e3aaff8e |
/* |
c442ca9c |
* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
* Copyright (C) 2007-2013 Sourcefire, Inc. |
24555841 |
* |
2023340a |
* Authors: Tomasz Kojm, Trog |
e3aaff8e |
*
* This program is free software; you can redistribute it and/or modify |
bb34cb31 |
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. |
e3aaff8e |
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
e3aaff8e |
*
*/
|
6d6e8271 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
e3aaff8e |
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h> |
a946fc1c |
#ifdef HAVE_UNISTD_H |
e3aaff8e |
#include <unistd.h> |
a946fc1c |
#endif |
e3aaff8e |
#include <sys/types.h>
#include <sys/stat.h> |
081f6473 |
#include <dirent.h>
#ifndef _WIN32 |
e3aaff8e |
#include <sys/wait.h>
#include <sys/time.h> |
a946fc1c |
#endif |
e3aaff8e |
#include <time.h>
#include <fcntl.h> |
081f6473 |
#ifdef HAVE_PWD_H |
e3aaff8e |
#include <pwd.h> |
a946fc1c |
#endif |
e3aaff8e |
#include <errno.h> |
a946fc1c |
#include "target.h"
#ifdef HAVE_SYS_PARAM_H |
15edd45f |
#include <sys/param.h> |
a946fc1c |
#endif
#ifdef HAVE_MALLOC_H
#include <malloc.h>
#endif |
e3aaff8e |
|
f2571e34 |
#ifdef CL_THREAD_SAFE
#include <pthread.h>
#endif
|
2bb229f6 |
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2)
#include <limits.h> |
88794204 |
#include <stddef.h> |
2bb229f6 |
#endif
|
e731850d |
#ifdef HAVE_LIBXML2
#include <libxml/parser.h>
#endif
|
e3aaff8e |
#include "clamav.h"
#include "others.h" |
92f585fb |
#include "regex/regex.h" |
f5a4018b |
#include "ltdl.h" |
ab0d2f05 |
#include "matcher-ac.h" |
a6d2b523 |
#include "matcher-pcre.h" |
589d8d8e |
#include "default.h" |
435aabeb |
#include "scanners.h" |
29227461 |
#include "bytecode.h" |
3a5b31ab |
#include "bytecode_api_impl.h" |
239cdec6 |
#include "cache.h" |
b289385d |
#include "readdb.h" |
f2571e34 |
#include "stats.h" |
e3aaff8e |
|
d39cb658 |
cl_unrar_error_t (*cli_unrar_open)(const char *filename, void **hArchive, char **comment, uint32_t *comment_size, uint8_t debug_flag);
cl_unrar_error_t (*cli_unrar_peek_file_header)(void *hArchive, unrar_metadata_t *file_metadata);
cl_unrar_error_t (*cli_unrar_extract_file)(void* hArchive, const char* destPath, char *outputBuffer);
cl_unrar_error_t (*cli_unrar_skip_file)(void *hArchive);
void (*cli_unrar_close)(void *hArchive);
|
f5a4018b |
int have_rar = 0; |
7cd9337a |
static int is_rar_inited = 0; |
f5a4018b |
|
cd0a934f |
static int warn_dlerror(const char *msg)
{
const char *err = lt_dlerror();
if (err)
cli_warnmsg("%s: %s\n", msg, err);
else
cli_warnmsg("%s\n", err);
return 0;
} |
f5a4018b |
|
00c3dfe5 |
#if 0 |
cd0a934f |
#define lt_preload_symbols lt_libclamav_LTX_preloaded_symbols
extern const lt_dlsymlist lt_preload_symbols[]; |
00c3dfe5 |
#endif |
cd0a934f |
static int lt_init(void) { |
00c3dfe5 |
#if 0
/* doesn't work yet */ |
cd0a934f |
if (lt_dlpreload_default(lt_preload_symbols)) {
warn_dlerror("Cannot init ltdl preloaded symbols");
/* not fatal */
} |
00c3dfe5 |
#endif |
f5a4018b |
if(lt_dlinit()) { |
cd0a934f |
warn_dlerror("Cannot init ltdl - unrar support unavailable");
return -1;
}
return 0;
}
|
7fdecc02 |
#define PASTE2(a,b) a#b
#define PASTE(a,b) PASTE2(a,b) |
0b44bb9f |
|
cd0a934f |
static lt_dlhandle lt_dlfind(const char *name, const char *featurename)
{
static const char *suffixes[] = {
LT_MODULE_EXT"."LIBCLAMAV_FULLVER, |
0b44bb9f |
PASTE(LT_MODULE_EXT".", LIBCLAMAV_MAJORVER), |
cd0a934f |
LT_MODULE_EXT,
"."LT_LIBEXT
};
const char *searchpath;
const lt_dlinfo *info;
char modulename[128];
lt_dlhandle rhandle;
unsigned i;
if (lt_dladdsearchdir(SEARCH_LIBDIR)) {
cli_dbgmsg("lt_dladdsearchdir failed for %s\n", SEARCH_LIBDIR); |
f5a4018b |
} |
cd0a934f |
searchpath = lt_dlgetsearchpath();
if (!searchpath)
searchpath = "";
cli_dbgmsg("searching for %s, user-searchpath: %s\n", featurename, searchpath);
for (i = 0; i < sizeof(suffixes)/sizeof(suffixes[0]); i++) {
snprintf(modulename, sizeof(modulename), "%s%s", name, suffixes[i]);
rhandle = lt_dlopen(modulename);
if (rhandle)
break;
cli_dbgmsg("searching for %s: %s not found\n", featurename, modulename);
}
|
33d52089 |
if (!rhandle) { |
cd0a934f |
const char *err = lt_dlerror();
if (!err) err = ""; |
33d52089 |
#ifdef WARN_DLOPEN_FAIL |
cd0a934f |
cli_warnmsg("Cannot dlopen %s: %s - %s support unavailable\n", name, err, featurename); |
33d52089 |
#else |
cd0a934f |
cli_dbgmsg("Cannot dlopen %s: %s - %s support unavailable\n", name, err, featurename); |
33d52089 |
#endif |
cd0a934f |
return rhandle; |
f5a4018b |
} |
cd0a934f |
info = lt_dlgetinfo(rhandle);
if (info)
cli_dbgmsg("%s support loaded from %s %s\n", featurename, info->filename ? info->filename : "?", info->name ? info->name : "");
return rhandle;
}
static void cli_rarload(void) {
lt_dlhandle rhandle;
|
7cd9337a |
if(is_rar_inited) return;
is_rar_inited = 1; |
cd0a934f |
|
6a591aa4 |
if(have_rar) return;
|
cd0a934f |
rhandle = lt_dlfind("libclamunrar_iface", "unrar");
if (!rhandle)
return;
|
d39cb658 |
if (!(cli_unrar_open = (cl_unrar_error_t(*)(const char *, void **, char **, uint32_t *, uint8_t))lt_dlsym(rhandle, "libclamunrar_iface_LTX_unrar_open")) ||
!(cli_unrar_peek_file_header = (cl_unrar_error_t(*)(void *, unrar_metadata_t *))lt_dlsym(rhandle, "libclamunrar_iface_LTX_unrar_peek_file_header")) ||
!(cli_unrar_extract_file = (cl_unrar_error_t(*)(void*, const char*, char*))lt_dlsym(rhandle, "libclamunrar_iface_LTX_unrar_extract_file")) ||
!(cli_unrar_skip_file = (cl_unrar_error_t(*)(void *))lt_dlsym(rhandle, "libclamunrar_iface_LTX_unrar_skip_file")) ||
!(cli_unrar_close = (void(*)(void *))lt_dlsym(rhandle, "libclamunrar_iface_LTX_unrar_close")) |
f5a4018b |
) {
/* ideally we should never land here, we'd better warn so */
cli_warnmsg("Cannot resolve: %s (version mismatch?) - unrar support unavailable\n", lt_dlerror());
return;
}
have_rar = 1;
} |
