... | ... |
@@ -867,6 +867,16 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi |
867 | 867 |
val = cl_engine_get_num(engine, CL_ENGINE_MAX_PARTITIONS, NULL); |
868 | 868 |
logg("Limits: MaxPartitions limit set to %llu.\n", val); |
869 | 869 |
|
870 |
+ if((opt = optget(opts, "MaxIconsPE"))->active) { |
|
871 |
+ if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) { |
|
872 |
+ logg("!cli_engine_set_num(MaxIconsPE) failed: %s\n", cl_strerror(ret)); |
|
873 |
+ cl_engine_free(engine); |
|
874 |
+ return 1; |
|
875 |
+ } |
|
876 |
+ } |
|
877 |
+ val = cl_engine_get_num(engine, CL_ENGINE_MAX_ICONSPE, NULL); |
|
878 |
+ logg("Limits: MaxIconsPE limit set to %llu.\n", val); |
|
879 |
+ |
|
870 | 880 |
if(optget(opts, "ScanArchive")->enabled) { |
871 | 881 |
logg("Archive support enabled.\n"); |
872 | 882 |
options |= CL_SCAN_ARCHIVE; |
... | ... |
@@ -278,6 +278,7 @@ void help(void) |
278 | 278 |
mprintf(" --max-scriptnormalize=#n Maximum size of script file to normalize\n"); |
279 | 279 |
mprintf(" --max-ziptypercg=#n Maximum size zip to type reanalyze\n"); |
280 | 280 |
mprintf(" --max-partitions=#n Maximum number of partitions in disk image to be scanned\n"); |
281 |
+ mprintf(" --max-iconspe=#n Maximum number of icons in PE file to be scanned\n"); |
|
281 | 282 |
mprintf("\n"); |
282 | 283 |
mprintf("(*) Default scan settings\n"); |
283 | 284 |
mprintf("(**) Certain files (e.g. documents, archives, etc.) may in turn contain other\n"); |
... | ... |
@@ -839,6 +839,14 @@ int scanmanager(const struct optstruct *opts) |
839 | 839 |
} |
840 | 840 |
} |
841 | 841 |
|
842 |
+ if((opt = optget(opts, "max-iconspe"))->active) { |
|
843 |
+ if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) { |
|
844 |
+ logg("!cli_engine_set_num(CL_ENGINE_MAX_ICONSPE) failed: %s\n", cl_strerror(ret)); |
|
845 |
+ cl_engine_free(engine); |
|
846 |
+ return 2; |
|
847 |
+ } |
|
848 |
+ } |
|
849 |
+ |
|
842 | 850 |
/* set scan options */ |
843 | 851 |
if(optget(opts, "allmatch")->enabled) |
844 | 852 |
options |= CL_SCAN_ALLMATCHES; |
... | ... |
@@ -586,6 +586,17 @@ Negative values are not allowed. |
586 | 586 |
WARNING: setting this limit too high may result in severe damage or impact performance. |
587 | 587 |
.br |
588 | 588 |
Default: 50 |
589 |
+.TP |
|
590 |
+\fBMaxIconsPE SIZE\fR |
|
591 |
+This option sets the maximum number of icons within a PE to be scanned. |
|
592 |
+.br |
|
593 |
+PE files with more icons than this value will have up to the value number icons scanned. |
|
594 |
+.br |
|
595 |
+Negative values are not allowed. |
|
596 |
+.br |
|
597 |
+WARNING: setting this limit too high may result in severe damage or impact performance. |
|
598 |
+.br |
|
599 |
+Default: 100 |
|
589 | 600 |
.TP |
590 | 601 |
\fBClamukoScanOnAccess (OBSOLETE)\fR |
591 | 602 |
\fBWARNING:\fR This option is no longer accepted. See \fBScanOnAccess\fR. |
... | ... |
@@ -205,11 +205,14 @@ Maximum size of normalized HTML file to scan. You may pass the value in kilobyte |
205 | 205 |
\fB\-\-max\-scriptnormalize=#n\fR |
206 | 206 |
Maximum size of script file to normalize. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number (default: 5 MB, max: <4 GB). |
207 | 207 |
.TP |
208 |
-\fB\-\-max-ziptypercg=#n\fR |
|
208 |
+\fB\-\-max\-ziptypercg=#n\fR |
|
209 | 209 |
Maximum size zip to type reanalyze. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number (default: 1 MB, max: <4 GB). |
210 | 210 |
.TP |
211 |
-\fB\-\-max-partitions=#n\fR |
|
211 |
+\fB\-\-max\-partitions=#n\fR |
|
212 | 212 |
This option sets the maximum number of partitions of a raw disk image to be scanned. This must be a positive integer (default: 50). |
213 |
+.TP |
|
214 |
+\fB\-\-max\-iconspe=#n\fR |
|
215 |
+This option sets the maximum number of icons within a PE to be scanned. This must be a positive integer (default: 100). |
