int cl_init(unsigned int options);
struct cl_engine *cl_engine_new(unsigned int options);
int cl_engine_compile(struct cl_engine *engine);
struct cl_engine *cl_engine_dup(struct cl_engine *engine);
int cl_engine_free(struct cl_engine *engine);
more to come..
WARNING: THE BRANCH IS CURRENTLY BROKEN AND SHOULD NOT BE USED
git-svn-id: file:///var/lib/svn/clamav-devel/branches/newapi@4370 77e5149b-7576-45b1-b177-96237e5ba77b
... | ... |
@@ -104,80 +104,23 @@ extern "C" |
104 | 104 |
/* recommended scan settings */ |
105 | 105 |
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_PDF | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF) |
106 | 106 |
|
107 |
-/* aliases for backward compatibility */ |
|
108 |
-#define CL_RAW CL_SCAN_RAW |
|
109 |
-#define CL_ARCHIVE CL_SCAN_ARCHIVE |
|
110 |
-#define CL_MAIL CL_SCAN_MAIL |
|
111 |
-#define CL_OLE2 CL_SCAN_OLE2 |
|
112 |
-#define CL_ENCRYPTED CL_SCAN_BLOCKENCRYPTED |
|
113 |
-#define cl_node cl_engine |
|
114 |
-#define cl_perror cl_strerror |
|
107 |
+struct cl_engine; |
|
115 | 108 |
|
116 |
-struct cl_engine { |
|
117 |
- unsigned int refcount; /* reference counter */ |
|
118 |
- unsigned short sdb; |
|
119 |
- unsigned int dboptions; |
|
120 |
- unsigned int dbversion[2]; |
|
121 | 109 |
|
122 |
- /* Roots table */ |
|
123 |
- void **root; |
|
110 |
+/* NEW API CALLS: */ |
|
124 | 111 |
|
125 |
- /* B-M matcher for standard MD5 sigs */ |
|
126 |
- void *md5_hdb; |
|
112 |
+#define CL_INIT_DEFAULT 0x0 |
|
113 |
+extern int cl_init(unsigned int options); |
|
127 | 114 |
|
128 |
- /* B-M matcher for MD5 sigs for PE sections */ |
|
129 |
- void *md5_mdb; |
|
115 |
+#define CL_ENGINE_DEFAULT 0x0 |
|
116 |
+extern struct cl_engine *cl_engine_new(unsigned int options); |
|
130 | 117 |
|
131 |
- /* B-M matcher for whitelist db */ |
|
132 |
- void *md5_fp; |
|
118 |
+extern int cl_engine_compile(struct cl_engine *engine); |
|
133 | 119 |
|
134 |
- /* Zip metadata */ |
|
135 |
- void *zip_mlist; |
|
120 |
+extern struct cl_engine *cl_engine_dup(struct cl_engine *engine); |
|
136 | 121 |
|
137 |
- /* RAR metadata */ |
|
138 |
- void *rar_mlist; |
|
122 |
+extern int cl_engine_free(struct cl_engine *engine); |
|
139 | 123 |
|
140 |
- /* Phishing .pdb and .wdb databases*/ |
|
141 |
- void *whitelist_matcher; |
|
142 |
- void *domainlist_matcher; |
|
143 |
- void *phishcheck; |
|
144 |
- |
|
145 |
- /* Dynamic configuration */ |
|
146 |
- void *dconf; |
|
147 |
- |
|
148 |
- /* Filetype definitions */ |
|
149 |
- void *ftypes; |
|
150 |
- |
|
151 |
- /* Ignored signatures */ |
|
152 |
- void *ignored; |
|
153 |
- |
|
154 |
- /* PUA categories (to be included or excluded) */ |
|
155 |
- char *pua_cats; |
|
156 |
- |
|
157 |
- /* Used for memory pools */ |
|
158 |
- void *mempool; |
|
159 |
-}; |
|
160 |
- |
|
161 |
-struct cl_limits { |
|
162 |
- unsigned long int maxscansize; /* during the scanning of archives this size |
|
163 |
- * will never be exceeded |
|
164 |
- */ |
|
165 |
- unsigned long int maxfilesize; /* compressed files will only be decompressed |
|
166 |
- * and scanned up to this size |
|
167 |
- */ |
|
168 |
- unsigned int maxreclevel; /* maximum recursion level for archives */ |
|
169 |
- unsigned int maxfiles; /* maximum number of files to be scanned |
|
170 |
- * within a single archive |
|
171 |
- */ |
|
172 |
- unsigned short archivememlim; /* limit memory usage for some unpackers */ |
|
173 |
- |
|
174 |
- /* This is for structured data detection. You can set the minimum |
|
175 |
- * number of occurences of an CC# or SSN before the system will |
|
176 |
- * generate a notification. |
|
177 |
- */ |
|
178 |
- unsigned int min_cc_count; |
|
179 |
- unsigned int min_ssn_count; |
|
180 |
-}; |
|
181 | 124 |
|
182 | 125 |
struct cl_stat { |
183 | 126 |
char *dir; |
... | ... |
@@ -198,18 +141,15 @@ struct cl_cvd { /* field no. */ |
198 | 198 |
}; |
199 | 199 |
|
200 | 200 |
/* file scanning */ |
201 |
-extern int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options); |
|
201 |
+extern int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int options); |
|
202 | 202 |
|
203 |
-extern int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options); |
|
203 |
+extern int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int options); |
|
204 | 204 |
|
205 | 205 |
/* database handling */ |
206 | 206 |
extern int cl_load(const char *path, struct cl_engine **engine, unsigned int *signo, unsigned int options); |
207 | 207 |
extern const char *cl_retdbdir(void); |
208 | 208 |
|
209 | 209 |
/* engine handling */ |
210 |
-extern int cl_build(struct cl_engine *engine); |
|
211 |
-extern struct cl_engine *cl_dup(struct cl_engine *engine); |
|
212 |
-extern void cl_free(struct cl_engine *engine); |
|
213 | 210 |
|
214 | 211 |
/* CVD */ |
215 | 212 |
extern struct cl_cvd *cl_cvdhead(const char *file); |
... | ... |
@@ -280,11 +280,6 @@ int cli_dconf_load(FILE *fs, struct cl_engine **engine, unsigned int options, st |
280 | 280 |
uint32_t val; |
281 | 281 |
|
282 | 282 |
|
283 |
- if((ret = cli_initengine(engine, options))) { |
|
284 |
- cl_free(*engine); |
|
285 |
- return ret; |
|
286 |
- } |
|
287 |
- |
|
288 | 283 |
dconf = (struct cli_dconf *) (*engine)->dconf; |
289 | 284 |
|
290 | 285 |
while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) { |
... | ... |
@@ -357,7 +352,7 @@ int cli_dconf_load(FILE *fs, struct cl_engine **engine, unsigned int options, st |
357 | 357 |
|
358 | 358 |
if(ret) { |
359 | 359 |
cli_errmsg("Problem parsing configuration file at line %u\n", line); |
360 |
- cl_free(*engine); |
|
360 |
+ cl_engine_free(*engine); |
|
361 | 361 |
return ret; |
362 | 362 |
} |
363 | 363 |
|
... | ... |
@@ -1,16 +1,16 @@ |
1 | 1 |
CLAMAV_PUBLIC { |
2 | 2 |