a7ac5978 |
|
d4d14218 |
void cl_debug(void)
{
cli_debug_flag = 1; |
e3aaff8e |
}
|
3ca11170 |
void cl_always_gen_section_hash(void)
{
cli_always_gen_section_hash = 1;
}
|
b5134815 |
unsigned int cl_retflevel(void) |
a3ee0766 |
{
return CL_FLEVEL;
}
|
68a6f51f |
const char *cl_strerror(int clerror) |
e3aaff8e |
{
switch(clerror) { |
871177cd |
/* libclamav specific codes */ |
e3aaff8e |
case CL_CLEAN: |
ac75a532 |
return "No viruses detected"; |
e3aaff8e |
case CL_VIRUS: |
ac75a532 |
return "Virus(es) detected"; |
871177cd |
case CL_ENULLARG:
return "Null argument passed to function"; |
2accc66f |
case CL_EARG:
return "Invalid argument passed to function"; |
e3aaff8e |
case CL_EMALFDB: |
ac75a532 |
return "Malformed database"; |
d9e258d5 |
case CL_ECVD: |
ac75a532 |
return "Broken or not a CVD file"; |
871177cd |
case CL_EVERIFY:
return "Can't verify database integrity";
case CL_EUNPACK:
return "Can't unpack some data"; |
b44fb658 |
case CL_EPARSE: /* like CL_EFORMAT but reported outside magicscan() */
return "Can't parse data"; |
871177cd |
/* I/O and memory errors */
case CL_EOPEN:
return "Can't open file or directory";
case CL_ECREAT:
return "Can't create new file";
case CL_EUNLINK:
return "Can't unlink file";
case CL_ESTAT:
return "Can't get file status";
case CL_EREAD:
return "Can't read file";
case CL_ESEEK:
return "Can't set file offset";
case CL_EWRITE:
return "Can't write to file";
case CL_EDUP:
return "Can't duplicate file descriptor";
case CL_EACCES:
return "Can't access file";
case CL_ETMPFILE:
return "Can't create temporary file";
case CL_ETMPDIR:
return "Can't create temporary directory";
case CL_EMAP:
return "Can't map file into memory";
case CL_EMEM:
return "Can't allocate memory"; |
40933773 |
case CL_ETIMEOUT: |
0359cc57 |
return "CL_ETIMEOUT: Time limit reached"; |
81d06055 |
/* internal (needed for debug messages) */
case CL_EMAXREC:
return "CL_EMAXREC";
case CL_EMAXSIZE:
return "CL_EMAXSIZE";
case CL_EMAXFILES:
return "CL_EMAXFILES";
case CL_EFORMAT:
return "CL_EFORMAT: Bad format or broken data"; |
8c0933ce |
case CL_EBYTECODE: |
769f37a6 |
return "Error during bytecode execution"; |
927d0548 |
case CL_EBYTECODE_TESTFAIL: |
769f37a6 |
return "Failure in bytecode testmode"; |
1f87ea8f |
case CL_ELOCK:
return "Mutex lock failed";
case CL_EBUSY:
return "Scanner still active";
case CL_ESTATE:
return "Bad state (engine not initialized, or already initialized)"; |
e3aaff8e |
default: |
ac75a532 |
return "Unknown error code"; |
e3aaff8e |
}
}
|
2accc66f |
int cl_init(unsigned int initoptions) |
724b2bf7 |
{ |
46e2863c |
int rc; |
53e8cd6f |
struct timeval tv;
unsigned int pid = (unsigned int) getpid();
|
cd94be7a |
UNUSEDPARAM(initoptions);
|
78ee2250 |
cl_initialize_crypto();
|
724b2bf7 |
/* put dlopen() stuff here, etc. */ |
cd0a934f |
if (lt_init() == 0) {
cli_rarload();
} |
53e8cd6f |
gettimeofday(&tv, (struct timezone *) 0); |
7037f4ee |
srand(pid + tv.tv_usec*(pid+1) + clock()); |
d1487222 |
rc = bytecode_init();
if (rc)
return rc; |
5a43ac17 |
#ifdef HAVE_LIBXML2
xmlInitParser();
#endif |
724b2bf7 |
return CL_SUCCESS;
}
|
b8fe70b3 |
struct cl_engine *cl_engine_new(void) |
724b2bf7 |
{ |
d03c18be |
struct cl_engine *new; |
f2571e34 |
cli_intel_t *intel; |
724b2bf7 |
new = (struct cl_engine *) cli_calloc(1, sizeof(struct cl_engine));
if(!new) {
cli_errmsg("cl_engine_new: Can't allocate memory for cl_engine\n");
return NULL;
}
/* Setup default limits */ |
0359cc57 |
new->maxscantime = CLI_DEFAULT_MAXSCANTIME; |
589d8d8e |
new->maxscansize = CLI_DEFAULT_MAXSCANSIZE;
new->maxfilesize = CLI_DEFAULT_MAXFILESIZE;
new->maxreclevel = CLI_DEFAULT_MAXRECLEVEL;
new->maxfiles = CLI_DEFAULT_MAXFILES;
new->min_cc_count = CLI_DEFAULT_MIN_CC_COUNT;
new->min_ssn_count = CLI_DEFAULT_MIN_SSN_COUNT; |
b2726a53 |
/* Engine Max sizes */
new->maxembeddedpe = CLI_DEFAULT_MAXEMBEDDEDPE;
new->maxhtmlnormalize = CLI_DEFAULT_MAXHTMLNORMALIZE;
new->maxhtmlnotags = CLI_DEFAULT_MAXHTMLNOTAGS;
new->maxscriptnormalize = CLI_DEFAULT_MAXSCRIPTNORMALIZE;
new->maxziptypercg = CLI_DEFAULT_MAXZIPTYPERCG; |
724b2bf7 |
|
be43f951 |
new->bytecode_security = CL_BYTECODE_TRUST_SIGNED; |
b63681a5 |
/* 5 seconds timeout */ |
12876d3c |
new->bytecode_timeout = 60000; |
927d0548 |
new->bytecode_mode = CL_BYTECODE_MODE_AUTO; |
724b2bf7 |
new->refcount = 1; |
ab0d2f05 |
new->ac_only = 0; |
589d8d8e |
new->ac_mindepth = CLI_DEFAULT_AC_MINDEPTH;
new->ac_maxdepth = CLI_DEFAULT_AC_MAXDEPTH; |
724b2bf7 |
#ifdef USE_MPOOL |
47d40feb |
if(!(new->mempool = mpool_create())) { |
724b2bf7 |
cli_errmsg("cl_engine_new: Can't allocate memory for memory pool\n");
free(new);
return NULL;
}
#endif
|
47d40feb |
new->root = mpool_calloc(new->mempool, CLI_MTARGETS, sizeof(struct cli_matcher *)); |
724b2bf7 |
if(!new->root) {
cli_errmsg("cl_engine_new: Can't allocate memory for roots\n");
#ifdef USE_MPOOL |
47d40feb |
mpool_destroy(new->mempool); |
724b2bf7 |
#endif
free(new);
return NULL;
}
|
47d40feb |
new->dconf = cli_mpool_dconf_init(new->mempool); |
724b2bf7 |
if(!new->dconf) {
cli_errmsg("cl_engine_new: Can't initialize dynamic configuration\n"); |
47d40feb |
mpool_free(new->mempool, new->root); |
724b2bf7 |
#ifdef USE_MPOOL |
47d40feb |
mpool_destroy(new->mempool); |
724b2bf7 |
#endif
free(new);
return NULL;
}
|
038cb67a |
new->pwdbs = mpool_calloc(new->mempool, CLI_PWDB_COUNT, sizeof(struct cli_pwdb *));
if (!new->pwdbs) {
cli_errmsg("cl_engine_new: Can't initialize password databases\n");
mpool_free(new->mempool, new->dconf);
mpool_free(new->mempool, new->root);
#ifdef USE_MPOOL |
4fd82eb0 |
mpool_destroy(new->mempool); |
038cb67a |
#endif
free(new); |
4fd82eb0 |
return NULL; |
038cb67a |
}
|
56b4f4b0 |
crtmgr_init(&(new->cmgr));
if(crtmgr_add_roots(new, &(new->cmgr))) { |
2501f747 |
cli_errmsg("cl_engine_new: Can't initialize root certificates\n"); |
038cb67a |
mpool_free(new->mempool, new->pwdbs); |