|
213 | 216 |
.SH "EXAMPLES" |
214 | 217 |
.LP |
215 | 218 |
.TP |
... | ... |
@@ -514,6 +514,13 @@ Example |
514 | 514 |
# Default: 50 |
515 | 515 |
#MaxPartitions 128 |
516 | 516 |
|
517 |
+# This option sets the maximum number of icons within a PE to be scanned. |
|
518 |
+# PE files with more icons than this value will have up to the value number icons scanned. |
|
519 |
+# Negative values are not allowed. |
|
520 |
+# WARNING: setting this limit too high may result in severe damage or impact performance. |
|
521 |
+# Default: 100 |
|
522 |
+#MaxIconsPE 200 |
|
523 |
+ |
|
517 | 524 |
## |
518 | 525 |
## On-access Scan Settings |
519 | 526 |
## |
... | ... |
@@ -207,7 +207,8 @@ enum cl_engine_field { |
207 | 207 |
CL_ENGINE_DISABLE_CACHE, /* uint32_t */ |
208 | 208 |
CL_ENGINE_DISABLE_PE_STATS, /* uint32_t */ |
209 | 209 |
CL_ENGINE_STATS_TIMEOUT, /* uint32_t */ |
210 |
- CL_ENGINE_MAX_PARTITIONS /* uint32_t */ |
|
210 |
+ CL_ENGINE_MAX_PARTITIONS, /* uint32_t */ |
|
211 |
+ CL_ENGINE_MAX_ICONSPE /* uint32_t */ |
|
211 | 212 |
}; |
212 | 213 |
|
213 | 214 |
enum bytecode_security { |
... | ... |
@@ -417,8 +417,11 @@ struct cl_engine *cl_engine_new(void) |
417 | 417 |
new->cb_stats_get_size = clamav_stats_get_size; |
418 | 418 |
new->cb_stats_get_hostid = clamav_stats_get_hostid; |
419 | 419 |
|
420 |
- /* Setup raw dmg max settings */ |
|
421 |
- new->maxpartitions = 50; |
|
420 |
+ /* Setup raw disk image max settings */ |
|
421 |
+ new->maxpartitions = CLI_DEFAULT_MAXPARTITIONS; |
|
422 |
+ |
|
423 |
+ /* Engine max settings */ |
|
424 |
+ new->maxiconspe = CLI_DEFAULT_MAXICONSPE; |
|
422 | 425 |
|
423 | 426 |
cli_dbgmsg("Initialized %s engine\n", cl_retver()); |
424 | 427 |
return new; |
... | ... |
@@ -562,6 +565,9 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long |
562 | 562 |
case CL_ENGINE_MAX_PARTITIONS: |
563 | 563 |
engine->maxpartitions = (uint32_t)num; |
564 | 564 |
break; |
565 |
+ case CL_ENGINE_MAX_ICONSPE: |
|
566 |
+ engine->maxiconspe = (uint32_t)num; |
|
567 |
+ break; |
|
565 | 568 |
default: |
566 | 569 |
cli_errmsg("cl_engine_set_num: Incorrect field number\n"); |
567 | 570 |
return CL_EARG; |
... | ... |
@@ -633,6 +639,8 @@ long long cl_engine_get_num(const struct cl_engine *engine, enum cl_engine_field |
633 | 633 |
return ((cli_intel_t *)(engine->stats_data))->timeout; |
634 | 634 |
case CL_ENGINE_MAX_PARTITIONS: |
635 | 635 |
return engine->maxpartitions; |
636 |
+ case CL_ENGINE_MAX_ICONSPE: |
|
637 |
+ return engine->maxiconspe; |
|
636 | 638 |
default: |
637 | 639 |
cli_errmsg("cl_engine_get: Incorrect field number\n"); |
638 | 640 |
if(err) |
... | ... |
@@ -741,6 +749,8 @@ struct cl_settings *cl_engine_settings_copy(const struct cl_engine *engine) |
741 | 741 |
|
742 | 742 |
settings->maxpartitions = engine->maxpartitions; |
743 | 743 |
|
744 |
+ settings->maxiconspe = engine->maxiconspe; |
|
745 |
+ |
|
744 | 746 |
return settings; |
745 | 747 |
} |
746 | 748 |
|
... | ... |
@@ -813,6 +823,8 @@ int cl_engine_settings_apply(struct cl_engine *engine, const struct cl_settings |
813 | 813 |
|
814 | 814 |
engine->maxpartitions = settings->maxpartitions; |
815 | 815 |
|
816 |
+ engine->maxiconspe = settings->maxiconspe; |
|
817 |
+ |
|
816 | 818 |
return CL_SUCCESS; |
817 | 819 |
} |
818 | 820 |
|
... | ... |
@@ -329,8 +329,11 @@ struct cl_engine { |
329 | 329 |
clcb_stats_get_size cb_stats_get_size; |
330 | 330 |
clcb_stats_get_hostid cb_stats_get_hostid; |
331 | 331 |
|
332 |
- /* Raw dmg max settings */ |
|
332 |
+ /* Raw disk image max settings */ |
|
333 | 333 |
uint32_t maxpartitions; |
334 |
+ |
|
335 |
+ /* Engine max settings */ |
|
336 |
+ uint32_t maxiconspe; /* max number of icons to scan for PE */ |
|
334 | 337 |
}; |
335 | 338 |
|
336 | 339 |
