... | ... |
@@ -279,15 +279,15 @@ void help(void) |
279 | 279 |
mprintf(" --max-ziptypercg=#n Maximum size zip to type reanalyze\n"); |
280 | 280 |
mprintf(" --max-partitions=#n Maximum number of partitions in disk image to be scanned\n"); |
281 | 281 |
mprintf(" --max-iconspe=#n Maximum number of icons in PE file to be scanned\n"); |
282 |
- mprintf(" --enable-stats Enable statistical reporting of malware\n"); |
|
283 |
- mprintf(" --disable-pe-stats Disable submission of individual PE sections in stats submissions\n"); |
|
284 |
- mprintf(" --stats-timeout=#n Number of seconds to wait for waiting a response back from the stats server\n"); |
|
285 |
- mprintf(" --stats-host-id=UUID Set the Host ID used when submitting statistical info.\n"); |
|
286 | 282 |
#if HAVE_PCRE |
287 | 283 |
mprintf(" --pcre-match-limit=#n Maximum calls to the PCRE match function.\n"); |
288 | 284 |
mprintf(" --pcre-recmatch-limit=#n Maximum recursive calls to the PCRE match function.\n"); |
289 |
- mprintf(" --pcre-max-filesize=#n Maximum size file to perform PCRE sunsig matching.\n"); |
|
285 |
+ mprintf(" --pcre-max-filesize=#n Maximum size file to perform PCRE subsig matching.\n"); |
|
290 | 286 |
#endif /* HAVE_PCRE */ |
287 |
+ mprintf(" --enable-stats Enable statistical reporting of malware\n"); |
|
288 |
+ mprintf(" --disable-pe-stats Disable submission of individual PE sections in stats submissions\n"); |
|
289 |
+ mprintf(" --stats-timeout=#n Number of seconds to wait for waiting a response back from the stats server\n"); |
|
290 |
+ mprintf(" --stats-host-id=UUID Set the Host ID used when submitting statistical info.\n"); |
|
291 | 291 |
mprintf("\n"); |
292 | 292 |
mprintf("(*) Default scan settings\n"); |
293 | 293 |
mprintf("(**) Certain files (e.g. documents, archives, etc.) may in turn contain other\n"); |
... | ... |
@@ -598,6 +598,45 @@ WARNING: setting this limit too high may result in severe damage or impact perfo |
598 | 598 |
.br |
599 | 599 |
Default: 100 |
600 | 600 |
.TP |
601 |
+\fBPCREMatchLimit SIZE\fR |
|
602 |
+This option sets the maximum calls to the PCRE match function during an instance of regex matching. |
|
603 |
+.br |
|
604 |
+Instances using more than this limit will be terminated and alert the user but the scan will continue. |
|
605 |
+.br |
|
606 |
+For more information on match_limit, see the PCRE documentation. |
|
607 |
+.br |
|
608 |
+Negative values are not allowed. |
|
609 |
+.br |
|
610 |
+WARNING: setting this limit too high may severely impact performance. |
|
611 |
+.br |
|
612 |
+Default: 10000 |
|
613 |
+.TP |
|
614 |
+\fBPCRERecMatchLimit NUMBER\fR |
|
615 |
+This option sets the maximum recursive calls to the PCRE match function during an instance of regex matching. |
|
616 |
+.br |
|
617 |
+Instances using more than this limit will be terminated and alert the user but the scan will continue. |
|
618 |
+.br |
|
619 |
+For more information on match_limit_recursion, see the PCRE documentation. |
|
620 |
+.br |
|
621 |
+Negative values are not allowed and values > PCREMatchLimit are superfluous. |
|
622 |
+.br |
|
623 |
+WARNING: setting this limit too high may severely impact performance. |
|
624 |
+.br |
|
625 |
+Default: 5000 |
|
626 |
+.TP |
|
627 |
+\fBPCREMaxFileSize NUMBER\fR |
|
628 |
+This option sets the maximum filesize for which PCRE subsigs will be executed. |
|
629 |
+.br |
|
630 |
+Files exceeding this limit will not have PCRE subsigs executed unless a subsig is encompassed to a smaller buffer. |
|
631 |
+.br |
|
632 |
+Negative values are not allowed. |
|
633 |
+.br |
|
634 |
+Setting this value to zero disables the limit. |
|
635 |
+.br |
|
636 |
+WARNING: setting this limit too high or disabling it may severely impact performance. |
|
637 |
+.br |
|
638 |
+Default: 25M |
|
639 |
+.TP |
|
601 | 640 |
\fBClamukoScanOnAccess (OBSOLETE)\fR |
602 | 641 |
\fBWARNING:\fR This option is no longer accepted. See \fBScanOnAccess\fR. |
603 | 642 |
.TP |
... | ... |
@@ -214,6 +214,15 @@ This option sets the maximum number of partitions of a raw disk image to be scan |
214 | 214 |
\fB\-\-max\-iconspe=#n\fR |
215 | 215 |
This option sets the maximum number of icons within a PE to be scanned. This must be a positive integer (default: 100). |
216 | 216 |
.TP |
217 |
+\fB\-\-pcre-match-limit=#n\fR |
|
218 |
+Maximum calls to the PCRE match function (default: 10000). |
|
219 |
+.TP |
|
220 |
+\fB\-\-pcre-recmatch-limit=#n\fR |
|
221 |
+Maximum recursive calls to the PCRE match function (default: 5000). |
|
222 |
+.TP |
|
223 |
+\fB\-\-pcre-max-filesize=#n\fR |
|
224 |
+Maximum size file to perform PCRE subsig matching (default: 25 MB, max: <4 GB). |
|
225 |
+.TP |
|
217 | 226 |
\fB\-\-enable\-stats\fR |
218 | 227 |
This option enables submission of statistical data. (Default: stats submissions disabled) |
219 | 228 |
.TP |