global: |
3 |
- cl_build; |
|
4 | 3 |
cl_cvdfree; |
5 | 4 |
cl_cvdhead; |
6 | 5 |
cl_cvdparse; |
7 | 6 |
cl_cvdverify; |
8 | 7 |
cl_debug; |
9 |
- cl_dup; |
|
10 |
- cl_free; |
|
8 |
+ cl_init; |
|
9 |
+ cl_engine_new; |
|
10 |
+ cl_engine_compile; |
|
11 |
+ cl_engine_dup; |
|
12 |
+ cl_engine_free; |
|
11 | 13 |
cl_load; |
12 |
- cl_loaddb; |
|
13 |
- cl_loaddbdir; |
|
14 | 14 |
cl_retdbdir; |
15 | 15 |
cl_retflevel; |
16 | 16 |
cl_retver; |
... | ... |
@@ -841,7 +841,7 @@ inline static int ac_addtype(struct cli_matched_type **list, cli_file_t type, of |
841 | 841 |
|
842 | 842 |
|
843 | 843 |
if(type == CL_TYPE_ZIPSFX) { |
844 |
- if(*list && ctx && ctx->limits && ctx->limits->maxfiles && (*list)->cnt > ctx->limits->maxfiles) |
|
844 |
+ if(*list && ctx && ctx->engine->maxfiles && (*list)->cnt > ctx->engine->maxfiles) |
|
845 | 845 |
return CL_SUCCESS; |
846 | 846 |
} else if(*list && (*list)->cnt >= MAX_EMBEDDED_OBJ) |
847 | 847 |
return CL_SUCCESS; |
... | ... |
@@ -1990,30 +1990,29 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1990 | 1990 |
message *mainMessage = messageIn; |
1991 | 1991 |
fileblob *fb; |
1992 | 1992 |
bool infected = FALSE; |
1993 |
- const int doPhishingScan = mctx->ctx->engine->dboptions&CL_DB_PHISHING_URLS && (DCONF_PHISHING & PHISHING_CONF_ENGINE); |
|
1994 |
- const struct cl_limits *limits = mctx->ctx->limits; |
|
1993 |
+ const struct cl_engine *engine = mctx->ctx->engine; |
|
1994 |
+ const int doPhishingScan = engine->dboptions&CL_DB_PHISHING_URLS && (DCONF_PHISHING & PHISHING_CONF_ENGINE); |
|
1995 | 1995 |
|
1996 | 1996 |
cli_dbgmsg("in parseEmailBody, %u files saved so far\n", |
1997 | 1997 |
mctx->files); |
1998 | 1998 |
|
1999 |
- if(limits) { /* FIXMELIMITS: this should be better integrated */ |
|
2000 |
- if(limits->maxreclevel) |
|
2001 |
- /* |
|
2002 |
- * This is approximate |
|
2003 |
- */ |
|
2004 |
- if(recursion_level > limits->maxreclevel) { |
|
1999 |
+ /* FIXMELIMITS: this should be better integrated */ |
|
2000 |
+ if(engine->maxreclevel) |
|
2001 |
+ /* |
|
2002 |
+ * This is approximate |
|
2003 |
+ */ |
|
2004 |
+ if(recursion_level > engine->maxreclevel) { |
|
2005 | 2005 |
|
2006 | 2006 |
cli_dbgmsg("parseEmailBody: hit maximum recursion level (%u)\n", recursion_level); |
2007 | 2007 |
return MAXREC; |
2008 | 2008 |
} |
2009 |
- if(limits->maxfiles && (mctx->files >= limits->maxfiles)) { |
|
2010 |
- /* |
|
2011 |
- * FIXME: This is only approx - it may have already |
|
2012 |
- * been exceeded |
|
2013 |
- */ |
|
2014 |
- cli_dbgmsg("parseEmailBody: number of files exceeded %u\n", limits->maxfiles); |
|
2015 |
- return MAXFILES; |
|
2016 |
- } |
|
2009 |
+ if(engine->maxfiles && (mctx->files >= engine->maxfiles)) { |
|
2010 |
+ /* |
|
2011 |
+ * FIXME: This is only approx - it may have already |
|
2012 |
+ * been exceeded |
|
2013 |
+ */ |
|
2014 |
+ cli_dbgmsg("parseEmailBody: number of files exceeded %u\n", engine->maxfiles); |
|
2015 |
+ return MAXFILES; |
|
2017 | 2016 |
} |
2018 | 2017 |
|
2019 | 2018 |
rc = OK; |
... | ... |
@@ -444,20 +444,19 @@ static int ole2_walk_property_tree(int fd, ole2_header_t *hdr, const char *dir, |
444 | 444 |
int32_t idx, current_block, i; |
445 | 445 |
char *dirname; |
446 | 446 |
int ret; |
447 |
- const struct cl_limits *limits = ctx ? ctx->limits : NULL; |
|
448 | 447 |
|
449 | 448 |
current_block = hdr->prop_start; |
450 | 449 |
|
451 | 450 |
if ((prop_index < 0) || (prop_index > (int32_t) hdr->max_block_no) || (rec_level > 100) || (*file_count > 100000)) { |
452 | 451 |
return CL_SUCCESS; |
453 | 452 |
} |
454 |
- if (limits && limits->maxfiles && (*file_count > limits->maxfiles)) { |
|
455 |
- cli_dbgmsg("OLE2: File limit reached (max: %d)\n", limits->maxfiles); |
|
453 |
+ if (ctx && ctx->engine->maxfiles && (*file_count > ctx->engine->maxfiles)) { |
|
454 |
+ cli_dbgmsg("OLE2: File limit reached (max: %d)\n", ctx->engine->maxfiles); |
|
456 | 455 |
return CL_SUCCESS; |
457 | 456 |
} |
458 | 457 |
|
459 |
- if (limits && limits->maxreclevel && (rec_level > limits->maxreclevel)) { |
|
460 |
- cli_dbgmsg("OLE2: Recursion limit reached (max: %d)\n", limits->maxreclevel); |
|
458 |
+ if (ctx && ctx->engine->maxreclevel && (rec_level > ctx->engine->maxreclevel)) { |
|
459 |
+ cli_dbgmsg("OLE2: Recursion limit reached (max: %d)\n", ctx->engine->maxreclevel); |
|
461 | 460 |
return CL_SUCCESS; |
462 | 461 |
} |
463 | 462 |
|
... | ... |
@@ -518,11 +517,11 @@ static int ole2_walk_property_tree(int fd, ole2_header_t *hdr, const char *dir, |
518 | 518 |
) return ret; |
519 | 519 |
break; |
520 | 520 |
case 2: /* File */ |
521 |
- if (limits && limits->maxfiles && ctx->scannedfiles + *file_count > limits->maxfiles) { |
|
522 |
- cli_dbgmsg("OLE2: files limit reached (max: %u)\n", ctx->limits->maxfiles); |
|
521 |
+ if (ctx && ctx->engine->maxfiles && ctx->scannedfiles + *file_count > ctx->engine->maxfiles) { |
|
522 |
+ cli_dbgmsg("OLE2: files limit reached (max: %u)\n", ctx->engine->maxfiles); |
|
523 | 523 |
return CL_BREAK; |
524 | 524 |
} |
525 |
- if (!limits || !limits->maxfilesize || prop_block[idx].size <= limits->maxfilesize || prop_block[idx].size <= *scansize) { |
|
525 |
+ if (!ctx || !ctx->engine->maxfilesize || prop_block[idx].size <= ctx->engine->maxfilesize || prop_block[idx].size <= *scansize) { |
|
526 | 526 |
(*file_count)++; |
527 | 527 |
*scansize-=prop_block[idx].size; |
528 | 528 |
if ((ret=handler(fd, hdr, &prop_block[idx], dir, ctx)) != CL_SUCCESS) |
... | ... |
@@ -897,9 +896,9 @@ int cli_ole2_extract(int fd, const char *dirname, cli_ctx *ctx, struct uniq **vb |
897 | 897 |
|
898 | 898 |
cli_dbgmsg("in cli_ole2_extract()\n"); |
899 | 899 |
|
900 |
- if (ctx && ctx->limits && ctx->limits->maxscansize) { |
|
901 |
