@@ -1,3 +1,10 @@

+Mon Aug 13 19:09:43 CEST 2007 (tk)

+----------------------------------

+  * libclamav, sigtool: add support for PUA databases (.hdu, .mdu, .ndu),

+			requested by Christoph

+  * clamscan: add --detect-pua

+  * clamd, clamd.conf: add DetectPUA

+

 Sat Aug 11 15:15:55 CEST 2007 (tk)

 ----------------------------------

   * freshclam/mirman.c: properly handle mirror access times (bb#606, only

@@ -297,6 +297,11 @@ int main(int argc, char **argv)

     dbdir = cfgopt(copt, "DatabaseDirectory")->strarg;

     logg("Reading databases from %s\n", dbdir);

+    if(cfgopt(copt, "DetectPUA")->enabled)

+	dboptions |= CL_DB_PUA;

+    else

+	logg("Not loading PUA signatures.\n");

+

     if(cfgopt(copt, "PhishingSignatures")->enabled)

 	dboptions |= CL_DB_PHISHING;

     else

@@ -298,6 +298,7 @@ void help(void)

     mprintf("\n    --ncore                            Use hardware acceleration\n");

 #endif

     mprintf("\n");

+    mprintf("    --detect-pua                         Detect Possibly Unwanted Applications\n");

     mprintf("    --no-mail                            Disable mail file support\n");

     mprintf("    --no-phishing-sigs                   Disable signature-based phishing detection\n");

     mprintf("    --no-phishing-scan-urls              Disable url-based phishing detection\n");

@@ -62,6 +62,7 @@ static struct option clamscan_longopt[] = {

 #ifdef HAVE_NCORE

     {"ncore", 0, 0, 0},

 #endif

+    {"detect-pua", 0, 0, 0},

     {"disable-archive", 0, 0, 0},

     {"no-archive", 0, 0, 0},

     {"detect-broken", 0, 0, 0},

@@ -186,6 +186,9 @@ int scanmanager(const struct optstruct *opt)

     if(opt_check(opt, "dev-ac-only"))

 	dboptions |= CL_DB_ACONLY;

+    if(opt_check(opt, "detect-pua"))

+	dboptions |= CL_DB_PUA;

+

     if(opt_check(opt, "database")) {

 	if((ret = cl_load(opt_arg(opt, "database"), &engine, &info.sigs, dboptions))) {

 	    logg("!%s\n", cl_strerror(ret));

@@ -190,6 +190,11 @@ Limit data port range.

 .br 

 Default: 2048

 .TP 

+\fBDetectPUA\fR

+Detect Possibly Unwanted Applications.

+.br 

+Default: No

+.TP 

 \fBAlgorithmicDetection BOOL\fR

 In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option controls the algorithmic detection.

 .br 

@@ -69,6 +69,9 @@ Move infected files into DIRECTORY. Directory must be writable for the '@CLAMAVU

 \fB\-\-copy=DIRECTORY\fR

 Copy infected files into DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan.

 .TP 

+\fB\-\-detect\-pua\fR

+Detect Possibly Unwanted Applications.

+.TP 

 \fB\-\-no\-mail\fR

 Disable scanning of mail files.

 .TP 

@@ -163,6 +163,10 @@ LocalSocket /tmp/clamd.socket

 # Default: no

 #LeaveTemporaryFiles yes

+# Detect Possibly Unwanted Applications.

+# Default: no

+#DetectPUA yes

+

 # In some cases (eg. complex malware, exploits in graphic files, and others),

 # ClamAV uses special algorithms to provide accurate detection. This option

 # controls the algorithmic detection.

@@ -74,6 +74,7 @@ extern "C"

 #define CL_DB_PHISHING	    0x2

 #define CL_DB_ACONLY	    0x4 /* WARNING: only for developers */

 #define CL_DB_PHISHING_URLS 0x8

+#define CL_DB_PUA	    0x10

 /* recommended db settings */

 #define CL_DB_STDOPT	    (CL_DB_PHISHING | CL_DB_PHISHING_URLS)

@@ -980,18 +980,36 @@ static int cli_load(const char *filename, struct cl_engine **engine, unsigned in

     } else if(cli_strbcasestr(filename, ".hdb")) {

 	ret = cli_loadhdb(fd, engine, signo, 0, options);

+    } else if(cli_strbcasestr(filename, ".hdu")) {

+	if(options & CL_DB_PUA)

+	    ret = cli_loadhdb(fd, engine, signo, 0, options);

+	else

+	    skipped = 1;

+

     } else if(cli_strbcasestr(filename, ".fp")) {

 	ret = cli_loadhdb(fd, engine, signo, 1, options);

