Browse code
update
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@515 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/04/21 07:33:42Showing 11 changed files
- ChangeLog
- README
- aclocal.m4
- clamd/others.c
- clamscan/manager.c
- clamscan/options.c
- docs/Japanese/clamav.html
- docs/man/clamscan.1
- libclamav/ole2_extract.c
- libclamav/scanners.c
- libclamav/scanners.h
| ... | ... |
@@ -1,3 +1,13 @@ |
| 1 |
+Wed Apr 21 00:27:18 CEST 2004 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav: scanners: |
|
| 4 |
+ + scan full OLE2 directory (Trog); |
|
| 5 |
+ + ignore popular file types (Dirk Mueller <mueller*kde.org>) |
|
| 6 |
+ + improve compression ratio calculation (Dirk Mueller) |
|
| 7 |
+ + detect more mail file types |
|
| 8 |
+ * clamscan: add --max-ratio option (Dirk Mueller) |
|
| 9 |
+ * docs: update Japanese documentation (Masaki Ogawa <proc*mac.com>) |
|
| 10 |
+ |
|
| 1 | 11 |
Tue Apr 20 15:18:58 BST 2004 (njh) |
| 2 | 12 |
---------------------------------- |
| 3 | 13 |
* clamav-milter: Handle hostaddr == NULL |
| ... | ... |
@@ -14,9 +24,9 @@ Mon Apr 19 23:11:48 BST 2004 (njh) |
| 14 | 14 |
---------------------------------- |
| 15 | 15 |
* clamav-milter: Added --from |
| 16 | 16 |
Return SMFIS_TEMPFAIL on some out of memory errors (some still to do), |
| 17 |
- based on an idea by Joe Maimon <jmaimon@ttec.com> |
|
| 17 |
+ based on an idea by Joe Maimon <jmaimon*ttec.com> |
|
| 18 | 18 |
Quarantine messages now sorted by date, based on an idea by Christian |
| 19 |
- Pelissier <Christian.Pelissier@onera.fr>. |
|
| 19 |
+ Pelissier <Christian.Pelissier*onera.fr>. |
|
| 20 | 20 |
Started code to parse header to find the real infected machine, |
| 21 | 21 |
email notification now contain the first received header, which |
| 22 | 22 |
may (or may not) be helpful |
| ... | ... |
@@ -60,7 +60,7 @@ of mirrors by looking at their ip source address when they try to resolve |
| 60 | 60 |
database.clamav.net. Our DNS servers can answer with a CNAME to: |
| 61 | 61 |
europe.clamav.net, america.clamav.net, asia.clamav.net or other.clamav.net. |
| 62 | 62 |
Our advanced push-mirroring mechanism (maintained by Luca Gibelli) allows |
| 63 |
-database maintainers to update all the mirrors in less then one minute ! |
|
| 63 |
+database maintainers to update all the mirrors in less than one minute ! |
|
| 64 | 64 |
|
| 65 | 65 |
|
| 66 | 66 |
There will be no major feature enhancements in the 0.7x series. Our work |
| ... | ... |
@@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for |
| 81 | 81 |
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created |
| 82 | 82 |
dnl (the prefix is a bit different, since we add an extra -target- and -host-) |
| 83 | 83 |
dnl |
| 84 |
-dnl @version: $Id: aclocal.m4,v 1.34 2004/04/16 12:50:53 kojm Exp $ |
|
| 84 |
+dnl @version: $Id: aclocal.m4,v 1.35 2004/04/20 22:33:18 kojm Exp $ |
|
| 85 | 85 |
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often |
| 86 | 86 |
|
| 87 | 87 |
AC_DEFUN([AC_CREATE_TARGET_H], |
| ... | ... |
@@ -4041,7 +4041,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers) |
| 4041 | 4041 |
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers) |
| 4042 | 4042 |
dnl |
| 4043 | 4043 |
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu> |
| 4044 |
-dnl @version $Id: aclocal.m4,v 1.34 2004/04/16 12:50:53 kojm Exp $ |
|
| 4044 |
+dnl @version $Id: aclocal.m4,v 1.35 2004/04/20 22:33:18 kojm Exp $ |
|
| 4045 | 4045 |
dnl |
| 4046 | 4046 |
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF], |
| 4047 | 4047 |
[changequote(<<, >>)dnl |
| ... | ... |
@@ -60,19 +60,17 @@ void virusaction(const char *virname, const struct cfgstruct *copt) |
| 60 | 60 |
|
| 61 | 61 |
cmd = strdup(cpt->strarg); |
| 62 | 62 |
|
| 63 |
- buffer = (char *) mcalloc(strlen(cmd) + strlen(virname) + 10, sizeof(char)); |
|
| 64 |
- |
|
| 65 | 63 |
if((pt = strstr(cmd, "%v"))) {
|
| 64 |
+ buffer = (char *) mcalloc(strlen(cmd) + strlen(virname) + 10, sizeof(char)); |
|
| 66 | 65 |
*pt = 0; pt += 2; |
| 67 | 66 |
strcpy(buffer, cmd); |
| 68 | 67 |
strcat(buffer, virname); |
| 69 | 68 |
strcat(buffer, pt); |
| 70 | 69 |
free(cmd); |
| 71 | 70 |
cmd = strdup(buffer); |
| 71 |
+ free(buffer); |
|
| 72 | 72 |
} |
| 73 | 73 |
|
| 74 |
- free(buffer); |
|
| 75 |
- |
|
| 76 | 74 |
/* WARNING: this is uninterruptable ! */ |
| 77 | 75 |
system(cmd); |
| 78 | 76 |
|
| ... | ... |
@@ -151,6 +151,10 @@ int scanmanager(const struct optstruct *opt) |
| 151 | 151 |
else |
| 152 | 152 |
limits->maxreclevel = 5; |
| 153 | 153 |
|
| 154 |
+ if(optl(opt, "max-ratio")) |
|
| 155 |
+ limits->maxratio = atoi(getargl(opt, "max-ratio")); |
|
| 156 |
+ else |
|
| 157 |
+ limits->maxratio = 200; |
|
| 154 | 158 |
|
| 155 | 159 |
#ifdef C_LINUX |
| 156 | 160 |
if(stat("/proc", &sb) == -1)
|
| ... | ... |
@@ -4,301 +4,1831 @@ |
| 4 | 4 |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja"> |
| 5 | 5 |
<head> |
| 6 | 6 |
<meta http-equiv="Content-Type" content="text/html; charset=euc-jp" /> |
| 7 |
+ <meta http-equiv="content-style-type" content="text/css" /> |
|
| 8 |
+ <meta name="copyright" content="" /> |
|
| 9 |
+ |
|
| 7 | 10 | |
| 11 |
+ |
|
| 12 |
+ <link rel="copyright" title="GNU General Public License" href="http://www.gnu.org/copyleft/gpl.html#SEC1" /> |
|
| 13 |
+ |
|
| 14 |
+ <style type="text/css"> |
|
| 15 |
+ a { color: #006633; text-decoration: none; }
|
|
| 16 |
+ a:hover { color: #ffffff; background-color: #336666; }
|
|
| 17 |
+ |
|
| 18 |
+ body { margin: 5% 10% 5% 10%; color: #333333; width: 80%; line-height: 170%; }
|
|
| 19 |
+ |
|
| 20 |
+ div.contents { margin: 2em 0em; line-height: 100%; }
|
|
| 21 |
+ .contents dl { margin: 0em 0em; }
|
|
| 22 |
+ .contents a { color: #000000; text-decoration: none; }
|
|
| 23 |
+ .contents a:hover { color: #ffffff; background-color: #333333; }
|
|
| 24 |
+ |
|
| 25 |
+ div.chapter { margin: 3em 0em 3em 0em; }
|
|
| 26 |
+ div.section { margin: 1em 0em 1em 3em; border: 1px solid #ffffff; }
|
|
| 27 |
+ div.section:hover { border: 1px dotted #cccccc; }
|
|
| 28 |
+ .section div,.section p,.section ul,.section li,.section dl { border: 1px solid #ffffff; }
|
|
| 29 |
+ .section p { margin: 1em 0em 1em 1em; text-indent: 1em; }
|
|
| 30 |
+ .section pre { margin: 1em 0em 1em 1em; border: 1px solid #000000; line-height: 120%; }
|
|
| 31 |
+ .section ul,.section ol { margin: 1em 0em 1em 2em; }
|
|
| 32 |
+ .section dl { margin: 1em 0em 1em 1em; }
|
|
| 33 |
+ .section dt { margin: 0em 0em 0em 0em; }
|
|
| 34 |
+ .section dd { margin: 0em 0em 1em 2em; }
|
|
| 35 |
+ .section blockquote { background-color: #ffffff; border: 1px dotted #000000; }
|
|
| 36 |
+ .section *:hover { color: #000000; }
|
|
| 37 |
+ .section div:hover { border: 1px dotted #cccccc; }
|
|
| 38 |
+ .section a:hover { color: #ffffff; }
|
|
| 39 |
+ .section p:hover,.section li:hover,.section dl:hover,.section pre:hover { background-color: #eeffee; }
|
|
| 40 |
+ .section dt:hover,.section dd:hover { background-color: #99ffcc; }
|
|
| 41 |
+ .section code { }
|
|
| 42 |
+ |
|
| 43 |
+# .section dl.tree { margin: 0em 0em 0em 1em; }
|
|
| 44 |
+# dl.tree dd { margin: 0em 0em 0em 1em; }
|
|
| 45 |
+ |
|
| 46 |
+ h2 { color: #ffffff; background-color: #333333; line-height: 150%; }
|
|
| 47 |
+ .section h3,.section h4 { color: #000000; border-bottom: 1px solid #336666; line-height: 150%; }
|
|
| 48 |
+ .section h5,.section h4 { color: #000000; border-bottom: 1px solid #336666; line-height: 100%; }
|
|
| 49 |
+ |
|
| 50 |
+ table { margin: 1em 0em 1em 1em; }
|
|
| 51 |
+ table:hover { background-color: #eeffee; }
|
|
| 52 |
+ tr:hover { background-color: #99ffcc; }
|
|
| 53 |
+ th,td.opt { white-space:nowrap; text-align: left; }
|
|
| 54 |
+ |
|
| 55 |
+ </style> |
|
| 8 | 56 |
</head> |
| 9 | 57 |
<body> |
| 10 | 58 |
|
| 11 | 59 | |
| 12 | 60 |
|
| 13 | ||
| 14 | ||
| 61 | ||
| 62 |
+<dl> |
|
| 63 | ||
| 64 |
+ <dl> |
|
| 65 | ||
| 66 | ||
| 67 | ||
| 68 |
+ <dl> |
|
| 69 | ||
| 70 | ||
| 71 | ||
| 72 | ||
| 73 |
+ </dl> |
|
| 74 |
+ </dd> |
|
| 75 | ||
| 76 |
+ <dl> |
|
| 77 | ||
| 78 | ||
| 79 | ||
| 80 | ||
| 81 |
+ </dl> |
|
| 82 |
+ </dd> |
|
| 83 |
+ </dl> |
|
| 84 |
+ </dd> |
|
| 85 |
+ |
|
| 86 | ||
| 87 |
+ <dl> |
|
| 88 | ||
| 89 | ||
| 90 | ||
| 91 | ||
| 92 |
+ </dl> |
|
| 93 |
+ </dd> |
|
| 94 |
+ |
|
| 95 | ||
| 96 |
+ <dl> |
|
| 97 | ||
| 98 |
+ <dd><a href="#c3.2">3.2. freshclam</a> |
|
| 99 |
+ <dl> |
|
| 100 | ||
| 101 | ||
| 102 | ||
| 103 | ||
| 104 | ||
| 105 | ||
| 106 |
+ </dl> |
|
| 107 |
+ </dd> |
|
| 108 |
+ </dl> |
|
| 109 |
+ </dd> |
|
| 110 |
+ |
|
| 111 | ||
| 112 |
+ <dl> |
|
| 113 |
+ <dd><a href="#c4.1">4.1. clamscan</a> |
|
| 114 |
+ <dl> |
|
| 115 | ||
| 116 | ||
| 117 | ||
| 118 |
+ </dl> |
|
| 119 |
+ </dd> |
|
| 120 |
+ <dd><a href="#c4.2">4.2. clamd</a> |
|
| 121 |
+ <dl> |
|
| 122 |
+ <dd><a href="#c4.2.1">4.2.1. clamd</a></dd> |
|
| 123 | ||
| 124 | ||
| 125 | ||
| 126 |
+ <dd><a href="#c4.2.5">4.2.5. clamdscan</a></dd> |
|
| 127 | ||
| 128 | ||
| 129 |
+ </dl> |
|
| 130 |
+ </dd> |
|
| 131 |
+ <dd><a href="#c4.3">4.3. Dazuko+Clamuko</a> |
|
| 132 |
+ <dl> |
|
| 133 |
+ <dd><a href="#c4.3.1">4.3.1. Dazuko</a></dd> |
|
| 134 |
+ <dd><a href="#c4.3.2">4.3.2. Clamuko</a></dd> |
|
| 135 |
+ </dl> |
|
| 136 |
+ </dd> |
|
| 137 |
+ </dl> |
|
| 138 |
+ </dd> |
|
| 139 |
+ |
|
| 140 | ||
| 141 |
+ <dl> |
|
| 142 |
+ <dd><a href="#c5.1">5.1. MTA</a> |
|
| 143 |
+ <dl> |
|
| 144 |
+ <dd><a href="#c5.1.1">5.1.1. AMaViS/amavisd</a></dd> |
|
| 145 |
+ <dd><a href="#c5.1.2">5.1.2. AMaViS-ng</a></dd> |
|
| 146 |
+ <dd><a href="#c5.1.3">5.1.3. amavisd-new</a></dd> |
|
| 147 |
+ <dd><a href="#c5.1.4">5.1.4. mailscanner</a></dd> |
|
| 148 |
+ <dd><a href="#c5.1.6">5.1.6. OpenProtect</a></dd> |
|
| 149 |
+ <dd><a href="#c5.1.7">5.1.7. clamav-milter</a></dd> |
|
| 150 |
