git-svn: trunk@2243
aCaB authored on 2006/09/13 02:50:04... | ... |
@@ -1,3 +1,10 @@ |
1 |
+Tue Sep 12 20:42:04 CEST 2006 (acab) |
|
2 |
+------------------------------------ |
|
3 |
+ * sigtool: Merge of the related part of the phishing module from |
|
4 |
+ Torok Edvin <edwintorok*gmail.com> |
|
5 |
+ Part of the Google Summer of Code program |
|
6 |
+ * libclamav: Initial merge of the phishing module - inactive |
|
7 |
+ |
|
1 | 8 |
Tue Sep 12 01:04:39 CEST 2006 (tk) |
2 | 9 |
---------------------------------- |
3 | 10 |
* clamd, clamdscan: add support for hardware acceleration |
... | ... |
@@ -90,6 +90,8 @@ extern "C" |
90 | 90 |
#define CL_SCAN_MAILURL 128 |
91 | 91 |
#define CL_SCAN_BLOCKMAX 256 |
92 | 92 |
#define CL_SCAN_ALGO 512 |
93 |
+#define CL_SCAN_NOPHISHING 1024 |
|
94 |
+#define CL_PHISH_NO_DOMAINLIST 4096 |
|
93 | 95 |
|
94 | 96 |
/* recommended options */ |
95 | 97 |
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGO) |
96 | 98 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,33 @@ |
0 |
+/* |
|
1 |
+ * Phishing module: domain list implementation. |
|
2 |
+ * |
|
3 | ||
4 |
+ * |
|
5 |
+ * This program is free software; you can redistribute it and/or modify |
|
6 |
+ * it under the terms of the GNU General Public License as published by |
|
7 |
+ * the Free Software Foundation; either version 2 of the License, or |
|
8 |
+ * (at your option) any later version. |
|
9 |
+ * |
|
10 |
+ * This program is distributed in the hope that it will be useful, |
|
11 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
12 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
13 |
+ * GNU General Public License for more details. |
|
14 |
+ * |
|
15 |
+ * You should have received a copy of the GNU General Public License |
|
16 |
+ * along with this program; if not, write to the Free Software |
|
17 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
18 |
+ * MA 02110-1301, USA. |
|
19 |
+ * |
|
20 |
+ */ |
|
21 |
+#ifndef _PHISH_DOMAINCHECK_DB_H |
|
22 |
+#define _PHISH_DOMAINCHECK_DB_H |
|
23 |
+ |
|
24 |
+int cli_loadpdb(FILE* fd, unsigned int options); |
|
25 |
+int build_domainlist(void); |
|
26 |
+int init_domainlist(void); |
|
27 |
+void domainlist_done(void); |
|
28 |
+void domainlist_cleanup(void); |
|
29 |
+int is_domainlist_ok(void); |
|
30 |
+int domainlist_match(const char* real_url,const char* display_url,int hostOnly,unsigned short* flags); |
|
31 |
+ |
|
32 |
+#endif |
0 | 33 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,34 @@ |
0 |
+/* |
|
1 |
+ * Phishing module: whitelist implementation. |
|
2 |
+ * |
|
3 | ||
4 |
+ * |
|
5 |
+ * This program is free software; you can redistribute it and/or modify |
|
6 |
+ * it under the terms of the GNU General Public License as published by |
|
7 |
+ * the Free Software Foundation; either version 2 of the License, or |
|
8 |
+ * (at your option) any later version. |
|
9 |
+ * |
|
10 |
+ * This program is distributed in the hope that it will be useful, |
|
11 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
12 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
13 |
+ * GNU General Public License for more details. |
|
14 |
+ * |
|
15 |
+ * You should have received a copy of the GNU General Public License |
|
16 |
+ * along with this program; if not, write to the Free Software |
|
17 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
18 |
+ * MA 02110-1301, USA. |
|
19 |
+ * |
|
20 |
+ */ |
|
21 |
+ |
|
22 |
+#ifndef _WHITELIST_H |
|
23 |
+#define _WHITELIST_H |
|
24 |
+ |
|
25 |
+int cli_loadwdb(FILE* fd, unsigned int options); |
|
26 |
+int build_whitelist(void); |
|
27 |
+int init_whitelist(void); |
|
28 |
+void whitelist_done(void); |
|
29 |
+void whitelist_cleanup(void); |
|
30 |
+int is_whitelist_ok(void); |
|
31 |
+int whitelist_match(const char* real_url,const char* display_url,int hostOnly); |
