Browse code
add filetype clcb
aCaB authored on 2011/06/14 10:26:30Showing 5 changed files
- libclamav/clamav.h
- libclamav/others.c
- libclamav/others.h
- libclamav/scanners.c
- win32/clamav-for-windows/clamav-for-windows/interface.c
| ... | ... |
@@ -201,11 +201,10 @@ extern int cl_engine_free(struct cl_engine *engine); |
| 201 | 201 |
/* CALLBACKS */ |
| 202 | 202 |
|
| 203 | 203 |
|
| 204 |
-typedef cl_error_t (*clcb_pre_scan)(int fd, const char *type, void *context); |
|
| 204 |
+typedef cl_error_t (*clcb_pre_scan)(int fd, void *context); |
|
| 205 | 205 |
/* PRE-SCAN |
| 206 | 206 |
Input: |
| 207 | 207 |
fd = File descriptor which is about to be scanned |
| 208 |
-type = File type detected via magic - i.e. NOT on the fly - (e.g. "CL_TYPE_MSEXE") |
|
| 209 | 208 |
context = Opaque application provided data |
| 210 | 209 |
|
| 211 | 210 |
Output: |
| ... | ... |
@@ -215,6 +214,19 @@ CL_VIRUS = Blacklisted by callback - file is skipped and marked as infected |
| 215 | 215 |
*/ |
| 216 | 216 |
extern void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback); |
| 217 | 217 |
|
| 218 |
+typedef cl_error_t (*clcb_file_type)(int fd, const char *type, void *context); |
|
| 219 |
+/* FILE-TYPE |
|
| 220 |
+Input: |
|
| 221 |
+fd = File descriptor which is about to be scanned |
|
| 222 |
+type = File type detected via magic - i.e. NOT on the fly - (e.g. "CL_TYPE_MSEXE") |
|
| 223 |
+context = Opaque application provided data |
|
| 224 |
+ |
|
| 225 |
+Output: |
|
| 226 |
+CL_CLEAN = File is scanned |
|
| 227 |
+CL_BREAK = Whitelisted by callback - file is skipped and marked as clean |
|
| 228 |
+CL_VIRUS = Blacklisted by callback - file is skipped and marked as infected |
|
| 229 |
+*/ |
|
| 230 |
+extern void cl_engine_set_clcb_file_type(struct cl_engine *engine, clcb_file_type callback); |
|
| 218 | 231 |
|
| 219 | 232 |
typedef cl_error_t (*clcb_post_scan)(int fd, int result, const char *virname, void *context); |
| 220 | 233 |
/* POST-SCAN |
| ... | ... |
@@ -1068,6 +1068,10 @@ void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callbac |
| 1068 | 1068 |
engine->cb_pre_scan = callback; |
| 1069 | 1069 |
} |
| 1070 | 1070 |
|
| 1071 |
+void cl_engine_set_clcb_file_type(struct cl_engine *engine, clcb_file_type callback) {
|
|
| 1072 |
+ engine->cb_file_type = callback; |
|
| 1073 |
+} |
|
| 1074 |
+ |
|
| 1071 | 1075 |
void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback) {
|
| 1072 | 1076 |
engine->cb_post_scan = callback; |
| 1073 | 1077 |
} |
| ... | ... |
@@ -2071,41 +2071,41 @@ static void emax_reached(cli_ctx *ctx) {
|
| 2071 | 2071 |
#define ret_from_magicscan(retcode) do { \
|
| 2072 | 2072 |
cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", retcode, __AT__); \
|
| 2073 | 2073 |
if(ctx->engine->cb_post_scan) { \
|
| 2074 |
- perf_start(ctx, PERFT_POSTCB); \ |
|
| 2074 |
+ perf_start(ctx, PERFT_POSTCB); \ |
