Browse code
Rename core scanning functions
Many of the core scanning functions' names no longer represent their
specific purpose or arguments. This commit aims to make the names more
intuitive. Names are now prefixed with "magic" if they involve
file-typing and file-type parsing. In addition, each function now
includes the type of input being scanned whether its "desc", "fmap", or
"buff". Some of the APIs also now specify "type" to indicate that a type
other than "ANY" may be passed in to select the type rather than use
file type magic for type recognition.
| current name | new name |
| ------------------------- | --------------------------------- |
| magic_scandesc() | cli_magic_scan() |
| cli_magic_scandesc_type() | <delete> |
| cli_magic_scandesc() | cli_magic_scan_desc() |
| cli_base_scandesc() | cli_magic_scan_desc_type() |
| cli_partition_scandesc() | <delete> |
| cli_map_scandesc() | magic_scan_nested_fmap_type() |
| cli_map_scan() | cli_magic_scan_nested_fmap_type() |
| cli_mem_scandesc() | cli_magic_scan_buff() |
| cli_scanbuff() | cli_scan_buff() |
| cli_scandesc() | cli_scan_desc() |
| cli_fmap_scandesc() | cli_scan_fmap() |
| cli_scanfile() | cli_magic_scan_file() |
| cli_scandir() | cli_magic_scan_dir() |
| cli_filetype2() | cli_determine_fmap_type() |
| cli_filetype() | cli_compare_ftm_file() |
| cli_partitiontype() | cli_compare_ftm_partition() |
| cli_scanraw() | scanraw() |
Micah Snyder authored on 2020/03/22 03:15:28Showing 47 changed files
- libclamav/7z_iface.c
- libclamav/apm.c
- libclamav/autoit.c
- libclamav/binhex.c
- libclamav/blob.c
- libclamav/bytecode.c
- libclamav/bytecode_api.c
- libclamav/cpio.c
- libclamav/dmg.c
- libclamav/elf.c
- libclamav/filetypes.c
- libclamav/filetypes.h
- libclamav/gif.c
- libclamav/gpt.c
- libclamav/hfsplus.c
- libclamav/hwp.c
- libclamav/ishield.c
- libclamav/iso9660.c
- libclamav/libclamav.map
- libclamav/libmspack.c
- libclamav/macho.c
- libclamav/matcher.c
- libclamav/matcher.h
- libclamav/mbox.c
- libclamav/mbr.c
- libclamav/message.c
- libclamav/msxml_parser.c
- libclamav/nsis/nulsft.c
- libclamav/ole2_extract.c
- libclamav/pdf.c
- libclamav/pe.c
- libclamav/png.c
- libclamav/rtf.c
- libclamav/scanners.c
- libclamav/scanners.h
- libclamav/sis.c
- libclamav/swf.c
- libclamav/untar.c
- libclamav/unzip.h
- libclamav/vba_extract.c
- libclamav/xar.c
- libclamav/xdp.c
- libclamav/xlm_extract.c
- sigtool/sigtool.c
- unit_tests/check_matchers.c
- unit_tests/valgrind.supp
- win32/libclamav.def
| ... | ... |
@@ -191,7 +191,7 @@ int cli_7unz(cli_ctx *ctx, size_t offset) |
| 191 | 191 |
cli_dbgmsg("cli_7unz: Saving to %s\n", tmp_name);
|
| 192 | 192 |
if (cli_writen(fd, outBuffer + offset, outSizeProcessed) != outSizeProcessed) |
| 193 | 193 |
found = CL_EWRITE; |
| 194 |
- else if ((found = cli_magic_scandesc(fd, tmp_name, ctx, name)) == CL_VIRUS) |
|
| 194 |
+ else if ((found = cli_magic_scan_desc(fd, tmp_name, ctx, name)) == CL_VIRUS) |
|
| 195 | 195 |
viruses_found++; |
| 196 | 196 |
close(fd); |
| 197 | 197 |
if (!ctx->engine->keeptmp && cli_unlink(tmp_name)) |
| ... | ... |
@@ -222,8 +222,8 @@ int cli_scanapm(cli_ctx *ctx) |
| 222 | 222 |
cli_dbgmsg("Blocks: [%u, +%u), ([%lu, +%lu))\n",
|
| 223 | 223 |
apentry.pBlockStart, apentry.pBlockCount, (long unsigned)partoff, (long unsigned)partsize); |
| 224 | 224 |
|
| 225 |
- /* send the partition to cli_map_scan */ |
|
| 226 |
- ret = cli_map_scan(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, (const char *)apentry.name); |
|
| 225 |
+ /* send the partition to cli_magic_scan_nested_fmap_type */ |
|
| 226 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, (const char *)apentry.name); |
|
| 227 | 227 |
if (ret != CL_CLEAN) {
|
| 228 | 228 |
if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) |
| 229 | 229 |
detection = CL_VIRUS; |
| ... | ... |
@@ -451,8 +451,7 @@ const char *autoit_functions[] = {
|
| 451 | 451 |
"WINWAIT", |
| 452 | 452 |
"WINWAITACTIVE", |
| 453 | 453 |
"WINWAITCLOSE", |
| 454 |
- "WINWAITNOTACTIVE" |
|
| 455 |
-}; |
|
| 454 |
+ "WINWAITNOTACTIVE"}; |
|
| 456 | 455 |
|
| 457 | 456 |
const char *autoit_keywords[] = {
|
| 458 | 457 |
"UNKNOWN_0", |
| ... | ... |
@@ -858,7 +857,7 @@ static int ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd) |
| 858 | 858 |
close(i); |
| 859 | 859 |
return CL_ESEEK; |
| 860 | 860 |
} |
| 861 |
- if (cli_magic_scandesc(i, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 861 |
+ if (cli_magic_scan_desc(i, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 862 | 862 |
if (!SCAN_ALLMATCHES) {
|
| 863 | 863 |
close(i); |
| 864 | 864 |
if (!ctx->engine->keeptmp) |
| ... | ... |
@@ -1185,7 +1184,7 @@ static int ea06(cli_ctx *ctx, const uint8_t *base, char *tmpd) |
| 1185 | 1185 |
cli_dbgmsg("autoit: too few bytes present - expected enough for a keyword ID\n");
|
| 1186 | 1186 |
break; |
| 1187 | 1187 |
} |
| 1188 |
- keyword_id = cli_readint32((char *)&UNP.outputbuf[UNP.cur_input]); |
|
| 1188 |
+ keyword_id = cli_readint32((char *)&UNP.outputbuf[UNP.cur_input]); |
|
| 1189 | 1189 |
if (keyword_id >= (sizeof(autoit_keywords) / sizeof(autoit_keywords[0]))) {
|
| 1190 | 1190 |
UNP.error = 1; |
| 1191 | 1191 |
cli_dbgmsg("autoit: unknown AutoIT keyword ID: 0x%x\n", keyword_id);
|
| ... | ... |
@@ -1219,7 +1218,7 @@ static int ea06(cli_ctx *ctx, const uint8_t *base, char *tmpd) |
| 1219 | 1219 |
cli_dbgmsg("autoit: too few bytes present - expected enough for a function ID\n");
|
| 1220 | 1220 |
break; |
| 1221 | 1221 |
} |
| 1222 |
- function_id = cli_readint32((char *)&UNP.outputbuf[UNP.cur_input]); |
|
| 1222 |
+ function_id = cli_readint32((char *)&UNP.outputbuf[UNP.cur_input]); |
|
| 1223 | 1223 |
if (function_id >= (sizeof(autoit_functions) / sizeof(autoit_functions[0]))) {
|
| 1224 | 1224 |
UNP.error = 1; |
| 1225 | 1225 |
cli_dbgmsg("autoit: unknown AutoIT function ID: 0x%x\n", function_id);
|
| ... | ... |
@@ -1467,7 +1466,7 @@ static int ea06(cli_ctx *ctx, const uint8_t *base, char *tmpd) |
| 1467 | 1467 |
close(i); |
| 1468 | 1468 |
return CL_ESEEK; |
| 1469 | 1469 |
} |
| 1470 |
- if (cli_magic_scandesc(i, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 1470 |
+ if (cli_magic_scan_desc(i, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 1471 | 1471 |
if (!SCAN_ALLMATCHES) {
|
| 1472 | 1472 |
close(i); |
| 1473 | 1473 |
if (!ctx->engine->keeptmp) |
| ... | ... |
@@ -122,7 +122,7 @@ int cli_binhex(cli_ctx *ctx) |
| 122 | 122 |
ret = CL_ESEEK; |
| 123 | 123 |
break; |
| 124 | 124 |
} |
| 125 |
- ret = cli_magic_scandesc(datafd, dname, ctx, NULL); |
|
| 125 |
+ ret = cli_magic_scan_desc(datafd, dname, ctx, NULL); |
|
| 126 | 126 |
if (ret == CL_VIRUS) break; |
| 127 | 127 |
} |
| 128 | 128 |
if (dec_done) |
| ... | ... |
@@ -168,7 +168,7 @@ int cli_binhex(cli_ctx *ctx) |
| 168 | 168 |
ret = CL_ESEEK; |
| 169 | 169 |
break; |
| 170 | 170 |
} |
| 171 |
- ret = cli_magic_scandesc(resfd, rname, ctx, NULL); |
|
| 171 |
+ ret = cli_magic_scan_desc(resfd, rname, ctx, NULL); |
|
| 172 | 172 |
break; |
| 173 | 173 |
} |
| 174 | 174 |
} |
| ... | ... |
@@ -180,7 +180,7 @@ int cli_binhex(cli_ctx *ctx) |
| 180 | 180 |
ret = CL_ESEEK; |
| 181 | 181 |
break; |
| 182 | 182 |
} |
| 183 |
- ret = cli_magic_scandesc(datafd, dname, ctx, NULL); |
|
| 183 |
+ ret = cli_magic_scan_desc(datafd, dname, ctx, NULL); |
|
| 184 | 184 |
} else if (write_phase == IN_RES) {
|
| 185 | 185 |
cli_dbgmsg("cli_binhex: scanning partially extracted resource fork\n");
|
| 186 | 186 |
if (lseek(resfd, 0, SEEK_SET) == -1) {
|
| ... | ... |
@@ -188,7 +188,7 @@ int cli_binhex(cli_ctx *ctx) |
| 188 | 188 |
ret = CL_ESEEK; |
| 189 | 189 |
break; |
| 190 | 190 |
} |
| 191 |
- ret = cli_magic_scandesc(resfd, rname, ctx, NULL); |
|
| 191 |
+ ret = cli_magic_scan_desc(resfd, rname, ctx, NULL); |
|
| 192 | 192 |
} |
| 193 | 193 |
break; |
| 194 | 194 |
} |
| ... | ... |
@@ -584,7 +584,7 @@ int fileblobAddData(fileblob *fb, const unsigned char *data, size_t len) |
| 584 | 584 |
*ctx->scanned += (unsigned long)len / CL_COUNT_PRECISION; |
| 585 | 585 |
fb->bytes_scanned += (unsigned long)len; |
| 586 | 586 |
|
| 587 |
- if ((len > 5) && cli_updatelimits(ctx, len) == CL_CLEAN && (cli_scanbuff(data, (unsigned int)len, 0, ctx->virname, ctx->engine, CL_TYPE_BINARY_DATA, NULL) == CL_VIRUS)) {
|
|
| 587 |
+ if ((len > 5) && cli_updatelimits(ctx, len) == CL_CLEAN && (cli_scan_buff(data, (unsigned int)len, 0, ctx->virname, ctx->engine, CL_TYPE_BINARY_DATA, NULL) == CL_VIRUS)) {
|
|
| 588 | 588 |
cli_dbgmsg("fileblobAddData: found %s\n", cli_get_last_virus_str(ctx->virname));
|
| 589 | 589 |
fb->isInfected = 1; |
| 590 | 590 |
} |
| ... | ... |
@@ -649,7 +649,7 @@ int fileblobScan(const fileblob *fb) |
| 649 | 649 |
virus_found = 1; |
| 650 | 650 |
} |
| 651 | 651 |
|
| 652 |
- rc = cli_magic_scandesc(fb->fd, fb->fullname, fb->ctx, fb->b.name); |
|
| 652 |
+ rc = cli_magic_scan_desc(fb->fd, fb->fullname, fb->ctx, fb->b.name); |
|
| 653 | 653 |
if (rc == CL_VIRUS || virus_found != 0) {
|
| 654 | 654 |
cli_dbgmsg("%s is infected\n", fb->fullname);
|
| 655 | 655 |
return CL_VIRUS; |
| ... | ... |
@@ -164,12 +164,12 @@ static int cli_bytecode_context_reset(struct cli_bc_ctx *ctx) |
| 164 | 164 |
snprintf(fullname, 1024, "%s" PATHSEP "javascript", ctx->jsnormdir); |
| 165 | 165 |
fd = open(fullname, O_RDONLY | O_BINARY); |
| 166 | 166 |
if (fd >= 0) {
|
| 167 |
- ret = cli_scandesc(fd, cctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 167 |
+ ret = cli_scan_desc(fd, cctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 168 | 168 |
if (ret == CL_CLEAN) {
|
| 169 | 169 |
if (lseek(fd, 0, SEEK_SET) == -1) |
| 170 | 170 |
cli_dbgmsg("cli_bytecode: call to lseek() has failed\n");
|
| 171 | 171 |
else |
| 172 |
- ret = cli_scandesc(fd, cctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 172 |
+ ret = cli_scan_desc(fd, cctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 173 | 173 |
} |
| 174 | 174 |
close(fd); |
| 175 | 175 |
} |
| ... | ... |
@@ -2906,7 +2906,7 @@ int cli_bytecode_runhook(cli_ctx *cctx, const struct cl_engine *engine, struct c |
| 2906 | 2906 |
lseek(fd, 0, SEEK_SET); |
| 2907 | 2907 |
cli_dbgmsg("***** Scanning unpacked file ******\n");
|
| 2908 | 2908 |
cctx->recursion++; |
| 2909 |
- ret = cli_magic_scandesc(fd, tempfile, cctx, NULL); |
|
| 2909 |
+ ret = cli_magic_scan_desc(fd, tempfile, cctx, NULL); |
|
| 2910 | 2910 |
cctx->recursion--; |
| 2911 | 2911 |
if (!cctx->engine->keeptmp) |
| 2912 | 2912 |
if (ftruncate(fd, 0) == -1) |
| ... | ... |
@@ -552,7 +552,7 @@ int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx, int32_t id) |
| 552 | 552 |
size_t csize = cli_get_container_size(cctx, -2); |
| 553 | 553 |
cli_set_container(cctx, ctx->containertype, csize); |
| 554 | 554 |
} |
| 555 |
- res = cli_magic_scandesc(ctx->outfd, ctx->tempfile, cctx, NULL); |
|
| 555 |
+ res = cli_magic_scan_desc(ctx->outfd, ctx->tempfile, cctx, NULL); |
|
| 556 | 556 |
cctx->recursion--; |
| 557 | 557 |
if (res == CL_VIRUS) {
|
| 558 | 558 |
ctx->virname = cli_get_last_virus(cctx); |
| ... | ... |
@@ -163,7 +163,7 @@ int cli_scancpio_old(cli_ctx *ctx) |
| 163 | 163 |
if (ret == CL_EMAXFILES) {
|
| 164 | 164 |
goto leave; |
| 165 | 165 |
} else if (ret == CL_SUCCESS) {
|
| 166 |
- ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); |
|
| 166 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); |
|
| 167 | 167 |
if (ret == CL_VIRUS) {
|
| 168 | 168 |
if (!SCAN_ALLMATCHES) |
| 169 | 169 |
return ret; |
| ... | ... |
@@ -252,7 +252,7 @@ int cli_scancpio_odc(cli_ctx *ctx) |
| 252 | 252 |
if (ret == CL_EMAXFILES) {
|
| 253 | 253 |
goto leave; |
| 254 | 254 |
} else if (ret == CL_SUCCESS) {
|
| 255 |
- ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); |
|
| 255 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); |
|
| 256 | 256 |
if (ret == CL_VIRUS) {
|
| 257 | 257 |
if (!SCAN_ALLMATCHES) |
| 258 | 258 |
return ret; |
| ... | ... |
@@ -345,7 +345,7 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
| 345 | 345 |
if (ret == CL_EMAXFILES) {
|
| 346 | 346 |
goto leave; |
| 347 | 347 |
} else if (ret == CL_SUCCESS) {
|
| 348 |
- ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); |
|
| 348 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); |
|
| 349 | 349 |
if (ret == CL_VIRUS) {
|
| 350 | 350 |
if (!SCAN_ALLMATCHES) |
| 351 | 351 |
return ret; |
| ... | ... |
@@ -178,8 +178,8 @@ int cli_scandmg(cli_ctx *ctx) |
| 178 | 178 |
} |
| 179 | 179 |
} |
| 180 | 180 |
|
| 181 |
- /* scan XML with cli_map_scan */ |
|
| 182 |
- ret = cli_map_scan(*ctx->fmap, (off_t)hdr.xmlOffset, (size_t)hdr.xmlLength, ctx, CL_TYPE_ANY, NULL); |
|
| 181 |
+ /* scan XML with cli_magic_scan_nested_fmap_type */ |
|
| 182 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, (off_t)hdr.xmlOffset, (size_t)hdr.xmlLength, ctx, CL_TYPE_ANY, NULL); |
|
| 183 | 183 |
if (ret != CL_CLEAN) {
|
| 184 | 184 |
cli_dbgmsg("cli_scandmg: retcode from scanning TOC xml: %s\n", cl_strerror(ret));
|
| 185 | 185 |
if (!ctx->engine->keeptmp) |
| ... | ... |
@@ -1083,7 +1083,7 @@ static int dmg_handle_mish(cli_ctx *ctx, unsigned int mishblocknum, char *dir, |
| 1083 | 1083 |
/* If okay so far, scan rebuilt partition */ |
| 1084 | 1084 |
if (ret == CL_CLEAN) {
|
| 1085 | 1085 |
/* Have to keep partition typing separate */ |
| 1086 |
- ret = cli_base_scandesc(ofd, outfile, ctx, CL_TYPE_PART_ANY, NULL); |
|
| 1086 |
+ ret = cli_magic_scan_desc_type(ofd, outfile, ctx, CL_TYPE_PART_ANY, NULL); |
|
| 1087 | 1087 |
} |
| 1088 | 1088 |
|
| 1089 | 1089 |
close(ofd); |
| ... | ... |
@@ -881,7 +881,7 @@ int cli_unpackelf(cli_ctx *ctx) |
| 881 | 881 |
cli_dbgmsg("cli_scanelf: Unpacked and rebuilt executable\n");
|
| 882 | 882 |
lseek(ndesc, 0, SEEK_SET); |
| 883 | 883 |
cli_dbgmsg("***** Scanning rebuilt ELF file *****\n");
|
| 884 |
- if (cli_magic_scandesc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 884 |
+ if (cli_magic_scan_desc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 885 | 885 |
close(ndesc); |
| 886 | 886 |
CLI_TMPUNLK(); |
| 887 | 887 |
free(tempfile); |
| ... | ... |
@@ -138,8 +138,6 @@ static const struct ftmap_s {
|
| 138 | 138 |
}; |
| 139 | 139 |
// clang-format on |
| 140 | 140 |
|
| 141 |
-cli_file_t cli_partitiontype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine); |
|
| 142 |
- |
|
| 143 | 141 |
cli_file_t cli_ftcode(const char *name) |
| 144 | 142 |
{
|
| 145 | 143 |
unsigned int i; |
| ... | ... |
@@ -184,7 +182,7 @@ void cli_ftfree(const struct cl_engine *engine) |
| 184 | 184 |
} |
| 185 | 185 |
} |
| 186 | 186 |
|
| 187 |
-cli_file_t cli_partitiontype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine) |
|
| 187 |
+cli_file_t cli_compare_ftm_partition(const unsigned char *buf, size_t buflen, const struct cl_engine *engine) |
|
| 188 | 188 |
{
|
| 189 | 189 |
struct cli_ftype *ptype = engine->ptypes; |
| 190 | 190 |
|
| ... | ... |
@@ -202,7 +200,7 @@ cli_file_t cli_partitiontype(const unsigned char *buf, size_t buflen, const stru |
| 202 | 202 |
return CL_TYPE_PART_ANY; |
| 203 | 203 |
} |
| 204 | 204 |
|
| 205 |
-cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine) |
|
| 205 |
+cli_file_t cli_compare_ftm_file(const unsigned char *buf, size_t buflen, const struct cl_engine *engine) |
|
| 206 | 206 |
{
|
| 207 | 207 |
struct cli_ftype *ftype = engine->ftypes; |
| 208 | 208 |
|
| ... | ... |
@@ -273,7 +271,7 @@ const struct ooxml_ftcodes {
|
| 273 | 273 |
} \ |
| 274 | 274 |
} while (0) |
| 275 | 275 |
|
| 276 |
-cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t basetype) |
|
| 276 |
+cli_file_t cli_determine_fmap_type(fmap_t *map, const struct cl_engine *engine, cli_file_t basetype) |
|
| 277 | 277 |
{
|
| 278 | 278 |
unsigned char buffer[MAGIC_BUFFER_SIZE]; |
| 279 | 279 |
const unsigned char *buff; |
| ... | ... |
@@ -284,7 +282,7 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t |
| 284 | 284 |
struct cli_ac_data mdata; |
| 285 | 285 |
|
| 286 | 286 |
if (!engine) {
|
| 287 |
- cli_errmsg("cli_filetype2: engine == NULL\n");
|
|
| 287 |
+ cli_errmsg("cli_determine_fmap_type: engine == NULL\n");
|
|
| 288 | 288 |
return CL_TYPE_ERROR; |
| 289 | 289 |
} |
| 290 | 290 |
|
| ... | ... |
@@ -302,7 +300,7 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t |
