... | ... |
@@ -3000,6 +3000,12 @@ void cli_bytecode_describe(const struct cli_bc *bc) |
3000 | 3000 |
else |
3001 | 3001 |
puts("all PE files!"); |
3002 | 3002 |
break; |
3003 |
+ case BC_PRECLASS: |
|
3004 |
+ if (bc->lsig) |
|
3005 |
+ puts("PRECLASS files matching logical signature"); |
|
3006 |
+ else |
|
3007 |
+ puts("all PRECLASS files!"); |
|
3008 |
+ break; |
|
3003 | 3009 |
default: |
3004 | 3010 |
puts("N/A (unknown type)\n"); |
3005 | 3011 |
break; |
... | ... |
@@ -61,6 +61,9 @@ enum BytecodeKind { |
61 | 61 |
/** specifies a PE hook, executes at a predetermined point in PE parsing for PE files, |
62 | 62 |
* both packed and unpacked files */ |
63 | 63 |
BC_PE_ALL, |
64 |
+ /** specifies a PRECLASS hook, executes at the end of file property collection and |
|
65 |
+ * operates on the original file targeted for property collection */ |
|
66 |
+ BC_PRECLASS, |
|
64 | 67 |
_BC_LAST_HOOK |
65 | 68 |
}; |
66 | 69 |
|
... | ... |
@@ -97,12 +100,13 @@ enum FunctionalityLevels { |
97 | 97 |
FUNC_LEVEL_097_6 = 67, /**< LibClamAV release 0.97.6 */ |
98 | 98 |
FUNC_LEVEL_097_7 = 68, /**< LibClamAV release 0.97.7 */ |
99 | 99 |
FUNC_LEVEL_097_8 = 69, /**< LibClamAV release 0.97.8 */ |
100 |
- FUNC_LEVEL_098_1 = 76, /**< LibClamAV release 0.98.2 */ /*last syncing to clamav*/ |
|
100 |
+ FUNC_LEVEL_098_1 = 76, /**< LibClamAV release 0.98.1 */ /*last syncing to clamav*/ |
|
101 | 101 |
FUNC_LEVEL_098_2 = 77, /**< LibClamAV release 0.98.2 */ |
102 | 102 |
FUNC_LEVEL_098_3 = 77, /**< LibClamAV release 0.98.3 */ |
103 | 103 |
FUNC_LEVEL_098_4 = 77, /**< LibClamAV release 0.98.4 */ |
104 | 104 |
FUNC_LEVEL_098_5 = 79, /**< LibClamAV release 0.98.5: JSON reading API requires this minimum level */ |
105 | 105 |
FUNC_LEVEL_098_6 = 79, /**< LibClamAV release 0.98.6 */ |
106 |
+ FUNC_LEVEL_098_7 = 80, /**< LibClamAV release 0.98.7: BC_PRECLASS bytecodes require minimum level */ |
|
106 | 107 |
FUNC_LEVEL_100 = 100 /*future release candidate*/ |
107 | 108 |
}; |
108 | 109 |
|
... | ... |
@@ -111,7 +115,7 @@ enum FunctionalityLevels { |
111 | 111 |
* Phase of PDF parsing used for PDF Hooks |
112 | 112 |
*/ |
113 | 113 |
enum pdf_phase { |
114 |
- PDF_PHASE_NONE, /* not a PDF */ |
|
114 |
+ PDF_PHASE_NONE, /**< not a PDF */ |
|
115 | 115 |
PDF_PHASE_PARSED, /**< after parsing a PDF, object flags can be set etc. */ |
116 | 116 |
PDF_PHASE_POSTDUMP, /**< after an obj was dumped and scanned */ |
117 | 117 |
PDF_PHASE_END, /**< after the pdf scan finished */ |
... | ... |
@@ -1123,14 +1127,14 @@ int32_t get_file_reliability(void); |
1123 | 1123 |
/* ----------------- END 0.96.4 APIs ---------------------------------- */ |
1124 | 1124 |
/* ----------------- BEGIN 0.98.4 APIs -------------------------------- */ |
1125 | 1125 |
/* ----------------- JSON Parsing APIs -------------------------------- */ |
1126 |
-/* |
|
1126 |
+/** |
|
1127 | 1127 |
\group_json |
1128 | 1128 |
* @return 0 - json is disabled or option not specified |
1129 | 1129 |
* @return 1 - json is active and properties are available |
1130 | 1130 |
*/ |
1131 | 1131 |
int32_t json_is_active(void); |
1132 | 1132 |
|
1133 |
-/* |
|
1133 |
+/** |
|
1134 | 1134 |
\group_json |
1135 | 1135 |
* @return objid of json object with specified name |
1136 | 1136 |
* @return 0 if json object of specified name cannot be found |
... | ... |
@@ -1142,7 +1146,7 @@ int32_t json_is_active(void); |
1142 | 1142 |
*/ |
1143 | 1143 |
int32_t json_get_object(const int8_t* name, int32_t name_len, int32_t objid); |
1144 | 1144 |
|
1145 |
-/* |
|
1145 |
+/** |
|
1146 | 1146 |
\group_json |
1147 | 1147 |
* @return type (json_type) of json object specified |
