e3aaff8e |
/* |
086eab5c |
* Copyright (C) 2007-2009 Sourcefire, Inc.
*
* Authors: Tomasz Kojm |
e3aaff8e |
*
* This program is free software; you can redistribute it and/or modify |
bb34cb31 |
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. |
e3aaff8e |
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
e3aaff8e |
*
*/
|
5c07666a |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
e3aaff8e |
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/stat.h>
#include <sys/types.h> |
8c57a6c1 |
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif |
4cd80898 |
#include <dirent.h>
#ifndef _WIN32 |
e3aaff8e |
#include <sys/wait.h> |
4790a32f |
#include <utime.h> |
9a03413e |
#include <sys/time.h>
#include <sys/resource.h> |
34f71e0e |
#endif |
e3aaff8e |
#include <fcntl.h> |
34f71e0e |
#ifdef HAVE_UNISTD_H |
e3aaff8e |
#include <unistd.h> |
34f71e0e |
#endif |
e3aaff8e |
#include <sys/types.h>
#include <signal.h>
#include <errno.h> |
8c57a6c1 |
#include <target.h> |
e3aaff8e |
#include "manager.h" |
7a2997f1 |
#include "global.h"
|
269d520d |
#include "shared/optparser.h" |
ee6702ab |
#include "shared/actions.h" |
7a2997f1 |
#include "shared/output.h"
#include "shared/misc.h"
#include "libclamav/clamav.h"
#include "libclamav/others.h"
#include "libclamav/matcher-ac.h"
#include "libclamav/str.h" |
05f92e64 |
#include "libclamav/readdb.h" |
370892d0 |
#include "libclamav/cltypes.h" |
e3aaff8e |
#ifdef C_LINUX
dev_t procdev;
#endif
|
8c57a6c1 |
#ifdef _WIN32
/* FIXME: If possible, handle users correctly */
static int checkaccess(const char *path, const char *username, int mode)
{
return !_access(path, mode);
}
#else
static int checkaccess(const char *path, const char *username, int mode)
{
struct passwd *user;
int ret = 0, status;
if(!geteuid()) {
if((user = getpwnam(username)) == NULL) {
return -1;
}
switch(fork()) {
case -1:
return -2;
case 0:
if(setgid(user->pw_gid)) {
fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid);
exit(0);
}
if(setuid(user->pw_uid)) {
fprintf(stderr, "ERROR: setuid(%d) failed.\n", (int) user->pw_uid);
exit(0);
}
if(access(path, mode))
exit(0);
else
exit(1);
default:
wait(&status);
if(WIFEXITED(status) && WEXITSTATUS(status) == 1)
ret = 1;
}
} else {
if(!access(path, mode))
ret = 1;
}
return ret;
}
#endif
static void scanfile(const char *filename, struct cl_engine *engine, const struct optstruct *opts, unsigned int options) |
7a2997f1 |
{ |
8770404a |
int ret = 0, fd, included, printclean = 1; |
269d520d |
const struct optstruct *opt; |
ec6429ab |
const char *virname; |
fb0a54dd |
const char **virpp = &virname; |
ec6429ab |
struct stat sb;
|
269d520d |
if((opt = optget(opts, "exclude"))->enabled) {
while(opt) {
if(match_regex(filename, opt->strarg) == 1) { |
ec6429ab |
if(!printinfected)
logg("~%s: Excluded\n", filename); |
8770404a |
return; |
ec6429ab |
} |
269d520d |
opt = opt->nextarg; |
ec6429ab |
}
}
|
269d520d |
if((opt = optget(opts, "include"))->enabled) { |
ec6429ab |
included = 0; |
269d520d |
while(opt) {
if(match_regex(filename, opt->strarg) == 1) { |
ec6429ab |
included = 1;
break;
} |
269d520d |