| 302 | 302 |
if (buff) {
|
| 303 | 303 |
sret = cli_memcpy(buffer, buff, bread); |
| 304 | 304 |
if (sret) {
|
| 305 |
- cli_errmsg("cli_filetype2: fileread error!\n");
|
|
| 305 |
+ cli_errmsg("cli_determine_fmap_type: fileread error!\n");
|
|
| 306 | 306 |
return CL_TYPE_ERROR; |
| 307 | 307 |
} |
| 308 | 308 |
sret = 0; |
| ... | ... |
@@ -311,9 +309,9 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t |
| 311 | 311 |
} |
| 312 | 312 |
|
| 313 | 313 |
if (basetype == CL_TYPE_PART_ANY) { /* typing a partition */
|
| 314 |
- ret = cli_partitiontype(buff, bread, engine); |
|
| 314 |
+ ret = cli_compare_ftm_partition(buff, bread, engine); |
|
| 315 | 315 |
} else { /* typing a file */
|
| 316 |
- ret = cli_filetype(buff, bread, engine); |
|
| 316 |
+ ret = cli_compare_ftm_file(buff, bread, engine); |
|
| 317 | 317 |
|
| 318 | 318 |
if (ret == CL_TYPE_BINARY_DATA) {
|
| 319 | 319 |
switch (is_tar(buff, bread)) {
|
| ... | ... |
@@ -376,7 +374,7 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t |
| 376 | 376 |
zread = MIN(MAGIC_BUFFER_SIZE, map->len - zoff); |
| 377 | 377 |
zbuff = fmap_need_off_once(map, zoff, zread); |
| 378 | 378 |
if (zbuff == NULL) {
|
| 379 |
- cli_dbgmsg("cli_filetype2: error mapping data for OOXML check\n");
|
|
| 379 |
+ cli_dbgmsg("cli_determine_fmap_type: error mapping data for OOXML check\n");
|
|
| 380 | 380 |
return CL_TYPE_ERROR; |
| 381 | 381 |
} |
| 382 | 382 |
zoff += zread; |
| ... | ... |
@@ -405,7 +403,7 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t |
| 405 | 405 |
|
| 406 | 406 |
if (ret >= CL_TYPE_TEXT_ASCII && ret <= CL_TYPE_BINARY_DATA) {
|
| 407 | 407 |
/* HTML files may contain special characters and could be |
| 408 |
- * misidentified as BINARY_DATA by cli_filetype() |
|
| 408 |
+ * misidentified as BINARY_DATA by cli_compare_ftm_file() |
|
| 409 | 409 |
*/ |
| 410 | 410 |
root = engine->root[0]; |
| 411 | 411 |
if (!root) |
| ... | ... |
@@ -463,7 +461,7 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t |
| 463 | 463 |
if (out_area.length > 0) {
|
| 464 | 464 |
sret = cli_ac_scanbuff(decodedbuff, out_area.length, NULL, NULL, NULL, engine->root[0], &mdata, 0, 0, NULL, AC_SCAN_FT, NULL); /* FIXME: can we use CL_TYPE_TEXT_ASCII instead of 0? */ |
| 465 | 465 |
if (sret == CL_TYPE_HTML) {
|
| 466 |
- cli_dbgmsg("cli_filetype2: detected HTML signature in Unicode file\n");
|
|
| 466 |
+ cli_dbgmsg("cli_determine_fmap_type: detected HTML signature in Unicode file\n");
|
|
| 467 | 467 |
/* htmlnorm is able to handle any unicode now, since it skips null chars */ |
| 468 | 468 |
ret = CL_TYPE_HTML; |
| 469 | 469 |
} |
| ... | ... |
@@ -144,8 +144,9 @@ struct cli_matched_type {
|
| 144 | 144 |
cli_file_t cli_ftcode(const char *name); |
| 145 | 145 |
const char *cli_ftname(cli_file_t code); |
| 146 | 146 |
void cli_ftfree(const struct cl_engine *engine); |
| 147 |
-cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine); |
|
| 148 |
-cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t basetype); |
|
| 147 |
+cli_file_t cli_compare_ftm_file(const unsigned char *buf, size_t buflen, const struct cl_engine *engine); |
|
| 148 |
+cli_file_t cli_compare_ftm_partition(const unsigned char *buf, size_t buflen, const struct cl_engine *engine); |
|
| 149 |
+cli_file_t cli_determine_fmap_type(fmap_t *map, const struct cl_engine *engine, cli_file_t basetype); |
|
| 149 | 150 |
int cli_addtypesigs(struct cl_engine *engine); |
| 150 | 151 |
|
| 151 | 152 |
#endif |
| ... | ... |
@@ -151,7 +151,7 @@ scan_overlay: |
| 151 | 151 |
|
| 152 | 152 |
// Is there an overlay? |
| 153 | 153 |
if (offset < map->len) {
|
| 154 |
- cl_error_t recRetVal = cli_map_scan(map, offset, map->len - offset, ctx, CL_TYPE_ANY, NULL); |
|
| 154 |
+ cl_error_t recRetVal = cli_magic_scan_nested_fmap_type(map, offset, map->len - offset, ctx, CL_TYPE_ANY, NULL); |
|
| 155 | 155 |
retVal = recRetVal != CL_SUCCESS ? recRetVal : retVal; |
| 156 | 156 |
} |
| 157 | 157 |
|
| ... | ... |
@@ -298,7 +298,7 @@ static int gpt_scan_partitions(cli_ctx *ctx, struct gpt_header hdr, size_t secto |
| 298 | 298 |
max_prtns = ctx->engine->maxpartitions; |
| 299 | 299 |
} |
| 300 | 300 |
|
| 301 |
- /* use the partition tables to pass partitions to cli_map_scan */ |
|
| 301 |
+ /* use the partition tables to pass partitions to cli_magic_scan_nested_fmap_type */ |
|
| 302 | 302 |
pos = hdr.tableStartLBA * sectorsize; |
| 303 | 303 |
for (i = 0; i < max_prtns; ++i) {
|
| 304 | 304 |
/* read in partition entry */ |
| ... | ... |
@@ -341,10 +341,10 @@ static int gpt_scan_partitions(cli_ctx *ctx, struct gpt_header hdr, size_t secto |
| 341 | 341 |
(long long unsigned)gpe.firstLBA, (long long unsigned)(gpe.firstLBA * sectorsize), |
| 342 | 342 |
(long long unsigned)gpe.lastLBA, (long long unsigned)((gpe.lastLBA + 1) * sectorsize)); |
| 343 | 343 |
|
| 344 |
- /* send the partition to cli_map_scan */ |
|
| 344 |
+ /* send the partition to cli_magic_scan_nested_fmap_type */ |
|
| 345 | 345 |
part_off = gpe.firstLBA * sectorsize; |
| 346 | 346 |
part_size = (gpe.lastLBA - gpe.firstLBA + 1) * sectorsize; |
| 347 |
- ret = cli_map_scan(*ctx->fmap, part_off, part_size, ctx, CL_TYPE_PART_ANY, namestr); |
|
| 347 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, part_off, part_size, ctx, CL_TYPE_PART_ANY, namestr); |
|
| 348 | 348 |
if (NULL != namestr) {
|
| 349 | 349 |
free(namestr); |
| 350 | 350 |
} |
| ... | ... |
@@ -434,7 +434,7 @@ static cl_error_t hfsplus_scanfile(cli_ctx *ctx, hfsPlusVolumeHeader *volHeader, |
| 434 | 434 |
} |
| 435 | 435 |
else {
|
| 436 | 436 |
if (ret == CL_CLEAN) {
|
| 437 |
- ret = cli_magic_scandesc(ofd, tmpname, ctx, orig_filename); |
|
| 437 |
+ ret = cli_magic_scan_desc(ofd, tmpname, ctx, orig_filename); |
|
| 438 | 438 |
} |
| 439 | 439 |
|
| 440 | 440 |
if (!ctx->engine->keeptmp) {
|
| ... | ... |
@@ -985,7 +985,7 @@ static cl_error_t hfsplus_walk_catalog(cli_ctx *ctx, hfsPlusVolumeHeader *volHea |
| 985 | 985 |
cli_errmsg("hfsplus_walk_catalog: failed to convert UTF-16BE to UTF-8\n");
|
| 986 | 986 |
name_utf8 = NULL; |
| 987 | 987 |
} |
| 988 |
- cli_errmsg("hfsplus_walk_catalog: Extracting file %s\n", name_utf8);
|
|
| 988 |
+ cli_dbgmsg("hfsplus_walk_catalog: Extracting file %s\n", name_utf8);
|
|
| 989 | 989 |
} |
| 990 | 990 |
} |
| 991 | 991 |
/* Copy type (after key, which is after keylength field) */ |
| ... | ... |
@@ -1336,7 +1336,7 @@ static cl_error_t hfsplus_walk_catalog(cli_ctx *ctx, hfsPlusVolumeHeader *volHea |
| 1336 | 1336 |
cli_dbgmsg("hfsplus_walk_catalog: Extracted to %s\n", tmpname);
|
| 1337 | 1337 |
|
| 1338 | 1338 |
/* if successful so far, scan the output */ |
| 1339 |
- ret = cli_magic_scandesc(ofd, tmpname, ctx, name_utf8); |
|
| 1339 |
+ ret = cli_magic_scan_desc(ofd, tmpname, ctx, name_utf8); |
|
| 1340 | 1340 |
|
| 1341 | 1341 |
if (ret == CL_VIRUS) {
|
| 1342 | 1342 |
has_alerts = 1; |
| ... | ... |
@@ -175,7 +175,7 @@ static cl_error_t decompress_and_callback(cli_ctx *ctx, fmap_t *input, size_t at |
| 175 | 175 |
ret = cb(cbdata, ofd, tmpname, ctx); |
| 176 | 176 |
} else {
|
| 177 | 177 |
/* default to scanning what we got */ |
| 178 |
- ret = cli_magic_scandesc(ofd, tmpname, ctx, NULL); |
|
| 178 |
+ ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL); |
|
| 179 | 179 |
} |
| 180 | 180 |
|
| 181 | 181 |
/* clean-up */ |
| ... | ... |
@@ -293,8 +293,8 @@ cl_error_t cli_scanhwpole2(cli_ctx *ctx) |
| 293 | 293 |
else |
| 294 | 294 |
cli_dbgmsg("HWPOLE2: Matched uncompressed prefix and size: %u == %u\n", usize, asize);
|
| 295 | 295 |
|
| 296 |
- return cli_map_scandesc(map, 4, 0, ctx, CL_TYPE_ANY, NULL); |
|
| 297 |
- //return cli_map_scandesc(map, 4, 0, ctx, CL_TYPE_OLE2); |
|
| 296 |
+ return cli_magic_scan_nested_fmap_type(map, 4, 0, ctx, CL_TYPE_ANY, NULL); |
|
| 297 |
+ //return cli_magic_scan_nested_fmap_type(map, 4, 0, ctx, CL_TYPE_OLE2); |
|
| 298 | 298 |
} |
| 299 | 299 |
|
| 300 | 300 |
/*** HWP5 ***/ |
| ... | ... |
@@ -377,7 +377,7 @@ static cl_error_t hwp5_cb(void *cbdata, int fd, const char *filepath, cli_ctx *c |
| 377 | 377 |
if (fd < 0 || !ctx) |
| 378 | 378 |
return CL_ENULLARG; |
| 379 | 379 |
|
| 380 |
- return cli_magic_scandesc(fd, filepath, ctx, NULL); |
|
| 380 |
+ return cli_magic_scan_desc(fd, filepath, ctx, NULL); |
|
| 381 | 381 |
} |
| 382 | 382 |
|
| 383 | 383 |
cl_error_t cli_scanhwp5_stream(cli_ctx *ctx, hwp5_header_t *hwp5, char *name, int fd, const char *filepath) |
| ... | ... |
@@ -397,7 +397,7 @@ cl_error_t cli_scanhwp5_stream(cli_ctx *ctx, hwp5_header_t *hwp5, char *name, in |
| 397 | 397 |
|
| 398 | 398 |
if (hwp5->flags & HWP5_PASSWORD) {
|
| 399 | 399 |
cli_dbgmsg("HWP5.x: Password encrypted stream, scanning as-is\n");
|
| 400 |
- return cli_magic_scandesc(fd, filepath, ctx, name); |
|
| 400 |
+ return cli_magic_scan_desc(fd, filepath, ctx, name); |
|
| 401 | 401 |
} |
| 402 | 402 |
|
| 403 | 403 |
if (hwp5->flags & HWP5_COMPRESSED) {
|
| ... | ... |
@@ -440,7 +440,7 @@ cl_error_t cli_scanhwp5_stream(cli_ctx *ctx, hwp5_header_t *hwp5, char *name, in |
| 440 | 440 |
} |
| 441 | 441 |
|
| 442 | 442 |
/* normal streams */ |
| 443 |
- return cli_magic_scandesc(fd, filepath, ctx, name); |
|
| 443 |
+ return cli_magic_scan_desc(fd, filepath, ctx, name); |
|
| 444 | 444 |
} |
| 445 | 445 |
|
| 446 | 446 |
/*** HWP3 ***/ |
| ... | ... |
@@ -1645,7 +1645,7 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t |
| 1645 | 1645 |
#endif |
| 1646 | 1646 |
/* 32 bytes for extra data fields */ |
| 1647 | 1647 |
if (infolen > 0) |
| 1648 |
- ret = cli_map_scan(map, *offset + 32, infolen - 32, ctx, CL_TYPE_ANY, NULL); |
|
| 1648 |
+ ret = cli_magic_scan_nested_fmap_type(map, *offset + 32, infolen - 32, ctx, CL_TYPE_ANY, NULL); |
|
| 1649 | 1649 |
break; |
| 1650 | 1650 |
case 2: /* OLE2 Data */ |
| 1651 | 1651 |
hwp3_debug("HWP3.x: Information Block[%llu]: TYPE: OLE2 Data\n", infoloc);
|
| ... | ... |
@@ -1654,7 +1654,7 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t |
| 1654 | 1654 |
cli_jsonstr(entry, "Type", "OLE2 Data"); |
| 1655 | 1655 |
#endif |
| 1656 | 1656 |
if (infolen > 0) |
| 1657 |
- ret = cli_map_scan(map, *offset, infolen, ctx, CL_TYPE_ANY, NULL); |
|
| 1657 |
+ ret = cli_magic_scan_nested_fmap_type(map, *offset, infolen, ctx, CL_TYPE_ANY, NULL); |
|
| 1658 | 1658 |
break; |
| 1659 | 1659 |
case 3: /* Hypertext/Hyperlink Information */ |
| 1660 | 1660 |
hwp3_debug("HWP3.x: Information Block[%llu]: TYPE: Hypertext/Hyperlink Information\n", infoloc);
|
| ... | ... |
@@ -1682,7 +1682,7 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t |
| 1682 | 1682 |
hwp3_debug("HWP3.x: Information Block[%llu]: %d: NAME: %s\n", infoloc, i, field);
|
| 1683 | 1683 |
#endif |
| 1684 | 1684 |
/* scanning macros - TODO - check numbers */ |
| 1685 |
- ret = cli_map_scan(map, *offset + (617 * i) + 288, 325, ctx, CL_TYPE_ANY, NULL); |
|
| 1685 |
+ ret = cli_magic_scan_nested_fmap_type(map, *offset + (617 * i) + 288, 325, ctx, CL_TYPE_ANY, NULL); |
|
| 1686 | 1686 |
} |
| 1687 | 1687 |
break; |
| 1688 | 1688 |
case 4: /* Presentation Information */ |
| ... | ... |
@@ -1719,7 +1719,7 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t |
| 1719 | 1719 |
#endif |
| 1720 | 1720 |
/* 324 bytes for extra data fields */ |
| 1721 | 1721 |
if (infolen > 0) |
| 1722 |
- ret = cli_map_scan(map, *offset + 324, infolen - 324, ctx, CL_TYPE_ANY, NULL); |
|
| 1722 |
+ ret = cli_magic_scan_nested_fmap_type(map, *offset + 324, infolen - 324, ctx, CL_TYPE_ANY, NULL); |
|
| 1723 | 1723 |
break; |
| 1724 | 1724 |
case 0x100: /* Table Extension */ |
| 1725 | 1725 |
hwp3_debug("HWP3.x: Information Block[%llu]: TYPE: Table Extension\n", infoloc);
|
| ... | ... |
@@ -1740,7 +1740,7 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t |
| 1740 | 1740 |
default: |
| 1741 | 1741 |
cli_warnmsg("HWP3.x: Information Block[%llu]: TYPE: UNKNOWN(%u)\n", infoloc, infoid);
|
| 1742 | 1742 |
if (infolen > 0) |
| 1743 |
- ret = cli_map_scan(map, *offset, infolen, ctx, CL_TYPE_ANY, NULL); |
|
| 1743 |
+ ret = cli_magic_scan_nested_fmap_type(map, *offset, infolen, ctx, CL_TYPE_ANY, NULL); |
|
| 1744 | 1744 |
} |
| 1745 | 1745 |
|
| 1746 | 1746 |
*offset += infolen; |
| ... | ... |
@@ -1863,8 +1863,8 @@ static cl_error_t hwp3_cb(void *cbdata, int fd, const char *filepath, cli_ctx *c |
| 1863 | 1863 |
cl_error_t subret = ret; |
| 1864 | 1864 |
size_t dlen = offset - start; |
| 1865 | 1865 |
|
| 1866 |
- ret = cli_map_scandesc(map, start, dlen, ctx, CL_TYPE_ANY, NULL); |
|
| 1867 |
- //ret = cli_map_scandesc(map, 0, 0, ctx, CL_TYPE_ANY); |
|
| 1866 |
+ ret = cli_magic_scan_nested_fmap_type(map, start, dlen, ctx, CL_TYPE_ANY, NULL); |
|
| 1867 |
+ //ret = cli_magic_scan_nested_fmap_type(map, 0, 0, ctx, CL_TYPE_ANY); |
|
| 1868 | 1868 |
|
| 1869 | 1869 |
if (ret == CL_SUCCESS) |
| 1870 | 1870 |
ret = subret; |
| ... | ... |
@@ -1978,7 +1978,7 @@ static cl_error_t hwpml_scan_cb(void *cbdata, int fd, const char *filepath, cli_ |
| 1978 | 1978 |
if (fd < 0 || !ctx) |
| 1979 | 1979 |
return CL_ENULLARG; |
| 1980 | 1980 |
|
| 1981 |
- return cli_magic_scandesc(fd, filepath, ctx, NULL); |
|
| 1981 |
+ return cli_magic_scan_desc(fd, filepath, ctx, NULL); |
|
| 1982 | 1982 |
} |
| 1983 | 1983 |
|
| 1984 | 1984 |
static cl_error_t hwpml_binary_cb(int fd, const char *filepath, cli_ctx *ctx, int num_attribs, struct attrib_entry *attribs, void *cbdata) |
| ... | ... |
@@ -2014,7 +2014,7 @@ static cl_error_t hwpml_binary_cb(int fd, const char *filepath, cli_ctx *ctx, in |
| 2014 | 2014 |
/* decode the binary data if needed - base64 */ |
| 2015 | 2015 |
if (enc < 0) {
|
| 2016 | 2016 |
cli_errmsg("HWPML: Unrecognized encoding method\n");
|
| 2017 |
- return cli_magic_scandesc(fd, filepath, ctx, NULL); |
|
| 2017 |
+ return cli_magic_scan_desc(fd, filepath, ctx, NULL); |
|
| 2018 | 2018 |
} else if (enc == 1) {
|
| 2019 | 2019 |
STATBUF statbuf; |
| 2020 | 2020 |
fmap_t *input; |
| ... | ... |
@@ -2046,7 +2046,7 @@ static cl_error_t hwpml_binary_cb(int fd, const char *filepath, cli_ctx *ctx, in |
| 2046 | 2046 |
funmap(input); |
| 2047 | 2047 |
if (!decoded) {
|
| 2048 | 2048 |
cli_errmsg("HWPML: Failed to get base64 decode binary data\n");
|
| 2049 |
- return cli_magic_scandesc(fd, filepath, ctx, NULL); |
|
| 2049 |
+ return cli_magic_scan_desc(fd, filepath, ctx, NULL); |
|
| 2050 | 2050 |
} |
| 2051 | 2051 |
|
| 2052 | 2052 |
/* open file for writing and scanning */ |
| ... | ... |
@@ -303,7 +303,7 @@ int cli_scanishield_msi(cli_ctx *ctx, off_t off) |
| 303 | 303 |
cli_dbgmsg("ishield-msi: call to lseek() failed\n");
|
| 304 | 304 |
ret = CL_ESEEK; |
| 305 | 305 |
} |
| 306 |
- ret = cli_magic_scandesc(ofd, tempfile, ctx, filename); |
|
| 306 |
+ ret = cli_magic_scan_desc(ofd, tempfile, ctx, filename); |
|
| 307 | 307 |
} |
| 308 | 308 |
close(ofd); |
| 309 | 309 |
|
| ... | ... |
@@ -494,7 +494,7 @@ static int is_dump_and_scan(cli_ctx *ctx, off_t off, size_t fsize) |
| 494 | 494 |
cli_dbgmsg("ishield: call to lseek() failed\n");
|
| 495 | 495 |
ret = CL_ESEEK; |
| 496 | 496 |
} |
| 497 |
- ret = cli_magic_scandesc(ofd, fname, ctx, NULL); |
|
| 497 |
+ ret = cli_magic_scan_desc(ofd, fname, ctx, NULL); |
|
| 498 | 498 |
} |
| 499 | 499 |
close(ofd); |
| 500 | 500 |
if (!ctx->engine->keeptmp) |
| ... | ... |
@@ -794,7 +794,7 @@ static int is_extract_cab(cli_ctx *ctx, uint64_t off, uint64_t size, uint64_t cs |
| 794 | 794 |
cli_dbgmsg("is_extract_cab: extracted to %s\n", tempfile);
|
| 795 | 795 |
if (lseek(ofd, 0, SEEK_SET) == -1) |
| 796 | 796 |
cli_dbgmsg("is_extract_cab: call to lseek() failed\n");
|
| 797 |
- ret = cli_magic_scandesc(ofd, tempfile, ctx, NULL); |
|
| 797 |
+ ret = cli_magic_scan_desc(ofd, tempfile, ctx, NULL); |
|
| 798 | 798 |
} |
| 799 | 799 |
|
| 800 | 800 |
close(ofd); |
| ... | ... |
@@ -82,7 +82,7 @@ static int iso_scan_file(const iso9660_t *iso, unsigned int block, unsigned int |
| 82 | 82 |
} |
| 83 | 83 |
|
| 84 | 84 |
if (!len) |
| 85 |
- ret = cli_magic_scandesc(fd, tmpf, iso->ctx, iso->buf); |
|
| 85 |
+ ret = cli_magic_scan_desc(fd, tmpf, iso->ctx, iso->buf); |
|
| 86 | 86 |
|
| 87 | 87 |
close(fd); |
| 88 | 88 |
if (!iso->ctx->engine->keeptmp) {
|
| ... | ... |