2501f747 |
mpool_free(new->mempool, new->dconf);
mpool_free(new->mempool, new->root);
#ifdef USE_MPOOL
mpool_destroy(new->mempool);
#endif
free(new);
return NULL;
} |
8997495d |
|
f2571e34 |
/* Set up default stats/intel gathering callbacks */
intel = cli_calloc(1, sizeof(cli_intel_t)); |
e198df77 |
if ((intel)) { |
f2571e34 |
#ifdef CL_THREAD_SAFE |
e198df77 |
if (pthread_mutex_init(&(intel->mutex), NULL)) {
cli_errmsg("cli_engine_new: Cannot initialize stats gathering mutex\n"); |
038cb67a |
mpool_free(new->mempool, new->pwdbs); |
e198df77 |
mpool_free(new->mempool, new->dconf);
mpool_free(new->mempool, new->root); |
f2571e34 |
#ifdef USE_MPOOL |
e198df77 |
mpool_destroy(new->mempool); |
f2571e34 |
#endif |
e198df77 |
free(new);
free(intel);
return NULL;
} |
f2571e34 |
#endif |
e198df77 |
intel->engine = new;
intel->maxsamples = STATS_MAX_SAMPLES;
intel->maxmem = STATS_MAX_MEM;
intel->timeout = 10;
new->stats_data = intel;
} else {
new->stats_data = NULL;
}
|
d47db07a |
new->cb_stats_add_sample = NULL;
new->cb_stats_submit = NULL; |
f2571e34 |
new->cb_stats_flush = clamav_stats_flush; |
4473a0a9 |
new->cb_stats_remove_sample = clamav_stats_remove_sample;
new->cb_stats_decrement_count = clamav_stats_decrement_count;
new->cb_stats_get_num = clamav_stats_get_num;
new->cb_stats_get_size = clamav_stats_get_size; |
c8bf9b6c |
new->cb_stats_get_hostid = clamav_stats_get_hostid; |
f2571e34 |
|
067bce5f |
/* Setup raw disk image max settings */
new->maxpartitions = CLI_DEFAULT_MAXPARTITIONS;
/* Engine max settings */
new->maxiconspe = CLI_DEFAULT_MAXICONSPE; |
731c8e62 |
new->maxrechwp3 = CLI_DEFAULT_MAXRECHWP3; |
97fbb02b |
|
9bc7c138 |
/* PCRE matching limitations */ |
7af020b2 |
#if HAVE_PCRE |
effb4f51 |
cli_pcre_init(); |
7af020b2 |
#endif |
9bc7c138 |
new->pcre_match_limit = CLI_DEFAULT_PCRE_MATCH_LIMIT;
new->pcre_recmatch_limit = CLI_DEFAULT_PCRE_RECMATCH_LIMIT; |
37415732 |
new->pcre_max_filesize = CLI_DEFAULT_PCRE_MAX_FILESIZE; |
9bc7c138 |
|
baeb6253 |
#ifdef HAVE_YARA
|
ac0cbde8 |
/* YARA */ |
b6ad4322 |
if (cli_yara_init(new) != CL_SUCCESS) { |
5842265f |
cli_errmsg("cli_engine_new: failed to initialize YARA\n"); |
038cb67a |
mpool_free(new->mempool, new->pwdbs); |
d03c18be |
mpool_free(new->mempool, new->dconf);
mpool_free(new->mempool, new->root);
#ifdef USE_MPOOL
mpool_destroy(new->mempool);
#endif
free(new);
free(intel);
return NULL;
}
|
baeb6253 |
#endif
|
724b2bf7 |
cli_dbgmsg("Initialized %s engine\n", cl_retver());
return new;
}
|
2accc66f |
int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long long num) |
c45c4c3d |
{ |
2accc66f |
if(!engine) |
c45c4c3d |
return CL_ENULLARG;
|
2accc66f |
/* TODO: consider adding checks and warn/errs when num overflows the
* destination type
*/ |
c45c4c3d |
switch(field) {
case CL_ENGINE_MAX_SCANSIZE: |
2accc66f |
engine->maxscansize = num; |
c45c4c3d |
break;
case CL_ENGINE_MAX_FILESIZE: |
2accc66f |
engine->maxfilesize = num; |
c45c4c3d |
break;
case CL_ENGINE_MAX_RECURSION: |
81c1e5f5 |
if(!num) {
cli_warnmsg("MaxRecursion: the value of 0 is not allowed, using default: %u\n", CLI_DEFAULT_MAXRECLEVEL);
engine->maxreclevel = CLI_DEFAULT_MAXRECLEVEL;
} else
engine->maxreclevel = num; |
c45c4c3d |
break;
case CL_ENGINE_MAX_FILES: |
2accc66f |
engine->maxfiles = num; |
c45c4c3d |
break; |
b2726a53 |
case CL_ENGINE_MAX_EMBEDDEDPE:
if(num < 0) {
cli_warnmsg("MaxEmbeddedPE: negative values are not allowed, using default: %u\n", CLI_DEFAULT_MAXEMBEDDEDPE);
engine->maxembeddedpe = CLI_DEFAULT_MAXEMBEDDEDPE;
} else
engine->maxembeddedpe = num;
break;
case CL_ENGINE_MAX_HTMLNORMALIZE:
if(num < 0) {
cli_warnmsg("MaxHTMLNormalize: negative values are not allowed, using default: %u\n", CLI_DEFAULT_MAXHTMLNORMALIZE);
engine->maxhtmlnormalize = CLI_DEFAULT_MAXHTMLNORMALIZE;
} else
engine->maxhtmlnormalize = num;
break;
case CL_ENGINE_MAX_HTMLNOTAGS:
if(num < 0) {
cli_warnmsg("MaxHTMLNoTags: negative values are not allowed, using default: %u\n", CLI_DEFAULT_MAXHTMLNOTAGS);
engine->maxhtmlnotags = CLI_DEFAULT_MAXHTMLNOTAGS;
} else
engine->maxhtmlnotags = num;
break;
case CL_ENGINE_MAX_SCRIPTNORMALIZE:
if(num < 0) {
cli_warnmsg("MaxScriptNormalize: negative values are not allowed, using default: %u\n", CLI_DEFAULT_MAXSCRIPTNORMALIZE);
engine->maxscriptnormalize = CLI_DEFAULT_MAXSCRIPTNORMALIZE;
} else
engine->maxscriptnormalize = num;
break;
case CL_ENGINE_MAX_ZIPTYPERCG:
if(num < 0) {
cli_warnmsg("MaxZipTypeRcg: negative values are not allowed, using default: %u\n", CLI_DEFAULT_MAXZIPTYPERCG);
engine->maxziptypercg = CLI_DEFAULT_MAXZIPTYPERCG;
} else
engine->maxziptypercg = num;
break; |
c45c4c3d |
case CL_ENGINE_MIN_CC_COUNT: |
2accc66f |
engine->min_cc_count = num; |
c45c4c3d |
break;
case CL_ENGINE_MIN_SSN_COUNT: |
2accc66f |
engine->min_ssn_count = num; |
c45c4c3d |
break; |
6396a96a |
case CL_ENGINE_DB_OPTIONS: |
370892d0 |
case CL_ENGINE_DB_VERSION:
case CL_ENGINE_DB_TIME: |
2accc66f |
cli_warnmsg("cl_engine_set_num: The field is read only\n");
return CL_EARG; |
ab0d2f05 |
case CL_ENGINE_AC_ONLY: |
2accc66f |
engine->ac_only = num; |
ab0d2f05 |
break;
case CL_ENGINE_AC_MINDEPTH: |
2accc66f |
engine->ac_mindepth = num; |
ab0d2f05 |
break;
case CL_ENGINE_AC_MAXDEPTH: |
2accc66f |
engine->ac_maxdepth = num; |
33068e09 |
break;
case CL_ENGINE_KEEPTMP: |
2accc66f |
engine->keeptmp = num; |
33068e09 |
break; |
3cab931d |
case CL_ENGINE_FORCETODISK:
if(num) |
f456c5ad |
engine->engine_options |= ENGINE_OPTIONS_FORCE_TO_DISK; |
3cab931d |
else |
f456c5ad |
engine->engine_options &= ~(ENGINE_OPTIONS_FORCE_TO_DISK); |
3cab931d |
break; |
be43f951 |
case CL_ENGINE_BYTECODE_SECURITY: |
927d0548 |
if (engine->dboptions & CL_DB_COMPILED) {
cli_errmsg("cl_engine_set_num: CL_ENGINE_BYTECODE_SECURITY cannot be set after engine was compiled\n");
return CL_EARG;
} |
be43f951 |
engine->bytecode_security = num;
