git-svn: trunk@3104
Török Edvin authored on 2007/06/21 00:24:53... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Wed Jun 20 17:56:00 EEST 2007 (edwin) |
|
2 |
+------------------------------------ |
|
3 |
+ * libclamav/phishcheck.c,scanners.c: let .*db signatures take precedence |
|
4 |
+ over Phishing.Email.* signatures (patch approved by TK) |
|
5 |
+ |
|
1 | 6 |
Tue Jun 19 16:41:40 CEST 2007 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav: DCONF support for ASPACK |
... | ... |
@@ -746,6 +746,12 @@ cleanupURL(struct string *URL, int isReal) |
746 | 746 |
|
747 | 747 |
|
748 | 748 |
/* -------end runtime disable---------*/ |
749 |
+static int found_possibly_unwanted(cli_ctx* ctx) |
|
750 |
+{ |
|
751 |
+ ctx->found_possibly_unwanted = 1; |
|
752 |
+ cli_dbgmsg("Phishcheck: found Possibly Unwanted: %s\n",*ctx->virname); |
|
753 |
+ return CL_CLEAN; |
|
754 |
+} |
|
749 | 755 |
|
750 | 756 |
int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs) |
751 | 757 |
{ |
... | ... |
@@ -818,24 +824,24 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs) |
818 | 818 |
/* break;*/ |
819 | 819 |
case CL_PHISH_HEX_URL: |
820 | 820 |
*ctx->virname="Phishing.Email.HexURL"; |
821 |
- return CL_VIRUS; |
|
821 |
+ return found_possibly_unwanted(ctx); |
|
822 | 822 |
/* break;*/ |
823 | 823 |
case CL_PHISH_NUMERIC_IP: |
824 | 824 |
*ctx->virname="Phishing.Email.Cloaked.NumericIP"; |
825 |
- return CL_VIRUS; |
|
825 |
+ return found_possibly_unwanted(ctx); |
|
826 | 826 |
case CL_PHISH_CLOAKED_NULL: |
827 | 827 |
*ctx->virname="Phishing.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/ |
828 |
- return CL_VIRUS; |
|
828 |
+ return found_possibly_unwanted(ctx); |
|
829 | 829 |
case CL_PHISH_SSL_SPOOF: |
830 | 830 |
*ctx->virname="Phishing.Email.SSL-Spoof"; |
831 |
- return CL_VIRUS; |
|
831 |
+ return found_possibly_unwanted(ctx); |
|
832 | 832 |
case CL_PHISH_CLOAKED_UIU: |
833 | 833 |
*ctx->virname="Phishing.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/ |
834 |
- return CL_VIRUS; |
|
834 |
+ return found_possibly_unwanted(ctx); |
|
835 | 835 |
case CL_PHISH_NOMATCH: |
836 | 836 |
default: |
837 | 837 |
*ctx->virname="Phishing.Email"; |
838 |
- return CL_VIRUS; |
|
838 |
+ return found_possibly_unwanted(ctx); |
|
839 | 839 |
} |
840 | 840 |
} |
841 | 841 |
else |
... | ... |
@@ -2122,6 +2122,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
2122 | 2122 |
int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options) |
2123 | 2123 |
{ |
2124 | 2124 |
cli_ctx ctx; |
2125 |
+ int rc; |
|
2125 | 2126 |
|
2126 | 2127 |
memset(&ctx, '\0', sizeof(cli_ctx)); |
2127 | 2128 |
ctx.engine = engine; |
... | ... |
@@ -2129,9 +2130,13 @@ int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, cons |
2129 | 2129 |
ctx.limits = limits; |
2130 | 2130 |
ctx.scanned = scanned; |
2131 | 2131 |
ctx.options = options; |
2132 |
+ ctx.found_possibly_unwanted = 0; |
|
2132 | 2133 |
ctx.dconf = (struct cli_dconf *) engine->dconf; |
2133 | 2134 |
|
2134 |
- return cli_magic_scandesc(desc, &ctx); |
|
2135 |
+ rc = cli_magic_scandesc(desc, &ctx); |
|
2136 |
+ if(rc == CL_CLEAN && ctx.found_possibly_unwanted) |
|
2137 |
+ rc = CL_VIRUS; |
|
2138 |
+ return rc; |
|
2135 | 2139 |
} |
2136 | 2140 |
|
2137 | 2141 |
static int cli_scanfile(const char *filename, cli_ctx *ctx) |