e3aaff8e |
/* |
54402320 |
* Copyright (C) 2007-2012 Sourcefire, Inc. |
086eab5c |
*
* Authors: Tomasz Kojm |
e3aaff8e |
*
* This program is free software; you can redistribute it and/or modify |
bb34cb31 |
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. |
e3aaff8e |
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
e3aaff8e |
*/
|
6d6e8271 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
e3aaff8e |
#include <stdio.h>
#include <stdlib.h>
#include <string.h> |
9a03413e |
#include <signal.h>
|
34f71e0e |
#ifdef HAVE_UNISTD_H |
e3aaff8e |
#include <unistd.h> |
34f71e0e |
#endif |
4cd80898 |
#ifndef _WIN32 |
e3aaff8e |
#include <sys/time.h> |
34f71e0e |
#endif |
e3aaff8e |
#include <time.h> |
7a2997f1 |
#ifdef C_LINUX
#include <sys/resource.h>
#endif |
e3aaff8e |
|
b2e7c931 |
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "libclamav/crypto.h"
|
e3aaff8e |
#include "others.h" |
7a2997f1 |
#include "global.h" |
e3aaff8e |
#include "manager.h" |
afb48b28 |
|
7a2997f1 |
#include "shared/misc.h"
#include "shared/output.h" |
ee6702ab |
#include "shared/actions.h" |
269d520d |
#include "shared/optparser.h" |
fc56deed |
|
24555841 |
#include "libclamav/str.h" |
ec6429ab |
#include "libclamav/clamav.h" |
24555841 |
|
e3aaff8e |
void help(void);
|
7a2997f1 |
struct s_info info; |
9c025fb3 |
short recursion = 0, bell = 0;
short printinfected = 0, printclean = 1; |
58bcf502 |
|
7b8edc5c |
int main(int argc, char **argv) |
e3aaff8e |
{
int ds, dms, ret; |
5da3127b |
double mb, rmb; |
e3aaff8e |
struct timeval t1, t2; |
4cd80898 |
#ifndef _WIN32 |
9a03413e |
sigset_t sigset; |
34f71e0e |
#endif |
269d520d |
struct optstruct *opts;
const struct optstruct *opt; |
e3aaff8e |
|
bca0b679 |
if(check_flevel())
exit(2);
|
4cd80898 |
#if !defined(_WIN32) && !defined(C_BEOS) |
9a03413e |
sigemptyset(&sigset);
sigaddset(&sigset, SIGXFSZ);
sigprocmask(SIG_SETMASK, &sigset, NULL);
#endif
|
d4a7c3a0 |
#if defined(_WIN32)
cl_initialize_crypto();
#endif
|
269d520d |
|
a68d5e2f |
if((opts = optparse(NULL, argc, argv, 1, OPT_CLAMSCAN, 0, NULL)) == NULL) { |
269d520d |
mprintf("!Can't parse command line options\n"); |
8770404a |
return 2; |
7b8edc5c |
}
|
269d520d |
if(optget(opts, "verbose")->enabled) { |
afb48b28 |
mprintf_verbose = 1;
logg_verbose = 1;
} |
e3aaff8e |
|
269d520d |
if(optget(opts, "quiet")->enabled) |
58bcf502 |
mprintf_quiet = 1; |
e3aaff8e |
|
269d520d |
if(optget(opts, "stdout")->enabled) |
58bcf502 |
mprintf_stdout = 1; |
e3aaff8e |
|
7b8edc5c |
|
269d520d |
if(optget(opts, "debug")->enabled) { |
fc56deed |
#if defined(C_LINUX)
/* njh@bandsman.co.uk: create a dump if needed */
struct rlimit rlim;
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
if(setrlimit(RLIMIT_CORE, &rlim) < 0)
perror("setrlimit");
#endif
cl_debug(); /* enable debug messages */
} |
d4d14218 |
|
3ca11170 |
if (optget(opts, "gen-mdb")->enabled) {
cl_always_gen_section_hash();
}
|
269d520d |
if(optget(opts, "version")->enabled) {
print_version(optget(opts, "database")->strarg);
optfree(opts); |
c32360c1 |
return 0; |
e3aaff8e |
}
|
269d520d |