+ <dd><a href="#c5.1.8">5.1.8. mimedefang</a></dd> |
|
| 151 |
+ <dd><a href="#c5.1.9">5.1.9. IVS Milter</a></dd> |
|
| 152 |
+ <dd><a href="#c5.1.10">5.1.10. smtp-vilter</a></dd> |
|
| 153 |
+ <dd><a href="#c5.1.11">5.1.11. j-chkmail</a></dd> |
|
| 154 |
+ <dd><a href="#c5.1.12">5.1.12. nclamd,nclamav-milter</a></dd> |
|
| 155 |
+ <dd><a href="#c5.1.13">5.1.13. qmail-scanner</a></dd> |
|
| 156 |
+ <dd><a href="#c5.1.14">5.1.14. clamdmail</a></dd> |
|
| 157 |
+ <dd><a href="#c5.1.15">5.1.15. qscanq</a></dd> |
|
| 158 |
+ <dd><a href="#c5.1.16">5.1.16. Gadoyanvirus</a></dd> |
|
| 159 |
+ <dd><a href="#c5.1.17">5.1.17. exiscan</a></dd> |
|
| 160 |
+ <dd><a href="#c5.1.18">5.1.18. scanexi</a></dd> |
|
| 161 |
+ <dd><a href="#c5.1.19">5.1.19. sagator</a></dd> |
|
| 162 |
+ <dd><a href="#c5.1.20">5.1.20. cgpav</a></dd> |
|
| 163 |
+ </dl> |
|
| 164 |
+ </dd> |
|
| 165 | ||
| 166 |
+ <dl> |
|
| 167 |
+ <dd><a href="#c5.2.1">5.2.1. POP3 Virus Scanner Daemon</a></dd> |
|
| 168 |
+ <dd><a href="#c5.2.2">5.2.2. Sylpheed-Claws</a></dd> |
|
| 169 |
+ <dd><a href="#c5.2.3">5.2.3. Mutt</a></dd> |
|
| 170 |
+ </dl> |
|
| 171 |
+ </dd> |
|
| 172 | ||
| 173 |
+ <dl> |
|
| 174 |
+ <dd><a href="#c5.3.1">5.3.1. ClamAssassin</a></dd> |
|
| 175 |
+ <dd><a href="#c5.3.2">5.3.2. trashscan</a></dd> |
|
| 176 |
+ <dd><a href="#c5.3.3">5.3.3. mailman-clamav</a></dd> |
|
| 177 |
+ <dd><a href="#c5.3.4">5.3.4. mailgraph</a></dd> |
|
| 178 |
+ </dl> |
|
| 179 |
+ </dd> |
|
| 180 | ||
| 181 |
+ <dl> |
|
| 182 |
+ <dd><a href="#c5.4.1">5.4.1. samba-vscan</a></dd> |
|
| 183 |
+ <dd><a href="#c5.4.2">5.4.2. mod_clamav</a></dd> |
|
| 184 |
+ <dd><a href="#c5.4.3">5.4.3. PureFTPd</a></dd> |
|
| 185 |
+ <dd><a href="#c5.4.4">5.4.4. Viralator</a></dd> |
|
| 186 |
+ </dl> |
|
| 187 |
+ </dd> |
|
| 188 |
+ <dd><a href="#c5.5">5.5. CD-ROM</a> |
|
| 189 |
+ <dl> |
|
| 190 |
+ <dd><a href="#c5.5.1">5.5.1. INSERT</a></dd> |
|
| 191 |
+ <dd><a href="#c5.5.2">5.5.2. Local Area Security</a></dd> |
|
| 192 |
+ </dl> |
|
| 193 |
+ </dd> |
|
| 194 | ||
| 195 |
+ <dl> |
|
| 196 |
+ <dd><a href="#c5.6.1">5.6.1. Mail::ClamAV</a></dd> |
|
| 197 |
+ <dd><a href="#c5.6.2">5.6.2. clamavr</a></dd> |
|
| 198 |
+ <dd><a href="#c5.6.3">5.6.3. wbmclamav</a></dd> |
|
| 199 |
+ <dd><a href="#c5.6.4">5.6.4. Scan Log Analyzer</a></dd> |
|
| 200 |
+ <dd><a href="#c5.6.5">5.6.5. ClamWin Antivirus</a></dd> |
|
| 201 |
+ </dl> |
|
| 202 |
+ </dd> |
|
| 203 |
+ </dl> |
|
| 204 |
+ </dd> |
|
| 205 |
+ |
|
| 206 | ||
| 207 |
+ <dl> |
|
| 208 | ||
| 209 |
+ <dl> |
|
| 210 | ||
| 211 | ||
| 212 | ||
| 213 |
+ </dl> |
|
| 214 |
+ </dd> |
|
| 215 |
+ <dd><a href="#c6.2">6.2. sigtool</a> |
|
| 216 |
+ <dl> |
|
| 217 | ||
| 218 | ||
| 219 |
+ </dl> |
|
| 220 |
+ </dd> |
|
| 221 | ||
| 222 |
+ <dl> |
|
| 223 | ||
| 224 | ||
| 225 | ||
| 226 |
+ </dl> |
|
| 227 |
+ </dd> |
|
| 228 | ||
| 229 |
+ <dl> |
|
| 230 | ||
| 231 | ||
| 232 | ||
| 233 | ||
| 234 | ||
| 235 |
+ </dd> |
|
| 236 |
+ </dl> |
|
| 237 |
+ </dd> |
|
| 15 | 238 |
|
| 16 |
-<h2>1. Clam Antivirus</h2> |
|
| 239 | ||
| 240 |
+ <dl> |
|
| 241 |
+ <dd><a href="#c7.1">7.1. libclamav</a></dd> |
|
| 242 | ||
| 243 |
+ </dl> |
|
| 244 |
+ </dd> |
|
| 17 | 245 |
|
| 18 | ||
| 246 | ||
| 247 |
+ <dd><a href="#c9">9. TODO</a></dd> |
|
| 19 | 248 |
|
| 249 |
+</dl></div> |
|
| 250 |
+ |
|
| 251 | ||
| 252 |
+ |
|
| 253 | ||
| 20 | 254 |
<p> |
| 21 | ||
| 255 | ||
| 22 | 256 |
</p> |
| 23 |
- |
|
| 24 | ||
| 25 |
- |
|
| 257 |
+ </div> |
|
| 258 | ||
| 26 | 259 |
<p> |
| 27 | ||
| 260 | ||
| 28 | 261 |
</p> |
| 29 |
- |
|
| 30 | ||
| 31 |
- |
|
| 32 | ||
| 33 |
- |
|
| 34 | 262 |
<p> |
| 35 | ||
| 263 | ||
| 36 | 264 |
</p> |
| 265 |
+ </div> |
|
| 37 | 266 |
|
| 38 | ||
| 267 | ||
| 39 | 268 |
|
| 40 |
- <p> |
|
| 41 | ||
| 42 |
- </p> |
|
| 43 |
- |
|
| 44 |
- <pre><code> |
|
| 45 | ||
| 46 |
- |
|
| 47 |
- # groupadd clamav |
|
| 48 |
- # useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav |
|
| 269 | ||
| 270 |
+ <p> |
|
| 271 | ||
| 272 |
+ </p> |
|
| 273 |
+ <p> |
|
| 274 | ||
| 275 |
+ </p> |
|
| 276 |
+ <p> |
|
| 277 | ||
| 278 |
+ </p> |
|
| 279 |
+ <ul> |
|
| 280 |
+ <li> |
|
| 281 | ||
| 282 | ||
| 283 |
+ </li> |
|
| 284 |
+ <li> |
|
| 285 | ||
| 286 | ||
| 287 |
+ </li> |
|
| 288 |
+ <li> |
|
| 289 | ||
| 290 | ||
| 291 | ||
| 292 | ||
| 293 | ||
| 294 |
+ </li> |
|
| 295 |
+ </ul> |
|
| 296 |
+ <p> |
|
| 297 | ||
| 298 |
+ </p> |
|
| 299 |
+ <blockquote cite="http://www.mail-archive.com/clamav-users@lists.sourceforge.net/msg07466.html"> |
|
| 300 | ||
| 301 | ||
| 302 | ||
| 303 | ||
| 304 |
+ </blockquote> |
|
| 305 |
+ <p> |
|
| 306 | ||
| 307 |
+ </p> |
|
| 308 |
+ </div> |
|
| 309 | ||
| 310 |
+ <p> |
|
| 311 | ||
| 312 |
+ </p> |
|
| 313 |
+ <p> |
|
| 314 | ||
| 315 |
+ </p> |
|
| 316 |
+ <p> |
|
| 317 | ||
| 318 |
+ </p> |
|
| 319 |
+ </div> |
|
| 320 | ||
| 321 |
+ <p> |
|
| 322 | ||
| 323 |
+ </p> |
|
| 324 |
+ </div> |
|
| 325 | ||
| 326 |
+ <p> |
|
| 327 | ||
| 328 |
+ </p> |
|
| 329 |
+ <p> |
|
| 330 | ||
| 331 |
+ </p> |
|
| 332 |
+ </div> |
|
| 49 | 333 |
|
| 334 |
+ </div> |
|
| 50 | 335 |
|
| 51 | ||
| 52 |
- |
|
| 53 |
- $ sudo niutil -create / /groups/clamav |
|
| 54 |
- $ sudo niutil -createprop / /groups/clamav gid 402 |
|
| 55 |
- $ sudo niutil -createprop / /groups/clamav passwd '*' |
|
| 56 |
- $ sudo niutil -create / /users/clamav |
|
| 57 |
- $ sudo niutil -createprop / /users/clamav uid 402 |
|
| 58 |
- $ sudo niutil -createprop / /users/clamav gid 402 |
|
| 59 |
- $ sudo niutil -createprop / /users/clamav passwd '*' |
|
| 60 |
- $ sudo niutil -createprop / /users/clamav realname 'Clam Antivirus' |
|
| 61 |
- $ sudo niutil -createprop / /users/clamav home /dev/null |
|
| 62 |
- $ sudo niutil -createprop / /users/clamav shell /dev/null |
|
| 63 |
- |
|
| 64 | ||
| 65 |
- </code></pre> |
|
| 336 | ||
| 66 | 337 |
|
| 67 | ||
| 68 |
- |
|
| 338 | ||
| 339 |
+ <p> |
|
| 340 | ||
| 341 | ||
| 342 |
+ </p> |
|
| 343 |
+ </div> |
|
| 344 | ||
| 345 |
+ <p> |
|
| 346 | ||
| 347 |
+ </p> |
|
| 348 |
+ </div> |
|
| 349 | ||
| 350 |
+ <p> |
|
| 351 | ||
| 352 |
+ </p> |
|
| 353 |
+ </div> |
|
| 354 | ||
| 355 |
+ <p> |
|
| 356 | ||
| 357 |
+ </p> |
|
| 358 |
+ </div> |
|
| 359 |
+ </div> |
|
| 360 |
+ |
|
| 361 |
+</div> |
|
| 362 |
+ |
|
| 363 | ||
| 364 |
+ |
|
| 365 | ||
| 366 |
+ <p> |
|
| 367 | ||
| 368 |
+ </p> |
|
| 369 |
+ </div> |
|
| 370 | ||
| 371 |
+ <p> |
|
| 372 | ||
| 373 |
+ </p> |
|
| 374 |
+ </div> |
|
| 375 | ||
| 69 | 376 |
<p> |
| 70 | ||
| 377 | ||
| 71 | 378 |
</p> |
| 72 | 379 |
|
| 380 |
+ <ul> |
|
| 381 | ||
| 382 |
+ <pre><code> |
|
| 383 |
+ # groupadd clamav |
|
| 384 |
+ # useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav |
|
| 385 |
+ </code></pre> |
|
| 386 |
+ </li> |
|
| 387 | ||
| 388 |
+ <pre><code> |
|
| 389 |
+ $ echo 'clamav:*:402:Clam AntiVirus' | sudo niload group / |
|
| 390 |
+ $ echo 'clamav:*:402:402::0:0:Clam Antivirus:/tmp:/dev/null' | \ |
|
| 391 |
+ > sudo niload passwd / |
|
| 392 |
+ </code></pre> |
|
| 393 | ||
| 394 |
+ </li> |
|
| 395 |
+ </ul> |
|
| 396 |
+ </div> |
|
| 397 | ||
| 398 | ||
| 399 |
+ |
|
| 73 | 400 |
<pre><code> |
| 74 |
- $ zcat clamav-0.23.tar.gz | tar xvf - |
|
| 75 |
- $ cd clamav-0.23 |
|
| 401 |
+ $ zcat clamav-0.xx.tar.gz | tar xvf - |
|
| 402 |
+ $ cd clamav-0.xx |
|
| 76 | 403 |
$ ./configure |
| 77 | 404 |
$ make |
| 78 | 405 |
$ sudo make install |
| 79 | 406 |
</code></pre> |
| 80 | 407 |
|
| 81 | ||
| 408 | ||
| 409 |
+ |
|
| 410 |
+ <pre><code> |
|
| 411 |
+ $ sudo /usr/local/bin/freshclam |
|
| 412 |
+ </code></pre> |
|
| 413 |
+ |
|
| 414 |
+ </div> |
|
| 415 |
+</div> |
|
| 82 | 416 |
|
| 83 |
- <h3>3.1 clamscan</h3> |
|
| 417 | ||
| 84 | 418 |
|
| 419 | ||
| 85 | 420 |
<p> |
| 86 | ||
| 421 | ||
| 87 | 422 |
</p> |
| 88 | ||
| 89 | 423 |
<dl> |
| 424 |
+ <dt>main.cvd</dt> |
|
| 425 | ||
| 426 |
+ <dt>daily.cvd</dt> |
|
| 427 | ||
| 428 |
+ <dt>mirrors.txt</dt> |
|
| 429 | ||
| 430 | ||
| 431 | ||
| 432 |
+ </dl> |
|
| 433 |
+ </div> |
|
| 434 |
+ <div class="section" id="c3.2"><h3>3.2. freshclam</h3> |
|
| 435 | ||
| 436 |
+ |
|
| 437 | ||
| 438 |
+ <dl> |
|
| 439 |
+ <dt># freshclam</dt> |
|
| 440 | ||
| 441 |
+ <dt># freshclam -d -c 24</dt> |
|
| 442 | ||
| 443 |
+ </dl> |
|
| 444 |
+ </div> |
|
| 445 |
+ |
|
| 446 | ||
| 447 |
+ <table class="cmdoption"> |
|
| 448 |
+ <tr> |
|
| 449 |
+ <th>--help</th><td class="opt">-h</td> |
|
| 450 | ||
| 451 |
+ </tr> |
|
| 452 |
+ <tr> |
|
| 453 |
+ <th>--version</th><td class="opt">-V</td> |
|
| 454 | ||
| 455 |
+ </tr> |
|
| 456 |
+ <tr> |
|
| 457 |
+ <th>--verbose</th><td class="opt">-v</td> |
|
| 458 | ||
| 459 |
+ </tr> |
|
| 460 |
+ <tr> |
|
| 461 |
+ <th>--debug</th><td class="opt"> </td> |
|
| 462 | ||
| 463 |
+ </tr> |
|
| 464 |
+ <tr> |
|
| 465 |
+ <th>--quiet</th><td class="opt"> </td> |
|
| 466 | ||
| 467 |
+ </tr> |
|
| 468 |
+ <tr> |
|
| 469 |
+ <th>--stdout</th><td class="opt"> </td> |
|
| 470 | ||
| 471 |
+ </tr> |
|
| 472 |
+ <tr> |
|
| 473 |
+ <th>--log=FILE</th><td class="opt">-l FILE</td> |
|
| 474 | ||
| 475 |
+ </tr> |
|
| 476 |
+ <tr> |
|
| 477 |
+ <th>--log-verbose</th><td class="opt"> </td> |
|
| 478 | ||
| 479 |
+ </tr> |
|
| 480 |
+ <tr> |
|
| 481 |
+ <th>--config-file=FILE</th><td class="opt"> </td> |
|
| 482 | ||
| 483 |
+ </tr> |
|
| 484 |
+ <tr> |
|
| 485 |
+ <th>--daemon</th><td class="opt">-d</td> |
|
| 486 | ||
| 487 |
+ </tr> |
|
| 488 |
+ <tr> |
|
| 489 |
+ <th>--pid=FILE</th><td class="opt">-p FILE</td> |
|
| 490 | ||
| 491 |
+ </tr> |
|
| 492 |
+ <tr> |
|
| 493 |
+ <th>--user=USER</th><td class="opt">-u USER</td> |
|
| 494 | ||
| 495 |
+ </tr> |
|
| 496 |
+ <tr> |
|
| 497 |
+ <th>--datadir=DIRECTORY</th><td class="opt"> </td> |
|
| 498 | ||
| 499 |
+ </tr> |
|
| 500 |
+ <tr> |
|
| 501 |
+ <th>--checks=#n</th><td class="opt">-c #n</td> |
|
| 502 | ||
| 503 |
+ </tr> |
|
| 504 |