break; |
b63681a5 |
case CL_ENGINE_BYTECODE_TIMEOUT:
engine->bytecode_timeout = num;
break; |
927d0548 |
case CL_ENGINE_BYTECODE_MODE:
if (engine->dboptions & CL_DB_COMPILED) {
cli_errmsg("cl_engine_set_num: CL_ENGINE_BYTECODE_MODE cannot be set after engine was compiled\n");
return CL_EARG;
}
if (num == CL_BYTECODE_MODE_OFF) {
cli_errmsg("cl_engine_set_num: CL_BYTECODE_MODE_OFF is not settable, use dboptions to turn off!\n"); |
769f37a6 |
return CL_EARG; |
927d0548 |
}
engine->bytecode_mode = num; |
769f37a6 |
if (num == CL_BYTECODE_MODE_TEST)
cli_infomsg(NULL, "bytecode engine in test mode\n"); |
927d0548 |
break; |
9caa235b |
case CL_ENGINE_DISABLE_CACHE:
if (num) {
engine->engine_options |= ENGINE_OPTIONS_DISABLE_CACHE;
} else {
engine->engine_options &= ~(ENGINE_OPTIONS_DISABLE_CACHE);
if (!(engine->cache))
cli_cache_init(engine);
}
break;
case CL_ENGINE_DISABLE_PE_STATS:
if (num) {
engine->engine_options |= ENGINE_OPTIONS_DISABLE_PE_STATS;
} else {
engine->engine_options &= ~(ENGINE_OPTIONS_DISABLE_PE_STATS);
}
break;
case CL_ENGINE_STATS_TIMEOUT:
if ((engine->stats_data)) {
cli_intel_t *intel = (cli_intel_t *)(engine->stats_data);
intel->timeout = (uint32_t)num;
}
break;
case CL_ENGINE_MAX_PARTITIONS:
engine->maxpartitions = (uint32_t)num;
break; |
067bce5f |
case CL_ENGINE_MAX_ICONSPE: |
9bc7c138 |
engine->maxiconspe = (uint32_t)num;
break; |
5eaf0b32 |
case CL_ENGINE_MAX_RECHWP3: |
731c8e62 |
engine->maxrechwp3 = (uint32_t)num;
break; |
0359cc57 |
case CL_ENGINE_MAX_SCANTIME:
engine->maxscantime = (uint32_t)num;
break; |
9bc7c138 |
case CL_ENGINE_PCRE_MATCH_LIMIT:
engine->pcre_match_limit = (uint64_t)num;
break;
case CL_ENGINE_PCRE_RECMATCH_LIMIT:
engine->pcre_recmatch_limit = (uint64_t)num;
break; |
37415732 |
case CL_ENGINE_PCRE_MAX_FILESIZE:
engine->pcre_max_filesize = (uint64_t)num;
break; |
5eaf0b32 |
case CL_ENGINE_DISABLE_PE_CERTS:
if (num) {
engine->engine_options |= ENGINE_OPTIONS_DISABLE_PE_CERTS;
} else {
engine->engine_options &= ~(ENGINE_OPTIONS_DISABLE_PE_CERTS);
}
break;
case CL_ENGINE_PE_DUMPCERTS:
if (num) {
engine->engine_options |= ENGINE_OPTIONS_PE_DUMPCERTS;
} else {
engine->engine_options &= ~(ENGINE_OPTIONS_PE_DUMPCERTS);
}
break; |
c45c4c3d |
default: |
2accc66f |
cli_errmsg("cl_engine_set_num: Incorrect field number\n");
return CL_EARG; |
c45c4c3d |
}
return CL_SUCCESS;
}
|
2accc66f |
long long cl_engine_get_num(const struct cl_engine *engine, enum cl_engine_field field, int *err) |
c45c4c3d |
{ |
2accc66f |
if(!engine) {
cli_errmsg("cl_engine_get_num: engine == NULL\n");
if(err)
*err = CL_ENULLARG;
return -1;
}
if(err)
*err = CL_SUCCESS; |
c45c4c3d |
switch(field) { |
6396a96a |
case CL_ENGINE_DB_OPTIONS:
return engine->dboptions; |
c45c4c3d |
case CL_ENGINE_MAX_SCANSIZE: |
2accc66f |
return engine->maxscansize; |
c45c4c3d |
case CL_ENGINE_MAX_FILESIZE: |
2accc66f |
return engine->maxfilesize; |
c45c4c3d |
case CL_ENGINE_MAX_RECURSION: |
2accc66f |
return engine->maxreclevel; |
c45c4c3d |
case CL_ENGINE_MAX_FILES: |
2accc66f |
return engine->maxfiles; |
b2726a53 |
case CL_ENGINE_MAX_EMBEDDEDPE:
return engine->maxembeddedpe;
case CL_ENGINE_MAX_HTMLNORMALIZE:
return engine->maxhtmlnormalize;
case CL_ENGINE_MAX_HTMLNOTAGS:
return engine->maxhtmlnotags;
case CL_ENGINE_MAX_SCRIPTNORMALIZE:
return engine->maxscriptnormalize;
case CL_ENGINE_MAX_ZIPTYPERCG:
return engine->maxziptypercg; |
c45c4c3d |
case CL_ENGINE_MIN_CC_COUNT: |
2accc66f |
return engine->min_cc_count; |
c45c4c3d |
case CL_ENGINE_MIN_SSN_COUNT: |
2accc66f |
return engine->min_ssn_count; |
370892d0 |
case CL_ENGINE_DB_VERSION: |
2accc66f |
return engine->dbversion[0]; |
370892d0 |
case CL_ENGINE_DB_TIME: |
2accc66f |
return engine->dbversion[1]; |
ab0d2f05 |
case CL_ENGINE_AC_ONLY: |
2accc66f |
return engine->ac_only; |
ab0d2f05 |
case CL_ENGINE_AC_MINDEPTH: |
2accc66f |
return engine->ac_mindepth; |
ab0d2f05 |
case CL_ENGINE_AC_MAXDEPTH: |
2accc66f |
return engine->ac_maxdepth;
case CL_ENGINE_KEEPTMP:
return engine->keeptmp; |
3cab931d |
case CL_ENGINE_FORCETODISK: |
f456c5ad |
return engine->engine_options & ENGINE_OPTIONS_FORCE_TO_DISK; |
927d0548 |
case CL_ENGINE_BYTECODE_SECURITY:
return engine->bytecode_security;
case CL_ENGINE_BYTECODE_TIMEOUT:
return engine->bytecode_timeout;
case CL_ENGINE_BYTECODE_MODE:
return engine->bytecode_mode; |
9caa235b |
case CL_ENGINE_DISABLE_CACHE:
return engine->engine_options & ENGINE_OPTIONS_DISABLE_CACHE;
case CL_ENGINE_STATS_TIMEOUT:
return ((cli_intel_t *)(engine->stats_data))->timeout;
case CL_ENGINE_MAX_PARTITIONS:
return engine->maxpartitions; |
067bce5f |
case CL_ENGINE_MAX_ICONSPE:
return engine->maxiconspe; |
731c8e62 |
case CL_ENGINE_MAX_RECHWP3:
return engine->maxrechwp3; |
0359cc57 |
case CL_ENGINE_MAX_SCANTIME:
return engine->maxscantime; |
9bc7c138 |
case CL_ENGINE_PCRE_MATCH_LIMIT:
return engine->pcre_match_limit;
case CL_ENGINE_PCRE_RECMATCH_LIMIT:
return engine->pcre_recmatch_limit; |
37415732 |
case CL_ENGINE_PCRE_MAX_FILESIZE:
return engine->pcre_max_filesize; |
2accc66f |
default:
cli_errmsg("cl_engine_get: Incorrect field number\n");
if(err)
*err = CL_EARG;
return -1;
}
}
int cl_engine_set_str(struct cl_engine *engine, enum cl_engine_field field, const char *str)
{
if(!engine)
return CL_ENULLARG;
switch(field) {
case CL_ENGINE_PUA_CATEGORIES:
engine->pua_cats = cli_mpool_strdup(engine->mempool, str);
if(!engine->pua_cats)
return CL_EMEM; |
ab0d2f05 |
break; |
33068e09 |
case CL_ENGINE_TMPDIR: |
2accc66f |
engine->tmpdir = cli_mpool_strdup(engine->mempool, str);
if(!engine->tmpdir)
return CL_EMEM; |
33068e09 |
break; |
c45c4c3d |
default: |
2accc66f |
cli_errmsg("cl_engine_set_num: Incorrect field number\n");
return CL_EARG; |
c45c4c3d |
}
return CL_SUCCESS;
}
|
2accc66f |
const char *cl_engine_get_str(const struct cl_engine *engine, enum cl_engine_field field, int *err)
{
if(!engine) {
