enabled) {
 	while(opt) {
 	    if(match_regex(dirname, opt->strarg) == 1) {
ec6429ab
 		if(!printinfected)
 		    logg("~%s: Excluded\n", dirname);
8770404a
 		return;
ec6429ab
 	    }
269d520d
 	    opt = opt->nextarg;
ec6429ab
 	}
     }
 
269d520d
     if((opt = optget(opts, "include-dir"))->enabled) {
ec6429ab
 	included = 0;
269d520d
 	while(opt) {
 	    if(match_regex(dirname, opt->strarg) == 1) {
ec6429ab
 		included = 1;
 		break;
 	    }
269d520d
 	    opt = opt->nextarg;
ec6429ab
 	}
 	if(!included) {
 	    if(!printinfected)
 		logg("~%s: Excluded\n", dirname);
8770404a
 	    return;
ec6429ab
 	}
     }
 
269d520d
     if(depth > (unsigned int) optget(opts, "max-dir-recursion")->numarg)
8770404a
 	return;
ec6429ab
 
8c57a6c1
     dirlnk = optget(opts, "follow-dir-symlinks")->numarg;
     filelnk = optget(opts, "follow-file-symlinks")->numarg;
 
ec6429ab
     if((dd = opendir(dirname)) != NULL) {
8770404a
 	info.dirs++;
 	depth++;
ec6429ab
 	while((dent = readdir(dd))) {
 	    if(dent->d_ino)
 	    {
 		if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {
 		    /* build the full name */
 		    fname = malloc(strlen(dirname) + strlen(dent->d_name) + 2);
e522909e
 		    if (fname == NULL) { /* oops, malloc() failed, print warning and return */
 			logg("!scandirs: Memory allocation failed for fname\n");
 			return;
 		    }
 
58481352
 		    if(!strcmp(dirname, PATHSEP))
 			sprintf(fname, PATHSEP"%s", dent->d_name);
1464e7a1
 		    else
58481352
 			sprintf(fname, "%s"PATHSEP"%s", dirname, dent->d_name);
ec6429ab
 
 		    /* stat the file */
a2a004df
 		    if(LSTAT(fname, &sb) != -1) {
2086dc5c
 			if(!optget(opts, "cross-fs")->enabled) {
8c57a6c1
 			    if(sb.st_dev != dev) {
2086dc5c
 				if(!printinfected)
 				    logg("~%s: Excluded\n", fname);
 				free(fname);
 				continue;
 			    }
 			}
8c57a6c1
 			if(S_ISLNK(sb.st_mode)) {
 			    if(dirlnk != 2 && filelnk != 2) {
 				if(!printinfected)
 				    logg("%s: Symbolic link\n", fname);
a2a004df
 			    } else if(STAT(fname, &sb) != -1) {
8c57a6c1
 				if(S_ISREG(sb.st_mode) && filelnk == 2) {
 				    scanfile(fname, engine, opts, options);
 				} else if(S_ISDIR(sb.st_mode) && dirlnk == 2) {
 				    if(recursion)
 					scandirs(fname, engine, opts, options, depth, dev);
 				} else {
 				    if(!printinfected)
 					logg("%s: Symbolic link\n", fname);
 				}
 			    }
 			} else if(S_ISREG(sb.st_mode)) {
8770404a
 			    scanfile(fname, engine, opts, options);
8c57a6c1
 			} else if(S_ISDIR(sb.st_mode) && recursion) {
 			    scandirs(fname, engine, opts, options, depth, dev);
 			}
ec6429ab
 		    }
 		    free(fname);
 		}
 	    }
 	}
7daebb4c
 	closedir(dd);
ec6429ab
     } else {
 	if(!printinfected)
 	    logg("~%s: Can't open directory.\n", dirname);
8770404a
 	info.errors++;
ec6429ab
     }
7a2997f1
 }
 
269d520d
 static int scanstdin(const struct cl_engine *engine, const struct optstruct *opts, int options)
7a2997f1
 {
 	int ret;
5da3127b
 	unsigned int fsize = 0;
7a2997f1
 	const char *virname, *tmpdir;
6ad45a29
 	const char **virpp = &virname;
 
7a2997f1
 	char *file, buff[FILEBUFF];
ec6429ab
 	size_t bread;
7a2997f1
 	FILE *fs;
 
