git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@515 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/04/21 07:33:42... | ... |
@@ -1,3 +1,13 @@ |
1 |
+Wed Apr 21 00:27:18 CEST 2004 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: scanners: |
|
4 |
+ + scan full OLE2 directory (Trog); |
|
5 |
+ + ignore popular file types (Dirk Mueller <mueller*kde.org>) |
|
6 |
+ + improve compression ratio calculation (Dirk Mueller) |
|
7 |
+ + detect more mail file types |
|
8 |
+ * clamscan: add --max-ratio option (Dirk Mueller) |
|
9 |
+ * docs: update Japanese documentation (Masaki Ogawa <proc*mac.com>) |
|
10 |
+ |
|
1 | 11 |
Tue Apr 20 15:18:58 BST 2004 (njh) |
2 | 12 |
---------------------------------- |
3 | 13 |
* clamav-milter: Handle hostaddr == NULL |
... | ... |
@@ -14,9 +24,9 @@ Mon Apr 19 23:11:48 BST 2004 (njh) |
14 | 14 |
---------------------------------- |
15 | 15 |
* clamav-milter: Added --from |
16 | 16 |
Return SMFIS_TEMPFAIL on some out of memory errors (some still to do), |
17 |
- based on an idea by Joe Maimon <jmaimon@ttec.com> |
|
17 |
+ based on an idea by Joe Maimon <jmaimon*ttec.com> |
|
18 | 18 |
Quarantine messages now sorted by date, based on an idea by Christian |
19 |
- Pelissier <Christian.Pelissier@onera.fr>. |
|
19 |
+ Pelissier <Christian.Pelissier*onera.fr>. |
|
20 | 20 |
Started code to parse header to find the real infected machine, |
21 | 21 |
email notification now contain the first received header, which |
22 | 22 |
may (or may not) be helpful |
... | ... |
@@ -60,7 +60,7 @@ of mirrors by looking at their ip source address when they try to resolve |
60 | 60 |
database.clamav.net. Our DNS servers can answer with a CNAME to: |
61 | 61 |
europe.clamav.net, america.clamav.net, asia.clamav.net or other.clamav.net. |
62 | 62 |
Our advanced push-mirroring mechanism (maintained by Luca Gibelli) allows |
63 |
-database maintainers to update all the mirrors in less then one minute ! |
|
63 |
+database maintainers to update all the mirrors in less than one minute ! |
|
64 | 64 |
|
65 | 65 |
|
66 | 66 |
There will be no major feature enhancements in the 0.7x series. Our work |
... | ... |
@@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for |
81 | 81 |
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created |
82 | 82 |
dnl (the prefix is a bit different, since we add an extra -target- and -host-) |
83 | 83 |
dnl |
84 |
-dnl @version: $Id: aclocal.m4,v 1.34 2004/04/16 12:50:53 kojm Exp $ |
|
84 |
+dnl @version: $Id: aclocal.m4,v 1.35 2004/04/20 22:33:18 kojm Exp $ |
|
85 | 85 |
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often |
86 | 86 |
|
87 | 87 |
AC_DEFUN([AC_CREATE_TARGET_H], |
... | ... |
@@ -4041,7 +4041,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers) |
4041 | 4041 |
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers) |
4042 | 4042 |
dnl |
4043 | 4043 |
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu> |
4044 |
-dnl @version $Id: aclocal.m4,v 1.34 2004/04/16 12:50:53 kojm Exp $ |
|
4044 |
+dnl @version $Id: aclocal.m4,v 1.35 2004/04/20 22:33:18 kojm Exp $ |
|
4045 | 4045 |
dnl |
4046 | 4046 |
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF], |
4047 | 4047 |
[changequote(<<, >>)dnl |
... | ... |
@@ -60,19 +60,17 @@ void virusaction(const char *virname, const struct cfgstruct *copt) |
60 | 60 |
|
61 | 61 |
cmd = strdup(cpt->strarg); |
62 | 62 |
|
63 |
- buffer = (char *) mcalloc(strlen(cmd) + strlen(virname) + 10, sizeof(char)); |
|
64 |
- |
|
65 | 63 |
if((pt = strstr(cmd, "%v"))) { |
64 |
+ buffer = (char *) mcalloc(strlen(cmd) + strlen(virname) + 10, sizeof(char)); |
|
66 | 65 |
*pt = 0; pt += 2; |
67 | 66 |
strcpy(buffer, cmd); |
68 | 67 |
strcat(buffer, virname); |
69 | 68 |
strcat(buffer, pt); |
70 | 69 |
free(cmd); |
71 | 70 |
cmd = strdup(buffer); |
71 |
+ free(buffer); |
|
72 | 72 |
} |
73 | 73 |
|
74 |
- free(buffer); |
|
75 |
- |
|
76 | 74 |
/* WARNING: this is uninterruptable ! */ |
77 | 75 |
system(cmd); |
78 | 76 |
|
... | ... |
@@ -151,6 +151,10 @@ int scanmanager(const struct optstruct *opt) |
151 | 151 |
else |
152 | 152 |
limits->maxreclevel = 5; |
153 | 153 |
|
154 |
+ if(optl(opt, "max-ratio")) |
|
155 |
+ limits->maxratio = atoi(getargl(opt, "max-ratio")); |
|
156 |
+ else |
|
157 |
+ limits->maxratio = 200; |
|
154 | 158 |
|
155 | 159 |
#ifdef C_LINUX |
156 | 160 |
if(stat("/proc", &sb) == -1) |
... | ... |
@@ -4,301 +4,1831 @@ |
4 | 4 |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja"> |
5 | 5 |
<head> |
6 | 6 |
<meta http-equiv="Content-Type" content="text/html; charset=euc-jp" /> |
7 |
+ <meta http-equiv="content-style-type" content="text/css" /> |
|
8 |
+ <meta name="copyright" content="" /> |
|
9 |
+ |
|
7 | 10 | |
11 |
+ |
|
12 |
+ <link rel="copyright" title="GNU General Public License" href="http://www.gnu.org/copyleft/gpl.html#SEC1" /> |
|
13 |
+ |
|
14 |
+ <style type="text/css"> |
|
15 |
+ a { color: #006633; text-decoration: none; } |
|
16 |
+ a:hover { color: #ffffff; background-color: #336666; } |
|
17 |
+ |
|
18 |
+ body { margin: 5% 10% 5% 10%; color: #333333; width: 80%; line-height: 170%; } |
|
19 |
+ |
|
20 |
+ div.contents { margin: 2em 0em; line-height: 100%; } |
|
21 |
+ .contents dl { margin: 0em 0em; } |
|
22 |
+ .contents a { color: #000000; text-decoration: none; } |
|
23 |
+ .contents a:hover { color: #ffffff; background-color: #333333; } |
|
24 |
+ |
|
25 |
+ div.chapter { margin: 3em 0em 3em 0em; } |
|
26 |
+ div.section { margin: 1em 0em 1em 3em; border: 1px solid #ffffff; } |
|
27 |
+ div.section:hover { border: 1px dotted #cccccc; } |
|
28 |
+ .section div,.section p,.section ul,.section li,.section dl { border: 1px solid #ffffff; } |
|
29 |
+ .section p { margin: 1em 0em 1em 1em; text-indent: 1em; } |
|
30 |
+ .section pre { margin: 1em 0em 1em 1em; border: 1px solid #000000; line-height: 120%; } |
|
31 |
+ .section ul,.section ol { margin: 1em 0em 1em 2em; } |
|
32 |
+ .section dl { margin: 1em 0em 1em 1em; } |
|
33 |
+ .section dt { margin: 0em 0em 0em 0em; } |
|
34 |
+ .section dd { margin: 0em 0em 1em 2em; } |
|
35 |
+ .section blockquote { background-color: #ffffff; border: 1px dotted #000000; } |
|
36 |
+ .section *:hover { color: #000000; } |
|
37 |
+ .section div:hover { border: 1px dotted #cccccc; } |
|
38 |
+ .section a:hover { color: #ffffff; } |
|
39 |
+ .section p:hover,.section li:hover,.section dl:hover,.section pre:hover { background-color: #eeffee; } |
|
40 |
+ .section dt:hover,.section dd:hover { background-color: #99ffcc; } |
|
41 |
+ .section code { } |
|
42 |
+ |
|
43 |
+# .section dl.tree { margin: 0em 0em 0em 1em; } |
|
44 |
+# dl.tree dd { margin: 0em 0em 0em 1em; } |
|
45 |
+ |
|
46 |
+ h2 { color: #ffffff; background-color: #333333; line-height: 150%; } |
|
47 |
+ .section h3,.section h4 { color: #000000; border-bottom: 1px solid #336666; line-height: 150%; } |
|
48 |
+ .section h5,.section h4 { color: #000000; border-bottom: 1px solid #336666; line-height: 100%; } |
|
49 |
+ |
|
50 |
+ table { margin: 1em 0em 1em 1em; } |
|
51 |
