Browse code
include calling YARA rule parser during ClamAV database load.
Steven Morgan authored on 2014/09/24 08:23:06Showing 2 changed files
| ... | ... |
@@ -80,6 +80,9 @@ |
| 80 | 80 |
# include <pthread.h> |
| 81 | 81 |
static pthread_mutex_t cli_ref_mutex = PTHREAD_MUTEX_INITIALIZER; |
| 82 | 82 |
#endif |
| 83 |
+#ifndef _WIN32 |
|
| 84 |
+#include "yara_clam.h" |
|
| 85 |
+#endif |
|
| 83 | 86 |
|
| 84 | 87 |
char *cli_virname(char *virname, unsigned int official) |
| 85 | 88 |
{
|
| ... | ... |
@@ -2617,6 +2620,29 @@ static int cli_loadopenioc(FILE *fs, const char *dbname, struct cl_engine *engin |
| 2617 | 2617 |
return rc; |
| 2618 | 2618 |
} |
| 2619 | 2619 |
|
| 2620 |
+#ifndef _WIN32 |
|
| 2621 |
+static int cli_loadyara(FILE *fs, const char *dbname, struct cl_engine *engine, unsigned int options, struct cli_dbio *dbio) |
|
| 2622 |
+{
|
|
| 2623 |
+ char buffer[FILEBUFF]; |
|
| 2624 |
+ char * current_rule = NULL; |
|
| 2625 |
+ char * current_meta = NULL; |
|
| 2626 |
+ char * current_string = NULL; |
|
| 2627 |
+ char * current_condition = NULL; |
|
| 2628 |
+ int rc = CL_SUCCESS; |
|
| 2629 |
+ uint32_t line = 0; |
|
| 2630 |
+ uint32_t rule = 0; |
|
| 2631 |
+ uint8_t is_comment; |
|
| 2632 |
+ uint8_t rule_state; |
|
| 2633 |
+ YR_COMPILER compiler; |
|
| 2634 |
+ |
|
| 2635 |
+ cli_errmsg("Loading yara signatures\n");
|
|
| 2636 |
+#if 0 /* for compilation */ |
|
| 2637 |
+ yr_lex_parse_rules_file(fs, &compiler); |
|
| 2638 |
+#endif |
|
| 2639 |
+ return rc; |
|
| 2640 |
+} |
|
| 2641 |
+#endif |
|
| 2642 |
+ |
|
| 2620 | 2643 |
static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned int *signo, unsigned int options); |
| 2621 | 2644 |
|
| 2622 | 2645 |
int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio) |
| ... | ... |
@@ -2747,6 +2773,8 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo |
| 2747 | 2747 |
ret = cli_loadmscat(fs, dbname, engine, options, dbio); |
| 2748 | 2748 |
} else if(cli_strbcasestr(dbname, ".ioc")) {
|
| 2749 | 2749 |
ret = cli_loadopenioc(fs, dbname, engine, options); |
| 2750 |
+ } else if(cli_strbcasestr(dbname, ".yar") || cli_strbcasestr(dbname, ".yara")) {
|
|
| 2751 |
+ ret = cli_loadyara(fs, dbname, engine, options, dbio); |
|
| 2750 | 2752 |
} else {
|
| 2751 | 2753 |
cli_dbgmsg("cli_load: unknown extension - assuming old database format\n");
|
| 2752 | 2754 |
ret = cli_loaddb(fs, engine, signo, options, dbio, dbname); |
| ... | ... |
@@ -62,7 +62,9 @@ |
| 62 | 62 |
cli_strbcasestr(ext, ".cat") || \ |
| 63 | 63 |
cli_strbcasestr(ext, ".crb") || \ |
| 64 | 64 |
cli_strbcasestr(ext, ".idb") || \ |
| 65 |
- cli_strbcasestr(ext, ".ioc") \ |
|
| 65 |
+ cli_strbcasestr(ext, ".ioc") || \ |
|
| 66 |
+ cli_strbcasestr(ext, ".yar") || \ |
|
| 67 |
+ cli_strbcasestr(ext, ".yara") \ |
|
| 66 | 68 |
) |
| 67 | 69 |
|
| 68 | 70 |
char *cli_virname(char *virname, unsigned int official); |