1. clamav-devel
  2. Blame
libclamav/phishcheck.h
bd912dd8 
 /*
e1cbc270 
  *  Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
  *  Copyright (C) 2007-2013 Sourcefire, Inc.
2023340a 
  *
  *  Authors: Török Edvin
bd912dd8 
  *
  *  This program is free software; you can redistribute it and/or modify
2023340a 
  *  it under the terms of the GNU General Public License version 2 as
38a00199 
  *  published by the Free Software Foundation.
bd912dd8 
  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  *  MA 02110-1301, USA.
  */
 
 #ifndef _PHISH_CHECK_H
 #define _PHISH_CHECK_H
53ff1b04 
 #include "regex/regex.h"
7d4b5f16 
 #include "htmlnorm.h"
bd912dd8 
 
 #define CL_PHISH_BASE 100
288057e9 
 enum phish_status { CL_PHISH_NODECISION = 0,
                     CL_PHISH_CLEAN      = CL_PHISH_BASE,
                     CL_PHISH_CLOAKED_UIU,
                     CL_PHISH_NUMERIC_IP,
                     CL_PHISH_HEX_URL,
                     CL_PHISH_CLOAKED_NULL,
                     CL_PHISH_SSL_SPOOF,
                     CL_PHISH_NOMATCH,
                     CL_PHISH_HASH0,
                     CL_PHISH_HASH1,
                     CL_PHISH_HASH2 };
 
 #define CHECK_SSL 1
 #define CHECK_CLOAKING 2
 #define CLEANUP_URL 4
 #define CHECK_IMG_URL 8
 
 #define LINKTYPE_IMAGE 1
 
 #define CL_PHISH_ALL_CHECKS (CLEANUP_URL | CHECK_SSL | CHECK_CLOAKING | CHECK_IMG_URL)
bd912dd8 
 
 struct string {
288057e9 
     struct string* ref;
     char* data;
     int refcount;
bd912dd8 
 };
ec481027 
 struct phishcheck {
288057e9 
     regex_t preg_numeric;
     int is_disabled;
ec481027 
 };
b5341ac0 
 struct pre_fixup_info {
288057e9 
     /* pre_* url before fixup_spaces */
     struct string pre_displayLink;
     size_t host_start;
     size_t host_end;
b5341ac0 
 };
bd912dd8 
 struct url_check {
288057e9 
     struct string realLink;
     struct string displayLink;
     struct pre_fixup_info pre_fixup;
     unsigned short flags;
     unsigned short always_check_flags;
     unsigned short link_type;
bd912dd8 
 };
288057e9 
 int phishingScan(cli_ctx* ctx, tag_arguments_t* hrefs);
3da4dd4c
288057e9 
 void phish_disable(struct cl_engine* engine, const char* reason);
3da4dd4c 
 /* Global, non-thread-safe functions, call only once! */
102cd430 
 cl_error_t phishing_init(struct cl_engine* engine);
3da4dd4c 
 void phishing_done(struct cl_engine* engine);
102cd430 
 enum phish_status cli_url_canon(const char* inurl, size_t len, char* urlbuff, size_t dest_len, char** host, size_t* hostlen, const char** path, size_t* pathlen);
3da4dd4c 
 /* end of non-thread-safe functions */
bd912dd8 
 #endif