... | ... |
@@ -201,11 +201,10 @@ extern int cl_engine_free(struct cl_engine *engine); |
201 | 201 |
/* CALLBACKS */ |
202 | 202 |
|
203 | 203 |
|
204 |
-typedef cl_error_t (*clcb_pre_scan)(int fd, const char *type, void *context); |
|
204 |
+typedef cl_error_t (*clcb_pre_scan)(int fd, void *context); |
|
205 | 205 |
/* PRE-SCAN |
206 | 206 |
Input: |
207 | 207 |
fd = File descriptor which is about to be scanned |
208 |
-type = File type detected via magic - i.e. NOT on the fly - (e.g. "CL_TYPE_MSEXE") |
|
209 | 208 |
context = Opaque application provided data |
210 | 209 |
|
211 | 210 |
Output: |
... | ... |
@@ -215,6 +214,19 @@ CL_VIRUS = Blacklisted by callback - file is skipped and marked as infected |
215 | 215 |
*/ |
216 | 216 |
extern void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback); |
217 | 217 |
|
218 |
+typedef cl_error_t (*clcb_file_type)(int fd, const char *type, void *context); |
|
219 |
+/* FILE-TYPE |
|
220 |
+Input: |
|
221 |
+fd = File descriptor which is about to be scanned |
|
222 |
+type = File type detected via magic - i.e. NOT on the fly - (e.g. "CL_TYPE_MSEXE") |
|
223 |
+context = Opaque application provided data |
|
224 |
+ |
|
225 |
+Output: |
|
226 |
+CL_CLEAN = File is scanned |
|
227 |
+CL_BREAK = Whitelisted by callback - file is skipped and marked as clean |
|
228 |
+CL_VIRUS = Blacklisted by callback - file is skipped and marked as infected |
|
229 |
+*/ |
|
230 |
+extern void cl_engine_set_clcb_file_type(struct cl_engine *engine, clcb_file_type callback); |
|
218 | 231 |
|
219 | 232 |
typedef cl_error_t (*clcb_post_scan)(int fd, int result, const char *virname, void *context); |
220 | 233 |
/* POST-SCAN |
... | ... |
@@ -1068,6 +1068,10 @@ void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callbac |
1068 | 1068 |
engine->cb_pre_scan = callback; |
1069 | 1069 |
} |
1070 | 1070 |
|
1071 |
+void cl_engine_set_clcb_file_type(struct cl_engine *engine, clcb_file_type callback) { |
|
1072 |
+ engine->cb_file_type = callback; |
|
1073 |
+} |
|
1074 |
+ |
|
1071 | 1075 |
void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback) { |
1072 | 1076 |
engine->cb_post_scan = callback; |
1073 | 1077 |
} |
... | ... |
@@ -2071,41 +2071,41 @@ static void emax_reached(cli_ctx *ctx) { |
2071 | 2071 |
#define ret_from_magicscan(retcode) do { \ |
2072 | 2072 |
cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", retcode, __AT__); \ |
2073 | 2073 |
if(ctx->engine->cb_post_scan) { \ |
2074 |
- perf_start(ctx, PERFT_POSTCB); \ |
|
2074 |
+ perf_start(ctx, PERFT_POSTCB); \ |
|
2075 | 2075 |
switch(ctx->engine->cb_post_scan(desc, retcode, retcode == CL_VIRUS && ctx->virname ? *ctx->virname : NULL, ctx->cb_ctx)) { \ |
2076 | 2076 |
case CL_BREAK: \ |
2077 |
- cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n"); \ |
|
2078 |
- perf_stop(ctx, PERFT_POSTCB); \ |
|
2077 |
+ cli_dbgmsg("cli_magic_scandesc: file whitelisted by post_scan callback\n"); \ |
|
2078 |
+ perf_stop(ctx, PERFT_POSTCB); \ |
|
2079 | 2079 |
return CL_CLEAN; \ |
2080 | 2080 |
case CL_VIRUS: \ |
2081 |
- cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n"); \ |
|
2081 |
+ cli_dbgmsg("cli_magic_scandesc: file blacklisted by post_scan callback\n"); \ |
|
2082 | 2082 |
if(ctx->virname) \ |
2083 | 2083 |
*ctx->virname = "Detected.By.Callback"; \ |
2084 |
- perf_stop(ctx, PERFT_POSTCB); \ |
|
2084 |
+ perf_stop(ctx, PERFT_POSTCB); \ |
|
2085 | 2085 |
return CL_VIRUS; \ |
2086 | 2086 |
case CL_CLEAN: \ |
2087 | 2087 |
break; \ |
2088 | 2088 |
default: \ |
2089 |
- cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n"); \ |
|
2089 |
+ cli_warnmsg("cli_magic_scandesc: ignoring bad return code from post_scan callback\n"); \ |
|
2090 | 2090 |
} \ |
2091 |
- perf_stop(ctx, PERFT_POSTCB); \ |
|
2092 |
- }\ |
|
2091 |
+ perf_stop(ctx, PERFT_POSTCB); \ |
|
2092 |
+ } \ |
|
2093 | 2093 |
return retcode; \ |
2094 | 2094 |
} while(0) |
2095 | 2095 |
|
2096 | 2096 |
|
2097 |
-#define CALL_PRESCAN_CB(type_name) \ |
|
2098 |
- if(ctx->engine->cb_pre_scan) { \ |
|
