git-svn: trunk@3169
Tomasz Kojm authored on 2007/08/14 03:10:35... | ... |
@@ -1,3 +1,10 @@ |
1 |
+Mon Aug 13 19:09:43 CEST 2007 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav, sigtool: add support for PUA databases (.hdu, .mdu, .ndu), |
|
4 |
+ requested by Christoph |
|
5 |
+ * clamscan: add --detect-pua |
|
6 |
+ * clamd, clamd.conf: add DetectPUA |
|
7 |
+ |
|
1 | 8 |
Sat Aug 11 15:15:55 CEST 2007 (tk) |
2 | 9 |
---------------------------------- |
3 | 10 |
* freshclam/mirman.c: properly handle mirror access times (bb#606, only |
... | ... |
@@ -297,6 +297,11 @@ int main(int argc, char **argv) |
297 | 297 |
dbdir = cfgopt(copt, "DatabaseDirectory")->strarg; |
298 | 298 |
logg("Reading databases from %s\n", dbdir); |
299 | 299 |
|
300 |
+ if(cfgopt(copt, "DetectPUA")->enabled) |
|
301 |
+ dboptions |= CL_DB_PUA; |
|
302 |
+ else |
|
303 |
+ logg("Not loading PUA signatures.\n"); |
|
304 |
+ |
|
300 | 305 |
if(cfgopt(copt, "PhishingSignatures")->enabled) |
301 | 306 |
dboptions |= CL_DB_PHISHING; |
302 | 307 |
else |
... | ... |
@@ -298,6 +298,7 @@ void help(void) |
298 | 298 |
mprintf("\n --ncore Use hardware acceleration\n"); |
299 | 299 |
#endif |
300 | 300 |
mprintf("\n"); |
301 |
+ mprintf(" --detect-pua Detect Possibly Unwanted Applications\n"); |
|
301 | 302 |
mprintf(" --no-mail Disable mail file support\n"); |
302 | 303 |
mprintf(" --no-phishing-sigs Disable signature-based phishing detection\n"); |
303 | 304 |
mprintf(" --no-phishing-scan-urls Disable url-based phishing detection\n"); |
... | ... |
@@ -186,6 +186,9 @@ int scanmanager(const struct optstruct *opt) |
186 | 186 |
if(opt_check(opt, "dev-ac-only")) |
187 | 187 |
dboptions |= CL_DB_ACONLY; |
188 | 188 |
|
189 |
+ if(opt_check(opt, "detect-pua")) |
|
190 |
+ dboptions |= CL_DB_PUA; |
|
191 |
+ |
|
189 | 192 |
if(opt_check(opt, "database")) { |
190 | 193 |
if((ret = cl_load(opt_arg(opt, "database"), &engine, &info.sigs, dboptions))) { |
191 | 194 |
logg("!%s\n", cl_strerror(ret)); |
... | ... |
@@ -190,6 +190,11 @@ Limit data port range. |
190 | 190 |
.br |
191 | 191 |
Default: 2048 |
192 | 192 |
.TP |
193 |
+\fBDetectPUA\fR |
|
194 |
+Detect Possibly Unwanted Applications. |
|
195 |
+.br |
|
196 |
+Default: No |
|
197 |
+.TP |
|
193 | 198 |
\fBAlgorithmicDetection BOOL\fR |
194 | 199 |
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option controls the algorithmic detection. |
195 | 200 |
.br |
... | ... |
@@ -69,6 +69,9 @@ Move infected files into DIRECTORY. Directory must be writable for the '@CLAMAVU |
69 | 69 |
\fB\-\-copy=DIRECTORY\fR |
70 | 70 |
Copy infected files into DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan. |
71 | 71 |
.TP |
72 |
+\fB\-\-detect\-pua\fR |
|
73 |
+Detect Possibly Unwanted Applications. |
|
74 |
+.TP |
|
72 | 75 |
\fB\-\-no\-mail\fR |
73 | 76 |
Disable scanning of mail files. |
74 | 77 |
.TP |
... | ... |
@@ -163,6 +163,10 @@ LocalSocket /tmp/clamd.socket |
163 | 163 |
# Default: no |
164 | 164 |
#LeaveTemporaryFiles yes |
165 | 165 |
|
166 |
+# Detect Possibly Unwanted Applications. |
|
167 |
+# Default: no |
|
168 |
+#DetectPUA yes |
|
169 |
+ |
|
166 | 170 |
# In some cases (eg. complex malware, exploits in graphic files, and others), |
167 | 171 |