+ <tr> |
|
| 505 |
+ <th>--daemon-notify[=/path/clamav.conf]</th><td class="opt"> </td> |
|
| 506 | ||
| 507 |
+ </tr> |
|
| 508 |
+ <tr> |
|
| 509 |
+ <th>--http-proxy=hostname[:port]</th><td class="opt"> </td> |
|
| 510 | ||
| 511 |
+ </tr> |
|
| 512 |
+ <tr> |
|
| 513 |
+ <th>--proxy-user=user:password</th><td class="opt"> </td> |
|
| 514 | ||
| 515 |
+ </tr> |
|
| 516 |
+ <tr> |
|
| 517 |
+ <th>--on-error-execute=COMMAND</th><td class="opt"> </td> |
|
| 518 | ||
| 519 |
+ </tr> |
|
| 520 |
+ <tr> |
|
| 521 |
+ <th>--on-update-execute=COMMAND</th><td class="opt"> </td> |
|
| 522 | ||
| 523 |
+ </tr> |
|
| 524 |
+ </table> |
|
| 525 |
+ </div> |
|
| 526 | ||
| 527 |
+ <ol> |
|
| 528 |
+ <li> |
|
| 529 | ||
| 530 |
+ <pre><code> |
|
| 531 |
+ # touch /var/log/clam-update.log |
|
| 532 |
+ # chmod 644 /var/log/clam-update.log |
|
| 533 |
+ # chown clamav /var/log/clam-update.log |
|
| 534 |
+ </code></pre> |
|
| 535 |
+ </li> |
|
| 536 |
+ <li> |
|
| 537 | ||
| 538 |
+ <pre><code>34 * * * * clamav /usr/local/bin/freshclam --quiet |
|
| 539 |
+ -l /var/log/clam-update.log</code></pre> |
|
| 540 |
+ </li> |
|
| 541 |
+ </ol> |
|
| 542 |
+ </div> |
|
| 543 | ||
| 544 |
+ <p> |
|
| 545 | ||
| 546 |
+ </p> |
|
| 547 |
+ </div> |
|
| 548 | ||
| 549 |
+ <p> |
|
| 550 | ||
| 551 |
+ </p> |
|
| 552 |
+ </div> |
|
| 553 |
+ |
|
| 554 | ||
| 555 |
+ <table> |
|
| 556 | ||
| 557 | ||
| 558 | ||
| 559 |
+ </table> |
|
| 560 |
+ </div> |
|
| 561 |
+ |
|
| 562 |
+ </div> |
|
| 563 |
+ |
|
| 564 |
+</div> |
|
| 565 |
+ |
|
| 566 | ||
| 567 |
+ |
|
| 568 |
+ <div class="section" id="c4.1"><h3>4.1. clamscan</h3> |
|
| 569 | ||
| 570 |
+ |
|
| 571 | ||
| 572 |
+ <ul> |
|
| 573 | ||
| 574 |
+ <table class="cmdoption"> |
|
| 575 |
+ <tr> |
|
| 576 |
+ <th>--help</th><td class="opt">-h</td> |
|
| 577 | ||
| 578 |
+ </tr> |
|
| 579 |
+ <tr> |
|
| 580 |
+ <th>--version</th><td class="opt">-V</td> |
|
| 581 | ||
| 582 |
+ </tr> |
|
| 583 |
+ <tr> |
|
| 584 |
+ <th>--verbose</th><td class="opt">-v</td> |
|
| 585 | ||
| 586 |
+ </tr> |
|
| 587 |
+ <tr> |
|
| 588 |
+ <th>--debug</th><td class="opt"> </td> |
|
| 589 | ||
| 590 |
+ </tr> |
|
| 591 |
+ <tr> |
|
| 592 |
+ <th>--quiet</th><td class="opt"> </td> |
|
| 593 | ||
| 594 |
+ </tr> |
|
| 595 |
+ <tr> |
|
| 596 |
+ <th>--stdout</th><td class="opt"> </td> |
|
| 597 | ||
| 598 |
+ </tr> |
|
| 599 |
+ <tr> |
|
| 600 |
+ <th>--log=FILE</th><td class="opt">-l FILE</td> |
|
| 601 | ||
| 602 |
+ </tr> |
|
| 603 |
+ <tr> |
|
| 604 |
+ <th>--log-verbose</th><td class="opt"> </td> |
|
| 605 | ||
| 606 |
+ </tr> |
|
| 607 |
+ <tr> |
|
| 608 |
+ <th>--disable-summary</th><td class="opt"> </td> |
|
| 609 | ||
| 610 |
+ </tr> |
|
| 611 |
+ <tr> |
|
| 612 |
+ <th>--infected</th><td class="opt">-i</td> |
|
| 613 | ||
| 614 |
+ </tr> |
|
| 615 |
+ <tr> |
|
| 616 |
+ <th>--bell</th><td class="opt"></td> |
|
| 617 | ||
| 618 |
+ </tr> |
|
| 619 |
+ </table> |
|
| 620 |
+ </li> |
|
| 621 | ||
| 622 |
+ <table class="cmdoption"> |
|
| 623 |
+ <tr> |
|
| 624 |
+ <th>--tempdir=DIRECTORY</td><td class="opt"> </td> |
|
| 625 | ||
| 626 |
+ </tr> |
|
| 627 |
+ <tr> |
|
| 628 |
+ <th>--database=FILE/DIR</td><td class="opt">-d FILE/DIR</td> |
|
| 629 | ||
| 630 |
+ </tr> |
|
| 631 |
+ <tr> |
|
| 632 |
+ <th>--recursive</td><td class="opt">-r</td> |
|
| 633 | ||
| 634 |
+ </tr> |
|
| 635 |
+ <tr> |
|
| 636 |
+ <th>--exclude=PATT</td><td class="opt"> </td> |
|
| 637 | ||
| 638 |
+ </tr> |
|
| 639 |
+ <tr> |
|
| 640 |
+ <th>--include=PATT</td><td class="opt"> </td> |
|
| 641 | ||
| 642 |
+ </tr> |
|
| 643 |
+ <tr> |
|
| 644 |
+ <th>--remove</td><td class="opt"> </td> |
|
| 645 | ||
| 646 |
+ </tr> |
|
| 647 |
+ <tr> |
|
| 648 |
+ <th>--move=DIRECTORY</td><td class="opt"> </td> |
|
| 649 | ||
| 650 |
+ </tr> |
|
| 651 |
+ <tr> |
|
| 652 |
+ <th>--force</td><td class="opt"> </td> |
|
| 653 | ||
| 654 |
+ </tr> |
|
| 655 |
+ </table> |
|
| 656 |
+ </li> |
|
| 657 | ||
| 658 |
+ <table class="cmdoption"> |
|
| 659 |
+ <tr> |
|
| 660 |
+ <th>--mbox</td><td class="opt">-m</td> |
|
| 661 | ||
| 662 |
+ </tr> |
|
| 663 |
+ <tr> |
|
| 664 |
+ <th>--no-ole2</td><td class="opt"> </td> |
|
| 665 | ||
| 666 |
+ </tr> |
|
| 667 |
+ <tr> |
|
| 668 |
+ <th>--no-archive</td><td class="opt"> </td> |
|
| 669 | ||
| 670 |
+ </tr> |
|
| 671 |
+ <tr> |
|
| 672 |
+ <th>--detect-encrypted</td><td class="opt"> </td> |
|
| 673 |
+ <td></td> |
|
| 674 |
+ </tr> |
|
| 675 |
+ <tr> |
|
| 676 |
+ <th>--max-files=#n</td><td class="opt"> </td> |
|
| 677 | ||
| 678 |
+ </tr> |
|
| 679 |
+ <tr> |
|
| 680 |
+ <th>--max-space=#n</td><td class="opt"> </td> |
|
| 681 | ||
| 682 |
+ </tr> |
|
| 683 |
+ <tr> |
|
| 684 |
+ <th>--max-recursion=#n</td><td class="opt"> </td> |
|
| 685 | ||
| 686 |
+ </tr> |
|
| 687 |
+ <tr> |
|
| 688 |
+ <th>--unzip=[FULLPATH]</td><td class="opt"> </td> |
|
| 689 | ||
| 690 |
+ </tr> |
|
| 691 |
+ <tr> |
|
| 692 |
+ <th>--unrar=[FULLPATH]</td><td class="opt"> </td> |
|
| 693 | ||
| 694 |
+ </tr> |
|
| 695 |
+ <tr> |
|
| 696 |
+ <th>--unace=[FULLPATH]</td><td class="opt"> </td> |
|
| 697 | ||
| 698 |
+ </tr> |
|
| 699 |
+ <tr> |
|
| 700 |
+ <th>--unarj=[FULLPATH]</td><td class="opt"> </td> |
|
| 701 | ||
| 702 |
+ </tr> |
|
| 703 |
+ <tr> |
|
| 704 |
+ <th>--unzoo=[FULLPATH]</td><td class="opt"> </td> |
|
| 705 | ||
| 706 |
+ </tr> |
|
| 707 |
+ <tr> |
|
| 708 |
+ <th>--lha=[FULLPATH]</td><td class="opt"> </td> |
|
| 709 | ||
| 710 |
+ </tr> |
|
| 711 |
+ <tr> |
|
| 712 |
+ <th>--jar=[FULLPATH]</td><td class="opt"> </td> |
|
| 713 | ||
| 714 |
+ </tr> |
|
| 715 |
+ <tr> |
|
| 716 |
+ <th>--deb=[FULLPATH]</td><td class="opt"> </td> |
|
| 717 | ||
| 718 |
+ </tr> |
|
| 719 |
+ <tr> |
|
| 720 |
+ <th>--tar=[FULLPATH]</td><td class="opt"> </td> |
|
| 721 | ||
| 722 |
+ </tr> |
|
| 723 |
+ <tr> |
|
| 724 |
+ <th>--tgz=[FULLPATH]</td><td class="opt"> </td> |
|
| 725 | ||
| 726 |
+ </tr> |
|
| 727 |
+ </table> |
|
| 728 | ||
| 729 |
+ </li> |
|
| 730 |
+ </ul> |
|
| 731 |
+ </div> |
|
| 732 |
+ |
|
| 733 | ||
| 734 |
+ <dl> |
|
| 90 | 735 |
<dt>$ clamscan <file></dt> |
| 91 | ||
| 736 | ||
| 92 | 737 |
<dt>$ cat <file> | clamscan -</dt> |
| 93 | ||
| 738 | ||
| 94 | 739 |
<dt>$ clamscan</dt> |
| 95 | ||
| 740 | ||
| 96 | 741 |
<dt>$ clamscan -r [<dir>]</dt> |
| 97 | ||
| 98 |
- </dl> |
|
| 742 | ||
| 743 |
+ <dt># clamscan -r --mbox /var/spool/mail</dt> |
|
| 744 | ||
| 745 |
+ <dt>$ clamscan -d /tmp/newclamdb --max-space=50m -r /tmp</dt> |
|
| 746 | ||
| 747 |
+ </dl> |
|
| 748 |
+ </div> |
|
| 99 | 749 |
|
| 100 | ||
| 750 | ||
| 751 | ||
| 752 |
+ <table> |
|
| 753 | ||
| 754 | ||
| 755 | ||
| 756 |
+ </table> |
|
| 757 |
+ </div> |
|
| 758 |
+ |
|
| 759 |
+ </div> |
|
| 760 |
+ |
|
| 761 |
+ <div class="section" id="c4.2"><h3>4.2. clamd</h3> |
|
| 762 |
+ |
|
| 763 |
+ <div class="section" id="c4.2.1"><h4>4.2.1. clamd</h4> |
|
| 764 |
+ <p> |
|
| 765 | ||
| 766 |
+ </p> |
|
| 767 |
+ <p> |
|
| 768 | ||
| 769 |
+ </p> |
|
| 770 |
+ <p> |
|
| 771 | ||
| 772 |
+ </p> |
|
| 773 |
+ </div> |
|
| 774 | ||
| 775 |
+ <p> |
|
| 776 | ||
| 777 |
+ </p> |
|
| 778 | ||
| 779 |
+ <table class="config"> |
|
| 780 | ||
| 781 |
+ <tr> |
|
| 782 |
+ <th>Example</th><td> </td> |
|
| 783 | ||
| 784 |
+ </tr> |
|
| 785 |
+ <tr> |
|
| 786 |
+ <th>Foreground</th><td> </td> |
|
| 787 | ||
| 788 |
+ </tr> |
|
| 789 |
+ <tr> |
|
| 790 |
+ <th>Debug</th><td> </td> |
|
| 791 | ||
| 792 |
+ </tr> |
|
| 793 |
+ <tr> |
|
| 794 |
+ <th>PidFile</th><td>PATH</td> |
|
| 795 | ||
| 796 |
+ </tr> |
|
| 797 |
+ <tr> |
|
| 798 |
+ <th>DatabaseDirectory</th><td>PATH</td> |
|
| 799 | ||
| 800 |
+ </tr> |
|
| 801 |
+ <tr> |
|
| 802 |
+ <th>SelfCheck</th><td>SECOND</td> |
|
| 803 | ||
| 804 |
+ </tr> |
|
| 805 |
+ <tr> |
|
| 806 |
+ <th>User</th><td>USERNAME</td> |
|
| 807 | ||
| 808 |
+ </tr> |
|
| 809 |
+ <tr> |
|
| 810 |
+ <th>AllowSupplementaryGroups</th><td> </td> |
|
| 811 | ||
| 812 |
+ </tr> |
|
| 813 |
+ <tr> |
|
| 814 |
+ <th>TemporaryDirectory</th><td>PATH</td> |
|
| 815 | ||
| 816 |
+ </tr> |
|
| 817 |
+ <tr> |
|
| 818 |
+ <th>FixStaleSocket</th><td> </td> |
|
| 819 | ||
| 820 |
+ </tr> |
|
| 821 |
+ <tr> |
|
| 822 |
+ <th>VirusEvent</th><td>COMMAND ...</td> |
|
| 823 | ||
| 824 |
+ </tr> |
|
| 825 |
+ </table> |
|
| 826 | ||
| 827 |
+ <table class="config"> |
|
| 828 | ||
| 829 |
+ <tr> |
|
| 830 |
+ <th>LocalSocket</th><td>PATH</td> |
|
| 831 | ||
| 832 |
+ </tr> |
|
| 833 |
+ <tr> |
|
| 834 |
+ <th>TCPAddr</th><td>IP</td> |
|
| 835 | ||
| 836 |
+ </tr> |
|
| 837 |
+ <tr> |
|
| 838 |
+ <th>TCPSocket</th><td>NUMBER</td> |
|
| 839 | ||
| 840 |
+ </tr> |
|
| 841 |
+ <tr> |
|
| 842 |
+ <th>MaxConnectionQueueLength</th><td>NUMBER</td> |
|
| 843 | ||
| 844 |
+ </tr> |
|
| 845 |
+ <tr> |
|
| 846 |
+ <th>MaxThreads</th><td>NUMBER</td> |
|
| 847 | ||
| 848 |
+ </tr> |
|
| 849 |
+ <tr> |
|
| 850 |
+ <th>ReadTimeout</th><td>NUMBER</td> |
|
| 851 | ||
| 852 |
+ </tr> |
|
| 853 |
+ <tr> |
|
| 854 |
+ <th>StreamSaveToDisk</th><td> </td> |
|
| 855 | ||
| 856 |
+ </tr> |
|
| 857 |
+ <tr> |
|
| 858 |
+ <th>StreamMaxLength</th><td>SIZE</td> |
|
| 859 | ||
| 860 |
+ </tr> |
|
| 861 |
+ <tr> |
|
| 862 |
+ <th>MaxDirectoryRecursion</th><td>NUMBER</td> |
|
| 863 | ||
| 864 |
+ </tr> |
|
| 865 |
+ <tr> |
|
| 866 |
+ <th>FollowDirectorySymlinks</th><td> </td> |
|
| 867 | ||
| 868 |
+ </tr> |
|
| 869 |
+ <tr> |
|
| 870 |
+ <th>FollowFileSymlinks</th><td> </td> |
|
| 871 | ||
| 872 |
+ </tr> |
|
| 873 |
+ </table> |
|
| 874 | ||
| 875 |
+ <table class="config"> |
|
| 876 | ||
| 877 |
+ <tr> |
|
| 878 |
+ <th>LogFile</th><td>PATH</td> |
|
| 879 | ||
| 880 |
+ </tr> |
|
| 881 |
+ <tr> |
|
| 882 |
+ <th>LogFileUnlock</th><td> </td> |
|
| 883 | ||
| 884 |
+ </tr> |
|
| 885 |
+ <tr> |
|
| 886 |
+ <th>LogFileMaxSize</th><td>SIZE</td> |
|
| 887 | ||
| 888 |
+ </tr> |
|
| 889 |
+ <tr> |
|
| 890 |
+ <th>LogTime</th><td> </td> |
