Browse code
apm/gpt/mbr: added dconf option for partition intersection heuristic prtn_intxn: setup single point macro for setting detection name
Kevin Lin authored on 2014/02/08 07:12:43Showing 6 changed files
- libclamav/apm.c
- libclamav/dconf.c
- libclamav/dconf.h
- libclamav/gpt.c
- libclamav/mbr.c
- libclamav/prtn_intxn.h
| ... | ... |
@@ -35,6 +35,7 @@ |
| 35 | 35 |
#include "apm.h" |
| 36 | 36 |
#include "prtn_intxn.h" |
| 37 | 37 |
#include "scanners.h" |
| 38 |
+#include "dconf.h" |
|
| 38 | 39 |
|
| 39 | 40 |
//#define DEBUG_APM_PARSE |
| 40 | 41 |
|
| ... | ... |
@@ -132,7 +133,7 @@ int cli_scanapm(cli_ctx *ctx) |
| 132 | 132 |
} |
| 133 | 133 |
|
| 134 | 134 |
/* check that the partition table fits in the space specified - HEURISTICS */ |
| 135 |
- if (ctx->options & CL_SCAN_PARTITION_INTXN) {
|
|
| 135 |
+ if ((ctx->options & CL_SCAN_PARTITION_INTXN) && (ctx->dconf->other & OTHER_CONF_PRTNINTXN)) {
|
|
| 136 | 136 |
ret = apm_prtn_intxn(ctx, aptable, sectorsize, old_school); |
| 137 | 137 |
if ((ret != CL_CLEAN) && |
| 138 | 138 |
!((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
| ... | ... |
@@ -288,7 +289,7 @@ static int apm_prtn_intxn(cli_ctx *ctx, struct apm_partition_info aptable, size_ |
| 288 | 288 |
|
| 289 | 289 |
cli_dbgmsg("cli_scanapm: detected intersection with partitions "
|
| 290 | 290 |
"[%u, %u]\n", pitxn, i); |
| 291 |
- cli_append_virus(ctx, "Heuristic.PartitionIntersection"); |
|
| 291 |
+ cli_append_virus(ctx, PRTN_INTXN_DETECTION); |
|
| 292 | 292 |
ret = tmp; |
| 293 | 293 |
tmp = 0; |
| 294 | 294 |
} |
| ... | ... |
@@ -298,7 +299,7 @@ static int apm_prtn_intxn(cli_ctx *ctx, struct apm_partition_info aptable, size_ |
| 298 | 298 |
|
| 299 | 299 |
cli_dbgmsg("cli_scanapm: detected intersection with partitions "
|
| 300 | 300 |
"[%u, %u]\n", pitxn, i); |
| 301 |
- cli_append_virus(ctx, "Heuristic.PartitionIntersection"); |
|
| 301 |
+ cli_append_virus(ctx, PRTN_INTXN_DETECTION); |
|
| 302 | 302 |
prtn_intxn_list_free(&prtncheck); |
| 303 | 303 |
return CL_VIRUS; |
| 304 | 304 |
} |
| ... | ... |
@@ -122,6 +122,7 @@ static struct dconf_module modules[] = {
|
| 122 | 122 |
{ "OTHER", "MYDOOMLOG", OTHER_CONF_MYDOOMLOG, 1 },
|
| 123 | 123 |
{ "OTHER", "PREFILTERING", OTHER_CONF_PREFILTERING,1 },
|
| 124 | 124 |
{ "OTHER", "PDFNAMEOBJ", OTHER_CONF_PDFNAMEOBJ, 1 },
|
| 125 |
+ { "OTHER", "PRTNINTXN", OTHER_CONF_PRTNINTXN, 1 },
|
|
| 125 | 126 |
|
| 126 | 127 |
{ "PHISHING", "ENGINE", PHISHING_CONF_ENGINE, 1 },
|
| 127 | 128 |
{ "PHISHING", "ENTCONV", PHISHING_CONF_ENTCONV, 1 },