269d520d
     if(optget(opts, "tempdir")->enabled) {
 	tmpdir = optget(opts, "tempdir")->strarg;
081f6473
     } else
33068e09
 	/* check write access */
081f6473
 	tmpdir = cli_gettmpdir();
7a2997f1
 
     if(checkaccess(tmpdir, CLAMAVUSER, W_OK) != 1) {
 	logg("!Can't write to temporary directory\n");
8770404a
 	return 2;
7a2997f1
     }
 
f246a9c7
     if(!(file = cli_gentemp(tmpdir))) {
 	logg("!Can't generate tempfile name\n");
 	return 2;
     }
7a2997f1
 
     if(!(fs = fopen(file, "wb"))) {
 	logg("!Can't open %s for writing\n", file);
38fe8af4
 	free(file);
8770404a
 	return 2;
7a2997f1
     }
 
5da3127b
     while((bread = fread(buff, 1, FILEBUFF, stdin))) {
 	fsize += bread;
ec6429ab
 	if(fwrite(buff, 1, bread, fs) < bread) {
38fe8af4
 	    logg("!Can't write to %s\n", file);
 	    free(file);
4f1cdbdd
 	    fclose(fs);
8770404a
 	    return 2;
38fe8af4
 	}
5da3127b
     }
7a2997f1
     fclose(fs);
 
     logg("*Checking %s\n", file);
     info.files++;
5da3127b
     info.rblocks += fsize / CL_COUNT_PRECISION;
7a2997f1
 
370892d0
     if((ret = cl_scanfile(file, &virname, &info.blocks, engine, options)) == CL_VIRUS) {
6ad45a29
         if (options & CL_SCAN_ALLMATCHES) {
             int i = 0;
             virpp = (const char **)*virpp; /* temp hack for scanall mode until api augmentation */
             virname = virpp[0];
             while (virpp[i])
                 logg("stdin: %s FOUND\n", virpp[i++]);
             free((void *)virpp);
         }
 	else
 	    logg("stdin: %s FOUND\n", virname);
 
7a2997f1
 	info.ifiles++;
 
 	if(bell)
 	    fprintf(stderr, "\007");
 
     } else if(ret == CL_CLEAN) {
 	if(!printinfected)
 	    mprintf("stdin: OK\n");
88700e89
     } else {
7a2997f1
 	if(!printinfected)
52b40b1e
 	    logg("stdin: %s ERROR\n", cl_strerror(ret));
88700e89
 	info.errors++;
     }
7a2997f1
 
     unlink(file);
     free(file);
     return ret;
 }
8000d078
 
269d520d
 int scanmanager(const struct optstruct *opts)
e3aaff8e
 {
8c57a6c1
 	int ret = 0, i;
 	unsigned int options = 0, dboptions = 0, dirlnk = 1, filelnk = 1;
370892d0
 	struct cl_engine *engine;
a2a004df
 	STATBUF sb;
269d520d
 	char *file, cwd[1024], *pua_cats = NULL;
c2b6681b
 	const char *filename;
269d520d
 	const struct optstruct *opt;
4cd80898
 #ifndef _WIN32
9a03413e
 	struct rlimit rlim;
 #endif
e3aaff8e
 
8c57a6c1
     dirlnk = optget(opts, "follow-dir-symlinks")->numarg;
     if(dirlnk > 2) {
 	logg("!--follow-dir-symlinks: Invalid argument\n");
 	return 2;
     }
 
     filelnk = optget(opts, "follow-file-symlinks")->numarg;
     if(filelnk > 2) {
 	logg("!--follow-file-symlinks: Invalid argument\n");
 	return 2;
     }
 
269d520d
     if(optget(opts, "phishing-sigs")->enabled)
9f8098c0
 	dboptions |= CL_DB_PHISHING;
e3aaff8e
 
208ceae5
     if(optget(opts, "official-db-only")->enabled)
 	dboptions |= CL_DB_OFFICIAL_ONLY;
 
269d520d
     if(optget(opts,"phishing-scan-urls")->enabled)
9f8098c0
 	dboptions |= CL_DB_PHISHING_URLS;
a68507c5
 
52dd3a6b
     if(optget(opts,"bytecode")->enabled)
 	dboptions |= CL_DB_BYTECODE;
 
370892d0
     if((ret = cl_init(CL_INIT_DEFAULT))) {
 	logg("!Can't initialize libclamav: %s\n", cl_strerror(ret));
8770404a
 	return 2;
370892d0
     }
 
b8fe70b3
     if(!(engine = cl_engine_new())) {
370892d0
 	logg("!Can't initialize antivirus engine\n");
8770404a
 	return 2;
370892d0
     }
 