- if (ctx->limits->maxscansize > ctx->scansize) |
|
902 |
- scansize = ctx->limits->maxscansize - ctx->scansize; |
|
900 |
+ if (ctx && ctx->engine->maxscansize) { |
|
901 |
+ if (ctx->engine->maxscansize > ctx->scansize) |
|
902 |
+ scansize = ctx->engine->maxscansize - ctx->scansize; |
|
903 | 903 |
else |
904 | 904 |
return CL_EMAXSIZE; |
905 | 905 |
} else scansize = -1; |
... | ... |
@@ -197,35 +197,95 @@ const char *cl_strerror(int clerror) |
197 | 197 |
} |
198 | 198 |
} |
199 | 199 |
|
200 |
+int cl_init(unsigned int options) |
|
201 |
+{ |
|
202 |
+ /* put dlopen() stuff here, etc. */ |
|
203 |
+ return CL_SUCCESS; |
|
204 |
+} |
|
205 |
+ |
|
206 |
+struct cl_engine *cl_engine_new(unsigned int options) |
|
207 |
+{ |
|
208 |
+ struct cl_engine *new; |
|
209 |
+ |
|
210 |
+ |
|
211 |
+ new = (struct cl_engine *) cli_calloc(1, sizeof(struct cl_engine)); |
|
212 |
+ if(!new) { |
|
213 |
+ cli_errmsg("cl_engine_new: Can't allocate memory for cl_engine\n"); |
|
214 |
+ return NULL; |
|
215 |
+ } |
|
216 |
+ |
|
217 |
+ /* Setup default limits */ |
|
218 |
+ new->maxscansize = 104857600; |
|
219 |
+ new->maxfilesize = 26214400; |
|
220 |
+ new->maxreclevel = 16; |
|
221 |
+ new->maxfiles = 10000; |
|
222 |
+ new->min_cc_count = 3; |
|
223 |
+ new->min_ssn_count = 3; |
|
224 |
+ |
|
225 |
+ new->refcount = 1; |
|
226 |
+ |
|
227 |
+#ifdef USE_MPOOL |
|
228 |
+ if(!(new->mempool = mp_create())) { |
|
229 |
+ cli_errmsg("cl_engine_new: Can't allocate memory for memory pool\n"); |
|
230 |
+ free(new); |
|
231 |
+ return NULL; |
|
232 |
+ } |
|
233 |
+#endif |
|
234 |
+ |
|
235 |
+ new->root = mp_calloc(new->mempool, CLI_MTARGETS, sizeof(struct cli_matcher *)); |
|
236 |
+ if(!new->root) { |
|
237 |
+ cli_errmsg("cl_engine_new: Can't allocate memory for roots\n"); |
|
238 |
+#ifdef USE_MPOOL |
|
239 |
+ mp_destroy(new->mempool); |
|
240 |
+#endif |
|
241 |
+ free(new); |
|
242 |
+ return NULL; |
|
243 |
+ } |
|
244 |
+ |
|
245 |
+ new->dconf = cli_mp_dconf_init(new->mempool); |
|
246 |
+ if(!new->dconf) { |
|
247 |
+ cli_errmsg("cl_engine_new: Can't initialize dynamic configuration\n"); |
|
248 |
+ mp_free(new->mempool, new->root); |
|
249 |
+#ifdef USE_MPOOL |
|
250 |
+ mp_destroy(new->mempool); |
|
251 |
+#endif |
|
252 |
+ free(new); |
|
253 |
+ return NULL; |
|
254 |
+ } |
|
255 |
+ |
|
256 |
+ cli_dbgmsg("Initialized %s engine\n", cl_retver()); |
|
257 |
+ return new; |
|
258 |
+} |
|
259 |
+ |
|
200 | 260 |
int cli_checklimits(const char *who, cli_ctx *ctx, unsigned long need1, unsigned long need2, unsigned long need3) { |
201 | 261 |
int ret = CL_SUCCESS; |
202 | 262 |
unsigned long needed; |
203 | 263 |
|
204 | 264 |
/* if called without limits, go on, unpack, scan */ |
205 |
- if(!ctx || !ctx->limits) return CL_CLEAN; |
|
265 |
+ if(!ctx) return CL_CLEAN; |
|
206 | 266 |
|
207 | 267 |
needed = (need1>need2)?need1:need2; |
208 | 268 |
needed = (needed>need3)?needed:need3; |
209 | 269 |
|
210 | 270 |
/* if we have global scan limits */ |
211 |
- if(needed && ctx->limits->maxscansize) { |
|
271 |
+ if(needed && ctx->engine->maxscansize) { |
|
212 | 272 |
/* if the remaining scansize is too small... */ |
213 |
- if(ctx->limits->maxscansize-ctx->scansize<needed) { |
|
273 |
+ if(ctx->engine->maxscansize-ctx->scansize<needed) { |
|
214 | 274 |
/* ... we tell the caller to skip this file */ |
215 |
- cli_dbgmsg("%s: scansize exceeded (initial: %lu, remaining: %lu, needed: %lu)\n", who, ctx->limits->maxscansize, ctx->scansize, needed); |
|
275 |
+ cli_dbgmsg("%s: scansize exceeded (initial: %lu, remaining: %lu, needed: %lu)\n", who, ctx->engine->maxscansize, ctx->scansize, needed); |
|
216 | 276 |
ret = CL_EMAXSIZE; |
217 | 277 |
} |
218 | 278 |
} |
219 | 279 |
|
220 | 280 |
/* if we have per-file size limits, and we are overlimit... */ |
221 |
- if(needed && ctx->limits->maxfilesize && ctx->limits->maxfilesize<needed) { |
|
281 |
+ if(needed && ctx->engine->maxfilesize && ctx->engine->maxfilesize<needed) { |
|
222 | 282 |
/* ... we tell the caller to skip this file */ |
223 |
- cli_dbgmsg("%s: filesize exceeded (allowed: %lu, needed: %lu)\n", who, ctx->limits->maxfilesize, needed); |
|
283 |
+ cli_dbgmsg("%s: filesize exceeded (allowed: %lu, needed: %lu)\n", who, ctx->engine->maxfilesize, needed); |
|
224 | 284 |
ret = CL_EMAXSIZE; |
225 | 285 |
} |
226 | 286 |
|
227 |
- if(ctx->limits->maxfiles && ctx->scannedfiles>=ctx->limits->maxfiles) { |
|
228 |
- cli_dbgmsg("%s: files limit reached (max: %u)\n", who, ctx->limits->maxfiles); |
|
287 |
+ if(ctx->engine->maxfiles && ctx->scannedfiles>=ctx->engine->maxfiles) { |
|
288 |
+ cli_dbgmsg("%s: files limit reached (max: %u)\n", who, ctx->engine->maxfiles); |
|
229 | 289 |
return CL_EMAXFILES; |
230 | 290 |
} |
231 | 291 |
return ret; |
... | ... |
@@ -237,8 +297,8 @@ int cli_updatelimits(cli_ctx *ctx, unsigned long needed) { |
237 | 237 |
if (ret != CL_CLEAN) return ret; |
238 | 238 |
ctx->scannedfiles++; |
239 | 239 |
ctx->scansize+=needed; |
240 |
- if(ctx->scansize > ctx->limits->maxscansize) |
|
241 |
- ctx->scansize = ctx->limits->maxscansize; |
|
240 |
+ if(ctx->scansize > ctx->engine->maxscansize) |
|
241 |
+ ctx->scansize = ctx->engine->maxscansize; |
|
242 | 242 |
return CL_CLEAN; |
243 | 243 |
} |
244 | 244 |
|
... | ... |
@@ -18,6 +18,8 @@ |
18 | 18 |
* MA 02110-1301, USA. |
19 | 19 |
*/ |
20 | 20 |
|
21 |
+#include "matcher.h" |
|
22 |
+ |
|
21 | 23 |
#ifndef __OTHERS_H_LC |
22 | 24 |
#define __OTHERS_H_LC |
23 | 25 |
|
... | ... |
@@ -81,7 +83,6 @@ typedef struct { |
81 | 81 |
unsigned long int *scanned; |
82 | 82 |
const struct cli_matcher *root; |
83 | 83 |
const struct cl_engine *engine; |
84 |
- const struct cl_limits *limits; |
|
85 | 84 |
unsigned long scansize; |
