@@ -1,3 +1,8 @@

+Fri Feb  1 00:58:05 CET 2008 (tk)

+---------------------------------

+  * libclamav: ndb sigs: add new target type (7) for ASCII files; handle

+	       sigs for targets 2..7 with A-C only

+

 Thu Jan 31 17:44:35 EET 2008 (edwin)

 ------------------------------------

   * libclamav/phishcheck.c, docs/phishsigs_howto.tex: ignore invalid URLs

@@ -87,6 +87,7 @@ int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern)

     }

     root->bm_suffix[idx]->cnt++;

+    root->bm_patterns++;

     return CL_SUCCESS;

 }

@@ -1,4 +1,7 @@

 /*

+ *  Copyright (C) 2007 - 2008 Sourcefire, Inc.

+ *  Author: Tomasz Kojm <tkojm@clamav.net>

+ *

  *  Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>

  *

  *  This program is free software; you can redistribute it and/or modify

@@ -42,7 +45,6 @@

 #include "str.h"

 #include "cltypes.h"

-static cli_file_t targettab[CL_TARGET_TABLE_SIZE] = { 0, CL_TYPE_MSEXE, CL_TYPE_MSOLE2, CL_TYPE_HTML, CL_TYPE_MAIL, CL_TYPE_GRAPHICS, CL_TYPE_ELF };

 int cli_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cl_engine *engine, cli_file_t ftype)

 {

@@ -60,8 +62,8 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, const char **virn

     groot = engine->root[0]; /* generic signatures */

     if(ftype) {

-	for(i = 1; i < CL_TARGET_TABLE_SIZE; i++) {

-	    if(targettab[i] == ftype) {

+	for(i = 1; i < CLI_MTARGETS; i++) {

+	    if(cli_mtargets[i].target == ftype) {

 		troot = engine->root[i];

 		break;

 	    }

@@ -266,8 +268,8 @@ int cli_scandesc(int desc, cli_ctx *ctx, uint8_t otfrec, cli_file_t ftype, uint8

 	groot = ctx->engine->root[0]; /* generic signatures */

     if(ftype) {

-	for(i = 1; i < CL_TARGET_TABLE_SIZE; i++) {

-	    if(targettab[i] == ftype) {

+	for(i = 1; i < CLI_MTARGETS; i++) {

+	    if(cli_mtargets[i].target == ftype) {

 		troot = ctx->engine->root[i];

 		break;

 	    }

@@ -1,4 +1,7 @@

 /*

+ *  Copyright (C) 2007 - 2008 Sourcefire, Inc.

+ *  Author: Tomasz Kojm <tkojm@clamav.net>

+ *

  *  Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>

  *

  *  This program is free software; you can redistribute it and/or modify

@@ -43,6 +46,7 @@ struct cli_matcher {

     uint8_t *bm_shift;

     struct cli_bm_patt **bm_suffix;

     uint32_t *soff, soff_len; /* for PE section sigs */

+    uint32_t bm_patterns;

     /* Extended Aho-Corasick */

     uint32_t ac_partsigs, ac_nodes, ac_patterns;

@@ -61,7 +65,24 @@ struct cli_meta_node {

     unsigned int crc32, fileno, encrypted, maxdepth;

 };

-#define CL_TARGET_TABLE_SIZE 7

+struct cli_mtarget {

+    cli_file_t target;

+    const char *name;

+    uint8_t idx;    /* idx of matcher */

+    uint8_t ac_only;

+};

+

+#define CLI_MTARGETS 8

+static const struct cli_mtarget cli_mtargets[CLI_MTARGETS] =  {

+    { 0,		    "GENERIC",	    0,	0   },

+    { CL_TYPE_MSEXE,	    "PE",	    1,	0   },

+    { CL_TYPE_MSOLE2,	    "OLE2",	    2,	1   },

+    { CL_TYPE_HTML,	    "HTML",	    3,	1   },

+    { CL_TYPE_MAIL,	    "MAIL",	    4,	1   },

+    { CL_TYPE_GRAPHICS,	    "GRAPHICS",	    5,	1   },

+    { CL_TYPE_ELF,	    "ELF",	    6,	1   },

+    { CL_TYPE_TEXT_ASCII,   "ASCII",	    7,	1   }

+};

 struct cli_target_info {

     off_t fsize;

@@ -1,4 +1,7 @@

 /*

+ *  Copyright (C) 2007 - 2008 Sourcefire, Inc.