+ table:hover { background-color: #eeffee; } |
|
52 |
+ tr:hover { background-color: #99ffcc; } |
|
53 |
+ th,td.opt { white-space:nowrap; text-align: left; } |
|
54 |
+ |
|
55 |
+ </style> |
|
8 | 56 |
</head> |
9 | 57 |
<body> |
10 | 58 |
|
11 | 59 | |
12 | 60 |
|
13 | ||
14 | ||
61 | ||
62 |
+<dl> |
|
63 | ||
64 |
+ <dl> |
|
65 | ||
66 | ||
67 | ||
68 |
+ <dl> |
|
69 | ||
70 | ||
71 | ||
72 | ||
73 |
+ </dl> |
|
74 |
+ </dd> |
|
75 | ||
76 |
+ <dl> |
|
77 | ||
78 | ||
79 | ||
80 | ||
81 |
+ </dl> |
|
82 |
+ </dd> |
|
83 |
+ </dl> |
|
84 |
+ </dd> |
|
85 |
+ |
|
86 | ||
87 |
+ <dl> |
|
88 | ||
89 | ||
90 | ||
91 | ||
92 |
+ </dl> |
|
93 |
+ </dd> |
|
94 |
+ |
|
95 | ||
96 |
+ <dl> |
|
97 | ||
98 |
+ <dd><a href="#c3.2">3.2. freshclam</a> |
|
99 |
+ <dl> |
|
100 | ||
101 | ||
102 | ||
103 | ||
104 | ||
105 | ||
106 |
+ </dl> |
|
107 |
+ </dd> |
|
108 |
+ </dl> |
|
109 |
+ </dd> |
|
110 |
+ |
|
111 | ||
112 |
+ <dl> |
|
113 |
+ <dd><a href="#c4.1">4.1. clamscan</a> |
|
114 |
+ <dl> |
|
115 | ||
116 | ||
117 | ||
118 |
+ </dl> |
|
119 |
+ </dd> |
|
120 |
+ <dd><a href="#c4.2">4.2. clamd</a> |
|
121 |
+ <dl> |
|
122 |
+ <dd><a href="#c4.2.1">4.2.1. clamd</a></dd> |
|
123 | ||
124 | ||
125 | ||
126 |
+ <dd><a href="#c4.2.5">4.2.5. clamdscan</a></dd> |
|
127 | ||
128 | ||
129 |
+ </dl> |
|
130 |
+ </dd> |
|
131 |
+ <dd><a href="#c4.3">4.3. Dazuko+Clamuko</a> |
|
132 |
+ <dl> |
|
133 |
+ <dd><a href="#c4.3.1">4.3.1. Dazuko</a></dd> |
|
134 |
+ <dd><a href="#c4.3.2">4.3.2. Clamuko</a></dd> |
|
135 |
+ </dl> |
|
136 |
+ </dd> |
|
137 |
+ </dl> |
|
138 |
+ </dd> |
|
139 |
+ |
|
140 | ||
141 |
+ <dl> |
|
142 |
+ <dd><a href="#c5.1">5.1. MTA</a> |
|
143 |
+ <dl> |
|
144 |
+ <dd><a href="#c5.1.1">5.1.1. AMaViS/amavisd</a></dd> |
|
145 |
+ <dd><a href="#c5.1.2">5.1.2. AMaViS-ng</a></dd> |
|
146 |
+ <dd><a href="#c5.1.3">5.1.3. amavisd-new</a></dd> |
|
147 |
+ <dd><a href="#c5.1.4">5.1.4. mailscanner</a></dd> |
|
148 |
+ <dd><a href="#c5.1.6">5.1.6. OpenProtect</a></dd> |
|
149 |
+ <dd><a href="#c5.1.7">5.1.7. clamav-milter</a></dd> |
|
150 |
+ <dd><a href="#c5.1.8">5.1.8. mimedefang</a></dd> |
|
151 |
+ <dd><a href="#c5.1.9">5.1.9. IVS Milter</a></dd> |
|
152 |
+ <dd><a href="#c5.1.10">5.1.10. smtp-vilter</a></dd> |
|
153 |
+ <dd><a href="#c5.1.11">5.1.11. j-chkmail</a></dd> |
|
154 |
+ <dd><a href="#c5.1.12">5.1.12. nclamd,nclamav-milter</a></dd> |
|
155 |
+ <dd><a href="#c5.1.13">5.1.13. qmail-scanner</a></dd> |
|
156 |
+ <dd><a href="#c5.1.14">5.1.14. clamdmail</a></dd> |
|
157 |
+ <dd><a href="#c5.1.15">5.1.15. qscanq</a></dd> |
|
158 |
+ <dd><a href="#c5.1.16">5.1.16. Gadoyanvirus</a></dd> |
|
159 |
+ <dd><a href="#c5.1.17">5.1.17. exiscan</a></dd> |
|
160 |
+ <dd><a href="#c5.1.18">5.1.18. scanexi</a></dd> |
|
161 |
+ <dd><a href="#c5.1.19">5.1.19. sagator</a></dd> |
|
162 |
+ <dd><a href="#c5.1.20">5.1.20. cgpav</a></dd> |
|
163 |
+ </dl> |
|
164 |
+ </dd> |
|
165 | ||
166 |
+ <dl> |
|
167 |
+ <dd><a href="#c5.2.1">5.2.1. POP3 Virus Scanner Daemon</a></dd> |
|
168 |
+ <dd><a href="#c5.2.2">5.2.2. Sylpheed-Claws</a></dd> |
|
169 |
+ <dd><a href="#c5.2.3">5.2.3. Mutt</a></dd> |
|
170 |
+ </dl> |
|
171 |
+ </dd> |
|
172 | ||
173 |
+ <dl> |
|
174 |
+ <dd><a href="#c5.3.1">5.3.1. ClamAssassin</a></dd> |
|
175 |
+ <dd><a href="#c5.3.2">5.3.2. trashscan</a></dd> |
|
176 |
+ <dd><a href="#c5.3.3">5.3.3. mailman-clamav</a></dd> |
|
177 |
+ <dd><a href="#c5.3.4">5.3.4. mailgraph</a></dd> |
|
178 |
+ </dl> |
|
179 |
+ </dd> |
|
180 | ||
181 |
+ <dl> |
|
182 |
+ <dd><a href="#c5.4.1">5.4.1. samba-vscan</a></dd> |
|
183 |
+ <dd><a href="#c5.4.2">5.4.2. mod_clamav</a></dd> |
|
184 |
+ <dd><a href="#c5.4.3">5.4.3. PureFTPd</a></dd> |
|
185 |
+ <dd><a href="#c5.4.4">5.4.4. Viralator</a></dd> |
|
186 |
+ </dl> |
|
187 |
+ </dd> |
|
188 |
+ <dd><a href="#c5.5">5.5. CD-ROM</a> |
|
189 |
+ <dl> |
|
190 |
+ <dd><a href="#c5.5.1">5.5.1. INSERT</a></dd> |
|
191 |
+ <dd><a href="#c5.5.2">5.5.2. Local Area Security</a></dd> |
|
192 |
+ </dl> |
|
193 |
+ </dd> |
|
194 | ||
195 |
+ <dl> |
|
196 |
+ <dd><a href="#c5.6.1">5.6.1. Mail::ClamAV</a></dd> |
|
197 |
+ <dd><a href="#c5.6.2">5.6.2. clamavr</a></dd> |
|
198 |
+ <dd><a href="#c5.6.3">5.6.3. wbmclamav</a></dd> |
|
199 |
+ <dd><a href="#c5.6.4">5.6.4. Scan Log Analyzer</a></dd> |
|
200 |
+ <dd><a href="#c5.6.5">5.6.5. ClamWin Antivirus</a></dd> |
|
201 |
+ </dl> |
|
202 |
+ </dd> |
|
203 |
+ </dl> |
|
204 |
+ </dd> |
|
205 |
+ |
|
206 | ||
207 |
+ <dl> |
|
208 | ||
209 |
+ <dl> |
|
210 | ||
211 | ||
212 | ||
213 |
+ </dl> |
|
214 |
+ </dd> |
|
215 |
+ <dd><a href="#c6.2">6.2. sigtool</a> |
|
216 |
+ <dl> |
|
217 | ||
218 | ||
219 |
+ </dl> |
|
220 |
+ </dd> |
|
221 | ||
222 |
+ <dl> |
|
223 | ||
224 | ||
225 | ||
226 |
+ </dl> |
|
227 |
+ </dd> |
|
228 | ||
229 |
+ <dl> |
|
230 | ||
231 | ||
232 | ||
233 | ||
234 | ||
235 |
+ </dd> |
|
236 |
+ </dl> |
|
237 |
+ </dd> |
|
15 | 238 |
|
16 |
-<h2>1. Clam Antivirus</h2> |
|
239 | ||
240 |
+ <dl> |
|
241 |
+ <dd><a href="#c7.1">7.1. libclamav</a></dd> |
|
242 | ||
243 |
+ </dl> |
|
244 |
+ </dd> |
|
17 | 245 |
|
18 | ||
246 | ||
247 |
+ <dd><a href="#c9">9. TODO</a></dd> |
|
19 | 248 |
|
249 |
+</dl></div> |
|
250 |
+ |
|
251 | ||
252 |
+ |
|
253 | ||
20 | 254 |
<p> |
21 | ||
255 | ||
22 | 256 |
</p> |
23 |
- |
|
24 | ||
25 |
- |
|
257 |
+ </div> |
|
258 | ||
26 | 259 |
<p> |
27 | ||
260 | ||
28 | 261 |
</p> |
29 |
- |
|
30 | ||
31 |
- |
|
32 | ||
33 |
- |
|
34 | 262 |
<p> |
35 | ||
263 | ||
36 | 264 |
</p> |
265 |
+ </div> |
|
37 | 266 |
|
38 | ||
267 | ||
39 | 268 |
|
40 |
- <p> |
|
41 | ||
42 |
- </p> |
|
43 |
- |
|
44 |
- <pre><code> |
|
45 | ||
46 |
- |
|
47 |
- # groupadd clamav |
|
48 |
- # useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav |
|
269 | ||
270 |
+ <p> |
|
271 | ||
272 |
+ </p> |
|
273 |
+ <p> |
|
274 | ||
275 |
+ </p> |
|
276 |
+ <p> |
|
277 | ||
278 |
+ </p> |
|
279 |
+ <ul> |
|
280 |
+ <li> |
|
281 | ||
282 | ||
283 |
+ </li> |
|
284 |
+ <li> |
|
285 | ||
286 | ||
287 |
+ </li> |
|
288 |
+ <li> |
|
289 | ||
290 | ||
291 | ||
292 | ||
293 | ||
294 |
+ </li> |
|
295 |
+ </ul> |
|
296 |
+ <p> |
|
297 | ||
298 |
+ </p> |
|
299 |
+ <blockquote cite="http://www.mail-archive.com/clamav-users@lists.sourceforge.net/msg07466.html"> |
|
300 | ||
301 | ||
302 | ||
303 | ||
304 |
+ </blockquote> |
|
305 |
+ <p> |
|
306 | ||
307 |
+ </p> |
|
308 |
+ </div> |
|
309 | ||
310 |
+ <p> |
|
311 | ||
312 |
+ </p> |
|
313 |
+ <p> |
|
314 | ||
315 |
+ </p> |
|
316 |
+ <p> |
|
317 | ||
318 |
+ </p> |
|
319 |
+ </div> |
|
320 | ||
321 |
+ <p> |
|
322 | ||
323 |
+ </p> |
|
324 |
+ </div> |
|
325 | ||
326 |
+ <p> |
|
327 | ||
328 |
+ </p> |
|
329 |
+ <p> |
|
330 | ||
331 |
+ </p> |
|
332 |
+ </div> |
|
49 | 333 |
|
334 |
+ </div> |
|
50 | 335 |
|
51 | ||
52 |
- |
|
53 |
- $ sudo niutil -create / /groups/clamav |
|
54 |
- $ sudo niutil -createprop / /groups/clamav gid 402 |
|
55 |
- $ sudo niutil -createprop / /groups/clamav passwd '*' |
|
56 |
- $ sudo niutil -create / /users/clamav |
|
57 |
- $ sudo niutil -createprop / /users/clamav uid 402 |
|
58 |