@@ -408,7 +408,7 @@ int cli_scanmscab(cli_ctx *ctx, off_t sfx_offset) |
| 408 | 408 |
/* Failed to extract. Try to scan what is there */ |
| 409 | 409 |
cli_dbgmsg("%s() failed to extract %d\n", __func__, ret);
|
| 410 | 410 |
|
| 411 |
- ret = cli_scanfile(tmp_fname, ctx, cab_f->filename); |
|
| 411 |
+ ret = cli_magic_scan_file(tmp_fname, ctx, cab_f->filename); |
|
| 412 | 412 |
if (CL_EOPEN == ret) {
|
| 413 | 413 |
ret = CL_CLEAN; |
| 414 | 414 |
} else if (CL_VIRUS == ret) {
|
| ... | ... |
@@ -511,7 +511,7 @@ int cli_scanmschm(cli_ctx *ctx) |
| 511 | 511 |
/* Failed to extract. Try to scan what is there */ |
| 512 | 512 |
cli_dbgmsg("%s() failed to extract %d\n", __func__, ret);
|
| 513 | 513 |
|
| 514 |
- ret = cli_scanfile(tmp_fname, ctx, mschm_f->filename); |
|
| 514 |
+ ret = cli_magic_scan_file(tmp_fname, ctx, mschm_f->filename); |
|
| 515 | 515 |
if (CL_EOPEN == ret) {
|
| 516 | 516 |
ret = CL_CLEAN; |
| 517 | 517 |
} else if (CL_VIRUS == ret) {
|
| ... | ... |
@@ -562,7 +562,7 @@ int cli_scanmacho_unibin(cli_ctx *ctx) |
| 562 | 562 |
cli_dbgmsg("UNIBIN: Binary %u of %u\n", i + 1, fat_header.nfats);
|
| 563 | 563 |
cli_dbgmsg("UNIBIN: File offset: %u\n", fat_arch.offset);
|
| 564 | 564 |
cli_dbgmsg("UNIBIN: File size: %u\n", fat_arch.size);
|
| 565 |
- ret = cli_map_scan(map, fat_arch.offset, fat_arch.size, ctx, CL_TYPE_ANY, NULL); |
|
| 565 |
+ ret = cli_magic_scan_nested_fmap_type(map, fat_arch.offset, fat_arch.size, ctx, CL_TYPE_ANY, NULL); |
|
| 566 | 566 |
if (ret == CL_VIRUS) |
| 567 | 567 |
break; |
| 568 | 568 |
} |
| ... | ... |
@@ -602,7 +602,7 @@ int cli_unpackmacho(cli_ctx *ctx) |
| 602 | 602 |
cli_dbgmsg("cli_scanmacho: Unpacked and rebuilt executable\n");
|
| 603 | 603 |
lseek(ndesc, 0, SEEK_SET); |
| 604 | 604 |
cli_dbgmsg("***** Scanning rebuilt Mach-O file *****\n");
|
| 605 |
- if (cli_magic_scandesc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 605 |
+ if (cli_magic_scan_desc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) {
|
|
| 606 | 606 |
close(ndesc); |
| 607 | 607 |
CLI_TMPUNLK(); |
| 608 | 608 |
free(tempfile); |
| ... | ... |
@@ -258,7 +258,7 @@ static inline cl_error_t matcher_run(const struct cli_matcher *root, |
| 258 | 258 |
return ret; |
| 259 | 259 |
} |
| 260 | 260 |
|
| 261 |
-cl_error_t cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata) |
|
| 261 |
+cl_error_t cli_scan_buff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata) |
|
| 262 | 262 |
{
|
| 263 | 263 |
cl_error_t ret = CL_CLEAN; |
| 264 | 264 |
unsigned int i = 0, j = 0, viruses_found = 0; |
| ... | ... |
@@ -268,7 +268,7 @@ cl_error_t cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t o |
| 268 | 268 |
const struct cl_engine *engine = ctx->engine; |
| 269 | 269 |
|
| 270 | 270 |
if (!engine) {
|
| 271 |
- cli_errmsg("cli_scanbuff: engine == NULL\n");
|
|
| 271 |
+ cli_errmsg("cli_scan_buff: engine == NULL\n");
|
|
| 272 | 272 |
return CL_ENULLARG; |
| 273 | 273 |
} |
| 274 | 274 |
|
| ... | ... |
@@ -759,7 +759,7 @@ int32_t cli_bcapi_matchicon(struct cli_bc_ctx *ctx, const uint8_t *grp1, int32_t |
| 759 | 759 |
return (int32_t)ret; |
| 760 | 760 |
} |
| 761 | 761 |
|
| 762 |
-cl_error_t cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, const char *name) |
|
| 762 |
+cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, const char *name) |
|
| 763 | 763 |
{
|
| 764 | 764 |
cl_error_t ret = CL_EMEM; |
| 765 | 765 |
int empty; |
| ... | ... |
@@ -767,7 +767,7 @@ cl_error_t cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly |
| 767 | 767 |
|
| 768 | 768 |
ctx->fmap++; /* Perform scan with child fmap */ |
| 769 | 769 |
if (NULL != (*ctx->fmap = fmap_check_empty(desc, 0, 0, &empty, name))) {
|
| 770 |
- ret = cli_fmap_scandesc(ctx, ftype, ftonly, ftoffset, acmode, acres, NULL); |
|
| 770 |
+ ret = cli_scan_fmap(ctx, ftype, ftonly, ftoffset, acmode, acres, NULL); |
|
| 771 | 771 |
map->dont_cache_flag = (*ctx->fmap)->dont_cache_flag; |
| 772 | 772 |
funmap(*ctx->fmap); |
| 773 | 773 |
} |
| ... | ... |
@@ -829,7 +829,7 @@ static cl_error_t lsig_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_a |
| 829 | 829 |
if (0 != memcmp(ctx->handlertype_hash, hash, 16)) {
|
| 830 | 830 |
ctx->recursion++; |
| 831 | 831 |
memcpy(ctx->handlertype_hash, hash, 16); |
| 832 |
- if (cli_magic_scandesc_type(ctx, ac_lsig->tdb.handlertype[0]) == CL_VIRUS) {
|
|
| 832 |
+ if (cli_magic_scan(ctx, ac_lsig->tdb.handlertype[0]) == CL_VIRUS) {
|
|
| 833 | 833 |
ctx->recursion--; |
| 834 | 834 |
return CL_VIRUS; |
| 835 | 835 |
} |
| ... | ... |
@@ -920,7 +920,7 @@ cl_error_t cli_exp_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_da |
| 920 | 920 |
return CL_CLEAN; |
| 921 | 921 |
} |
| 922 | 922 |
|
| 923 |
-cl_error_t cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, unsigned char *refhash) |
|
| 923 |
+cl_error_t cli_scan_fmap(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, unsigned char *refhash) |
|
| 924 | 924 |
{
|
| 925 | 925 |
const unsigned char *buff; |
| 926 | 926 |
cl_error_t ret = CL_CLEAN, type = CL_CLEAN; |
| ... | ... |
@@ -940,7 +940,7 @@ cl_error_t cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, str |
| 940 | 940 |
void *md5ctx, *sha1ctx, *sha256ctx; |
| 941 | 941 |
|
| 942 | 942 |
if (!ctx->engine) {
|
| 943 |
- cli_errmsg("cli_scandesc: engine == NULL\n");
|
|
| 943 |
+ cli_errmsg("cli_scan_desc: engine == NULL\n");
|
|
| 944 | 944 |
return CL_ENULLARG; |
| 945 | 945 |
} |
| 946 | 946 |
|
| ... | ... |
@@ -996,7 +996,7 @@ cl_error_t cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, str |
| 996 | 996 |
cli_targetinfo(&info, i, map); |
| 997 | 997 |
|
| 998 | 998 |
if (-1 == info.status) {
|
| 999 |
- cli_dbgmsg("cli_fmap_scandesc: Failed to successfully parse the executable header. "
|
|
| 999 |
+ cli_dbgmsg("cli_scan_fmap: Failed to successfully parse the executable header. "
|
|
| 1000 | 1000 |
"Scan features will be disabled, such as " |
| 1001 | 1001 |
"NDB/LDB subsigs using EOF-n/EP+n/EP-n/Sx+n/SEx/SL+n, " |
| 1002 | 1002 |
"fuzzy icon matching, " |
| ... | ... |
@@ -1005,7 +1005,7 @@ cl_error_t cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, str |
| 1005 | 1005 |
} |
| 1006 | 1006 |
|
| 1007 | 1007 |
/* If it's a PE, check the Authenticode header. This would be more |
| 1008 |
- * appropriate in cli_scanpe, but cli_scanraw->cli_fmap_scandesc gets |
|
| 1008 |
+ * appropriate in cli_scanpe, but scanraw->cli_scan_fmap gets |
|
| 1009 | 1009 |
* called first for PEs, and we want to determine the whitelist/blacklist |
| 1010 | 1010 |
* status early on so we can skip things like embedded PE extraction |
| 1011 | 1011 |
* (which is broken for signed binaries within signed binaries). |
| ... | ... |
@@ -237,7 +237,7 @@ static const struct cli_mtarget cli_mtargets[CLI_MTARGETS] = {
|
| 237 | 237 |
* @param acdata [in/out] A list of pattern maching data structs to contain match results, one for each pattern matching trie. |
| 238 | 238 |
* @return cl_error_t |
| 239 | 239 |
*/ |
| 240 |
-cl_error_t cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata); |
|
| 240 |
+cl_error_t cli_scan_buff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata); |
|
| 241 | 241 |
|
| 242 | 242 |
/** |
| 243 | 243 |
* @brief Non-magic scan matching using a file descriptor for input. |
| ... | ... |
@@ -245,7 +245,7 @@ cl_error_t cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t o |
| 245 | 245 |
* This function does not perform file type magic identification and does not use |
| 246 | 246 |
* the file format scanners. |
| 247 | 247 |
* |
| 248 |
- * This function uses the newer cli_fmap_scandesc() scanning API. |
|
| 248 |
+ * This function uses the newer cli_scan_fmap() scanning API. |
|
| 249 | 249 |
* |
| 250 | 250 |
* @param desc File descriptor to be used for input |
| 251 | 251 |
* @param ctx The scanning context. |
| ... | ... |
@@ -257,7 +257,7 @@ cl_error_t cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t o |
| 257 | 257 |
* @param name (optional) Original name of the file (to set fmap name metadata) |
| 258 | 258 |
* @return cl_error_t |
| 259 | 259 |
*/ |
| 260 |
-cl_error_t cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, const char *name); |
|
| 260 |
+cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, const char *name); |
|
| 261 | 261 |
|
| 262 | 262 |
/** |
| 263 | 263 |
* @brief Non-magic scan matching of the current fmap in the scan context. Newer API. |
| ... | ... |
@@ -273,11 +273,11 @@ cl_error_t cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly |
| 273 | 273 |
* @param refhash MD5 hash of the current file, used to save time creating hashes and to limit scan recursion for the HandlerType logical signature FTM feature. |
| 274 | 274 |
* @return cl_error_t |
| 275 | 275 |
*/ |
| 276 |
-cl_error_t cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, unsigned char *refhash); |
|
| 276 |
+cl_error_t cli_scan_fmap(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, unsigned char *refhash); |
|
| 277 | 277 |
|
| 278 | 278 |
/** |
| 279 | 279 |
* @brief Evaluate logical signatures and yara rules given the AC matching results |
| 280 |
- * from cli_scanbuff() / matcher_run(). |
|
| 280 |
+ * from cli_scan_buff() / matcher_run(). |
|
| 281 | 281 |
* |
| 282 | 282 |
* @param ctx The scanning context. |
| 283 | 283 |
* @param root The AC trie root to match with. |
| ... | ... |
@@ -410,7 +410,7 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
| 410 | 410 |
* Is it a UNIX style mbox with more than one |
| 411 | 411 |
* mail message, or just a single mail message? |
| 412 | 412 |
* |
| 413 |
- * TODO: It would be better if we called cli_scandir here rather than |
|
| 413 |
+ * TODO: It would be better if we called cli_magic_scan_dir here rather than |
|
| 414 | 414 |
* in cli_scanmail. Then we could improve the way mailboxes with more |
| 415 | 415 |
* than one message is handled, e.g. giving a better indication of |
| 416 | 416 |
* which message within the mailbox is infected |
| ... | ... |
@@ -484,7 +484,7 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
| 484 | 484 |
* Starting a new message, throw away all the |
| 485 | 485 |
* information about the old one. It would |
| 486 | 486 |
* be best to be able to scan this message |
| 487 |
- * now, but cli_scanfile needs arguments |
|
| 487 |
+ * now, but cli_magic_scan_file needs arguments |
|
| 488 | 488 |
* that haven't been passed here so it can't be |
| 489 | 489 |
* called |
| 490 | 490 |
*/ |
| ... | ... |
@@ -562,7 +562,7 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
| 562 | 562 |
break; |
| 563 | 563 |
case FAIL: |
| 564 | 564 |
/* |
| 565 |
- * beware: cli_magic_scandesc(), |
|
| 565 |
+ * beware: cli_magic_scan_desc(), |
|
| 566 | 566 |
* changes this into CL_CLEAN, so only |
| 567 | 567 |
* use it to inform the higher levels |
| 568 | 568 |
* that we couldn't decode it because |
| ... | ... |
@@ -4097,7 +4097,7 @@ isBounceStart(mbox_ctx *mctx, const char *line) |
| 4097 | 4097 |
return FALSE; |
| 4098 | 4098 |
return TRUE; |
| 4099 | 4099 |
} |
| 4100 |
- return (bool)(cli_filetype((const unsigned char *)line, len, mctx->ctx->engine) == CL_TYPE_MAIL); |
|
| 4100 |
+ return (bool)(cli_compare_ftm_file((const unsigned char *)line, len, mctx->ctx->engine) == CL_TYPE_MAIL); |
|
| 4101 | 4101 |
} |
| 4102 | 4102 |
|
| 4103 | 4103 |
/* |
| ... | ... |
@@ -184,7 +184,7 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) |
| 184 | 184 |
} |
| 185 | 185 |
|
| 186 | 186 |
/* MBR is valid, examine bootstrap code */ |
| 187 |
- ret = cli_map_scan(*ctx->fmap, 0, sectorsize, ctx, CL_TYPE_ANY, NULL); |
|
| 187 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, 0, sectorsize, ctx, CL_TYPE_ANY, NULL); |
|
| 188 | 188 |
if (ret != CL_CLEAN) {
|
| 189 | 189 |
if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) |
| 190 | 190 |
detection = CL_VIRUS; |
| ... | ... |
@@ -239,8 +239,8 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) |
| 239 | 239 |
|
| 240 | 240 |
partoff = mbr.entries[i].firstLBA * sectorsize; |
| 241 | 241 |
partsize = mbr.entries[i].numLBA * sectorsize; |
| 242 |
- mbr_parsemsg("cli_map_scan: [%u, +%u)\n", partoff, partsize);
|
|
| 243 |
- ret = cli_map_scan(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, NULL); |
|
| 242 |
+ mbr_parsemsg("cli_magic_scan_nested_fmap_type: [%u, +%u)\n", partoff, partsize);
|
|
| 243 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, NULL); |
|
| 244 | 244 |
if (ret != CL_CLEAN) {
|
| 245 | 245 |
if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) |
| 246 | 246 |
detection = CL_VIRUS; |
| ... | ... |
@@ -381,7 +381,7 @@ static int mbr_scanextprtn(cli_ctx *ctx, unsigned *prtncount, off_t extlba, size |
| 381 | 381 |
return CL_EFORMAT; |
| 382 | 382 |
} |
| 383 | 383 |
|
| 384 |
- ret = cli_map_scan(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, NULL); |
|
| 384 |
+ ret = cli_magic_scan_nested_fmap_type(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, NULL); |
|
| 385 | 385 |
if (ret != CL_CLEAN) {
|
| 386 | 386 |
if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) |
| 387 | 387 |
detection = CL_VIRUS; |
| ... | ... |
@@ -1133,7 +1133,7 @@ messageIsEncoding(message *m) |
| 1133 | 1133 |
m->encoding = m->body_last; |
| 1134 | 1134 |
else if ((m->bounce == NULL) && m->ctx && |
| 1135 | 1135 |
(strncasecmp(line, "Received: ", 10) == 0) && |
| 1136 |
- (cli_filetype((const unsigned char *)line, strlen(line), m->ctx->engine) == CL_TYPE_MAIL)) |
|
| 1136 |
+ (cli_compare_ftm_file((const unsigned char *)line, strlen(line), m->ctx->engine) == CL_TYPE_MAIL)) |
|
| 1137 | 1137 |
m->bounce = m->body_last; |
| 1138 | 1138 |
/* Not needed with fast track visa technology */ |
| 1139 | 1139 |
/*else if((m->uuencode == NULL) && isuuencodebegin(line)) |
| ... | ... |
@@ -1732,7 +1732,7 @@ bounceBegin(message *m) |
| 1732 | 1732 |
const text *t_line; |
| 1733 | 1733 |
|
| 1734 | 1734 |
for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) |
| 1735 |
- if(cli_filetype(t_line->t_text, strlen(t_line->t_text)) == CL_TYPE_MAIL) |
|
| 1735 |
+ if(cli_compare_ftm_file(t_line->t_text, strlen(t_line->t_text)) == CL_TYPE_MAIL) |
|
| 1736 | 1736 |
return t_line; |
| 1737 | 1737 |
|
| 1738 | 1738 |
return NULL; |
| ... | ... |
@@ -462,7 +462,7 @@ static int msxml_parse_element(struct msxml_ctx *mxctx, xmlTextReaderPtr reader, |
| 462 | 462 |
|
| 463 | 463 |
cli_dbgmsg("msxml_parse_element: extracted binary data to %s\n", tempfile);
|
| 464 | 464 |
|
| 465 |
- ret = cli_magic_scandesc(of, tempfile, ctx, NULL); |
|
| 465 |
+ ret = cli_magic_scan_desc(of, tempfile, ctx, NULL); |
|
| 466 | 466 |
close(of); |
| 467 | 467 |
if (!(ctx->engine->keeptmp)) |
| 468 | 468 |
cli_unlink(tempfile); |
| ... | ... |
@@ -546,9 +546,9 @@ int cli_scannulsft(cli_ctx *ctx, off_t offset) |
| 546 | 546 |
return CL_ESEEK; |
| 547 | 547 |
} |
| 548 | 548 |
if (nsist.fno == 1) |
| 549 |
- ret = cli_scandesc(nsist.ofd, ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, NULL); /// TODO: Extract file names |
|
| 549 |
+ ret = cli_scan_desc(nsist.ofd, ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, NULL); /// TODO: Extract file names |
|
| 550 | 550 |
else |
| 551 |
- ret = cli_magic_scandesc(nsist.ofd, nsist.ofn, ctx, NULL); /// TODO: Extract file names |
|
| 551 |
+ ret = cli_magic_scan_desc(nsist.ofd, nsist.ofn, ctx, NULL); /// TODO: Extract file names |
|
| 552 | 552 |
close(nsist.ofd); |
| 553 | 553 |
if (!ctx->engine->keeptmp) |
| 554 | 554 |
if (cli_unlink(nsist.ofn)) ret = CL_EUNLINK; |
| ... | ... |
@@ -1425,7 +1425,7 @@ static cl_error_t scan_mso_stream(int fd, cli_ctx *ctx) |
| 1425 | 1425 |
} |
| 1426 | 1426 |
|
| 1427 | 1427 |
/* scanning inflated stream */ |
| 1428 |
- ret = cli_magic_scandesc(ofd, tmpname, ctx, NULL); |
|
| 1428 |
+ ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL); |
|
| 1429 | 1429 |
|
| 1430 | 1430 |
/* clean-up */ |
| 1431 | 1431 |
mso_end: |
| ... | ... |
@@ -1627,7 +1627,7 @@ handler_otf(ole2_header_t *hdr, property_t *prop, const char *dir, cli_ctx *ctx) |
| 1627 | 1627 |
ret = scan_mso_stream(ofd, ctx); |
| 1628 | 1628 |
} else {
|
| 1629 | 1629 |
/* Normal File Scan */ |
| 1630 |
- ret = cli_magic_scandesc(ofd, tempfile, ctx, NULL); |
|
| 1630 |