86 | 85 |
unsigned int options; |
87 | 86 |
unsigned int recursion; |
... | ... |
@@ -90,6 +91,69 @@ typedef struct { |
90 | 90 |
struct cli_dconf *dconf; |
91 | 91 |
} cli_ctx; |
92 | 92 |
|
93 |
+struct cl_engine { |
|
94 |
+ uint32_t refcount; /* reference counter */ |
|
95 |
+ uint32_t sdb; |
|
96 |
+ uint32_t dboptions; |
|
97 |
+ uint32_t dbversion[2]; |
|
98 |
+ |
|
99 |
+ /* Limits */ |
|
100 |
+ uint64_t maxscansize; /* during the scanning of archives this size |
|
101 |
+ * will never be exceeded |
|
102 |
+ */ |
|
103 |
+ uint64_t maxfilesize; /* compressed files will only be decompressed |
|
104 |
+ * and scanned up to this size |
|
105 |
+ */ |
|
106 |
+ uint32_t maxreclevel; /* maximum recursion level for archives */ |
|
107 |
+ uint32_t maxfiles; /* maximum number of files to be scanned |
|
108 |
+ * within a single archive |
|
109 |
+ */ |
|
110 |
+ /* This is for structured data detection. You can set the minimum |
|
111 |
+ * number of occurences of an CC# or SSN before the system will |
|
112 |
+ * generate a notification. |
|
113 |
+ */ |
|
114 |
+ uint32_t min_cc_count; |
|
115 |
+ uint32_t min_ssn_count; |
|
116 |
+ |
|
117 |
+ /* Roots table */ |
|
118 |
+ struct cli_matcher **root; |
|
119 |
+ |
|
120 |
+ /* B-M matcher for standard MD5 sigs */ |
|
121 |
+ struct cli_matcher *md5_hdb; |
|
122 |
+ |
|
123 |
+ /* B-M matcher for MD5 sigs for PE sections */ |
|
124 |
+ struct cli_matcher *md5_mdb; |
|
125 |
+ |
|
126 |
+ /* B-M matcher for whitelist db */ |
|
127 |
+ struct cli_matcher *md5_fp; |
|
128 |
+ |
|
129 |
+ /* Zip metadata */ |
|
130 |
+ struct cli_meta_node *zip_mlist; |
|
131 |
+ |
|
132 |
+ /* RAR metadata */ |
|
133 |
+ struct cli_meta_node *rar_mlist; |
|
134 |
+ |
|
135 |
+ /* Phishing .pdb and .wdb databases*/ |
|
136 |
+ struct regex_matcher *whitelist_matcher; |
|
137 |
+ struct regex_matcher *domainlist_matcher; |
|
138 |
+ struct phishcheck *phishcheck; |
|
139 |
+ |
|
140 |
+ /* Dynamic configuration */ |
|
141 |
+ struct cli_dconf *dconf; |
|
142 |
+ |
|
143 |
+ /* Filetype definitions */ |
|
144 |
+ struct cli_ftype *ftypes; |
|
145 |
+ |
|
146 |
+ /* Ignored signatures */ |
|
147 |
+ struct cli_ignored *ignored; |
|
148 |
+ |
|
149 |
+ /* PUA categories (to be included or excluded) */ |
|
150 |
+ char *pua_cats; |
|
151 |
+ |
|
152 |
+ /* Used for memory pools */ |
|
153 |
+ mp_t *mempool; |
|
154 |
+}; |
|
155 |
+ |
|
93 | 156 |
#define SCAN_ARCHIVE (ctx->options & CL_SCAN_ARCHIVE) |
94 | 157 |
#define SCAN_MAIL (ctx->options & CL_SCAN_MAIL) |
95 | 158 |
#define SCAN_OLE2 (ctx->options & CL_SCAN_OLE2) |
... | ... |
@@ -303,49 +303,6 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex |
303 | 303 |
return CL_SUCCESS; |
304 | 304 |
} |
305 | 305 |
|
306 |
-int cli_initengine(struct cl_engine **engine, unsigned int options) |
|
307 |
-{ |
|
308 |
- int ret; |
|
309 |
- |
|
310 |
- |
|
311 |
- if(!*engine) { |
|
312 |
- cli_dbgmsg("Initializing the engine (%s)\n", cl_retver()); |
|
313 |
- |
|
314 |
- *engine = (struct cl_engine *) cli_calloc(1, sizeof(struct cl_engine)); |
|
315 |
- if(!*engine) { |
|
316 |
- cli_errmsg("Can't allocate memory for the engine structure!\n"); |
|
317 |
- return CL_EMEM; |
|
318 |
- } |
|
319 |
- |
|
320 |
- (*engine)->refcount = 1; |
|
321 |
- |
|
322 |
-#ifdef USE_MPOOL |
|
323 |
- if(!((*engine)->mempool = mp_create())) { |
|
324 |
- cli_errmsg("Can't allocate memory for memory pool!\n"); |
|
325 |
- return CL_EMEM; |
|
326 |
- } |
|
327 |
-#endif |
|
328 |
- (*engine)->root = mp_calloc((*engine)->mempool, CLI_MTARGETS, sizeof(struct cli_matcher *)); |
|
329 |
- if(!(*engine)->root) { |
|
330 |
- /* no need to free previously allocated memory here */ |
|
331 |
- cli_errmsg("Can't allocate memory for roots!\n"); |
|
332 |
- return CL_EMEM; |
|
333 |
- } |
|
334 |
- |
|
335 |
- (*engine)->dconf = cli_mp_dconf_init((*engine)->mempool); |
|
336 |
- if(!(*engine)->dconf) { |
|
337 |
- cli_errmsg("Can't initialize dynamic configuration\n"); |
|
338 |
- return CL_EMEM; |
|
339 |
- } |
|
340 |
- |
|
341 |
- if((options & CL_DB_PHISHING_URLS) && (((struct cli_dconf*) (*engine)->dconf)->phishing & PHISHING_CONF_ENGINE)) |
|
342 |
- if((ret = phishing_init(*engine))) |
|
343 |
- return ret; |
|
344 |
- } |
|
345 |
- |
|
346 |
- return CL_SUCCESS; |
|
347 |
-} |
|
348 |
- |
|
349 | 306 |
static int cli_initroots(struct cl_engine *engine, unsigned int options) |
350 | 307 |
{ |
351 | 308 |
int i, ret; |
... | ... |
@@ -478,7 +435,7 @@ static int cli_loaddb(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
478 | 478 |
|
479 | 479 |
|
480 | 480 |
if((ret = cli_initroots(*engine, options))) { |
481 |
- cl_free(*engine); |
|
481 |
+ cl_engine_free(*engine); |
|
482 | 482 |
return ret; |
483 | 483 |
} |
484 | 484 |
|
... | ... |
@@ -512,13 +469,13 @@ static int cli_loaddb(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
512 | 512 |
|
513 | 513 |
if(!line) { |
514 | 514 |
cli_errmsg("Empty database file\n"); |
515 |
- cl_free(*engine); |
|
515 |
+ cl_engine_free(*engine); |
|
516 | 516 |
return CL_EMALFDB; |
517 | 517 |
} |
518 | 518 |
|
519 | 519 |
if(ret) { |
520 | 520 |
cli_errmsg("Problem parsing database at line %d\n", line); |
521 |
- cl_free(*engine); |
|
521 |
+ cl_engine_free(*engine); |
|
522 | 522 |
return ret; |
523 | 523 |
} |
524 | 524 |
|
... | ... |
@@ -539,14 +496,14 @@ static int cli_loadwdb(FILE *fs, struct cl_engine **engine, unsigned int options |
539 | 539 |
if(!(*engine)->whitelist_matcher) { |
540 | 540 |
if((ret = init_whitelist(*engine))) { |
541 | 541 |
phishing_done(*engine); |
542 |
- cl_free(*engine); |
|
542 |
+ cl_engine_free(*engine); |
|
543 | 543 |
return ret; |
544 | 544 |
} |
545 | 545 |
} |
546 | 546 |
|
547 | 547 |