cli_errmsg("cl_engine_get_str: engine == NULL\n");
if(err)
*err = CL_ENULLARG;
return NULL;
}
if(err)
*err = CL_SUCCESS;
switch(field) {
case CL_ENGINE_PUA_CATEGORIES:
return engine->pua_cats;
case CL_ENGINE_TMPDIR:
return engine->tmpdir;
default:
cli_errmsg("cl_engine_get: Incorrect field number\n");
if(err)
*err = CL_EARG;
return NULL;
}
}
|
99f817e7 |
struct cl_settings *cl_engine_settings_copy(const struct cl_engine *engine)
{
struct cl_settings *settings;
settings = (struct cl_settings *) malloc(sizeof(struct cl_settings)); |
241e7eb1 |
if(!settings) { |
059ca614 |
cli_errmsg("cl_engine_settings_copy: Unable to allocate memory for settings %llu\n",
(long long unsigned)sizeof(struct cl_settings)); |
241e7eb1 |
return NULL;
} |
99f817e7 |
settings->ac_only = engine->ac_only;
settings->ac_mindepth = engine->ac_mindepth;
settings->ac_maxdepth = engine->ac_maxdepth;
settings->tmpdir = engine->tmpdir ? strdup(engine->tmpdir) : NULL;
settings->keeptmp = engine->keeptmp; |
0359cc57 |
settings->maxscantime = engine->maxscantime; |
99f817e7 |
settings->maxscansize = engine->maxscansize;
settings->maxfilesize = engine->maxfilesize;
settings->maxreclevel = engine->maxreclevel;
settings->maxfiles = engine->maxfiles; |
b2726a53 |
settings->maxembeddedpe = engine->maxembeddedpe;
settings->maxhtmlnormalize = engine->maxhtmlnormalize;
settings->maxhtmlnotags = engine->maxhtmlnotags;
settings->maxscriptnormalize = engine->maxscriptnormalize;
settings->maxziptypercg = engine->maxziptypercg; |
99f817e7 |
settings->min_cc_count = engine->min_cc_count;
settings->min_ssn_count = engine->min_ssn_count; |
df6ce9ab |
settings->bytecode_security = engine->bytecode_security;
settings->bytecode_timeout = engine->bytecode_timeout;
settings->bytecode_mode = engine->bytecode_mode; |
99f817e7 |
settings->pua_cats = engine->pua_cats ? strdup(engine->pua_cats) : NULL;
|
a217d9a7 |
settings->cb_pre_cache = engine->cb_pre_cache; |
2e3e4acc |
settings->cb_pre_scan = engine->cb_pre_scan;
settings->cb_post_scan = engine->cb_post_scan; |
1f1bf36b |
settings->cb_virus_found = engine->cb_virus_found; |
2e3e4acc |
settings->cb_sigload = engine->cb_sigload;
settings->cb_sigload_ctx = engine->cb_sigload_ctx;
settings->cb_hash = engine->cb_hash; |
ad9eee77 |
settings->cb_meta = engine->cb_meta; |
152a0e39 |
settings->cb_file_props = engine->cb_file_props; |
f456c5ad |
settings->engine_options = engine->engine_options; |
2e3e4acc |
|
a1094954 |
settings->cb_stats_add_sample = engine->cb_stats_add_sample;
settings->cb_stats_remove_sample = engine->cb_stats_remove_sample;
settings->cb_stats_decrement_count = engine->cb_stats_decrement_count;
settings->cb_stats_submit = engine->cb_stats_submit;
settings->cb_stats_flush = engine->cb_stats_flush;
settings->cb_stats_get_num = engine->cb_stats_get_num;
settings->cb_stats_get_size = engine->cb_stats_get_size;
settings->cb_stats_get_hostid = engine->cb_stats_get_hostid;
|
97fbb02b |
settings->maxpartitions = engine->maxpartitions;
|
067bce5f |
settings->maxiconspe = engine->maxiconspe; |
731c8e62 |
settings->maxrechwp3 = engine->maxrechwp3; |
067bce5f |
|
9bc7c138 |
settings->pcre_match_limit = engine->pcre_match_limit;
settings->pcre_recmatch_limit = engine->pcre_recmatch_limit; |
37415732 |
settings->pcre_max_filesize = engine->pcre_max_filesize; |
9bc7c138 |
|
99f817e7 |
return settings;
}
int cl_engine_settings_apply(struct cl_engine *engine, const struct cl_settings *settings)
{
engine->ac_only = settings->ac_only;
engine->ac_mindepth = settings->ac_mindepth;
engine->ac_maxdepth = settings->ac_maxdepth;
engine->keeptmp = settings->keeptmp; |
0359cc57 |
engine->maxscantime = settings->maxscantime; |
99f817e7 |
engine->maxscansize = settings->maxscansize;
engine->maxfilesize = settings->maxfilesize;
engine->maxreclevel = settings->maxreclevel;
engine->maxfiles = settings->maxfiles; |
b2726a53 |
engine->maxembeddedpe = settings->maxembeddedpe;
engine->maxhtmlnormalize = settings->maxhtmlnormalize;
engine->maxhtmlnotags = settings->maxhtmlnotags;
engine->maxscriptnormalize = settings->maxscriptnormalize;
engine->maxziptypercg = settings->maxziptypercg; |
99f817e7 |
engine->min_cc_count = settings->min_cc_count;
engine->min_ssn_count = settings->min_ssn_count; |
df6ce9ab |
engine->bytecode_security = settings->bytecode_security;
engine->bytecode_timeout = settings->bytecode_timeout;
engine->bytecode_mode = settings->bytecode_mode; |
f456c5ad |
engine->engine_options = settings->engine_options; |
99f817e7 |
if(engine->tmpdir)
mpool_free(engine->mempool, engine->tmpdir);
if(settings->tmpdir) {
engine->tmpdir = cli_mpool_strdup(engine->mempool, settings->tmpdir);
if(!engine->tmpdir)
return CL_EMEM;
} else {
engine->tmpdir = NULL;
}
if(engine->pua_cats)
mpool_free(engine->mempool, engine->pua_cats);
if(settings->pua_cats) {
engine->pua_cats = cli_mpool_strdup(engine->mempool, settings->pua_cats);
if(!engine->pua_cats)
return CL_EMEM;
} else {
engine->pua_cats = NULL;
}
|
a217d9a7 |
engine->cb_pre_cache = settings->cb_pre_cache; |
2e3e4acc |
engine->cb_pre_scan = settings->cb_pre_scan;
engine->cb_post_scan = settings->cb_post_scan; |
1f1bf36b |
engine->cb_virus_found = settings->cb_virus_found; |
2e3e4acc |
engine->cb_sigload = settings->cb_sigload;
engine->cb_sigload_ctx = settings->cb_sigload_ctx;
engine->cb_hash = settings->cb_hash; |
ad9eee77 |
engine->cb_meta = settings->cb_meta; |
152a0e39 |
engine->cb_file_props = settings->cb_file_props; |
2e3e4acc |
|
a1094954 |
engine->cb_stats_add_sample = settings->cb_stats_add_sample;
engine->cb_stats_remove_sample = settings->cb_stats_remove_sample;
engine->cb_stats_decrement_count = settings->cb_stats_decrement_count;
engine->cb_stats_submit = settings->cb_stats_submit;
engine->cb_stats_flush = settings->cb_stats_flush;
engine->cb_stats_get_num = settings->cb_stats_get_num;