if(optget(opts, "help")->enabled) {
optfree(opts); |
e3aaff8e |
help(); |
7b8edc5c |
return 0; |
e3aaff8e |
}
|
269d520d |
if(optget(opts, "recursive")->enabled) |
58bcf502 |
recursion = 1; |
e3aaff8e |
|
269d520d |
if(optget(opts, "infected")->enabled) |
58bcf502 |
printinfected = 1; |
e3aaff8e |
|
9c025fb3 |
if(optget(opts, "suppress-ok-results")->enabled)
printclean = 0;
|
269d520d |
if(optget(opts, "bell")->enabled) |
58bcf502 |
bell = 1; |
af22ece1 |
|
e3aaff8e |
/* initialize logger */ |
269d520d |
if((opt = optget(opts, "log"))->enabled) {
logg_file = opt->strarg; |
914ce12d |
if(logg("#\n-------------------------------------------------------------------------------\n\n")) { |
e3aaff8e |
mprintf("!Problem with internal logger.\n"); |
269d520d |
optfree(opts); |
8770404a |
return 2; |
e3aaff8e |
}
} else |
afb48b28 |
logg_file = NULL; |
e3aaff8e |
|
ee6702ab |
if(actsetup(opts)) {
optfree(opts);
logg_close();
exit(2);
} |
7b8edc5c |
|
7a2997f1 |
memset(&info, 0, sizeof(struct s_info)); |
e3aaff8e |
|
b8f3f028 |
gettimeofday(&t1, NULL); |
34f71e0e |
|
269d520d |
ret = scanmanager(opts); |
e3aaff8e |
|
269d520d |
if(!optget(opts, "no-summary")->enabled) { |
b8f3f028 |
gettimeofday(&t2, NULL); |
be4bf7f4 |
ds = t2.tv_sec - t1.tv_sec; |
e3aaff8e |
dms = t2.tv_usec - t1.tv_usec;
ds -= (dms < 0) ? (1):(0);
dms += (dms < 0) ? (1000000):(0); |
0ae41a2d |
logg("\n----------- SCAN SUMMARY -----------\n"); |
7a2997f1 |
logg("Known viruses: %u\n", info.sigs); |
add738d2 |
logg("Engine version: %s\n", get_version()); |
7a2997f1 |
logg("Scanned directories: %u\n", info.dirs);
logg("Scanned files: %u\n", info.files);
logg("Infected files: %u\n", info.ifiles); |
8770404a |
if(info.errors)
logg("Total errors: %u\n", info.errors); |
ee6702ab |
if(notremoved) {
logg("Not removed: %u\n", notremoved); |
e3aaff8e |
} |
ee6702ab |
if(notmoved) {
logg("Not %s: %u\n", optget(opts, "copy")->enabled ? "moved" : "copied", notmoved); |
e3aaff8e |
} |
7a2997f1 |
mb = info.blocks * (CL_COUNT_PRECISION / 1024) / 1024.0; |
0ae41a2d |
logg("Data scanned: %2.2lf MB\n", mb); |
5da3127b |
rmb = info.rblocks * (CL_COUNT_PRECISION / 1024) / 1024.0;
logg("Data read: %2.2lf MB (ratio %.2f:1)\n", rmb, info.rblocks ? (double)info.blocks/(double)info.rblocks : 0); |
7a2997f1 |
logg("Time: %u.%3.3u sec (%u m %u s)\n", ds, dms/1000, ds/60, ds%60); |
e3aaff8e |
}
|
269d520d |
optfree(opts); |
34f71e0e |
|
c32360c1 |
return ret; |
e3aaff8e |
}
void help(void)
{
mprintf_stdout = 1;
mprintf("\n"); |
add738d2 |
mprintf(" Clam AntiVirus Scanner %s\n", get_version()); |
6670464f |
printf(" By The ClamAV Team: http://www.clamav.net/team\n");
printf(" (C) 2007-2009 Sourcefire, Inc.\n\n"); |
5def21ff |
|
a36e6e5c |
mprintf(" --help -h Print this help screen\n");
mprintf(" --version -V Print version number\n"); |
5def21ff |
mprintf(" --verbose -v Be verbose\n"); |
248c2f4d |
mprintf(" --archive-verbose -a Show filenames inside scanned archives\n"); |
a36e6e5c |
mprintf(" --debug Enable libclamav's debug messages\n");
mprintf(" --quiet Only output error messages\n"); |