269d520d
     if(optget(opts, "detect-pua")->enabled) {
70edb085
 	dboptions |= CL_DB_PUA;
269d520d
 	if((opt = optget(opts, "exclude-pua"))->enabled) {
b023c36d
 	    dboptions |= CL_DB_PUA_EXCLUDE;
c783516d
 	    i = 0;
269d520d
 	    while(opt) {
 		if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
b023c36d
 		    logg("!Can't allocate memory for pua_cats\n");
370892d0
 		    cl_engine_free(engine);
8770404a
 		    return 2;
b023c36d
 		}
269d520d
 		sprintf(pua_cats + i, ".%s", opt->strarg);
 		i += strlen(opt->strarg) + 1;
b023c36d
 		pua_cats[i] = 0;
269d520d
 		opt = opt->nextarg;
b023c36d
 	    }
 	    pua_cats[i] = '.';
 	    pua_cats[i + 1] = 0;
 	}
 
269d520d
 	if((opt = optget(opts, "include-pua"))->enabled) {
b023c36d
 	    if(pua_cats) {
 		logg("!--exclude-pua and --include-pua cannot be used at the same time\n");
370892d0
 		cl_engine_free(engine);
b023c36d
 		free(pua_cats);
8770404a
 		return 2;
b023c36d
 	    }
 	    dboptions |= CL_DB_PUA_INCLUDE;
 	    i = 0;
269d520d
 	    while(opt) {
 		if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
b023c36d
 		    logg("!Can't allocate memory for pua_cats\n");
f246a9c7
 		    cl_engine_free(engine);
8770404a
 		    return 2;
b023c36d
 		}
269d520d
 		sprintf(pua_cats + i, ".%s", opt->strarg);
 		i += strlen(opt->strarg) + 1;
b023c36d
 		pua_cats[i] = 0;
269d520d
 		opt = opt->nextarg;
b023c36d
 	    }
 	    pua_cats[i] = '.';
 	    pua_cats[i + 1] = 0;
 	}
 
 	if(pua_cats) {
2accc66f
 	    if((ret = cl_engine_set_str(engine, CL_ENGINE_PUA_CATEGORIES, pua_cats))) {
 		logg("!cli_engine_set_str(CL_ENGINE_PUA_CATEGORIES) failed: %s\n", cl_strerror(ret));
b023c36d
 		free(pua_cats);
370892d0
 		cl_engine_free(engine);
8770404a
 		return 2;
b023c36d
 	    }
370892d0
 	    free(pua_cats);
b023c36d
 	}
     }
 
2accc66f
     if(optget(opts, "dev-ac-only")->enabled)
 	cl_engine_set_num(engine, CL_ENGINE_AC_ONLY, 1);
ab0d2f05
 
2accc66f
     if(optget(opts, "dev-ac-depth")->enabled)
 	cl_engine_set_num(engine, CL_ENGINE_AC_MAXDEPTH, optget(opts, "dev-ac-depth")->numarg);
ab0d2f05
 
2accc66f
     if(optget(opts, "leave-temps")->enabled)
 	cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
33068e09
 
62315ce6
     if(optget(opts, "bytecode-unsigned")->enabled)
 	dboptions |= CL_DB_BYTECODE_UNSIGNED;
 
54402320
     if(optget(opts, "bytecode-statistics")->enabled)
 	dboptions |= CL_DB_BYTECODE_STATS;
 
b63681a5
     if((opt = optget(opts,"bytecode-timeout"))->enabled)
 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
9f3afdb8
     if((opt = optget(opts,"bytecode-mode"))->enabled) {
 	enum bytecode_mode mode;
 	if (!strcmp(opt->strarg, "ForceJIT"))
 	    mode = CL_BYTECODE_MODE_JIT;
 	else if(!strcmp(opt->strarg, "ForceInterpreter"))
 	    mode = CL_BYTECODE_MODE_INTERPRETER;
 	else if(!strcmp(opt->strarg, "Test"))
 	    mode = CL_BYTECODE_MODE_TEST;
 	else
 	    mode = CL_BYTECODE_MODE_AUTO;
 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
     }
aa745db7
 