- $ sudo niutil -createprop / /users/clamav gid 402 |
|
59 |
- $ sudo niutil -createprop / /users/clamav passwd '*' |
|
60 |
- $ sudo niutil -createprop / /users/clamav realname 'Clam Antivirus' |
|
61 |
- $ sudo niutil -createprop / /users/clamav home /dev/null |
|
62 |
- $ sudo niutil -createprop / /users/clamav shell /dev/null |
|
63 |
- |
|
64 | ||
65 |
- </code></pre> |
|
336 | ||
66 | 337 |
|
67 | ||
68 |
- |
|
338 | ||
339 |
+ <p> |
|
340 | ||
341 | ||
342 |
+ </p> |
|
343 |
+ </div> |
|
344 | ||
345 |
+ <p> |
|
346 | ||
347 |
+ </p> |
|
348 |
+ </div> |
|
349 | ||
350 |
+ <p> |
|
351 | ||
352 |
+ </p> |
|
353 |
+ </div> |
|
354 | ||
355 |
+ <p> |
|
356 | ||
357 |
+ </p> |
|
358 |
+ </div> |
|
359 |
+ </div> |
|
360 |
+ |
|
361 |
+</div> |
|
362 |
+ |
|
363 | ||
364 |
+ |
|
365 | ||
366 |
+ <p> |
|
367 | ||
368 |
+ </p> |
|
369 |
+ </div> |
|
370 | ||
371 |
+ <p> |
|
372 | ||
373 |
+ </p> |
|
374 |
+ </div> |
|
375 | ||
69 | 376 |
<p> |
70 | ||
377 | ||
71 | 378 |
</p> |
72 | 379 |
|
380 |
+ <ul> |
|
381 | ||
382 |
+ <pre><code> |
|
383 |
+ # groupadd clamav |
|
384 |
+ # useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav |
|
385 |
+ </code></pre> |
|
386 |
+ </li> |
|
387 | ||
388 |
+ <pre><code> |
|
389 |
+ $ echo 'clamav:*:402:Clam AntiVirus' | sudo niload group / |
|
390 |
+ $ echo 'clamav:*:402:402::0:0:Clam Antivirus:/tmp:/dev/null' | \ |
|
391 |
+ > sudo niload passwd / |
|
392 |
+ </code></pre> |
|
393 | ||
394 |
+ </li> |
|
395 |
+ </ul> |
|
396 |
+ </div> |
|
397 | ||
398 | ||
399 |
+ |
|
73 | 400 |
<pre><code> |
74 |
- $ zcat clamav-0.23.tar.gz | tar xvf - |
|
75 |
- $ cd clamav-0.23 |
|
401 |
+ $ zcat clamav-0.xx.tar.gz | tar xvf - |
|
402 |
+ $ cd clamav-0.xx |
|
76 | 403 |
$ ./configure |
77 | 404 |
$ make |
78 | 405 |
$ sudo make install |
79 | 406 |
</code></pre> |
80 | 407 |
|
81 | ||
408 | ||
409 |
+ |
|
410 |
+ <pre><code> |
|
411 |
+ $ sudo /usr/local/bin/freshclam |
|
412 |
+ </code></pre> |
|
413 |
+ |
|
414 |
+ </div> |
|
415 |
+</div> |
|
82 | 416 |
|
83 |
- <h3>3.1 clamscan</h3> |
|
417 | ||
84 | 418 |
|
419 | ||
85 | 420 |
<p> |
86 | ||
421 | ||
87 | 422 |
</p> |
88 | ||
89 | 423 |
<dl> |
424 |
+ <dt>main.cvd</dt> |
|
425 | ||
426 |
+ <dt>daily.cvd</dt> |
|
427 | ||
428 |
+ <dt>mirrors.txt</dt> |
|
429 | ||
430 | ||
431 | ||
432 |
+ </dl> |
|
433 |
+ </div> |
|
434 |
+ <div class="section" id="c3.2"><h3>3.2. freshclam</h3> |
|
435 | ||
436 |
+ |
|
437 | ||
438 |
+ <dl> |
|
439 |
+ <dt># freshclam</dt> |
|
440 | ||
441 |
+ <dt># freshclam -d -c 24</dt> |
|
442 | ||
443 |
+ </dl> |
|
444 |
+ </div> |
|
445 |
+ |
|
446 | ||
447 |
+ <table class="cmdoption"> |
|
448 |
+ <tr> |
|
449 |
+ <th>--help</th><td class="opt">-h</td> |
|
450 | ||
451 |
+ </tr> |
|
452 |
+ <tr> |
|
453 |
+ <th>--version</th><td class="opt">-V</td> |
|
454 | ||
455 |
+ </tr> |
|
456 |
+ <tr> |
|
457 |
+ <th>--verbose</th><td class="opt">-v</td> |
|
458 | ||
459 |
+ </tr> |
|
460 |
+ <tr> |
|
461 |
+ <th>--debug</th><td class="opt"> </td> |
|
462 | ||
463 |
+ </tr> |
|
464 |
+ <tr> |
|
465 |
+ <th>--quiet</th><td class="opt"> </td> |
|
466 | ||
467 |
+ </tr> |
|
468 |
+ <tr> |
|
469 |
+ <th>--stdout</th><td class="opt"> </td> |
|
470 | ||
471 |
+ </tr> |
|
472 |
+ <tr> |
|
473 |
+ <th>--log=FILE</th><td class="opt">-l FILE</td> |
|
474 | ||
475 |
+ </tr> |
|
476 |
+ <tr> |
|
477 |
+ <th>--log-verbose</th><td class="opt"> </td> |
|
478 | ||
479 |
+ </tr> |
|
480 |
+ <tr> |
|
481 |
+ <th>--config-file=FILE</th><td class="opt"> </td> |
|
482 | ||
483 |
+ </tr> |
|
484 |
+ <tr> |
|
485 |
+ <th>--daemon</th><td class="opt">-d</td> |
|
486 | ||
487 |
+ </tr> |
|
488 |
+ <tr> |
|
489 |
+ <th>--pid=FILE</th><td class="opt">-p FILE</td> |
|
490 | ||
491 |
+ </tr> |
|
492 |
+ <tr> |
|
493 |
+ <th>--user=USER</th><td class="opt">-u USER</td> |
|
494 | ||
495 |
+ </tr> |
|
496 |
+ <tr> |
|
497 |
+ <th>--datadir=DIRECTORY</th><td class="opt"> </td> |
|
498 | ||
499 |
+ </tr> |
|
500 |
+ <tr> |
|
501 |
+ <th>--checks=#n</th><td class="opt">-c #n</td> |
|
502 | ||
503 |
+ </tr> |
|
504 |
+ <tr> |
|
505 |
+ <th>--daemon-notify[=/path/clamav.conf]</th><td class="opt"> </td> |
|
506 | ||
507 |
+ </tr> |
|
508 |
+ <tr> |
|
509 |
+ <th>--http-proxy=hostname[:port]</th><td class="opt"> </td> |
|
510 | ||
511 |
+ </tr> |
|
512 |
+ <tr> |
|
513 |
+ <th>--proxy-user=user:password</th><td class="opt"> </td> |
|
514 | ||
515 |
+ </tr> |
|
516 |
+ <tr> |
|
517 |
+ <th>--on-error-execute=COMMAND</th><td class="opt"> </td> |
|
518 | ||
519 |
+ </tr> |
|
520 |
+ <tr> |
|
521 |
+ <th>--on-update-execute=COMMAND</th><td class="opt"> </td> |
|
522 | ||
523 |
+ </tr> |
|
524 |
+ </table> |
|
525 |
+ </div> |
|
526 | ||
527 |
+ <ol> |
|
528 |
+ <li> |
|
529 | ||
530 |
+ <pre><code> |
|
531 |
+ # touch /var/log/clam-update.log |
|
532 |
+ # chmod 644 /var/log/clam-update.log |
|
533 |
+ # chown clamav /var/log/clam-update.log |
|
534 |
+ </code></pre> |
|
535 |
+ </li> |
|
536 |
+ <li> |
|
537 | ||
538 |
+ <pre><code>34 * * * * clamav /usr/local/bin/freshclam --quiet |
|
539 |
+ -l /var/log/clam-update.log</code></pre> |
|
540 |
+ </li> |
|
541 |
+ </ol> |
|
542 |
+ </div> |
|
543 | ||
544 |
+ <p> |
|
545 | ||
546 |
+ </p> |
|
547 |
+ </div> |
|
548 | ||
549 |
+ <p> |
|
550 | ||
551 |
+ </p> |
|
552 |
+ </div> |
|
553 |
+ |
|
554 | ||
555 |
+ <table> |
|
556 | ||
557 | ||
558 | ||
559 |
+ </table> |
|
560 |
+ </div> |
|
561 |
+ |
|
562 |
+ </div> |
|
563 |
+ |
|
564 |
+</div> |
|
565 |
+ |
|
566 | ||
567 |
+ |
|
568 |
+ <div class="section" id="c4.1"><h3>4.1. clamscan</h3> |
|
569 | ||
570 |
+ |
|
571 | ||
572 |
+ <ul> |
|
573 | ||
574 |
+ <table class="cmdoption"> |
|
575 |
+ <tr> |
|
576 |
+ <th>--help</th><td class="opt">-h</td> |
|
577 | ||
578 |
+ </tr> |
|
579 |
+ <tr> |
|
580 |
+ <th>--version</th><td class="opt">-V</td> |
|
581 | ||
582 |
+ </tr> |
|
583 |
+ <tr> |
|
584 |
+ <th>--verbose</th><td class="opt">-v</td> |
|
585 | ||
586 |
+ </tr> |
|
587 |
+ <tr> |
|
588 |
+ <th>--debug</th><td class="opt"> </td> |
|
589 | ||
590 |
+ </tr> |
|
591 |
+ <tr> |
|
592 |
+ <th>--quiet</th><td class="opt"> </td> |
|
593 | ||
594 |
+ </tr> |
|
595 |
+ <tr> |
|
596 |
+ <th>--stdout</th><td class="opt"> </td> |
|
597 | ||
598 |
+ </tr> |
|
599 |
+ <tr> |
|
600 |
+ <th>--log=FILE</th><td class="opt">-l FILE</td> |
|
601 | ||
602 |
+ </tr> |
|
603 |
+ <tr> |
|
604 |
+ <th>--log-verbose</th><td class="opt"> </td> |
|
605 | ||
606 |
+ </tr> |
|
607 |
+ <tr> |
|
608 |
+ <th>--disable-summary</th><td class="opt"> </td> |
|
609 | ||
610 |
+ </tr> |
|
611 |
+ <tr> |
|
612 |
+ <th>--infected</th><td class="opt">-i</td> |
|
613 | ||
614 |
+ </tr> |
|
615 |
+ <tr> |
|
616 |
+ <th>--bell</th><td class="opt"></td> |
|
617 | ||
618 |
+ </tr> |
|
619 |
+ </table> |
|
620 |
+ </li> |
|
621 | ||
622 |
+ <table class="cmdoption"> |
|
623 |
+ <tr> |
|
624 |
+ <th>--tempdir=DIRECTORY</td><td class="opt"> </td> |
|
625 | ||
626 |
+ </tr> |
|
627 |
+ <tr> |
|
628 |
+ <th>--database=FILE/DIR</td><td class="opt">-d FILE/DIR</td> |
|
629 | ||
630 |
+ </tr> |
|
631 |
+ <tr> |
|
632 |