engine->cb_stats_get_size = settings->cb_stats_get_size;
engine->cb_stats_get_hostid = settings->cb_stats_get_hostid;
|
97fbb02b |
engine->maxpartitions = settings->maxpartitions;
|
067bce5f |
engine->maxiconspe = settings->maxiconspe; |
731c8e62 |
engine->maxrechwp3 = settings->maxrechwp3; |
067bce5f |
|
9bc7c138 |
engine->pcre_match_limit = settings->pcre_match_limit;
engine->pcre_recmatch_limit = settings->pcre_recmatch_limit; |
37415732 |
engine->pcre_max_filesize = settings->pcre_max_filesize; |
9bc7c138 |
|
99f817e7 |
return CL_SUCCESS;
}
int cl_engine_settings_free(struct cl_settings *settings)
{
if(!settings)
return CL_ENULLARG;
free(settings->tmpdir);
free(settings->pua_cats);
free(settings);
return CL_SUCCESS;
}
|
312b7e53 |
void cli_check_blockmax(cli_ctx *ctx, int rc)
{ |
d7979d4f |
if (SCAN_HEURISTIC_EXCEEDS_MAX && !ctx->limit_exceeded) {
cli_append_virus (ctx, "Heuristics.Limits.Exceeded"); |
312b7e53 |
ctx->limit_exceeded = 1;
cli_dbgmsg ("Limit %s Exceeded: scanning may be incomplete and additional analysis needed for this file.\n",
cl_strerror(rc));
}
}
|
0359cc57 |
cl_error_t cli_checklimits(const char *who, cli_ctx *ctx, unsigned long need1, unsigned long need2, unsigned long need3)
{
cl_error_t ret = CL_SUCCESS; |
b80ae277 |
unsigned long needed;
/* if called without limits, go on, unpack, scan */ |
724b2bf7 |
if(!ctx) return CL_CLEAN; |
b80ae277 |
needed = (need1>need2)?need1:need2;
needed = (needed>need3)?needed:need3;
|
0359cc57 |
/* Enforce timelimit */
ret = cli_checktimelimit(ctx);
|
b80ae277 |
/* if we have global scan limits */ |
724b2bf7 |
if(needed && ctx->engine->maxscansize) { |
b80ae277 |
/* if the remaining scansize is too small... */ |
724b2bf7 |
if(ctx->engine->maxscansize-ctx->scansize<needed) { |
d91ab809 |
/* ... we tell the caller to skip this file */ |
a5843a28 |
cli_dbgmsg("%s: scansize exceeded (initial: %lu, consumed: %lu, needed: %lu)\n", who, (unsigned long int) ctx->engine->maxscansize, (unsigned long int) ctx->scansize, needed); |
b80ae277 |
ret = CL_EMAXSIZE;
} |
4ad62d4e |
}
|
b80ae277 |
/* if we have per-file size limits, and we are overlimit... */ |
724b2bf7 |
if(needed && ctx->engine->maxfilesize && ctx->engine->maxfilesize<needed) { |
d91ab809 |
/* ... we tell the caller to skip this file */ |
e78b5186 |
cli_dbgmsg("%s: filesize exceeded (allowed: %lu, needed: %lu)\n", who, (unsigned long int) ctx->engine->maxfilesize, needed); |
b80ae277 |
ret = CL_EMAXSIZE;
} |
d91ab809 |
|
724b2bf7 |
if(ctx->engine->maxfiles && ctx->scannedfiles>=ctx->engine->maxfiles) {
cli_dbgmsg("%s: files limit reached (max: %u)\n", who, ctx->engine->maxfiles); |
312b7e53 |
ret = CL_EMAXFILES; |
d91ab809 |
} |
312b7e53 |
if (ret != CL_SUCCESS)
cli_check_blockmax(ctx, ret);
|
b80ae277 |
return ret; |
36582be0 |
}
|
0359cc57 |
cl_error_t cli_updatelimits(cli_ctx *ctx, unsigned long needed)
{
cl_error_t ret = cli_checklimits("cli_updatelimits", ctx, needed, 0, 0); |
b80ae277 |
|
850db69e |
if (ret != CL_CLEAN) return ret; |
d91ab809 |
ctx->scannedfiles++;
ctx->scansize+=needed; |
724b2bf7 |
if(ctx->scansize > ctx->engine->maxscansize)
ctx->scansize = ctx->engine->maxscansize; |
850db69e |
return CL_CLEAN; |
4ad62d4e |
}
|
0359cc57 |
/**
* @brief Check if we've exceeded the time limit.
* If ctx is NULL, there can be no timelimit so just return success.
*
* @param ctx The scanning context.
* @return cl_error_t CL_SUCCESS if has not exceeded, CL_ETIMEOUT if has exceeded.
*/
cl_error_t cli_checktimelimit(cli_ctx *ctx) |
49b33289 |
{ |
0359cc57 |
cl_error_t ret = CL_SUCCESS;
if (NULL == ctx) {
goto done;
}
|
49b33289 |
if (ctx->time_limit.tv_sec != 0) {
struct timeval now;
if (gettimeofday(&now, NULL) == 0) { |
0359cc57 |
if (now.tv_sec > ctx->time_limit.tv_sec)
ret = CL_ETIMEOUT;
else if (now.tv_sec == ctx->time_limit.tv_sec && now.tv_usec > ctx->time_limit.tv_usec)
ret = CL_ETIMEOUT; |
49b33289 |
}
} |
0359cc57 |
done:
return ret; |
49b33289 |
}
|
d5fde2eb |
/*
* Type: 1 = MD5, 2 = SHA1, 3 = SHA256
*/
char *cli_hashstream(FILE *fs, unsigned char *digcpy, int type) |
e3aaff8e |
{ |
b2e7c931 |
unsigned char digest[32];
char buff[FILEBUFF];
char *hashstr, *pt; |
da6e06dd |
const char *alg=NULL; |
b2e7c931 |
int i, bytes, size; |
da6e06dd |
void *ctx;
switch (type) {
case 1:
alg = "md5";
size = 16;
break;
case 2:
alg = "sha1";
size = 20;
break;
default:
alg = "sha256";
size = 32;
break;
} |
f077c617 |
|
da6e06dd |
ctx = cl_hash_init(alg); |
f077c617 |
if (!(ctx))
return NULL; |
335d1663 |
|
b2e7c931 |
while((bytes = fread(buff, 1, FILEBUFF, fs))) |
da6e06dd |
cl_update_hash(ctx, buff, bytes); |
b2e7c931 |
|
da6e06dd |
cl_finish_hash(ctx, digest); |
335d1663 |
|
d5fde2eb |
if(!(hashstr = (char *) cli_calloc(size*2 + 1, sizeof(char)))) |
b2e7c931 |
return NULL; |
e3aaff8e |
|
d5fde2eb |
pt = hashstr;
for(i = 0; i < size; i++) { |
b2e7c931 |
sprintf(pt, "%02x", digest[i]);
pt += 2; |
335d1663 |
} |
e3aaff8e |
|
335d1663 |
if(digcpy) |
b2e7c931 |
memcpy(digcpy, digest, size); |
e3aaff8e |
|
d5fde2eb |
return hashstr; |
e3aaff8e |
}
|
d5fde2eb |
char *cli_hashfile(const char *filename, int type) |
d9e258d5 |
{ |
335d1663 |
FILE *fs; |
d5fde2eb |
char *hashstr; |
d9e258d5 |
|
8000d078 |
|
335d1663 |
if((fs = fopen(filename, "rb")) == NULL) { |
d5fde2eb |
cli_errmsg("cli_hashfile(): Can't open file %s\n", filename); |
8000d078 |
return NULL;
}
|
d5fde2eb |
hashstr = cli_hashstream(fs, NULL, type); |
d9e258d5 |
|
d5fde2eb |
fclose(fs);
return hashstr; |
d9e258d5 |
}
|
c0a95e0c |
/* Function: unlink
unlink() with error checking
*/ |
d39cb658 |
int cli_unlink(const char* pathname) |
c0a95e0c |
{ |
d39cb658 |
if (unlink(pathname) == -1) {
#ifdef _WIN32 |
0359cc57 |
/* Windows may fail to unlink a file if it is marked read-only, |
d39cb658 |
* even if the user has permissions to delete the file. */
if (-1 == _chmod(pathname, _S_IWRITE)) {
char err[128];