|
| 891 | ||
| 892 |
+ </tr> |
|
| 893 |
+ <tr> |
|
| 894 |
+ <th>LogSyslog</th><td> </td> |
|
| 895 | ||
| 896 |
+ </tr> |
|
| 897 |
+ <tr> |
|
| 898 |
+ <th>LogVerbose</th><td> </td> |
|
| 899 | ||
| 900 |
+ </tr> |
|
| 901 |
+ </table> |
|
| 902 | ||
| 903 |
+ <table class="config"> |
|
| 904 | ||
| 905 |
+ <tr> |
|
| 906 |
+ <th>ScanOLE2</th><td> </td> |
|
| 907 | ||
| 908 |
+ </tr> |
|
| 909 |
+ <tr> |
|
| 910 |
+ <th>ScanMail</th><td> </td> |
|
| 911 | ||
| 912 |
+ </tr> |
|
| 913 |
+ <tr> |
|
| 914 |
+ <th>ScanArchive</th><td> </td> |
|
| 915 | ||
| 916 |
+ </tr> |
|
| 917 |
+ <tr> |
|
| 918 |
+ <th>ScanRAR</th><td> </td> |
|
| 919 | ||
| 920 |
+ </tr> |
|
| 921 |
+ <tr> |
|
| 922 |
+ <th>ArchiveBlockEncrypted</th><td> </td> |
|
| 923 | ||
| 924 |
+ </tr> |
|
| 925 |
+ <tr> |
|
| 926 |
+ <th>ArchiveMaxFileSize</th><td>SIZE</td> |
|
| 927 | ||
| 928 |
+ </tr> |
|
| 929 |
+ <tr> |
|
| 930 |
+ <th>ArchiveMaxRecursion</th><td>NUMBER</td> |
|
| 931 | ||
| 932 |
+ </tr> |
|
| 933 |
+ <tr> |
|
| 934 |
+ <th>ArchiveMaxFiles</th><td>NUMBER</td> |
|
| 935 | ||
| 936 |
+ </tr> |
|
| 937 |
+ <tr> |
|
| 938 |
+ <th>ArchiveMaxCompressionRatio</th><td>NUMBER</td> |
|
| 939 | ||
| 940 |
+ </tr> |
|
| 941 |
+ <tr> |
|
| 942 |
+ <th>ArchiveLimitMemoryUsage</th><td> </td> |
|
| 943 | ||
| 944 |
+ </tr> |
|
| 945 |
+ </table> |
|
| 946 | ||
| 947 |
+ <table class="config"> |
|
| 948 | ||
| 949 |
+ <tr> |
|
| 950 |
+ <th>ClamukoScanOnLine</th><td> </td> |
|
| 951 | ||
| 952 |
+ </tr> |
|
| 953 |
+ <tr> |
|
| 954 |
+ <th>ClamukoScanOnOpen</th><td> </td> |
|
| 955 | ||
| 956 |
+ </tr> |
|
| 957 |
+ <tr> |
|
| 958 |
+ <th>ClamukoScanOnClose</th><td> </td> |
|
| 959 | ||
| 960 |
+ </tr> |
|
| 961 |
+ <tr> |
|
| 962 |
+ <th>ClamukoScanOnExec</th><td> </td> |
|
| 963 | ||
| 964 |
+ </tr> |
|
| 965 |
+ <tr> |
|
| 966 |
+ <th>ClamukoIncludePath</th><td>PATH</td> |
|
| 967 | ||
| 968 |
+ </tr> |
|
| 969 |
+ <tr> |
|
| 970 |
+ <th>ClamukoExcludePath</th><td>PATH</td> |
|
| 971 | ||
| 972 |
+ </tr> |
|
| 973 |
+ <tr> |
|
| 974 |
+ <th>ClamukoMaxFileSize</th><td>SIZE</td> |
|
| 975 | ||
| 976 |
+ </tr> |
|
| 977 |
+ <tr> |
|
| 978 |
+ <th>ClamukoScanArchive</th><td> </td> |
|
| 979 | ||
| 980 |
+ </tr> |
|
| 981 |
+ </table> |
|
| 982 |
+ </div> |
|
| 983 |
+ |
|
| 984 | ||
| 985 |
+ <dl> |
|
| 986 |
+ <dt># clamd</dt> |
|
| 987 | ||
| 988 |
+ <dt># clamd -c /home/clamav/clamav.conf</dt> |
|
| 989 | ||
| 990 |
+ <dt># clamd --debug</dt> |
|
| 991 | ||
| 992 | ||
| 993 | ||
| 994 | ||
| 995 | ||
| 996 | ||
| 997 | ||
| 998 |
+ </dl> |
|
| 999 |
+ </div> |
|
| 1000 |
+ |
|
| 1001 | ||
| 1002 | ||
| 1003 |
+ <table> |
|
| 1004 |
+ <tr> |
|
| 1005 |
+ <th>PING</th> |
|
| 1006 | ||
| 1007 |
+ </tr> |
|
| 1008 |
+ <tr> |
|
| 1009 |
+ <th>VERSION</th> |
|
| 1010 | ||
| 1011 |
+ </tr> |
|
| 1012 |
+ <tr> |
|
| 1013 |
+ <th>RELOAD</th> |
|
| 1014 | ||
| 1015 |
+ </tr> |
|
| 1016 |
+ <tr> |
|
| 1017 |
+ <th>SHUTDOWN</th> |
|
| 1018 | ||
| 1019 |
+ </tr> |
|
| 1020 |
+ <tr> |
|
| 1021 |
+ <th>SCAN <PATH></th> |
|
| 1022 | ||
| 1023 |
+ </tr> |
|
| 1024 |
+ <tr> |
|
| 1025 |
+ <th>RAWSCAN <PATH></th> |
|
| 1026 | ||
| 1027 |
+ </tr> |
|
| 1028 |
+ <tr> |
|
| 1029 |
+ <th>CONTSCAN <PATH></th> |
|
| 1030 | ||
| 1031 |
+ </tr> |
|
| 1032 |
+ <tr> |
|
| 1033 |
+ <th>STREAM</th> |
|
| 1034 | ||
| 1035 |
+ </tr> |
|
| 1036 |
+ <tr> |
|
| 1037 |
+ <th>SESSION/END</th> |
|
| 1038 | ||
| 1039 |
+ </tr> |
|
| 1040 |
+ </table> |
|
| 1041 | ||
| 1042 | ||
| 1043 | ||
| 1044 |
+ <pre><code> |
|
| 1045 |
+$ telnet localhost 3310 |
|
| 1046 |
+Trying 127.0.0.1... |
|
| 1047 |
+Connected to localhost. |
|
| 1048 |
+Escape character is '^]'. |
|
| 1049 |
+PING |
|
| 1050 |
+PONG |
|
| 1051 |
+Connection closed by foreign host. |
|
| 1052 |
+ </code></pre> |
|
| 1053 |
+ </li> |
|
| 1054 | ||
| 1055 |
+ <pre><code> |
|
| 1056 |
+$ telnet localhost 3310 |
|
| 1057 |
+Trying 127.0.0.1... |
|
| 1058 |
+Connected to localhost. |
|
| 1059 |
+Escape character is '^]'. |
|
| 1060 |
+RELOAD |
|
| 1061 |
+RELOADING |
|
| 1062 |
+Connection closed by foreign host. |
|
| 1063 |
+ </code></pre> |
|
| 1064 |
+ </li> |
|
| 1065 | ||
| 1066 |
+ <pre><code> |
|
| 1067 |
+$ telnet localhost 3310 |
|
| 1068 |
+Trying 127.0.0.1... |
|
| 1069 |
+Connected to localhost. |
|
| 1070 |
+Escape character is '^]'. |
|
| 1071 |
+SCAN /tmp/virus |
|
| 1072 |
+/tmp/virus/bugbear.virus: W32.BugBear.A FOUND |
|
| 1073 |
+Connection closed by foreign host. |
|
| 1074 |
+ </code></pre> |
|
| 1075 |
+ </li> |
|
| 1076 | ||
| 1077 |
+ <pre><code> |
|
| 1078 |
+$ telnet localhost 3310 |
|
| 1079 |
+Trying 127.0.0.1... |
|
| 1080 |
+Connected to localhost. |
|
| 1081 |
+Escape character is '^]'. |
|
| 1082 |
+CONTSCAN /tmp/virus |
|
| 1083 |
+/tmp/virus/bugbear.virus: W32.BugBear.A FOUND |
|
| 1084 |
+/tmp/virus/klez.virus: Worm.Klez.H FOUND |
|
| 1085 |
+/tmp/virus/clamav.test: ClamAV-Test-Signature FOUND |
|
| 1086 |
+/tmp/virus/mydoom.virus: Worm.SCO.A FOUND |
|
| 1087 |
+/tmp/virus/netsky_q.virus: Worm.SomeFool.Q FOUND |
|
| 1088 |
+Connection closed by foreign host. |
|
| 1089 |
+ </code></pre> |
|
| 1090 |
+ </li></ul> |
|
| 1091 |
+ </div> |
|
| 1092 |
+ |
|
| 1093 |
+ <div class="section" id="c4.2.5"><h4>4.2.5. clamdscan</h4> |
|
| 1094 |
+ <p> |
|
| 1095 | ||
| 1096 |
+ </p> |
|
| 1097 |
+ <p> |
|
| 1098 | ||
| 1099 |
+ </p> |
|
| 1100 |
+ </div> |
|
| 1101 |
+ |
|
| 1102 | ||
| 1103 | ||
| 1104 |
+ <table class="cmdoption"> |
|
| 1105 |
+ <tr> |
|
| 1106 |
+ <th>--help</th><td class="opt">-h</td> |
|
| 1107 | ||
| 1108 |
+ </tr> |
|
| 1109 |
+ <tr> |
|
| 1110 |
+ <th>--version</th><td class="opt">-V</td> |
|
| 1111 | ||
| 1112 |
+ </tr> |
|
| 1113 |
+ <tr> |
|
| 1114 |
+ <th>--verbose</th><td class="opt">-v</td> |
|
| 1115 | ||
| 1116 |
+ </tr> |
|
| 1117 |
+ <tr> |
|
| 1118 |
+ <th>--quiet</th><td class="opt"> </td> |
|
| 1119 | ||
| 1120 |
+ </tr> |
|
| 1121 |
+ <tr> |
|
| 1122 |
+ <th>--stdout</th><td class="opt"> </td> |
|
| 1123 | ||
| 1124 |
+ </tr> |
|
| 1125 |
+ <tr> |
|
| 1126 |
+ <th>--log=FILE</th><td class="opt">-l FILE</td> |
|
| 1127 | ||
| 1128 |
+ </tr> |
|
| 1129 |
+ <tr> |
|
| 1130 |
+ <th>--log-verbose</th><td class="opt"> </td> |
|
| 1131 | ||
| 1132 |
+ </tr> |
|
| 1133 |
+ <tr> |
|
| 1134 |
+ <th>--disable-summary</th><td class="opt"> </td> |
|
| 1135 | ||
| 1136 |
+ </tr> |
|
| 1137 |
+ <tr> |
|
| 1138 |
+ <th>--config-file=FILE</th><td class="opt"> </td> |
|
| 1139 | ||
| 1140 |
+ </tr> |
|
| 1141 |
+ </table> |
|
| 1142 |
+ </div> |
|
| 1143 |
+ |
|
| 1144 | ||
| 1145 | ||
| 1146 |
+ <table> |
|
| 1147 | ||
| 1148 | ||
| 1149 | ||
| 1150 |
+ </table> |
|
| 1151 |
+ </div> |
|
| 1152 |
+ |
|
| 1153 |
+ </div> |
|
| 1154 |
+ |
|
| 1155 |
+ <div class="section" id="c4.3"><h3>4.3. Dazuko+Clamuko</h3> |
|
| 1156 |
+ |
|
| 1157 |
+ <div class="section" id="c4.3.1"><h4>4.3.1. Dazuko</h4> |
|
| 1158 |
+ <p> |
|
| 1159 | ||
| 1160 |
+ </p> |
|
| 1161 |
+ </div> |
|
| 1162 |
+ <div class="section" id="c4.3.2"><h4>4.3.2. Clamuko</h4> |
|
| 1163 |
+ <p> |
|
| 1164 | ||
| 1165 |
+ </p> |
|
| 1166 |
+ <p> |
|
| 1167 | ||
| 1168 |
+ </p> |
|
| 1169 |
+ <ul> |
|
| 1170 | ||
| 1171 |
+ <pre><code> |
|
| 1172 |
+ ClamukoIncludePath /home |
|
| 1173 |
+ </code></pre> |
|
| 1174 |
+ </li> |
|
| 1175 | ||
| 1176 |
+ <pre><code> |
|
| 1177 |
+ ClamukoIncludePath / |
|
| 1178 |
+ ClamukoExcludePath /proc |
|
| 1179 |
+ ClamukoExcludePath /tempdir/of/mail/scanner |
|
| 1180 |
+ </code></pre> |
|
| 1181 |
+ </li> |
|
| 1182 |
+ </ul> |
|
| 1183 |
+ </div> |
|
| 1184 |
+ |
|
| 1185 |
+ </div> |
|
| 1186 |
+ |
|
| 1187 |
+</div> |
|
| 1188 |
+ |
|
| 1189 | ||
| 101 | 1190 |
|
| 102 | 1191 |
<p> |
| 103 | ||
| 104 |
- </p> |
|
| 105 |
- <p> |
|
| 106 | ||
| 1192 | ||
| 107 | 1193 |
</p> |
| 108 | ||
| 109 |
- <dl> |
|
| 110 |
- <dt>--unzip[=/path/to/unzip]</dt> |
|
| 111 | ||
| 112 |
- <dt>--unrar[=/path/to/unrar]</dt> |
|
| 113 | ||
| 114 |
- <dt>--lha[=/path/to/lha]</dt> |
|
| 115 | ||
| 116 |
- <dt>--tar[=/path/to/tar]</dt> |
|
| 117 | ||
| 118 |
- <dt>--tgz[=/path/to/tar]</dt> |
|
| 119 | ||
| 120 |
- <dt>--jar[=/path/to/unzip]</dt> |
|
| 121 | ||
| 122 |
- <dt>--deb[=/path/to/ar]</dt> |
|
| 123 | ||
| 124 |
- </dl> |
|
| 1194 |
+ <div class="section" id="c5.1"><h3>5.1. MTA</h3> |
|
| 1195 |
+ |
|
| 1196 |
+ <div class="section" id="c5.1.1"><h4>5.1.1. AMaViS/amavisd</h4> |
|
| 1197 |
+ <p> |
|
| 1198 | ||
| 1199 |
+ </p> |
|
| 1200 |
+ </div> |
|
| 1201 |
+ |
|
| 1202 |
+ <div class="section" id="c5.1.2"><h4>5.1.2. AMaViS-ng</h4> |
|
| 1203 |
+ <p> |
|
| 1204 | ||
| 1205 |
+ </p> |
|
| 1206 |
+ <ol> |
|
| 1207 | ||
| 1208 |
+ <pre><code> |
|
| 1209 |
+ virus-scanner = CLAM |
|
| 1210 |
+ </code></pre> |
|
| 1211 |
+ </li> |
|
| 1212 | ||
| 1213 |
+ <pre><code> |
|
| 1214 |
+ [CLAM] |
|
| 1215 |
+ clamscan = /usr/local/bin/clamscan |
|
| 1216 |
+ </code></pre> |
|
| 1217 |
+ </li> |
|
| 1218 |
+ </ol> |
|
| 1219 |
+ </div> |
|
| 1220 |
+ |
|
| 1221 |
+ <div class="section" id="c5.1.3"><h4>5.1.3. amavisd-new</h4> |
|
| 1222 |
+ <p> |
|
| 1223 | ||
| 1224 |
+ </p> |
|
| 1225 |
+ </div> |
|
| 1226 |
+ |
|
| 1227 |
+ <div class="section" id="c5.1.4"><h4>5.1.4. MailScanner</h4> |
|
| 1228 |
+ <p> |
|
| 1229 | ||
| 1230 |
+ </p> |
|
| 1231 |
+ </div> |
|
| 125 | 1232 |
|
| 126 | ||
| 1233 |
+ <div class="section" id="c5.1.6"><h4>5.1.6. OpenProtect</h4> |
|
| 1234 |
+ </div> |
|
| 127 | 1235 |
|
| 128 | ||
| 1236 |
+ <div class="section" id="c5.1.7"><h4>5.1.7. clamav-milter</h4> |
|
| 1237 |
+ <p> |
|
| 1238 | ||
| 1239 |
+ </p> |
|
| 1240 |
+ <p> |
|
| 1241 | ||
| 1242 |
+ </p> |
|
| 1243 |
+ <pre><code> |
|
| 1244 |
+ $ ./configure --enable-milter |
|
| 1245 |
+ </code></pre> |
|
| 1246 |
+ <p> |
|
| 1247 | ||
| 1248 |
+ </p> |
|
| 1249 |
+ <pre><code> |
|
| 1250 | ||
| 1251 | ||
| 1252 |
+ </code></pre> |
|
| 1253 |
+ <p> |
|
| 1254 | ||