|
| 2075 | 2075 |
switch(ctx->engine->cb_post_scan(desc, retcode, retcode == CL_VIRUS && ctx->virname ? *ctx->virname : NULL, ctx->cb_ctx)) { \
|
| 2076 | 2076 |
case CL_BREAK: \ |
| 2077 |
- cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n"); \
|
|
| 2078 |
- perf_stop(ctx, PERFT_POSTCB); \ |
|
| 2077 |
+ cli_dbgmsg("cli_magic_scandesc: file whitelisted by post_scan callback\n"); \
|
|
| 2078 |
+ perf_stop(ctx, PERFT_POSTCB); \ |
|
| 2079 | 2079 |
return CL_CLEAN; \ |
| 2080 | 2080 |
case CL_VIRUS: \ |
| 2081 |
- cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n"); \
|
|
| 2081 |
+ cli_dbgmsg("cli_magic_scandesc: file blacklisted by post_scan callback\n"); \
|
|
| 2082 | 2082 |
if(ctx->virname) \ |
| 2083 | 2083 |
*ctx->virname = "Detected.By.Callback"; \ |
| 2084 |
- perf_stop(ctx, PERFT_POSTCB); \ |
|
| 2084 |
+ perf_stop(ctx, PERFT_POSTCB); \ |
|
| 2085 | 2085 |
return CL_VIRUS; \ |
| 2086 | 2086 |
case CL_CLEAN: \ |
| 2087 | 2087 |
break; \ |
| 2088 | 2088 |
default: \ |
| 2089 |
- cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n"); \
|
|
| 2089 |
+ cli_warnmsg("cli_magic_scandesc: ignoring bad return code from post_scan callback\n"); \
|
|
| 2090 | 2090 |
} \ |
| 2091 |
- perf_stop(ctx, PERFT_POSTCB); \ |
|
| 2092 |
- }\ |
|
| 2091 |
+ perf_stop(ctx, PERFT_POSTCB); \ |
|
| 2092 |
+ } \ |
|
| 2093 | 2093 |
return retcode; \ |
| 2094 | 2094 |
} while(0) |
| 2095 | 2095 |
|
| 2096 | 2096 |
|
| 2097 |
-#define CALL_PRESCAN_CB(type_name) \ |
|
| 2098 |
- if(ctx->engine->cb_pre_scan) { \
|
|
| 2097 |
+#define CALL_FILETYPE_CB(type_name) \ |
|
| 2098 |
+ if(ctx->engine->cb_file_type) { \
|
|
| 2099 | 2099 |
perf_start(ctx, PERFT_PRECB); \ |
| 2100 |
- switch(ctx->engine->cb_pre_scan(desc, (type_name), ctx->cb_ctx)) { \
|
|
| 2100 |
+ switch(ctx->engine->cb_file_type(desc, (type_name), ctx->cb_ctx)) { \
|
|
| 2101 | 2101 |
case CL_BREAK: \ |
| 2102 |
- cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n"); \
|
|
| 2102 |
+ cli_dbgmsg("cli_magic_scandesc: file whitelisted by file_type callback\n"); \
|
|
| 2103 | 2103 |
funmap(*ctx->fmap); \ |
| 2104 | 2104 |
ctx->fmap--; \ |
| 2105 | 2105 |
perf_stop(ctx, PERFT_PRECB); \ |
| 2106 | 2106 |
ret_from_magicscan(CL_CLEAN); \ |
| 2107 | 2107 |
case CL_VIRUS: \ |
| 2108 |
- cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n"); \
|
|
| 2108 |
+ cli_dbgmsg("cli_magic_scandesc: file blacklisted by file_type callback\n"); \
|
|
| 2109 | 2109 |
if(ctx->virname) \ |
| 2110 | 2110 |
*ctx->virname = "Detected.By.Callback"; \ |
| 2111 | 2111 |
funmap(*ctx->fmap); \ |
| ... | ... |
@@ -2115,7 +2115,7 @@ static void emax_reached(cli_ctx *ctx) {
|
| 2115 | 2115 |
case CL_CLEAN: \ |
| 2116 | 2116 |
break; \ |
| 2117 | 2117 |
default: \ |
| 2118 |
- cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n"); \
|
|
| 2118 |
