git-svn: trunk@2672
Tomasz Kojm authored on 2007/02/03 10:01:50... | ... |
@@ -76,7 +76,7 @@ Detailed list of changes (to be finished): |
76 | 76 |
+ Support for Sensory Networks' NodalCore hardware acceleration technology |
77 | 77 |
+ Advanced phishing detection module (experimental) |
78 | 78 |
+ Signatures are stored in separate trees depending on their target type |
79 |
- + Algorithmic detection can be controlled with CL_SCAN_ALGO |
|
79 |
+ + Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC |
|
80 | 80 |
+ Support for new obfuscators: SUE, Y0da Cryptor, CryptFF |
81 | 81 |
+ Support for new packers: NsPack, wwpack32, MEW, Upack |
82 | 82 |
+ Support for SIS files (SymbianOS packages) |
... | ... |
@@ -357,7 +357,7 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne |
357 | 357 |
|
358 | 358 |
if(cfgopt(copt, "AlgorithmicDetection")->enabled) { |
359 | 359 |
logg("Algorithmic detection enabled.\n"); |
360 |
- options |= CL_SCAN_ALGO; |
|
360 |
+ options |= CL_SCAN_ALGORITHMIC; |
|
361 | 361 |
} else { |
362 | 362 |
logg("Algorithmic detection disabled.\n"); |
363 | 363 |
} |
... | ... |
@@ -284,9 +284,9 @@ int scanmanager(const struct optstruct *opt) |
284 | 284 |
} |
285 | 285 |
|
286 | 286 |
if(opt_check(opt, "no-algorithmic")) |
287 |
- options &= ~CL_SCAN_ALGO; |
|
287 |
+ options &= ~CL_SCAN_ALGORITHMIC; |
|
288 | 288 |
else |
289 |
- options |= CL_SCAN_ALGO; |
|
289 |
+ options |= CL_SCAN_ALGORITHMIC; |
|
290 | 290 |
|
291 | 291 |
#ifdef C_LINUX |
292 | 292 |
procdev = (dev_t) 0; |
... | ... |
@@ -89,14 +89,14 @@ extern "C" |
89 | 89 |
#define CL_SCAN_BLOCKBROKEN 0x40 |
90 | 90 |
#define CL_SCAN_MAILURL 0x80 |
91 | 91 |
#define CL_SCAN_BLOCKMAX 0x100 |
92 |
-#define CL_SCAN_ALGO 0x200 |
|
92 |
+#define CL_SCAN_ALGORITHMIC 0x200 |
|
93 | 93 |
#define CL_SCAN_PHISHING_DOMAINLIST 0x400 |
94 | 94 |
#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/ |
95 | 95 |
#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000 |
96 | 96 |
#define CL_SCAN_ELF 0x2000 |
97 | 97 |
|
98 | 98 |
/* recommended scan settings */ |
99 |
-#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGO | CL_SCAN_ELF) |
|
99 |
+#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF) |
|
100 | 100 |
|
101 | 101 |
/* aliases for backward compatibility */ |
102 | 102 |
#define CL_RAW CL_SCAN_RAW |
... | ... |
@@ -76,7 +76,7 @@ typedef struct { |
76 | 76 |
#define SCAN_HTML (ctx->options & CL_SCAN_HTML) |
77 | 77 |
#define SCAN_PE (ctx->options & CL_SCAN_PE) |
78 | 78 |
#define SCAN_ELF (ctx->options & CL_SCAN_ELF) |
79 |
-#define SCAN_ALGO (ctx->options & CL_SCAN_ALGO) |
|
79 |
+#define SCAN_ALGO (ctx->options & CL_SCAN_ALGORITHMIC) |
|
80 | 80 |
#define DETECT_ENCRYPTED (ctx->options & CL_SCAN_BLOCKENCRYPTED) |
81 | 81 |
#define BLOCKMAX (ctx->options & CL_SCAN_BLOCKMAX) |
82 | 82 |
#define DETECT_BROKEN (ctx->options & CL_SCAN_BLOCKBROKEN) |