opt = opt->nextarg; |
ec6429ab |
}
if(!included) {
if(!printinfected)
logg("~%s: Excluded\n", filename); |
8770404a |
return; |
ec6429ab |
}
}
|
8c57a6c1 |
/* argh, don't scan /proc files */
if(stat(filename, &sb) != -1) {
#ifdef C_LINUX
if(procdev && sb.st_dev == procdev) {
if(!printinfected)
logg("~%s: Excluded (/proc)\n", filename);
return;
}
#endif
if(!sb.st_size) {
if(!printinfected)
logg("~%s: Empty file\n", filename);
return;
}
info.rblocks += sb.st_size / CL_COUNT_PRECISION; |
ec6429ab |
} |
8c57a6c1 |
|
be4bf7f4 |
#ifndef _WIN32 |
ec6429ab |
if(geteuid())
if(checkaccess(filename, NULL, R_OK) != 1) {
if(!printinfected)
logg("~%s: Access denied\n", filename); |
8770404a |
info.errors++;
return; |
ec6429ab |
}
#endif
logg("*Scanning %s\n", filename);
|
6e246c11 |
if((fd = safe_open(filename, O_RDONLY|O_BINARY)) == -1) { |
be4bf7f4 |
logg("^Can't open file %s: %s\n", filename, strerror(errno)); |
8770404a |
info.errors++;
return; |
ec6429ab |
}
|
370892d0 |
if((ret = cl_scandesc(fd, &virname, &info.blocks, engine, options)) == CL_VIRUS) { |
fb0a54dd |
if (options & CL_SCAN_ALLMATCHES) {
int i = 0;
virpp = (const char **)*virpp; /* temp hack for allscan until API enhancement */
virname = virpp[0];
while (virpp[i])
logg("~%s: %s FOUND\n", filename, virpp[i++]);
free((void *)virpp);
}
else
logg("~%s: %s FOUND\n", filename, virname); |
8770404a |
info.files++; |
ec6429ab |
info.ifiles++;
if(bell)
fprintf(stderr, "\007");
} else if(ret == CL_CLEAN) {
if(!printinfected && printclean)
mprintf("~%s: OK\n", filename); |
8770404a |
info.files++;
} else { |
ec6429ab |
if(!printinfected) |
52b40b1e |
logg("~%s: %s ERROR\n", filename, cl_strerror(ret)); |
8770404a |
info.errors++;
} |
ec6429ab |
close(fd);
|
ee6702ab |
if(ret == CL_VIRUS && action)
action(filename); |
ec6429ab |
}
|
8c57a6c1 |
static void scandirs(const char *dirname, struct cl_engine *engine, const struct optstruct *opts, unsigned int options, unsigned int depth, dev_t dev) |
ec6429ab |
{
DIR *dd;
struct dirent *dent; |
8c57a6c1 |
struct stat sb; |
ec6429ab |
char *fname; |
8770404a |
int included; |
269d520d |
const struct optstruct *opt; |
8c57a6c1 |
unsigned int dirlnk, filelnk; |
ec6429ab |
|
269d520d |
if((opt = optget(opts, "exclude-dir"))->enabled) {
while(opt) {
if(match_regex(dirname, opt->strarg) == 1) { |
ec6429ab |
if(!printinfected)
logg("~%s: Excluded\n", dirname); |
8770404a |
return; |
ec6429ab |
} |
269d520d |
opt = opt->nextarg; |
ec6429ab |
}
}
|
269d520d |
if((opt = optget(opts, "include-dir"))->enabled) { |
ec6429ab |
included = 0; |
269d520d |
while(opt) {
if(match_regex(dirname, opt->strarg) == 1) { |
ec6429ab |
included = 1;
break;
} |
269d520d |
opt = opt->nextarg; |
ec6429ab |
}
if(!included) {
if(!printinfected)
logg("~%s: Excluded\n", dirname); |
8770404a |
return; |
ec6429ab |
}
}
|
269d520d |
if(depth > (unsigned int) optget(opts, "max-dir-recursion")->numarg) |
8770404a |
return; |
ec6429ab |
|
8c57a6c1 |
dirlnk = optget(opts, "follow-dir-symlinks")->numarg;
filelnk = optget(opts, "follow-file-symlinks")->numarg;
|
ec6429ab |
if((dd = opendir(dirname)) != NULL) { |