if((ret = load_regex_matcher((*engine)->whitelist_matcher, fs, options, 1, dbio))) { |
548 | 548 |
phishing_done(*engine); |
549 |
- cl_free(*engine); |
|
549 |
+ cl_engine_free(*engine); |
|
550 | 550 |
return ret; |
551 | 551 |
} |
552 | 552 |
|
... | ... |
@@ -564,14 +521,14 @@ static int cli_loadpdb(FILE *fs, struct cl_engine **engine, unsigned int options |
564 | 564 |
if(!(*engine)->domainlist_matcher) { |
565 | 565 |
if((ret = init_domainlist(*engine))) { |
566 | 566 |
phishing_done(*engine); |
567 |
- cl_free(*engine); |
|
567 |
+ cl_engine_free(*engine); |
|
568 | 568 |
return ret; |
569 | 569 |
} |
570 | 570 |
} |
571 | 571 |
|
572 | 572 |
if((ret = load_regex_matcher((*engine)->domainlist_matcher, fs, options, 0, dbio))) { |
573 | 573 |
phishing_done(*engine); |
574 |
- cl_free(*engine); |
|
574 |
+ cl_engine_free(*engine); |
|
575 | 575 |
return ret; |
576 | 576 |
} |
577 | 577 |
|
... | ... |
@@ -591,7 +548,7 @@ static int cli_loadndb(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
591 | 591 |
|
592 | 592 |
|
593 | 593 |
if((ret = cli_initroots(*engine, options))) { |
594 |
- cl_free(*engine); |
|
594 |
+ cl_engine_free(*engine); |
|
595 | 595 |
return ret; |
596 | 596 |
} |
597 | 597 |
|
... | ... |
@@ -680,13 +637,13 @@ static int cli_loadndb(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
680 | 680 |
|
681 | 681 |
if(!line) { |
682 | 682 |
cli_errmsg("Empty database file\n"); |
683 |
- cl_free(*engine); |
|
683 |
+ cl_engine_free(*engine); |
|
684 | 684 |
return CL_EMALFDB; |
685 | 685 |
} |
686 | 686 |
|
687 | 687 |
if(ret) { |
688 | 688 |
cli_errmsg("Problem parsing database at line %d\n", line); |
689 |
- cl_free(*engine); |
|
689 |
+ cl_engine_free(*engine); |
|
690 | 690 |
return ret; |
691 | 691 |
} |
692 | 692 |
|
... | ... |
@@ -876,7 +833,7 @@ static int cli_loadldb(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
876 | 876 |
|
877 | 877 |
|
878 | 878 |
if((ret = cli_initroots(*engine, options))) { |
879 |
- cl_free(*engine); |
|
879 |
+ cl_engine_free(*engine); |
|
880 | 880 |
return ret; |
881 | 881 |
} |
882 | 882 |
|
... | ... |
@@ -1020,13 +977,13 @@ static int cli_loadldb(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
1020 | 1020 |
|
1021 | 1021 |
if(!line) { |
1022 | 1022 |
cli_errmsg("Empty database file\n"); |
1023 |
- cl_free(*engine); |
|
1023 |
+ cl_engine_free(*engine); |
|
1024 | 1024 |
return CL_EMALFDB; |
1025 | 1025 |
} |
1026 | 1026 |
|
1027 | 1027 |
if(ret) { |
1028 | 1028 |
cli_errmsg("Problem parsing database at line %u\n", line); |
1029 |
- cl_free(*engine); |
|
1029 |
+ cl_engine_free(*engine); |
|
1030 | 1030 |
return ret; |
1031 | 1031 |
} |
1032 | 1032 |
|
... | ... |
@@ -1048,7 +1005,7 @@ static int cli_loadftm(FILE *fs, struct cl_engine **engine, unsigned int options |
1048 | 1048 |
|
1049 | 1049 |
|
1050 | 1050 |
if((ret = cli_initroots(*engine, options))) { |
1051 |
- cl_free(*engine); |
|
1051 |
+ cl_engine_free(*engine); |
|
1052 | 1052 |
return ret; |
1053 | 1053 |
} |
1054 | 1054 |
|
... | ... |
@@ -1136,13 +1093,13 @@ static int cli_loadftm(FILE *fs, struct cl_engine **engine, unsigned int options |
1136 | 1136 |
|
1137 | 1137 |
if(ret) { |
1138 | 1138 |
cli_errmsg("Problem parsing %s filetype database at line %u\n", internal ? "built-in" : "external", line); |
1139 |
- cl_free(*engine); |
|
1139 |
+ cl_engine_free(*engine); |
|
1140 | 1140 |
return ret; |
1141 | 1141 |
} |
1142 | 1142 |
|
1143 | 1143 |
if(!sigs) { |
1144 | 1144 |
cli_errmsg("Empty %s filetype database\n", internal ? "built-in" : "external"); |
1145 |
- cl_free(*engine); |
|
1145 |
+ cl_engine_free(*engine); |
|
1146 | 1146 |
return CL_EMALFDB; |
1147 | 1147 |
} |
1148 | 1148 |
|
... | ... |
@@ -1164,7 +1121,7 @@ static int cli_loadign(FILE *fs, struct cl_engine **engine, unsigned int options |
1164 | 1164 |
if(!(ignored = (*engine)->ignored)) { |
1165 | 1165 |
ignored = (*engine)->ignored = (struct cli_ignored *) cli_calloc(sizeof(struct cli_ignored), 1); |
1166 | 1166 |
if(!ignored || hashset_init(&ignored->hs, 64, 50)) { |
1167 |
- cl_free(*engine); |
|
1167 |
+ cl_engine_free(*engine); |
|
1168 | 1168 |
return CL_EMEM; |
1169 | 1169 |
} |
1170 | 1170 |
} |
... | ... |
@@ -1207,7 +1164,7 @@ static int cli_loadign(FILE *fs, struct cl_engine **engine, unsigned int options |
1207 | 1207 |
|
1208 | 1208 |
if(ret) { |
1209 | 1209 |
cli_errmsg("cli_loadign: Problem parsing database at line %u\n", line); |
1210 |
- cl_free(*engine); |
|
1210 |
+ cl_engine_free(*engine); |
|
1211 | 1211 |
return ret; |
1212 | 1212 |
} |
1213 | 1213 |
|
... | ... |
@@ -1378,13 +1335,13 @@ static int cli_loadmd5(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
1378 | 1378 |
|
1379 | 1379 |
if(!line) { |
1380 | 1380 |
cli_errmsg("cli_loadmd5: Empty database file\n"); |
1381 |
- cl_free(*engine); |
|
1381 |
+ cl_engine_free(*engine); |
|
1382 | 1382 |
return CL_EMALFDB; |
1383 | 1383 |
} |
1384 | 1384 |
|
1385 | 1385 |
if(ret) { |
1386 | 1386 |
cli_errmsg("cli_loadmd5: Problem parsing database at line %u\n", line); |
1387 |
- cl_free(*engine); |
|
1387 |
+ cl_engine_free(*engine); |
|
1388 | 1388 |
return ret; |
1389 | 1389 |
} |
1390 | 1390 |
|
... | ... |
@@ -1494,13 +1451,13 @@ static int cli_loadmd(FILE *fs, struct cl_engine **engine, unsigned int *signo, |
1494 | 1494 |
|
1495 | 1495 |
if(!line) { |
1496 | 1496 |
cli_errmsg("Empty database file\n"); |
1497 |
- cl_free(*engine); |
|
1497 |
+ cl_engine_free(*engine); |
|
1498 | 1498 |
return CL_EMALFDB; |
1499 | 1499 |
} |
1500 | 1500 |
|
1501 | 1501 |
if(ret) { |
1502 | 1502 |
cli_errmsg("Problem parsing database at line %d\n", line); |
1503 |
- cl_free(*engine); |
|
1503 |
+ cl_engine_free(*engine); |
|
1504 | 1504 |
return ret; |
1505 | 1505 |
} |