# ClamAV uses special algorithms to provide accurate detection. This option |
168 | 172 |
# controls the algorithmic detection. |
... | ... |
@@ -74,6 +74,7 @@ extern "C" |
74 | 74 |
#define CL_DB_PHISHING 0x2 |
75 | 75 |
#define CL_DB_ACONLY 0x4 /* WARNING: only for developers */ |
76 | 76 |
#define CL_DB_PHISHING_URLS 0x8 |
77 |
+#define CL_DB_PUA 0x10 |
|
77 | 78 |
|
78 | 79 |
/* recommended db settings */ |
79 | 80 |
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS) |
... | ... |
@@ -980,18 +980,36 @@ static int cli_load(const char *filename, struct cl_engine **engine, unsigned in |
980 | 980 |
} else if(cli_strbcasestr(filename, ".hdb")) { |
981 | 981 |
ret = cli_loadhdb(fd, engine, signo, 0, options); |
982 | 982 |
|
983 |
+ } else if(cli_strbcasestr(filename, ".hdu")) { |
|
984 |
+ if(options & CL_DB_PUA) |
|
985 |
+ ret = cli_loadhdb(fd, engine, signo, 0, options); |
|
986 |
+ else |
|
987 |
+ skipped = 1; |
|
988 |
+ |
|
983 | 989 |
} else if(cli_strbcasestr(filename, ".fp")) { |
984 | 990 |
ret = cli_loadhdb(fd, engine, signo, 1, options); |
985 | 991 |
|
986 | 992 |
} else if(cli_strbcasestr(filename, ".mdb")) { |
987 | 993 |
ret = cli_loadhdb(fd, engine, signo, 2, options); |
988 | 994 |
|
995 |
+ } else if(cli_strbcasestr(filename, ".mdu")) { |
|
996 |
+ if(options & CL_DB_PUA) |
|
997 |
+ ret = cli_loadhdb(fd, engine, signo, 2, options); |
|
998 |
+ else |
|
999 |
+ skipped = 1; |
|
1000 |
+ |
|
989 | 1001 |
} else if(cli_strbcasestr(filename, ".ndb")) { |
990 | 1002 |
if(options & CL_DB_NCORE) |
991 | 1003 |
skipped = 1; |
992 | 1004 |
else |
993 | 1005 |
ret = cli_loadndb(fd, engine, signo, 0, options); |
994 | 1006 |
|
1007 |
+ } else if(cli_strbcasestr(filename, ".ndu")) { |
|
1008 |
+ if(!(options & CL_DB_PUA) || (options & CL_DB_NCORE)) |
|
1009 |
+ skipped = 1; |
|
1010 |
+ else |
|
1011 |
+ ret = cli_loadndb(fd, engine, signo, 0, options); |
|
1012 |
+ |
|
995 | 1013 |
} else if(cli_strbcasestr(filename, ".sdb")) { |
996 | 1014 |
/* FIXME: Add support in ncore mode */ |
997 | 1015 |
if(options & CL_DB_NCORE) |
... | ... |
@@ -1098,9 +1116,12 @@ static int cli_loaddbdir_l(const char *dirname, struct cl_engine **engine, unsig |
1098 | 1098 |
cli_strbcasestr(dent->d_name, ".db2") || |
1099 | 1099 |
cli_strbcasestr(dent->d_name, ".db3") || |
1100 | 1100 |
cli_strbcasestr(dent->d_name, ".hdb") || |
1101 |
+ cli_strbcasestr(dent->d_name, ".hdu") || |
|
1101 | 1102 |
cli_strbcasestr(dent->d_name, ".fp") || |
1102 | 1103 |
cli_strbcasestr(dent->d_name, ".mdb") || |
1104 |
+ cli_strbcasestr(dent->d_name, ".mdu") || |
|
1103 | 1105 |
cli_strbcasestr(dent->d_name, ".ndb") || |
1106 |
+ cli_strbcasestr(dent->d_name, ".ndu") || |
|
1104 | 1107 |
cli_strbcasestr(dent->d_name, ".sdb") || |
1105 | 1108 |
cli_strbcasestr(dent->d_name, ".zmd") || |
1106 | 1109 |
cli_strbcasestr(dent->d_name, ".rmd") || |
... | ... |
@@ -1252,9 +1273,12 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat) |
1252 | 1252 |
cli_strbcasestr(dent->d_name, ".db2") || |
1253 | 1253 |
cli_strbcasestr(dent->d_name, ".db3") || |
1254 | 1254 |
cli_strbcasestr(dent->d_name, ".hdb") || |
1255 |
+ cli_strbcasestr(dent->d_name, ".hdu") || |
|
1255 | 1256 |
cli_strbcasestr(dent->d_name, ".fp") || |
1256 | 1257 |