+ <th>--recursive</td><td class="opt">-r</td> |
|
633 | ||
634 |
+ </tr> |
|
635 |
+ <tr> |
|
636 |
+ <th>--exclude=PATT</td><td class="opt"> </td> |
|
637 | ||
638 |
+ </tr> |
|
639 |
+ <tr> |
|
640 |
+ <th>--include=PATT</td><td class="opt"> </td> |
|
641 | ||
642 |
+ </tr> |
|
643 |
+ <tr> |
|
644 |
+ <th>--remove</td><td class="opt"> </td> |
|
645 | ||
646 |
+ </tr> |
|
647 |
+ <tr> |
|
648 |
+ <th>--move=DIRECTORY</td><td class="opt"> </td> |
|
649 | ||
650 |
+ </tr> |
|
651 |
+ <tr> |
|
652 |
+ <th>--force</td><td class="opt"> </td> |
|
653 | ||
654 |
+ </tr> |
|
655 |
+ </table> |
|
656 |
+ </li> |
|
657 | ||
658 |
+ <table class="cmdoption"> |
|
659 |
+ <tr> |
|
660 |
+ <th>--mbox</td><td class="opt">-m</td> |
|
661 | ||
662 |
+ </tr> |
|
663 |
+ <tr> |
|
664 |
+ <th>--no-ole2</td><td class="opt"> </td> |
|
665 | ||
666 |
+ </tr> |
|
667 |
+ <tr> |
|
668 |
+ <th>--no-archive</td><td class="opt"> </td> |
|
669 | ||
670 |
+ </tr> |
|
671 |
+ <tr> |
|
672 |
+ <th>--detect-encrypted</td><td class="opt"> </td> |
|
673 |
+ <td></td> |
|
674 |
+ </tr> |
|
675 |
+ <tr> |
|
676 |
+ <th>--max-files=#n</td><td class="opt"> </td> |
|
677 | ||
678 |
+ </tr> |
|
679 |
+ <tr> |
|
680 |
+ <th>--max-space=#n</td><td class="opt"> </td> |
|
681 | ||
682 |
+ </tr> |
|
683 |
+ <tr> |
|
684 |
+ <th>--max-recursion=#n</td><td class="opt"> </td> |
|
685 | ||
686 |
+ </tr> |
|
687 |
+ <tr> |
|
688 |
+ <th>--unzip=[FULLPATH]</td><td class="opt"> </td> |
|
689 | ||
690 |
+ </tr> |
|
691 |
+ <tr> |
|
692 |
+ <th>--unrar=[FULLPATH]</td><td class="opt"> </td> |
|
693 | ||
694 |
+ </tr> |
|
695 |
+ <tr> |
|
696 |
+ <th>--unace=[FULLPATH]</td><td class="opt"> </td> |
|
697 | ||
698 |
+ </tr> |
|
699 |
+ <tr> |
|
700 |
+ <th>--unarj=[FULLPATH]</td><td class="opt"> </td> |
|
701 | ||
702 |
+ </tr> |
|
703 |
+ <tr> |
|
704 |
+ <th>--unzoo=[FULLPATH]</td><td class="opt"> </td> |
|
705 | ||
706 |
+ </tr> |
|
707 |
+ <tr> |
|
708 |
+ <th>--lha=[FULLPATH]</td><td class="opt"> </td> |
|
709 | ||
710 |
+ </tr> |
|
711 |
+ <tr> |
|
712 |
+ <th>--jar=[FULLPATH]</td><td class="opt"> </td> |
|
713 | ||
714 |
+ </tr> |
|
715 |
+ <tr> |
|
716 |
+ <th>--deb=[FULLPATH]</td><td class="opt"> </td> |
|
717 | ||
718 |
+ </tr> |
|
719 |
+ <tr> |
|
720 |
+ <th>--tar=[FULLPATH]</td><td class="opt"> </td> |
|
721 | ||
722 |
+ </tr> |
|
723 |
+ <tr> |
|
724 |
+ <th>--tgz=[FULLPATH]</td><td class="opt"> </td> |
|
725 | ||
726 |
+ </tr> |
|
727 |
+ </table> |
|
728 | ||
729 |
+ </li> |
|
730 |
+ </ul> |
|
731 |
+ </div> |
|
732 |
+ |
|
733 | ||
734 |
+ <dl> |
|
90 | 735 |
<dt>$ clamscan <file></dt> |
91 | ||
736 | ||
92 | 737 |
<dt>$ cat <file> | clamscan -</dt> |
93 | ||
738 | ||
94 | 739 |
<dt>$ clamscan</dt> |
95 | ||
740 | ||
96 | 741 |
<dt>$ clamscan -r [<dir>]</dt> |
97 | ||
98 |
- </dl> |
|
742 | ||
743 |
+ <dt># clamscan -r --mbox /var/spool/mail</dt> |
|
744 | ||
745 |
+ <dt>$ clamscan -d /tmp/newclamdb --max-space=50m -r /tmp</dt> |
|
746 | ||
747 |
+ </dl> |
|
748 |
+ </div> |
|
99 | 749 |
|
100 | ||
750 | ||
751 | ||
752 |
+ <table> |
|
753 | ||
754 | ||
755 | ||
756 |
+ </table> |
|
757 |
+ </div> |
|
758 |
+ |
|
759 |
+ </div> |
|
760 |
+ |
|
761 |
+ <div class="section" id="c4.2"><h3>4.2. clamd</h3> |
|
762 |
+ |
|
763 |
+ <div class="section" id="c4.2.1"><h4>4.2.1. clamd</h4> |
|
764 |
+ <p> |
|
765 | ||
766 |
+ </p> |
|
767 |
+ <p> |
|
768 | ||
769 |
+ </p> |
|
770 |
+ <p> |
|
771 | ||
772 |
+ </p> |
|
773 |
+ </div> |
|
774 | ||
775 |
+ <p> |
|
776 | ||
777 |
+ </p> |
|
778 | ||
779 |
+ <table class="config"> |
|
780 | ||
781 |
+ <tr> |
|
782 |
+ <th>Example</th><td> </td> |
|
783 | ||
784 |
+ </tr> |
|
785 |
+ <tr> |
|
786 |
+ <th>Foreground</th><td> </td> |
|
787 | ||
788 |
+ </tr> |
|
789 |
+ <tr> |
|
790 |
+ <th>Debug</th><td> </td> |
|
791 | ||
792 |
+ </tr> |
|
793 |
+ <tr> |
|
794 |
+ <th>PidFile</th><td>PATH</td> |
|
795 | ||
796 |
+ </tr> |
|
797 |
+ <tr> |
|
798 |
+ <th>DatabaseDirectory</th><td>PATH</td> |
|
799 | ||
800 |
+ </tr> |
|
801 |
+ <tr> |
|
802 |
+ <th>SelfCheck</th><td>SECOND</td> |
|
803 | ||
804 |
+ </tr> |
|
805 |
+ <tr> |
|
806 |
+ <th>User</th><td>USERNAME</td> |
|
807 | ||
808 |
+ </tr> |
|
809 |
+ <tr> |
|
810 |
+ <th>AllowSupplementaryGroups</th><td> </td> |
|
811 | ||
812 |
+ </tr> |
|
813 |
+ <tr> |
|
814 |
+ <th>TemporaryDirectory</th><td>PATH</td> |
|
815 | ||
816 |
+ </tr> |
|
817 |
+ <tr> |
|
818 |
+ <th>FixStaleSocket</th><td> </td> |
|
819 | ||
820 |
+ </tr> |
|
821 |
+ <tr> |
|
822 |
+ <th>VirusEvent</th><td>COMMAND ...</td> |
|
823 | ||
824 |
+ </tr> |
|
825 |
+ </table> |
|
826 | ||
827 |
+ <table class="config"> |
|
828 | ||
829 |
+ <tr> |
|
830 |
+ <th>LocalSocket</th><td>PATH</td> |
|
831 | ||
832 |
+ </tr> |
|
833 |
+ <tr> |
|
834 |
+ <th>TCPAddr</th><td>IP</td> |
|
835 | ||
836 |
+ </tr> |
|
837 |
+ <tr> |
|
838 |
+ <th>TCPSocket</th><td>NUMBER</td> |
|
839 | ||
840 |
+ </tr> |
|
841 |
+ <tr> |
|
842 |
+ <th>MaxConnectionQueueLength</th><td>NUMBER</td> |
|
843 | ||
844 |
+ </tr> |
|
845 |
+ <tr> |
|
846 |
+ <th>MaxThreads</th><td>NUMBER</td> |
|
847 | ||
848 |
+ </tr> |
|
849 |
+ <tr> |
|
850 |
+ <th>ReadTimeout</th><td>NUMBER</td> |
|
851 | ||
852 |
+ </tr> |
|
853 |
+ <tr> |
|
854 |
+ <th>StreamSaveToDisk</th><td> </td> |
|
855 | ||
856 |
+ </tr> |
|
857 |
+ <tr> |
|
858 |
+ <th>StreamMaxLength</th><td>SIZE</td> |
|
859 | ||
860 |
+ </tr> |
|
861 |
+ <tr> |
|
862 |
+ <th>MaxDirectoryRecursion</th><td>NUMBER</td> |
|
863 | ||
864 |
+ </tr> |
|
865 |
+ <tr> |
|
866 |
+ <th>FollowDirectorySymlinks</th><td> </td> |
|
867 | ||
868 |
+ </tr> |
|
869 |
+ <tr> |
|
870 |
+ <th>FollowFileSymlinks</th><td> </td> |
|
871 | ||
872 |
+ </tr> |
|
873 |
+ </table> |
|
874 | ||
875 |
+ <table class="config"> |
|
876 | ||
877 |
+ <tr> |
|
878 |
+ <th>LogFile</th><td>PATH</td> |
|
879 | ||
880 |
+ </tr> |
|
881 |
+ <tr> |
|
882 |
+ <th>LogFileUnlock</th><td> </td> |
|
883 | ||
884 |
+ </tr> |
|
885 |
+ <tr> |
|
886 |
+ <th>LogFileMaxSize</th><td>SIZE</td> |
|
887 | ||
888 |
+ </tr> |
|
889 |
+ <tr> |
|
890 |
+ <th>LogTime</th><td> </td> |
|
891 | ||
892 |
+ </tr> |
|
893 |
+ <tr> |
|
894 |
+ <th>LogSyslog</th><td> </td> |
|
895 | ||
896 |
+ </tr> |
|
897 |
+ <tr> |
|
898 |
+ <th>LogVerbose</th><td> </td> |
|
899 | ||
900 |
+ </tr> |
|
901 |
+ </table> |
|
902 | ||
903 |
+ <table class="config"> |
|
904 | ||
905 |
+ <tr> |
|
906 |
+ <th>ScanOLE2</th><td> </td> |
|
907 | ||
908 |
+ </tr> |
|
909 |
+ <tr> |
|
910 |
+ <th>ScanMail</th><td> </td> |
|
911 | ||
912 |
+ </tr> |
|
913 |
+ <tr> |
|
914 |
+ <th>ScanArchive</th><td> </td> |
|
915 | ||
916 |
+ </tr> |
|
917 |
+ <tr> |
|
918 |
+ <th>ScanRAR</th><td> </td> |
|
919 | ||
920 |
+ </tr> |
|
921 |
+ <tr> |
|
922 |
+ <th>ArchiveBlockEncrypted</th><td> </td> |
|
923 | ||
924 |
+ </tr> |
|
925 |
+ <tr> |
|
926 |
+ <th>ArchiveMaxFileSize</th><td>SIZE</td> |
|
927 | ||
928 |
+ </tr> |
|
929 |
+ <tr> |
|
930 |
+ <th>ArchiveMaxRecursion</th><td>NUMBER</td> |
|
931 | ||
932 |
+ </tr> |
|
933 |
+ <tr> |
|
934 |
+ <th>ArchiveMaxFiles</th><td>NUMBER</td> |
|
935 | ||
936 |
+ </tr> |
|
937 |
+ <tr> |
|
938 |