8770404a |
info.dirs++;
depth++; |
ec6429ab |
while((dent = readdir(dd))) {
if(dent->d_ino)
{
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {
/* build the full name */
fname = malloc(strlen(dirname) + strlen(dent->d_name) + 2); |
58481352 |
if(!strcmp(dirname, PATHSEP))
sprintf(fname, PATHSEP"%s", dent->d_name); |
1464e7a1 |
else |
58481352 |
sprintf(fname, "%s"PATHSEP"%s", dirname, dent->d_name); |
ec6429ab |
/* stat the file */ |
8c57a6c1 |
if(lstat(fname, &sb) != -1) { |
2086dc5c |
if(!optget(opts, "cross-fs")->enabled) { |
8c57a6c1 |
if(sb.st_dev != dev) { |
2086dc5c |
if(!printinfected)
logg("~%s: Excluded\n", fname);
free(fname);
continue;
}
} |
8c57a6c1 |
if(S_ISLNK(sb.st_mode)) {
if(dirlnk != 2 && filelnk != 2) {
if(!printinfected)
logg("%s: Symbolic link\n", fname);
} else if(stat(fname, &sb) != -1) {
if(S_ISREG(sb.st_mode) && filelnk == 2) {
scanfile(fname, engine, opts, options);
} else if(S_ISDIR(sb.st_mode) && dirlnk == 2) {
if(recursion)
scandirs(fname, engine, opts, options, depth, dev);
} else {
if(!printinfected)
logg("%s: Symbolic link\n", fname);
}
}
} else if(S_ISREG(sb.st_mode)) { |
8770404a |
scanfile(fname, engine, opts, options); |
8c57a6c1 |
} else if(S_ISDIR(sb.st_mode) && recursion) {
scandirs(fname, engine, opts, options, depth, dev);
} |
ec6429ab |
}
free(fname);
}
}
} |
7daebb4c |
closedir(dd); |
ec6429ab |
} else {
if(!printinfected)
logg("~%s: Can't open directory.\n", dirname); |
8770404a |
info.errors++; |
ec6429ab |
} |
7a2997f1 |
}
|
269d520d |
static int scanstdin(const struct cl_engine *engine, const struct optstruct *opts, int options) |
7a2997f1 |
{
int ret; |
5da3127b |
unsigned int fsize = 0; |
7a2997f1 |
const char *virname, *tmpdir; |
fb0a54dd |
const char **virpp = &virname;
|
7a2997f1 |
char *file, buff[FILEBUFF]; |
ec6429ab |
size_t bread; |
7a2997f1 |
FILE *fs;
|
269d520d |
if(optget(opts, "tempdir")->enabled) {
tmpdir = optget(opts, "tempdir")->strarg; |
081f6473 |
} else |
33068e09 |
/* check write access */ |
081f6473 |
tmpdir = cli_gettmpdir(); |
7a2997f1 |
if(checkaccess(tmpdir, CLAMAVUSER, W_OK) != 1) {
logg("!Can't write to temporary directory\n"); |
8770404a |
return 2; |
7a2997f1 |
}
file = cli_gentemp(tmpdir);
if(!(fs = fopen(file, "wb"))) {
logg("!Can't open %s for writing\n", file); |
38fe8af4 |
free(file); |
8770404a |
return 2; |
7a2997f1 |
}
|
5da3127b |
while((bread = fread(buff, 1, FILEBUFF, stdin))) {
fsize += bread; |
ec6429ab |
if(fwrite(buff, 1, bread, fs) < bread) { |
38fe8af4 |
logg("!Can't write to %s\n", file);
free(file); |
4f1cdbdd |
fclose(fs); |
8770404a |
return 2; |
38fe8af4 |
} |
5da3127b |
} |
7a2997f1 |
fclose(fs);
logg("*Checking %s\n", file);
info.files++; |
5da3127b |
info.rblocks += fsize / CL_COUNT_PRECISION; |
7a2997f1 |
|
370892d0 |
if((ret = cl_scanfile(file, &virname, &info.blocks, engine, options)) == CL_VIRUS) { |
fb0a54dd |
if (options & CL_SCAN_ALLMATCHES) {
int i = 0;
virpp = (const char **)*virpp; /* temp hack for scanall mode until api augmentation */
virname = virpp[0];
while (virpp[i])
logg("stdin: %s FOUND\n", virpp[i++]);