| 1255 |
+ </p> |
|
| 1256 |
+ <pre><code> |
|
| 1257 |
+ LocalSocket /var/run/clamd.sock |
|
| 1258 |
+ ScanMail |
|
| 1259 |
+ SaveStreamToDisk |
|
| 1260 |
+ </code></pre> |
|
| 1261 |
+ <p> |
|
| 1262 | ||
| 1263 |
+ </p> |
|
| 1264 |
+ <pre><code> |
|
| 1265 |
+ /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock |
|
| 1266 |
+ </code></pre> |
|
| 1267 |
+ <p> |
|
| 1268 | ||
| 1269 |
+ </p> |
|
| 1270 |
+ </div> |
|
| 1271 |
+ |
|
| 1272 |
+ <div class="section" id="c5.1.8"><h4>5.1.8. mimedefang</h4> |
|
| 1273 |
+ <p> |
|
| 1274 | ||
| 1275 |
+ </p> |
|
| 1276 |
+ </div> |
|
| 1277 |
+ |
|
| 1278 |
+ <div class="section" id="c5.1.9"><h4>5.1.9. IVS Milter</h4> |
|
| 1279 |
+ <p> |
|
| 1280 | ||
| 1281 |
+ </p> |
|
| 1282 |
+ </div> |
|
| 1283 |
+ |
|
| 1284 |
+ <div class="section" id="c5.1.10"><h4>5.1.10. smtp-vilter</h4> |
|
| 1285 |
+ <p> |
|
| 1286 | ||
| 1287 |
+ </p> |
|
| 1288 |
+ </div> |
|
| 1289 |
+ |
|
| 1290 |
+ <div class="section" id="c5.1.11"><h4>5.1.11. j-chkmail</h4> |
|
| 1291 |
+ </div> |
|
| 1292 |
+ |
|
| 1293 |
+ <div class="section" id="c5.1.12"><h4>5.1.12. nclamd,nclamav-milter</h4> |
|
| 1294 |
+ <p> |
|
| 1295 | ||
| 1296 |
+ </p> |
|
| 1297 |
+ </div> |
|
| 1298 |
+ |
|
| 1299 |
+ <div class="section" id="c5.1.13"><h4>5.1.13. qmail-scanner</h4> |
|
| 1300 |
+ <p> |
|
| 1301 | ||
| 1302 |
+ </p> |
|
| 1303 |
+ </div> |
|
| 1304 |
+ |
|
| 1305 |
+ <div class="section" id="c5.1.14"><h4>5.1.14. clamdmail</h4> |
|
| 1306 |
+ <p> |
|
| 1307 | ||
| 1308 |
+ </p> |
|
| 1309 |
+ </div> |
|
| 1310 |
+ |
|
| 1311 |
+ <div class="section" id="c5.1.15"><h4>5.1.15. qscanq</h4> |
|
| 1312 |
+ </div> |
|
| 1313 |
+ |
|
| 1314 |
+ <div class="section" id="c5.1.16"><h4>5.1.16. Gadoyanvirus</h4> |
|
| 1315 |
+ </div> |
|
| 1316 |
+ |
|
| 1317 |
+ <div class="section" id="c5.1.17"><h4>5.1.17. exiscan</h4> |
|
| 1318 |
+ <p> |
|
| 1319 | ||
| 1320 |
+ </p> |
|
| 1321 |
+ </div> |
|
| 1322 |
+ |
|
| 1323 |
+ <div class="section" id="c5.1.18"><h4>5.1.18. Scanexi</h4> |
|
| 1324 |
+ <p> |
|
| 1325 | ||
| 1326 |
+ </p> |
|
| 1327 |
+ </div> |
|
| 1328 |
+ |
|
| 1329 |
+ <div class="section" id="c5.1.19"><h4>5.1.19. sagator</h4> |
|
| 1330 |
+ <p> |
|
| 1331 | ||
| 1332 |
+ </p> |
|
| 1333 |
+ </div> |
|
| 1334 |
+ |
|
| 1335 |
+ <div class="section" id="c5.1.20"><h4>5.1.20. cgpav</h4> |
|
| 1336 |
+ </div> |
|
| 1337 |
+ |
|
| 1338 |
+ </div> |
|
| 1339 |
+ |
|
| 1340 | ||
| 129 | 1341 |
|
| 130 |
- <p> |
|
| 131 | ||
| 132 |
- </p> |
|
| 133 |
- <p> |
|
| 134 | ||
| 135 |
- </p> |
|
| 1342 |
+ <div class="section" id="c5.2.1"><h4>5.2.1. POP3 Virus Scanner Daemon</h4> |
|
| 1343 |
+ </div> |
|
| 1344 |
+ |
|
| 1345 |
+ <div class="section" id="c5.2.2"><h4>5.2.2. Sylpheed-Claws</h4> |
|
| 1346 |
+ <p> |
|
| 1347 | ||
| 1348 |
+ </p> |
|
| 1349 |
+ </div> |
|
| 1350 |
+ |
|
| 1351 |
+ <div class="section" id="c5.2.3"><h4>5.2.3. Mutt</h4> |
|
| 1352 |
+ <p> |
|
| 1353 | ||
| 1354 |
+ </p> |
|
| 1355 |
+ </div> |
|
| 1356 |
+ |
|
| 1357 |
+ </div> |
|
| 136 | 1358 |
|
| 137 |
- <h3>4.2 freshclam</h3> |
|
| 1359 | ||
| 1360 |
+ |
|
| 1361 |
+ <div class="section" id="c5.3.1"><h4>5.3.1. ClamAssassin</h4> |
|
| 1362 |
+ </div> |
|
| 138 | 1363 |
|
| 139 |
- <h3>4.3 oav-update</h3> |
|
| 1364 |
+ <div class="section" id="c5.3.2"><h4>5.3.2. TrashScan</h4> |
|
| 1365 |
+ <p> |
|
| 1366 | ||
| 1367 |
+ </p> |
|
| 1368 |
+ </div> |
|
| 140 | 1369 |
|
| 141 | ||
| 1370 |
+ <div class="section" id="c5.3.3"><h4>5.3.3. mailman-clamav</h4> |
|
| 1371 |
+ </div> |
|
| 142 | 1372 |
|
| 143 |
- <h3>5.1 AMaViS-perl</h3> |
|
| 1373 |
+ <div class="section" id="c5.3.4"><h4>5.3.4. mailgraph</h4> |
|
| 1374 |
+ </div> |
|
| 144 | 1375 |
|
| 145 |
- <p> |
|
| 146 | ||
| 147 |
- </p> |
|
| 148 |
- <p> |
|
| 149 | ||
| 150 |
- </p> |
|
| 1376 |
+ </div> |
|
| 151 | 1377 |
|
| 152 |
- <pre><code> |
|
| 153 |
- $ tar zxpvf amavis-perl-11.tar.gz |
|
| 154 |
- $ cp clam-0.23/support/amavis/clamavis.patch amavis-perl-11 |
|
| 155 |
- $ cd amavis-perl-11 |
|
| 156 |
- $ patch -p1 < clamavis.patch |
|
| 157 | ||
| 158 |
- </code></pre> |
|
| 1378 | ||
| 1379 |
+ |
|
| 1380 |
+ <div class="section" id="c5.4.1"><h4>5.4.1. sambaa-vscan</h4> |
|
| 1381 |
+ <p> |
|
| 1382 | ||
| 1383 |
+ </p> |
|
| 1384 |
+ </div> |
|
| 159 | 1385 |
|
| 160 |
- <p> |
|
| 161 | ||
| 162 |
- </p> |
|
| 1386 |
+ <div class="section" id="c5.4.2"><h4>5.4.2. mod_clamav</h4> |
|
| 1387 |
+ <p> |
|
| 1388 | ||
| 1389 |
+ </p> |
|
| 1390 |
+ </div> |
|
| 163 | 1391 |
|
| 164 |
- <h3>5.2 AMaViS-ng</h3> |
|
| 165 |
- |
|
| 166 |
- <p> |
|
| 167 | ||
| 168 |
- </p> |
|
| 1392 |
+ <div class="section" id="c5.4.3"><h4>5.4.3. PureFTPd</h4> |
|
| 1393 |
+ <p> |
|
| 1394 | ||
| 1395 |
+ </p> |
|
| 1396 |
+ </div> |
|
| 169 | 1397 |
|
| 170 |
- <p> |
|
| 171 | ||
| 172 |
- </p> |
|
| 1398 |
+ <div class="section" id="c5.4.4"><h4>5.4.4. Viralator</h4> |
|
| 1399 |
+ <p> |
|
| 1400 | ||
| 1401 |
+ </p> |
|
| 1402 |
+ </div> |
|
| 173 | 1403 |
|
| 174 |
- <pre><code> |
|
| 175 |
- virus-scanner = CLAM |
|
| 176 |
- </code></pre> |
|
| 1404 |
+ </div> |
|
| 1405 |
+ |
|
| 1406 |
+ <div class="section" id="c5.5"><h3>5.5. CD-ROM</h3> |
|
| 1407 |
+ |
|
| 1408 |
+ <div class="section" id="c5.5.1"><h4>5.5.1. INSERT</h4> |
|
| 1409 |
+ </div> |
|
| 177 | 1410 |
|
| 178 |
- <p> |
|
| 179 | ||
| 180 |
- </p> |
|
| 1411 |
+ <div class="section" id="c5.5.2"><h4>5.5.2. Local Area Security</h4> |
|
| 1412 |
+ </div> |
|
| 1413 |
+ |
|
| 1414 |
+ </div> |
|
| 1415 |
+ |
|
| 1416 | ||
| 181 | 1417 |
|
| 182 |
- <pre><code> |
|
| 183 |
-[CLAM] |
|
| 1418 |
+ <div class="section" id="c5.6.1"><h4>5.6.1. Mail::ClamAV</h4> |
|
| 1419 |
+ <p> |
|
| 1420 | ||
| 1421 |
+ </p> |
|
| 1422 |
+ </div> |
|
| 184 | 1423 |
|
| 185 |
-clamscan = /usr/local/bin/clamscan |
|
| 186 |
- </code></pre> |
|
| 1424 |
+ <div class="section" id="c5.6.2"><h4>5.6.2. clamavr</h4> |
|
| 1425 |
+ </div> |
|
| 187 | 1426 |
|
| 188 | ||
| 1427 |
+ <div class="section" id="c5.6.3"><h4>5.6.3. wbmclamav</h4> |
|
| 1428 |
+ </div> |
|
| 189 | 1429 |
|
| 190 | ||
| 1430 |
+ <div class="section" id="c5.6.4"><h4>5.6.4. Scan Log Analyzer</h4> |
|
| 1431 |
+ </div> |
|
| 191 | 1432 |
|
| 192 |
- <p> |
|
| 193 | ||
| 194 |
- </p> |
|
| 195 |
- <pre><code> |
|
| 196 |
- $ cat test/test1 |
|
| 197 |
- $CE<!-- -->liacmaTrESTuScikgsn$FREE-TEST-SIGNATURE$EEEEE$ |
|
| 198 |
- </code></pre> |
|
| 199 |
- <p> |
|
| 200 | ||
| 201 |
- </p> |
|
| 202 |
- <pre><code> |
|
| 203 |
- $ grep ClamAV-Test-Signature /usr/local/share/clamav/viruses.db |
|
| 204 |
- ClamAV-Test-Signature=2443456c6961636d615472455354755363696b67736e24465245452d544553542d5349474e4154555245244545454545240a |
|
| 205 |
- </code></pre> |
|
| 206 |
- <p> |
|
| 207 | ||
| 208 |
- </p> |
|
| 209 |
- <pre><code> |
|
| 210 |
- $ od -t x1 test1 |
|
| 211 |
- 0000000 24 43 45 6c 69 61 63 6d 61 54 72 45 53 54 75 53 |
|
| 212 |
- 0000020 63 69 6b 67 73 6e 24 46 52 45 45 2d 54 45 53 54 |
|
| 213 |
- 0000040 2d 53 49 47 4e 41 54 55 52 45 24 45 45 45 45 45 |
|
| 214 |
- 0000060 24 0a |
|
| 215 |
- 0000062 |
|
| 216 |
- </code></pre> |
|
| 217 |
- <p> |
|
| 218 | ||
| 219 |
- </p> |
|
| 1433 |
+ <div class="section" id="c5.6.5"><h4>5.6.5. ClamWin Antivirus</h4> |
|
| 1434 |
+ <p> |
|
| 1435 | ||
| 1436 |
+ </p> |
|
| 1437 |
+ </div> |
|
| 220 | 1438 |
|
| 221 | ||
| 1439 |
+ </div> |
|
| 1440 |
+ |
|
| 1441 |
+</div> |
|
| 222 | 1442 |
|
| 223 |
- <p> |
|
| 224 | ||
| 225 |
- </p> |
|
| 226 |
- <p> |
|
| 227 | ||
| 228 |
- </p> |
|
| 229 |
- <p> |
|
| 230 | ||
| 231 |
- </p> |
|
| 232 |
- <ul> |
|
| 233 | ||
| 234 | ||
| 235 | ||
| 236 | ||
| 237 |
- </ul> |
|
| 238 |
- <p> |
|
| 239 | ||
| 240 |
- </p> |
|
| 241 |
- <p> |
|
| 242 | ||
| 243 |
- </p> |
|
| 1443 | ||
| 244 | 1444 |
|
| 245 |
- <h3>6.3 sigtool</h3> |
|
| 1445 | ||
| 246 | 1446 |
|
| 247 |
- <p> |
|
| 248 | ||
| 249 |
- </p> |
|
| 250 |
- <p> |
|
| 251 | ||
| 252 |
- </p> |
|
| 253 |
- <p> |
|
| 254 | ||
| 255 |
- </p> |
|
| 256 |
- <ul> |
|
| 257 | ||
| 258 | ||
| 259 | ||
| 260 | ||
| 261 |
- </ul> |
|
| 262 |
- <p> |
|
| 263 | ||
| 264 |
- </p> |
|
| 265 |
- <p> |
|
| 266 | ||
| 267 |
- </p> |
|
| 268 |
- <pre><code> |
|
| 269 |
- $ sigtool -c "otherscan" -f virus.exe -s "infected" |
|
| 270 |
- </code></pre> |
|
| 271 |
- <p> |
|
| 272 | ||
| 273 |
- </p> |
|
| 1447 | ||
| 1448 |
+ <p> |
|
| 1449 | ||
| 1450 |
+ </p> |
|
| 1451 |
+ <p> |
|
| 1452 | ||
| 1453 |
+ </p> |
|
| 1454 |
+ <p> |
|
| 1455 | ||
| 1456 |
+ </p> |
|
| 1457 | ||
| 1458 |
+ <ol> |
|
| 1459 | ||
| 1460 | ||
| 1461 | ||
| 1462 | ||
| 1463 | ||
| 1464 | ||
| 1465 | ||
| 1466 | ||
| 1467 |
+ </ol> |
|
| 1468 | ||
| 1469 |
+ <pre><samp>ClamAV-VDB:15 Apr 2004 01-38 +0200:263:844:1:ed0bf80996eef5326e7830cb7 |
|
| 1470 |
+f394f13:FSW1coiymNODboGDmmeg5gNm6psCuAOCTsm4gXEqMP8k9H7H/QPfZvvvMPQTup |
|
| 1471 |
+0sf2LtrRImxkgYvR6ksiS/Zal8QdhiPS6LuHBBbjuzHYW+PLIwuG5Hzd0tj2p4mhiwv2Eb |
|
| 1472 |
+Q2agcPH6n5xekRLOIDb3qggf+6F9YwDw8JX6nj:ccordes |
|
| 1473 |
+ </samp></pre> |
|
| 1474 |
+ </div> |
|
| 274 | 1475 |
|
| 275 | ||
| 1476 | ||
| 1477 |
+ <p> |
|
| 1478 | ||
| 1479 |
+ </p> |
|
| 1480 |
+ <p> |
|
| 1481 | ||
| 1482 |
+ </p> |
|
| 1483 | ||
| 1484 |
+ <pre><code>ClamAV-Test-Signature=2443456c6961636d615472455354755363696b67736e2446 |
|
| 1485 |
+5245452d544553542d5349474e4154555245244545454545240a |
|
| 1486 |
+ </code></pre> |
|
| 1487 | ||
| 1488 |
+ <pre><code>0000000 24 43 45 6c 69 61 63 6d 61 54 72 45 53 54 75 53 |
|
| 1489 |
+0000020 63 69 6b 67 73 6e 24 46 52 45 45 2d 54 45 53 54 |
|
| 1490 |
+0000040 2d 53 49 47 4e 41 54 55 52 45 24 45 45 45 45 45 |
|
| 1491 |
+0000060 24 0a |
|
| 1492 |
+0000062 |
|
| 1493 |
+ </code></pre> |
|
| 1494 |
+ <p> |
|
| 1495 |
+ |
|
| 1496 |
+ </p> |
|
| 1497 |
+ </div> |
|
| 276 | 1498 |
|
| 277 |
- <p> |
|
| 278 | ||
| 279 |
- </p> |
|
| 1499 | ||