+ ret = cli_magic_scan_desc(ofd, tempfile, ctx, NULL); |
|
| 1631 | 1631 |
} |
| 1632 | 1632 |
if (name) |
| 1633 | 1633 |
free(name); |
| ... | ... |
@@ -1412,7 +1412,7 @@ static int pdf_scan_contents(int fd, struct pdf_struct *pdf) |
| 1412 | 1412 |
cli_writen(fout, s.out, s.out_pos); |
| 1413 | 1413 |
|
| 1414 | 1414 |
lseek(fout, 0, SEEK_SET); |
| 1415 |
- rc = cli_magic_scandesc(fout, fullname, pdf->ctx, NULL); |
|
| 1415 |
+ rc = cli_magic_scan_desc(fout, fullname, pdf->ctx, NULL); |
|
| 1416 | 1416 |
close(fout); |
| 1417 | 1417 |
|
| 1418 | 1418 |
if (!pdf->ctx->engine->keeptmp) |
| ... | ... |
@@ -1801,7 +1801,7 @@ done: |
| 1801 | 1801 |
|
| 1802 | 1802 |
/* TODO: invoke bytecode on this pdf obj with metainformation associated */ |
| 1803 | 1803 |
lseek(fout, 0, SEEK_SET); |
| 1804 |
- rc2 = cli_magic_scandesc(fout, fullname, pdf->ctx, NULL); |
|
| 1804 |
+ rc2 = cli_magic_scan_desc(fout, fullname, pdf->ctx, NULL); |
|
| 1805 | 1805 |
if (rc2 == CL_VIRUS || rc == CL_SUCCESS) |
| 1806 | 1806 |
rc = rc2; |
| 1807 | 1807 |
|
| ... | ... |
@@ -126,7 +126,7 @@ |
| 126 | 126 |
} |
| 127 | 127 |
|
| 128 | 128 |
#define CLI_UNPTEMP(NAME, FREEME) \ |
| 129 |
- if (!(tempfile = cli_gentemp(ctx->sub_tmpdir))) { \
|
|
| 129 |
+ if (!(tempfile = cli_gentemp(ctx->sub_tmpdir))) { \
|
|
| 130 | 130 |
cli_exe_info_destroy(peinfo); \ |
| 131 | 131 |
cli_multifree FREEME; \ |
| 132 | 132 |
return CL_EMEM; \ |
| ... | ... |
@@ -206,7 +206,7 @@ |
| 206 | 206 |
lseek(ndesc, 0, SEEK_SET); \ |
| 207 | 207 |
cli_dbgmsg("***** Scanning rebuilt PE file *****\n"); \
|
| 208 | 208 |
SHA_OFF; \ |
| 209 |
- if (cli_magic_scandesc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) { \
|
|
| 209 |
+ if (cli_magic_scan_desc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) { \
|
|
| 210 | 210 |
close(ndesc); \ |
| 211 | 211 |
SHA_RESET; \ |
| 212 | 212 |
CLI_TMPUNLK(); \ |
| ... | ... |
@@ -2872,7 +2872,7 @@ int cli_scanpe(cli_ctx *ctx) |
| 2872 | 2872 |
|
| 2873 | 2873 |
/* CLI_UNPTEMP("cli_scanpe: DISASM",(peinfo->sections,0)); */
|
| 2874 | 2874 |
/* if(disasmbuf((unsigned char*)epbuff, epsize, ndesc)) */ |
| 2875 |
- /* ret = cli_scandesc(ndesc, ctx, CL_TYPE_PE_DISASM, 1, NULL, AC_SCAN_VIR); */ |
|
| 2875 |
+ /* ret = cli_scan_desc(ndesc, ctx, CL_TYPE_PE_DISASM, 1, NULL, AC_SCAN_VIR); */ |
|
| 2876 | 2876 |
/* close(ndesc); */ |
| 2877 | 2877 |
/* if(ret == CL_VIRUS) { */
|
| 2878 | 2878 |
/* cli_exe_info_destroy(peinfo); */ |
| ... | ... |
@@ -3979,7 +3979,7 @@ int cli_scanpe(cli_ctx *ctx) |
| 3979 | 3979 |
|
| 3980 | 3980 |
cli_dbgmsg("***** Scanning decompressed file *****\n");
|
| 3981 | 3981 |
SHA_OFF; |
| 3982 |
- if ((ret = cli_magic_scandesc(ndesc, tempfile, ctx, NULL)) == CL_VIRUS) {
|
|
| 3982 |
+ if ((ret = cli_magic_scan_desc(ndesc, tempfile, ctx, NULL)) == CL_VIRUS) {
|
|
| 3983 | 3983 |
close(ndesc); |
| 3984 | 3984 |
SHA_RESET; |
| 3985 | 3985 |
CLI_TMPUNLK(); |
| ... | ... |
@@ -44,7 +44,7 @@ cl_error_t cli_parsepng(cli_ctx *ctx) |
| 44 | 44 |
{
|
| 45 | 45 |
uint64_t sz = 0; |
| 46 | 46 |
char chunkid[5] = {'\0', '\0', '\0', '\0', '\0'};
|
| 47 |
- int32_t toread = 0, toread_check = 0; |
|
| 47 |
+ size_t toread = 0, toread_check = 0; |
|
| 48 | 48 |
int32_t c = 0; |
| 49 | 49 |
int32_t have_IEND = 0, have_PLTE = 0; |
| 50 | 50 |
uint64_t zhead = 1; /* 0x10000 indicates both zlib header bytes read */ |
| ... | ... |
@@ -105,6 +105,10 @@ cl_error_t cli_parsepng(cli_ctx *ctx) |
| 105 | 105 |
|
| 106 | 106 |
toread = (sz > BUFFER_SIZE) ? BUFFER_SIZE : sz; |
| 107 | 107 |
toread_check = fmap_readn(map, buffer, offset, toread); |
| 108 |
+ if ((size_t)-1 == toread_check) {
|
|
| 109 |
+ cli_dbgmsg("PNG: Failed to read from map.\n");
|
|
| 110 |
+ return CL_EPARSE; |
|
| 111 |
+ } |
|
| 108 | 112 |
if (toread > toread_check) {
|
| 109 | 113 |
cli_dbgmsg("PNG: EOF while reading data\n");
|
| 110 | 114 |
return CL_EPARSE; |
| ... | ... |
@@ -232,6 +236,14 @@ cl_error_t cli_parsepng(cli_ctx *ctx) |
| 232 | 232 |
|
| 233 | 233 |
toread = MIN(sizeof(buffer), left_comp_read); |
| 234 | 234 |
toread_check = fmap_readn(map, buffer, offset, toread); |
| 235 |
+ if ((size_t)-1 == toread_check) {
|
|
| 236 |
+ cli_dbgmsg("PNG: Failed to read from map.\n");
|
|
| 237 |
+ if (outbuf) {
|
|
| 238 |
+ free(outbuf); |
|
| 239 |
+ outbuf = NULL; |
|
| 240 |
+ } |
|
| 241 |
+ return CL_EPARSE; |
|
| 242 |
+ } |
|
| 235 | 243 |
if (toread > toread_check) {
|
| 236 | 244 |
cli_dbgmsg("PNG: EOF while reading data\n");
|
| 237 | 245 |
if (outbuf) {
|
| ... | ... |
@@ -304,7 +316,7 @@ cl_error_t cli_parsepng(cli_ctx *ctx) |
| 304 | 304 |
|
| 305 | 305 |
// Is there an overlay? |
| 306 | 306 |
if (have_IEND && (map->len - (offset + 4) > 0)) |
| 307 |
- return cli_map_scan(map, offset + 4, map->len - (offset + 4), ctx, CL_TYPE_ANY); |
|
| 307 |
+ return cli_magic_scan_nested_fmap_type(map, offset + 4, map->len - (offset + 4), ctx, CL_TYPE_ANY, NULL); |
|
| 308 | 308 |
|
| 309 | 309 |
return CL_SUCCESS; |
| 310 | 310 |
} |
| ... | ... |
@@ -246,7 +246,7 @@ static int decode_and_scan(struct rtf_object_data* data, cli_ctx* ctx) |
| 246 | 246 |
cli_dbgmsg("Decoding ole object\n");
|
| 247 | 247 |
ret = cli_scan_ole10(data->fd, ctx); |
| 248 | 248 |
} else if (data->fd > 0) |
| 249 |
- ret = cli_magic_scandesc(data->fd, data->name, ctx, NULL); |
|
| 249 |
+ ret = cli_magic_scan_desc(data->fd, data->name, ctx, NULL); |
|
| 250 | 250 |
if (data->fd > 0) |
| 251 | 251 |
close(data->fd); |
| 252 | 252 |
data->fd = -1; |
| ... | ... |
@@ -122,7 +122,7 @@ |
| 122 | 122 |
#include <fcntl.h> |
| 123 | 123 |
#include <string.h> |
| 124 | 124 |
|
| 125 |
-static cl_error_t cli_scandir(const char *dirname, cli_ctx *ctx) |
|
| 125 |
+cl_error_t cli_magic_scan_dir(const char *dirname, cli_ctx *ctx) |
|
| 126 | 126 |
{
|
| 127 | 127 |
DIR *dd; |
| 128 | 128 |
struct dirent *dent; |
| ... | ... |
@@ -138,7 +138,7 @@ static cl_error_t cli_scandir(const char *dirname, cli_ctx *ctx) |
| 138 | 138 |
fname = cli_malloc(strlen(dirname) + strlen(dent->d_name) + 2); |
| 139 | 139 |
if (!fname) {
|
| 140 | 140 |
closedir(dd); |
| 141 |
- cli_dbgmsg("cli_scandir: Unable to allocate memory for filename\n");
|
|
| 141 |
+ cli_dbgmsg("cli_magic_scan_dir: Unable to allocate memory for filename\n");
|
|
| 142 | 142 |
return CL_EMEM; |
| 143 | 143 |
} |
| 144 | 144 |
|
| ... | ... |
@@ -147,7 +147,7 @@ static cl_error_t cli_scandir(const char *dirname, cli_ctx *ctx) |
| 147 | 147 |
/* stat the file */ |
| 148 | 148 |
if (LSTAT(fname, &statbuf) != -1) {
|
| 149 | 149 |
if (S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) {
|
| 150 |
- if (cli_scandir(fname, ctx) == CL_VIRUS) {
|
|
| 150 |
+ if (cli_magic_scan_dir(fname, ctx) == CL_VIRUS) {
|
|
| 151 | 151 |
free(fname); |
| 152 | 152 |
|
| 153 | 153 |
if (SCAN_ALLMATCHES) {
|
| ... | ... |
@@ -160,7 +160,7 @@ static cl_error_t cli_scandir(const char *dirname, cli_ctx *ctx) |
| 160 | 160 |
} |
| 161 | 161 |
} else {
|
| 162 | 162 |
if (S_ISREG(statbuf.st_mode)) {
|
| 163 |
- if (cli_scanfile(fname, ctx, dent->d_name) == CL_VIRUS) {
|
|
| 163 |
+ if (cli_magic_scan_file(fname, ctx, dent->d_name) == CL_VIRUS) {
|
|
| 164 | 164 |
free(fname); |
| 165 | 165 |
|
| 166 | 166 |
if (SCAN_ALLMATCHES) {
|
| ... | ... |
@@ -179,7 +179,7 @@ static cl_error_t cli_scandir(const char *dirname, cli_ctx *ctx) |
| 179 | 179 |
} |
| 180 | 180 |
} |
| 181 | 181 |
} else {
|
| 182 |
- cli_dbgmsg("cli_scandir: Can't open directory %s.\n", dirname);
|
|
| 182 |
+ cli_dbgmsg("cli_magic_scan_dir: Can't open directory %s.\n", dirname);
|
|
| 183 | 183 |
return CL_EOPEN; |
| 184 | 184 |
} |
| 185 | 185 |
|
| ... | ... |
@@ -287,7 +287,7 @@ static cl_error_t cli_scanrar(const char *filepath, int desc, cli_ctx *ctx) |
| 287 | 287 |
cli_dbgmsg("RAR: ERROR: Failed to write to output file\n");
|
| 288 | 288 |
} else {
|
| 289 | 289 |
/* Scan the comment file */ |
| 290 |
- status = cli_scanfile(comment_fullpath, ctx, NULL); |
|
| 290 |
+ status = cli_magic_scan_file(comment_fullpath, ctx, NULL); |
|
| 291 | 291 |
|
| 292 | 292 |
/* Delete the tempfile if not --leave-temps */ |
| 293 | 293 |
if (!ctx->engine->keeptmp) |
| ... | ... |
@@ -451,7 +451,7 @@ static cl_error_t cli_scanrar(const char *filepath, int desc, cli_ctx *ctx) |
| 451 | 451 |
* ... scan the extracted file. |
| 452 | 452 |
*/ |
| 453 | 453 |
cli_dbgmsg("RAR: Extraction complete. Scanning now...\n");
|
| 454 |
- status = cli_scanfile(extract_fullpath, ctx, filename_base); |
|
| 454 |
+ status = cli_magic_scan_file(extract_fullpath, ctx, filename_base); |
|
| 455 | 455 |
if (status == CL_EOPEN) {
|
| 456 | 456 |
cli_dbgmsg("RAR: File not found, Extraction failed!\n");
|
| 457 | 457 |
status = CL_CLEAN; |
| ... | ... |
@@ -674,7 +674,7 @@ static cl_error_t cli_scanegg(cli_ctx *ctx, size_t sfx_offset) |
| 674 | 674 |
/* |
| 675 | 675 |
* Scan the comment. |
| 676 | 676 |
*/ |
| 677 |
- status = cli_mem_scandesc(comments[i], strlen(comments[i]), ctx, NULL); |
|
| 677 |
+ status = cli_magic_scan_buff(comments[i], strlen(comments[i]), ctx, NULL); |
|
| 678 | 678 |
|
| 679 | 679 |
if ((status == CL_VIRUS) && SCAN_ALLMATCHES) {
|
| 680 | 680 |
status = CL_CLEAN; |
| ... | ... |
@@ -844,7 +844,7 @@ static cl_error_t cli_scanegg(cli_ctx *ctx, size_t sfx_offset) |
| 844 | 844 |
* Scan the extracted file... |
| 845 | 845 |
*/ |
| 846 | 846 |
cli_dbgmsg("EGG: Extraction complete. Scanning now...\n");
|
| 847 |
- status = cli_mem_scandesc(extract_buffer, extract_buffer_len, ctx, filename_base); |
|
| 847 |
+ status = cli_magic_scan_buff(extract_buffer, extract_buffer_len, ctx, filename_base); |
|
| 848 | 848 |
if (status == CL_VIRUS) {
|
| 849 | 849 |
cli_dbgmsg("EGG: infected with %s\n", cli_get_last_virus(ctx));
|
| 850 | 850 |
status = CL_VIRUS; |
| ... | ... |
@@ -1010,7 +1010,7 @@ static cl_error_t cli_scanarj(cli_ctx *ctx, off_t sfx_offset) |
| 1010 | 1010 |
if (lseek(metadata.ofd, 0, SEEK_SET) == -1) {
|
| 1011 | 1011 |
cli_dbgmsg("ARJ: call to lseek() failed\n");
|
| 1012 | 1012 |
} |
| 1013 |
- rc = cli_magic_scandesc(metadata.ofd, NULL, ctx, metadata.filename); |
|
| 1013 |
+ rc = cli_magic_scan_desc(metadata.ofd, NULL, ctx, metadata.filename); |
|
| 1014 | 1014 |
close(metadata.ofd); |
| 1015 | 1015 |
if (rc == CL_VIRUS) {
|
| 1016 | 1016 |
cli_dbgmsg("ARJ: infected with %s\n", cli_get_last_virus(ctx));
|
| ... | ... |
@@ -1097,7 +1097,7 @@ static cl_error_t cli_scangzip_with_zib_from_the_80s(cli_ctx *ctx, unsigned char |
| 1097 | 1097 |
|
| 1098 | 1098 |
gzclose(gz); |
| 1099 | 1099 |
|
| 1100 |
- if ((ret = cli_magic_scandesc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1100 |
+ if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1101 | 1101 |
cli_dbgmsg("GZip: Infected with %s\n", cli_get_last_virus(ctx));
|
| 1102 | 1102 |
close(fd); |
| 1103 | 1103 |
if (!ctx->engine->keeptmp) {
|
| ... | ... |
@@ -1199,7 +1199,7 @@ static cl_error_t cli_scangzip(cli_ctx *ctx) |
| 1199 | 1199 |
|
| 1200 | 1200 |
inflateEnd(&z); |
| 1201 | 1201 |
|
| 1202 |
- if ((ret = cli_magic_scandesc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1202 |
+ if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1203 | 1203 |
cli_dbgmsg("GZip: Infected with %s\n", cli_get_last_virus(ctx));
|
| 1204 | 1204 |
close(fd); |
| 1205 | 1205 |
if (!ctx->engine->keeptmp) {
|
| ... | ... |
@@ -1305,7 +1305,7 @@ static cl_error_t cli_scanbzip(cli_ctx *ctx) |
| 1305 | 1305 |
|
| 1306 | 1306 |
BZ2_bzDecompressEnd(&strm); |
| 1307 | 1307 |
|
| 1308 |
- if ((ret = cli_magic_scandesc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1308 |
+ if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1309 | 1309 |
cli_dbgmsg("Bzip: Infected with %s\n", cli_get_last_virus(ctx));
|
| 1310 | 1310 |
close(fd); |
| 1311 | 1311 |
if (!ctx->engine->keeptmp) {
|
| ... | ... |
@@ -1414,7 +1414,7 @@ static cl_error_t cli_scanxz(cli_ctx *ctx) |
| 1414 | 1414 |
} while (XZ_STREAM_END != rc); |
| 1415 | 1415 |
|
| 1416 | 1416 |
/* scan decompressed file */ |
| 1417 |
- if ((ret = cli_magic_scandesc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1417 |
+ if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) {
|
|
| 1418 | 1418 |
cli_dbgmsg("cli_scanxz: Infected with %s\n", cli_get_last_virus(ctx));
|
| 1419 | 1419 |
} |
| 1420 | 1420 |
|
| ... | ... |
@@ -1454,7 +1454,7 @@ static cl_error_t cli_scanszdd(cli_ctx *ctx) |
| 1454 | 1454 |
} |
| 1455 | 1455 |
|
| 1456 | 1456 |
cli_dbgmsg("MSEXPAND: Decompressed into %s\n", tmpname);
|
| 1457 |
- ret = cli_magic_scandesc(ofd, tmpname, ctx, NULL); |
|
| 1457 |
+ ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL); |
|
| 1458 | 1458 |
close(ofd); |
| 1459 | 1459 |
if (!ctx->engine->keeptmp) |
| 1460 | 1460 |
if (cli_unlink(tmpname)) |
| ... | ... |
@@ -1483,7 +1483,7 @@ static cl_error_t vba_scandata(const unsigned char *data, size_t len, cli_ctx *c |
| 1483 | 1483 |
mdata[0] = &tmdata; |
| 1484 | 1484 |
mdata[1] = &gmdata; |
| 1485 | 1485 |
|
| 1486 |
- ret = cli_scanbuff(data, len, 0, ctx, CL_TYPE_MSOLE2, mdata); |
|
| 1486 |
+ ret = cli_scan_buff(data, len, 0, ctx, CL_TYPE_MSOLE2, mdata); |
|
| 1487 | 1487 |
if (ret == CL_VIRUS) |
| 1488 | 1488 |
viruses_found++; |
| 1489 | 1489 |
|
| ... | ... |
@@ -1611,7 +1611,7 @@ static cl_error_t cli_vba_scandir_new(const char *dirname, cli_ctx *ctx, struct |
| 1611 | 1611 |
ctx->recursion += 1; |
| 1612 | 1612 |
cli_set_container(ctx, CL_TYPE_MSOLE2, 0); //TODO: set correct container size |
| 1613 | 1613 |
|
| 1614 |
- if (cli_scandesc(tempfd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, NULL, NULL) == CL_VIRUS) {
|
|
| 1614 |
+ if (cli_scan_desc(tempfd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, NULL, NULL) == CL_VIRUS) {
|
|
| 1615 | 1615 |
ctx->recursion -= 1; |
| 1616 | 1616 |
ret = CL_VIRUS; |
| 1617 | 1617 |
goto done; |
| ... | ... |
@@ -1732,7 +1732,7 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
| 1732 | 1732 |
continue; |
| 1733 | 1733 |
} |
| 1734 | 1734 |
if ((fullname = cli_ppt_vba_read(fd, ctx))) {
|
| 1735 |
- if (cli_scandir(fullname, ctx) == CL_VIRUS) {
|
|
| 1735 |
+ if (cli_magic_scan_dir(fullname, ctx) == CL_VIRUS) {
|
|
| 1736 | 1736 |
ret = CL_VIRUS; |
| 1737 | 1737 |
viruses_found++; |
| 1738 | 1738 |
} |
| ... | ... |
@@ -1991,7 +1991,7 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) |
| 1991 | 1991 |
snprintf(fullname, 1024, "%s" PATHSEP "nocomment.html", tempname); |
| 1992 | 1992 |
fd = open(fullname, O_RDONLY | O_BINARY); |
| 1993 | 1993 |
if (fd >= 0) {
|
| 1994 |
- if ((ret = cli_scandesc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 1994 |
+ if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 1995 | 1995 |
viruses_found++; |
| 1996 | 1996 |
close(fd); |
| 1997 | 1997 |
} |
| ... | ... |
@@ -2007,7 +2007,7 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) |
| 2007 | 2007 |
snprintf(fullname, 1024, "%s" PATHSEP "notags.html", tempname); |
| 2008 | 2008 |
fd = open(fullname, O_RDONLY | O_BINARY); |
| 2009 | 2009 |
if (fd >= 0) {
|
| 2010 |
- if ((ret = cli_scandesc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 2010 |
+ if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 2011 | 2011 |
viruses_found++; |
| 2012 | 2012 |
close(fd); |
| 2013 | 2013 |
} |
| ... | ... |
@@ -2018,10 +2018,10 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) |
| 2018 | 2018 |
snprintf(fullname, 1024, "%s" PATHSEP "javascript", tempname); |
| 2019 | 2019 |
fd = open(fullname, O_RDONLY | O_BINARY); |
| 2020 | 2020 |
if (fd >= 0) {
|
| 2021 |
- if ((ret = cli_scandesc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 2021 |
+ if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 2022 | 2022 |
viruses_found++; |
| 2023 | 2023 |
if (ret == CL_CLEAN || (ret == CL_VIRUS && SCAN_ALLMATCHES)) {
|
| 2024 |
- if ((ret = cli_scandesc(fd, ctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 2024 |
+ if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) |
|
| 2025 | 2025 |
viruses_found++; |
| 2026 | 2026 |
} |
| 2027 | 2027 |
close(fd); |
| ... | ... |
@@ -2030,7 +2030,7 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) |
| 2030 | 2030 |
|
| 2031 | 2031 |
if (ret == CL_CLEAN || (ret == CL_VIRUS && SCAN_ALLMATCHES)) {
|
| 2032 | 2032 |
