... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Tue Nov 10 19:29:18 CET 2009 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * clamd, clamscan: add support for OfficialDatabaseOnly/--official-db-only |
|
4 |
+ (bb#1743) |
|
5 |
+ |
|
1 | 6 |
Tue Nov 10 16:50:56 CET 2009 (tk) |
2 | 7 |
--------------------------------- |
3 | 8 |
* freshclam/notify.c: fix clamd notification in TCP mode (bb#1756) |
... | ... |
@@ -385,6 +385,11 @@ int main(int argc, char **argv) |
385 | 385 |
logg("#Not loading PUA signatures.\n"); |
386 | 386 |
} |
387 | 387 |
|
388 |
+ if(optget(opts, "OfficialDatabaseOnly")->enabled) { |
|
389 |
+ dboptions |= CL_DB_OFFICIAL_ONLY; |
|
390 |
+ logg("#Only loading official signatures.\n"); |
|
391 |
+ } |
|
392 |
+ |
|
388 | 393 |
/* set the temporary dir */ |
389 | 394 |
if((opt = optget(opts, "TemporaryDirectory"))->enabled) { |
390 | 395 |
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) { |
... | ... |
@@ -201,6 +201,7 @@ void help(void) |
201 | 201 |
mprintf(" --leave-temps[=yes/no(*)] Do not remove temporary files\n"); |
202 | 202 |
mprintf(" --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load\n"); |
203 | 203 |
mprintf(" all supported db files from DIR\n"); |
204 |
+ mprintf(" --official-db-only[=yes/no(*)] Only load official signatures\n"); |
|
204 | 205 |
mprintf(" --log=FILE -l FILE Save scan report to FILE\n"); |
205 | 206 |
mprintf(" --recursive[=yes/no(*)] -r Scan subdirectories recursively\n"); |
206 | 207 |
mprintf(" --cross-fs[=yes(*)/no] Scan files and directories on other filesystems\n"); |
... | ... |
@@ -326,6 +326,9 @@ int scanmanager(const struct optstruct *opts) |
326 | 326 |
if(optget(opts, "phishing-sigs")->enabled) |
327 | 327 |
dboptions |= CL_DB_PHISHING; |
328 | 328 |
|
329 |
+ if(optget(opts, "official-db-only")->enabled) |
|
330 |
+ dboptions |= CL_DB_OFFICIAL_ONLY; |
|
331 |
+ |
|
329 | 332 |
if(optget(opts,"phishing-scan-urls")->enabled) |
330 | 333 |
dboptions |= CL_DB_PHISHING_URLS; |
331 | 334 |
|
... | ... |
@@ -33,6 +33,9 @@ Write all messages (except for libclamav output) to the standard output (stdout) |
33 | 33 |
\fB\-d FILE/DIR, \-\-database=FILE/DIR\fR |
34 | 34 |
Load virus database from FILE or load all virus database files from DIR. |
35 | 35 |
.TP |
36 |
+\fB\-\-official\-db\-only=[yes/no(*)]\fR |
|
37 |
+Only load the official signatures published by the ClamAV project. |
|
38 |
+.TP |
|
36 | 39 |
\fB\-l FILE, \-\-log=FILE\fR |
37 | 40 |
Save scan report to FILE. |
38 | 41 |
.TP |
... | ... |
@@ -64,6 +64,10 @@ Example |
64 | 64 |
# Default: hardcoded (depends on installation options) |
65 | 65 |
#DatabaseDirectory /var/lib/clamav |
66 | 66 |
|
67 |
+# Only load the official signatures published by the ClamAV project. |
|
68 |
+# Default: no |
|
69 |
+#OfficialDatabaseOnly no |
|
70 |
+ |
|
67 | 71 |
# The daemon can work in local mode, network mode or both. |
68 | 72 |
# Due to security reasons we recommend the local mode. |
69 | 73 |
|
... | ... |
@@ -80,6 +80,7 @@ typedef enum { |
80 | 80 |
#define CL_DB_PUA_EXCLUDE 0x200 |
81 | 81 |
#define CL_DB_COMPILED 0x400 /* internal */ |
82 | 82 |
#define CL_DB_DIRECTORY 0x800 /* internal */ |
83 |
+#define CL_DB_OFFICIAL_ONLY 0x1000 |
|
83 | 84 |
|
84 | 85 |
/* recommended db settings */ |
85 | 86 |
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_CVDNOTMP) |
... | ... |
@@ -1808,6 +1808,11 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned |
1808 | 1808 |
if(dent->d_ino) |
1809 | 1809 |
{ |
1810 | 1810 |
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && strcmp(dent->d_name, "daily.cvd") && strcmp(dent->d_name, "daily.cld") && strcmp(dent->d_name, "daily.cfg") && CLI_DBEXT(dent->d_name)) { |
1811 |
+ if((options & CL_DB_OFFICIAL_ONLY) && !strstr(dirname, "clamav-") && !cli_strbcasestr(dent->d_name, ".cld") && !cli_strbcasestr(dent->d_name, ".cvd")) { |
|
1812 |
+ cli_dbgmsg("Skipping unofficial database %s\n", dent->d_name); |
|
1813 |
+ continue; |
|
1814 |
+ } |
|
1815 |
+ |
|
1811 | 1816 |
dbfile = (char *) cli_malloc(strlen(dent->d_name) + strlen(dirname) + 2); |
1812 | 1817 |
if(!dbfile) { |
1813 | 1818 |
cli_dbgmsg("cli_loaddbdir(): dbfile == NULL\n"); |
... | ... |
@@ -172,6 +172,8 @@ const struct clam_option __clam_options[] = { |
172 | 172 |
|
173 | 173 |
{ "DatabaseDirectory", "datadir", 0, TYPE_STRING, NULL, -1, DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "/var/lib/clamav" }, |
174 | 174 |
|
175 |
+ { "OfficialDatabaseOnly", "official-db-only", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no" }, |
|
176 |
+ |
|
175 | 177 |
{ "LocalSocket", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" }, |
176 | 178 |
|
177 | 179 |
{ "FixStaleSocket", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Remove a stale socket after unclean shutdown", "yes" }, |