| 1500 |
+ <pre><code> VirusDB |
|
| 1501 | ||
| 1502 | ||
| 1503 |
+ | | + 'ClamAV-VDB' |
|
| 1504 | ||
| 1505 | ||
| 1506 | ||
| 1507 | ||
| 1508 | ||
| 1509 | ||
| 1510 | ||
| 1511 |
+ | | |
|
| 1512 | ||
| 1513 |
+ | + COPYING |
|
| 1514 |
+ | + viruses.db |
|
| 1515 |
+ | + VirusName=HexStrings |
|
| 1516 |
+ | |
|
| 1517 | ||
| 1518 | ||
| 1519 |
+ | | + 'ClamAV-VDB' |
|
| 1520 | ||
| 1521 | ||
| 1522 | ||
| 1523 | ||
| 1524 | ||
| 1525 | ||
| 1526 | ||
| 1527 |
+ | | |
|
| 1528 | ||
| 1529 |
+ | + COPYING |
|
| 1530 |
+ | + viruses.db2 |
|
| 1531 |
+ | + VirusName=HexStrings |
|
| 1532 |
+ | |
|
| 1533 | ||
| 1534 |
+ + VirusName=HexStrings |
|
| 1535 |
+ </code></pre> |
|
| 1536 |
+ </div> |
|
| 280 | 1537 |
|
| 281 | ||
| 1538 |
+ </div> |
|
| 282 | 1539 |
|
| 283 | ||
| 284 |
- <p> |
|
| 285 | ||
| 286 |
- </p> |
|
| 287 |
- <p> |
|
| 288 | ||
| 1540 |
+ <div class="section" id="c6.2"><h3>6.2. sigtool</h3> |
|
| 1541 |
+ |
|
| 1542 | ||
| 1543 |
+ |
|
| 1544 | ||
| 1545 |
+ |
|
| 1546 | ||
| 1547 |
+ <table class="cmdoption"> |
|
| 1548 |
+ <tr> |
|
| 1549 |
+ <th>--help</th><td class="opt">-h</td> |
|
| 1550 | ||
| 1551 |
+ </tr> |
|
| 1552 |
+ <tr> |
|
| 1553 |
+ <th>--version</th><td class="opt">-V</td> |
|
| 1554 | ||
| 1555 |
+ </tr> |
|
| 1556 |
+ <tr> |
|
| 1557 |
+ <th>--quiet</th><td class="opt"> </td> |
|
| 1558 | ||
| 1559 |
+ </tr> |
|
| 1560 |
+ <tr> |
|
| 1561 |
+ <th>--debug</th><td class="opt"> </td> |
|
| 1562 | ||
| 1563 |
+ </tr> |
|
| 1564 |
+ <tr> |
|
| 1565 |
+ <th>--stdout</th><td class="opt"> </td> |
|
| 1566 | ||
| 1567 |
+ </tr> |
|
| 1568 |
+ </table> |
|
| 1569 |
+ |
|
| 1570 | ||
| 1571 |
+ <table class="cmdoption"> |
|
| 1572 |
+ <tr> |
|
| 1573 |
+ <th>--hex-dump</th><td class="opt"> </td> |
|
| 1574 | ||
| 1575 |
+ </tr> |
|
| 1576 |
+ <tr> |
|
| 1577 |
+ <th>--command=COMMAND</th><td class="opt">-c COMMAND</td> |
|
| 1578 | ||
| 1579 |
+ </tr> |
|
| 1580 |
+ <tr> |
|
| 1581 |
+ <th>--string=STRING</th><td class="opt">-s STRING</td> |
|
| 1582 | ||
| 1583 |
+ </tr> |
|
| 1584 |
+ <tr> |
|
| 1585 |
+ <th>--file=FILE</th><td class="opt">-f FILE</td> |
|
| 1586 | ||
| 1587 |
+ </tr> |
|
| 1588 |
+ </table> |
|
| 1589 |
+ |
|
| 1590 |
+ <h5>VirusDB</h5> |
|
| 1591 |
+ <table class="cmdoption"> |
|
| 1592 |
+ <tr> |
|
| 1593 |
+ <th>--info=FILE</th><td class="opt">-i FILE</td> |
|
| 1594 | ||
| 1595 |
+ </tr> |
|
| 1596 |
+ <tr> |
|
| 1597 |
+ <th>--unpack=FILE</th><td class="opt">-u FILE</td> |
|
| 1598 | ||
| 1599 |
+ </tr> |
|
| 1600 |
+ <tr> |
|
| 1601 |
+ <th>--unpack-current=NAME</th><td class="opt"> </td> |
|
| 1602 | ||
| 1603 |
+ </tr> |
|
| 1604 |
+ <tr> |
|
| 1605 |
+ <th>--list-sigs[=FILE]</th><td class="opt">-l [FILE]</td> |
|
| 1606 | ||
| 1607 |
+ </tr> |
|
| 1608 |
+ <tr> |
|
| 1609 |
+ <th>--build=NAME</th><td class="opt">-b NAME</td> |
|
| 1610 | ||
| 1611 |
+ </tr> |
|
| 1612 |
+ <tr> |
|
| 1613 |
+ <th>--server=ADDR</th><td class="opt"> </td> |
|
| 1614 | ||
| 1615 |
+ </tr> |
|
| 1616 |
+ </table> |
|
| 1617 |
+ |
|
| 1618 |
+ </div> |
|
| 1619 |
+ |
|
| 1620 | ||
| 1621 |
+ <dl> |
|
| 1622 |
+ <dt>$ sigtool -i /usr/local/share/clamav/main.cvd</dt> |
|
| 1623 | ||
| 1624 |
+ <dt>$ sigtool -u /usr/local/share/clamav/main.cvd</dt> |
|
| 1625 | ||
| 1626 |
+ <dt>$ sigtool -l</dt> |
|
| 1627 | ||
| 1628 |
+ </dl> |
|
| 1629 |
+ </div> |
|
| 1630 |
+ |
|
| 1631 |
+ </div> |
|
| 1632 |
+ |
|
| 1633 | ||
| 1634 |
+ |
|
| 1635 | ||
| 1636 |
+ <p> |
|
| 1637 | ||
| 1638 |
+ </p> |
|
| 1639 |
+ <p> |
|
| 1640 | ||
| 1641 |
+ </p> |
|
| 1642 |
+ <ul> |
|
| 1643 | ||
| 1644 | ||
| 1645 | ||
| 1646 | ||
| 1647 |
+ </ul> |
|
| 1648 |
+ <p> |
|
| 1649 | ||
| 1650 |
+ </p> |
|
| 1651 |
+ <p> |
|
| 1652 | ||
| 1653 |
+ </p> |
|
| 1654 |
+ <pre><code> |
|
| 1655 |
+ $ sigtool -c "anotherscan" -f virus.exe -s "infected" |
|
| 1656 |
+ </code></pre> |
|
| 1657 |
+ <p> |
|
| 1658 | ||
| 1659 |
+ </p> |
|
| 1660 |
+ </div> |
|
| 1661 |
+ |
|
| 1662 | ||
| 1663 |
+ <p> |
|
| 1664 | ||
| 1665 |
+ </p> |
|
| 1666 |
+ <ul> |
|
| 1667 | ||
| 1668 | ||
| 1669 | ||
| 1670 | ||
| 1671 | ||
| 1672 |
+ </ul> |
|
| 1673 |
+ </div> |
|
| 1674 |
+ |
|
| 1675 | ||
| 1676 |
+ <p> |
|
| 1677 | ||
| 1678 |
+ </p> |
|
| 1679 |
+ </div> |
|
| 1680 |
+ |
|
| 1681 |
+ </div> |
|
| 1682 |
+ |
|
| 1683 | ||
| 1684 |
+ |
|
| 1685 | ||
| 1686 |
+ <p> |
|
| 1687 | ||
| 1688 |
+ </p> |
|
| 1689 |
+ </div> |
|
| 1690 |
+ |
|
| 1691 | ||
| 1692 |
+ <p> |
|
| 1693 | ||
| 1694 |
+ </p> |
|
| 1695 |
+ </div> |
|
| 1696 |
+ |
|
| 1697 | ||
| 1698 |
+ <p> |
|
| 1699 | ||
| 1700 |
+ </p> |
|
| 1701 |
+ <pre><code>00008d0: 191d 8cad 3dc1 135a 3182 5c6c 4233 9063 ....=..Z1.\lB3.c |
|
| 1702 |
+00008e0: beb7 2dad c336 9a54 417a 3d56 135e 1f62 ..-..6.TAz=V.^.b |
|
| 1703 |
+00008f0: 11da a9fb e100 eac3 c948 ade7 2089 75f9 .........H.. .u. |
|
| 1704 |
+0000900: 0d5a 8e31 2fd8 40be bc08 8ef3 a109 a526 .Z.1/.@........& |
|
| 1705 |
+0000910: 3949 1a80 d7d6 6c60 2662 0286 a03a 6fa0 9I....l`&b...:o. |
|
| 1706 |
+0000920: 3132 f9cb b767 9675 9020 ddd3 5d5e 9785 12...g.u. ..]^.. |
|
| 1707 |
+0000930: 6a29 e69e f3f0 5159 c664 0688 678c 9250 j)....QY.d..g..P |
|
| 1708 |
+0000940: aef5 62a0 05bf 0a70 1616 7e12 658d a4a7 ..b....p..~.e... |
|
| 1709 |
+0000950: 57be 4e03 6db0 4635 4b7d 6b8b 7452 bd4d W.N.m.F5K}k.tR.M |
|
| 1710 |
+0000960: df86 09a7 b92d a8a6 0814 d12f 3caa d02b .....-...../<..+ |
|
| 1711 |
+0000970: 3a7e 2b3d d1b6 a088 1c22 0d61 611b 7913 :~+=.....".aa.y. |
|
| 1712 |
+0000980: 674d 3612 3e05 f921 00c3 c011 de0c 4564 gM6.>..!......Ed |
|
| 1713 |
+0000990: 638e 39a6 325c 7849 4ea6 7a76 9a02 691a c.9.2\xIN.zv..i. |
|
| 1714 |
+00009a0: a62a 4c9a 4469 bca6 9096 9ae0 69fc e06c .*L.Di......i..l |
|
| 1715 |
+00009b0: e671 1616 3c5a c3b0 0557 80cb ebe9 f6e1 .q..<Z...W...... |
|
| 1716 |
+00009c0: cb06 e3ef e413 1b6c 2d11 0b11 0332 331d .......l-....23. |
|
| 1717 |
+00009d0: c12d 1309 0a30 9225 0061 3336 2438 333d .-...0.%.a36$83= |
|
| 1718 |
+00009e0: 0803 3c2b 3823 2737 7b06 4f02 222f 2078 ..<+8#'7{.O."/ x
|
|
| 1719 |
+ </code></pre> |
|
| 1720 |
+ <p> |
|
| 1721 | ||
| 1722 |
+ </p> |
|
| 1723 |
+ <pre><code>6c6026620286a03a6fa03132f9cbb76796759020ddd35d5e97856a29e69ef3f05159c6 |
|
| 1724 |
+640688678c9250aef562a005bf0a7016167e12658da4a757be4e036db046354b7d6b8b |
|
| 1725 |
+7452bd4ddf8609a7b92da8a60814d12f3caad02b3a7e2b3dd1b6a0881c220d61611b79 |
|
| 1726 |
+13674d36123e05 |
|
| 1727 |
+ </code></pre> |
|
| 1728 |
+ <p> |
|
| 1729 | ||
| 1730 |
+ </p> |
|
| 1731 |
+ <pre><code> |
|
| 1732 |
+Worm.Netsky.Q@mm=6c6026620286a03a6fa03132f9cbb76796759020ddd35d5e97856 |
|
| 1733 |
+a29e69ef3f05159c6640688678c9250aef562a005bf0a7016167e12658da4a757be4e0 |
|
| 1734 |
+36db046354b7d6b8b7452bd4ddf8609a7b92da8a60814d12f3caad02b3a7e2b3dd1b6a |
|
| 1735 |
+0881c220d61611b7913674d36123e05 |
|
| 1736 |
+ </code></pre> |
|
| 1737 |
+ </div> |
|
| 1738 |
+ |
|
| 1739 | ||
| 1740 |
+ <p> |
|
| 1741 | ||
| 1742 |
+ </p> |
|
| 1743 |
+ <pre><code>$ clamscan -d /tmp/db/local.db netsky_q.virus |
|
| 1744 |
+netsky_q.virus: Worm.Netsky.Q@mm FOUND |
|
| 1745 |
+ |
|
| 1746 |
+----------- SCAN SUMMARY ----------- |
|
| 1747 |
+Known viruses: 1 |
|
| 1748 |
+Scanned directories: 0 |
|
| 1749 |
+Scanned files: 1 |
|
| 1750 |
+Infected files: 1 |
|
| 1751 |
+Data scanned: 0.02 MB |
|
| 1752 |
+I/O buffer size: 131072 bytes |
|
| 1753 |
+Time: 0.001 sec (0 m 0 s) |
|
| 1754 |
+ </code></pre> |
|
| 1755 |
+ <p> |
|
| 1756 | ||
| 1757 |
+ </p> |
|
| 1758 |
+ </div> |
|
| 1759 |
+ |
|
| 1760 | ||
| 1761 |
+ <p> |
|
| 1762 | ||
| 1763 |
+ </p> |
|
| 1764 |
+ <pre><code># cat /tmp/db/local.db >> /usr/local/share/clamav/local.db |
|
| 1765 |
+# kill -USR2 `cat /var/run/clamd.pid` |
|
| 1766 |
+ </code></pre> |
|
| 1767 |
+ <p> |
|
| 1768 | ||
| 1769 |
+ </p> |
|
| 1770 |
+ </div> |
|
| 1771 |
+ |
|
| 1772 |
+ </div> |
|
| 1773 |
+ |
|
| 1774 | ||
| 1775 |
+ |
|
| 1776 |
+ <div class="section" id="c7.1"><h3>7.1. libclamav</h3> |
|
| 1777 | ||
| 1778 |
+ </div> |
|
| 1779 | ||
| 1780 |
+ <p> |
|
| 1781 | ||
| 1782 |
+ </p> |
|
| 1783 |
+ </div> |
|
| 1784 |
+ |
|
| 1785 |
+ </div> |
|
| 1786 |
+ |
|
| 1787 |
+</div> |
|
| 1788 |
+ |
|
| 1789 | ||
| 1790 |
+ |
|
| 1791 |
+<ul> |
|
| 1792 | ||
| 1793 |
+ <li> |
|
| 1794 | ||
| 289 | 1795 | |
| 290 |
- </p> |
|
| 1796 |
+ </li> |
|
| 1797 |
+ <li> |
|
| 1798 | ||
| 1799 |
+ </li> |
|
| 1800 |
+ <li> |
|
| 1801 | ||
| 1802 |
+ <a href="http://homepage.mac.com/proc/clamav.html">http://homepage.mac.com/proc/clamav.html</a> |
|
| 1803 |
+ </li> |
|
| 291 | 1804 |
|
| 292 | ||
| 293 |
- <p> |
|
| 294 | ||
| 295 |
- </p> |
|
| 1805 |
+</ul> |
|
| 1806 |
+ |
|
| 1807 |
+</div> |
|
| 1808 |
+ |
|
| 1809 |
+<div class="chapter" id="c9"><h2>9. TODO</h2> |
|
| 1810 |
+ |
|
| 1811 |
+<ul> |
|
| 1812 | ||
| 1813 | ||
| 1814 | ||
| 1815 | ||
| 1816 | ||
| 1817 |
+</ul> |
|
| 1818 |
+ |
|
| 1819 |
+</div> |
|
| 296 | 1820 |
|
| 297 | 1821 |
<hr /> |
| 298 | 1822 |
|
| 299 |
-<p> |
|
| 300 | ||
| 301 |
-</p> |
|
| 1823 |
+<ul> |
|
| 1824 | ||
| 1825 | ||
| 1826 | ||
| 1827 |
+<li>Email: <a href="mailto:proc@mac.com">proc@mac.com</a></li> |
|
| 1828 |
+ |
|
| 1829 | ||
| 1830 |
+</ul> |
|
| 302 | 1831 |
|
| 303 | 1832 |
</body> |
| 304 | 1833 |
</html> |
| 1834 |
+ |
| ... | ... |
@@ -87,6 +87,9 @@ Extract first #n kilobytes from each archive. You may give the number in megabyt |
| 87 | 87 |
\fB\-\-max\-recursion=#n\fR |
| 88 | 88 |
Set archive recursion level limit. This option protects your system against DoS attacks (default: 5). |
| 89 | 89 |
.TP |
| 90 |
+\fB\-\-max\-ratio=#n\fR |
|
| 91 |
+Set maximum archive compression ratio limit. This option protects your system against DoS attacks (default: 200). |
|
| 92 |
+.TP |
|
| 90 | 93 |
\fB\-\-unzip[=FULLPATH]\fR |
| 91 | 94 |