269d520d
     if((opt = optget(opts, "tempdir"))->enabled) {
2accc66f
 	if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
 	    logg("!cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret));
33068e09
 	    cl_engine_free(engine);
8770404a
 	    return 2;
33068e09
 	}
     }
 
8daa97de
     if((opt = optget(opts, "database"))->active) {
fc05ee48
 	while(opt) {
 	    if((ret = cl_load(opt->strarg, engine, &info.sigs, dboptions))) {
 		logg("!%s\n", cl_strerror(ret));
 		cl_engine_free(engine);
 		return 2;
 	    }
 	    opt = opt->nextarg;
e3aaff8e
 	}
     } else {
98ce643b
 	    char *dbdir = freshdbdir();
908db4df
 
370892d0
 	if((ret = cl_load(dbdir, engine, &info.sigs, dboptions))) {
9f0e5585
 	    logg("!%s\n", cl_strerror(ret));
98ce643b
 	    free(dbdir);
370892d0
 	    cl_engine_free(engine);
8770404a
 	    return 2;
e3aaff8e
 	}
98ce643b
 	free(dbdir);
e3aaff8e
     }
 
370892d0
     if((ret = cl_engine_compile(engine)) != 0) {
9f0e5585
 	logg("!Database initialization error: %s\n", cl_strerror(ret));;
370892d0
 	cl_engine_free(engine);
8770404a
 	return 2;
2d70a403
     }
e3aaff8e
 
248c2f4d
     if(optget(opts, "archive-verbose")->enabled) {
 	cl_engine_set_clcb_meta(engine, meta);
01fd9ca9
 	cl_engine_set_clcb_pre_cache(engine, pre);
248c2f4d
 	cl_engine_set_clcb_post_scan(engine, post);
     }
 
5cc4cb86
     if (optget(opts, "nocerts")->enabled)
         engine->dconf->pe |= PE_CONF_DISABLECERT;
 
7209997f
     if (optget(opts, "dumpcerts")->enabled)
         engine->dconf->pe |= PE_CONF_DUMPCERT;
 
7a2997f1
     /* set limits */
e3aaff8e
 
09dc3ecb
     if((opt = optget(opts, "max-scansize"))->active) {
2accc66f
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
370892d0
 	    cl_engine_free(engine);
8770404a
 	    return 2;
370892d0
 	}
     }
281c7642
 
09dc3ecb
     if((opt = optget(opts, "max-filesize"))->active) {
2accc66f
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
370892d0
 	    cl_engine_free(engine);
8770404a
 	    return 2;
370892d0
 	}
     }
e3aaff8e
 
4cd80898
 #ifndef _WIN32
9a03413e
     if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
655bc627
 	if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL))
370892d0
 	    logg("^System limit for file size is lower than engine->maxfilesize\n");
655bc627
 	if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL))
370892d0
 	    logg("^System limit for file size is lower than engine->maxscansize\n");
9a03413e
     } else {
 	logg("^Cannot obtain resource limits for file size\n");
     }
 #endif
 
09dc3ecb
     if((opt = optget(opts, "max-files"))->active) {
2accc66f
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILES, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_FILES) failed: %s\n", cl_strerror(ret));
370892d0
 	    cl_engine_free(engine);
8770404a
 	    return 2;
370892d0
 	}
     }
e3aaff8e
 
09dc3ecb
     if((opt = optget(opts, "max-recursion"))->active) {
2accc66f
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
370892d0
 	    cl_engine_free(engine);
8770404a
 	    return 2;
370892d0
 	}
     }
e3aaff8e
 
b2726a53
     /* Engine max sizes */
 
     if((opt = optget(opts, "max-embeddedpe"))->active) {
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_EMBEDDEDPE, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_EMBEDDEDPE) failed: %s\n", cl_strerror(ret));
 	    cl_engine_free(engine);
 	    return 2;
 	}
     }
 
     if((opt = optget(opts, "max-htmlnormalize"))->active) {
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNORMALIZE, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNORMALIZE) failed: %s\n", cl_strerror(ret));
 	    cl_engine_free(engine);
 	    return 2;
 	}
     }
 
     if((opt = optget(opts, "max-htmlnotags"))->active) {
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNOTAGS, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNOTAGS) failed: %s\n", cl_strerror(ret));
 	    cl_engine_free(engine);
 	    return 2;
 	}
     }
 
     if((opt = optget(opts, "max-scriptnormalize"))->active) {
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCRIPTNORMALIZE, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_SCRIPTNORMALIZE) failed: %s\n", cl_strerror(ret));
 	    cl_engine_free(engine);
 	    return 2;
 	}
     }
 
     if((opt = optget(opts, "max-ziptypercg"))->active) {
 	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ZIPTYPERCG, opt->numarg))) {
 	    logg("!cli_engine_set_num(CL_ENGINE_MAX_ZIPTYPERCG) failed: %s\n", cl_strerror(ret));
 	    cl_engine_free(engine);
 	    return 2;
 	}
     }
 
