Browse code
bb #6678: Add runtime enable/disable of SWF scanning via option CL_SCAN_SWF
David Raynor authored on 2013/02/06 09:46:56Showing 12 changed files
- ChangeLog
- clamd/server-th.c
- clamscan/clamscan.c
- clamscan/manager.c
- docs/clamdoc.tex
- etc/clamd.conf.sample
- libclamav/clamav.h
- libclamav/others.h
- libclamav/scanners.c
- shared/optparser.c
- win32/clamav-for-windows/clamav-for-windows/clscanapi.h
- win32/clamav-for-windows/clamav-for-windows/interface.c
| ... | ... |
@@ -1,4 +1,8 @@ |
| 1 | 1 |
|
| 2 |
+Tue Feb 5 19:38:35 EDT 2013 (dar) |
|
| 3 |
+------------------------------------ |
|
| 4 |
+ * Add runtime enable/disable of SWF scanning |
|
| 5 |
+ |
|
| 2 | 6 |
Tue Jan 8 12:18:35 EDT 2013 (morgan) |
| 3 | 7 |
------------------------------------ |
| 4 | 8 |
* Fix for CL_ENULLARG reported in regression run of 0021468992.gz |
| ... | ... |
@@ -925,6 +925,13 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi |
| 925 | 925 |
logg("PDF support disabled.\n");
|
| 926 | 926 |
} |
| 927 | 927 |
|
| 928 |
+ if(optget(opts, "ScanSWF")->enabled) {
|
|
| 929 |
+ logg("SWF support enabled.\n");
|
|
| 930 |
+ options |= CL_SCAN_SWF; |
|
| 931 |
+ } else {
|
|
| 932 |
+ logg("SWF support disabled.\n");
|
|
| 933 |
+ } |
|
| 934 |
+ |
|
| 928 | 935 |
if(optget(opts, "ScanHTML")->enabled) {
|
| 929 | 936 |
logg("HTML support enabled.\n");
|
| 930 | 937 |
options |= CL_SCAN_HTML; |
| ... | ... |
@@ -250,6 +250,7 @@ void help(void) |
| 250 | 250 |
mprintf(" --scan-elf[=yes(*)/no] Scan ELF files\n");
|
| 251 | 251 |
mprintf(" --scan-ole2[=yes(*)/no] Scan OLE2 containers\n");
|
| 252 | 252 |
mprintf(" --scan-pdf[=yes(*)/no] Scan PDF files\n");
|
| 253 |
+ mprintf(" --scan-swf[=yes(*)/no] Scan SWF files\n");
|
|
| 253 | 254 |
mprintf(" --scan-html[=yes(*)/no] Scan HTML files\n");
|
| 254 | 255 |
mprintf(" --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)\n");
|
| 255 | 256 |
mprintf(" --detect-broken[=yes/no(*)] Try to detect broken executable files\n");
|
| ... | ... |
@@ -821,6 +821,9 @@ int scanmanager(const struct optstruct *opts) |
| 821 | 821 |
if(optget(opts, "scan-pdf")->enabled) |
| 822 | 822 |
options |= CL_SCAN_PDF; |
| 823 | 823 |
|
| 824 |
+ if(optget(opts, "scan-swf")->enabled) |
|
| 825 |
+ options |= CL_SCAN_SWF; |
|
| 826 |
+ |
|
| 824 | 827 |
if(optget(opts, "scan-html")->enabled) |
| 825 | 828 |
options |= CL_SCAN_HTML; |
| 826 | 829 |
|
| ... | ... |
@@ -1035,6 +1035,8 @@ const char *cl_engine_get_str(const struct cl_engine *engine, |
| 1035 | 1035 |
files). |
| 1036 | 1036 |
\item \textbf{CL\_SCAN\_PDF}\\
|
| 1037 | 1037 |
Enables scanning within PDF files. |
| 1038 |
+ \item \textbf{CL\_SCAN\_SWF}\\
|
|
| 1039 |
+ Enables scanning within SWF files, notably compressed SWF. |
|
| 1038 | 1040 |
\item \textbf{CL\_SCAN\_PE}\\
|
| 1039 | 1041 |
This flag enables deep scanning of Portable Executable files and |
| 1040 | 1042 |
allows libclamav to unpack executables compressed with run-time |
| ... | ... |
@@ -296,6 +296,12 @@ Example |
| 296 | 296 |
# Default: yes |
| 297 | 297 |
#ScanPDF yes |
| 298 | 298 |
|
| 299 |
+# This option enables scanning within SWF files. |
|
| 300 |
+# If you turn off this option, the original files will still be scanned, but |
|
| 301 |
+# without decoding and additional processing. |
|
| 302 |
+# Default: yes |
|
| 303 |
+#ScanSWF yes |
|
| 304 |
+ |
|
| 299 | 305 |
|
| 300 | 306 |
## |
| 301 | 307 |
## Mail files |
| ... | ... |
@@ -148,12 +148,13 @@ typedef enum {
|
| 148 | 148 |
#define CL_SCAN_HEURISTIC_PRECEDENCE 0x80000 |
| 149 | 149 |
#define CL_SCAN_BLOCKMACROS 0x100000 |
| 150 | 150 |
#define CL_SCAN_ALLMATCHES 0x200000 |
| 151 |
+#define CL_SCAN_SWF 0x400000 |
|
| 151 | 152 |
|
| 152 | 153 |
#define CL_SCAN_PERFORMANCE_INFO 0x40000000 /* collect performance timings */ |
| 153 | 154 |
#define CL_SCAN_INTERNAL_COLLECT_SHA 0x80000000 /* Enables hash output in sha-collect builds - for internal use only */ |