In most cases you don't need this option \- the built\-in unarchiver will do extract Zip archives. This option however may be used as a backup for internal unpacker \- see the full documentation for more information. When enabled without an argument, unzip program will be searched in $PATH. If unzip cannot be found in $PATH, you must force it with =pathname. Remember about '=' between the option and an argument. |
| 92 | 95 |
.TP |
| ... | ... |
@@ -513,9 +513,9 @@ static void ole2_walk_property_tree(int fd, ole2_header_t *hdr, const char *dir, |
| 513 | 513 |
snprintf(dirname, strlen(dir)+8, "%s/%.6d", dir, prop_index); |
| 514 | 514 |
mkdir(dirname, 0700); |
| 515 | 515 |
cli_dbgmsg("OLE2 dir entry: %s\n",dirname);
|
| 516 |
- ole2_walk_property_tree(fd, hdr, dirname, |
|
| 516 |
+ ole2_walk_property_tree(fd, hdr, dir, |
|
| 517 | 517 |
prop_block[index].prev, handler, rec_level+1, file_count); |
| 518 |
- ole2_walk_property_tree(fd, hdr, dirname, |
|
| 518 |
+ ole2_walk_property_tree(fd, hdr, dir, |
|
| 519 | 519 |
prop_block[index].next, handler, rec_level+1, file_count); |
| 520 | 520 |
ole2_walk_property_tree(fd, hdr, dirname, |
| 521 | 521 |
prop_block[index].child, handler, rec_level+1, file_count); |
| ... | ... |
@@ -719,11 +719,11 @@ int cli_ole2_extract(int fd, const char *dirname) |
| 719 | 719 |
|
| 720 | 720 |
/* NOTE: Select only ONE of the following two methods */ |
| 721 | 721 |
|
| 722 |
- ole2_read_property_tree(fd, &hdr, dirname, handler_writefile); |
|
| 722 |
+ /* ole2_read_property_tree(fd, &hdr, dirname, handler_writefile); */ |
|
| 723 | 723 |
|
| 724 | 724 |
/* OR */ |
| 725 | 725 |
|
| 726 |
- /* ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, 0); */ |
|
| 726 |
+ ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, 0); |
|
| 727 | 727 |
|
| 728 | 728 |
return 0; |
| 729 | 729 |
} |
| ... | ... |
@@ -79,18 +79,32 @@ static const struct cli_magic_s cli_magic[] = {
|
| 79 | 79 |
{0, "Return-path: ", 13, "Maildir", CL_MAILFILE},
|
| 80 | 80 |
{0, "Delivered-To: ", 14, "Mail", CL_MAILFILE},
|
| 81 | 81 |
{0, "X-UIDL: ", 8, "Mail", CL_MAILFILE},
|
| 82 |
+ {0, ">From ", 6, "Mail", CL_MAILFILE},
|
|
| 83 |
+ {0, "Date: ", 6, "Mail", CL_MAILFILE},
|
|
| 84 |
+ {0, "Message-Id: ", 12, "Mail", CL_MAILFILE},
|
|
| 85 |
+ {0, "Message-ID: ", 12, "Mail", CL_MAILFILE},
|
|
| 86 |
+ {0, "X-Apparently-To: ", 17, "Mail", CL_MAILFILE},
|
|
| 82 | 87 |
{0, "For: ", 5, "Eserv mail", CL_MAILFILE},
|
| 83 | 88 |
{0, "From: ", 6, "Exim mail", CL_MAILFILE},
|
| 84 | 89 |
{0, "X-Symantec-", 11, "Symantec", CL_MAILFILE},
|
| 85 |
- {0, "X-Apparently-To: ", 17, "Mail", CL_MAILFILE},
|
|
| 86 |
- {0, "For: ", 5, "Eserv mail", CL_MAILFILE},
|
|
| 87 | 90 |
{0, "X-EVS", 5, "EVS mail", CL_MAILFILE},
|
| 88 |
- {0, ">From ", 6, "Symantec", CL_MAILFILE},
|
|
| 89 | 91 |
{0, "v:\015\012Received: ", 14, "VPOP3 Mail (DOS)", CL_MAILFILE},
|
| 90 | 92 |
{0, "v:\012Received: ", 13, "VPOP3 Mail (UNIX)", CL_MAILFILE},
|
| 91 | 93 |
{0, "Hi. This is the qmail-send", 26, "Qmail bounce", CL_MAILFILE},
|
| 92 | 94 |
{0, "\320\317\021\340\241\261\032\341",
|
| 93 | 95 |
8, "OLE2 container", CL_OLE2FILE}, |
| 96 |
+ /* Ignored types */ |
|
| 97 |
+ |
|
| 98 |
+ {0, "\000\000\001\263", 4, "MPEG video stream", CL_DATAFILE},
|
|
| 99 |
+ {0, "\000\000\001\272", 4, "MPEG sys stream", CL_DATAFILE},
|
|
| 100 |
+ {0, "RIFF", 4, "RIFF file", CL_DATAFILE},
|
|
| 101 |
+ {0, "GIF87a", 6, "GIF (87a)", CL_DATAFILE},
|
|
| 102 |
+ {0, "GIF89a", 6, "GIF (89a)", CL_DATAFILE},
|
|
| 103 |
+ {0, "\x89PNG\r\n\x1a\n", 8, "PNG", CL_DATAFILE},
|
|
| 104 |
+ {0, "\377\330\377\340", 4, "JPEG", CL_DATAFILE},
|
|
| 105 |
+ {0, "\377\330\377\356", 4, "JPG", CL_DATAFILE},
|
|
| 106 |
+ {0, "OggS", 4, "Ogg Stream", CL_DATAFILE},
|
|
| 107 |
+ |
|
| 94 | 108 |
{-1, NULL, 0, NULL, CL_UNKNOWN_TYPE}
|
| 95 | 109 |
}; |
| 96 | 110 |
|
| ... | ... |
@@ -352,19 +366,18 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
| 352 | 352 |
break; |
| 353 | 353 |
} |
| 354 | 354 |
|
| 355 |
- cli_dbgmsg("Zip -> %s, compressed: %d, normal: %d, encrypted flag: %d\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.d_flags);
|
|
| 356 |
- |
|
| 357 |
- if(limits && limits->maxratio > 0 && source.st_size && (zdirent.st_size / source.st_size) >= limits->maxratio) {
|
|
| 358 |
- *virname = "Oversized.Zip"; |
|
| 359 |
- ret = CL_VIRUS; |
|
| 360 |
- break; |
|
| 361 |
- } |
|
| 355 |
+ cli_dbgmsg("Zip -> %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );
|
|
| 362 | 356 |
|
| 363 | 357 |
if(!zdirent.st_size) { /* omit directories and null files */
|
| 364 | 358 |
files++; |
| 365 | 359 |
continue; |
| 366 | 360 |
} |
| 367 | 361 |
|
| 362 |
+ if(limits && limits->maxratio > 0 && ((unsigned) zdirent.st_size / (unsigned) zdirent.d_csize) >= limits->maxratio) {
|
|
| 363 |
+ files++; |
|
| 364 |
+ continue; |
|
| 365 |
+ } |
|
| 366 |
+ |
|
| 368 | 367 |
/* work-around for problematic zips (zziplib crashes with them) */ |
| 369 | 368 |
if(zdirent.d_csize < 0 || zdirent.st_size < 0) {
|
| 370 | 369 |
files++; |
| ... | ... |
@@ -412,9 +425,8 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
| 412 | 412 |
break; |
| 413 | 413 |
} |
| 414 | 414 |
|
| 415 |
- |
|
| 416 | 415 |
while((bytes = zzip_file_read(zfp, buff, FILEBUFF)) > 0) {
|
| 417 |
- if(fwrite(buff, bytes, 1, tmp)*bytes != bytes) {
|
|
| 416 |
+ if(fwrite(buff, 1, bytes, tmp) != (size_t) bytes) {
|
|
| 418 | 417 |
cli_dbgmsg("Zip -> Can't fwrite() file: %s\n", strerror(errno));
|
| 419 | 418 |
zzip_file_close(zfp); |
| 420 | 419 |
zzip_dir_close(zdir); |
| ... | ... |
@@ -624,89 +636,103 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const |
| 624 | 624 |
} |
| 625 | 625 |
#endif |
| 626 | 626 |
|
| 627 |
-static int cli_scanole2(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
| 627 |
+static int cli_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
| 628 | 628 |
{
|
| 629 |
- const char *tmpdir; |
|
| 630 |
- char *dir, *fullname; |
|
| 631 |
- unsigned char *data; |
|
| 632 |
- int ret = CL_CLEAN, fd, i, data_len; |
|
| 633 |
- vba_project_t *vba_project; |
|
| 634 |
- |
|
| 635 |
- cli_dbgmsg("in cli_scanole2()\n");
|
|
| 636 |
- |
|
| 637 |
- tmpdir = getenv("TMPDIR");
|
|
| 629 |
+ DIR *dd; |
|
| 630 |
+ struct dirent *dent; |
|
| 631 |
+ struct stat statbuf; |
|
| 632 |
+ char *fname; |
|
| 638 | 633 |
|
| 639 |
- if(tmpdir == NULL) |
|
| 640 |
-#ifdef P_tmpdir |
|
| 641 |
- tmpdir = P_tmpdir; |
|
| 642 |
-#else |
|
| 643 |
- tmpdir = "/tmp"; |
|
| 644 |
-#endif |
|
| 645 | 634 |
|
| 646 |
- /* generate the temporary directory */ |
|
| 647 |
- dir = cl_gentemp(tmpdir); |
|
| 648 |
- if(mkdir(dir, 0700)) {
|
|
| 649 |
- cli_errmsg("ScanOLE2 -> Can't create temporary directory %s\n", dir);
|
|
| 650 |
- return CL_ETMPDIR; |
|
| 651 |
- } |
|
| 635 |
+ if((dd = opendir(dirname)) != NULL) {
|
|
| 636 |
+ while((dent = readdir(dd))) {
|
|
| 637 |
+ if(dent->d_ino) {
|
|
| 638 |
+ if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {
|
|
| 639 |
+ /* build the full name */ |
|
| 640 |
+ fname = cli_calloc(strlen(dirname) + strlen(dent->d_name) + 2, sizeof(char)); |
|
| 641 |
+ sprintf(fname, "%s/%s", dirname, dent->d_name); |
|
| 652 | 642 |
|
| 653 |
- if((ret = cli_ole2_extract(desc, dir))) {
|
|
| 654 |
- cli_errmsg("ScanOLE2 -> %s\n", cl_strerror(ret));
|
|
| 655 |
- cli_rmdirs(dir); |
|
| 656 |
- free(dir); |
|
| 657 |
- return ret; |
|
| 658 |
- } |
|
| 643 |
+ /* stat the file */ |
|
| 644 |
+ if(lstat(fname, &statbuf) != -1) {
|
|
| 645 |
+ if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) {
|
|
| 646 |
+ if (cli_scandir(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) {
|
|
| 647 |
+ free(fname); |
|
| 648 |
+ closedir(dd); |
|
| 649 |
+ return CL_VIRUS; |
|
| 650 |
+ } |
|
| 651 |
+ } else |
|
| 652 |
+ if(S_ISREG(statbuf.st_mode)) |
|
| 653 |
+ if(cli_scanfile(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) {
|
|
| 654 |
+ free(fname); |
|
| 655 |
+ closedir(dd); |
|
| 656 |
+ return CL_VIRUS; |
|
| 657 |
+ } |
|
| 659 | 658 |
|
| 660 |
- if((vba_project = (vba_project_t *) vba56_dir_read(dir))) {
|
|
| 661 |
- |
|
| 662 |
- for(i = 0; i < vba_project->count; i++) {
|
|
| 663 |
- fullname = (char *) malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2); |
|
| 664 |
- sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]); |
|
| 665 |
- fd = open(fullname, O_RDONLY); |
|
| 666 |
- if(fd == -1) {
|
|
| 667 |
- cli_errmsg("Scan->OLE2 -> Can't open file %s\n", fullname);
|
|
| 668 |
- free(fullname); |
|
| 669 |
- ret = CL_EOPEN; |
|
| 670 |
- break; |
|
| 671 |
- } |
|
| 672 |
- free(fullname); |
|
| 673 |
- cli_dbgmsg("decompress VBA project '%s'\n", vba_project->name[i]);
|
|
| 674 |
- data = (unsigned char *) vba_decompress(fd, vba_project->offset[i], &data_len); |
|
| 675 |
- close(fd); |
|
| 676 |
- |
|
| 677 |
- if(!data) {
|
|
| 678 |
- cli_dbgmsg("WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]);
|
|
| 679 |
- } else {
|
|
| 680 |
- if(cl_scanbuff(data, data_len, virname, root) == CL_VIRUS) {
|
|
| 681 |
- free(data); |
|
| 682 |
- ret = CL_VIRUS; |
|
| 683 |
- break; |
|
| 684 | 659 |
} |
| 685 |
- |
|
| 686 |
- free(data); |
|
| 660 |
+ free(fname); |
|
| 687 | 661 |
} |
| 688 | 662 |
} |
| 689 |
- |
|
| 690 |
- for(i = 0; i < vba_project->count; i++) |
|
| 691 |
- free(vba_project->name[i]); |
|
| 692 |
- free(vba_project->name); |
|
| 693 |
- free(vba_project->dir); |
|
| 694 |
- free(vba_project->offset); |
|
| 695 |
- free(vba_project); |
|
| 696 | 663 |
} |
| 664 |
+ } else {
|
|
| 665 |
+ cli_errmsg("ScanDir -> Can't open directory %s.\n", dirname);
|
|
| 666 |
+ return CL_EOPEN; |
|
| 667 |
+ } |
|
| 697 | 668 |
|
| 698 |
- |
|
| 699 |
- cli_rmdirs(dir); |
|
| 700 |
- free(dir); |
|
| 701 |
- return ret; |
|
| 669 |
+ closedir(dd); |
|
| 670 |
+ return 0; |
|
| 702 | 671 |
} |
| 703 |
-static int cli_scandir(char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