+ *  Author: Tomasz Kojm <tkojm@clamav.net>

+ *

  *  Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>

  *

  *  This program is free software; you can redistribute it and/or modify

@@ -294,7 +297,7 @@ int cli_initengine(struct cl_engine **engine, unsigned int options)

 	(*engine)->refcount = 1;

-	(*engine)->root = cli_calloc(CL_TARGET_TABLE_SIZE, sizeof(struct cli_matcher *));

+	(*engine)->root = cli_calloc(CLI_MTARGETS, sizeof(struct cli_matcher *));

 	if(!(*engine)->root) {

 	    /* no need to free previously allocated memory here */

 	    cli_errmsg("Can't allocate memory for roots!\n");

@@ -321,7 +324,7 @@ static int cli_initroots(struct cl_engine *engine, unsigned int options)

 	struct cli_matcher *root;

-    for(i = 0; i < CL_TARGET_TABLE_SIZE; i++) {

+    for(i = 0; i < CLI_MTARGETS; i++) {

 	if(!engine->root[i]) {

 	    cli_dbgmsg("Initializing engine->root[%d]\n", i);

 	    root = engine->root[i] = (struct cli_matcher *) cli_calloc(1, sizeof(struct cli_matcher));

@@ -330,10 +333,8 @@ static int cli_initroots(struct cl_engine *engine, unsigned int options)

 		return CL_EMEM;

 	    }

-	    if(options & CL_DB_ACONLY) {

-		cli_dbgmsg("cli_initroots: Only using AC pattern matcher.\n");

+	    if(cli_mtargets[i].ac_only || (options & CL_DB_ACONLY))

 		root->ac_only = 1;

-	    }

 	    cli_dbgmsg("Initialising AC pattern matcher of root[%d]\n", i);

 	    if((ret = cli_ac_init(root, cli_ac_mindepth, cli_ac_maxdepth))) {

@@ -570,7 +571,7 @@ static int cli_loadndb(FILE *fs, struct cl_engine **engine, unsigned int *signo,

 	}

 	target = (unsigned short) atoi(pt);

-	if(target >= CL_TARGET_TABLE_SIZE) {

+	if(target >= CLI_MTARGETS) {

 	    cli_dbgmsg("Not supported target type in signature for %s\n", virname);

 	    sigs--;

 	    continue;

@@ -1509,7 +1510,7 @@ void cl_free(struct cl_engine *engine)

 #endif

     if(engine->root) {

-	for(i = 0; i < CL_TARGET_TABLE_SIZE; i++) {

+	for(i = 0; i < CLI_MTARGETS; i++) {

 	    if((root = engine->root[i])) {

 		if(!root->ac_only)

 		    cli_bm_free(root);

@@ -1580,10 +1581,13 @@ int cl_build(struct cl_engine *engine)

 	if((ret = cli_loadft(NULL, &engine, 0, 1, NULL, 0)))

 	    return ret;

-    for(i = 0; i < CL_TARGET_TABLE_SIZE; i++)

-	if((root = engine->root[i]))

-	    cli_ac_buildtrie(root);

-    /* FIXME: check return values of cli_ac_buildtree */

+    for(i = 0; i < CLI_MTARGETS; i++) {

+	if((root = engine->root[i])) {

+	    if((ret = cli_ac_buildtrie(root)))

+		return ret;

+	    cli_dbgmsg("matcher[%u]: %s: AC sigs: %u BM sigs: %u %s\n", i, cli_mtargets[i].name, root->ac_patterns, root->bm_patterns, root->ac_only ? "(ac_only mode)" : "");

+	}

+    }

     cli_dconf_print(engine->dconf);