| 154 | 155 |
|
| 155 | 156 |
/* recommended scan settings */ |
| 156 |
-#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_PDF | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF) |
|
| 157 |
+#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_PDF | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF | CL_SCAN_SWF) |
|
| 157 | 158 |
|
| 158 | 159 |
/* cl_countsigs options */ |
| 159 | 160 |
#define CL_COUNTSIGS_OFFICIAL 0x1 |
| ... | ... |
@@ -341,6 +341,7 @@ extern int have_rar; |
| 341 | 341 |
#define BLOCK_MACROS (ctx->options & CL_SCAN_BLOCKMACROS) |
| 342 | 342 |
#define SCAN_STRUCTURED (ctx->options & CL_SCAN_STRUCTURED) |
| 343 | 343 |
#define SCAN_ALL (ctx->options & CL_SCAN_ALLMATCHES) |
| 344 |
+#define SCAN_SWF (ctx->options & CL_SCAN_SWF) |
|
| 344 | 345 |
|
| 345 | 346 |
/* based on macros from A. Melnikoff */ |
| 346 | 347 |
#define cbswap16(v) (((v & 0xff) << 8) | (((v) >> 8) & 0xff)) |
| ... | ... |
@@ -325,6 +325,8 @@ const struct clam_option __clam_options[] = {
|
| 325 | 325 |
|
| 326 | 326 |
{ "ScanPDF", "scan-pdf", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning within PDF files.\nIf you turn off this option, the original files will still be scanned, but\nwithout decoding and additional processing.", "yes" },
|
| 327 | 327 |
|
| 328 |
+ { "ScanSWF", "scan-swf", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning within SWF files.\nIf you turn off this option, the original files will still be scanned, but\nwithout decoding and additional processing.", "yes" },
|
|
| 329 |
+ |
|
| 328 | 330 |
{ "ScanArchive", "scan-archive", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Scan within archives and compressed files.\nIf you turn off this option, the original files will still be scanned, but\nwithout unpacking and additional processing.", "yes" },
|
| 329 | 331 |
|
| 330 | 332 |
{ "ArchiveBlockEncrypted", "block-encrypted", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).", "no" },
|
| ... | ... |
@@ -65,7 +65,8 @@ enum CLAM_SCAN_OPTIONS {
|
| 65 | 65 |
CLAM_OPTION_SCAN_PE, /* Enable/disable scanning of archive PE (aka windows) executables */ |
| 66 | 66 |
CLAM_OPTION_SCAN_ALGORITHMIC, /* Enable/disable scanning for certain viruses and exploits */ |
| 67 | 67 |
CLAM_OPTION_SCAN_ELF, /* Enable/disable scanning of archive ELF (aka linux) executables */ /* FIXME: is this needed */ |
| 68 |
- CLAM_OPTION_SCAN_PDF /* Enable/disable scanning of Adobe PDF files */ |
|
| 68 |
+ CLAM_OPTION_SCAN_PDF, /* Enable/disable scanning of Adobe PDF files */ |
|
| 69 |
+ CLAM_OPTION_SCAN_SWF /* Enable/disable scanning of Adobe Flash files */ |
|
| 69 | 70 |
}; |
| 70 | 71 |
/* NOTE: by default (i.e. before calling Scan_SetOption) ALL the options are ENABLED! */ |
| 71 | 72 |
|
| ... | ... |
@@ -647,6 +647,10 @@ int CLAMAPI Scan_SetOption(CClamAVScanner *pScanner, int option, void *value, un |
| 647 | 647 |
logg("CLAM_OPTION_SCAN_ELF: %s on instance %p\n", newval ? "enabled" : "disabled", inst);
|
| 648 | 648 |
whichopt = CL_SCAN_ELF; |
| 649 | 649 |
break; |
| 650 |
+ case CLAM_OPTION_SCAN_SWF: |
|
| 651 |
+ logg("CLAM_OPTION_SCAN_SWF: %s on instance %p\n", newval ? "enabled" : "disabled", inst);
|
|
| 652 |
+ whichopt = CL_SCAN_SWF; |
|
| 653 |
+ break; |
|
| 650 | 654 |
default: |
| 651 | 655 |
unlock_instances(); |
| 652 | 656 |
FAIL(CL_EARG, "Unsupported option: %d", option); |
| ... | ... |
@@ -702,6 +706,9 @@ int CLAMAPI Scan_GetOption(CClamAVScanner *pScanner, int option, void *value, un |
| 702 | 702 |
case CLAM_OPTION_SCAN_ELF: |
| 703 | 703 |
whichopt = CL_SCAN_ELF; |
| 704 | 704 |
break; |
| 705 |
+ case CLAM_OPTION_SCAN_SWF: |
|
| 706 |
+ whichopt = CL_SCAN_SWF; |
|
| 707 |
+ break; |
|
| 705 | 708 |
default: |
| 706 | 709 |
unlock_instances(); |
| 707 | 710 |
FAIL(CL_EARG, "Unsupported option: %d", option); |