| 672 |
+ |
|
| 673 |
+static int cli_vba_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
| 704 | 674 |
{
|
| 675 |
+ int ret = CL_CLEAN, i, fd, data_len; |
|
| 676 |
+ vba_project_t *vba_project; |
|
| 705 | 677 |
DIR *dd; |
| 706 | 678 |
struct dirent *dent; |
| 707 | 679 |
struct stat statbuf; |
| 708 |
- char *fname; |
|
| 680 |
+ char *fname, *dir, *fullname; |
|
| 681 |
+ unsigned char *data; |
|
| 682 |
+ |
|
| 683 |
+ cli_dbgmsg("VBA scan dir: %s\n", dirname);
|
|
| 684 |
+ if((vba_project = (vba_project_t *) vba56_dir_read(dirname))) {
|
|
| 709 | 685 |
|
| 686 |
+ for(i = 0; i < vba_project->count; i++) {
|
|
| 687 |
+ fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2); |
|
| 688 |
+ sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]); |
|
| 689 |
+ fd = open(fullname, O_RDONLY); |
|
| 690 |
+ if(fd == -1) {
|
|
| 691 |
+ cli_errmsg("Scan->OLE2 -> Can't open file %s\n", fullname);
|
|
| 692 |
+ free(fullname); |
|
| 693 |
+ ret = CL_EOPEN; |
|
| 694 |
+ break; |
|
| 695 |
+ } |
|
| 696 |
+ free(fullname); |
|
| 697 |
+ cli_dbgmsg("decompress VBA project '%s'\n", vba_project->name[i]);
|
|
| 698 |
+ data = (unsigned char *) vba_decompress(fd, vba_project->offset[i], &data_len); |
|
| 699 |
+ close(fd); |
|
| 700 |
+ |
|
| 701 |
+ if(!data) {
|
|
| 702 |
+ cli_dbgmsg("WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]);
|
|
| 703 |
+ } else {
|
|
| 704 |
+ if(cl_scanbuff(data, data_len, virname, root) == CL_VIRUS) {
|
|
| 705 |
+ free(data); |
|
| 706 |
+ ret = CL_VIRUS; |
|
| 707 |
+ break; |
|
| 708 |
+ } |
|
| 709 |
+ |
|
| 710 |
+ free(data); |
|
| 711 |
+ } |
|
| 712 |
+ } |
|
| 713 |
+ |
|
| 714 |
+ for(i = 0; i < vba_project->count; i++) |
|
| 715 |
+ free(vba_project->name[i]); |
|
| 716 |
+ free(vba_project->name); |
|
| 717 |
+ free(vba_project->dir); |
|
| 718 |
+ free(vba_project->offset); |
|
| 719 |
+ free(vba_project); |
|
| 720 |
+ } |
|
| 721 |
+ |
|
| 722 |
+ if(ret != CL_CLEAN) |
|
| 723 |
+ return ret; |
|
| 710 | 724 |
|
| 711 | 725 |
if((dd = opendir(dirname)) != NULL) {
|
| 712 | 726 |
while((dent = readdir(dd))) {
|
| ... | ... |
@@ -719,15 +745,11 @@ static int cli_scandir(char *dirname, const char **virname, long int *scanned, c |
| 719 | 719 |
/* stat the file */ |
| 720 | 720 |
if(lstat(fname, &statbuf) != -1) {
|
| 721 | 721 |
if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) |
| 722 |
- cli_scandir(fname, virname, scanned, root, limits, options, reclev); |
|
| 723 |
- else |
|
| 724 |
- if(S_ISREG(statbuf.st_mode)) |
|
| 725 |
- if(cli_scanfile(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) {
|
|
| 726 |
- free(fname); |
|
| 727 |
- closedir(dd); |
|
| 728 |
- return CL_VIRUS; |
|
| 729 |
- } |
|
| 730 |
- |
|
| 722 |
+ if (cli_vba_scandir(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) {
|
|
| 723 |
+ ret = CL_VIRUS; |
|
| 724 |
+ free(fname); |
|
| 725 |
+ break; |
|
| 726 |
+ } |
|
| 731 | 727 |
} |
| 732 | 728 |
free(fname); |
| 733 | 729 |
} |
| ... | ... |
@@ -739,7 +761,51 @@ static int cli_scandir(char *dirname, const char **virname, long int *scanned, c |
| 739 | 739 |
} |
| 740 | 740 |
|
| 741 | 741 |
closedir(dd); |
| 742 |
- return 0; |
|
| 742 |
+ return ret; |
|
| 743 |
+} |
|
| 744 |
+ |
|
| 745 |
+static int cli_scanole2(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
| 746 |
+{
|
|
| 747 |
+ const char *tmpdir; |
|
| 748 |
+ char *dir, *fullname; |
|
| 749 |
+ unsigned char *data; |
|
| 750 |
+ int ret = CL_CLEAN, fd, i, data_len; |
|
| 751 |
+ vba_project_t *vba_project; |
|
| 752 |
+ |
|
| 753 |
+ cli_dbgmsg("in cli_scanole2()\n");
|
|
| 754 |
+ |
|
| 755 |
+ tmpdir = getenv("TMPDIR");
|
|
| 756 |
+ |
|
| 757 |
+ if(tmpdir == NULL) |
|
| 758 |
+#ifdef P_tmpdir |
|
| 759 |
+ tmpdir = P_tmpdir; |
|
| 760 |
+#else |
|
| 761 |
+ tmpdir = "/tmp"; |
|
| 762 |
+#endif |
|
| 763 |
+ |
|
| 764 |
+ /* generate the temporary directory */ |
|
| 765 |
+ dir = cl_gentemp(tmpdir); |
|
| 766 |
+ if(mkdir(dir, 0700)) {
|
|
| 767 |
+ cli_errmsg("ScanOLE2 -> Can't create temporary directory %s\n", dir);
|
|
| 768 |
+ return CL_ETMPDIR; |
|
| 769 |
+ } |
|
| 770 |
+ |
|
| 771 |
+ if((ret = cli_ole2_extract(desc, dir))) {
|
|
| 772 |
+ cli_errmsg("ScanOLE2 -> %s\n", cl_strerror(ret));
|
|
| 773 |
+ cli_rmdirs(dir); |
|
| 774 |
+ free(dir); |
|
| 775 |
+ return ret; |
|
| 776 |
+ } |
|
| 777 |
+ |
|
| 778 |
+ if((ret = cli_vba_scandir(dir, virname, scanned, root, limits, options, reclev)) != CL_VIRUS) {
|
|
| 779 |
+ if(cli_scandir(dir, virname, scanned, root, limits, options, reclev) == CL_VIRUS) {
|
|
| 780 |
+ ret = CL_VIRUS; |
|
| 781 |
+ } |
|
| 782 |
+ } |
|
| 783 |
+ |
|
| 784 |
+ cli_rmdirs(dir); |
|
| 785 |
+ free(dir); |
|
| 786 |
+ return ret; |
|
| 743 | 787 |
} |
| 744 | 788 |
|
| 745 | 789 |
static int cli_scanmail(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
| ... | ... |
@@ -797,77 +863,74 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
| 797 | 797 |
return -1; |
| 798 | 798 |
} |
| 799 | 799 |
|
| 800 |
- |
|
| 801 |
- if(SCAN_ARCHIVE || SCAN_MAIL) {
|
|
| 802 |
- /* Need to examine file type */ |
|
| 803 |
- |
|
| 804 |
- if(SCAN_ARCHIVE && limits && limits->maxreclevel) |
|
| 805 |
- if(*reclev > limits->maxreclevel) |
|
| 806 |
- /* return CL_EMAXREC; */ |
|
| 807 |
- return CL_CLEAN; |
|
| 808 |
- |
|
| 809 |
- (*reclev)++; |
|
| 800 |
+ if(SCAN_ARCHIVE && limits && limits->maxreclevel) |
|
| 801 |
+ if(*reclev > limits->maxreclevel) |
|
| 802 |
+ /* return CL_EMAXREC; */ |
|
| 803 |
+ return CL_CLEAN; |
|
| 810 | 804 |
|
| 811 | 805 |
|
| 812 |
- lseek(desc, 0, SEEK_SET); |
|
| 813 |
- bread = read(desc, magic, MAGIC_BUFFER_SIZE); |
|
| 814 |
- magic[MAGIC_BUFFER_SIZE] = '\0'; /* terminate magic string properly */ |
|
| 815 |
- lseek(desc, 0, SEEK_SET); |
|
| 806 |
+ (*reclev)++; |
|
| 807 |
+ lseek(desc, 0, SEEK_SET); |
|
| 808 |
+ bread = read(desc, magic, MAGIC_BUFFER_SIZE); |
|
| 809 |
+ magic[MAGIC_BUFFER_SIZE] = '\0'; |
|
| 810 |
+ lseek(desc, 0, SEEK_SET); |
|
| 816 | 811 |
|
| 812 |
+ if (bread != MAGIC_BUFFER_SIZE) {
|
|
| 813 |
+ /* short read: No need to do magic */ |
|
| 814 |
+ (*reclev)--; |
|
| 815 |
+ return ret; |
|
| 816 |
+ } |
|
| 817 | 817 |
|
| 818 |
- if (bread != MAGIC_BUFFER_SIZE) {
|
|
| 819 |
- /* short read: No need to do magic */ |
|
| 820 |
- (*reclev)--; |
|
| 821 |
- return ret; |
|
| 822 |
- } |
|
| 823 |
- |
|
| 824 |
- type = cli_filetype(magic, bread); |
|
| 818 |
+ type = cli_filetype(magic, bread); |
|
| 825 | 819 |
|
| 826 |
- switch(type) {
|
|
| 827 |
- case CL_RARFILE: |
|
| 828 |
- if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse) {
|
|
| 829 |
- ret = cli_scanrar(desc, virname, scanned, root, limits, options, reclev); |
|
| 830 |
- } |
|
| 831 |
- break; |
|
| 820 |
+ switch(type) {
|
|
| 821 |
+ case CL_RARFILE: |
|
| 822 |
+ if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse) |
|
| 823 |
+ ret = cli_scanrar(desc, virname, scanned, root, limits, options, reclev); |
|
| 824 |
+ break; |
|
| 832 | 825 |
|
| 833 |
- case CL_ZIPFILE: |
|
| 834 |
- if(SCAN_ARCHIVE) {
|
|
| 835 |
- ret = cli_scanzip(desc, virname, scanned, root, limits, options, reclev); |
|
| 836 |
- } |
|
| 837 |
- break; |
|
| 826 |
+ case CL_ZIPFILE: |
|
| 827 |
+ if(SCAN_ARCHIVE) |
|
| 828 |
+ ret = cli_scanzip(desc, virname, scanned, root, limits, options, reclev); |
|
| 829 |
+ break; |
|
| 838 | 830 |
|
| 839 |
- case CL_GZFILE: |
|
| 840 |
- if(SCAN_ARCHIVE) {
|
|
| 841 |
- ret = cli_scangzip(desc, virname, scanned, root, limits, options, reclev); |
|
| 842 |
- } |
|
| 843 |
- break; |
|
| 831 |
+ case CL_GZFILE: |
|
| 832 |
+ if(SCAN_ARCHIVE) |
|
| 833 |
+ ret = cli_scangzip(desc, virname, scanned, root, limits, options, reclev); |
|
| 834 |
+ break; |
|
| 844 | 835 |
|
| 845 |
- case CL_BZFILE: |
|
| 836 |
+ case CL_BZFILE: |
|
| 846 | 837 |
#ifdef HAVE_BZLIB_H |
| 847 |
- if(SCAN_ARCHIVE) {
|
|
| 848 |
- ret = cli_scanbzip(desc, virname, scanned, root, limits, options, reclev); |
|
| 849 |
- } |
|
| 838 |
+ if(SCAN_ARCHIVE) |
|
| 839 |
+ ret = cli_scanbzip(desc, virname, scanned, root, limits, options, reclev); |
|
| 850 | 840 |
#endif |
| 851 |
- break; |
|
| 841 |
+ break; |
|
| 852 | 842 |
|
| 853 |
- case CL_MAILFILE: |
|
| 854 |
- if (SCAN_MAIL) {
|
|
| 855 |
- ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev); |
|
| 856 |
- } |
|
| 857 |
- break; |
|
| 843 |
+ case CL_MAILFILE: |
|
| 844 |
+ if(SCAN_MAIL) |
|
| 845 |
+ ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev); |
|
| 846 |
+ break; |
|
| 858 | 847 |
|
| 859 |
- case CL_OLE2FILE: |
|
| 860 |
- if(SCAN_OLE2) {
|
|
| 861 |
- ret = cli_scanole2(desc, virname, scanned, root, limits, options, reclev); |
|
| 862 |
- } |
|
| 863 |
- case CL_UNKNOWN_TYPE: |
|
| 864 |
- break; |
|
| 865 |
- } |
|
| 848 |
+ case CL_OLE2FILE: |
|
| 849 |
+ if(SCAN_OLE2) |
|
| 850 |
+ ret = cli_scanole2(desc, virname, scanned, root, limits, options, reclev); |
|
| 851 |
+ break; |
|
| 866 | 852 |
|
| 867 |
- (*reclev)--; |
|
| 853 |
+ case CL_DATAFILE: |
|
| 854 |
+ /* it could be a false positive and a standard DOS .COM file */ |
|
| 855 |
+ {
|
|
| 856 |
+ struct stat s; |
|
| 857 |
+ if(fstat(desc, &s) == 0 && S_ISREG(s.st_mode) && s.st_size < 65536) |
|
| 858 |
+ type = CL_UNKNOWN_TYPE; |
|
| 859 |
+ } |
|
| 860 |
+ |
|
| 861 |
+ case CL_UNKNOWN_TYPE: |
|
| 862 |
+ break; |
|
| 868 | 863 |
} |
| 869 | 864 |
|
| 870 |
- if(ret != CL_VIRUS) { /* scan the raw file */
|
|
| 865 |
+ (*reclev)--; |
|
| 866 |
+ |
|
| 867 |
+ if(type != CL_DATAFILE && ret != CL_VIRUS) { /* scan the raw file */
|
|
| 871 | 868 |
lseek(desc, 0, SEEK_SET); /* If archive scan didn't rewind desc */ |
| 872 | 869 |
if(cli_scandesc(desc, virname, scanned, root) == CL_VIRUS) {
|
| 873 | 870 |
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
|