5def21ff |
mprintf(" --stdout Write to stdout instead of stderr\n"); |
a36e6e5c |
mprintf(" --no-summary Disable summary at end of scanning\n");
mprintf(" --infected -i Only print infected files\n"); |
9c025fb3 |
mprintf(" --suppress-ok-results -o Skip printing OK files\n"); |
a36e6e5c |
mprintf(" --bell Sound bell on virus detection\n"); |
e3aaff8e |
mprintf("\n"); |
a9082ea2 |
mprintf(" --tempdir=DIRECTORY Create temporary files in DIRECTORY\n"); |
269d520d |
mprintf(" --leave-temps[=yes/no(*)] Do not remove temporary files\n"); |
5def21ff |
mprintf(" --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load\n"); |
269d520d |
mprintf(" all supported db files from DIR\n"); |
208ceae5 |
mprintf(" --official-db-only[=yes/no(*)] Only load official signatures\n"); |
a9ebff44 |
mprintf(" --log=FILE -l FILE Save scan report to FILE\n"); |
269d520d |
mprintf(" --recursive[=yes/no(*)] -r Scan subdirectories recursively\n"); |
1feaa72a |
mprintf(" --allmatch[=yes/no(*)] -z Continue scanning within file after finding a match\n"); |
2086dc5c |
mprintf(" --cross-fs[=yes(*)/no] Scan files and directories on other filesystems\n"); |
8c57a6c1 |
mprintf(" --follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0 = never, 1 = direct, 2 = always)\n");
mprintf(" --follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0 = never, 1 = direct, 2 = always)\n"); |
c2b6681b |
mprintf(" --file-list=FILE -f FILE Scan files from FILE\n"); |
269d520d |
mprintf(" --remove[=yes/no(*)] Remove infected files. Be careful!\n"); |
5def21ff |
mprintf(" --move=DIRECTORY Move infected files into DIRECTORY\n"); |
c6d2bbbc |
mprintf(" --copy=DIRECTORY Copy infected files into DIRECTORY\n"); |
266f3967 |
mprintf(" --exclude=REGEX Don't scan file names matching REGEX\n"); |
66ceca09 |
mprintf(" --exclude-dir=REGEX Don't scan directories matching REGEX\n"); |
266f3967 |
mprintf(" --include=REGEX Only scan file names matching REGEX\n"); |
66ceca09 |
mprintf(" --include-dir=REGEX Only scan directories matching REGEX\n"); |
e3aaff8e |
mprintf("\n"); |
c4910836 |
mprintf(" --bytecode[=yes(*)/no] Load bytecode from the database\n"); |
62315ce6 |
mprintf(" --bytecode-unsigned[=yes/no(*)] Load unsigned bytecode\n"); |
8c57a6c1 |
mprintf(" --bytecode-timeout=N Set bytecode timeout (in milliseconds)\n"); |
54402320 |
mprintf(" --bytecode-statistics[=yes/no(*)] Collect and print bytecode statistics\n"); |
269d520d |
mprintf(" --detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications\n"); |
b023c36d |
mprintf(" --exclude-pua=CAT Skip PUA sigs of category CAT\n");
mprintf(" --include-pua=CAT Load PUA sigs of category CAT\n"); |
269d520d |
mprintf(" --detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card)\n"); |
5fe6e72b |
mprintf(" --structured-ssn-format=X SSN format (0=normal,1=stripped,2=both)\n");
mprintf(" --structured-ssn-count=N Min SSN count to generate a detect\n");
mprintf(" --structured-cc-count=N Min CC count to generate a detect\n"); |
269d520d |
mprintf(" --scan-mail[=yes(*)/no] Scan mail files\n");
mprintf(" --phishing-sigs[=yes(*)/no] Signature-based phishing detection\n");
