Browse code
clamd, clamscan: add support for OfficialDatabaseOnly/--official-db-only (bb#1743)
Tomasz Kojm authored on 2009/11/11 03:30:33Showing 9 changed files
- ChangeLog
- clamd/clamd.c
- clamscan/clamscan.c
- clamscan/manager.c
- docs/man/clamscan.1.in
- etc/clamd.conf
- libclamav/clamav.h
- libclamav/readdb.c
- shared/optparser.c
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Tue Nov 10 19:29:18 CET 2009 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * clamd, clamscan: add support for OfficialDatabaseOnly/--official-db-only |
|
| 4 |
+ (bb#1743) |
|
| 5 |
+ |
|
| 1 | 6 |
Tue Nov 10 16:50:56 CET 2009 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* freshclam/notify.c: fix clamd notification in TCP mode (bb#1756) |
| ... | ... |
@@ -385,6 +385,11 @@ int main(int argc, char **argv) |
| 385 | 385 |
logg("#Not loading PUA signatures.\n");
|
| 386 | 386 |
} |
| 387 | 387 |
|
| 388 |
+ if(optget(opts, "OfficialDatabaseOnly")->enabled) {
|
|
| 389 |
+ dboptions |= CL_DB_OFFICIAL_ONLY; |
|
| 390 |
+ logg("#Only loading official signatures.\n");
|
|
| 391 |
+ } |
|
| 392 |
+ |
|
| 388 | 393 |
/* set the temporary dir */ |
| 389 | 394 |
if((opt = optget(opts, "TemporaryDirectory"))->enabled) {
|
| 390 | 395 |
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
|
| ... | ... |
@@ -201,6 +201,7 @@ void help(void) |
| 201 | 201 |
mprintf(" --leave-temps[=yes/no(*)] Do not remove temporary files\n");
|
| 202 | 202 |
mprintf(" --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load\n");
|
| 203 | 203 |
mprintf(" all supported db files from DIR\n");
|
| 204 |
+ mprintf(" --official-db-only[=yes/no(*)] Only load official signatures\n");
|
|
| 204 | 205 |
mprintf(" --log=FILE -l FILE Save scan report to FILE\n");
|
| 205 | 206 |
mprintf(" --recursive[=yes/no(*)] -r Scan subdirectories recursively\n");
|
| 206 | 207 |
mprintf(" --cross-fs[=yes(*)/no] Scan files and directories on other filesystems\n");
|
| ... | ... |
@@ -326,6 +326,9 @@ int scanmanager(const struct optstruct *opts) |
| 326 | 326 |
if(optget(opts, "phishing-sigs")->enabled) |
| 327 | 327 |
dboptions |= CL_DB_PHISHING; |
| 328 | 328 |
|
| 329 |
+ if(optget(opts, "official-db-only")->enabled) |
|
| 330 |
+ dboptions |= CL_DB_OFFICIAL_ONLY; |
|
| 331 |
+ |
|
| 329 | 332 |
if(optget(opts,"phishing-scan-urls")->enabled) |
| 330 | 333 |
dboptions |= CL_DB_PHISHING_URLS; |
| 331 | 334 |
|
| ... | ... |
@@ -33,6 +33,9 @@ Write all messages (except for libclamav output) to the standard output (stdout) |
| 33 | 33 |
\fB\-d FILE/DIR, \-\-database=FILE/DIR\fR |
| 34 | 34 |
Load virus database from FILE or load all virus database files from DIR. |
| 35 | 35 |
.TP |
| 36 |
+\fB\-\-official\-db\-only=[yes/no(*)]\fR |
|
| 37 |
+Only load the official signatures published by the ClamAV project. |
|
| 38 |
+.TP |
|
| 36 | 39 |
\fB\-l FILE, \-\-log=FILE\fR |
| 37 | 40 |
Save scan report to FILE. |
| 38 | 41 |
.TP |
| ... | ... |
@@ -64,6 +64,10 @@ Example |
| 64 | 64 |
# Default: hardcoded (depends on installation options) |
| 65 | 65 |
#DatabaseDirectory /var/lib/clamav |
| 66 | 66 |
|
| 67 |
+# Only load the official signatures published by the ClamAV project. |
|
| 68 |
+# Default: no |
|
| 69 |
+#OfficialDatabaseOnly no |
|
| 70 |
+ |
|
| 67 | 71 |
# The daemon can work in local mode, network mode or both. |
| 68 | 72 |
# Due to security reasons we recommend the local mode. |
| 69 | 73 |
|
| ... | ... |
@@ -80,6 +80,7 @@ typedef enum {
|
| 80 | 80 |
#define CL_DB_PUA_EXCLUDE 0x200 |
| 81 | 81 |
#define CL_DB_COMPILED 0x400 /* internal */ |
| 82 | 82 |
#define CL_DB_DIRECTORY 0x800 /* internal */ |
| 83 |
+#define CL_DB_OFFICIAL_ONLY 0x1000 |
|
| 83 | 84 |
|
| 84 | 85 |
/* recommended db settings */ |
| 85 | 86 |
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_CVDNOTMP) |
| ... | ... |
@@ -1808,6 +1808,11 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned |
| 1808 | 1808 |
if(dent->d_ino) |
| 1809 | 1809 |
{
|
| 1810 | 1810 |
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && strcmp(dent->d_name, "daily.cvd") && strcmp(dent->d_name, "daily.cld") && strcmp(dent->d_name, "daily.cfg") && CLI_DBEXT(dent->d_name)) {
|
| 1811 |
+ if((options & CL_DB_OFFICIAL_ONLY) && !strstr(dirname, "clamav-") && !cli_strbcasestr(dent->d_name, ".cld") && !cli_strbcasestr(dent->d_name, ".cvd")) {
|
|
| 1812 |
+ cli_dbgmsg("Skipping unofficial database %s\n", dent->d_name);
|
|
| 1813 |
+ continue; |
|
| 1814 |
+ } |
|
| 1815 |
+ |
|
| 1811 | 1816 |
dbfile = (char *) cli_malloc(strlen(dent->d_name) + strlen(dirname) + 2); |
| 1812 | 1817 |
if(!dbfile) {
|
| 1813 | 1818 |
cli_dbgmsg("cli_loaddbdir(): dbfile == NULL\n");
|
| ... | ... |
@@ -172,6 +172,8 @@ const struct clam_option __clam_options[] = {
|
| 172 | 172 |
|
| 173 | 173 |
{ "DatabaseDirectory", "datadir", 0, TYPE_STRING, NULL, -1, DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "/var/lib/clamav" },
|
| 174 | 174 |
|
| 175 |
+ { "OfficialDatabaseOnly", "official-db-only", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no" },
|
|
| 176 |
+ |
|
| 175 | 177 |
{ "LocalSocket", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" },
|
| 176 | 178 |
|
| 177 | 179 |
{ "FixStaleSocket", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Remove a stale socket after unclean shutdown", "yes" },
|