cli_warnmsg("cli_unlink: _chmod failure - %s\n", cli_strerror(errno, err, sizeof(err)));
return 1;
} else if (unlink(pathname) == -1) {
char err[128];
cli_warnmsg("cli_unlink: unlink failure - %s\n", cli_strerror(errno, err, sizeof(err)));
return 1;
}
return 0;
#else
char err[128];
cli_warnmsg("cli_unlink: unlink failure - %s\n", cli_strerror(errno, err, sizeof(err)));
return 1;
#endif
}
return 0; |
c0a95e0c |
}
|
cbf5017a |
void cli_virus_found_cb(cli_ctx * ctx)
{
if (ctx->engine->cb_virus_found)
ctx->engine->cb_virus_found(fmap_fd(*ctx->fmap), (const char *)*ctx->virname, ctx->cb_ctx);
}
|
0359cc57 |
cl_error_t cli_append_possibly_unwanted(cli_ctx *ctx, const char *virname) |
cbf5017a |
{ |
d7979d4f |
if (SCAN_ALLMATCHES) |
cbf5017a |
return cli_append_virus(ctx, virname); |
d7979d4f |
else if (SCAN_HEURISTIC_PRECEDENCE) |
cbf5017a |
return cli_append_virus(ctx, virname);
else if (ctx->num_viruses == 0 && ctx->virname != NULL && *ctx->virname == NULL) {
ctx->found_possibly_unwanted = 1;
ctx->num_viruses++;
*ctx->virname = virname;
}
return CL_CLEAN;
}
int cli_append_virus(cli_ctx * ctx, const char * virname) |
6ad45a29 |
{ |
1f1bf36b |
if (ctx->virname == NULL) |
cbf5017a |
return CL_CLEAN;
if (ctx->fmap != NULL && (*ctx->fmap) != NULL && CL_VIRUS != cli_checkfp_virus((*ctx->fmap)->maphash, (*ctx->fmap)->len, ctx, virname))
return CL_CLEAN; |
d7979d4f |
if (!SCAN_ALLMATCHES && ctx->num_viruses != 0)
if (SCAN_HEURISTIC_PRECEDENCE) |
cbf5017a |
return CL_CLEAN; |
0359cc57 |
if (ctx->limit_exceeded == 0 || SCAN_ALLMATCHES) { |
90f29efa |
ctx->num_viruses++;
*ctx->virname = virname; |
cbf5017a |
cli_virus_found_cb(ctx); |
90f29efa |
} |
2f842846 |
#if HAVE_JSON |
d7979d4f |
if (SCAN_COLLECT_METADATA && ctx->wrkproperty) { |
2f842846 |
json_object *arrobj, *virobj; |
6c048b8a |
if (!json_object_object_get_ex(ctx->wrkproperty, "Viruses", &arrobj)) { |
2f842846 |
arrobj = json_object_new_array();
if (NULL == arrobj) {
cli_errmsg("cli_append_virus: no memory for json virus array\n"); |
cbf5017a |
return CL_EMEM; |
2f842846 |
}
json_object_object_add(ctx->wrkproperty, "Viruses", arrobj);
}
virobj = json_object_new_string(virname);
if (NULL == virobj) {
cli_errmsg("cli_append_virus: no memory for json virus name object\n"); |
cbf5017a |
return CL_EMEM; |
2f842846 |
}
json_object_array_add(arrobj, virobj);
}
#endif |
56eed3ed |
return CL_VIRUS; |
6ad45a29 |
}
const char * cli_get_last_virus(const cli_ctx * ctx)
{ |
b81cbc26 |
if (!ctx || !ctx->virname || !(*ctx->virname)) |
6ad45a29 |
return NULL; |
1f1bf36b |
return *ctx->virname; |
6ad45a29 |
}
|
b81cbc26 |
const char * cli_get_last_virus_str(const cli_ctx * ctx)
{
const char * ret;
if ((ret = cli_get_last_virus(ctx)))
return ret;
return "";
}
|
031fe00a |
void cli_set_container(cli_ctx *ctx, cli_file_t type, size_t size)
{
ctx->containers[ctx->recursion].type = type;
ctx->containers[ctx->recursion].size = size; |
48d3f284 |
if (type >= CL_TYPE_MSEXE && type != CL_TYPE_HTML && type != CL_TYPE_OTHER && type != CL_TYPE_IGNORED) |
167c0079 |
ctx->containers[ctx->recursion].flag = CONTAINER_FLAG_VALID;
else
ctx->containers[ctx->recursion].flag = 0; |
031fe00a |
}
|
167c0079 |
cli_file_t cli_get_container(cli_ctx *ctx, int index) |
031fe00a |
{ |
d0cba11e |
if (index < 0)
index = ctx->recursion + index + 1;
while (index >= 0 && index <= (int)ctx->recursion)
{
if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)
return ctx->containers[index].type;
index--;
}
return CL_TYPE_ANY; |
167c0079 |
}
cli_file_t cli_get_container_intermediate(cli_ctx *ctx, int index)
{ |
d0cba11e |
if (index < 0)
index = ctx->recursion + index + 1;
if (index >= 0 && index <= (int)ctx->recursion)
return ctx->containers[index].type;
return CL_TYPE_ANY; |
031fe00a |
}
size_t cli_get_container_size(cli_ctx *ctx, int index)
{ |
d0cba11e |
if (index < 0)
index = ctx->recursion + index + 1;
while (index >= 0 && index <= (int)ctx->recursion)
{
if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)
return ctx->containers[index].size;
index--;
}
return ctx->containers[0].size; |
031fe00a |
}
|
b81cbc26 |
|
6ad45a29 |
|
a946fc1c |
#ifdef C_WINDOWS
/*
* Windows doesn't allow you to delete a directory while it is still open
*/
int
cli_rmdirs(const char *name)
{
int rc; |
0359cc57 |
STATBUF statb; |
a946fc1c |
DIR *dd;
struct dirent *dent;
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2)
union {
struct dirent d;
char b[offsetof(struct dirent, d_name) + NAME_MAX + 1];
} result;
#endif |
e68d70e7 |
char err[128]; |
a946fc1c |
|
d9b6b8c7 |
if(CLAMSTAT(name, &statb) < 0) { |
e68d70e7 |
cli_warnmsg("cli_rmdirs: Can't locate %s: %s\n", name, cli_strerror(errno, err, sizeof(err))); |
a946fc1c |
return -1;
}
if(!S_ISDIR(statb.st_mode)) { |
997a0e0b |
if(cli_unlink(name)) return -1; |
a946fc1c |
return 0;
}
if((dd = opendir(name)) == NULL)
return -1;
rc = 0;
#ifdef HAVE_READDIR_R_3
while((readdir_r(dd, &result.d, &dent) == 0) && dent) {
#elif defined(HAVE_READDIR_R_2)
while((dent = (struct dirent *)readdir_r(dd, &result.d)) != NULL) {
#else
while((dent = readdir(dd)) != NULL) {
#endif |
a7ac5978 |
char *path; |
a946fc1c |
if(strcmp(dent->d_name, ".") == 0)
continue;
if(strcmp(dent->d_name, "..") == 0)
continue;
|
a7ac5978 |
path = cli_malloc(strlen(name) + strlen(dent->d_name) + 2); |
220d58ba |
|
a7ac5978 |
if(path == NULL) { |
241e7eb1 |
cli_errmsg("cli_rmdirs: Unable to allocate memory for path %u\n", strlen(name) + strlen(dent->d_name) + 2); |
a946fc1c |
closedir(dd);
return -1;
}
|
a7ac5978 |
sprintf(path, "%s\\%s", name, dent->d_name);
rc = cli_rmdirs(path);
free(path); |
a946fc1c |
if(rc != 0)
break;
}
closedir(dd);
if(rmdir(name) < 0) { |
e68d70e7 |
cli_errmsg("cli_rmdirs: Can't remove temporary directory %s: %s\n", name, cli_strerror(errno, err, sizeof(err))); |
a946fc1c |
return -1;
}
|
0359cc57 |
return rc; |
a946fc1c |
}
#else |