|
| ... | ... |
@@ -37,6 +37,7 @@ |
| 37 | 37 |
#include "str.h" |
| 38 | 38 |
#include "prtn_intxn.h" |
| 39 | 39 |
#include "scanners.h" |
| 40 |
+#include "dconf.h" |
|
| 40 | 41 |
|
| 41 | 42 |
//#define DEBUG_GPT_PARSE |
| 42 | 43 |
//#define DEBUG_GPT_PRINT |
| ... | ... |
@@ -148,7 +149,7 @@ int cli_scangpt(cli_ctx *ctx) |
| 148 | 148 |
} |
| 149 | 149 |
|
| 150 | 150 |
/* check that the partition table has no intersections - HEURISTICS */ |
| 151 |
- if (ctx->options & CL_SCAN_PARTITION_INTXN) {
|
|
| 151 |
+ if ((ctx->options & CL_SCAN_PARTITION_INTXN) && (ctx->dconf->other & OTHER_CONF_PRTNINTXN)) {
|
|
| 152 | 152 |
ret = gpt_prtn_intxn(ctx, phdr, sectorsize); |
| 153 | 153 |
if ((ret != CL_CLEAN) && |
| 154 | 154 |
!((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
| ... | ... |
@@ -550,14 +551,14 @@ static int gpt_prtn_intxn(cli_ctx *ctx, struct gpt_header hdr, size_t sectorsize |
| 550 | 550 |
if ((ctx->options & CL_SCAN_ALLMATCHES) && (tmp == CL_VIRUS)) {
|
| 551 | 551 |
cli_dbgmsg("cli_scangpt: detected intersection with partitions "
|
| 552 | 552 |
"[%u, %u]\n", pitxn, i); |
| 553 |
- cli_append_virus(ctx, "Heuristic.PartitionIntersection"); |
|
| 553 |
+ cli_append_virus(ctx, PRTN_INTXN_DETECTION); |
|
| 554 | 554 |
ret = tmp; |
| 555 | 555 |
tmp = 0; |
| 556 | 556 |
} |
| 557 | 557 |
else if (tmp == CL_VIRUS) {
|
| 558 | 558 |
cli_dbgmsg("cli_scangpt: detected intersection with partitions "
|
| 559 | 559 |
"[%u, %u]\n", pitxn, i); |
| 560 |
- cli_append_virus(ctx, "Heuristic.PartitionIntersection"); |
|
| 560 |
+ cli_append_virus(ctx, PRTN_INTXN_DETECTION); |
|
| 561 | 561 |
prtn_intxn_list_free(&prtncheck); |
| 562 | 562 |
return CL_VIRUS; |
| 563 | 563 |
} |
| ... | ... |
@@ -36,6 +36,7 @@ |
| 36 | 36 |
#include "mbr.h" |
| 37 | 37 |
#include "prtn_intxn.h" |
| 38 | 38 |
#include "scanners.h" |
| 39 |
+#include "dconf.h" |
|
| 39 | 40 |
|
| 40 | 41 |
//#define DEBUG_MBR_PARSE |
| 41 | 42 |
//#define DEBUG_EBR_PARSE |
| ... | ... |
@@ -133,7 +134,7 @@ int cli_scanmbr(cli_ctx *ctx) |
| 133 | 133 |
} |
| 134 | 134 |
|
| 135 | 135 |
/* check that the partition table has no intersections - HEURISTICS */ |
| 136 |
- if (ctx->options & CL_SCAN_PARTITION_INTXN) {
|
|
| 136 |
+ if ((ctx->options & CL_SCAN_PARTITION_INTXN) && (ctx->dconf->other & OTHER_CONF_PRTNINTXN)) {
|
|
| 137 | 137 |
ret = mbr_primary_prtn_intxn(ctx, mbr, sectorsize); |
| 138 | 138 |
if ((ret != CL_CLEAN) && |
| 139 | 139 |
!((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|