struct cl_settings { |
... | ... |
@@ -383,8 +386,11 @@ struct cl_settings { |
383 | 383 |
clcb_stats_get_size cb_stats_get_size; |
384 | 384 |
clcb_stats_get_hostid cb_stats_get_hostid; |
385 | 385 |
|
386 |
- /* Raw dmg max settings */ |
|
387 |
- uint32_t maxpartitions; |
|
386 |
+ /* Raw disk image max settings */ |
|
387 |
+ uint32_t maxpartitions; /* max number of partitions to scan in a disk image */ |
|
388 |
+ |
|
389 |
+ /* Engine max settings */ |
|
390 |
+ uint32_t maxiconspe; /* max number of icons to scan for PE */ |
|
388 | 391 |
}; |
389 | 392 |
|
390 | 393 |
extern int (*cli_unrar_open)(int fd, const char *dirname, unrar_state_t *state); |
... | ... |
@@ -32,8 +32,6 @@ |
32 | 32 |
#include "pe_icons.h" |
33 | 33 |
#include "others.h" |
34 | 34 |
|
35 |
-#define PE_MAXICONS 1000 |
|
36 |
- |
|
37 | 35 |
#define READ32(x) cli_readint32(&(x)) |
38 | 36 |
#define READ16(x) cli_readint16(&(x)) |
39 | 37 |
#define USE_FLOATS |
... | ... |
@@ -115,7 +113,7 @@ int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct c |
115 | 115 |
icon_env.nsections = nsections; |
116 | 116 |
icon_env.hdr_size = hdr_size; |
117 | 117 |
|
118 |
- icon_env.max_icons = PE_MAXICONS; |
|
118 |
+ icon_env.max_icons = ctx->engine->maxiconspe; |
|
119 | 119 |
|
120 | 120 |
/* icon group scan callback --> groupicon_scan_cb() */ |
121 | 121 |
findres(14, 0xffffffff, resdir_rva, map, exe_sections, nsections, hdr_size, groupicon_scan_cb, &icon_env); |
... | ... |
@@ -124,7 +122,7 @@ int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct c |
124 | 124 |
if (icon_env.result == CL_EMAXSIZE) { |
125 | 125 |
cli_dbgmsg("cli_scanicon: max icon count reached\n"); |
126 | 126 |
} |
127 |
- cli_dbgmsg("cli_scanicon: scanned a total of %u icons across %u icon groups\n", icon_env.icnt, icon_env.gcnt); |
|
127 |
+ cli_dbgmsg("cli_scanicon: scanned a total of %u[%u actual] icons across %u groups\n", icon_env.icnt, icon_env.hcnt, icon_env.gcnt); |
|
128 | 128 |
|
129 | 129 |
/* ignore all error returns (previous behavior) */ |
130 | 130 |
if (icon_env.result == CL_VIRUS) { |
... | ... |
@@ -375,7 +375,9 @@ const struct clam_option __clam_options[] = { |
375 | 375 |
|
376 | 376 |
{ "MaxZipTypeRcg", "max-ziptypercg", 0, TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXZIPTYPERCG, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a ZIP file to reanalyze type recognition.\nZIP files larger than this value will skip the step to potentially reanalyze as PE.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "1M" }, |
377 | 377 |
|
378 |
- { "MaxPartitions", "max-partitions", 0, TYPE_NUMBER, MATCH_NUMBER, 50, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of partitions of a raw disk image to be scanned.\nRaw disk images with more partitions than this value will have up to the value number partitions scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "128" }, |
|
378 |
+ { "MaxPartitions", "max-partitions", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXPARTITIONS, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of partitions of a raw disk image to be scanned.\nRaw disk images with more partitions than this value will have up to the value number partitions scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "128" }, |
|
379 |
+ |
|
380 |
+ { "MaxIconsPE", "max-iconspe", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXICONSPE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of icons within a PE to be scanned.\nPE files with more icons than this value will have up to the value number icons scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "100" }, |
|
379 | 381 |
|
380 | 382 |
/* OnAccess settings */ |
381 | 383 |
{ "ScanOnAccess", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables on-access scanning (Linux only)", "no" }, |