+ <th>ArchiveMaxCompressionRatio</th><td>NUMBER</td> |
|
939 | ||
940 |
+ </tr> |
|
941 |
+ <tr> |
|
942 |
+ <th>ArchiveLimitMemoryUsage</th><td> </td> |
|
943 | ||
944 |
+ </tr> |
|
945 |
+ </table> |
|
946 | ||
947 |
+ <table class="config"> |
|
948 | ||
949 |
+ <tr> |
|
950 |
+ <th>ClamukoScanOnLine</th><td> </td> |
|
951 | ||
952 |
+ </tr> |
|
953 |
+ <tr> |
|
954 |
+ <th>ClamukoScanOnOpen</th><td> </td> |
|
955 | ||
956 |
+ </tr> |
|
957 |
+ <tr> |
|
958 |
+ <th>ClamukoScanOnClose</th><td> </td> |
|
959 | ||
960 |
+ </tr> |
|
961 |
+ <tr> |
|
962 |
+ <th>ClamukoScanOnExec</th><td> </td> |
|
963 | ||
964 |
+ </tr> |
|
965 |
+ <tr> |
|
966 |
+ <th>ClamukoIncludePath</th><td>PATH</td> |
|
967 | ||
968 |
+ </tr> |
|
969 |
+ <tr> |
|
970 |
+ <th>ClamukoExcludePath</th><td>PATH</td> |
|
971 | ||
972 |
+ </tr> |
|
973 |
+ <tr> |
|
974 |
+ <th>ClamukoMaxFileSize</th><td>SIZE</td> |
|
975 | ||
976 |
+ </tr> |
|
977 |
+ <tr> |
|
978 |
+ <th>ClamukoScanArchive</th><td> </td> |
|
979 | ||
980 |
+ </tr> |
|
981 |
+ </table> |
|
982 |
+ </div> |
|
983 |
+ |
|
984 | ||
985 |
+ <dl> |
|
986 |
+ <dt># clamd</dt> |
|
987 | ||
988 |
+ <dt># clamd -c /home/clamav/clamav.conf</dt> |
|
989 | ||
990 |
+ <dt># clamd --debug</dt> |
|
991 | ||
992 | ||
993 | ||
994 | ||
995 | ||
996 | ||
997 | ||
998 |
+ </dl> |
|
999 |
+ </div> |
|
1000 |
+ |
|
1001 | ||
1002 | ||
1003 |
+ <table> |
|
1004 |
+ <tr> |
|
1005 |
+ <th>PING</th> |
|
1006 | ||
1007 |
+ </tr> |
|
1008 |
+ <tr> |
|
1009 |
+ <th>VERSION</th> |
|
1010 | ||
1011 |
+ </tr> |
|
1012 |
+ <tr> |
|
1013 |
+ <th>RELOAD</th> |
|
1014 | ||
1015 |
+ </tr> |
|
1016 |
+ <tr> |
|
1017 |
+ <th>SHUTDOWN</th> |
|
1018 | ||
1019 |
+ </tr> |
|
1020 |
+ <tr> |
|
1021 |
+ <th>SCAN <PATH></th> |
|
1022 | ||
1023 |
+ </tr> |
|
1024 |
+ <tr> |
|
1025 |
+ <th>RAWSCAN <PATH></th> |
|
1026 | ||
1027 |
+ </tr> |
|
1028 |
+ <tr> |
|
1029 |
+ <th>CONTSCAN <PATH></th> |
|
1030 | ||
1031 |
+ </tr> |
|
1032 |
+ <tr> |
|
1033 |
+ <th>STREAM</th> |
|
1034 | ||
1035 |
+ </tr> |
|
1036 |
+ <tr> |
|
1037 |
+ <th>SESSION/END</th> |
|
1038 | ||
1039 |
+ </tr> |
|
1040 |
+ </table> |
|
1041 | ||
1042 | ||
1043 | ||
1044 |
+ <pre><code> |
|
1045 |
+$ telnet localhost 3310 |
|
1046 |
+Trying 127.0.0.1... |
|
1047 |
+Connected to localhost. |
|
1048 |
+Escape character is '^]'. |
|
1049 |
+PING |
|
1050 |
+PONG |
|
1051 |
+Connection closed by foreign host. |
|
1052 |
+ </code></pre> |
|
1053 |
+ </li> |
|
1054 | ||
1055 |
+ <pre><code> |
|
1056 |
+$ telnet localhost 3310 |
|
1057 |
+Trying 127.0.0.1... |
|
1058 |
+Connected to localhost. |
|
1059 |
+Escape character is '^]'. |
|
1060 |
+RELOAD |
|
1061 |
+RELOADING |
|
1062 |
+Connection closed by foreign host. |
|
1063 |
+ </code></pre> |
|
1064 |
+ </li> |
|
1065 | ||
1066 |
+ <pre><code> |
|
1067 |
+$ telnet localhost 3310 |
|
1068 |
+Trying 127.0.0.1... |
|
1069 |
+Connected to localhost. |
|
1070 |
+Escape character is '^]'. |
|
1071 |
+SCAN /tmp/virus |
|
1072 |
+/tmp/virus/bugbear.virus: W32.BugBear.A FOUND |
|
1073 |
+Connection closed by foreign host. |
|
1074 |
+ </code></pre> |
|
1075 |
+ </li> |
|
1076 | ||
1077 |
+ <pre><code> |
|
1078 |
+$ telnet localhost 3310 |
|
1079 |
+Trying 127.0.0.1... |
|
1080 |
+Connected to localhost. |
|
1081 |
+Escape character is '^]'. |
|
1082 |
+CONTSCAN /tmp/virus |
|
1083 |
+/tmp/virus/bugbear.virus: W32.BugBear.A FOUND |
|
1084 |
+/tmp/virus/klez.virus: Worm.Klez.H FOUND |
|
1085 |
+/tmp/virus/clamav.test: ClamAV-Test-Signature FOUND |
|
1086 |
+/tmp/virus/mydoom.virus: Worm.SCO.A FOUND |
|
1087 |
+/tmp/virus/netsky_q.virus: Worm.SomeFool.Q FOUND |
|
1088 |
+Connection closed by foreign host. |
|
1089 |
+ </code></pre> |
|
1090 |
+ </li></ul> |
|
1091 |
+ </div> |
|
1092 |
+ |
|
1093 |
+ <div class="section" id="c4.2.5"><h4>4.2.5. clamdscan</h4> |
|
1094 |
+ <p> |
|
1095 | ||
1096 |
+ </p> |
|
1097 |
+ <p> |
|
1098 | ||
1099 |
+ </p> |
|
1100 |
+ </div> |
|
1101 |
+ |
|
1102 | ||
1103 | ||
1104 |
+ <table class="cmdoption"> |
|
1105 |
+ <tr> |
|
1106 |
+ <th>--help</th><td class="opt">-h</td> |
|
1107 | ||
1108 |
+ </tr> |
|
1109 |
+ <tr> |
|
1110 |
+ <th>--version</th><td class="opt">-V</td> |
|
1111 | ||
1112 |
+ </tr> |
|
1113 |
+ <tr> |
|
1114 |
+ <th>--verbose</th><td class="opt">-v</td> |
|
1115 | ||
1116 |
+ </tr> |
|
1117 |
+ <tr> |
|
1118 |
+ <th>--quiet</th><td class="opt"> </td> |
|
1119 | ||
1120 |
+ </tr> |
|
1121 |
+ <tr> |
|
1122 |
+ <th>--stdout</th><td class="opt"> </td> |
|
1123 | ||
1124 |
+ </tr> |
|
1125 |
+ <tr> |
|
1126 |
+ <th>--log=FILE</th><td class="opt">-l FILE</td> |
|
1127 | ||
1128 |
+ </tr> |
|
1129 |
+ <tr> |
|
1130 |
+ <th>--log-verbose</th><td class="opt"> </td> |
|
1131 | ||
1132 |
+ </tr> |
|
1133 |
+ <tr> |
|
1134 |
+ <th>--disable-summary</th><td class="opt"> </td> |
|
1135 | ||
1136 |
+ </tr> |
|
1137 |
+ <tr> |
|
1138 |
+ <th>--config-file=FILE</th><td class="opt"> </td> |
|
1139 | ||
1140 |
+ </tr> |
|
1141 |
+ </table> |
|
1142 |
+ </div> |
|
1143 |
+ |
|
1144 | ||
1145 | ||
1146 |
+ <table> |
|
1147 | ||
1148 | ||
1149 | ||
1150 |
+ </table> |
|
1151 |
+ </div> |
|
1152 |
+ |
|
1153 |
+ </div> |
|
1154 |
+ |
|
1155 |
+ <div class="section" id="c4.3"><h3>4.3. Dazuko+Clamuko</h3> |
|
1156 |
+ |
|
1157 |
+ <div class="section" id="c4.3.1"><h4>4.3.1. Dazuko</h4> |
|
1158 |
+ <p> |
|
1159 | ||
1160 |
+ </p> |
|
1161 |
+ </div> |
|
1162 |
+ <div class="section" id="c4.3.2"><h4>4.3.2. Clamuko</h4> |
|
1163 |
+ <p> |
|
1164 | ||
1165 |
+ </p> |
|
1166 |
+ <p> |
|
1167 | ||
1168 |
+ </p> |
|
1169 |
+ <ul> |
|
1170 | ||
1171 |
+ <pre><code> |
|
1172 |
+ ClamukoIncludePath /home |
|
1173 |
+ </code></pre> |
|
1174 |
+ </li> |
|
1175 | ||
1176 |
+ <pre><code> |
|
1177 |
+ ClamukoIncludePath / |
|
1178 |
+ ClamukoExcludePath /proc |
|
1179 |
+ ClamukoExcludePath /tempdir/of/mail/scanner |
|
1180 |
+ </code></pre> |
|
1181 |
+ </li> |
|
1182 |
+ </ul> |
|
1183 |
+ </div> |
|
1184 |
+ |
|
1185 |
+ </div> |
|
1186 |
+ |
|
1187 |
+</div> |
|
1188 |
+ |
|
1189 | ||
101 | 1190 |
|
102 | 1191 |
<p> |
103 | ||
104 |
- </p> |
|
105 |
- <p> |
|
106 | ||
1192 | ||
107 | 1193 |
</p> |
108 | ||
109 |
- <dl> |
|
110 |
- <dt>--unzip[=/path/to/unzip]</dt> |
|
111 | ||
112 |
- <dt>--unrar[=/path/to/unrar]</dt> |
|
113 | ||
114 |
- <dt>--lha[=/path/to/lha]</dt> |
|
115 | ||
116 |
- <dt>--tar[=/path/to/tar]</dt> |
|
117 | ||
118 |
- <dt>--tgz[=/path/to/tar]</dt> |
|
119 | ||
120 |
- <dt>--jar[=/path/to/unzip]</dt> |
|
121 | ||
122 |
- <dt>--deb[=/path/to/ar]</dt> |
|
123 | ||
124 |
- </dl> |
|
1194 |
+ <div class="section" id="c5.1"><h3>5.1. MTA</h3> |
|
1195 |
+ |
|
1196 |
+ <div class="section" id="c5.1.1"><h4>5.1.1. AMaViS/amavisd</h4> |
|
1197 |
+ <p> |
|
1198 | ||
1199 |
+ </p> |
|
1200 |
+ </div> |
|
1201 |
+ |
|
1202 |
+ <div class="section" id="c5.1.2"><h4>5.1.2. AMaViS-ng</h4> |
|
1203 |
+ <p> |
|
1204 | ||
1205 |
+ </p> |
|
1206 |
+ <ol> |
|
1207 | ||
1208 |
+ <pre><code> |
|
1209 |
+ virus-scanner = CLAM |
|
1210 |
+ </code></pre> |
|
1211 |
+ </li> |
|
1212 | ||
1213 |
+ <pre><code> |
|
1214 |
+ [CLAM] |