2097 |
+#define CALL_FILETYPE_CB(type_name) \ |
|
2098 |
+ if(ctx->engine->cb_file_type) { \ |
|
2099 | 2099 |
perf_start(ctx, PERFT_PRECB); \ |
2100 |
- switch(ctx->engine->cb_pre_scan(desc, (type_name), ctx->cb_ctx)) { \ |
|
2100 |
+ switch(ctx->engine->cb_file_type(desc, (type_name), ctx->cb_ctx)) { \ |
|
2101 | 2101 |
case CL_BREAK: \ |
2102 |
- cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n"); \ |
|
2102 |
+ cli_dbgmsg("cli_magic_scandesc: file whitelisted by file_type callback\n"); \ |
|
2103 | 2103 |
funmap(*ctx->fmap); \ |
2104 | 2104 |
ctx->fmap--; \ |
2105 | 2105 |
perf_stop(ctx, PERFT_PRECB); \ |
2106 | 2106 |
ret_from_magicscan(CL_CLEAN); \ |
2107 | 2107 |
case CL_VIRUS: \ |
2108 |
- cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n"); \ |
|
2108 |
+ cli_dbgmsg("cli_magic_scandesc: file blacklisted by file_type callback\n"); \ |
|
2109 | 2109 |
if(ctx->virname) \ |
2110 | 2110 |
*ctx->virname = "Detected.By.Callback"; \ |
2111 | 2111 |
funmap(*ctx->fmap); \ |
... | ... |
@@ -2115,7 +2115,7 @@ static void emax_reached(cli_ctx *ctx) { |
2115 | 2115 |
case CL_CLEAN: \ |
2116 | 2116 |
break; \ |
2117 | 2117 |
default: \ |
2118 |
- cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n"); \ |
|
2118 |
+ cli_warnmsg("cli_magic_scandesc: ignoring bad return code from file_type callback\n"); \ |
|
2119 | 2119 |
} \ |
2120 | 2120 |
perf_stop(ctx, PERFT_PRECB); \ |
2121 | 2121 |
} |
... | ... |
@@ -2179,6 +2179,28 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2179 | 2179 |
} |
2180 | 2180 |
perf_stop(ctx, PERFT_MAP); |
2181 | 2181 |
|
2182 |
+ if(ctx->engine->cb_pre_scan) { |
|
2183 |
+ switch(ctx->engine->cb_pre_scan(desc, ctx->cb_ctx)) { |
|
2184 |
+ case CL_BREAK: |
|
2185 |
+ cli_dbgmsg("cli_magic_scandesc: file whitelisted by pre_scan callback\n"); |
|
2186 |
+ funmap(*ctx->fmap); |
|
2187 |
+ ctx->fmap--; |
|
2188 |
+ ret_from_magicscan(CL_CLEAN); |
|
2189 |
+ case CL_VIRUS: |
|
2190 |
+ cli_dbgmsg("cli_magic_scandesc: file blacklisted by pre_scan callback\n"); |
|
2191 |
+ if(ctx->virname) |
|
2192 |
+ *ctx->virname = "Detected.By.Callback"; |
|
2193 |
+ funmap(*ctx->fmap); |
|
2194 |
+ ctx->fmap--; |
|
2195 |
+ perf_stop(ctx, PERFT_PRECB); |
|
2196 |
+ ret_from_magicscan(CL_VIRUS); |
|
2197 |
+ case CL_CLEAN: |
|
2198 |
+ break; |
|
2199 |
+ default: |
|
2200 |
+ cli_warnmsg("cli_magic_scandesc: ignoring bad return code from pre_scan callback\n"); |
|
2201 |
+ } |
|
2202 |
+ } |
|
2203 |
+ |
|
2182 | 2204 |
perf_start(ctx, PERFT_CACHE); |
2183 | 2205 |
if(cache_check(hash, ctx) == CL_CLEAN) { |
2184 | 2206 |
funmap(*ctx->fmap); |
... | ... |
@@ -2197,7 +2219,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2197 | 2197 |
else |
2198 | 2198 |
cli_dbgmsg("Raw mode: No support for special files\n"); |
2199 | 2199 |
|
2200 |
- CALL_PRESCAN_CB("CL_TYPE_BINARY_DATA"); |
|
2200 |
+ CALL_FILETYPE_CB("CL_TYPE_BINARY_DATA"); |
|
2201 | 2201 |
if((ret = cli_fmap_scandesc(ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, hash)) == CL_VIRUS) |
2202 | 2202 |
cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, desc); |
2203 | 2203 |
else if(ret == CL_CLEAN) { |
... | ... |
@@ -2225,7 +2247,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2225 | 2225 |
ret_from_magicscan(CL_EREAD); |
2226 | 2226 |
} |
2227 | 2227 |
|
2228 |
- CALL_PRESCAN_CB(cli_ftname(type)); |
|
2228 |
+ CALL_FILETYPE_CB(cli_ftname(type)); |
|
2229 | 2229 |
|
2230 | 2230 |
#ifdef HAVE__INTERNAL__SHA_COLLECT |
2231 | 2231 |
if(!ctx->sha_collect && type==CL_TYPE_MSEXE) ctx->sha_collect = 1; |
... | ... |
@@ -355,7 +355,7 @@ int CLAMAPI Scan_Initialize(const wchar_t *pEnginesFolder, const wchar_t *pTempR |
355 | 355 |
unlock_engine(); |
356 | 356 |
FAIL(CL_EMEM, "Not enough memory for a new engine"); |
357 | 357 |
} |
358 |
- cl_engine_set_clcb_pre_scan(engine, prescan_cb); |
|
358 |
+ cl_engine_set_clcb_file_type(engine, prescan_cb); |
|
359 | 359 |
cl_engine_set_clcb_post_scan(engine, postscan_cb); |
360 | 360 |
|
361 | 361 |
minimal_definitions = bLoadMinDefs; |