1506 | 1506 |
|
... | ... |
@@ -1632,16 +1589,6 @@ int cli_load(const char *filename, struct cl_engine **engine, unsigned int *sign |
1632 | 1632 |
return ret; |
1633 | 1633 |
} |
1634 | 1634 |
|
1635 |
-int cl_loaddb(const char *filename, struct cl_engine **engine, unsigned int *signo) { |
|
1636 |
- int ret; |
|
1637 |
- |
|
1638 |
- if((ret = cli_initengine(engine, CL_DB_STDOPT))) { |
|
1639 |
- cl_free(*engine); |
|
1640 |
- return ret; |
|
1641 |
- } |
|
1642 |
- return cli_load(filename, engine, signo, CL_DB_STDOPT, NULL); |
|
1643 |
-} |
|
1644 |
- |
|
1645 | 1635 |
static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigned int *signo, unsigned int options) |
1646 | 1636 |
{ |
1647 | 1637 |
DIR *dd; |
... | ... |
@@ -1736,31 +1683,24 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigne |
1736 | 1736 |
return ret; |
1737 | 1737 |
} |
1738 | 1738 |
|
1739 |
-int cl_loaddbdir(const char *dirname, struct cl_engine **engine, unsigned int *signo) { |
|
1740 |
- int ret; |
|
1741 |
- |
|
1742 |
- if((ret = cli_initengine(engine, CL_DB_STDOPT))) { |
|
1743 |
- cl_free(*engine); |
|
1744 |
- return ret; |
|
1745 |
- } |
|
1746 |
- return cli_loaddbdir(dirname, engine, signo, CL_DB_STDOPT); |
|
1747 |
-} |
|
1748 |
- |
|
1749 | 1739 |
int cl_load(const char *path, struct cl_engine **engine, unsigned int *signo, unsigned int options) |
1750 | 1740 |
{ |
1751 | 1741 |
struct stat sb; |
1752 | 1742 |
int ret; |
1753 | 1743 |
|
1744 |
+ if(!*engine) { |
|
1745 |
+ cli_errmsg("cl_load: engine == NULL\n"); |
|
1746 |
+ return CL_ENULLARG; |
|
1747 |
+ } |
|
1754 | 1748 |
|
1755 | 1749 |
if(stat(path, &sb) == -1) { |
1756 | 1750 |
cli_errmsg("cl_load(): Can't get status of %s\n", path); |
1757 | 1751 |
return CL_EIO; |
1758 | 1752 |
} |
1759 | 1753 |
|
1760 |
- if((ret = cli_initengine(engine, options))) { |
|
1761 |
- cl_free(*engine); |
|
1762 |
- return ret; |
|
1763 |
- } |
|
1754 |
+ if((options & CL_DB_PHISHING_URLS) && !(*engine)->phishcheck && (((struct cli_dconf *) (*engine)->dconf)->phishing & PHISHING_CONF_ENGINE)) |
|
1755 |
+ if((ret = phishing_init(*engine))) |
|
1756 |
+ return ret; |
|
1764 | 1757 |
|
1765 | 1758 |
(*engine)->dboptions = options; |
1766 | 1759 |
|
... | ... |
@@ -1984,7 +1924,7 @@ int cl_statfree(struct cl_stat *dbstat) |
1984 | 1984 |
return CL_SUCCESS; |
1985 | 1985 |
} |
1986 | 1986 |
|
1987 |
-void cl_free(struct cl_engine *engine) |
|
1987 |
+int cl_engine_free(struct cl_engine *engine) |
|
1988 | 1988 |
{ |
1989 | 1989 |
unsigned int i, j; |
1990 | 1990 |
struct cli_meta_node *metapt, *metah; |
... | ... |
@@ -1993,7 +1933,7 @@ void cl_free(struct cl_engine *engine) |
1993 | 1993 |
|
1994 | 1994 |
if(!engine) { |
1995 | 1995 |
cli_errmsg("cl_free: engine == NULL\n"); |
1996 |
- return; |
|
1996 |
+ return CL_ENULLARG; |
|
1997 | 1997 |
} |
1998 | 1998 |
|
1999 | 1999 |
#ifdef CL_THREAD_SAFE |
... | ... |
@@ -2007,7 +1947,7 @@ void cl_free(struct cl_engine *engine) |
2007 | 2007 |
#ifdef CL_THREAD_SAFE |
2008 | 2008 |
pthread_mutex_unlock(&cli_ref_mutex); |
2009 | 2009 |
#endif |
2010 |
- return; |
|
2010 |
+ return CL_SUCCESS; |
|
2011 | 2011 |
} |
2012 | 2012 |
|
2013 | 2013 |
#ifdef CL_THREAD_SAFE |
... | ... |
@@ -2086,6 +2026,7 @@ void cl_free(struct cl_engine *engine) |
2086 | 2086 |
if(engine->mempool) mp_destroy(engine->mempool); |
2087 | 2087 |
#endif |
2088 | 2088 |
free(engine); |
2089 |
+ return CL_SUCCESS; |
|
2089 | 2090 |
} |
2090 | 2091 |
|
2091 | 2092 |
static void cli_md5db_build(struct cli_matcher* root) |
... | ... |
@@ -2111,8 +2052,7 @@ static void cli_md5db_build(struct cli_matcher* root) |
2111 | 2111 |
} |
2112 | 2112 |
} |
2113 | 2113 |
|
2114 |
- |
|
2115 |
-int cl_build(struct cl_engine *engine) |
|
2114 |
+int cl_engine_compile(struct cl_engine *engine) |
|
2116 | 2115 |
{ |
2117 | 2116 |
unsigned int i; |
2118 | 2117 |
int ret; |
... | ... |
@@ -2148,10 +2088,10 @@ int cl_build(struct cl_engine *engine) |
2148 | 2148 |
return CL_SUCCESS; |
2149 | 2149 |
} |
2150 | 2150 |
|
2151 |
-struct cl_engine *cl_dup(struct cl_engine *engine) |
|
2151 |
+struct cl_engine *cl_engine_dup(struct cl_engine *engine) |
|
2152 | 2152 |
{ |
2153 | 2153 |
if(!engine) { |
2154 |
- cli_errmsg("cl_dup: engine == NULL\n"); |
|
2154 |
+ cli_errmsg("cl_engine_dup: engine == NULL\n"); |
|
2155 | 2155 |
return NULL; |
2156 | 2156 |
} |
2157 | 2157 |
|
... | ... |
@@ -57,8 +57,6 @@ char *cli_virname(char *virname, unsigned int official); |
57 | 57 |
|
58 | 58 |
int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hexsig, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options); |
59 | 59 |
|
60 |
-int cli_initengine(struct cl_engine **engine, unsigned int options); |
|
61 |
- |
|
62 | 60 |
int cli_load(const char *filename, struct cl_engine **engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio); |
63 | 61 |
|
64 | 62 |
char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio); |
... | ... |
@@ -565,7 +565,6 @@ static int cli_scanbzip(int desc, cli_ctx *ctx) { |
565 | 565 |
static int cli_scanbzip(int desc, cli_ctx *ctx) |
566 | 566 |
{ |
567 | 567 |
int fd, bytes, ret = CL_CLEAN, bzerror = 0; |
568 |
- short memlim = 0; |
|
569 | 568 |
unsigned long int size = 0; |
570 | 569 |
char *buff; |
571 | 570 |
FILE *fs; |
... | ... |
@@ -578,11 +577,7 @@ static int cli_scanbzip(int desc, cli_ctx *ctx) |
578 | 578 |
return CL_EBZIP; |
579 | 579 |
} |
580 | 580 |
|
581 |
- if(ctx->limits) |
|
582 |
- if(ctx->limits->archivememlim) |
|
583 |
- memlim = 1; |
|
584 |
- |
|
585 |
- if((bfd = BZ2_bzReadOpen(&bzerror, fs, 0, memlim, NULL, 0)) == NULL) { |
|
581 |
+ if((bfd = BZ2_bzReadOpen(&bzerror, fs, 0, 0, NULL, 0)) == NULL) { |
|
586 | 582 |
cli_dbgmsg("Bzip: Can't initialize bzip2 library (descriptor: %d).\n", desc); |
