Browse code
Initial merge of the phiscode... more to come.
- clamav-devel/ChangeLog
- clamav-devel/libclamav/clamav.h
- clamav-devel/libclamav/phish_domaincheck_db.h
- clamav-devel/libclamav/phish_whitelist.h
- clamav-devel/libclamav/readdb.c
- clamav-devel/sigtool/sigtool.c
| ... | ... |
@@ -1,3 +1,10 @@ |
| 1 |
+Tue Sep 12 20:42:04 CEST 2006 (acab) |
|
| 2 |
+------------------------------------ |
|
| 3 |
+ * sigtool: Merge of the related part of the phishing module from |
|
| 4 |
+ Torok Edvin <edwintorok*gmail.com> |
|
| 5 |
+ Part of the Google Summer of Code program |
|
| 6 |
+ * libclamav: Initial merge of the phishing module - inactive |
|
| 7 |
+ |
|
| 1 | 8 |
Tue Sep 12 01:04:39 CEST 2006 (tk) |
| 2 | 9 |
---------------------------------- |
| 3 | 10 |
* clamd, clamdscan: add support for hardware acceleration |
| ... | ... |
@@ -90,6 +90,8 @@ extern "C" |
| 90 | 90 |
#define CL_SCAN_MAILURL 128 |
| 91 | 91 |
#define CL_SCAN_BLOCKMAX 256 |
| 92 | 92 |
#define CL_SCAN_ALGO 512 |
| 93 |
+#define CL_SCAN_NOPHISHING 1024 |
|
| 94 |
+#define CL_PHISH_NO_DOMAINLIST 4096 |
|
| 93 | 95 |
|
| 94 | 96 |
/* recommended options */ |
| 95 | 97 |
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGO) |
| 96 | 98 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,33 @@ |
| 0 |
+/* |
|
| 1 |
+ * Phishing module: domain list implementation. |
|
| 2 |
+ * |
|
| 3 | ||
| 4 |
+ * |
|
| 5 |
+ * This program is free software; you can redistribute it and/or modify |
|
| 6 |
+ * it under the terms of the GNU General Public License as published by |
|
| 7 |
+ * the Free Software Foundation; either version 2 of the License, or |
|
| 8 |
+ * (at your option) any later version. |
|
| 9 |
+ * |
|
| 10 |
+ * This program is distributed in the hope that it will be useful, |
|
| 11 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 12 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 13 |
+ * GNU General Public License for more details. |
|
| 14 |
+ * |
|
| 15 |
+ * You should have received a copy of the GNU General Public License |
|
| 16 |
+ * along with this program; if not, write to the Free Software |
|
| 17 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
| 18 |
+ * MA 02110-1301, USA. |
|
| 19 |
+ * |
|
| 20 |
+ */ |
|
| 21 |
+#ifndef _PHISH_DOMAINCHECK_DB_H |
|
| 22 |
+#define _PHISH_DOMAINCHECK_DB_H |
|
| 23 |
+ |
|
| 24 |
+int cli_loadpdb(FILE* fd, unsigned int options); |
|
| 25 |
+int build_domainlist(void); |
|
| 26 |
+int init_domainlist(void); |
|
| 27 |
+void domainlist_done(void); |
|
| 28 |
+void domainlist_cleanup(void); |
|
| 29 |
+int is_domainlist_ok(void); |
|
| 30 |
+int domainlist_match(const char* real_url,const char* display_url,int hostOnly,unsigned short* flags); |
|
| 31 |
+ |
|
| 32 |
+#endif |
| 0 | 33 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,34 @@ |
| 0 |
+/* |
|
| 1 |
+ * Phishing module: whitelist implementation. |
|
| 2 |
+ * |
|
| 3 | ||
| 4 |
+ * |
|
| 5 |
+ * This program is free software; you can redistribute it and/or modify |
|
| 6 |
+ * it under the terms of the GNU General Public License as published by |
|
| 7 |
+ * the Free Software Foundation; either version 2 of the License, or |
|
| 8 |
+ * (at your option) any later version. |
|
| 9 |
+ * |
|
| 10 |
+ * This program is distributed in the hope that it will be useful, |
|
| 11 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 12 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 13 |
+ * GNU General Public License for more details. |
|
| 14 |
+ * |
|
| 15 |
+ * You should have received a copy of the GNU General Public License |
|
| 16 |
+ * along with this program; if not, write to the Free Software |
|
| 17 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
| 18 |
+ * MA 02110-1301, USA. |
|
| 19 |
+ * |
|
| 20 |
+ */ |
|
| 21 |
+ |
|
| 22 |
+#ifndef _WHITELIST_H |
|
| 23 |
+#define _WHITELIST_H |
|
| 24 |
+ |
|
| 25 |
+int cli_loadwdb(FILE* fd, unsigned int options); |
|
| 26 |
+int build_whitelist(void); |
|
| 27 |
+int init_whitelist(void); |
|
| 28 |
+void whitelist_done(void); |
|
| 29 |
+void whitelist_cleanup(void); |
|
| 30 |