mprintf(" --phishing-scan-urls[=yes(*)/no] URL-based phishing detection\n");
mprintf(" --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found\n");
mprintf(" --phishing-ssl[=yes/no(*)] Always block SSL mismatches in URLs (phishing module)\n");
mprintf(" --phishing-cloak[=yes/no(*)] Always block cloaked URLs (phishing module)\n"); |
e33d8379 |
mprintf(" --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.\n"); |
269d520d |
mprintf(" --algorithmic-detection[=yes(*)/no] Algorithmic detection\n");
mprintf(" --scan-pe[=yes(*)/no] Scan PE files\n");
mprintf(" --scan-elf[=yes(*)/no] Scan ELF files\n");
mprintf(" --scan-ole2[=yes(*)/no] Scan OLE2 containers\n");
mprintf(" --scan-pdf[=yes(*)/no] Scan PDF files\n"); |
1e41fdba |
mprintf(" --scan-swf[=yes(*)/no] Scan SWF files\n"); |
269d520d |
mprintf(" --scan-html[=yes(*)/no] Scan HTML files\n");
mprintf(" --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)\n");
mprintf(" --detect-broken[=yes/no(*)] Try to detect broken executable files\n");
mprintf(" --block-encrypted[=yes/no(*)] Block encrypted archives\n"); |
5cc4cb86 |
mprintf(" --nocerts Disable authenticode certificate chain verification in PE files\n"); |
7209997f |
mprintf(" --dumpcerts Dump authenticode certificate chain in PE files\n"); |
a36e6e5c |
mprintf("\n"); |
a5d91be7 |
mprintf(" --max-filesize=#n Files larger than this will be skipped and assumed clean\n"); |
269d520d |
mprintf(" --max-scansize=#n The maximum amount of data to scan for each container file (**)\n");
mprintf(" --max-files=#n The maximum number of files to scan for each container file (**)\n");
mprintf(" --max-recursion=#n Maximum archive recursion level for container file (**)\n"); |
14dee074 |
mprintf(" --max-dir-recursion=#n Maximum directory recursion level\n"); |
b2726a53 |
mprintf(" --max-embeddedpe=#n Maximum size file to check for embedded PE\n");
mprintf(" --max-htmlnormalize=#n Maximum size of HTML file to normalize\n");
mprintf(" --max-htmlnotags=#n Maximum size of normalized HTML file to scan\n");
mprintf(" --max-scriptnormalize=#n Maximum size of script file to normalize\n");
mprintf(" --max-ziptypercg=#n Maximum size zip to type reanalyze\n"); |
4b5895b8 |
mprintf(" --max-partitions=#n Maximum number of partitions in disk image to be scanned\n"); |
067bce5f |
mprintf(" --max-iconspe=#n Maximum number of icons in PE file to be scanned\n"); |
2e10c4d7 |
mprintf(" --enable-stats Enable statistical reporting of malware\n");
mprintf(" --disable-pe-stats Disable submission of individual PE sections in stats submissions\n");
mprintf(" --stats-timeout=#n Number of seconds to wait for waiting a response back from the stats server\n");
mprintf(" --stats-host-id=UUID Set the Host ID used when submitting statistical info.\n"); |
ec6429ab |
mprintf("\n"); |
269d520d |
mprintf("(*) Default scan settings\n");
mprintf("(**) Certain files (e.g. documents, archives, etc.) may in turn contain other\n");
mprintf(" files inside. The above options ensure safe processing of this kind of data.\n\n"); |
e3aaff8e |
} |