free((void *)virpp);
}
else
logg("stdin: %s FOUND\n", virname);
|
7a2997f1 |
info.ifiles++;
if(bell)
fprintf(stderr, "\007");
} else if(ret == CL_CLEAN) {
if(!printinfected)
mprintf("stdin: OK\n"); |
88700e89 |
} else { |
7a2997f1 |
if(!printinfected) |
52b40b1e |
logg("stdin: %s ERROR\n", cl_strerror(ret)); |
88700e89 |
info.errors++;
} |
7a2997f1 |
unlink(file);
free(file);
return ret;
} |
8000d078 |
|
269d520d |
int scanmanager(const struct optstruct *opts) |
e3aaff8e |
{ |
8c57a6c1 |
int ret = 0, i;
unsigned int options = 0, dboptions = 0, dirlnk = 1, filelnk = 1; |
370892d0 |
struct cl_engine *engine; |
e3aaff8e |
struct stat sb; |
269d520d |
char *file, cwd[1024], *pua_cats = NULL; |
c2b6681b |
const char *filename; |
269d520d |
const struct optstruct *opt; |
4cd80898 |
#ifndef _WIN32 |
9a03413e |
struct rlimit rlim;
#endif |
e3aaff8e |
|
8c57a6c1 |
dirlnk = optget(opts, "follow-dir-symlinks")->numarg;
if(dirlnk > 2) {
logg("!--follow-dir-symlinks: Invalid argument\n");
return 2;
}
filelnk = optget(opts, "follow-file-symlinks")->numarg;
if(filelnk > 2) {
logg("!--follow-file-symlinks: Invalid argument\n");
return 2;
}
|
269d520d |
if(optget(opts, "phishing-sigs")->enabled) |
9f8098c0 |
dboptions |= CL_DB_PHISHING; |
e3aaff8e |
|
208ceae5 |
if(optget(opts, "official-db-only")->enabled)
dboptions |= CL_DB_OFFICIAL_ONLY;
|
269d520d |
if(optget(opts,"phishing-scan-urls")->enabled) |
9f8098c0 |
dboptions |= CL_DB_PHISHING_URLS; |
a68507c5 |
|
52dd3a6b |
if(optget(opts,"bytecode")->enabled)
dboptions |= CL_DB_BYTECODE;
|
370892d0 |
if((ret = cl_init(CL_INIT_DEFAULT))) {
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret)); |
8770404a |
return 2; |
370892d0 |
}
|
b8fe70b3 |
if(!(engine = cl_engine_new())) { |
370892d0 |
logg("!Can't initialize antivirus engine\n"); |
8770404a |
return 2; |
370892d0 |
}
|
269d520d |
if(optget(opts, "detect-pua")->enabled) { |
70edb085 |
dboptions |= CL_DB_PUA; |
269d520d |
if((opt = optget(opts, "exclude-pua"))->enabled) { |
b023c36d |
dboptions |= CL_DB_PUA_EXCLUDE; |
c783516d |
i = 0; |
269d520d |
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) { |
b023c36d |
logg("!Can't allocate memory for pua_cats\n"); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
b023c36d |
} |
269d520d |
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1; |
b023c36d |
pua_cats[i] = 0; |
269d520d |
opt = opt->nextarg; |
b023c36d |
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
|
269d520d |
if((opt = optget(opts, "include-pua"))->enabled) { |
b023c36d |
if(pua_cats) {
logg("!--exclude-pua and --include-pua cannot be used at the same time\n"); |
370892d0 |
cl_engine_free(engine); |
b023c36d |
free(pua_cats); |
8770404a |
return 2; |
b023c36d |
}
dboptions |= CL_DB_PUA_INCLUDE;
i = 0; |
269d520d |
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) { |
b023c36d |
logg("!Can't allocate memory for pua_cats\n"); |
8770404a |
return 2; |
b023c36d |
} |
269d520d |
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1; |
b023c36d |
pua_cats[i] = 0; |
269d520d |
opt = opt->nextarg; |
b023c36d |