+int is_whitelist_ok(void); |
|
| 31 |
+int whitelist_match(const char* real_url,const char* display_url,int hostOnly); |
|
| 32 |
+ |
|
| 33 |
+#endif |
| ... | ... |
@@ -41,6 +41,14 @@ |
| 41 | 41 |
#include "str.h" |
| 42 | 42 |
#include "defaults.h" |
| 43 | 43 |
|
| 44 |
+#ifdef CL_EXPERIMENTAL |
|
| 45 |
+/* |
|
| 46 |
+#include "phish_whitelist.h" |
|
| 47 |
+#include "phish_domaincheck_db.h" |
|
| 48 |
+*/ |
|
| 49 |
+#endif |
|
| 50 |
+ |
|
| 51 |
+ |
|
| 44 | 52 |
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2) |
| 45 | 53 |
#include <limits.h> |
| 46 | 54 |
#include <stddef.h> |
| ... | ... |
@@ -1085,7 +1093,20 @@ static int cli_load(const char *filename, struct cl_engine **engine, unsigned in |
| 1085 | 1085 |
else |
| 1086 | 1086 |
#endif |
| 1087 | 1087 |
skipped = 1; |
| 1088 |
- |
|
| 1088 |
+#ifdef CL_EXPERIMENTAL |
|
| 1089 |
+/* |
|
| 1090 |
+ } else if(cli_strbcasestr(filename, ".wdb")) {
|
|
| 1091 |
+ if(!(options & CL_SCAN_NOPHISHING)) |
|
| 1092 |
+ ret = cli_loadwdb(fd, options); |
|
| 1093 |
+ else |
|
| 1094 |
+ skipped = 1; |
|
| 1095 |
+ } else if(cli_strbcasestr(filename, ".pdb")) {
|
|
| 1096 |
+ if(!(options & CL_SCAN_NOPHISHING)) |
|
| 1097 |
+ ret = cli_loadpdb(fd, options); |
|
| 1098 |
+ else |
|
| 1099 |
+ skipped = 1; |
|
| 1100 |
+*/ |
|
| 1101 |
+#endif |
|
| 1089 | 1102 |
} else {
|
| 1090 | 1103 |
cli_dbgmsg("cli_load: unknown extension - assuming old database format\n");
|
| 1091 | 1104 |
ret = cli_loaddb(fd, engine, signo, options); |
| ... | ... |
@@ -1150,6 +1171,12 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigne |
| 1150 | 1150 |
cli_strbcasestr(dent->d_name, ".sdb") || |
| 1151 | 1151 |
cli_strbcasestr(dent->d_name, ".zmd") || |
| 1152 | 1152 |
cli_strbcasestr(dent->d_name, ".rmd") || |
| 1153 |
+#ifdef CL_EXPERIMENTAL |
|
| 1154 |
+/* |
|
| 1155 |
+ cli_strbcasestr(dent->d_name, ".pdb") || |
|
| 1156 |
+ cli_strbcasestr(dent->d_name, ".wdb") || |
|
| 1157 |
+*/ |
|
| 1158 |
+#endif |
|
| 1153 | 1159 |
cli_strbcasestr(dent->d_name, ".hw") || |
| 1154 | 1160 |
cli_strbcasestr(dent->d_name, ".inc") || |
| 1155 | 1161 |
cli_strbcasestr(dent->d_name, ".cvd"))) {
|
| ... | ... |
@@ -1266,6 +1293,12 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat) |
| 1266 | 1266 |
cli_strbcasestr(dent->d_name, ".sdb") || |
| 1267 | 1267 |
cli_strbcasestr(dent->d_name, ".zmd") || |
| 1268 | 1268 |
cli_strbcasestr(dent->d_name, ".rmd") || |
| 1269 |
+#ifdef CL_EXPERIMENTAL |
|
| 1270 |
+/* |
|
| 1271 |
+ cli_strbcasestr(dent->d_name, ".pdb") || |
|
| 1272 |
+ cli_strbcasestr(dent->d_name, ".wdb") || |
|
| 1273 |
+*/ |
|
| 1274 |
+#endif |
|
| 1269 | 1275 |
cli_strbcasestr(dent->d_name, ".hw") || |
| 1270 | 1276 |
cli_strbcasestr(dent->d_name, ".inc") || |
| 1271 | 1277 |
cli_strbcasestr(dent->d_name, ".cvd"))) {
|
| ... | ... |
@@ -1340,6 +1373,12 @@ int cl_statchkdir(const struct cl_stat *dbstat) |
| 1340 | 1340 |
cli_strbcasestr(dent->d_name, ".sdb") || |
| 1341 | 1341 |
cli_strbcasestr(dent->d_name, ".zmd") || |
| 1342 | 1342 |
cli_strbcasestr(dent->d_name, ".rmd") || |
| 1343 |
+#ifdef CL_EXPERIMENTAL |
|
| 1344 |
+/* |
|
| 1345 |
+ cli_strbcasestr(dent->d_name, ".pdb") || |
|
| 1346 |
+ cli_strbcasestr(dent->d_name, ".wdb") || |
|
| 1347 |
+*/ |
|
| 1348 |
+#endif |
|
| 1343 | 1349 |
cli_strbcasestr(dent->d_name, ".hw") || |
| 1344 | 1350 |
cli_strbcasestr(dent->d_name, ".inc") || |
| 1345 | 1351 |
cli_strbcasestr(dent->d_name, ".cvd"))) {
|
| ... | ... |
@@ -481,7 +481,12 @@ static int build(struct optstruct *opt) |
| 481 | 481 |
"main.ndb", "daily.ndb", "main.sdb", |
| 482 | 482 |
"daily.sdb", "main.zmd", "daily.zmd", |
| 483 | 483 |
"main.rmd", "daily.rmd", "main.fp", |
| 484 |
- "daily.fp", "daily.info", "main.info", NULL }; |
|
| 484 |
+ "daily.fp", "daily.info", "main.info", |
|
| 485 |
+#ifdef CL_EXPERIMENTAL |
|
| 486 |
+ /* TODO: add support for main.[wp]db */ |
|
| 487 |
+ "daily.wdb","daily.pdb", |
|
| 488 |
+#endif |
|
| 489 |
+ NULL }; |
|
| 485 | 490 |
args[2] = tarfile; |
| 486 | 491 |
if(!opt_check(opt, "debug")) {
|
| 487 | 492 |
if((dn = open("/dev/null", O_WRONLY)) == -1) {
|