269d520d
     /* set scan options */
6ad45a29
     if(optget(opts, "allmatch")->enabled)
 	options |= CL_SCAN_ALLMATCHES;
 
269d520d
     if(optget(opts,"phishing-ssl")->enabled)
 	options |= CL_SCAN_PHISHING_BLOCKSSL;
6ef42bc3
 
269d520d
     if(optget(opts,"phishing-cloak")->enabled)
 	options |= CL_SCAN_PHISHING_BLOCKCLOAK;
 
     if(optget(opts,"heuristic-scan-precedence")->enabled)
 	options |= CL_SCAN_HEURISTIC_PRECEDENCE;
 
     if(optget(opts, "scan-archive")->enabled)
3805ebcb
 	options |= CL_SCAN_ARCHIVE;
6ef42bc3
 
269d520d
     if(optget(opts, "detect-broken")->enabled)
453581ae
 	options |= CL_SCAN_BLOCKBROKEN;
6ef42bc3
 
269d520d
     if(optget(opts, "block-encrypted")->enabled)
08d6b1e3
 	options |= CL_SCAN_BLOCKENCRYPTED;
6ef42bc3
 
269d520d
     if(optget(opts, "scan-pe")->enabled)
3805ebcb
 	options |= CL_SCAN_PE;
6ef42bc3
 
269d520d
     if(optget(opts, "scan-elf")->enabled)
3f97a1e7
 	options |= CL_SCAN_ELF;
 
269d520d
     if(optget(opts, "scan-ole2")->enabled)
3805ebcb
 	options |= CL_SCAN_OLE2;
6ef42bc3
 
269d520d
     if(optget(opts, "scan-pdf")->enabled)
c5107e70
 	options |= CL_SCAN_PDF;
 
1e41fdba
     if(optget(opts, "scan-swf")->enabled)
 	options |= CL_SCAN_SWF;
 
269d520d
     if(optget(opts, "scan-html")->enabled)
3805ebcb
 	options |= CL_SCAN_HTML;
6ef42bc3
 
6a4dd9dc
     if(optget(opts, "scan-mail")->enabled)
3805ebcb
 	options |= CL_SCAN_MAIL;
6ef42bc3
 
269d520d
     if(optget(opts, "algorithmic-detection")->enabled)
6fd2fb47
 	options |= CL_SCAN_ALGORITHMIC;
1b661cef
 
3d7547cf
 #ifdef HAVE__INTERNAL__SHA_COLLECT
     if(optget(opts, "dev-collect-hashes")->enabled)
 	options |= CL_SCAN_INTERNAL_COLLECT_SHA;
 #endif
 
63feb6cd
     if(optget(opts, "dev-performance")->enabled)
 	options |= CL_SCAN_PERFORMANCE_INFO;
 
269d520d
     if(optget(opts, "detect-structured")->enabled) {
a6e38800
 	options |= CL_SCAN_STRUCTURED;
5fe6e72b
 
269d520d
 	if((opt = optget(opts, "structured-ssn-format"))->enabled) {
 	    switch(opt->numarg) {
5fe6e72b
 		case 0:
 		    options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
 		    break;
 		case 1:
 		    options |= CL_SCAN_STRUCTURED_SSN_STRIPPED;
 		    break;
 		case 2:
 		    options |= (CL_SCAN_STRUCTURED_SSN_NORMAL | CL_SCAN_STRUCTURED_SSN_STRIPPED);
 		    break;
 		default:
 		    logg("!Invalid argument for --structured-ssn-format\n");
8770404a
 		    return 2;
5fe6e72b
 	    }
 	} else {
3f9918e1
 	    options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
5fe6e72b
 	}
 
09dc3ecb
 	if((opt = optget(opts, "structured-ssn-count"))->active) {
2accc66f
 	    if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_SSN_COUNT, opt->numarg))) {
 		logg("!cli_engine_set_num(CL_ENGINE_MIN_SSN_COUNT) failed: %s\n", cl_strerror(ret));
370892d0
 		cl_engine_free(engine);
8770404a
 		return 2;
370892d0
 	    }
 	}
5fe6e72b
 
