@@ -1,3 +1,7 @@

+Mon Mar  7 00:37:34 CET 2005 (tk)

+---------------------------------

+  * libclamav: add MD5 based false positive eliminator

+

 Mon Mar  7 00:32:38 CET 2005 (tk)

 ---------------------------------

   * configure: add support for QNX 6 (patch by mikep*kaluga.org)

@@ -117,6 +117,7 @@ struct cli_md5_node {

     char *virname, *viralias;

     unsigned char *md5;

     unsigned int size;

+    unsigned short fp;

     struct cli_md5_node *next;

 };

@@ -148,6 +148,40 @@ static long int cli_caloff(const char *offstr, int fd)

     return -1;

 }

+int cli_checkfp(int fd, const struct cl_node *root)

+{

+	struct cli_md5_node *md5_node;

+	char *digest;

+

+

+    if(root->md5_hlist) {

+

+	if(!(digest = cli_md5digest(fd))) {

+	    cli_errmsg("cli_checkfp(): Can't generate MD5 checksum\n");

+	    return 0;

+	}

+

+	if((md5_node = cli_vermd5(digest, root)) && md5_node->fp) {

+		struct stat sb;

+

+	    if(fstat(fd, &sb))

+		return CL_EIO;

+

+	    if(sb.st_size != md5_node->size) {

+		cli_warnmsg("Detected false positive MD5 match. Please report.\n");

+	    } else {

+		cli_dbgmsg("Eliminated false positive match (fp sig: %s)\n", md5_node->virname);

+		free(digest);

+		return 1;

+	    }

+	}

+

+	free(digest);

+    }

+

+    return 0;

+}

+

 int cli_validatesig(unsigned short target, unsigned short ftype, const char *offstr, unsigned long int fileoff, int desc, const char *virname)

 {

@@ -258,7 +292,12 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct

 	    free(buffer);

 	    free(partcnt);

 	    free(partoff);

-	    return CL_VIRUS;

+

+	    lseek(desc, 0, SEEK_SET);

+	    if(cli_checkfp(desc, root))

+		return CL_CLEAN;

+	    else

+		return CL_VIRUS;

 	} else if(otfrec && ret >= CL_TYPENO) {

 	    if(ret >= type)

@@ -297,7 +336,7 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct

 	    cli_dbgmsg("Calculated MD5 checksum: %s\n", md5str);

 	}

-	if((md5_node = cli_vermd5(digest, root))) {

+	if((md5_node = cli_vermd5(digest, root)) && !md5_node->fp) {

 		struct stat sb;

 	    if(fstat(desc, &sb))

@@ -27,4 +27,6 @@ int cli_scanbuff(const char *buffer, unsigned int length, const char **virname,

 int cli_validatesig(unsigned short target, unsigned short ftype, const char *offstr, unsigned long int fileoff, int desc, const char *virname);

+int cli_checkfp(int fd, const struct cl_node *root);

+

 #endif

@@ -192,6 +192,27 @@ const char *cl_perror(int clerror)

     return cl_strerror(clerror);

 }

+unsigned char *cli_md5digest(int desc)

+{

+	unsigned char *digest;

+	char buff[FILEBUFF];

+	MD5_CTX ctx;

+	int bytes;

+

+

+    if(!(digest = cli_malloc(16)))

+	return NULL;

+

+    MD5_Init(&ctx);

+

+    while((bytes = cli_readn(desc, buff, FILEBUFF)))

+	MD5_Update(&ctx, buff, bytes);

+

+    MD5_Final(digest, &ctx);

+

+    return digest;

+}

+

 char *cli_md5stream(FILE *fs, unsigned char *digcpy)

 {

 	unsigned char digest[16];

@@ -30,6 +30,7 @@ void *cli_malloc(size_t nmemb);

 void *cli_calloc(size_t nmemb, size_t size);

 void *cli_realloc(void *ptr, size_t size);

 int cli_rmdirs(const char *dirname);

+unsigned char *cli_md5digest(int desc);

 char *cli_md5stream(FILE *fs, unsigned char *digcpy);

 char *cli_md5file(const char *filename);

 int cli_readn(int fd, void *buff, unsigned int count);

@@ -612,7 +612,7 @@ static int cli_loadndb(FILE *fd, struct cl_node **root, unsigned int *signo)

     return 0;

 }

-static int cli_loadhdb(FILE *fd, struct cl_node **root, unsigned int *signo)

+static int cli_loadhdb(FILE *fd, struct cl_node **root, unsigned int *signo, unsigned short fp)

 {

 	char buffer[FILEBUFF], *pt;

 	int line = 0, ret = 0;

@@ -636,6 +636,8 @@ static int cli_loadhdb(FILE *fd, struct cl_node **root, unsigned int *signo)

 	    break;

 	}

+	new->fp = fp;

+

 	if(!(pt = cli_strtok(buffer, 0, ":"))) {

 	    free(new);

 	    ret = CL_EMALFDB;

@@ -893,7 +895,10 @@ int cl_loaddb(const char *filename, struct cl_node **root, unsigned int *signo)

 	ret = cli_cvdload(fd, root, signo, warn);

     } else if(cli_strbcasestr(filename, ".hdb")) {

-	ret = cli_loadhdb(fd, root, signo);

+	ret = cli_loadhdb(fd, root, signo, 0);

+

+    } else if(cli_strbcasestr(filename, ".fp")) {

+	ret = cli_loadhdb(fd, root, signo, 1);

     } else if(cli_strbcasestr(filename, ".ndb")) {

 	ret = cli_loadndb(fd, root, signo);

@@ -950,6 +955,7 @@ int cl_loaddbdir(const char *dirname, struct cl_node **root, unsigned int *signo

 	     cli_strbcasestr(dent->d_name, ".db2")  ||

 	     cli_strbcasestr(dent->d_name, ".db3")  ||

 	     cli_strbcasestr(dent->d_name, ".hdb")  ||

+	     cli_strbcasestr(dent->d_name, ".fp")  ||

 	     cli_strbcasestr(dent->d_name, ".ndb")  ||

 	     cli_strbcasestr(dent->d_name, ".zmd")  ||

 	     cli_strbcasestr(dent->d_name, ".cvd"))) {

@@ -1028,6 +1034,7 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".db2")  || 

 	    cli_strbcasestr(dent->d_name, ".db3")  || 

 	    cli_strbcasestr(dent->d_name, ".hdb")  || 

+	    cli_strbcasestr(dent->d_name, ".fp")  || 

 	    cli_strbcasestr(dent->d_name, ".ndb")  || 

 	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".cvd"))) {

@@ -1097,6 +1104,7 @@ int cl_statchkdir(const struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".db2")  || 

 	    cli_strbcasestr(dent->d_name, ".db3")  || 

 	    cli_strbcasestr(dent->d_name, ".hdb")  || 

+	    cli_strbcasestr(dent->d_name, ".fp")  || 

 	    cli_strbcasestr(dent->d_name, ".ndb")  || 

 	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".cvd"))) {

@@ -288,7 +288,7 @@ int build(struct optstruct *opt)

 	    exit(1);

 	case 0:

 	    {

-		char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db", "daily.db", "Notes", "viruses.db3", "main.hdb", "daily.hdb", "main.ndb", "daily.ndb", "main.zmd", "daily.zmd", NULL };

+		char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db", "daily.db", "Notes", "viruses.db3", "main.hdb", "daily.hdb", "main.ndb", "daily.ndb", "main.zmd", "daily.zmd", "main.fp", "daily.fp", NULL };

 		args[2] = tarfile;

 		execv("/bin/tar", args);

 		mprintf("!Can't execute tar\n");