587 | 583 |
fclose(fs); |
588 | 584 |
return CL_EBZIP; |
... | ... |
@@ -1140,7 +1135,7 @@ static int cli_scanole2(int desc, cli_ctx *ctx) |
1140 | 1140 |
|
1141 | 1141 |
cli_dbgmsg("in cli_scanole2()\n"); |
1142 | 1142 |
|
1143 |
- if(ctx->limits && ctx->limits->maxreclevel && ctx->recursion >= ctx->limits->maxreclevel) |
|
1143 |
+ if(ctx->engine->maxreclevel && ctx->recursion >= ctx->engine->maxreclevel) |
|
1144 | 1144 |
return CL_EMAXREC; |
1145 | 1145 |
|
1146 | 1146 |
/* generate the temporary directory */ |
... | ... |
@@ -1550,17 +1545,14 @@ static int cli_scan_structured(int desc, cli_ctx *ctx) |
1550 | 1550 |
unsigned int cc_count = 0; |
1551 | 1551 |
unsigned int ssn_count = 0; |
1552 | 1552 |
int done = 0; |
1553 |
- const struct cl_limits *lim = NULL; |
|
1554 | 1553 |
int (*ccfunc)(const unsigned char *buffer, int length); |
1555 | 1554 |
int (*ssnfunc)(const unsigned char *buffer, int length); |
1556 | 1555 |
|
1557 | 1556 |
|
1558 |
- if(ctx == NULL || ctx->limits == NULL) |
|
1557 |
+ if(ctx == NULL) |
|
1559 | 1558 |
return CL_ENULLARG; |
1560 | 1559 |
|
1561 |
- lim = ctx->limits; |
|
1562 |
- |
|
1563 |
- if(lim->min_cc_count == 1) |
|
1560 |
+ if(ctx->engine->min_cc_count == 1) |
|
1564 | 1561 |
ccfunc = dlp_has_cc; |
1565 | 1562 |
else |
1566 | 1563 |
ccfunc = dlp_get_cc_count; |
... | ... |
@@ -1568,21 +1560,21 @@ static int cli_scan_structured(int desc, cli_ctx *ctx) |
1568 | 1568 |
switch((ctx->options & CL_SCAN_STRUCTURED_SSN_NORMAL) | (ctx->options & CL_SCAN_STRUCTURED_SSN_STRIPPED)) { |
1569 | 1569 |
|
1570 | 1570 |
case (CL_SCAN_STRUCTURED_SSN_NORMAL | CL_SCAN_STRUCTURED_SSN_STRIPPED): |
1571 |
- if(lim->min_ssn_count == 1) |
|
1571 |
+ if(ctx->engine->min_ssn_count == 1) |
|
1572 | 1572 |
ssnfunc = dlp_has_ssn; |
1573 | 1573 |
else |
1574 | 1574 |
ssnfunc = dlp_get_ssn_count; |
1575 | 1575 |
break; |
1576 | 1576 |
|
1577 | 1577 |
case CL_SCAN_STRUCTURED_SSN_NORMAL: |
1578 |
- if(lim->min_ssn_count == 1) |
|
1578 |
+ if(ctx->engine->min_ssn_count == 1) |
|
1579 | 1579 |
ssnfunc = dlp_has_normal_ssn; |
1580 | 1580 |
else |
1581 | 1581 |
ssnfunc = dlp_get_normal_ssn_count; |
1582 | 1582 |
break; |
1583 | 1583 |
|
1584 | 1584 |
case CL_SCAN_STRUCTURED_SSN_STRIPPED: |
1585 |
- if(lim->min_ssn_count == 1) |
|
1585 |
+ if(ctx->engine->min_ssn_count == 1) |
|
1586 | 1586 |
ssnfunc = dlp_has_stripped_ssn; |
1587 | 1587 |
else |
1588 | 1588 |
ssnfunc = dlp_get_stripped_ssn_count; |
... | ... |
@@ -1593,20 +1585,20 @@ static int cli_scan_structured(int desc, cli_ctx *ctx) |
1593 | 1593 |
} |
1594 | 1594 |
|
1595 | 1595 |
while(!done && ((result = cli_readn(desc, buf, 8191)) > 0)) { |
1596 |
- if((cc_count += ccfunc((const unsigned char *)buf, result)) >= lim->min_cc_count) |
|
1596 |
+ if((cc_count += ccfunc((const unsigned char *)buf, result)) >= ctx->engine->min_cc_count) |
|
1597 | 1597 |
done = 1; |
1598 | 1598 |
|
1599 |
- if(ssnfunc && ((ssn_count += ssnfunc((const unsigned char *)buf, result)) >= lim->min_ssn_count)) |
|
1599 |
+ if(ssnfunc && ((ssn_count += ssnfunc((const unsigned char *)buf, result)) >= ctx->engine->min_ssn_count)) |
|
1600 | 1600 |
done = 1; |
1601 | 1601 |
} |
1602 | 1602 |
|
1603 |
- if(cc_count != 0 && cc_count >= lim->min_cc_count) { |
|
1603 |
+ if(cc_count != 0 && cc_count >= ctx->engine->min_cc_count) { |
|
1604 | 1604 |
cli_dbgmsg("cli_scan_structured: %u credit card numbers detected\n", cc_count); |
1605 | 1605 |
*ctx->virname = "Structured.CreditCardNumber"; |
1606 | 1606 |
return CL_VIRUS; |
1607 | 1607 |
} |
1608 | 1608 |
|
1609 |
- if(ssn_count != 0 && ssn_count >= lim->min_ssn_count) { |
|
1609 |
+ if(ssn_count != 0 && ssn_count >= ctx->engine->min_ssn_count) { |
|
1610 | 1610 |
cli_dbgmsg("cli_scan_structured: %u social security numbers detected\n", ssn_count); |
1611 | 1611 |
*ctx->virname = "Structured.SSN"; |
1612 | 1612 |
return CL_VIRUS; |
... | ... |
@@ -1875,7 +1867,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
1875 | 1875 |
if(cli_updatelimits(ctx, sb.st_size)!=CL_CLEAN) |
1876 | 1876 |
return CL_CLEAN; |
1877 | 1877 |
|
1878 |
- if((SCAN_MAIL || SCAN_ARCHIVE) && ctx->limits && ctx->limits->maxreclevel && ctx->recursion > ctx->limits->maxreclevel) { |
|
1878 |
+ if((SCAN_MAIL || SCAN_ARCHIVE) && ctx->engine->maxreclevel && ctx->recursion > ctx->engine->maxreclevel) { |
|
1879 | 1879 |
cli_dbgmsg("Archive recursion limit exceeded (level = %u).\n", ctx->recursion); |
1880 | 1880 |
return CL_CLEAN; |
1881 | 1881 |
} |
... | ... |
@@ -2112,16 +2104,11 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
2112 | 2112 |
} |
2113 | 2113 |
} |
2114 | 2114 |
|
2115 |
-int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options) |
|
2115 |
+int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int options) |
|
2116 | 2116 |
{ |
2117 | 2117 |
cli_ctx ctx; |
2118 |
- struct cl_limits l_limits; |
|
2119 | 2118 |
int rc; |
2120 | 2119 |
|
2121 |
- if(!limits) { |
|
2122 |
- cli_errmsg("cl_scandesc: limits == NULL\n"); |
|
2123 |
- return CL_ENULLARG; |
|
2124 |
- } |
|
2125 | 2120 |
memset(&ctx, '\0', sizeof(cli_ctx)); |
2126 | 2121 |
ctx.engine = engine; |
2127 | 2122 |
ctx.virname = virname; |
... | ... |
@@ -2129,8 +2116,6 @@ int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, cons |
2129 | 2129 |
ctx.options = options; |
2130 | 2130 |
ctx.found_possibly_unwanted = 0; |
2131 | 2131 |
ctx.dconf = (struct cli_dconf *) engine->dconf; |
2132 |
- ctx.limits = &l_limits; |
|
2133 |
- memcpy(&l_limits, limits, sizeof(struct cl_limits)); |
|
2134 | 2132 |
|
2135 | 2133 |
rc = cli_magic_scandesc(desc, &ctx); |
2136 | 2134 |
if(rc == CL_CLEAN && ctx.found_possibly_unwanted) |
... | ... |
@@ -2173,7 +2158,7 @@ static int cli_scanfile(const char *filename, cli_ctx *ctx) |