|
32 |
+ |
|
33 |
+#endif |
... | ... |
@@ -41,6 +41,14 @@ |
41 | 41 |
#include "str.h" |
42 | 42 |
#include "defaults.h" |
43 | 43 |
|
44 |
+#ifdef CL_EXPERIMENTAL |
|
45 |
+/* |
|
46 |
+#include "phish_whitelist.h" |
|
47 |
+#include "phish_domaincheck_db.h" |
|
48 |
+*/ |
|
49 |
+#endif |
|
50 |
+ |
|
51 |
+ |
|
44 | 52 |
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2) |
45 | 53 |
#include <limits.h> |
46 | 54 |
#include <stddef.h> |
... | ... |
@@ -1085,7 +1093,20 @@ static int cli_load(const char *filename, struct cl_engine **engine, unsigned in |
1085 | 1085 |
else |
1086 | 1086 |
#endif |
1087 | 1087 |
skipped = 1; |
1088 |
- |
|
1088 |
+#ifdef CL_EXPERIMENTAL |
|
1089 |
+/* |
|
1090 |
+ } else if(cli_strbcasestr(filename, ".wdb")) { |
|
1091 |
+ if(!(options & CL_SCAN_NOPHISHING)) |
|
1092 |
+ ret = cli_loadwdb(fd, options); |
|
1093 |
+ else |
|
1094 |
+ skipped = 1; |
|
1095 |
+ } else if(cli_strbcasestr(filename, ".pdb")) { |
|
1096 |
+ if(!(options & CL_SCAN_NOPHISHING)) |
|
1097 |
+ ret = cli_loadpdb(fd, options); |
|
1098 |
+ else |
|
1099 |
+ skipped = 1; |
|
1100 |
+*/ |
|
1101 |
+#endif |
|
1089 | 1102 |
} else { |
1090 | 1103 |
cli_dbgmsg("cli_load: unknown extension - assuming old database format\n"); |
1091 | 1104 |
ret = cli_loaddb(fd, engine, signo, options); |
... | ... |
@@ -1150,6 +1171,12 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigne |
1150 | 1150 |
cli_strbcasestr(dent->d_name, ".sdb") || |
1151 | 1151 |
cli_strbcasestr(dent->d_name, ".zmd") || |
1152 | 1152 |
cli_strbcasestr(dent->d_name, ".rmd") || |
1153 |
+#ifdef CL_EXPERIMENTAL |
|
1154 |
+/* |
|
1155 |
+ cli_strbcasestr(dent->d_name, ".pdb") || |
|
1156 |
+ cli_strbcasestr(dent->d_name, ".wdb") || |
|
1157 |
+*/ |
|
1158 |
+#endif |
|
1153 | 1159 |
cli_strbcasestr(dent->d_name, ".hw") || |
1154 | 1160 |
cli_strbcasestr(dent->d_name, ".inc") || |
1155 | 1161 |
cli_strbcasestr(dent->d_name, ".cvd"))) { |
... | ... |
@@ -1266,6 +1293,12 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat) |
1266 | 1266 |
cli_strbcasestr(dent->d_name, ".sdb") || |
1267 | 1267 |
cli_strbcasestr(dent->d_name, ".zmd") || |
1268 | 1268 |
cli_strbcasestr(dent->d_name, ".rmd") || |
1269 |
+#ifdef CL_EXPERIMENTAL |
|
1270 |
+/* |
|
1271 |
+ cli_strbcasestr(dent->d_name, ".pdb") || |
|
1272 |
+ cli_strbcasestr(dent->d_name, ".wdb") || |
|
1273 |
+*/ |
|
1274 |
+#endif |
|
1269 | 1275 |
cli_strbcasestr(dent->d_name, ".hw") || |
1270 | 1276 |
cli_strbcasestr(dent->d_name, ".inc") || |
1271 | 1277 |
cli_strbcasestr(dent->d_name, ".cvd"))) { |
... | ... |
@@ -1340,6 +1373,12 @@ int cl_statchkdir(const struct cl_stat *dbstat) |
1340 | 1340 |
cli_strbcasestr(dent->d_name, ".sdb") || |
1341 | 1341 |
cli_strbcasestr(dent->d_name, ".zmd") || |
1342 | 1342 |
cli_strbcasestr(dent->d_name, ".rmd") || |
1343 |
+#ifdef CL_EXPERIMENTAL |
|
1344 |
+/* |
|
1345 |
+ cli_strbcasestr(dent->d_name, ".pdb") || |
|
1346 |
+ cli_strbcasestr(dent->d_name, ".wdb") || |
|
1347 |
+*/ |
|
1348 |
+#endif |
|
1343 | 1349 |
cli_strbcasestr(dent->d_name, ".hw") || |
1344 | 1350 |
cli_strbcasestr(dent->d_name, ".inc") || |
1345 | 1351 |
cli_strbcasestr(dent->d_name, ".cvd"))) { |
... | ... |
@@ -481,7 +481,12 @@ static int build(struct optstruct *opt) |
481 | 481 |
"main.ndb", "daily.ndb", "main.sdb", |
482 | 482 |
"daily.sdb", "main.zmd", "daily.zmd", |
483 | 483 |
"main.rmd", "daily.rmd", "main.fp", |
484 |
- "daily.fp", "daily.info", "main.info", NULL }; |
|
484 |
+ "daily.fp", "daily.info", "main.info", |
|
485 |
+#ifdef CL_EXPERIMENTAL |
|
486 |
+ /* TODO: add support for main.[wp]db */ |
|
487 |
+ "daily.wdb","daily.pdb", |
|
488 |
+#endif |
|
489 |
+ NULL }; |
|
485 | 490 |
args[2] = tarfile; |
486 | 491 |
if(!opt_check(opt, "debug")) { |
487 | 492 |
if((dn = open("/dev/null", O_WRONLY)) == -1) { |