... | ... |
@@ -106,6 +106,10 @@ int main(int argc, char **argv) |
106 | 106 |
cl_debug(); /* enable debug messages */ |
107 | 107 |
} |
108 | 108 |
|
109 |
+ if (optget(opts, "gen-mdb")->enabled) { |
|
110 |
+ cl_always_gen_section_hash(); |
|
111 |
+ } |
|
112 |
+ |
|
109 | 113 |
if(optget(opts, "version")->enabled) { |
110 | 114 |
print_version(optget(opts, "database")->strarg); |
111 | 115 |
optfree(opts); |
... | ... |
@@ -556,12 +556,39 @@ static int scan_pe_mdb (cli_ctx * ctx, struct cli_exe_section *exe_section) |
556 | 556 |
/* Print hash */ |
557 | 557 |
if (cli_debug_flag) { |
558 | 558 |
md5 = hashset[CLI_HASH_MD5]; |
559 |
- if (md5) |
|
559 |
+ if (md5) { |
|
560 | 560 |
cli_dbgmsg("MDB: %u:%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", |
561 | 561 |
exe_section->rsz, md5[0], md5[1], md5[2], md5[3], md5[4], md5[5], md5[6], md5[7], |
562 | 562 |
md5[8], md5[9], md5[10], md5[11], md5[12], md5[13], md5[14], md5[15]); |
563 |
- else |
|
563 |
+ } else if (cli_always_gen_section_hash) { |
|
564 |
+ const void *hashme = fmap_need_off_once(*ctx->fmap, exe_section->raw, exe_section->rsz); |
|
565 |
+ cli_md5_ctx md5ctx; |
|
566 |
+ if (!(hashme)) { |
|
567 |
+ cli_errmsg("scan_pe_mdb: unable to read section data\n"); |
|
568 |
+ ret = CL_EREAD; |
|
569 |
+ goto end; |
|
570 |
+ } |
|
571 |
+ |
|
572 |
+ md5 = cli_malloc(16); |
|
573 |
+ if (!(md5)) { |
|
574 |
+ cli_errmsg("scan_pe_mdb: cli_malloc failed!\n"); |
|
575 |
+ ret = CL_EMEM; |
|
576 |
+ goto end; |
|
577 |
+ } |
|
578 |
+ |
|
579 |
+ cli_md5_init(&md5ctx); |
|
580 |
+ cli_md5_update(&md5ctx, hashme, exe_section->rsz); |
|
581 |
+ cli_md5_final(md5, &md5ctx); |
|
582 |
+ |
|
583 |
+ cli_dbgmsg("MDB: %u:%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", |
|
584 |
+ exe_section->rsz, md5[0], md5[1], md5[2], md5[3], md5[4], md5[5], md5[6], md5[7], |
|
585 |
+ md5[8], md5[9], md5[10], md5[11], md5[12], md5[13], md5[14], md5[15]); |
|
586 |
+ |
|
587 |
+ free(md5); |
|
588 |
+ |
|
589 |
+ } else { |
|
564 | 590 |
cli_dbgmsg("MDB: %u:notgenerated\n", exe_section->rsz); |
591 |
+ } |
|
565 | 592 |
} |
566 | 593 |
|
567 | 594 |
/* Do scans */ |
... | ... |
@@ -582,6 +609,7 @@ static int scan_pe_mdb (cli_ctx * ctx, struct cli_exe_section *exe_section) |
582 | 582 |
} |
583 | 583 |
} |
584 | 584 |
|
585 |
+end: |
|
585 | 586 |
for(type = CLI_HASH_AVAIL_TYPES; type > 0;) |
586 | 587 |
free(hashset[--type]); |
587 | 588 |
return ret; |
... | ... |
@@ -86,6 +86,7 @@ const struct clam_option __clam_options[] = { |
86 | 86 |
{ NULL, "allmatch", 'z', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_CLAMDSCAN, "", "" }, |
87 | 87 |
{ NULL, "database", 'd', TYPE_STRING, NULL, -1, DATADIR, FLAG_REQUIRED | FLAG_MULTIPLE, OPT_CLAMSCAN, "", "" }, /* merge it with DatabaseDirectory (and fix conflict with --datadir */ |
88 | 88 |
{ NULL, "recursive", 'r', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" }, |
89 |
+ { NULL, "gen-mdb", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Always generate MDB entries for PE sections", "" }, |
|
89 | 90 |
{ NULL, "follow-dir-symlinks", 0, TYPE_NUMBER, MATCH_NUMBER, 1, NULL, 0, OPT_CLAMSCAN, "", "" }, |
90 | 91 |
{ NULL, "follow-file-symlinks", 0, TYPE_NUMBER, MATCH_NUMBER, 1, NULL, 0, OPT_CLAMSCAN, "", "" }, |
91 | 92 |
{ NULL, "bell", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" }, |