snprintf(fullname, 1024, "%s" PATHSEP "rfc2397", tempname); |
| 2033 |
- ret = cli_scandir(fullname, ctx); |
|
| 2033 |
+ ret = cli_magic_scan_dir(fullname, ctx); |
|
| 2034 | 2034 |
} |
| 2035 | 2035 |
|
| 2036 | 2036 |
if (!ctx->engine->keeptmp) |
| ... | ... |
@@ -2140,7 +2140,7 @@ static cl_error_t cli_scanscript(cli_ctx *ctx) |
| 2140 | 2140 |
} else {
|
| 2141 | 2141 |
|
| 2142 | 2142 |
/* scan map */ |
| 2143 |
- ret = cli_fmap_scandesc(ctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 2143 |
+ ret = cli_scan_fmap(ctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 2144 | 2144 |
if (ret == CL_VIRUS) {
|
| 2145 | 2145 |
viruses_found++; |
| 2146 | 2146 |
} |
| ... | ... |
@@ -2171,7 +2171,7 @@ static cl_error_t cli_scanscript(cli_ctx *ctx) |
| 2171 | 2171 |
/* we can continue to scan in memory */ |
| 2172 | 2172 |
} |
| 2173 | 2173 |
/* when we flush the buffer also scan */ |
| 2174 |
- if (cli_scanbuff(state.out, state.out_pos, offset, ctx, CL_TYPE_TEXT_ASCII, mdata) == CL_VIRUS) {
|
|
| 2174 |
+ if (cli_scan_buff(state.out, state.out_pos, offset, ctx, CL_TYPE_TEXT_ASCII, mdata) == CL_VIRUS) {
|
|
| 2175 | 2175 |
if (SCAN_ALLMATCHES) |
| 2176 | 2176 |
viruses_found++; |
| 2177 | 2177 |
else {
|
| ... | ... |
@@ -2338,7 +2338,7 @@ static cl_error_t cli_scanole2(cli_ctx *ctx) |
| 2338 | 2338 |
} |
| 2339 | 2339 |
|
| 2340 | 2340 |
if (ret != CL_VIRUS) |
| 2341 |
- if (cli_scandir(dir, ctx) == CL_VIRUS) |
|
| 2341 |
+ if (cli_magic_scan_dir(dir, ctx) == CL_VIRUS) |
|
| 2342 | 2342 |
ret = CL_VIRUS; |
| 2343 | 2343 |
ctx->recursion--; |
| 2344 | 2344 |
} |
| ... | ... |
@@ -2348,7 +2348,7 @@ static cl_error_t cli_scanole2(cli_ctx *ctx) |
| 2348 | 2348 |
|
| 2349 | 2349 |
ret = cli_xlm_scandir(dir, ctx, files); |
| 2350 | 2350 |
if (ret != CL_VIRUS) |
| 2351 |
- if (cli_scandir(dir, ctx) == CL_VIRUS) |
|
| 2351 |
+ if (cli_magic_scan_dir(dir, ctx) == CL_VIRUS) |
|
| 2352 | 2352 |
ret = CL_VIRUS; |
| 2353 | 2353 |
ctx->recursion--; |
| 2354 | 2354 |
} |
| ... | ... |
@@ -2407,7 +2407,7 @@ static cl_error_t cli_scanscrenc(cli_ctx *ctx) |
| 2407 | 2407 |
} |
| 2408 | 2408 |
|
| 2409 | 2409 |
if (html_screnc_decode(*ctx->fmap, tempname)) |
| 2410 |
- ret = cli_scandir(tempname, ctx); |
|
| 2410 |
+ ret = cli_magic_scan_dir(tempname, ctx); |
|
| 2411 | 2411 |
|
| 2412 | 2412 |
if (!ctx->engine->keeptmp) |
| 2413 | 2413 |
cli_rmdirs(tempname); |
| ... | ... |
@@ -2482,7 +2482,7 @@ static cl_error_t cli_scancryptff(cli_ctx *ctx) |
| 2482 | 2482 |
|
| 2483 | 2483 |
cli_dbgmsg("CryptFF: Scanning decrypted data\n");
|
| 2484 | 2484 |
|
| 2485 |
- if ((ret = cli_magic_scandesc(ndesc, tempfile, ctx, NULL)) == CL_VIRUS) |
|
| 2485 |
+ if ((ret = cli_magic_scan_desc(ndesc, tempfile, ctx, NULL)) == CL_VIRUS) |
|
| 2486 | 2486 |
cli_dbgmsg("CryptFF: Infected with %s\n", cli_get_last_virus(ctx));
|
| 2487 | 2487 |
|
| 2488 | 2488 |
close(ndesc); |
| ... | ... |
@@ -2536,7 +2536,7 @@ static cl_error_t cli_scantnef(cli_ctx *ctx) |
| 2536 | 2536 |
ret = cli_tnef(dir, ctx); |
| 2537 | 2537 |
|
| 2538 | 2538 |
if (ret == CL_CLEAN) |
| 2539 |
- ret = cli_scandir(dir, ctx); |
|
| 2539 |
+ ret = cli_magic_scan_dir(dir, ctx); |
|
| 2540 | 2540 |
|
| 2541 | 2541 |
if (!ctx->engine->keeptmp) |
| 2542 | 2542 |
cli_rmdirs(dir); |
| ... | ... |
@@ -2562,7 +2562,7 @@ static cl_error_t cli_scanuuencoded(cli_ctx *ctx) |
| 2562 | 2562 |
ret = cli_uuencode(dir, *ctx->fmap); |
| 2563 | 2563 |
|
| 2564 | 2564 |
if (ret == CL_CLEAN) |
| 2565 |
- ret = cli_scandir(dir, ctx); |
|
| 2565 |
+ ret = cli_magic_scan_dir(dir, ctx); |
|
| 2566 | 2566 |
|
| 2567 | 2567 |
if (!ctx->engine->keeptmp) |
| 2568 | 2568 |
cli_rmdirs(dir); |
| ... | ... |
@@ -2603,7 +2603,7 @@ static cl_error_t cli_scanmail(cli_ctx *ctx) |
| 2603 | 2603 |
} |
| 2604 | 2604 |
} |
| 2605 | 2605 |
|
| 2606 |
- ret = cli_scandir(dir, ctx); |
|
| 2606 |
+ ret = cli_magic_scan_dir(dir, ctx); |
|
| 2607 | 2607 |
|
| 2608 | 2608 |
if (!ctx->engine->keeptmp) |
| 2609 | 2609 |
cli_rmdirs(dir); |
| ... | ... |
@@ -2764,7 +2764,7 @@ static cl_error_t cli_scanembpe(cli_ctx *ctx, off_t offset) |
| 2764 | 2764 |
ctx->recursion++; |
| 2765 | 2765 |
corrupted_input = ctx->corrupted_input; |
| 2766 | 2766 |
ctx->corrupted_input = 1; |
| 2767 |
- ret = cli_magic_scandesc(fd, tmpname, ctx, NULL); |
|
| 2767 |
+ ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL); |
|
| 2768 | 2768 |
ctx->corrupted_input = corrupted_input; |
| 2769 | 2769 |
if (ret == CL_VIRUS) {
|
| 2770 | 2770 |
cli_dbgmsg("cli_scanembpe: Infected with %s\n", cli_get_last_virus(ctx));
|
| ... | ... |
@@ -2791,7 +2791,7 @@ static cl_error_t cli_scanembpe(cli_ctx *ctx, off_t offset) |
| 2791 | 2791 |
} |
| 2792 | 2792 |
free(tmpname); |
| 2793 | 2793 |
|
| 2794 |
- /* intentionally ignore possible errors from cli_magic_scandesc */ |
|
| 2794 |
+ /* intentionally ignore possible errors from cli_magic_scan_desc */ |
|
| 2795 | 2795 |
return CL_CLEAN; |
| 2796 | 2796 |
} |
| 2797 | 2797 |
|
| ... | ... |
@@ -2972,7 +2972,7 @@ static inline void perf_done(cli_ctx *ctx) |
| 2972 | 2972 |
* @param refhash Hash of current fmap |
| 2973 | 2973 |
* @return cl_error_t |
| 2974 | 2974 |
*/ |
| 2975 |
-static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_t *dettype, unsigned char *refhash) |
|
| 2975 |
+static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_t *dettype, unsigned char *refhash) |
|
| 2976 | 2976 |
{
|
| 2977 | 2977 |
cl_error_t ret = CL_CLEAN, nret = CL_CLEAN; |
| 2978 | 2978 |
struct cli_matched_type *ftoffset = NULL, *fpt; |
| ... | ... |
@@ -2994,11 +2994,11 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 2994 | 2994 |
if (typercg && type != CL_TYPE_GPT) |
| 2995 | 2995 |
acmode |= AC_SCAN_FT; |
| 2996 | 2996 |
|
| 2997 |
- ret = cli_fmap_scandesc(ctx, type == CL_TYPE_TEXT_ASCII ? CL_TYPE_ANY : type, 0, &ftoffset, acmode, NULL, refhash); |
|
| 2997 |
+ ret = cli_scan_fmap(ctx, type == CL_TYPE_TEXT_ASCII ? CL_TYPE_ANY : type, 0, &ftoffset, acmode, NULL, refhash); |
|
| 2998 | 2998 |
perf_stop(ctx, PERFT_RAW); |
| 2999 | 2999 |
|
| 3000 | 3000 |
// TODO I think this causes embedded file extraction to stop when a |
| 3001 |
- // signature has matched in cli_fmap_scandesc, which wouldn't be what |
|
| 3001 |
+ // signature has matched in cli_scan_fmap, which wouldn't be what |
|
| 3002 | 3002 |
// we want if allmatch is specified. |
| 3003 | 3003 |
if (ret >= CL_TYPENO) {
|
| 3004 | 3004 |
perf_nested_start(ctx, PERFT_RAWTYPENO, PERFT_SCAN); |
| ... | ... |
@@ -3020,7 +3020,7 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 3020 | 3020 |
if (!json_object_object_get_ex(parent_property, "EmbeddedObjects", &arrobj)) {
|
| 3021 | 3021 |
arrobj = json_object_new_array(); |
| 3022 | 3022 |
if (NULL == arrobj) {
|
| 3023 |
- cli_errmsg("cli_scanraw: no memory for json properties object\n");
|
|
| 3023 |
+ cli_errmsg("scanraw: no memory for json properties object\n");
|
|
| 3024 | 3024 |
nret = CL_EMEM; |
| 3025 | 3025 |
break; |
| 3026 | 3026 |
} |
| ... | ... |
@@ -3028,7 +3028,7 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 3028 | 3028 |
} |
| 3029 | 3029 |
ctx->wrkproperty = json_object_new_object(); |
| 3030 | 3030 |
if (NULL == ctx->wrkproperty) {
|
| 3031 |
- cli_errmsg("cli_scanraw: no memory for json properties object\n");
|
|
| 3031 |
+ cli_errmsg("scanraw: no memory for json properties object\n");
|
|
| 3032 | 3032 |
nret = CL_EMEM; |
| 3033 | 3033 |
break; |
| 3034 | 3034 |
} |
| ... | ... |
@@ -3036,14 +3036,14 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 3036 | 3036 |
|
| 3037 | 3037 |
ret = cli_jsonstr(ctx->wrkproperty, "FileType", cli_ftname(fpt->type)); |
| 3038 | 3038 |
if (ret != CL_SUCCESS) {
|
| 3039 |
- cli_errmsg("cli_scanraw: failed to add string to json object\n");
|
|
| 3039 |
+ cli_errmsg("scanraw: failed to add string to json object\n");
|
|
| 3040 | 3040 |
nret = CL_EMEM; |
| 3041 | 3041 |
break; |
| 3042 | 3042 |
} |
| 3043 | 3043 |
|
| 3044 | 3044 |
ret = cli_jsonint64(ctx->wrkproperty, "Offset", (int64_t)fpt->offset); |
| 3045 | 3045 |
if (ret != CL_SUCCESS) {
|
| 3046 |
- cli_errmsg("cli_scanraw: failed to add int to json object\n");
|
|
| 3046 |
+ cli_errmsg("scanraw: failed to add int to json object\n");
|
|
| 3047 | 3047 |
nret = CL_EMEM; |
| 3048 | 3048 |
break; |
| 3049 | 3049 |
} |
| ... | ... |
@@ -3104,7 +3104,7 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 3104 | 3104 |
*/ |
| 3105 | 3105 |
nret = fmap_dump_to_file(map, ctx->sub_filepath, ctx->sub_tmpdir, &tmpname, &tmpfd, fpt->offset, fpt->offset + csize); |
| 3106 | 3106 |
if (nret != CL_SUCCESS) {
|
| 3107 |
- cli_dbgmsg("cli_scanraw: failed to generate temporary file.\n");
|
|
| 3107 |
+ cli_dbgmsg("scanraw: failed to generate temporary file.\n");
|
|
| 3108 | 3108 |
ret = nret; |
| 3109 | 3109 |
break_loop = 1; |
| 3110 | 3110 |
break; |
| ... | ... |
@@ -3127,7 +3127,7 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 3127 | 3127 |
*/ |
| 3128 | 3128 |
nret = fmap_dump_to_file(map, ctx->sub_filepath, ctx->sub_tmpdir, &tmpname, &tmpfd, fpt->offset, fpt->offset + csize); |
| 3129 | 3129 |
if (nret != CL_SUCCESS) {
|
| 3130 |
- cli_dbgmsg("cli_scanraw: failed to generate temporary file.\n");
|
|
| 3130 |
+ cli_dbgmsg("scanraw: failed to generate temporary file.\n");
|
|
| 3131 | 3131 |
ret = nret; |
| 3132 | 3132 |
break_loop = 1; |
| 3133 | 3133 |
break; |
| ... | ... |
@@ -3275,7 +3275,7 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 3275 | 3275 |
size_t csize = map->len - fpt->offset; /* not precise */ |
| 3276 | 3276 |
/* CL_ENGINE_MAX_EMBEDDED_PE */ |
| 3277 | 3277 |
if (curr_len > ctx->engine->maxembeddedpe) {
|
| 3278 |
- cli_dbgmsg("cli_scanraw: MaxEmbeddedPE exceeded\n");
|
|
| 3278 |
+ cli_dbgmsg("scanraw: MaxEmbeddedPE exceeded\n");
|
|
| 3279 | 3279 |
break; |
| 3280 | 3280 |
} |
| 3281 | 3281 |
cli_set_container(ctx, CL_TYPE_MSEXE, csize); |
| ... | ... |
@@ -3324,7 +3324,7 @@ static cl_error_t cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cl |
| 3324 | 3324 |
break; |
| 3325 | 3325 |
|
| 3326 | 3326 |
default: |
| 3327 |
- cli_warnmsg("cli_scanraw: Type %u not handled in fpt loop\n", fpt->type);
|
|
| 3327 |
+ cli_warnmsg("scanraw: Type %u not handled in fpt loop\n", fpt->type);
|
|
| 3328 | 3328 |
} |
| 3329 | 3329 |
} |
| 3330 | 3330 |
|
| ... | ... |
@@ -3419,14 +3419,14 @@ static cl_error_t dispatch_prescan(clcb_pre_scan cb, cli_ctx *ctx, const char *f |
| 3419 | 3419 |
perf_start(ctx, PERFT_PRECB); |
| 3420 | 3420 |
switch (cb(fmap_fd(*ctx->fmap), filetype, ctx->cb_ctx)) {
|
| 3421 | 3421 |
case CL_BREAK: |
| 3422 |
- cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n");
|
|
| 3422 |
+ cli_dbgmsg("cli_magic_scan_desc: file whitelisted by callback\n");
|
|
| 3423 | 3423 |
perf_stop(ctx, PERFT_PRECB); |
| 3424 | 3424 |
ctx->hook_lsig_matches = old_hook_lsig_matches; |
| 3425 | 3425 |
/* returns CL_CLEAN */ |
| 3426 | 3426 |
*run_cleanup = 1; |
| 3427 | 3427 |
break; |
| 3428 | 3428 |
case CL_VIRUS: |
| 3429 |
- cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n");
|
|
| 3429 |
+ cli_dbgmsg("cli_magic_scan_desc: file blacklisted by callback\n");
|
|
| 3430 | 3430 |
cli_append_virus(ctx, "Detected.By.Callback"); |
| 3431 | 3431 |
perf_stop(ctx, PERFT_PRECB); |
| 3432 | 3432 |
ctx->hook_lsig_matches = old_hook_lsig_matches; |
| ... | ... |
@@ -3436,7 +3436,7 @@ static cl_error_t dispatch_prescan(clcb_pre_scan cb, cli_ctx *ctx, const char *f |
| 3436 | 3436 |
case CL_CLEAN: |
| 3437 | 3437 |
break; |
| 3438 | 3438 |
default: |
| 3439 |
- cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n");
|
|
| 3439 |
+ cli_warnmsg("cli_magic_scan_desc: ignoring bad return code from callback\n");
|
|
| 3440 | 3440 |
} |
| 3441 | 3441 |
|
| 3442 | 3442 |
perf_stop(ctx, PERFT_PRECB); |
| ... | ... |
@@ -3445,7 +3445,7 @@ static cl_error_t dispatch_prescan(clcb_pre_scan cb, cli_ctx *ctx, const char *f |
| 3445 | 3445 |
return res; |
| 3446 | 3446 |
} |
| 3447 | 3447 |
|
| 3448 |
-static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
|
| 3448 |
+cl_error_t cli_magic_scan(cli_ctx *ctx, cli_file_t type) |
|
| 3449 | 3449 |
{
|
| 3450 | 3450 |
cl_error_t ret = CL_CLEAN; |
| 3451 | 3451 |
cl_error_t cb_retcode; |
| ... | ... |
@@ -3480,7 +3480,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3480 | 3480 |
} |
| 3481 | 3481 |
|
| 3482 | 3482 |
if (ctx->engine->maxreclevel && ctx->recursion > ctx->engine->maxreclevel) {
|
| 3483 |
- cli_dbgmsg("magic_scandesc: Archive recursion limit exceeded (%u, max: %u)\n", ctx->recursion, ctx->engine->maxreclevel);
|
|
| 3483 |
+ cli_dbgmsg("cli_magic_scan: Archive recursion limit exceeded (%u, max: %u)\n", ctx->recursion, ctx->engine->maxreclevel);
|
|
| 3484 | 3484 |
emax_reached(ctx); |
| 3485 | 3485 |
cli_check_blockmax(ctx, CL_EMAXREC); |
| 3486 | 3486 |
ret = CL_CLEAN; |
| ... | ... |
@@ -3490,7 +3490,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3490 | 3490 |
if (cli_updatelimits(ctx, (*ctx->fmap)->len) != CL_CLEAN) {
|
| 3491 | 3491 |
emax_reached(ctx); |
| 3492 | 3492 |
ret = CL_CLEAN; |
| 3493 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3493 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3494 | 3494 |
goto early_ret; |
| 3495 | 3495 |
} |
| 3496 | 3496 |
|
| ... | ... |
@@ -3505,7 +3505,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3505 | 3505 |
*/ |
| 3506 | 3506 |
new_temp_path = cli_gentemp_with_prefix(ctx->sub_tmpdir, fmap_basename); |
| 3507 | 3507 |
if (NULL == new_temp_path) {
|
| 3508 |
- cli_errmsg("magic_scandesc: Failed to generate temp directory name.\n");
|
|
| 3508 |
+ cli_errmsg("cli_magic_scan: Failed to generate temp directory name.\n");
|
|
| 3509 | 3509 |
ret = CL_EMEM; |
| 3510 | 3510 |
goto early_ret; |
| 3511 | 3511 |
} |
| ... | ... |
@@ -3515,7 +3515,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3515 | 3515 |
*/ |
| 3516 | 3516 |
new_temp_path = cli_gentemp_with_prefix(ctx->sub_tmpdir, "scantemp"); |
| 3517 | 3517 |
if (NULL == new_temp_path) {
|
| 3518 |
- cli_errmsg("magic_scandesc: Failed to generate temp directory name.\n");
|
|
| 3518 |
+ cli_errmsg("cli_magic_scan: Failed to generate temp directory name.\n");
|
|
| 3519 | 3519 |
ret = CL_EMEM; |
| 3520 | 3520 |
goto early_ret; |
| 3521 | 3521 |
} |
| ... | ... |
@@ -3525,7 +3525,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3525 | 3525 |
ctx->sub_tmpdir = new_temp_path; |
| 3526 | 3526 |
|
| 3527 | 3527 |
if (mkdir(ctx->sub_tmpdir, 0700)) {
|
| 3528 |
- cli_errmsg("magic_scandesc: Can't create tmp sub-directory for scan: %s.\n", ctx->sub_tmpdir);
|
|
| 3528 |
+ cli_errmsg("cli_magic_scan: Can't create tmp sub-directory for scan: %s.\n", ctx->sub_tmpdir);
|
|
| 3529 | 3529 |
ret = CL_EACCES; |
| 3530 | 3530 |
goto early_ret; |
| 3531 | 3531 |
} |
| ... | ... |
@@ -3541,13 +3541,13 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3541 | 3541 |
|
| 3542 | 3542 |
perf_start(ctx, PERFT_FT); |
| 3543 | 3543 |
if ((type == CL_TYPE_ANY) || type == CL_TYPE_PART_ANY) {
|
| 3544 |
- type = cli_filetype2(*ctx->fmap, ctx->engine, type); |
|
| 3544 |
+ type = cli_determine_fmap_type(*ctx->fmap, ctx->engine, type); |
|
| 3545 | 3545 |
} |
| 3546 | 3546 |
perf_stop(ctx, PERFT_FT); |
| 3547 | 3547 |
if (type == CL_TYPE_ERROR) {
|
| 3548 |
- cli_dbgmsg("magic_scandesc: cli_filetype2 returned CL_TYPE_ERROR\n");
|
|
| 3548 |
+ cli_dbgmsg("cli_magic_scan: cli_determine_fmap_type returned CL_TYPE_ERROR\n");
|
|
| 3549 | 3549 |
ret = CL_EREAD; |
| 3550 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3550 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3551 | 3551 |
goto early_ret; |
| 3552 | 3552 |
} |
| 3553 | 3553 |
filetype = cli_ftname(type); |
| ... | ... |
@@ -3557,21 +3557,21 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3557 | 3557 |
if (NULL == ctx->properties) {
|
| 3558 | 3558 |
ctx->properties = json_object_new_object(); |
| 3559 | 3559 |
if (NULL == ctx->properties) {
|
| 3560 |
- cli_errmsg("magic_scandesc: no memory for json properties object\n");
|
|
| 3560 |
+ cli_errmsg("cli_magic_scan: no memory for json properties object\n");
|
|
| 3561 | 3561 |
ret = CL_EMEM; |
| 3562 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3562 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3563 | 3563 |
