@@ -1,3 +1,8 @@

+Sun Oct 29 00:00:10 CEST 2006 (tk)

+----------------------------------

+  * clamd: new directive ScanELF

+  * clamscan: new command line option --no-elf

+

 Sat Oct 28 22:44:46 CEST 2006 (tk)

 ----------------------------------

   * libclamav/elf.c: parse program headers and properly calculate file offset

@@ -372,14 +372,22 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_node *root, unsigned in

     if(cfgopt(copt, "ScanPE")->enabled) {

 	logg("Portable Executable support enabled.\n");

 	options |= CL_SCAN_PE;

+    } else {

+	logg("Portable Executable support disabled.\n");

+    }

+    if(cfgopt(copt, "ScanELF")->enabled) {

+	logg("ELF support enabled.\n");

+	options |= CL_SCAN_ELF;

+    } else {

+	logg("ELF support disabled.\n");

+    }

+

+    if(cfgopt(copt, "ScanPE")->enabled || cfgopt(copt, "ScanELF")->enabled) {

 	if(cfgopt(copt, "DetectBrokenExecutables")->enabled) {

 	    logg("Detection of broken executables enabled.\n");

 	    options |= CL_SCAN_BLOCKBROKEN;

 	}

-

-    } else {

-	logg("Portable Executable support disabled.\n");

     }

     if(cfgopt(copt, "ScanMail")->enabled) {

@@ -258,6 +258,7 @@ void help(void)

 #endif

     mprintf("    --no-algorithmic                     Disable algorithmic detection\n");

     mprintf("    --no-pe                              Disable PE analysis\n");

+    mprintf("    --no-elf                             Disable ELF support\n");

     mprintf("    --no-ole2                            Disable OLE2 support\n");

     mprintf("    --no-html                            Disable HTML support\n");

     mprintf("    --no-archive                         Disable libclamav archive support\n");

@@ -70,6 +70,7 @@ static struct option clamscan_longopt[] = {

     {"block-encrypted", 0, 0, 0},

     {"block-max", 0, 0, 0},

     {"no-pe", 0, 0, 0},

+    {"no-elf", 0, 0, 0},

     {"no-ole2", 0, 0, 0},

     {"no-html", 0, 0, 0},

     {"mbox", 0, 0, 'm'},	    /* not used */

@@ -186,6 +186,11 @@ int scanmanager(const struct optstruct *opt)

     else

 	options |= CL_SCAN_PE;

+    if(opt_check(opt, "no-elf"))

+	options &= ~CL_SCAN_ELF;

+    else

+	options |= CL_SCAN_ELF;

+

     if(opt_check(opt, "no-ole2"))

 	options &= ~CL_SCAN_OLE2;

     else

@@ -199,8 +199,13 @@ PE stands for Portable Executable \- it's an executable file format used in all

 .br 

 Default: enabled

 .TP 

+\fBScanELF\fR

+Executable and Linking Format is a standard format for UN*X executables. This option allows you to control the scanning of ELF files.

+.br 

+Default: enabled

+.TP 

 \fBDetectBrokenExecutables\fR

-With this option clamd will try to detect broken executables and mark them as Broken.Executable.

+With this option clamd will try to detect broken executables (both PE and ELF) and mark them as Broken.Executable.

 .br 

 Default: disabled

 .TP 

@@ -85,6 +85,9 @@ In some cases (eg. complex malware, exploits in graphic files, and others), Clam

 \fB\-\-no\-pe\fR

 PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG. This option \fBdisables\fR PE support and should be used with care!

 .TP 

+\fB\-\-no\-elf\fR

+Executable and Linking Format is a standard format for UN*X executables. This option \fBdisables\fR ELF support.

+.TP 

 \fB\-\-no\-ole2\fR

 Disable support for Microsoft Office document files.

 .TP 

@@ -180,8 +180,13 @@ LocalSocket /tmp/clamd

 # Default: yes

 #ScanPE yes

-# With this option clamav will try to detect broken executables and mark

-# them as Broken.Executable

+# Executable and Linking Format is a standard format for UN*X executables.

+# This option allows you to control the scanning of ELF files.

+# Default: yes

+#ScanELF yes

+

+# With this option clamav will try to detect broken executables (both PE and

+# ELF) and mark them as Broken.Executable.

 # Default: no

 #DetectBrokenExecutables yes

@@ -90,7 +90,8 @@ extern "C"

 #define CL_SCAN_BLOCKMAX	256

 #define CL_SCAN_ALGO		512

 #define CL_SCAN_NOPHISHING      1024

-#define CL_PHISH_NO_DOMAINLIST    4096

+#define CL_PHISH_NO_DOMAINLIST  4096

+#define CL_SCAN_ELF		8192

 /* recommended options */

 #define CL_SCAN_STDOPT		(CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGO) 

@@ -62,6 +62,7 @@ typedef struct {

 #define SCAN_OLE2	    (ctx->options & CL_SCAN_OLE2)

 #define SCAN_HTML	    (ctx->options & CL_SCAN_HTML)

 #define SCAN_PE		    (ctx->options & CL_SCAN_PE)

+#define SCAN_ELF	    (ctx->options & CL_SCAN_ELF)

 #define SCAN_ALGO 	    (ctx->options & CL_SCAN_ALGO)

 #define DETECT_ENCRYPTED    (ctx->options & CL_SCAN_BLOCKENCRYPTED)

 #define BLOCKMAX	    (ctx->options & CL_SCAN_BLOCKMAX)

@@ -1838,7 +1838,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

 	    ret = cli_scancryptff(desc, ctx);

 	    break;

-	case CL_TYPE_ELF: /* TODO: Add ScanELF option */

+	case CL_TYPE_ELF:

+	    if(SCAN_ELF)

 		ret = cli_scanelf(desc, ctx);

 	    break;

@@ -44,6 +44,7 @@ struct cfgoption cfg_options[] = {

     {"PidFile", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM},

     {"TemporaryDirectory", OPT_QUOTESTR, -1, NULL, 0, OPT_CLAMD},

     {"ScanPE", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

+    {"ScanELF", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"DetectBrokenExecutables", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},

     {"ScanMail", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"MailFollowURLs", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},