|
1215 |
+ clamscan = /usr/local/bin/clamscan |
|
1216 |
+ </code></pre> |
|
1217 |
+ </li> |
|
1218 |
+ </ol> |
|
1219 |
+ </div> |
|
1220 |
+ |
|
1221 |
+ <div class="section" id="c5.1.3"><h4>5.1.3. amavisd-new</h4> |
|
1222 |
+ <p> |
|
1223 | ||
1224 |
+ </p> |
|
1225 |
+ </div> |
|
1226 |
+ |
|
1227 |
+ <div class="section" id="c5.1.4"><h4>5.1.4. MailScanner</h4> |
|
1228 |
+ <p> |
|
1229 | ||
1230 |
+ </p> |
|
1231 |
+ </div> |
|
125 | 1232 |
|
126 | ||
1233 |
+ <div class="section" id="c5.1.6"><h4>5.1.6. OpenProtect</h4> |
|
1234 |
+ </div> |
|
127 | 1235 |
|
128 | ||
1236 |
+ <div class="section" id="c5.1.7"><h4>5.1.7. clamav-milter</h4> |
|
1237 |
+ <p> |
|
1238 | ||
1239 |
+ </p> |
|
1240 |
+ <p> |
|
1241 | ||
1242 |
+ </p> |
|
1243 |
+ <pre><code> |
|
1244 |
+ $ ./configure --enable-milter |
|
1245 |
+ </code></pre> |
|
1246 |
+ <p> |
|
1247 | ||
1248 |
+ </p> |
|
1249 |
+ <pre><code> |
|
1250 | ||
1251 | ||
1252 |
+ </code></pre> |
|
1253 |
+ <p> |
|
1254 | ||
1255 |
+ </p> |
|
1256 |
+ <pre><code> |
|
1257 |
+ LocalSocket /var/run/clamd.sock |
|
1258 |
+ ScanMail |
|
1259 |
+ SaveStreamToDisk |
|
1260 |
+ </code></pre> |
|
1261 |
+ <p> |
|
1262 | ||
1263 |
+ </p> |
|
1264 |
+ <pre><code> |
|
1265 |
+ /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock |
|
1266 |
+ </code></pre> |
|
1267 |
+ <p> |
|
1268 | ||
1269 |
+ </p> |
|
1270 |
+ </div> |
|
1271 |
+ |
|
1272 |
+ <div class="section" id="c5.1.8"><h4>5.1.8. mimedefang</h4> |
|
1273 |
+ <p> |
|
1274 | ||
1275 |
+ </p> |
|
1276 |
+ </div> |
|
1277 |
+ |
|
1278 |
+ <div class="section" id="c5.1.9"><h4>5.1.9. IVS Milter</h4> |
|
1279 |
+ <p> |
|
1280 | ||
1281 |
+ </p> |
|
1282 |
+ </div> |
|
1283 |
+ |
|
1284 |
+ <div class="section" id="c5.1.10"><h4>5.1.10. smtp-vilter</h4> |
|
1285 |
+ <p> |
|
1286 | ||
1287 |
+ </p> |
|
1288 |
+ </div> |
|
1289 |
+ |
|
1290 |
+ <div class="section" id="c5.1.11"><h4>5.1.11. j-chkmail</h4> |
|
1291 |
+ </div> |
|
1292 |
+ |
|
1293 |
+ <div class="section" id="c5.1.12"><h4>5.1.12. nclamd,nclamav-milter</h4> |
|
1294 |
+ <p> |
|
1295 | ||
1296 |
+ </p> |
|
1297 |
+ </div> |
|
1298 |
+ |
|
1299 |
+ <div class="section" id="c5.1.13"><h4>5.1.13. qmail-scanner</h4> |
|
1300 |
+ <p> |
|
1301 | ||
1302 |
+ </p> |
|
1303 |
+ </div> |
|
1304 |
+ |
|
1305 |
+ <div class="section" id="c5.1.14"><h4>5.1.14. clamdmail</h4> |
|
1306 |
+ <p> |
|
1307 | ||
1308 |
+ </p> |
|
1309 |
+ </div> |
|
1310 |
+ |
|
1311 |
+ <div class="section" id="c5.1.15"><h4>5.1.15. qscanq</h4> |
|
1312 |
+ </div> |
|
1313 |
+ |
|
1314 |
+ <div class="section" id="c5.1.16"><h4>5.1.16. Gadoyanvirus</h4> |
|
1315 |
+ </div> |
|
1316 |
+ |
|
1317 |
+ <div class="section" id="c5.1.17"><h4>5.1.17. exiscan</h4> |
|
1318 |
+ <p> |
|
1319 | ||
1320 |
+ </p> |
|
1321 |
+ </div> |
|
1322 |
+ |
|
1323 |
+ <div class="section" id="c5.1.18"><h4>5.1.18. Scanexi</h4> |
|
1324 |
+ <p> |
|
1325 | ||
1326 |
+ </p> |
|
1327 |
+ </div> |
|
1328 |
+ |
|
1329 |
+ <div class="section" id="c5.1.19"><h4>5.1.19. sagator</h4> |
|
1330 |
+ <p> |
|
1331 | ||
1332 |
+ </p> |
|
1333 |
+ </div> |
|
1334 |
+ |
|
1335 |
+ <div class="section" id="c5.1.20"><h4>5.1.20. cgpav</h4> |
|
1336 |
+ </div> |
|
1337 |
+ |
|
1338 |
+ </div> |
|
1339 |
+ |
|
1340 | ||
129 | 1341 |
|
130 |
- <p> |
|
131 | ||
132 |
- </p> |
|
133 |
- <p> |
|
134 | ||
135 |
- </p> |
|
1342 |
+ <div class="section" id="c5.2.1"><h4>5.2.1. POP3 Virus Scanner Daemon</h4> |
|
1343 |
+ </div> |
|
1344 |
+ |
|
1345 |
+ <div class="section" id="c5.2.2"><h4>5.2.2. Sylpheed-Claws</h4> |
|
1346 |
+ <p> |
|
1347 | ||
1348 |
+ </p> |
|
1349 |
+ </div> |
|
1350 |
+ |
|
1351 |
+ <div class="section" id="c5.2.3"><h4>5.2.3. Mutt</h4> |
|
1352 |
+ <p> |
|
1353 | ||
1354 |
+ </p> |
|
1355 |
+ </div> |
|
1356 |
+ |
|
1357 |
+ </div> |
|
136 | 1358 |
|
137 |
- <h3>4.2 freshclam</h3> |
|
1359 | ||
1360 |
+ |
|
1361 |
+ <div class="section" id="c5.3.1"><h4>5.3.1. ClamAssassin</h4> |
|
1362 |
+ </div> |
|
138 | 1363 |
|
139 |
- <h3>4.3 oav-update</h3> |
|
1364 |
+ <div class="section" id="c5.3.2"><h4>5.3.2. TrashScan</h4> |
|
1365 |
+ <p> |
|
1366 | ||
1367 |
+ </p> |
|
1368 |
+ </div> |
|
140 | 1369 |
|
141 | ||
1370 |
+ <div class="section" id="c5.3.3"><h4>5.3.3. mailman-clamav</h4> |
|
1371 |
+ </div> |
|
142 | 1372 |
|
143 |
- <h3>5.1 AMaViS-perl</h3> |
|
1373 |
+ <div class="section" id="c5.3.4"><h4>5.3.4. mailgraph</h4> |
|
1374 |
+ </div> |
|
144 | 1375 |
|
145 |
- <p> |
|
146 | ||
147 |
- </p> |
|
148 |
- <p> |
|
149 | ||
150 |
- </p> |
|
1376 |
+ </div> |
|
151 | 1377 |
|
152 |
- <pre><code> |
|
153 |
- $ tar zxpvf amavis-perl-11.tar.gz |
|
154 |
- $ cp clam-0.23/support/amavis/clamavis.patch amavis-perl-11 |
|
155 |
- $ cd amavis-perl-11 |
|
156 |
- $ patch -p1 < clamavis.patch |
|
157 | ||
158 |
- </code></pre> |
|
1378 | ||
1379 |
+ |
|
1380 |
+ <div class="section" id="c5.4.1"><h4>5.4.1. sambaa-vscan</h4> |
|
1381 |
+ <p> |
|
1382 | ||
1383 |
+ </p> |
|
1384 |
+ </div> |
|
159 | 1385 |
|
160 |
- <p> |
|
161 | ||
162 |
- </p> |
|
1386 |
+ <div class="section" id="c5.4.2"><h4>5.4.2. mod_clamav</h4> |
|
1387 |
+ <p> |
|
1388 | ||
1389 |
+ </p> |
|
1390 |
+ </div> |
|
163 | 1391 |
|
164 |
- <h3>5.2 AMaViS-ng</h3> |
|
165 |
- |
|
166 |
- <p> |
|
167 | ||
168 |
- </p> |
|
1392 |
+ <div class="section" id="c5.4.3"><h4>5.4.3. PureFTPd</h4> |
|
1393 |
+ <p> |
|
1394 | ||
1395 |
+ </p> |
|
1396 |
+ </div> |
|
169 | 1397 |
|
170 |
- <p> |
|
171 | ||
172 |
- </p> |
|
1398 |
+ <div class="section" id="c5.4.4"><h4>5.4.4. Viralator</h4> |
|
1399 |
+ <p> |
|
1400 | ||
1401 |
+ </p> |
|
1402 |
+ </div> |
|
173 | 1403 |
|
174 |
- <pre><code> |
|
175 |
- virus-scanner = CLAM |
|
176 |
- </code></pre> |
|
1404 |
+ </div> |
|
1405 |
+ |
|
1406 |
+ <div class="section" id="c5.5"><h3>5.5. CD-ROM</h3> |
|
1407 |
+ |
|
1408 |
+ <div class="section" id="c5.5.1"><h4>5.5.1. INSERT</h4> |
|
1409 |
+ </div> |
|
177 | 1410 |
|
178 |
- <p> |
|
179 | ||
180 |
- </p> |
|
1411 |
+ <div class="section" id="c5.5.2"><h4>5.5.2. Local Area Security</h4> |
|
1412 |
+ </div> |
|
1413 |
+ |
|
1414 |
+ </div> |
|
1415 |
+ |
|
1416 | ||
181 | 1417 |
|
182 |
- <pre><code> |
|
183 |
-[CLAM] |
|
1418 |
+ <div class="section" id="c5.6.1"><h4>5.6.1. Mail::ClamAV</h4> |
|
1419 |
+ <p> |
|
1420 | ||
1421 |
+ </p> |
|
1422 |
+ </div> |
|
184 | 1423 |
|
185 |
-clamscan = /usr/local/bin/clamscan |
|
186 |
- </code></pre> |
|
1424 |
+ <div class="section" id="c5.6.2"><h4>5.6.2. clamavr</h4> |
|
1425 |
+ </div> |
|
187 | 1426 |
|
188 | ||
1427 |
+ <div class="section" id="c5.6.3"><h4>5.6.3. wbmclamav</h4> |
|
1428 |
+ </div> |
|
189 | 1429 |
|
190 | ||
1430 |
+ <div class="section" id="c5.6.4"><h4>5.6.4. Scan Log Analyzer</h4> |
|
1431 |
+ </div> |
|
191 | 1432 |
|
192 |
- <p> |
|
193 | ||
194 |
- </p> |
|
195 |
- <pre><code> |
|
196 |
- $ cat test/test1 |
|
197 |
- $CE<!-- -->liacmaTrESTuScikgsn$FREE-TEST-SIGNATURE$EEEEE$ |
|
198 |
- </code></pre> |
|
199 |
- <p> |
|
200 | ||
201 |
- </p> |
|
202 |
- <pre><code> |
|
203 |
- $ grep ClamAV-Test-Signature /usr/local/share/clamav/viruses.db |