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if(pua_cats) { |
2accc66f |
if((ret = cl_engine_set_str(engine, CL_ENGINE_PUA_CATEGORIES, pua_cats))) {
logg("!cli_engine_set_str(CL_ENGINE_PUA_CATEGORIES) failed: %s\n", cl_strerror(ret)); |
b023c36d |
free(pua_cats); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
b023c36d |
} |
370892d0 |
free(pua_cats); |
b023c36d |
}
}
|
2accc66f |
if(optget(opts, "dev-ac-only")->enabled)
cl_engine_set_num(engine, CL_ENGINE_AC_ONLY, 1); |
ab0d2f05 |
|
2accc66f |
if(optget(opts, "dev-ac-depth")->enabled)
cl_engine_set_num(engine, CL_ENGINE_AC_MAXDEPTH, optget(opts, "dev-ac-depth")->numarg); |
ab0d2f05 |
|
2accc66f |
if(optget(opts, "leave-temps")->enabled)
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1); |
33068e09 |
|
a2a739aa |
if(optget(opts, "bytecode-unsigned")->enabled)
dboptions |= CL_DB_BYTECODE_UNSIGNED;
|
b63681a5 |
if((opt = optget(opts,"bytecode-timeout"))->enabled)
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg); |
9f3afdb8 |
if((opt = optget(opts,"bytecode-mode"))->enabled) {
enum bytecode_mode mode;
if (!strcmp(opt->strarg, "ForceJIT"))
mode = CL_BYTECODE_MODE_JIT;
else if(!strcmp(opt->strarg, "ForceInterpreter"))
mode = CL_BYTECODE_MODE_INTERPRETER;
else if(!strcmp(opt->strarg, "Test"))
mode = CL_BYTECODE_MODE_TEST;
else
mode = CL_BYTECODE_MODE_AUTO;
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
} |
aa745db7 |
|
269d520d |
if((opt = optget(opts, "tempdir"))->enabled) { |
2accc66f |
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
logg("!cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret)); |
33068e09 |
cl_engine_free(engine); |
8770404a |
return 2; |
33068e09 |
}
}
|
8daa97de |
if((opt = optget(opts, "database"))->active) { |
fc05ee48 |
while(opt) {
if((ret = cl_load(opt->strarg, engine, &info.sigs, dboptions))) {
logg("!%s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
opt = opt->nextarg; |
e3aaff8e |
}
} else { |
98ce643b |
char *dbdir = freshdbdir(); |
908db4df |
|
370892d0 |
if((ret = cl_load(dbdir, engine, &info.sigs, dboptions))) { |
9f0e5585 |
logg("!%s\n", cl_strerror(ret)); |
98ce643b |
free(dbdir); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
e3aaff8e |
} |
98ce643b |
free(dbdir); |
e3aaff8e |
}
|
370892d0 |
if((ret = cl_engine_compile(engine)) != 0) { |
9f0e5585 |
logg("!Database initialization error: %s\n", cl_strerror(ret));; |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
2d70a403 |
} |
e3aaff8e |
|
7a2997f1 |
/* set limits */ |
e3aaff8e |
|
09dc3ecb |
if((opt = optget(opts, "max-scansize"))->active) { |
2accc66f |
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret)); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
370892d0 |
}
} |
281c7642 |
|
09dc3ecb |
if((opt = optget(opts, "max-filesize"))->active) { |
2accc66f |
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret)); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
370892d0 |
}
} |
e3aaff8e |
|
4cd80898 |
#ifndef _WIN32 |
9a03413e |
if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) { |
655bc627 |
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL)) |