cli_strbcasestr(dent->d_name, ".mdb") || |
1258 |
+ cli_strbcasestr(dent->d_name, ".mdu") || |
|
1257 | 1259 |
cli_strbcasestr(dent->d_name, ".ndb") || |
1260 |
+ cli_strbcasestr(dent->d_name, ".ndu") || |
|
1258 | 1261 |
cli_strbcasestr(dent->d_name, ".sdb") || |
1259 | 1262 |
cli_strbcasestr(dent->d_name, ".zmd") || |
1260 | 1263 |
cli_strbcasestr(dent->d_name, ".rmd") || |
... | ... |
@@ -1360,9 +1384,12 @@ int cl_statchkdir(const struct cl_stat *dbstat) |
1360 | 1360 |
cli_strbcasestr(dent->d_name, ".db2") || |
1361 | 1361 |
cli_strbcasestr(dent->d_name, ".db3") || |
1362 | 1362 |
cli_strbcasestr(dent->d_name, ".hdb") || |
1363 |
+ cli_strbcasestr(dent->d_name, ".hdu") || |
|
1363 | 1364 |
cli_strbcasestr(dent->d_name, ".fp") || |
1364 | 1365 |
cli_strbcasestr(dent->d_name, ".mdb") || |
1366 |
+ cli_strbcasestr(dent->d_name, ".mdu") || |
|
1365 | 1367 |
cli_strbcasestr(dent->d_name, ".ndb") || |
1368 |
+ cli_strbcasestr(dent->d_name, ".ndu") || |
|
1366 | 1369 |
cli_strbcasestr(dent->d_name, ".sdb") || |
1367 | 1370 |
cli_strbcasestr(dent->d_name, ".zmd") || |
1368 | 1371 |
cli_strbcasestr(dent->d_name, ".rmd") || |
... | ... |
@@ -55,6 +55,7 @@ struct cfgoption cfg_options[] = { |
55 | 55 |
{"PhishingAlwaysBlockSSLMismatch", OPT_BOOL, 0, NULL, 0, OPT_CLAMD}, |
56 | 56 |
{"PhishingRestrictedScan", OPT_BOOL, 1, NULL, 0, OPT_CLAMD}, |
57 | 57 |
/* end of FP prone options */ |
58 |
+ {"DetectPUA", OPT_BOOL, 0, NULL, 0, OPT_CLAMD}, |
|
58 | 59 |
{"AlgorithmicDetection", OPT_BOOL, 1, NULL, 0, OPT_CLAMD}, |
59 | 60 |
{"ScanHTML", OPT_BOOL, 1, NULL, 0, OPT_CLAMD}, |
60 | 61 |
{"ScanOLE2", OPT_BOOL, 1, NULL, 0, OPT_CLAMD}, |
... | ... |
@@ -331,7 +331,7 @@ static int writeinfo(const char *db, const char *header) |
331 | 331 |
int i; |
332 | 332 |
struct stat sb; |
333 | 333 |
char file[32], *md5; |
334 |
- const char *const extlist[] = { "db", "fp", "hdb", "mdb", "ndb", "pdb", "wdb", "rmd", "zmd", "sdb", "cfg", NULL }; |
|
334 |
+ const char *const extlist[] = { "db", "fp", "hdb", "hdu", "mdb", "mdu", "ndb", "ndu", "pdb", "wdb", "rmd", "zmd", "sdb", "cfg", NULL }; |
|
335 | 335 |
|
336 | 336 |
|
337 | 337 |
snprintf(file, sizeof(file), "%s.info", db); |
... | ... |
@@ -522,8 +522,11 @@ static int build(struct optstruct *opt) |
522 | 522 |
|
523 | 523 |
if(stat("main.db", &foo) == -1 && stat("daily.db", &foo) == -1 && |
524 | 524 |
stat("main.hdb", &foo) == -1 && stat("daily.hdb", &foo) == -1 && |
525 |
+ stat("main.hdu", &foo) == -1 && stat("daily.hdu", &foo) == -1 && |
|
525 | 526 |
stat("main.mdb", &foo) == -1 && stat("daily.mdb", &foo) == -1 && |
527 |
+ stat("main.mdu", &foo) == -1 && stat("daily.mdu", &foo) == -1 && |
|
526 | 528 |
stat("main.ndb", &foo) == -1 && stat("daily.ndb", &foo) == -1 && |
529 |
+ stat("main.ndu", &foo) == -1 && stat("daily.ndu", &foo) == -1 && |
|
527 | 530 |
stat("main.pdb", &foo) == -1 && stat("daily.pdb", &foo) == -1 && |
528 | 531 |
stat("main.sdb", &foo) == -1 && stat("daily.sdb", &foo) == -1 && |
529 | 532 |
stat("main.zmd", &foo) == -1 && stat("daily.zmd", &foo) == -1 && |
... | ... |
@@ -545,8 +548,11 @@ static int build(struct optstruct *opt) |
545 | 545 |
} else { |
546 | 546 |
lines = countlines("main.db") + countlines("daily.db") + |
547 | 547 |