|
204 |
- ClamAV-Test-Signature=2443456c6961636d615472455354755363696b67736e24465245452d544553542d5349474e4154555245244545454545240a |
|
205 |
- </code></pre> |
|
206 |
- <p> |
|
207 | ||
208 |
- </p> |
|
209 |
- <pre><code> |
|
210 |
- $ od -t x1 test1 |
|
211 |
- 0000000 24 43 45 6c 69 61 63 6d 61 54 72 45 53 54 75 53 |
|
212 |
- 0000020 63 69 6b 67 73 6e 24 46 52 45 45 2d 54 45 53 54 |
|
213 |
- 0000040 2d 53 49 47 4e 41 54 55 52 45 24 45 45 45 45 45 |
|
214 |
- 0000060 24 0a |
|
215 |
- 0000062 |
|
216 |
- </code></pre> |
|
217 |
- <p> |
|
218 | ||
219 |
- </p> |
|
1433 |
+ <div class="section" id="c5.6.5"><h4>5.6.5. ClamWin Antivirus</h4> |
|
1434 |
+ <p> |
|
1435 | ||
1436 |
+ </p> |
|
1437 |
+ </div> |
|
220 | 1438 |
|
221 | ||
1439 |
+ </div> |
|
1440 |
+ |
|
1441 |
+</div> |
|
222 | 1442 |
|
223 |
- <p> |
|
224 | ||
225 |
- </p> |
|
226 |
- <p> |
|
227 | ||
228 |
- </p> |
|
229 |
- <p> |
|
230 | ||
231 |
- </p> |
|
232 |
- <ul> |
|
233 | ||
234 | ||
235 | ||
236 | ||
237 |
- </ul> |
|
238 |
- <p> |
|
239 | ||
240 |
- </p> |
|
241 |
- <p> |
|
242 | ||
243 |
- </p> |
|
1443 | ||
244 | 1444 |
|
245 |
- <h3>6.3 sigtool</h3> |
|
1445 | ||
246 | 1446 |
|
247 |
- <p> |
|
248 | ||
249 |
- </p> |
|
250 |
- <p> |
|
251 | ||
252 |
- </p> |
|
253 |
- <p> |
|
254 | ||
255 |
- </p> |
|
256 |
- <ul> |
|
257 | ||
258 | ||
259 | ||
260 | ||
261 |
- </ul> |
|
262 |
- <p> |
|
263 | ||
264 |
- </p> |
|
265 |
- <p> |
|
266 | ||
267 |
- </p> |
|
268 |
- <pre><code> |
|
269 |
- $ sigtool -c "otherscan" -f virus.exe -s "infected" |
|
270 |
- </code></pre> |
|
271 |
- <p> |
|
272 | ||
273 |
- </p> |
|
1447 | ||
1448 |
+ <p> |
|
1449 | ||
1450 |
+ </p> |
|
1451 |
+ <p> |
|
1452 | ||
1453 |
+ </p> |
|
1454 |
+ <p> |
|
1455 | ||
1456 |
+ </p> |
|
1457 | ||
1458 |
+ <ol> |
|
1459 | ||
1460 | ||
1461 | ||
1462 | ||
1463 | ||
1464 | ||
1465 | ||
1466 | ||
1467 |
+ </ol> |
|
1468 | ||
1469 |
+ <pre><samp>ClamAV-VDB:15 Apr 2004 01-38 +0200:263:844:1:ed0bf80996eef5326e7830cb7 |
|
1470 |
+f394f13:FSW1coiymNODboGDmmeg5gNm6psCuAOCTsm4gXEqMP8k9H7H/QPfZvvvMPQTup |
|
1471 |
+0sf2LtrRImxkgYvR6ksiS/Zal8QdhiPS6LuHBBbjuzHYW+PLIwuG5Hzd0tj2p4mhiwv2Eb |
|
1472 |
+Q2agcPH6n5xekRLOIDb3qggf+6F9YwDw8JX6nj:ccordes |
|
1473 |
+ </samp></pre> |
|
1474 |
+ </div> |
|
274 | 1475 |
|
275 | ||
1476 | ||
1477 |
+ <p> |
|
1478 | ||
1479 |
+ </p> |
|
1480 |
+ <p> |
|
1481 | ||
1482 |
+ </p> |
|
1483 | ||
1484 |
+ <pre><code>ClamAV-Test-Signature=2443456c6961636d615472455354755363696b67736e2446 |
|
1485 |
+5245452d544553542d5349474e4154555245244545454545240a |
|
1486 |
+ </code></pre> |
|
1487 | ||
1488 |
+ <pre><code>0000000 24 43 45 6c 69 61 63 6d 61 54 72 45 53 54 75 53 |
|
1489 |
+0000020 63 69 6b 67 73 6e 24 46 52 45 45 2d 54 45 53 54 |
|
1490 |
+0000040 2d 53 49 47 4e 41 54 55 52 45 24 45 45 45 45 45 |
|
1491 |
+0000060 24 0a |
|
1492 |
+0000062 |
|
1493 |
+ </code></pre> |
|
1494 |
+ <p> |
|
1495 |
+ |
|
1496 |
+ </p> |
|
1497 |
+ </div> |
|
276 | 1498 |
|
277 |
- <p> |
|
278 | ||
279 |
- </p> |
|
1499 | ||
1500 |
+ <pre><code> VirusDB |
|
1501 | ||
1502 | ||
1503 |
+ | | + 'ClamAV-VDB' |
|
1504 | ||
1505 | ||
1506 | ||
1507 | ||
1508 | ||
1509 | ||
1510 | ||
1511 |
+ | | |
|
1512 | ||
1513 |
+ | + COPYING |
|
1514 |
+ | + viruses.db |
|
1515 |
+ | + VirusName=HexStrings |
|
1516 |
+ | |
|
1517 | ||
1518 | ||
1519 |
+ | | + 'ClamAV-VDB' |
|
1520 | ||
1521 | ||
1522 | ||
1523 | ||
1524 | ||
1525 | ||
1526 | ||
1527 |
+ | | |
|
1528 | ||
1529 |
+ | + COPYING |
|
1530 |
+ | + viruses.db2 |
|
1531 |
+ | + VirusName=HexStrings |
|
1532 |
+ | |
|
1533 | ||
1534 |
+ + VirusName=HexStrings |
|
1535 |
+ </code></pre> |
|
1536 |
+ </div> |
|
280 | 1537 |
|
281 | ||
1538 |
+ </div> |
|
282 | 1539 |
|
283 | ||
284 |
- <p> |
|
285 | ||
286 |
- </p> |
|
287 |
- <p> |
|
288 | ||
1540 |
+ <div class="section" id="c6.2"><h3>6.2. sigtool</h3> |
|
1541 |
+ |
|
1542 | ||
1543 |
+ |
|
1544 | ||
1545 |
+ |
|
1546 | ||
1547 |
+ <table class="cmdoption"> |
|
1548 |
+ <tr> |
|
1549 |
+ <th>--help</th><td class="opt">-h</td> |
|
1550 | ||
1551 |
+ </tr> |
|
1552 |
+ <tr> |
|
1553 |
+ <th>--version</th><td class="opt">-V</td> |
|
1554 | ||
1555 |
+ </tr> |
|
1556 |
+ <tr> |
|
1557 |
+ <th>--quiet</th><td class="opt"> </td> |
|
1558 | ||
1559 |
+ </tr> |
|
1560 |
+ <tr> |
|
1561 |
+ <th>--debug</th><td class="opt"> </td> |
|
1562 | ||
1563 |
+ </tr> |
|
1564 |
+ <tr> |
|
1565 |
+ <th>--stdout</th><td class="opt"> </td> |
|
1566 | ||
1567 |
+ </tr> |
|
1568 |
+ </table> |
|
1569 |
+ |
|
1570 | ||
1571 |
+ <table class="cmdoption"> |
|
1572 |
+ <tr> |
|
1573 |
+ <th>--hex-dump</th><td class="opt"> </td> |
|
1574 | ||
1575 |
+ </tr> |
|
1576 |
+ <tr> |
|
1577 |
+ <th>--command=COMMAND</th><td class="opt">-c COMMAND</td> |
|
1578 | ||
1579 |
+ </tr> |
|
1580 |
+ <tr> |
|
1581 |
+ <th>--string=STRING</th><td class="opt">-s STRING</td> |
|
1582 | ||
1583 |
+ </tr> |
|
1584 |
+ <tr> |
|
1585 |
+ <th>--file=FILE</th><td class="opt">-f FILE</td> |
|
1586 | ||
1587 |
+ </tr> |
|
1588 |
+ </table> |
|
1589 |
+ |
|
1590 |
+ <h5>VirusDB</h5> |
|
1591 |
+ <table class="cmdoption"> |
|
1592 |
+ <tr> |
|
1593 |
+ <th>--info=FILE</th><td class="opt">-i FILE</td> |
|
1594 | ||
1595 |
+ </tr> |
|
1596 |
+ <tr> |
|
1597 |
+ <th>--unpack=FILE</th><td class="opt">-u FILE</td> |
|
1598 | ||
1599 |
+ </tr> |
|
1600 |
+ <tr> |
|
1601 |
+ <th>--unpack-current=NAME</th><td class="opt"> </td> |
|
1602 | ||
1603 |
+ </tr> |
|
1604 |
+ <tr> |
|
1605 |
+ <th>--list-sigs[=FILE]</th><td class="opt">-l [FILE]</td> |
|
1606 | ||
1607 |
+ </tr> |
|
1608 |
+ <tr> |
|
1609 |
+ <th>--build=NAME</th><td class="opt">-b NAME</td> |
|
1610 | ||
1611 |
+ </tr> |
|
1612 |
+ <tr> |
|
1613 |
+ <th>--server=ADDR</th><td class="opt"> </td> |
|
1614 | ||
1615 |
+ </tr> |
|
1616 |
+ </table> |
|
1617 |
+ |
|
1618 |
+ </div> |
|
1619 |
+ |
|
1620 | ||
1621 |
+ <dl> |
|
1622 |
+ <dt>$ sigtool -i /usr/local/share/clamav/main.cvd</dt> |
|
1623 | ||
1624 |
+ <dt>$ sigtool -u /usr/local/share/clamav/main.cvd</dt> |
|
1625 | ||
1626 |
+ <dt>$ sigtool -l</dt> |
|
1627 | ||
1628 |
+ </dl> |
|
1629 |
+ </div> |
|
1630 |
+ |
|
1631 |
+ </div> |
|
1632 |
+ |
|
1633 | ||
1634 |
+ |
|
1635 | ||
1636 |
+ <p> |
|
1637 | ||
1638 |
+ </p> |
|
1639 |
+ <p> |
|
1640 | ||
1641 |
+ </p> |
|
1642 |
+ <ul> |
|
1643 | ||
1644 | ||
1645 | ||
1646 | ||
1647 |
+ </ul> |
|
1648 |
+ <p> |
|
1649 | ||
1650 |
+ </p> |
|
1651 |
+ <p> |
|
1652 | ||
1653 |
+ </p> |
|
1654 |
+ <pre><code> |
|
1655 |
+ $ sigtool -c "anotherscan" -f virus.exe -s "infected" |
|
1656 |
+ </code></pre> |
|
1657 |
+ <p> |
|
1658 | ||
1659 |
+ </p> |
|
1660 |
+ </div> |
|
1661 |
+ |
|
1662 | ||
1663 |
+ <p> |
|
1664 | ||
1665 |
+ </p> |
|
1666 |
+ <ul> |
|
1667 | ||
1668 | ||
1669 | ||
1670 | ||
1671 | ||
1672 |
+ </ul> |
|
1673 |
+ </div> |
|
1674 |
+ |
|
1675 | ||
1676 |
+ <p> |
|
1677 | ||
1678 |
+ </p> |
|
1679 |
+ </div> |
|
1680 |
+ |
|
1681 |
+ </div> |
|
1682 |
+ |
|
1683 | ||
1684 |
+ |
|
1685 | ||
1686 |
+ <p> |
|
1687 | ||
1688 |
+ </p> |
|
1689 |
+ </div> |
|
1690 |
+ |
|
1691 | ||
1692 |