370892d0 |
logg("^System limit for file size is lower than engine->maxfilesize\n"); |
655bc627 |
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL)) |
370892d0 |
logg("^System limit for file size is lower than engine->maxscansize\n"); |
9a03413e |
} else {
logg("^Cannot obtain resource limits for file size\n");
}
#endif
|
09dc3ecb |
if((opt = optget(opts, "max-files"))->active) { |
2accc66f |
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILES, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_FILES) failed: %s\n", cl_strerror(ret)); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
370892d0 |
}
} |
e3aaff8e |
|
09dc3ecb |
if((opt = optget(opts, "max-recursion"))->active) { |
2accc66f |
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret)); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
370892d0 |
}
} |
e3aaff8e |
|
269d520d |
/* set scan options */ |
fb0a54dd |
if(optget(opts, "allmatch")->enabled)
options |= CL_SCAN_ALLMATCHES;
|
269d520d |
if(optget(opts,"phishing-ssl")->enabled)
options |= CL_SCAN_PHISHING_BLOCKSSL; |
6ef42bc3 |
|
269d520d |
if(optget(opts,"phishing-cloak")->enabled)
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
if(optget(opts,"heuristic-scan-precedence")->enabled)
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
if(optget(opts, "scan-archive")->enabled) |
3805ebcb |
options |= CL_SCAN_ARCHIVE; |
6ef42bc3 |
|
269d520d |
if(optget(opts, "detect-broken")->enabled) |
453581ae |
options |= CL_SCAN_BLOCKBROKEN; |
6ef42bc3 |
|
269d520d |
if(optget(opts, "block-encrypted")->enabled) |
08d6b1e3 |
options |= CL_SCAN_BLOCKENCRYPTED; |
6ef42bc3 |
|
269d520d |
if(optget(opts, "scan-pe")->enabled) |
3805ebcb |
options |= CL_SCAN_PE; |
6ef42bc3 |
|
269d520d |
if(optget(opts, "scan-elf")->enabled) |
3f97a1e7 |
options |= CL_SCAN_ELF;
|
269d520d |
if(optget(opts, "scan-ole2")->enabled) |
3805ebcb |
options |= CL_SCAN_OLE2; |
6ef42bc3 |
|
269d520d |
if(optget(opts, "scan-pdf")->enabled) |
c5107e70 |
options |= CL_SCAN_PDF;
|
269d520d |
if(optget(opts, "scan-html")->enabled) |
3805ebcb |
options |= CL_SCAN_HTML; |
6ef42bc3 |
|
6a4dd9dc |
if(optget(opts, "scan-mail")->enabled) |
3805ebcb |
options |= CL_SCAN_MAIL; |
6ef42bc3 |
|
269d520d |
if(optget(opts, "algorithmic-detection")->enabled) |
6fd2fb47 |
options |= CL_SCAN_ALGORITHMIC; |
1b661cef |
|
3d7547cf |
#ifdef HAVE__INTERNAL__SHA_COLLECT
if(optget(opts, "dev-collect-hashes")->enabled)
options |= CL_SCAN_INTERNAL_COLLECT_SHA;
#endif
|
269d520d |
if(optget(opts, "detect-structured")->enabled) { |
a6e38800 |
options |= CL_SCAN_STRUCTURED; |
5fe6e72b |
|
269d520d |
if((opt = optget(opts, "structured-ssn-format"))->enabled) {
switch(opt->numarg) { |
5fe6e72b |
case 0:
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
break;
case 1:
options |= CL_SCAN_STRUCTURED_SSN_STRIPPED;
break;
case 2:
options |= (CL_SCAN_STRUCTURED_SSN_NORMAL | CL_SCAN_STRUCTURED_SSN_STRIPPED);
break;
default:
logg("!Invalid argument for --structured-ssn-format\n"); |
8770404a |
return 2; |
5fe6e72b |
}
} else { |
3f9918e1 |
options |= CL_SCAN_STRUCTURED_SSN_NORMAL; |
5fe6e72b |
}