goto early_ret; |
| 3564 | 3564 |
} |
| 3565 | 3565 |
ctx->wrkproperty = ctx->properties; |
| 3566 | 3566 |
|
| 3567 | 3567 |
ret = cli_jsonstr(ctx->properties, "Magic", "CLAMJSONv0"); |
| 3568 | 3568 |
if (ret != CL_SUCCESS) {
|
| 3569 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3569 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3570 | 3570 |
goto early_ret; |
| 3571 | 3571 |
} |
| 3572 | 3572 |
ret = cli_jsonstr(ctx->properties, "RootFileType", filetype); |
| 3573 | 3573 |
if (ret != CL_SUCCESS) {
|
| 3574 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3574 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3575 | 3575 |
goto early_ret; |
| 3576 | 3576 |
} |
| 3577 | 3577 |
|
| ... | ... |
@@ -3582,18 +3582,18 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3582 | 3582 |
if (!json_object_object_get_ex(parent_property, "ContainedObjects", &arrobj)) {
|
| 3583 | 3583 |
arrobj = json_object_new_array(); |
| 3584 | 3584 |
if (NULL == arrobj) {
|
| 3585 |
- cli_errmsg("magic_scandesc: no memory for json properties object\n");
|
|
| 3585 |
+ cli_errmsg("cli_magic_scan: no memory for json properties object\n");
|
|
| 3586 | 3586 |
ret = CL_EMEM; |
| 3587 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3587 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3588 | 3588 |
goto early_ret; |
| 3589 | 3589 |
} |
| 3590 | 3590 |
json_object_object_add(parent_property, "ContainedObjects", arrobj); |
| 3591 | 3591 |
} |
| 3592 | 3592 |
ctx->wrkproperty = json_object_new_object(); |
| 3593 | 3593 |
if (NULL == ctx->wrkproperty) {
|
| 3594 |
- cli_errmsg("magic_scandesc: no memory for json properties object\n");
|
|
| 3594 |
+ cli_errmsg("cli_magic_scan: no memory for json properties object\n");
|
|
| 3595 | 3595 |
ret = CL_EMEM; |
| 3596 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3596 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3597 | 3597 |
goto early_ret; |
| 3598 | 3598 |
} |
| 3599 | 3599 |
json_object_array_add(arrobj, ctx->wrkproperty); |
| ... | ... |
@@ -3602,25 +3602,25 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3602 | 3602 |
if ((*ctx->fmap)->name) {
|
| 3603 | 3603 |
ret = cli_jsonstr(ctx->wrkproperty, "FileName", (*ctx->fmap)->name); |
| 3604 | 3604 |
if (ret != CL_SUCCESS) {
|
| 3605 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3605 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3606 | 3606 |
goto early_ret; |
| 3607 | 3607 |
} |
| 3608 | 3608 |
} |
| 3609 | 3609 |
if (ctx->sub_filepath) {
|
| 3610 | 3610 |
ret = cli_jsonstr(ctx->wrkproperty, "FilePath", ctx->sub_filepath); |
| 3611 | 3611 |
if (ret != CL_SUCCESS) {
|
| 3612 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3612 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3613 | 3613 |
goto early_ret; |
| 3614 | 3614 |
} |
| 3615 | 3615 |
} |
| 3616 | 3616 |
ret = cli_jsonstr(ctx->wrkproperty, "FileType", filetype); |
| 3617 | 3617 |
if (ret != CL_SUCCESS) {
|
| 3618 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3618 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3619 | 3619 |
goto early_ret; |
| 3620 | 3620 |
} |
| 3621 | 3621 |
ret = cli_jsonint(ctx->wrkproperty, "FileSize", (*ctx->fmap)->len); |
| 3622 | 3622 |
if (ret != CL_SUCCESS) {
|
| 3623 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3623 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3624 | 3624 |
goto early_ret; |
| 3625 | 3625 |
} |
| 3626 | 3626 |
} |
| ... | ... |
@@ -3654,7 +3654,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3654 | 3654 |
if (ctx->engine->engine_options & ENGINE_OPTIONS_DISABLE_CACHE) |
| 3655 | 3655 |
memset(hash, 0, 16); |
| 3656 | 3656 |
if (ret != CL_SUCCESS) {
|
| 3657 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3657 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3658 | 3658 |
goto early_ret; |
| 3659 | 3659 |
} |
| 3660 | 3660 |
} |
| ... | ... |
@@ -3662,7 +3662,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3662 | 3662 |
|
| 3663 | 3663 |
if (res != CL_VIRUS) {
|
| 3664 | 3664 |
perf_stop(ctx, PERFT_CACHE); |
| 3665 |
- cli_dbgmsg("magic_scandesc: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3665 |
+ cli_dbgmsg("cli_magic_scan: returning %d %s (no post, no cache)\n", ret, __AT__);
|
|
| 3666 | 3666 |
goto early_ret; |
| 3667 | 3667 |
} |
| 3668 | 3668 |
|
| ... | ... |
@@ -3672,9 +3672,9 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3672 | 3672 |
if (!((ctx->options->general & ~CL_SCAN_GENERAL_ALLMATCHES) || (ctx->options->parse) || (ctx->options->heuristic) || (ctx->options->mail) || (ctx->options->dev)) || (ctx->recursion == ctx->engine->maxreclevel)) { /* raw mode (stdin, etc.) or last level of recursion */
|
| 3673 | 3673 |
if (ctx->recursion == ctx->engine->maxreclevel) {
|
| 3674 | 3674 |
cli_check_blockmax(ctx, CL_EMAXREC); |
| 3675 |
- cli_dbgmsg("magic_scandesc: Hit recursion limit, only scanning raw file\n");
|
|
| 3675 |
+ cli_dbgmsg("cli_magic_scan: Hit recursion limit, only scanning raw file\n");
|
|
| 3676 | 3676 |
} else |
| 3677 |
- cli_dbgmsg("magic_scandesc: Raw mode: No support for special files\n");
|
|
| 3677 |
+ cli_dbgmsg("cli_magic_scan: Raw mode: No support for special files\n");
|
|
| 3678 | 3678 |
|
| 3679 | 3679 |
ret = dispatch_prescan(ctx->engine->cb_pre_scan, ctx, filetype, old_hook_lsig_matches, parent_property, hash, hashed_size, &run_cleanup); |
| 3680 | 3680 |
if (run_cleanup) {
|
| ... | ... |
@@ -3684,8 +3684,8 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3684 | 3684 |
goto done; |
| 3685 | 3685 |
} |
| 3686 | 3686 |
|
| 3687 |
- if ((ret = cli_fmap_scandesc(ctx, CL_TYPE_ANY, 0, NULL, AC_SCAN_VIR, NULL, hash)) == CL_VIRUS) |
|
| 3688 |
- cli_dbgmsg("magic_scandesc: %s found in descriptor %d\n", cli_get_last_virus(ctx), fmap_fd(*ctx->fmap));
|
|
| 3687 |
+ if ((ret = cli_scan_fmap(ctx, CL_TYPE_ANY, 0, NULL, AC_SCAN_VIR, NULL, hash)) == CL_VIRUS) |
|
| 3688 |
+ cli_dbgmsg("cli_magic_scan: %s found in descriptor %d\n", cli_get_last_virus(ctx), fmap_fd(*ctx->fmap));
|
|
| 3689 | 3689 |
else if (ret == CL_CLEAN) {
|
| 3690 | 3690 |
if (ctx->recursion != ctx->engine->maxreclevel) |
| 3691 | 3691 |
cache_clean = 1; /* Only cache if limits are not reached */ |
| ... | ... |
@@ -3718,7 +3718,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3718 | 3718 |
} |
| 3719 | 3719 |
|
| 3720 | 3720 |
if (type != CL_TYPE_IGNORED && ctx->engine->sdb) {
|
| 3721 |
- ret = cli_scanraw(ctx, type, 0, &dettype, (ctx->engine->engine_options & ENGINE_OPTIONS_DISABLE_CACHE) ? NULL : hash); |
|
| 3721 |
+ ret = scanraw(ctx, type, 0, &dettype, (ctx->engine->engine_options & ENGINE_OPTIONS_DISABLE_CACHE) ? NULL : hash); |
|
| 3722 | 3722 |
if (ret == CL_EMEM || ret == CL_VIRUS) {
|
| 3723 | 3723 |
ret = cli_checkfp(hash, hashed_size, ctx); |
| 3724 | 3724 |
cli_bitset_free(ctx->hook_lsig_matches); |
| ... | ... |
@@ -3781,7 +3781,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3781 | 3781 |
/* If map is not file-backed have to dump to file for scanrar. */ |
| 3782 | 3782 |
ret = fmap_dump_to_file(*ctx->fmap, ctx->sub_filepath, ctx->sub_tmpdir, &tmpname, &tmpfd, 0, SIZE_MAX); |
| 3783 | 3783 |
if (ret != CL_SUCCESS) {
|
| 3784 |
- cli_dbgmsg("magic_scandesc: failed to generate temporary file.\n");
|
|
| 3784 |
+ cli_dbgmsg("cli_magic_scan: failed to generate temporary file.\n");
|
|
| 3785 | 3785 |
break; |
| 3786 | 3786 |
} |
| 3787 | 3787 |
filepath = tmpname; |
| ... | ... |
@@ -3802,7 +3802,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 3802 | 3802 |
*/ |
| 3803 | 3803 |
ret = fmap_dump_to_file(*ctx->fmap, ctx->sub_filepath, ctx->sub_tmpdir, &tmpname, &tmpfd, 0, SIZE_MAX); |
| 3804 | 3804 |
if (ret != CL_SUCCESS) {
|
| 3805 |
- cli_dbgmsg("magic_scandesc: failed to generate temporary file.\n");
|
|
| 3805 |
+ cli_dbgmsg("cli_magic_scan: failed to generate temporary file.\n");
|
|
| 3806 | 3806 |
break; |
| 3807 | 3807 |
} |
| 3808 | 3808 |
filepath = tmpname; |
| ... | ... |
@@ -4115,14 +4115,14 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 4115 | 4115 |
/* CL_ENGINE_MAX_ZIPTYPERCG */ |
| 4116 | 4116 |
uint64_t curr_len = (*ctx->fmap)->len; |
| 4117 | 4117 |
if (curr_len > ctx->engine->maxziptypercg) {
|
| 4118 |
- cli_dbgmsg("cli_magic_scandesc: Not checking for embedded PEs (zip file > MaxZipTypeRcg)\n");
|
|
| 4118 |
+ cli_dbgmsg("cli_magic_scan_desc: Not checking for embedded PEs (zip file > MaxZipTypeRcg)\n");
|
|
| 4119 | 4119 |
typercg = 0; |
| 4120 | 4120 |
} |
| 4121 | 4121 |
} |
| 4122 | 4122 |
|
| 4123 | 4123 |
/* CL_TYPE_HTML: raw HTML files are not scanned, unless safety measure activated via DCONF */ |
| 4124 | 4124 |
if (type != CL_TYPE_IGNORED && (type != CL_TYPE_HTML || !(SCAN_PARSE_HTML) || !(DCONF_DOC & DOC_CONF_HTML_SKIPRAW)) && !ctx->engine->sdb) {
|
| 4125 |
- res = cli_scanraw(ctx, type, typercg, &dettype, (ctx->engine->engine_options & ENGINE_OPTIONS_DISABLE_CACHE) ? NULL : hash); |
|
| 4125 |
+ res = scanraw(ctx, type, typercg, &dettype, (ctx->engine->engine_options & ENGINE_OPTIONS_DISABLE_CACHE) ? NULL : hash); |
|
| 4126 | 4126 |
if (res != CL_CLEAN) {
|
| 4127 | 4127 |
switch (res) {
|
| 4128 | 4128 |
/* List of scan halts, runtime errors only! */ |
| ... | ... |
@@ -4134,7 +4134,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 4134 | 4134 |
case CL_ETMPFILE: |
| 4135 | 4135 |
case CL_ETMPDIR: |
| 4136 | 4136 |
case CL_EMEM: |
| 4137 |
- cli_dbgmsg("Descriptor[%d]: cli_scanraw error %s\n", fmap_fd(*ctx->fmap), cl_strerror(res));
|
|
| 4137 |
+ cli_dbgmsg("Descriptor[%d]: scanraw error %s\n", fmap_fd(*ctx->fmap), cl_strerror(res));
|
|
| 4138 | 4138 |
cli_bitset_free(ctx->hook_lsig_matches); |
| 4139 | 4139 |
ctx->hook_lsig_matches = old_hook_lsig_matches; |
| 4140 | 4140 |
ret = res; |
| ... | ... |
@@ -4160,7 +4160,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 4160 | 4160 |
cli_check_blockmax(ctx, ret); |
| 4161 | 4161 |
cli_bitset_free(ctx->hook_lsig_matches); |
| 4162 | 4162 |
ctx->hook_lsig_matches = old_hook_lsig_matches; |
| 4163 |
- cli_dbgmsg("Descriptor[%d]: Stopping after cli_scanraw reached %s\n",
|
|
| 4163 |
+ cli_dbgmsg("Descriptor[%d]: Stopping after scanraw reached %s\n",
|
|
| 4164 | 4164 |
fmap_fd(*ctx->fmap), cl_strerror(res)); |
| 4165 | 4165 |
ret = CL_CLEAN; |
| 4166 | 4166 |
goto done; |
| ... | ... |
@@ -4169,7 +4169,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 4169 | 4169 |
case CL_EMAXSIZE: |
| 4170 | 4170 |
case CL_EMAXFILES: |
| 4171 | 4171 |
ret = res; |
| 4172 |
- cli_dbgmsg("Descriptor[%d]: Continuing after cli_scanraw reached %s\n",
|
|
| 4172 |
+ cli_dbgmsg("Descriptor[%d]: Continuing after scanraw reached %s\n",
|
|
| 4173 | 4173 |
fmap_fd(*ctx->fmap), cl_strerror(res)); |
| 4174 | 4174 |
break; |
| 4175 | 4175 |
/* Other errors must not block further scans below |
| ... | ... |
@@ -4178,7 +4178,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 4178 | 4178 |
*/ |
| 4179 | 4179 |
default: |
| 4180 | 4180 |
ret = res; |
| 4181 |
- cli_dbgmsg("Descriptor[%d]: Continuing after cli_scanraw error %s\n",
|
|
| 4181 |
+ cli_dbgmsg("Descriptor[%d]: Continuing after scanraw error %s\n",
|
|
| 4182 | 4182 |
fmap_fd(*ctx->fmap), cl_strerror(res)); |
| 4183 | 4183 |
} |
| 4184 | 4184 |
} |
| ... | ... |
@@ -4198,7 +4198,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 4198 | 4198 |
if ((DCONF_DOC & DOC_CONF_SCRIPT) && dettype != CL_TYPE_HTML && (ret != CL_VIRUS || SCAN_ALLMATCHES) && SCAN_PARSE_HTML) |
| 4199 | 4199 |
ret = cli_scanscript(ctx); |
| 4200 | 4200 |
if (SCAN_PARSE_MAIL && (DCONF_MAIL & MAIL_CONF_MBOX) && ret != CL_VIRUS && (cli_get_container(ctx, -1) == CL_TYPE_MAIL || dettype == CL_TYPE_MAIL)) {
|
| 4201 |
- ret = cli_fmap_scandesc(ctx, CL_TYPE_MAIL, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 4201 |
+ ret = cli_scan_fmap(ctx, CL_TYPE_MAIL, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 4202 | 4202 |
} |
| 4203 | 4203 |
perf_nested_stop(ctx, PERFT_SCRIPT, PERFT_SCAN); |
| 4204 | 4204 |
break; |
| ... | ... |
@@ -4226,7 +4226,7 @@ static cl_error_t magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 4226 | 4226 |
perf_nested_stop(ctx, PERFT_MACHO, PERFT_SCAN); |
| 4227 | 4227 |
break; |
| 4228 | 4228 |
case CL_TYPE_BINARY_DATA: |
| 4229 |
- ret = cli_fmap_scandesc(ctx, CL_TYPE_OTHER, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 4229 |
+ ret = cli_scan_fmap(ctx, CL_TYPE_OTHER, 0, NULL, AC_SCAN_VIR, NULL, NULL); |
|
| 4230 | 4230 |
break; |
| 4231 | 4231 |
default: |
| 4232 | 4232 |
break; |
| ... | ... |
@@ -4274,7 +4274,7 @@ done: |
| 4274 | 4274 |
cb_retcode = ret; |
| 4275 | 4275 |
} |
| 4276 | 4276 |
|
| 4277 |
- cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", ret, __AT__);
|
|
| 4277 |
+ cli_dbgmsg("cli_magic_scan_desc: returning %d %s\n", ret, __AT__);
|
|
| 4278 | 4278 |
if (ctx->engine->cb_post_scan) {
|
| 4279 | 4279 |
const char *virusname = NULL; |
| 4280 | 4280 |
perf_start(ctx, PERFT_POSTCB); |
| ... | ... |
@@ -4282,12 +4282,12 @@ done: |
| 4282 | 4282 |
virusname = cli_get_last_virus(ctx); |
| 4283 | 4283 |
switch (ctx->engine->cb_post_scan(fmap_fd(*ctx->fmap), cb_retcode, virusname, ctx->cb_ctx)) {
|
| 4284 | 4284 |
case CL_BREAK: |
| 4285 |
- cli_dbgmsg("cli_magic_scandesc: file whitelisted by post_scan callback\n");
|
|
| 4285 |
+ cli_dbgmsg("cli_magic_scan_desc: file whitelisted by post_scan callback\n");
|
|
| 4286 | 4286 |
perf_stop(ctx, PERFT_POSTCB); |
| 4287 | 4287 |
ret = CL_CLEAN; |
| 4288 | 4288 |
break; |
| 4289 | 4289 |
case CL_VIRUS: |
| 4290 |
- cli_dbgmsg("cli_magic_scandesc: file blacklisted by post_scan callback\n");
|
|
| 4290 |
+ cli_dbgmsg("cli_magic_scan_desc: file blacklisted by post_scan callback\n");
|
|
| 4291 | 4291 |
cli_append_virus(ctx, "Detected.By.Callback"); |
| 4292 | 4292 |
perf_stop(ctx, PERFT_POSTCB); |
| 4293 | 4293 |
if (ret != CL_VIRUS) {
|
| ... | ... |
@@ -4297,7 +4297,7 @@ done: |
| 4297 | 4297 |
case CL_CLEAN: |
| 4298 | 4298 |
break; |
| 4299 | 4299 |
default: |
| 4300 |
- cli_warnmsg("cli_magic_scandesc: ignoring bad return code from post_scan callback\n");
|
|
| 4300 |
+ cli_warnmsg("cli_magic_scan_desc: ignoring bad return code from post_scan callback\n");
|
|
| 4301 | 4301 |
} |
| 4302 | 4302 |
perf_stop(ctx, PERFT_POSTCB); |
| 4303 | 4303 |
} |
| ... | ... |
@@ -4330,7 +4330,7 @@ early_ret: |
| 4330 | 4330 |
return ret; |
| 4331 | 4331 |
} |
| 4332 | 4332 |
|
| 4333 |
-cl_error_t cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, const char *name) |
|
| 4333 |
+cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, const char *name) |
|
| 4334 | 4334 |
{
|
| 4335 | 4335 |
STATBUF sb; |
| 4336 | 4336 |
cl_error_t status = CL_CLEAN; |
| ... | ... |
@@ -4346,19 +4346,19 @@ cl_error_t cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_f |
| 4346 | 4346 |
if (ctx->sha_collect > 0) |
| 4347 | 4347 |
ctx->sha_collect = 0; |
| 4348 | 4348 |
#endif |
| 4349 |
- cli_dbgmsg("in cli_base_scandesc (reclevel: %u/%u)\n", ctx->recursion, ctx->engine->maxreclevel);
|
|
| 4349 |
+ cli_dbgmsg("in cli_magic_scan_desc_type (reclevel: %u/%u)\n", ctx->recursion, ctx->engine->maxreclevel);
|
|
| 4350 | 4350 |
if (FSTAT(desc, &sb) == -1) {
|
| 4351 |
- cli_errmsg("magic_scandesc: Can't fstat descriptor %d\n", desc);
|
|
| 4351 |
+ cli_errmsg("cli_magic_scan: Can't fstat descriptor %d\n", desc);
|
|
| 4352 | 4352 |
|
| 4353 | 4353 |
status = CL_ESTAT; |
| 4354 |
- cli_dbgmsg("cli_base_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
|
|
| 4354 |
+ cli_dbgmsg("cli_magic_scan_desc_type: returning %d %s (no post, no cache)\n", status, __AT__);
|
|
| 4355 | 4355 |
goto done; |
| 4356 | 4356 |
} |
| 4357 | 4357 |
if (sb.st_size <= 5) {
|
| 4358 | 4358 |
cli_dbgmsg("Small data (%u bytes)\n", (unsigned int)sb.st_size);
|
| 4359 | 4359 |
|
| 4360 | 4360 |
status = CL_CLEAN; |
| 4361 |
- cli_dbgmsg("cli_base_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
|
|
| 4361 |
+ cli_dbgmsg("cli_magic_scan_desc_type: returning %d %s (no post, no cache)\n", status, __AT__);
|
|
| 4362 | 4362 |
goto done; |
| 4363 | 4363 |
} |
| 4364 | 4364 |
|
| ... | ... |
@@ -4370,12 +4370,12 @@ cl_error_t cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_f |
| 4370 | 4370 |