countlines("main.hdb") + countlines("daily.hdb") + |
548 |
+ countlines("main.hdu") + countlines("daily.hdu") + |
|
548 | 549 |
countlines("main.mdb") + countlines("daily.mdb") + |
550 |
+ countlines("main.mdu") + countlines("daily.mdu") + |
|
549 | 551 |
countlines("main.ndb") + countlines("daily.ndb") + |
552 |
+ countlines("main.ndu") + countlines("daily.ndu") + |
|
550 | 553 |
countlines("main.sdb") + countlines("daily.sdb") + |
551 | 554 |
countlines("main.zmd") + countlines("daily.zmd") + |
552 | 555 |
countlines("main.rmd") + countlines("daily.rmd") + |
... | ... |
@@ -691,10 +697,12 @@ static int build(struct optstruct *opt) |
691 | 691 |
{ |
692 | 692 |
const char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db", |
693 | 693 |
"daily.db", "main.hdb", "daily.hdb", |
694 |
- "main.ndb", "daily.ndb", "main.sdb", |
|
695 |
- "daily.sdb", "main.zmd", "daily.zmd", |
|
696 |
- "main.rmd", "daily.rmd", "main.fp", |
|
697 |
- "daily.fp", "main.mdb", "daily.mdb", |
|
694 |
+ "main.hdu", "daily.hdu", "main.ndb", |
|
695 |
+ "daily.ndb", "main.ndu", "daily.ndu", |
|
696 |
+ "main.sdb", "daily.sdb", "main.zmd", |
|
697 |
+ "daily.zmd", "main.rmd", "daily.rmd", |
|
698 |
+ "main.fp", "daily.fp", "main.mdb", |
|
699 |
+ "daily.mdb", "main.mdu", "daily.mdu", |
|
698 | 700 |
"daily.info", "main.info", "main.wdb", |
699 | 701 |
"daily.wdb", "main.pdb", "daily.pdb", |
700 | 702 |
"main.cfg", "daily.cfg", |
... | ... |
@@ -1036,8 +1044,11 @@ static int listdir(const char *dirname) |
1036 | 1036 |
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && |
1037 | 1037 |
(cli_strbcasestr(dent->d_name, ".db") || |
1038 | 1038 |
cli_strbcasestr(dent->d_name, ".hdb") || |
1039 |
+ cli_strbcasestr(dent->d_name, ".hdu") || |
|
1039 | 1040 |
cli_strbcasestr(dent->d_name, ".mdb") || |
1041 |
+ cli_strbcasestr(dent->d_name, ".mdu") || |
|
1040 | 1042 |
cli_strbcasestr(dent->d_name, ".ndb") || |
1043 |
+ cli_strbcasestr(dent->d_name, ".ndu") || |
|
1041 | 1044 |
cli_strbcasestr(dent->d_name, ".sdb") || |
1042 | 1045 |
cli_strbcasestr(dent->d_name, ".zmd") || |
1043 | 1046 |
cli_strbcasestr(dent->d_name, ".rmd") || |
... | ... |
@@ -1163,7 +1174,7 @@ static int listdb(const char *filename) |
1163 | 1163 |
mprintf("%s\n", start); |
1164 | 1164 |
} |
1165 | 1165 |
|
1166 |
- } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".mdb")) { /* hash database */ |
|
1166 |
+ } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".hdu") || cli_strbcasestr(filename, ".mdb") || cli_strbcasestr(filename, ".mdu")) { /* hash database */ |
|
1167 | 1167 |
|
1168 | 1168 |
while(fgets(buffer, FILEBUFF, fd)) { |
1169 | 1169 |
line++; |
... | ... |
@@ -1184,7 +1195,7 @@ static int listdb(const char *filename) |
1184 | 1184 |
free(start); |
1185 | 1185 |
} |
1186 | 1186 |
|
1187 |
- } else if(cli_strbcasestr(filename, ".ndb") || cli_strbcasestr(filename, ".sdb") || cli_strbcasestr(filename, ".zmd") || cli_strbcasestr(filename, ".rmd")) { |
|
1187 |
+ } else if(cli_strbcasestr(filename, ".ndb") || cli_strbcasestr(filename, ".ndu") || cli_strbcasestr(filename, ".sdb") || cli_strbcasestr(filename, ".zmd") || cli_strbcasestr(filename, ".rmd")) { |
|
1188 | 1188 |
|
1189 | 1189 |
while(fgets(buffer, FILEBUFF, fd)) { |
1190 | 1190 |
line++; |