|
09dc3ecb |
if((opt = optget(opts, "structured-ssn-count"))->active) { |
2accc66f |
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_SSN_COUNT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MIN_SSN_COUNT) failed: %s\n", cl_strerror(ret)); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
370892d0 |
}
} |
5fe6e72b |
|
09dc3ecb |
if((opt = optget(opts, "structured-cc-count"))->active) { |
2accc66f |
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_CC_COUNT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MIN_CC_COUNT) failed: %s\n", cl_strerror(ret)); |
370892d0 |
cl_engine_free(engine); |
8770404a |
return 2; |
370892d0 |
}
} |
5fe6e72b |
|
269d520d |
} else { |
a6e38800 |
options &= ~CL_SCAN_STRUCTURED; |
269d520d |
} |
a6e38800 |
|
e3aaff8e |
#ifdef C_LINUX |
d9b55a82 |
procdev = (dev_t) 0; |
53c7b870 |
if(stat("/proc", &sb) != -1 && !sb.st_size) |
e3aaff8e |
procdev = sb.st_dev;
#endif
/* check filetype */ |
c2b6681b |
if(!opts->filename && !optget(opts, "file-list")->enabled) { |
2d70a403 |
/* we need full path for some reasons (eg. archive handling) */ |
b782aece |
if(!getcwd(cwd, sizeof(cwd))) { |
9f0e5585 |
logg("!Can't get absolute pathname of current working directory\n"); |
8770404a |
ret = 2; |
2086dc5c |
} else {
stat(cwd, &sb); |
8770404a |
scandirs(cwd, engine, opts, options, 1, sb.st_dev); |
2086dc5c |
} |
2d70a403 |
|
c2b6681b |
} else if(opts->filename && !optget(opts, "file-list")->enabled && !strcmp(opts->filename[0], "-")) { /* read data from stdin */ |
269d520d |
ret = scanstdin(engine, opts, options); |
e3aaff8e |
} else { |
c2b6681b |
if(opts->filename && optget(opts, "file-list")->enabled)
logg("^Only scanning files from --file-list (files passed at cmdline are ignored)\n");
while((filename = filelist(opts, &ret)) && (file = strdup(filename))) { |
8c57a6c1 |
if(lstat(file, &sb) == -1) {
logg("^%s: Can't access file\n", file); |
ec6429ab |
perror(file); |
8770404a |
ret = 2; |
2d70a403 |
} else { |
1464e7a1 |
for(i = strlen(file) - 1; i > 0; i--) { |
58481352 |
if(file[i] == *PATHSEP) |
ec6429ab |
file[i] = 0; |
a8b056dc |
else |
1464e7a1 |
break; |
a8b056dc |
}
|
8c57a6c1 |
if(S_ISLNK(sb.st_mode)) {
if(dirlnk == 0 && filelnk == 0) {
if(!printinfected)
logg("%s: Symbolic link\n", file);
} else if(stat(file, &sb) != -1) {
if(S_ISREG(sb.st_mode) && filelnk) {
scanfile(file, engine, opts, options);
} else if(S_ISDIR(sb.st_mode) && dirlnk) {
scandirs(file, engine, opts, options, 1, sb.st_dev);
} else {
if(!printinfected)
logg("%s: Symbolic link\n", file);
}
}
} else if(S_ISREG(sb.st_mode)) {
scanfile(file, engine, opts, options);
} else if(S_ISDIR(sb.st_mode)) {
scandirs(file, engine, opts, options, 1, sb.st_dev);
} else {
logg("^%s: Not supported file type\n", file);
ret = 2; |
2d70a403 |
}
} |
ec6429ab |
free(file); |
e3aaff8e |
}
}
|
7a2997f1 |
/* free the engine */ |
370892d0 |
cl_engine_free(engine); |
e3aaff8e |
|
8770404a |
/* overwrite return code - infection takes priority */ |
7a2997f1 |
if(info.ifiles) |
e3aaff8e |
ret = 1; |
8770404a |
else if(info.errors)
ret = 2; |
e3aaff8e |
return ret;
} |