perf_stop(ctx, PERFT_MAP); |
| 4371 | 4371 |
|
| 4372 | 4372 |
status = CL_EMEM; |
| 4373 |
- cli_dbgmsg("cli_base_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
|
|
| 4373 |
+ cli_dbgmsg("cli_magic_scan_desc_type: returning %d %s (no post, no cache)\n", status, __AT__);
|
|
| 4374 | 4374 |
goto done; |
| 4375 | 4375 |
} |
| 4376 | 4376 |
perf_stop(ctx, PERFT_MAP); |
| 4377 | 4377 |
|
| 4378 |
- status = magic_scandesc(ctx, type); |
|
| 4378 |
+ status = cli_magic_scan(ctx, type); |
|
| 4379 | 4379 |
|
| 4380 | 4380 |
funmap(*ctx->fmap); |
| 4381 | 4381 |
ctx->fmap--; |
| ... | ... |
@@ -4386,29 +4386,78 @@ done: |
| 4386 | 4386 |
return status; |
| 4387 | 4387 |
} |
| 4388 | 4388 |
|
| 4389 |
-cl_error_t cli_magic_scandesc(int desc, const char *filepath, cli_ctx *ctx, const char *name) |
|
| 4389 |
+cl_error_t cli_magic_scan_desc(int desc, const char *filepath, cli_ctx *ctx, const char *name) |
|
| 4390 | 4390 |
{
|
| 4391 |
- return cli_base_scandesc(desc, filepath, ctx, CL_TYPE_ANY, name); |
|
| 4391 |
+ return cli_magic_scan_desc_type(desc, filepath, ctx, CL_TYPE_ANY, name); |
|
| 4392 | 4392 |
} |
| 4393 | 4393 |
|
| 4394 |
-cl_error_t cli_magic_scandesc_type(cli_ctx *ctx, cli_file_t type) |
|
| 4394 |
+cl_error_t cl_scandesc(int desc, const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, struct cl_scan_options *scanoptions) |
|
| 4395 | 4395 |
{
|
| 4396 |
- return magic_scandesc(ctx, type); |
|
| 4396 |
+ return cl_scandesc_callback(desc, filename, virname, scanned, engine, scanoptions, NULL); |
|
| 4397 | 4397 |
} |
| 4398 | 4398 |
|
| 4399 |
-cl_error_t cl_scandesc(int desc, const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, struct cl_scan_options *scanoptions) |
|
| 4399 |
+/** |
|
| 4400 |
+ * @brief Scan an offset/length into a file map. |
|
| 4401 |
+ * |
|
| 4402 |
+ * Magic-scan some portion of an existing fmap. |
|
| 4403 |
+ * |
|
| 4404 |
+ * @param map File map. |
|
| 4405 |
+ * @param offset Offset into file map. |
|
| 4406 |
+ * @param length Length from offset. |
|
| 4407 |
+ * @param ctx Scanning context structure. |
|
| 4408 |
+ * @param type CL_TYPE of data to be scanned. |
|
| 4409 |
+ * @param name (optional) Original name of the file (to set fmap name metadata) |
|
| 4410 |
+ * @return int CL_SUCCESS, or an error code. |
|
| 4411 |
+ */ |
|
| 4412 |
+static cl_error_t magic_scan_nested_fmap_type(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name) |
|
| 4400 | 4413 |
{
|
| 4401 |
- return cl_scandesc_callback(desc, filename, virname, scanned, engine, scanoptions, NULL); |
|
| 4414 |
+ cl_error_t ret = CL_CLEAN; |
|
| 4415 |
+ |
|
| 4416 |
+ cli_dbgmsg("magic_scan_nested_fmap_type: [%zu, +%zu), [" STDi64 ", +%zu)\n",
|
|
| 4417 |
+ map->nested_offset, map->len, |
|
| 4418 |
+ (int64_t)offset, length); |
|
| 4419 |
+ if (offset < 0 || (size_t)offset >= map->len) {
|
|
| 4420 |
+ cli_dbgmsg("Invalid offset: %ld\n", (long)offset);
|
|
| 4421 |
+ return CL_CLEAN; |
|
| 4422 |
+ } |
|
| 4423 |
+ |
|
| 4424 |
+ if (!length) |
|
| 4425 |
+ length = map->len - offset; |
|
| 4426 |
+ if (length > map->len - offset) {
|
|
| 4427 |
+ cli_dbgmsg("Data truncated: %zu -> %zu\n",
|
|
| 4428 |
+ length, map->len - (size_t)offset); |
|
| 4429 |
+ length = map->len - (size_t)offset; |
|
| 4430 |
+ } |
|
| 4431 |
+ |
|
| 4432 |
+ if (length <= 5) {
|
|
| 4433 |
+ cli_dbgmsg("Small data (%zu bytes)\n", length);
|
|
| 4434 |
+ return CL_CLEAN; |
|
| 4435 |
+ } |
|
| 4436 |
+ ctx->fmap++; |
|
| 4437 |
+ *ctx->fmap = fmap_duplicate(map, offset, length, name); |
|
| 4438 |
+ if (NULL == *ctx->fmap) {
|
|
| 4439 |
+ cli_dbgmsg("Failed to duplicate fmap for scan of fmap subsection\n");
|
|
| 4440 |
+ ctx->fmap--; |
|
| 4441 |
+ return CL_CLEAN; |
|
| 4442 |
+ } |
|
| 4443 |
+ |
|
| 4444 |
+ ret = cli_magic_scan(ctx, type); |
|
| 4445 |
+ |
|
| 4446 |
+ free_duplicate_fmap(*ctx->fmap); /* This fmap is just a duplicate. */ |
|
| 4447 |
+ *ctx->fmap = NULL; |
|
| 4448 |
+ ctx->fmap--; |
|
| 4449 |
+ |
|
| 4450 |
+ return ret; |
|
| 4402 | 4451 |
} |
| 4403 | 4452 |
|
| 4404 | 4453 |
/* For map scans that may be forced to disk */ |
| 4405 |
-cl_error_t cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name) |
|
| 4454 |
+cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name) |
|
| 4406 | 4455 |
{
|
| 4407 | 4456 |
off_t old_off = map->nested_offset; |
| 4408 | 4457 |
size_t old_len = map->len; |
| 4409 | 4458 |
cl_error_t ret = CL_CLEAN; |
| 4410 | 4459 |
|
| 4411 |
- cli_dbgmsg("cli_map_scan: [%ld, +%lu)\n",
|
|
| 4460 |
+ cli_dbgmsg("cli_magic_scan_nested_fmap_type: [%ld, +%lu)\n",
|
|
| 4412 | 4461 |
(long)offset, (unsigned long)length); |
| 4413 | 4462 |
if (offset < 0 || (size_t)offset >= old_len) {
|
| 4414 | 4463 |
cli_dbgmsg("Invalid offset: %ld\n", (long)offset);
|
| ... | ... |
@@ -4426,16 +4475,16 @@ cl_error_t cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ct |
| 4426 | 4426 |
if (!length) |
| 4427 | 4427 |
length = old_len - offset; |
| 4428 | 4428 |
if (length > old_len - offset) {
|
| 4429 |
- cli_dbgmsg("cli_map_scan: Data truncated: %lu -> %lu\n",
|
|
| 4429 |
+ cli_dbgmsg("cli_magic_scan_nested_fmap_type: Data truncated: %lu -> %lu\n",
|
|
| 4430 | 4430 |
(unsigned long)length, (unsigned long)(old_len - offset)); |
| 4431 | 4431 |
length = old_len - offset; |
| 4432 | 4432 |
} |
| 4433 | 4433 |
if (length <= 5) {
|
| 4434 |
- cli_dbgmsg("cli_map_scan: Small data (%u bytes)\n", (unsigned int)length);
|
|
| 4434 |
+ cli_dbgmsg("cli_magic_scan_nested_fmap_type: Small data (%u bytes)\n", (unsigned int)length);
|
|
| 4435 | 4435 |
return CL_CLEAN; |
| 4436 | 4436 |
} |
| 4437 | 4437 |
if (!CLI_ISCONTAINED(old_off, old_len, old_off + offset, length)) {
|
| 4438 |
- cli_dbgmsg("cli_map_scan: map error occurred [%ld, %zu]\n",
|
|
| 4438 |
+ cli_dbgmsg("cli_magic_scan_nested_fmap_type: map error occurred [%ld, %zu]\n",
|
|
| 4439 | 4439 |
(long)old_off, old_len); |
| 4440 | 4440 |
return CL_CLEAN; |
| 4441 | 4441 |
} |
| ... | ... |
@@ -4443,7 +4492,7 @@ cl_error_t cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ct |
| 4443 | 4443 |
/* Length checked, now get map */ |
| 4444 | 4444 |
mapdata = fmap_need_off_once_len(map, offset, length, &nread); |
| 4445 | 4445 |
if (!mapdata || (nread != length)) {
|
| 4446 |
- cli_errmsg("cli_map_scan: could not map sub-file\n");
|
|
| 4446 |
+ cli_errmsg("cli_magic_scan_nested_fmap_type: could not map sub-file\n");
|
|
| 4447 | 4447 |
return CL_EMAP; |
| 4448 | 4448 |
} |
| 4449 | 4449 |
|
| ... | ... |
@@ -4452,14 +4501,14 @@ cl_error_t cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ct |
| 4452 | 4452 |
return ret; |
| 4453 | 4453 |
} |
| 4454 | 4454 |
|
| 4455 |
- cli_dbgmsg("cli_map_scan: writing nested map content to temp file %s\n", tempfile);
|
|
| 4455 |
+ cli_dbgmsg("cli_magic_scan_nested_fmap_type: writing nested map content to temp file %s\n", tempfile);
|
|
| 4456 | 4456 |
if (cli_writen(fd, mapdata, length) == (size_t)-1) {
|
| 4457 |
- cli_errmsg("cli_map_scan: cli_writen error writing subdoc temporary file.\n");
|
|
| 4457 |
+ cli_errmsg("cli_magic_scan_nested_fmap_type: cli_writen error writing subdoc temporary file.\n");
|
|
| 4458 | 4458 |
ret = CL_EWRITE; |
| 4459 | 4459 |
} |
| 4460 | 4460 |
|
| 4461 | 4461 |
/* scan the temp file */ |
| 4462 |
- ret = cli_base_scandesc(fd, tempfile, ctx, type, name); |
|
| 4462 |
+ ret = cli_magic_scan_desc_type(fd, tempfile, ctx, type, name); |
|
| 4463 | 4463 |
|
| 4464 | 4464 |
/* remove the temp file, if needed */ |
| 4465 | 4465 |
if (fd >= 0) {
|
| ... | ... |
@@ -4467,61 +4516,19 @@ cl_error_t cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ct |
| 4467 | 4467 |
} |
| 4468 | 4468 |
if (!ctx->engine->keeptmp) {
|
| 4469 | 4469 |
if (cli_unlink(tempfile)) {
|
| 4470 |
- cli_errmsg("cli_map_scan: error unlinking tempfile %s\n", tempfile);
|
|
| 4470 |
+ cli_errmsg("cli_magic_scan_nested_fmap_type: error unlinking tempfile %s\n", tempfile);
|
|
| 4471 | 4471 |
ret = CL_EUNLINK; |
| 4472 | 4472 |
} |
| 4473 | 4473 |
} |
| 4474 | 4474 |
free(tempfile); |
| 4475 | 4475 |
} else {
|
| 4476 | 4476 |
/* Not forced to disk, use nested map */ |
| 4477 |
- ret = cli_map_scandesc(map, offset, length, ctx, type, name); |
|
| 4478 |
- } |
|
| 4479 |
- return ret; |
|
| 4480 |
-} |
|
| 4481 |
- |
|
| 4482 |
-/* For map scans that are not forced to disk */ |
|
| 4483 |
-cl_error_t cli_map_scandesc(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name) |
|
| 4484 |
-{
|
|
| 4485 |
- cl_error_t ret = CL_CLEAN; |
|
| 4486 |
- |
|
| 4487 |
- cli_dbgmsg("cli_map_scandesc: [%zu, +%zu), [" STDi64 ", +%zu)\n",
|
|
| 4488 |
- map->nested_offset, map->len, |
|
| 4489 |
- (int64_t)offset, length); |
|
| 4490 |
- if (offset < 0 || (size_t)offset >= map->len) {
|
|
| 4491 |
- cli_dbgmsg("Invalid offset: %ld\n", (long)offset);
|
|
| 4492 |
- return CL_CLEAN; |
|
| 4493 |
- } |
|
| 4494 |
- |
|
| 4495 |
- if (!length) |
|
| 4496 |
- length = map->len - offset; |
|
| 4497 |
- if (length > map->len - offset) {
|
|
| 4498 |
- cli_dbgmsg("Data truncated: %zu -> %zu\n",
|
|
| 4499 |
- length, map->len - (size_t)offset); |
|
| 4500 |
- length = map->len - (size_t)offset; |
|
| 4501 |
- } |
|
| 4502 |
- |
|
| 4503 |
- if (length <= 5) {
|
|
| 4504 |
- cli_dbgmsg("Small data (%zu bytes)\n", length);
|
|
| 4505 |
- return CL_CLEAN; |
|
| 4506 |
- } |
|
| 4507 |
- ctx->fmap++; |
|
| 4508 |
- *ctx->fmap = fmap_duplicate(map, offset, length, name); |
|
| 4509 |
- if (NULL == *ctx->fmap) {
|
|
| 4510 |
- cli_dbgmsg("Failed to duplicate fmap for scan of fmap subsection\n");
|
|
| 4511 |
- ctx->fmap--; |
|
| 4512 |
- return CL_CLEAN; |
|
| 4477 |
+ ret = magic_scan_nested_fmap_type(map, offset, length, ctx, type, name); |
|
| 4513 | 4478 |
} |
| 4514 |
- |
|
| 4515 |
- ret = magic_scandesc(ctx, type); |
|
| 4516 |
- |
|
| 4517 |
- free_duplicate_fmap(*ctx->fmap); /* This fmap is just a duplicate. */ |
|
| 4518 |
- *ctx->fmap = NULL; |
|
| 4519 |
- ctx->fmap--; |
|
| 4520 |
- |
|
| 4521 | 4479 |
return ret; |
| 4522 | 4480 |
} |
| 4523 | 4481 |
|
| 4524 |
-cl_error_t cli_mem_scandesc(const void *buffer, size_t length, cli_ctx *ctx, const char *name) |
|
| 4482 |
+cl_error_t cli_magic_scan_buff(const void *buffer, size_t length, cli_ctx *ctx, const char *name) |
|
| 4525 | 4483 |
{
|
| 4526 | 4484 |
cl_error_t ret; |
| 4527 | 4485 |
fmap_t *map = NULL; |
| ... | ... |
@@ -4531,7 +4538,7 @@ cl_error_t cli_mem_scandesc(const void *buffer, size_t length, cli_ctx *ctx, con |
| 4531 | 4531 |
return CL_EMAP; |
| 4532 | 4532 |
} |
| 4533 | 4533 |
|
| 4534 |
- ret = cli_map_scan(map, 0, length, ctx, CL_TYPE_ANY, name); |
|
| 4534 |
+ ret = cli_magic_scan_nested_fmap_type(map, 0, length, ctx, CL_TYPE_ANY, name); |
|
| 4535 | 4535 |
|
| 4536 | 4536 |
funmap(map); |
| 4537 | 4537 |
|
| ... | ... |
@@ -4676,8 +4683,8 @@ static cl_error_t scan_common(int desc, cl_fmap_t *map, const char *filepath, co |
| 4676 | 4676 |
} |
| 4677 | 4677 |
|
| 4678 | 4678 |
cli_logg_setup(&ctx); |
| 4679 |
- rc = map ? cli_map_scandesc(map, 0, map->len, &ctx, CL_TYPE_ANY, target_basename) |
|
| 4680 |
- : cli_magic_scandesc(desc, ctx.target_filepath, &ctx, target_basename); |
|
| 4679 |
+ rc = map ? cli_magic_scan_nested_fmap_type(map, 0, map->len, &ctx, CL_TYPE_ANY, target_basename) |
|
| 4680 |
+ : cli_magic_scan_desc(desc, ctx.target_filepath, &ctx, target_basename); |
|
| 4681 | 4681 |
|
| 4682 | 4682 |
#if HAVE_JSON |
| 4683 | 4683 |
if (ctx.options->general & CL_SCAN_GENERAL_COLLECT_METADATA && (ctx.properties != NULL)) {
|
| ... | ... |
@@ -4743,7 +4750,7 @@ static cl_error_t scan_common(int desc, cl_fmap_t *map, const char *filepath, co |
| 4743 | 4743 |
)) {
|
| 4744 | 4744 |
cli_dbgmsg("scan_common: running deprecated preclass bytecodes for target type 13\n");
|
| 4745 | 4745 |
ctx.options->general &= ~CL_SCAN_GENERAL_COLLECT_METADATA; |
| 4746 |
- rc = cli_mem_scandesc(jstring, strlen(jstring), &ctx, NULL); |
|
| 4746 |
+ rc = cli_magic_scan_buff(jstring, strlen(jstring), &ctx, NULL); |
|
| 4747 | 4747 |
} |
| 4748 | 4748 |
} |
| 4749 | 4749 |
|
| ... | ... |
@@ -4838,7 +4845,7 @@ cl_error_t cli_found_possibly_unwanted(cli_ctx *ctx) |
| 4838 | 4838 |
return CL_CLEAN; |
| 4839 | 4839 |
} |
| 4840 | 4840 |
|
| 4841 |
-cl_error_t cli_scanfile(const char *filename, cli_ctx *ctx, const char *original_name) |
|
| 4841 |
+cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, const char *original_name) |
|
| 4842 | 4842 |
{
|
| 4843 | 4843 |
int fd = -1; |
| 4844 | 4844 |
cl_error_t ret = CL_EOPEN; |
| ... | ... |
@@ -4849,7 +4856,7 @@ cl_error_t cli_scanfile(const char *filename, cli_ctx *ctx, const char *original |
| 4849 | 4849 |
goto done; |
| 4850 | 4850 |
} |
| 4851 | 4851 |
|
| 4852 |
- ret = cli_magic_scandesc(fd, filename, ctx, original_name); |
|
| 4852 |
+ ret = cli_magic_scan_desc(fd, filename, ctx, original_name); |
|
| 4853 | 4853 |
|
| 4854 | 4854 |
done: |
| 4855 | 4855 |
if (fd >= 0) {
|
| ... | ... |
@@ -38,7 +38,7 @@ |
| 38 | 38 |
* @param name (optional) Original name of the file (to set fmap name metadata) |
| 39 | 39 |
* @return cl_error_t |
| 40 | 40 |
*/ |
| 41 |
-cl_error_t cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, const char *name); |
|
| 41 |
+cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, const char *name); |
|
| 42 | 42 |
|
| 43 | 43 |
/** |
| 44 | 44 |
* @brief Scan a tempfile / sub-file of _any_ type, passing in the fd, filepath (if available), and the scanning context. |
| ... | ... |
@@ -49,40 +49,25 @@ cl_error_t cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_f |
| 49 | 49 |
* @param name (optional) Original name of the file (to set fmap name metadata) |
| 50 | 50 |
* @return int CL_SUCCESS, or an error code. |
| 51 | 51 |
*/ |
| 52 |
-cl_error_t cli_magic_scandesc(int desc, const char *filepath, cli_ctx *ctx, const char *name); |
|
| 52 |
+cl_error_t cli_magic_scan_desc(int desc, const char *filepath, cli_ctx *ctx, const char *name); |
|
| 53 | 53 |
|
| 54 | 54 |
/** |
| 55 |
- * @brief Shim to make magic_scandesc callable outside of scanners.c. |
|
| 55 |
+ * @brief Perform a magic scan on the current ctx. |
|
| 56 | 56 |
* |
| 57 | 57 |
* @param ctx Scanning context structure. |
| 58 | 58 |
* @param type CL_TYPE of data to be scanned. |
| 59 | 59 |
* @return int CL_SUCCESS, or an error code. |
| 60 | 60 |
*/ |
| 61 |
-cl_error_t cli_magic_scandesc_type(cli_ctx *ctx, cli_file_t type); |
|
| 62 |
- |
|
| 63 |
-/** |
|
| 64 |
- * @brief Scan an offset/length into a file map. |
|
| 65 |
- * |
|
| 66 |
- * Magic-scan some portion of an existing fmap. |
|
| 67 |
- * |
|
| 68 |
- * @param map File map. |
|
| 69 |
- * @param offset Offset into file map. |
|
| 70 |
- * @param length Length from offset. |
|
| 71 |
- * @param ctx Scanning context structure. |
|
| 72 |
- * @param type CL_TYPE of data to be scanned. |
|
| 73 |
- * @param name (optional) Original name of the file (to set fmap name metadata) |
|
| 74 |
- * @return int CL_SUCCESS, or an error code. |
|
| 75 |
- */ |
|
| 76 |
-cl_error_t cli_map_scandesc(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name); |
|
| 61 |
+cl_error_t cli_magic_scan(cli_ctx *ctx, cli_file_t type); |
|
| 77 | 62 |
|
| 78 | 63 |
/** |
| 79 | 64 |
* @brief Scan an offset/length into a file map. |
| 80 | 65 |
* |
| 81 | 66 |
* Useful for scanning files or other type-able data embedded plainly in an existing fmap. |
| 82 | 67 |
* |
| 83 |
- * Makes use of cli_map_scandesc() for map scans when not forced to disk, |
|
| 68 |
+ * Makes use of magic_scan_nested_fmap_type() for map scans when not forced to disk, |
|
| 84 | 69 |
* or if force-to-disk IS enabled, it will write the file to a temp file and then |
| 85 |
- * will scan with cli_base_scandesc(). |
|
| 70 |
+ * will scan with cli_magic_scan_desc_type(). |
|
| 86 | 71 |
* |
| 87 | 72 |
* @param map File map. |
| 88 | 73 |
* @param offset Offset into file map. |
| ... | ... |
@@ -92,12 +77,12 @@ cl_error_t cli_map_scandesc(cl_fmap_t *map, off_t offset, size_t length, cli_ctx |
| 92 | 92 |
* @param name (optional) Original name of the file (to set fmap name metadata) |
| 93 | 93 |
* @return int CL_SUCCESS, or an error code. |
| 94 | 94 |
*/ |
| 95 |