e3aaff8e |
int cli_rmdirs(const char *dirname)
{
DIR *dd;
struct dirent *dent; |
72a1b240 |
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2) |
88794204 |
union {
struct dirent d;
char b[offsetof(struct dirent, d_name) + NAME_MAX + 1];
} result; |
2bb229f6 |
#endif |
a2a004df |
STATBUF maind, statbuf; |
a7ac5978 |
char *path; |
e68d70e7 |
char err[128]; |
e3aaff8e |
|
a9ebff44 |
chmod(dirname, 0700); |
e3aaff8e |
if((dd = opendir(dirname)) != NULL) { |
d9b6b8c7 |
while(CLAMSTAT(dirname, &maind) != -1) { |
e3aaff8e |
if(!rmdir(dirname)) break; |
ee212426 |
if(errno != ENOTEMPTY && errno != EEXIST && errno != EBADF) { |
e68d70e7 |
cli_errmsg("cli_rmdirs: Can't remove temporary directory %s: %s\n", dirname, cli_strerror(errno, err, sizeof(err))); |
256e2dd4 |
closedir(dd); |
1d670fef |
return -1; |
256e2dd4 |
} |
e3aaff8e |
|
72a1b240 |
#ifdef HAVE_READDIR_R_3 |
88794204 |
while(!readdir_r(dd, &result.d, &dent) && dent) { |
72a1b240 |
#elif defined(HAVE_READDIR_R_2) |
88794204 |
while((dent = (struct dirent *) readdir_r(dd, &result.d))) { |
72a1b240 |
#else |
e3aaff8e |
while((dent = readdir(dd))) { |
72a1b240 |
#endif |
feeaa333 |
if(dent->d_ino)
{ |
e3aaff8e |
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) { |
a7ac5978 |
path = cli_malloc(strlen(dirname) + strlen(dent->d_name) + 2);
if(!path) { |
059ca614 |
cli_errmsg("cli_rmdirs: Unable to allocate memory for path %llu\n", (long long unsigned)(strlen(dirname) + strlen(dent->d_name) + 2)); |
a946fc1c |
closedir(dd);
return -1;
}
|
58481352 |
sprintf(path, "%s"PATHSEP"%s", dirname, dent->d_name); |
e3aaff8e |
|
c0c762c4 |
/* stat the file */
if(LSTAT(path, &statbuf) != -1) {
if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) {
if(rmdir(path) == -1) { /* can't be deleted */
if(errno == EACCES) { |
a7ac5978 |
cli_errmsg("cli_rmdirs: Can't remove some temporary directories due to access problem.\n"); |
75f67ac4 |
closedir(dd); |
c0c762c4 |
free(path); |
1d670fef |
return -1; |
c0c762c4 |
}
if(cli_rmdirs(path)) {
cli_warnmsg("cli_rmdirs: Can't remove nested directory %s\n", path); |
a7ac5978 |
free(path); |
1d670fef |
closedir(dd);
return -1; |
c0c762c4 |
} |
e3aaff8e |
} |
c0c762c4 |
} else {
if(cli_unlink(path)) {
free(path);
closedir(dd);
return -1;
}
} |
e3aaff8e |
} |
a7ac5978 |
free(path); |
e3aaff8e |
}
}
}
rewinddir(dd);
}
|
0359cc57 |
} else { |
a946fc1c |
return -1; |
e3aaff8e |
}
closedir(dd);
return 0;
} |
a946fc1c |
#endif |
5b25b5e8 |
|
49760905 |
/* Implement a generic bitset, trog@clamav.net */ |
8a9c2d19 |
#define BITS_PER_CHAR (8)
#define BITSET_DEFAULT_SIZE (1024)
static unsigned long nearest_power(unsigned long num)
{
unsigned long n = BITSET_DEFAULT_SIZE;
while (n < num) {
n <<= 1;
if (n == 0) {
return num;
}
}
return n;
}
|
079229d6 |
bitset_t *cli_bitset_init(void) |
8a9c2d19 |
{
bitset_t *bs; |
0359cc57 |
|
49760905 |
bs = cli_malloc(sizeof(bitset_t)); |
8a9c2d19 |
if (!bs) { |
059ca614 |
cli_errmsg("cli_bitset_init: Unable to allocate memory for bs %llu\n", (long long unsigned)sizeof(bitset_t)); |
8a9c2d19 |
return NULL;
}
bs->length = BITSET_DEFAULT_SIZE; |
49760905 |
bs->bitset = cli_calloc(BITSET_DEFAULT_SIZE, 1); |
cbb9db19 |
if (!bs->bitset) { |
241e7eb1 |
cli_errmsg("cli_bitset_init: Unable to allocate memory for bs->bitset %u\n", BITSET_DEFAULT_SIZE); |
cbb9db19 |
free(bs);
return NULL;
} |
8a9c2d19 |
return bs;
}
void cli_bitset_free(bitset_t *bs)
{
if (!bs) {
return;
}
if (bs->bitset) {
free(bs->bitset);
}
free(bs);
}
static bitset_t *bitset_realloc(bitset_t *bs, unsigned long min_size)
{
unsigned long new_length; |
9358b217 |
unsigned char *new_bitset; |
0359cc57 |
|
8a9c2d19 |
new_length = nearest_power(min_size); |
9358b217 |
new_bitset = (unsigned char *) cli_realloc(bs->bitset, new_length);
if (!new_bitset) { |
8a9c2d19 |
return NULL;
} |
9358b217 |
bs->bitset = new_bitset; |
8a9c2d19 |
memset(bs->bitset+bs->length, 0, new_length-bs->length);
bs->length = new_length;
return bs;
}
int cli_bitset_set(bitset_t *bs, unsigned long bit_offset)
{
unsigned long char_offset; |
0359cc57 |
|
8a9c2d19 |
char_offset = bit_offset / BITS_PER_CHAR;
bit_offset = bit_offset % BITS_PER_CHAR;
if (char_offset >= bs->length) {
bs = bitset_realloc(bs, char_offset+1);
if (!bs) {
return FALSE;
}
}
bs->bitset[char_offset] |= ((unsigned char)1 << bit_offset);
return TRUE;
}
int cli_bitset_test(bitset_t *bs, unsigned long bit_offset)
{
unsigned long char_offset; |
0359cc57 |
|
8a9c2d19 |
char_offset = bit_offset / BITS_PER_CHAR;
bit_offset = bit_offset % BITS_PER_CHAR; |
7bd10c36 |
|
0359cc57 |
if (char_offset >= bs->length) { |
7bd10c36 |
return FALSE;
} |
8a9c2d19 |
return (bs->bitset[char_offset] & ((unsigned char)1 << bit_offset));
} |
eb422a03 |
|
a217d9a7 |
void cl_engine_set_clcb_pre_cache(struct cl_engine *engine, clcb_pre_cache callback) {
engine->cb_pre_cache = callback; |
eb422a03 |
}
|
a217d9a7 |
void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback) {
engine->cb_pre_scan = callback; |
a0eb7910 |
}
|
aa7380df |
void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback) { |
eb422a03 |
engine->cb_post_scan = callback;
}
|
1f1bf36b |
void cl_engine_set_clcb_virus_found(struct cl_engine *engine, clcb_virus_found callback) {
engine->cb_virus_found = callback;
}
|
eb422a03 |
void cl_engine_set_clcb_sigload(struct cl_engine *engine, clcb_sigload callback, void *context) {
engine->cb_sigload = callback;
engine->cb_sigload_ctx = callback ? context : NULL;
} |
769f37a6 |
void cl_engine_set_clcb_hash(struct cl_engine *engine, clcb_hash callback)
{
engine->cb_hash = callback;
} |
e86311ab |
void cl_engine_set_clcb_meta(struct cl_engine *engine, clcb_meta callback)
{
engine->cb_meta = callback;
} |
6606d050 |
|
20a3b53b |
void cl_engine_set_clcb_file_props(struct cl_engine *engine, clcb_file_props callback) |
6606d050 |
{
engine->cb_file_props = callback;
} |