     } else if(cli_strbcasestr(filename, ".mdb")) {

 	ret = cli_loadhdb(fd, engine, signo, 2, options);

+    } else if(cli_strbcasestr(filename, ".mdu")) {

+	if(options & CL_DB_PUA)

+	    ret = cli_loadhdb(fd, engine, signo, 2, options);

+	else

+	    skipped = 1;

+

     } else if(cli_strbcasestr(filename, ".ndb")) {

 	if(options & CL_DB_NCORE)

 	    skipped = 1;

 	else

 	    ret = cli_loadndb(fd, engine, signo, 0, options);

+    } else if(cli_strbcasestr(filename, ".ndu")) {

+	if(!(options & CL_DB_PUA) || (options & CL_DB_NCORE))

+	    skipped = 1;

+	else

+	    ret = cli_loadndb(fd, engine, signo, 0, options);

+

     } else if(cli_strbcasestr(filename, ".sdb")) {

 	/* FIXME: Add support in ncore mode */

 	if(options & CL_DB_NCORE)

@@ -1098,9 +1116,12 @@ static int cli_loaddbdir_l(const char *dirname, struct cl_engine **engine, unsig

 	     cli_strbcasestr(dent->d_name, ".db2")  ||

 	     cli_strbcasestr(dent->d_name, ".db3")  ||

 	     cli_strbcasestr(dent->d_name, ".hdb")  ||

+	     cli_strbcasestr(dent->d_name, ".hdu")  ||

 	     cli_strbcasestr(dent->d_name, ".fp")   ||

 	     cli_strbcasestr(dent->d_name, ".mdb")  ||

+	     cli_strbcasestr(dent->d_name, ".mdu")  ||

 	     cli_strbcasestr(dent->d_name, ".ndb")  ||

+	     cli_strbcasestr(dent->d_name, ".ndu")  ||

 	     cli_strbcasestr(dent->d_name, ".sdb")  ||

 	     cli_strbcasestr(dent->d_name, ".zmd")  ||

 	     cli_strbcasestr(dent->d_name, ".rmd")  ||

@@ -1252,9 +1273,12 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".db2")  || 

 	    cli_strbcasestr(dent->d_name, ".db3")  || 

 	    cli_strbcasestr(dent->d_name, ".hdb")  || 

+	    cli_strbcasestr(dent->d_name, ".hdu")  || 

 	    cli_strbcasestr(dent->d_name, ".fp")   || 

 	    cli_strbcasestr(dent->d_name, ".mdb")  ||

+	    cli_strbcasestr(dent->d_name, ".mdu")  ||

 	    cli_strbcasestr(dent->d_name, ".ndb")  || 

+	    cli_strbcasestr(dent->d_name, ".ndu")  || 

 	    cli_strbcasestr(dent->d_name, ".sdb")  || 

 	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".rmd")  || 

@@ -1360,9 +1384,12 @@ int cl_statchkdir(const struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".db2")  || 

 	    cli_strbcasestr(dent->d_name, ".db3")  || 

 	    cli_strbcasestr(dent->d_name, ".hdb")  || 

+	    cli_strbcasestr(dent->d_name, ".hdu")  || 

 	    cli_strbcasestr(dent->d_name, ".fp")   || 

 	    cli_strbcasestr(dent->d_name, ".mdb")  ||

+	    cli_strbcasestr(dent->d_name, ".mdu")  ||

 	    cli_strbcasestr(dent->d_name, ".ndb")  || 

+	    cli_strbcasestr(dent->d_name, ".ndu")  || 

 	    cli_strbcasestr(dent->d_name, ".sdb")  || 

 	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".rmd")  || 

@@ -55,6 +55,7 @@ struct cfgoption cfg_options[] = {

     {"PhishingAlwaysBlockSSLMismatch", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},

     {"PhishingRestrictedScan", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     /* end of FP prone options */

+    {"DetectPUA", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},

     {"AlgorithmicDetection", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"ScanHTML", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"ScanOLE2", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

@@ -331,7 +331,7 @@ static int writeinfo(const char *db, const char *header)

 	int i;

 	struct stat sb;

 	char file[32], *md5;

-	const char *const extlist[] = { "db", "fp", "hdb", "mdb", "ndb", "pdb", "wdb", "rmd", "zmd", "sdb", "cfg", NULL };

+	const char *const extlist[] = { "db", "fp", "hdb", "hdu", "mdb", "mdu", "ndb", "ndu", "pdb", "wdb", "rmd", "zmd", "sdb", "cfg", NULL };

     snprintf(file, sizeof(file), "%s.info", db);