-cl_error_t cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name); |
|
| 95 |
+cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name); |
|
| 96 | 96 |
|
| 97 | 97 |
/** |
| 98 |
- * @brief Convenience wrapper for cli_map_scan(). |
|
| 98 |
+ * @brief Convenience wrapper for cli_magic_scan_nested_fmap_type(). |
|
| 99 | 99 |
* |
| 100 |
- * Creates an fmap and calls cli_map_scan() for you, with type CL_TYPE_ANY. |
|
| 100 |
+ * Creates an fmap and calls cli_magic_scan_nested_fmap_type() for you, with type CL_TYPE_ANY. |
|
| 101 | 101 |
* |
| 102 | 102 |
* @param buffer Pointer to the buffer to be scanned. |
| 103 | 103 |
* @param length Size in bytes of the buffer being scanned. |
| ... | ... |
@@ -105,7 +90,7 @@ cl_error_t cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ct |
| 105 | 105 |
* @param name (optional) Original name of the file (to set fmap name metadata) |
| 106 | 106 |
* @return int CL_SUCCESS, or an error code. |
| 107 | 107 |
*/ |
| 108 |
-cl_error_t cli_mem_scandesc(const void *buffer, size_t length, cli_ctx *ctx, const char *name); |
|
| 108 |
+cl_error_t cli_magic_scan_buff(const void *buffer, size_t length, cli_ctx *ctx, const char *name); |
|
| 109 | 109 |
|
| 110 | 110 |
cl_error_t cli_found_possibly_unwanted(cli_ctx *ctx); |
| 111 | 111 |
|
| ... | ... |
@@ -119,6 +104,17 @@ cl_error_t cli_found_possibly_unwanted(cli_ctx *ctx); |
| 119 | 119 |
* @param original_name (optional) Original name of the file (to set fmap name metadata) |
| 120 | 120 |
* @return cl_error_t |
| 121 | 121 |
*/ |
| 122 |
-cl_error_t cli_scanfile(const char *filename, cli_ctx *ctx, const char *original_name); |
|
| 122 |
+cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, const char *original_name); |
|
| 123 |
+ |
|
| 124 |
+/** |
|
| 125 |
+ * @brief Internal function to recursively scan a directory. |
|
| 126 |
+ * |
|
| 127 |
+ * This function will do a magic scan of each file in a directory, given the path. |
|
| 128 |
+ * |
|
| 129 |
+ * @param dirname Filepath of the directory to be scanned. |
|
| 130 |
+ * @param ctx Scanning context structure. |
|
| 131 |
+ * @return cl_error_t |
|
| 132 |
+ */ |
|
| 133 |
+cl_error_t cli_magic_scan_dir(const char *dirname, cli_ctx *ctx); |
|
| 123 | 134 |
|
| 124 | 135 |
#endif |
| ... | ... |
@@ -496,7 +496,7 @@ static int real_scansis(cli_ctx *ctx, const char *tmpd) |
| 496 | 496 |
return CL_EWRITE; |
| 497 | 497 |
} |
| 498 | 498 |
free(decomp); |
| 499 |
- if (cli_magic_scandesc(fd, ofn, ctx, NULL) == CL_VIRUS) {
|
|
| 499 |
+ if (cli_magic_scan_desc(fd, ofn, ctx, NULL) == CL_VIRUS) {
|
|
| 500 | 500 |
close(fd); |
| 501 | 501 |
FREE(ptrs); |
| 502 | 502 |
free(alangs); |
| ... | ... |
@@ -805,7 +805,7 @@ static int real_scansis9x(cli_ctx *ctx, const char *tmpd) |
| 805 | 805 |
break; |
| 806 | 806 |
} |
| 807 | 807 |
free(dst); |
| 808 |
- if (cli_magic_scandesc(fd, tempf, ctx, NULL) == CL_VIRUS) {
|
|
| 808 |
+ if (cli_magic_scan_desc(fd, tempf, ctx, NULL) == CL_VIRUS) {
|
|
| 809 | 809 |
close(fd); |
| 810 | 810 |
return CL_VIRUS; |
| 811 | 811 |
} |
| ... | ... |
@@ -286,7 +286,7 @@ static int scanzws(cli_ctx *ctx, struct swf_file_hdr *hdr) |
| 286 | 286 |
hdr->filesize, (long long unsigned)outsize); |
| 287 | 287 |
} |
| 288 | 288 |
|
| 289 |
- ret = cli_magic_scandesc(fd, tmpname, ctx, NULL); |
|
| 289 |
+ ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL); |
|
| 290 | 290 |
|
| 291 | 291 |
close(fd); |
| 292 | 292 |
if (!(ctx->engine->keeptmp)) {
|
| ... | ... |
@@ -419,7 +419,7 @@ static int scancws(cli_ctx *ctx, struct swf_file_hdr *hdr) |
| 419 | 419 |
hdr->filesize, outsize); |
| 420 | 420 |
} |
| 421 | 421 |
|
| 422 |
- ret = cli_magic_scandesc(fd, tmpname, ctx, NULL); |
|
| 422 |
+ ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL); |
|
| 423 | 423 |
|
| 424 | 424 |
close(fd); |
| 425 | 425 |
if (!ctx->engine->keeptmp) {
|
| ... | ... |
@@ -173,7 +173,7 @@ cl_error_t cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) |
| 173 | 173 |
|
| 174 | 174 |
if (fout >= 0) {
|
| 175 | 175 |
lseek(fout, 0, SEEK_SET); |
| 176 |
- ret = cli_magic_scandesc(fout, fullname, ctx, name); |
|
| 176 |
+ ret = cli_magic_scan_desc(fout, fullname, ctx, name); |
|
| 177 | 177 |
close(fout); |
| 178 | 178 |
if (!ctx->engine->keeptmp) |
| 179 | 179 |
if (cli_unlink(fullname)) return CL_EUNLINK; |
| ... | ... |
@@ -368,7 +368,7 @@ cl_error_t cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) |
| 368 | 368 |
} |
| 369 | 369 |
if (fout >= 0) {
|
| 370 | 370 |
lseek(fout, 0, SEEK_SET); |
| 371 |
- ret = cli_magic_scandesc(fout, fullname, ctx, name); |
|
| 371 |
+ ret = cli_magic_scan_desc(fout, fullname, ctx, name); |
|
| 372 | 372 |
close(fout); |
| 373 | 373 |
if (!ctx->engine->keeptmp) |
| 374 | 374 |
if (cli_unlink(fullname)) return CL_EUNLINK; |
| ... | ... |
@@ -29,7 +29,7 @@ |
| 29 | 29 |
#include "others.h" |
| 30 | 30 |
|
| 31 | 31 |
typedef cl_error_t (*zip_cb)(int fd, const char *filepath, cli_ctx *ctx, const char *name); |
| 32 |
-#define zip_scan_cb cli_magic_scandesc |
|
| 32 |
+#define zip_scan_cb cli_magic_scan_desc |
|
| 33 | 33 |
|
| 34 | 34 |
#define MAX_ZIP_REQUESTS 10 |
| 35 | 35 |
struct zip_requests {
|
| ... | ... |
@@ -1598,7 +1598,7 @@ int cli_scan_ole10(int fd, cli_ctx *ctx) |
| 1598 | 1598 |
cli_dbgmsg("cli_decode_ole_object: decoding to %s\n", fullname);
|
| 1599 | 1599 |
ole_copy_file_data(fd, ofd, object_size); |
| 1600 | 1600 |
lseek(ofd, 0, SEEK_SET); |
| 1601 |
- ret = cli_magic_scandesc(ofd, fullname, ctx, NULL); |
|
| 1601 |
+ ret = cli_magic_scan_desc(ofd, fullname, ctx, NULL); |
|
| 1602 | 1602 |
close(ofd); |
| 1603 | 1603 |
if (ctx && !ctx->engine->keeptmp) |
| 1604 | 1604 |
if (cli_unlink(fullname)) |
| ... | ... |
@@ -279,7 +279,7 @@ static int xar_get_toc_data_values(xmlTextReaderPtr reader, size_t *length, size |
| 279 | 279 |
ctx - pointer to cli_ctx |
| 280 | 280 |
Returns: |
| 281 | 281 |
CL_SUCCESS - subdoc found and clean scan (or virus found and SCAN_ALLMATCHES), or no subdocument |
| 282 |
- other - error return code from cli_mem_scandesc() |
|
| 282 |
+ other - error return code from cli_magic_scan_buff() |
|
| 283 | 283 |
*/ |
| 284 | 284 |
static int xar_scan_subdocuments(xmlTextReaderPtr reader, cli_ctx *ctx) |
| 285 | 285 |
{
|
| ... | ... |
@@ -308,7 +308,7 @@ static int xar_scan_subdocuments(xmlTextReaderPtr reader, cli_ctx *ctx) |
| 308 | 308 |
} |
| 309 | 309 |
subdoc_len = xmlStrlen(subdoc); |
| 310 | 310 |
cli_dbgmsg("cli_scanxar: in-memory scan of xml subdocument, len %i.\n", subdoc_len);
|
| 311 |
- rc = cli_mem_scandesc(subdoc, subdoc_len, ctx, NULL); |
|
| 311 |
+ rc = cli_magic_scan_buff(subdoc, subdoc_len, ctx, NULL); |
|
| 312 | 312 |
if (rc == CL_VIRUS && SCAN_ALLMATCHES) |
| 313 | 313 |
rc = CL_SUCCESS; |
| 314 | 314 |
|
| ... | ... |
@@ -515,7 +515,7 @@ int cli_scanxar(cli_ctx *ctx) |
| 515 | 515 |
|
| 516 | 516 |
/* scan the xml */ |
| 517 | 517 |
cli_dbgmsg("cli_scanxar: scanning xar TOC xml in memory.\n");
|
| 518 |
- rc = cli_mem_scandesc(toc, hdr.toc_length_decompressed, ctx, NULL); |
|
| 518 |
+ rc = cli_magic_scan_buff(toc, hdr.toc_length_decompressed, ctx, NULL); |
|
| 519 | 519 |
if (rc != CL_SUCCESS) {
|
| 520 | 520 |
if (rc != CL_VIRUS || !SCAN_ALLMATCHES) |
| 521 | 521 |
goto exit_toc; |
| ... | ... |
@@ -775,7 +775,7 @@ int cli_scanxar(cli_ctx *ctx) |
| 775 | 775 |
default: |
| 776 | 776 |
case CL_TYPE_BZ: |
| 777 | 777 |
case CL_TYPE_XZ: |
| 778 |
- /* for uncompressed, bzip2, xz, and unknown, just pull the file, cli_magic_scandesc does the rest */ |
|
| 778 |
+ /* for uncompressed, bzip2, xz, and unknown, just pull the file, cli_magic_scan_desc does the rest */ |
|
| 779 | 779 |
do_extract_cksum = 0; |
| 780 | 780 |
{
|
| 781 | 781 |
size_t writelen = MIN(map->len - at, length); |
| ... | ... |
@@ -843,14 +843,14 @@ int cli_scanxar(cli_ctx *ctx) |
| 843 | 843 |
} |
| 844 | 844 |
} |
| 845 | 845 |
|
| 846 |
- rc = cli_magic_scandesc(fd, tmpname, ctx, NULL); /// TODO: collect file names in xar_get_toc_data_values() |
|
| 846 |
+ rc = cli_magic_scan_desc(fd, tmpname, ctx, NULL); /// TODO: collect file names in xar_get_toc_data_values() |
|
| 847 | 847 |
if (rc != CL_SUCCESS) {
|
| 848 | 848 |
if (rc == CL_VIRUS) {
|
| 849 | 849 |
cli_dbgmsg("cli_scanxar: Infected with %s\n", cli_get_last_virus(ctx));
|
| 850 | 850 |
if (!SCAN_ALLMATCHES) |
| 851 | 851 |
goto exit_tmpfile; |
| 852 | 852 |
} else if (rc != CL_BREAK) {
|
| 853 |
- cli_dbgmsg("cli_scanxar: cli_magic_scandesc error %i\n", rc);
|
|
| 853 |
+ cli_dbgmsg("cli_scanxar: cli_magic_scan_desc error %i\n", rc);
|
|
| 854 | 854 |
goto exit_tmpfile; |
| 855 | 855 |
} |
| 856 | 856 |
} |
| ... | ... |
@@ -160,7 +160,7 @@ cl_error_t cli_scanxdp(cli_ctx *ctx) |
| 160 | 160 |
break; |
| 161 | 161 |
} |
| 162 | 162 |
|
| 163 |
- rc = cli_mem_scandesc(decoded, decodedlen, ctx, NULL); |
|
| 163 |
+ rc = cli_magic_scan_buff(decoded, decodedlen, ctx, NULL); |
|
| 164 | 164 |
free(decoded); |
| 165 | 165 |
if (rc != CL_SUCCESS || rc == CL_BREAK) {
|
| 166 | 166 |
xmlFree((void *)value); |
| ... | ... |
@@ -4378,7 +4378,7 @@ cli_xlm_extract_macros(const char *dir, cli_ctx *ctx, struct uniq *U, char *hash |
| 4378 | 4378 |
ctx->recursion += 1; |
| 4379 | 4379 |
cli_set_container(ctx, CL_TYPE_MSOLE2, 0); //TODO: set correct container size |
| 4380 | 4380 |
|
| 4381 |
- if (cli_scandesc(out_fd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, NULL, NULL) == CL_VIRUS) {
|
|
| 4381 |
+ if (cli_scan_desc(out_fd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, NULL, NULL) == CL_VIRUS) {
|
|
| 4382 | 4382 |
ctx->recursion -= 1; |
| 4383 | 4383 |
ret = CL_VIRUS; |
| 4384 | 4384 |
goto done; |
| ... | ... |
@@ -2265,7 +2265,7 @@ static void matchsig(const char *sig, const char *offset, int fd) |
| 2265 | 2265 |
cl_engine_free(engine); |
| 2266 | 2266 |
return; |
| 2267 | 2267 |
} |
| 2268 |
- ret = cli_fmap_scandesc(&ctx, 0, 0, NULL, AC_SCAN_VIR, &acres, NULL); |
|
| 2268 |
+ ret = cli_scan_fmap(&ctx, 0, 0, NULL, AC_SCAN_VIR, &acres, NULL); |
|
| 2269 | 2269 |
res = acres; |
| 2270 | 2270 |
while (res) {
|
| 2271 | 2271 |
matches++; |
| ... | ... |
@@ -218,8 +218,8 @@ START_TEST(test_ac_scanbuff) |
| 218 | 218 |
ck_assert_msg(ret == CL_VIRUS, "cli_ac_scanbuff() failed for %s", ac_testdata[i].virname); |
| 219 | 219 |
ck_assert_msg(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); |
| 220 | 220 |
|
| 221 |
- ret = cli_scanbuff((const unsigned char *)ac_testdata[i].data, strlen(ac_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 222 |
- ck_assert_msg(ret == CL_VIRUS, "cli_scanbuff() failed for %s", ac_testdata[i].virname); |
|
| 221 |
+ ret = cli_scan_buff((const unsigned char *)ac_testdata[i].data, strlen(ac_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 222 |
+ ck_assert_msg(ret == CL_VIRUS, "cli_scan_buff() failed for %s", ac_testdata[i].virname); |
|
| 223 | 223 |
ck_assert_msg(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); |
| 224 | 224 |
} |
| 225 | 225 |
|
| ... | ... |
@@ -261,8 +261,8 @@ START_TEST(test_ac_scanbuff_allscan) |
| 261 | 261 |
ck_assert_msg(ret == CL_VIRUS, "cli_ac_scanbuff() failed for %s", ac_testdata[i].virname); |
| 262 | 262 |
ck_assert_msg(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); |
| 263 | 263 |
|
| 264 |
- ret = cli_scanbuff((const unsigned char *)ac_testdata[i].data, strlen(ac_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 265 |
- ck_assert_msg(ret == CL_VIRUS, "cli_scanbuff() failed for %s", ac_testdata[i].virname); |
|
| 264 |
+ ret = cli_scan_buff((const unsigned char *)ac_testdata[i].data, strlen(ac_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 265 |
+ ck_assert_msg(ret == CL_VIRUS, "cli_scan_buff() failed for %s", ac_testdata[i].virname); |
|
| 266 | 266 |
ck_assert_msg(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); |
| 267 | 267 |
if (ctx.num_viruses) |
| 268 | 268 |
ctx.num_viruses = 0; |
| ... | ... |
@@ -307,7 +307,7 @@ START_TEST(test_ac_scanbuff_ex) |
| 307 | 307 |
if (ac_sigopts_testdata[i].expected_result == CL_VIRUS) |
| 308 | 308 |
ck_assert_msg(!strncmp(virname, ac_sigopts_testdata[i].virname, strlen(ac_sigopts_testdata[i].virname)), "[ac_ex] Dataset %u matched with %s", i, virname); |
| 309 | 309 |
|
| 310 |
- ret = cli_scanbuff((const unsigned char *)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, 0, &ctx, 0, NULL); |
|
| 310 |
+ ret = cli_scan_buff((const unsigned char *)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, 0, &ctx, 0, NULL); |
|
| 311 | 311 |
ck_assert_msg(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); |
| 312 | 312 |
} |
| 313 | 313 |
|
| ... | ... |
@@ -350,7 +350,7 @@ START_TEST(test_ac_scanbuff_allscan_ex) |
| 350 | 350 |
if (ac_sigopts_testdata[i].expected_result == CL_VIRUS) |
| 351 | 351 |
ck_assert_msg(!strncmp(virname, ac_sigopts_testdata[i].virname, strlen(ac_sigopts_testdata[i].virname)), "[ac_ex] Dataset %u matched with %s", i, virname); |
| 352 | 352 |
|
| 353 |
- ret = cli_scanbuff((const unsigned char *)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, 0, &ctx, 0, NULL); |
|
| 353 |
+ ret = cli_scan_buff((const unsigned char *)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, 0, &ctx, 0, NULL); |
|
| 354 | 354 |
ck_assert_msg(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); |
| 355 | 355 |
if (ctx.num_viruses) |
| 356 | 356 |
ctx.num_viruses = 0; |
| ... | ... |
@@ -466,8 +466,8 @@ START_TEST(test_pcre_scanbuff) |
| 466 | 466 |
if (pcre_testdata[i].expected_result == CL_VIRUS) |
| 467 | 467 |
ck_assert_msg(!strncmp(virname, pcre_testdata[i].virname, strlen(pcre_testdata[i].virname)), "[pcre] Dataset %u matched with %s", i, virname); |
| 468 | 468 |
|
| 469 |
- ret = cli_scanbuff((const unsigned char *)pcre_testdata[i].data, strlen(pcre_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 470 |
- ck_assert_msg(ret == pcre_testdata[i].expected_result, "[pcre] cli_scanbuff() failed for %s", pcre_testdata[i].virname); |
|
| 469 |
+ ret = cli_scan_buff((const unsigned char *)pcre_testdata[i].data, strlen(pcre_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 470 |
+ ck_assert_msg(ret == pcre_testdata[i].expected_result, "[pcre] cli_scan_buff() failed for %s", pcre_testdata[i].virname); |
|
| 471 | 471 |
} |
| 472 | 472 |
|
| 473 | 473 |
cli_ac_freedata(&mdata); |
| ... | ... |
@@ -520,8 +520,8 @@ START_TEST(test_pcre_scanbuff_allscan) |
| 520 | 520 |
if (pcre_testdata[i].expected_result == CL_VIRUS) |
| 521 | 521 |
ck_assert_msg(!strncmp(virname, pcre_testdata[i].virname, strlen(pcre_testdata[i].virname)), "[pcre] Dataset %u matched with %s", i, virname); |
| 522 | 522 |
|
| 523 |
- ret = cli_scanbuff((const unsigned char *)pcre_testdata[i].data, strlen(pcre_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 524 |
- ck_assert_msg(ret == pcre_testdata[i].expected_result, "[pcre] cli_scanbuff() failed for %s", pcre_testdata[i].virname); |
|
| 523 |
+ ret = cli_scan_buff((const unsigned char *)pcre_testdata[i].data, strlen(pcre_testdata[i].data), 0, &ctx, 0, NULL); |
|
| 524 |
+ ck_assert_msg(ret == pcre_testdata[i].expected_result, "[pcre] cli_scan_buff() failed for %s", pcre_testdata[i].virname); |
|
| 525 | 525 |
/* num_virus field add to test case struct */ |
| 526 | 526 |
if (ctx.num_viruses) |
| 527 | 527 |
ctx.num_viruses = 0; |
| ... | ... |
@@ -90,9 +90,9 @@ |
| 90 | 90 |
y0da-cached-virname |
| 91 | 91 |
Memcheck:Cond |
| 92 | 92 |
fun:cli_scanpe |
| 93 |
- fun:magic_scandesc |
|
| 94 |
- fun:cli_base_scandesc |
|
| 95 |
- fun:cli_magic_scandesc |
|
| 93 |
+ fun:cli_magic_scan |
|
| 94 |
+ fun:cli_magic_scan_desc_type |
|
| 95 |
+ fun:cli_magic_scan_desc |
|
| 96 | 96 |
fun:scan_common |
| 97 | 97 |
fun:cl_scandesc_callback |
| 98 | 98 |
fun:scanfile |
| ... | ... |
@@ -160,7 +160,7 @@ EXPORTS cli_initroots @44261 NONAME |
| 160 | 160 |
EXPORTS cli_hex2str @44262 NONAME |
| 161 | 161 |
EXPORTS cli_hex2ui @44263 NONAME |
| 162 | 162 |
EXPORTS mpool_getstats @44264 NONAME |
| 163 |
-EXPORTS cli_fmap_scandesc @44265 NONAME |
|
| 163 |
+EXPORTS cli_scan_fmap @44265 NONAME |
|
| 164 | 164 |
EXPORTS cli_hashset_destroy @44266 NONAME |
| 165 | 165 |
EXPORTS cli_detect_environment @44267 NONAME |
| 166 | 166 |
EXPORTS cli_filecopy @44268 NONAME |