2173 | 2173 |
return ret; |
2174 | 2174 |
} |
2175 | 2175 |
|
2176 |
-int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options) |
|
2176 |
+int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int options) |
|
2177 | 2177 |
{ |
2178 | 2178 |
int fd, ret; |
2179 | 2179 |
|
... | ... |
@@ -2181,7 +2166,7 @@ int cl_scanfile(const char *filename, const char **virname, unsigned long int *s |
2181 | 2181 |
if((fd = open(filename, O_RDONLY|O_BINARY)) == -1) |
2182 | 2182 |
return CL_EOPEN; |
2183 | 2183 |
|
2184 |
- ret = cl_scandesc(fd, virname, scanned, engine, limits, options); |
|
2184 |
+ ret = cl_scandesc(fd, virname, scanned, engine, options); |
|
2185 | 2185 |
close(fd); |
2186 | 2186 |
|
2187 | 2187 |
return ret; |
... | ... |
@@ -375,12 +375,12 @@ int unspin(char *src, int ssize, struct cli_exe_section *sections, int sectcnt, |
375 | 375 |
bitman = bitmap; |
376 | 376 |
|
377 | 377 |
/* FIXMELIMITS: possibly rewrite to use the limits api */ |
378 |
- if(ctx->limits && ctx->limits->maxfilesize) { |
|
378 |
+ if(ctx->engine->maxfilesize) { |
|
379 | 379 |
unsigned long int filesize = 0; |
380 | 380 |
|
381 | 381 |
for (j=0; j<sectcnt; j++) { |
382 | 382 |
if (bitmap&1) { |
383 |
- if ( filesize > ctx->limits->maxfilesize || sections[j].vsz > ctx->limits->maxfilesize - filesize ) return 2; |
|
383 |
+ if ( filesize > ctx->engine->maxfilesize || sections[j].vsz > ctx->engine->maxfilesize - filesize ) return 2; |
|
384 | 384 |
filesize += sections[j].vsz; |
385 | 385 |
} |
386 | 386 |
bitmap>>=1; |
... | ... |
@@ -105,9 +105,9 @@ static int unz(uint8_t *src, uint32_t csize, uint32_t usize, uint16_t method, ui |
105 | 105 |
else break; |
106 | 106 |
} |
107 | 107 |
if(res==1) { |
108 |
- if(ctx->limits && ctx->limits->maxfilesize && csize > ctx->limits->maxfilesize) { |
|
109 |
- cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->limits->maxfilesize); |
|
110 |
- csize = ctx->limits->maxfilesize; |
|
108 |
+ if(ctx->engine->maxfilesize && csize > ctx->engine->maxfilesize) { |
|
109 |
+ cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->engine->maxfilesize); |
|
110 |
+ csize = ctx->engine->maxfilesize; |
|
111 | 111 |
} |
112 | 112 |
if(cli_writen(of, src, csize)!=(int)csize) ret = CL_EIO; |
113 | 113 |
else res=0; |
... | ... |
@@ -166,8 +166,8 @@ static int unz(uint8_t *src, uint32_t csize, uint32_t usize, uint16_t method, ui |
166 | 166 |
while((res = unz_unz(&strm, Z_NO_FLUSH))==Z_OK) {}; |
167 | 167 |
if(*avail_out!=sizeof(obuf)) { |
168 | 168 |
written+=sizeof(obuf)-(*avail_out); |
169 |
- if(ctx->limits && ctx->limits->maxfilesize && written > ctx->limits->maxfilesize) { |
|
170 |
- cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->limits->maxfilesize); |
|
169 |
+ if(ctx->engine->maxfilesize && written > ctx->engine->maxfilesize) { |
|
170 |
+ cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->engine->maxfilesize); |
|
171 | 171 |
res = Z_STREAM_END; |
172 | 172 |
break; |
173 | 173 |
} |
... | ... |
@@ -210,8 +210,8 @@ static int unz(uint8_t *src, uint32_t csize, uint32_t usize, uint16_t method, ui |
210 | 210 |
while((res = BZ2_bzDecompress(&strm))==BZ_OK || res==BZ_STREAM_END) { |
211 | 211 |
if(strm.avail_out!=sizeof(obuf)) { |
212 | 212 |
written+=sizeof(obuf)-strm.avail_out; |
213 |
- if(ctx->limits && ctx->limits->maxfilesize && written > ctx->limits->maxfilesize) { |
|
214 |
- cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->limits->maxfilesize); |
|
213 |
+ if(ctx->engine->maxfilesize && written > ctx->engine->maxfilesize) { |
|
214 |
+ cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->engine->maxfilesize); |
|
215 | 215 |
res = BZ_STREAM_END; |
216 | 216 |
break; |
217 | 217 |
} |
... | ... |
@@ -247,8 +247,8 @@ static int unz(uint8_t *src, uint32_t csize, uint32_t usize, uint16_t method, ui |
247 | 247 |
while((res = explode(&strm))==EXPLODE_OK) { |
248 | 248 |
if(strm.avail_out!=sizeof(obuf)) { |
249 | 249 |
written+=sizeof(obuf)-strm.avail_out; |
250 |
- if(ctx->limits && ctx->limits->maxfilesize && written > ctx->limits->maxfilesize) { |
|
251 |
- cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->limits->maxfilesize); |
|
250 |
+ if(ctx->engine->maxfilesize && written > ctx->engine->maxfilesize) { |
|
251 |
+ cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", ctx->engine->maxfilesize); |
|
252 | 252 |
res = 0; |
253 | 253 |
break; |
254 | 254 |
} |
... | ... |
@@ -537,8 +537,8 @@ int cli_unzip(int f, cli_ctx *ctx) { |
537 | 537 |
cli_dbgmsg("cli_unzip: central @%x\n", coff); |
538 | 538 |
while(ret==CL_CLEAN && (coff=chdr(map, coff, fsize, &fu, fc+1, &ret, ctx, tmpd))) { |
539 | 539 |
fc++; |
540 |
- if (ctx->limits && ctx->limits->maxfiles && fu>=ctx->limits->maxfiles) { |
|
541 |
- cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->limits->maxfiles); |
|
540 |
+ if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) { |
|
541 |
+ cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->engine->maxfiles); |
|
542 | 542 |
ret=CL_EMAXFILES; |
543 | 543 |
} |
544 | 544 |
} |
... | ... |
@@ -548,8 +548,8 @@ int cli_unzip(int f, cli_ctx *ctx) { |
548 | 548 |
while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(&map[lhoff], fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd))) { |
549 | 549 |
fc++; |
550 | 550 |
lhoff+=coff; |
551 |
- if (ctx->limits && ctx->limits->maxfiles && fu>=ctx->limits->maxfiles) { |
|
552 |
- cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->limits->maxfiles); |
|
551 |
+ if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) { |
|
552 |
+ cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->engine->maxfiles); |
|
553 | 553 |
ret=CL_EMAXFILES; |
554 | 554 |
} |
555 | 555 |
} |