@@ -522,8 +522,11 @@ static int build(struct optstruct *opt)

     if(stat("main.db", &foo) == -1 && stat("daily.db", &foo) == -1 &&

        stat("main.hdb", &foo) == -1 && stat("daily.hdb", &foo) == -1 &&

+       stat("main.hdu", &foo) == -1 && stat("daily.hdu", &foo) == -1 &&

        stat("main.mdb", &foo) == -1 && stat("daily.mdb", &foo) == -1 &&

+       stat("main.mdu", &foo) == -1 && stat("daily.mdu", &foo) == -1 &&

        stat("main.ndb", &foo) == -1 && stat("daily.ndb", &foo) == -1 &&

+       stat("main.ndu", &foo) == -1 && stat("daily.ndu", &foo) == -1 &&

        stat("main.pdb", &foo) == -1 && stat("daily.pdb", &foo) == -1 &&

        stat("main.sdb", &foo) == -1 && stat("daily.sdb", &foo) == -1 &&

        stat("main.zmd", &foo) == -1 && stat("daily.zmd", &foo) == -1 &&

@@ -545,8 +548,11 @@ static int build(struct optstruct *opt)

     } else {

 	lines = countlines("main.db") + countlines("daily.db") +

 		countlines("main.hdb") + countlines("daily.hdb") +

+		countlines("main.hdu") + countlines("daily.hdu") +

 		countlines("main.mdb") + countlines("daily.mdb") +

+		countlines("main.mdu") + countlines("daily.mdu") +

 		countlines("main.ndb") + countlines("daily.ndb") +

+		countlines("main.ndu") + countlines("daily.ndu") +

 		countlines("main.sdb") + countlines("daily.sdb") +

 		countlines("main.zmd") + countlines("daily.zmd") +

 		countlines("main.rmd") + countlines("daily.rmd") +

@@ -691,10 +697,12 @@ static int build(struct optstruct *opt)

 	    {

 		const char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db",

 				 "daily.db", "main.hdb", "daily.hdb",

-				 "main.ndb", "daily.ndb", "main.sdb",

-				 "daily.sdb", "main.zmd", "daily.zmd",

-				 "main.rmd", "daily.rmd", "main.fp",

-				 "daily.fp", "main.mdb", "daily.mdb",

+				 "main.hdu", "daily.hdu", "main.ndb",

+				 "daily.ndb", "main.ndu", "daily.ndu",

+				 "main.sdb", "daily.sdb", "main.zmd",

+				 "daily.zmd", "main.rmd", "daily.rmd",

+				 "main.fp", "daily.fp", "main.mdb",

+				 "daily.mdb", "main.mdu", "daily.mdu",

 				 "daily.info", "main.info", "main.wdb",

 				 "daily.wdb", "main.pdb", "daily.pdb",

 				 "main.cfg", "daily.cfg",

@@ -1036,8 +1044,11 @@ static int listdir(const char *dirname)

 	    if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") &&

 	    (cli_strbcasestr(dent->d_name, ".db")  ||

 	     cli_strbcasestr(dent->d_name, ".hdb") ||

+	     cli_strbcasestr(dent->d_name, ".hdu") ||

 	     cli_strbcasestr(dent->d_name, ".mdb") ||

+	     cli_strbcasestr(dent->d_name, ".mdu") ||

 	     cli_strbcasestr(dent->d_name, ".ndb") ||

+	     cli_strbcasestr(dent->d_name, ".ndu") ||

 	     cli_strbcasestr(dent->d_name, ".sdb") ||

 	     cli_strbcasestr(dent->d_name, ".zmd") ||

 	     cli_strbcasestr(dent->d_name, ".rmd") ||

@@ -1163,7 +1174,7 @@ static int listdb(const char *filename)

 	    mprintf("%s\n", start);

 	}

-    } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".mdb")) { /* hash database */

+    } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".hdu") || cli_strbcasestr(filename, ".mdb") || cli_strbcasestr(filename, ".mdu")) { /* hash database */

 	while(fgets(buffer, FILEBUFF, fd)) {

 	    line++;

@@ -1184,7 +1195,7 @@ static int listdb(const char *filename)

 	    free(start);

 	}

-    } else if(cli_strbcasestr(filename, ".ndb") || cli_strbcasestr(filename, ".sdb") || cli_strbcasestr(filename, ".zmd") || cli_strbcasestr(filename, ".rmd")) {

+    } else if(cli_strbcasestr(filename, ".ndb") || cli_strbcasestr(filename, ".ndu") || cli_strbcasestr(filename, ".sdb") || cli_strbcasestr(filename, ".zmd") || cli_strbcasestr(filename, ".rmd")) {

 	while(fgets(buffer, FILEBUFF, fd)) {

 	    line++;