09dc3ecb
 	if((opt = optget(opts, "structured-cc-count"))->active) {
2accc66f
 	    if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_CC_COUNT, opt->numarg))) {
 		logg("!cli_engine_set_num(CL_ENGINE_MIN_CC_COUNT) failed: %s\n", cl_strerror(ret));
370892d0
 		cl_engine_free(engine);
8770404a
 		return 2;
370892d0
 	    }
 	}
5fe6e72b
 
269d520d
     } else {
a6e38800
 	options &= ~CL_SCAN_STRUCTURED;
269d520d
     }
a6e38800
 
e3aaff8e
 #ifdef C_LINUX
d9b55a82
     procdev = (dev_t) 0;
a2a004df
     if(STAT("/proc", &sb) != -1 && !sb.st_size)
e3aaff8e
 	procdev = sb.st_dev;
 #endif
 
     /* check filetype */
c2b6681b
     if(!opts->filename && !optget(opts, "file-list")->enabled) {
2d70a403
 	/* we need full path for some reasons (eg. archive handling) */
b782aece
 	if(!getcwd(cwd, sizeof(cwd))) {
9f0e5585
 	    logg("!Can't get absolute pathname of current working directory\n");
8770404a
 	    ret = 2;
2086dc5c
 	} else {
a2a004df
 	    STAT(cwd, &sb);
8770404a
 	    scandirs(cwd, engine, opts, options, 1, sb.st_dev);
2086dc5c
 	}
2d70a403
 
c2b6681b
     } else if(opts->filename && !optget(opts, "file-list")->enabled && !strcmp(opts->filename[0], "-")) { /* read data from stdin */
269d520d
 	ret = scanstdin(engine, opts, options);
e3aaff8e
 
     } else {
c2b6681b
 	if(opts->filename && optget(opts, "file-list")->enabled)
 	    logg("^Only scanning files from --file-list (files passed at cmdline are ignored)\n");
 
 	while((filename = filelist(opts, &ret)) && (file = strdup(filename))) {
a2a004df
 	    if(LSTAT(file, &sb) == -1) {
8c57a6c1
 		logg("^%s: Can't access file\n", file);
ec6429ab
 		perror(file);
8770404a
 		ret = 2;
2d70a403
 	    } else {
1464e7a1
 		for(i = strlen(file) - 1; i > 0; i--) {
58481352
 		    if(file[i] == *PATHSEP)
ec6429ab
 			file[i] = 0;
a8b056dc
 		    else
1464e7a1
 			break;
a8b056dc
 		}
 
8c57a6c1
 		if(S_ISLNK(sb.st_mode)) {
 		    if(dirlnk == 0 && filelnk == 0) {
 			if(!printinfected)
 			    logg("%s: Symbolic link\n", file);
a2a004df
 		    } else if(STAT(file, &sb) != -1) {
8c57a6c1
 			if(S_ISREG(sb.st_mode) && filelnk) {
 			    scanfile(file, engine, opts, options);
 			} else if(S_ISDIR(sb.st_mode) && dirlnk) {
 			    scandirs(file, engine, opts, options, 1, sb.st_dev);
 			} else {
 			    if(!printinfected)
 				logg("%s: Symbolic link\n", file);
 			}
 		    }
 		} else if(S_ISREG(sb.st_mode)) {
 		    scanfile(file, engine, opts, options);
 		} else if(S_ISDIR(sb.st_mode)) {
 		    scandirs(file, engine, opts, options, 1, sb.st_dev);
 		} else {
 		    logg("^%s: Not supported file type\n", file);
 		    ret = 2;
2d70a403
 		}
 	    }
ec6429ab
 	    free(file);
e3aaff8e
 	}
     }
 
54402320
     if(optget(opts, "bytecode-statistics")->enabled) {
 	cli_sigperf_print();
 	cli_sigperf_events_destroy();
     }
 
7a2997f1
     /* free the engine */
370892d0
     cl_engine_free(engine);
e3aaff8e
 
8770404a
     /* overwrite return code - infection takes priority */
7a2997f1
     if(info.ifiles)
e3aaff8e
 	ret = 1;
8770404a
     else if(info.errors)
 	ret = 2;
e3aaff8e
 
     return ret;
 }