+ cli_warnmsg("cli_magic_scandesc: ignoring bad return code from file_type callback\n"); \
|
|
| 2119 | 2119 |
} \ |
| 2120 | 2120 |
perf_stop(ctx, PERFT_PRECB); \ |
| 2121 | 2121 |
} |
| ... | ... |
@@ -2179,6 +2179,28 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
| 2179 | 2179 |
} |
| 2180 | 2180 |
perf_stop(ctx, PERFT_MAP); |
| 2181 | 2181 |
|
| 2182 |
+ if(ctx->engine->cb_pre_scan) {
|
|
| 2183 |
+ switch(ctx->engine->cb_pre_scan(desc, ctx->cb_ctx)) {
|
|
| 2184 |
+ case CL_BREAK: |
|
| 2185 |
+ cli_dbgmsg("cli_magic_scandesc: file whitelisted by pre_scan callback\n");
|
|
| 2186 |
+ funmap(*ctx->fmap); |
|
| 2187 |
+ ctx->fmap--; |
|
| 2188 |
+ ret_from_magicscan(CL_CLEAN); |
|
| 2189 |
+ case CL_VIRUS: |
|
| 2190 |
+ cli_dbgmsg("cli_magic_scandesc: file blacklisted by pre_scan callback\n");
|
|
| 2191 |
+ if(ctx->virname) |
|
| 2192 |
+ *ctx->virname = "Detected.By.Callback"; |
|
| 2193 |
+ funmap(*ctx->fmap); |
|
| 2194 |
+ ctx->fmap--; |
|
| 2195 |
+ perf_stop(ctx, PERFT_PRECB); |
|
| 2196 |
+ ret_from_magicscan(CL_VIRUS); |
|
| 2197 |
+ case CL_CLEAN: |
|
| 2198 |
+ break; |
|
| 2199 |
+ default: |
|
| 2200 |
+ cli_warnmsg("cli_magic_scandesc: ignoring bad return code from pre_scan callback\n");
|
|
| 2201 |
+ } |
|
| 2202 |
+ } |
|
| 2203 |
+ |
|
| 2182 | 2204 |
perf_start(ctx, PERFT_CACHE); |
| 2183 | 2205 |
if(cache_check(hash, ctx) == CL_CLEAN) {
|
| 2184 | 2206 |
funmap(*ctx->fmap); |
| ... | ... |
@@ -2197,7 +2219,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
| 2197 | 2197 |
else |
| 2198 | 2198 |
cli_dbgmsg("Raw mode: No support for special files\n");
|
| 2199 | 2199 |
|
| 2200 |
- CALL_PRESCAN_CB("CL_TYPE_BINARY_DATA");
|
|
| 2200 |
+ CALL_FILETYPE_CB("CL_TYPE_BINARY_DATA");
|
|
| 2201 | 2201 |
if((ret = cli_fmap_scandesc(ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, hash)) == CL_VIRUS) |
| 2202 | 2202 |
cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, desc);
|
| 2203 | 2203 |
else if(ret == CL_CLEAN) {
|
| ... | ... |
@@ -2225,7 +2247,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
| 2225 | 2225 |
ret_from_magicscan(CL_EREAD); |
| 2226 | 2226 |
} |
| 2227 | 2227 |
|
| 2228 |
- CALL_PRESCAN_CB(cli_ftname(type)); |
|
| 2228 |
+ CALL_FILETYPE_CB(cli_ftname(type)); |
|
| 2229 | 2229 |
|
| 2230 | 2230 |
#ifdef HAVE__INTERNAL__SHA_COLLECT |
| 2231 | 2231 |
if(!ctx->sha_collect && type==CL_TYPE_MSEXE) ctx->sha_collect = 1; |
| ... | ... |
@@ -355,7 +355,7 @@ int CLAMAPI Scan_Initialize(const wchar_t *pEnginesFolder, const wchar_t *pTempR |
| 355 | 355 |
unlock_engine(); |
| 356 | 356 |
FAIL(CL_EMEM, "Not enough memory for a new engine"); |
| 357 | 357 |
} |
| 358 |
- cl_engine_set_clcb_pre_scan(engine, prescan_cb); |
|
| 358 |
+ cl_engine_set_clcb_file_type(engine, prescan_cb); |
|
| 359 | 359 |
cl_engine_set_clcb_post_scan(engine, postscan_cb); |
| 360 | 360 |
|
| 361 | 361 |
minimal_definitions = bLoadMinDefs; |