1148 | 1148 |
* @return -1 if type unknown or invalid id |
... | ... |
@@ -1150,7 +1154,7 @@ int32_t json_get_object(const int8_t* name, int32_t name_len, int32_t objid); |
1150 | 1150 |
*/ |
1151 | 1151 |
int32_t json_get_type(int32_t objid); |
1152 | 1152 |
|
1153 |
-/* |
|
1153 |
+/** |
|
1154 | 1154 |
\group_json |
1155 | 1155 |
* @return number of elements in the json array of objid |
1156 | 1156 |
* @return -1 if an error has occurred |
... | ... |
@@ -1159,7 +1163,7 @@ int32_t json_get_type(int32_t objid); |
1159 | 1159 |
*/ |
1160 | 1160 |
int32_t json_get_array_length(int32_t objid); |
1161 | 1161 |
|
1162 |
-/* |
|
1162 |
+/** |
|
1163 | 1163 |
\group_json |
1164 | 1164 |
* @return objid of json object at idx of json array of objid |
1165 | 1165 |
* @return 0 if invalid idx |
... | ... |
@@ -1170,7 +1174,7 @@ int32_t json_get_array_length(int32_t objid); |
1170 | 1170 |
*/ |
1171 | 1171 |
int32_t json_get_array_idx(int32_t idx, int32_t objid); |
1172 | 1172 |
|
1173 |
-/* |
|
1173 |
+/** |
|
1174 | 1174 |
\group_json |
1175 | 1175 |
* @return length of json string of objid, not including terminating null-character |
1176 | 1176 |
* @return -1 if an error has occurred |
... | ... |
@@ -1179,7 +1183,7 @@ int32_t json_get_array_idx(int32_t idx, int32_t objid); |
1179 | 1179 |
*/ |
1180 | 1180 |
int32_t json_get_string_length(int32_t objid); |
1181 | 1181 |
|
1182 |
-/* |
|
1182 |
+/** |
|
1183 | 1183 |
\group_json |
1184 | 1184 |
* @return number of characters transferred (capped by str_len), |
1185 | 1185 |
* including terminating null-character |
... | ... |
@@ -1192,20 +1196,21 @@ int32_t json_get_string_length(int32_t objid); |
1192 | 1192 |
*/ |
1193 | 1193 |
int32_t json_get_string(int8_t* str, int32_t str_len, int32_t objid); |
1194 | 1194 |
|
1195 |
-/* |
|
1195 |
+/** |
|
1196 | 1196 |
\group_json |
1197 | 1197 |
* @return boolean value of queried objid; will force other types to boolean |
1198 | 1198 |
* @param[in] objid - id value of json object to query |
1199 | 1199 |
*/ |
1200 | 1200 |
int32_t json_get_boolean(int32_t objid); |
1201 | 1201 |
|
1202 |
-/* |
|
1202 |
+/** |
|
1203 | 1203 |
\group_json |
1204 | 1204 |
* @return integer value of queried objid; will force other types to integer |
1205 | 1205 |
* @param[in] objid - id value of json object to query |
1206 | 1206 |
*/ |
1207 | 1207 |
int32_t json_get_int(int32_t objid); |
1208 | 1208 |
|
1209 |
+//int64_t json_get_int64(int32_t objid); |
|
1209 | 1210 |
/* bytecode does not support double type */ |
1210 | 1211 |
//double json_get_double(int32_t objid); |
1211 | 1212 |
|
... | ... |
@@ -3469,8 +3469,19 @@ static int scan_common(int desc, cl_fmap_t *map, const char **virname, unsigned |
3469 | 3469 |
|
3470 | 3470 |
/* Scan the json string unless a virus was detected */ |
3471 | 3471 |
if (rc != CL_VIRUS) { |
3472 |
- ctx.options &= ~CL_SCAN_FILE_PROPERTIES; |
|
3473 |
- rc = cli_mem_scandesc(jstring, strlen(jstring), &ctx); |
|
3472 |
+ /* CONSTRUCTION */ |
|
3473 |
+ struct cli_bc_ctx *bc_ctx = cli_bytecode_context_alloc(); |
|
3474 |
+ if (!bc_ctx) { |
|
3475 |
+ cli_errmsg("scan_common: can't allocate memory for bc_ctx\n"); |
|
3476 |
+ rc = CL_EMEM; |
|
3477 |
+ } |
|
3478 |
+ else { |
|
3479 |
+ cli_bytecode_context_setctx(bc_ctx, &ctx); |
|
3480 |
+ rc = cli_bytecode_runhook(&ctx, ctx.engine, bc_ctx, BC_PRECLASS, map); |
|
3481 |
+ cli_bytecode_context_destroy(bc_ctx); |
|
3482 |
+ } |
|
3483 |
+ //ctx.options &= ~CL_SCAN_FILE_PROPERTIES; |
|
3484 |
+ //rc = cli_mem_scandesc(jstring, strlen(jstring), &ctx); |
|
3474 | 3485 |
} |
3475 | 3486 |
|
3476 | 3487 |
/* Invoke file props callback */ |