+ <p> |
|
1693 | ||
1694 |
+ </p> |
|
1695 |
+ </div> |
|
1696 |
+ |
|
1697 | ||
1698 |
+ <p> |
|
1699 | ||
1700 |
+ </p> |
|
1701 |
+ <pre><code>00008d0: 191d 8cad 3dc1 135a 3182 5c6c 4233 9063 ....=..Z1.\lB3.c |
|
1702 |
+00008e0: beb7 2dad c336 9a54 417a 3d56 135e 1f62 ..-..6.TAz=V.^.b |
|
1703 |
+00008f0: 11da a9fb e100 eac3 c948 ade7 2089 75f9 .........H.. .u. |
|
1704 |
+0000900: 0d5a 8e31 2fd8 40be bc08 8ef3 a109 a526 .Z.1/.@........& |
|
1705 |
+0000910: 3949 1a80 d7d6 6c60 2662 0286 a03a 6fa0 9I....l`&b...:o. |
|
1706 |
+0000920: 3132 f9cb b767 9675 9020 ddd3 5d5e 9785 12...g.u. ..]^.. |
|
1707 |
+0000930: 6a29 e69e f3f0 5159 c664 0688 678c 9250 j)....QY.d..g..P |
|
1708 |
+0000940: aef5 62a0 05bf 0a70 1616 7e12 658d a4a7 ..b....p..~.e... |
|
1709 |
+0000950: 57be 4e03 6db0 4635 4b7d 6b8b 7452 bd4d W.N.m.F5K}k.tR.M |
|
1710 |
+0000960: df86 09a7 b92d a8a6 0814 d12f 3caa d02b .....-...../<..+ |
|
1711 |
+0000970: 3a7e 2b3d d1b6 a088 1c22 0d61 611b 7913 :~+=.....".aa.y. |
|
1712 |
+0000980: 674d 3612 3e05 f921 00c3 c011 de0c 4564 gM6.>..!......Ed |
|
1713 |
+0000990: 638e 39a6 325c 7849 4ea6 7a76 9a02 691a c.9.2\xIN.zv..i. |
|
1714 |
+00009a0: a62a 4c9a 4469 bca6 9096 9ae0 69fc e06c .*L.Di......i..l |
|
1715 |
+00009b0: e671 1616 3c5a c3b0 0557 80cb ebe9 f6e1 .q..<Z...W...... |
|
1716 |
+00009c0: cb06 e3ef e413 1b6c 2d11 0b11 0332 331d .......l-....23. |
|
1717 |
+00009d0: c12d 1309 0a30 9225 0061 3336 2438 333d .-...0.%.a36$83= |
|
1718 |
+00009e0: 0803 3c2b 3823 2737 7b06 4f02 222f 2078 ..<+8#'7{.O."/ x |
|
1719 |
+ </code></pre> |
|
1720 |
+ <p> |
|
1721 | ||
1722 |
+ </p> |
|
1723 |
+ <pre><code>6c6026620286a03a6fa03132f9cbb76796759020ddd35d5e97856a29e69ef3f05159c6 |
|
1724 |
+640688678c9250aef562a005bf0a7016167e12658da4a757be4e036db046354b7d6b8b |
|
1725 |
+7452bd4ddf8609a7b92da8a60814d12f3caad02b3a7e2b3dd1b6a0881c220d61611b79 |
|
1726 |
+13674d36123e05 |
|
1727 |
+ </code></pre> |
|
1728 |
+ <p> |
|
1729 | ||
1730 |
+ </p> |
|
1731 |
+ <pre><code> |
|
1732 |
+Worm.Netsky.Q@mm=6c6026620286a03a6fa03132f9cbb76796759020ddd35d5e97856 |
|
1733 |
+a29e69ef3f05159c6640688678c9250aef562a005bf0a7016167e12658da4a757be4e0 |
|
1734 |
+36db046354b7d6b8b7452bd4ddf8609a7b92da8a60814d12f3caad02b3a7e2b3dd1b6a |
|
1735 |
+0881c220d61611b7913674d36123e05 |
|
1736 |
+ </code></pre> |
|
1737 |
+ </div> |
|
1738 |
+ |
|
1739 | ||
1740 |
+ <p> |
|
1741 | ||
1742 |
+ </p> |
|
1743 |
+ <pre><code>$ clamscan -d /tmp/db/local.db netsky_q.virus |
|
1744 |
+netsky_q.virus: Worm.Netsky.Q@mm FOUND |
|
1745 |
+ |
|
1746 |
+----------- SCAN SUMMARY ----------- |
|
1747 |
+Known viruses: 1 |
|
1748 |
+Scanned directories: 0 |
|
1749 |
+Scanned files: 1 |
|
1750 |
+Infected files: 1 |
|
1751 |
+Data scanned: 0.02 MB |
|
1752 |
+I/O buffer size: 131072 bytes |
|
1753 |
+Time: 0.001 sec (0 m 0 s) |
|
1754 |
+ </code></pre> |
|
1755 |
+ <p> |
|
1756 | ||
1757 |
+ </p> |
|
1758 |
+ </div> |
|
1759 |
+ |
|
1760 | ||
1761 |
+ <p> |
|
1762 | ||
1763 |
+ </p> |
|
1764 |
+ <pre><code># cat /tmp/db/local.db >> /usr/local/share/clamav/local.db |
|
1765 |
+# kill -USR2 `cat /var/run/clamd.pid` |
|
1766 |
+ </code></pre> |
|
1767 |
+ <p> |
|
1768 | ||
1769 |
+ </p> |
|
1770 |
+ </div> |
|
1771 |
+ |
|
1772 |
+ </div> |
|
1773 |
+ |
|
1774 | ||
1775 |
+ |
|
1776 |
+ <div class="section" id="c7.1"><h3>7.1. libclamav</h3> |
|
1777 | ||
1778 |
+ </div> |
|
1779 | ||
1780 |
+ <p> |
|
1781 | ||
1782 |
+ </p> |
|
1783 |
+ </div> |
|
1784 |
+ |
|
1785 |
+ </div> |
|
1786 |
+ |
|
1787 |
+</div> |
|
1788 |
+ |
|
1789 | ||
1790 |
+ |
|
1791 |
+<ul> |
|
1792 | ||
1793 |
+ <li> |
|
1794 | ||
289 | 1795 | |
290 |
- </p> |
|
1796 |
+ </li> |
|
1797 |
+ <li> |
|
1798 | ||
1799 |
+ </li> |
|
1800 |
+ <li> |
|
1801 | ||
1802 |
+ <a href="http://homepage.mac.com/proc/clamav.html">http://homepage.mac.com/proc/clamav.html</a> |
|
1803 |
+ </li> |
|
291 | 1804 |
|
292 | ||
293 |
- <p> |
|
294 | ||
295 |
- </p> |
|
1805 |
+</ul> |
|
1806 |
+ |
|
1807 |
+</div> |
|
1808 |
+ |
|
1809 |
+<div class="chapter" id="c9"><h2>9. TODO</h2> |
|
1810 |
+ |
|
1811 |
+<ul> |
|
1812 | ||
1813 | ||
1814 | ||
1815 | ||
1816 | ||
1817 |
+</ul> |
|
1818 |
+ |
|
1819 |
+</div> |
|
296 | 1820 |
|
297 | 1821 |
<hr /> |
298 | 1822 |
|
299 |
-<p> |
|
300 | ||
301 |
-</p> |
|
1823 |
+<ul> |
|
1824 | ||
1825 | ||
1826 | ||
1827 |
+<li>Email: <a href="mailto:proc@mac.com">proc@mac.com</a></li> |
|
1828 |
+ |
|
1829 | ||
1830 |
+</ul> |
|
302 | 1831 |
|
303 | 1832 |
</body> |
304 | 1833 |
</html> |
1834 |
+ |
... | ... |
@@ -87,6 +87,9 @@ Extract first #n kilobytes from each archive. You may give the number in megabyt |
87 | 87 |
\fB\-\-max\-recursion=#n\fR |
88 | 88 |
Set archive recursion level limit. This option protects your system against DoS attacks (default: 5). |
89 | 89 |
.TP |
90 |
+\fB\-\-max\-ratio=#n\fR |
|
91 |
+Set maximum archive compression ratio limit. This option protects your system against DoS attacks (default: 200). |
|
92 |
+.TP |
|
90 | 93 |
\fB\-\-unzip[=FULLPATH]\fR |
91 | 94 |
In most cases you don't need this option \- the built\-in unarchiver will do extract Zip archives. This option however may be used as a backup for internal unpacker \- see the full documentation for more information. When enabled without an argument, unzip program will be searched in $PATH. If unzip cannot be found in $PATH, you must force it with =pathname. Remember about '=' between the option and an argument. |
92 | 95 |
.TP |
... | ... |
@@ -513,9 +513,9 @@ static void ole2_walk_property_tree(int fd, ole2_header_t *hdr, const char *dir, |
513 | 513 |
snprintf(dirname, strlen(dir)+8, "%s/%.6d", dir, prop_index); |
514 | 514 |
mkdir(dirname, 0700); |
515 | 515 |
cli_dbgmsg("OLE2 dir entry: %s\n",dirname); |
516 |
- ole2_walk_property_tree(fd, hdr, dirname, |
|
516 |
+ ole2_walk_property_tree(fd, hdr, dir, |
|
517 | 517 |
prop_block[index].prev, handler, rec_level+1, file_count); |
518 |
- ole2_walk_property_tree(fd, hdr, dirname, |
|
518 |
+ ole2_walk_property_tree(fd, hdr, dir, |
|
519 | 519 |
prop_block[index].next, handler, rec_level+1, file_count); |
520 | 520 |
ole2_walk_property_tree(fd, hdr, dirname, |
521 | 521 |
prop_block[index].child, handler, rec_level+1, file_count); |
... | ... |
@@ -719,11 +719,11 @@ int cli_ole2_extract(int fd, const char *dirname) |
719 | 719 |
|
720 | 720 |
/* NOTE: Select only ONE of the following two methods */ |
721 | 721 |
|
722 |
- ole2_read_property_tree(fd, &hdr, dirname, handler_writefile); |
|
722 |
+ /* ole2_read_property_tree(fd, &hdr, dirname, handler_writefile); */ |
|
723 | 723 |
|
724 | 724 |
/* OR */ |
725 | 725 |
|
726 |
- /* ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, 0); */ |
|
726 |
+ ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, 0); |
|
727 | 727 |
|
728 | 728 |
return 0; |
729 | 729 |
} |
... | ... |
@@ -79,18 +79,32 @@ static const struct cli_magic_s cli_magic[] = { |
79 | 79 |
{0, "Return-path: ", 13, "Maildir", CL_MAILFILE}, |
80 | 80 |
{0, "Delivered-To: ", 14, "Mail", CL_MAILFILE}, |
81 | 81 |
{0, "X-UIDL: ", 8, "Mail", CL_MAILFILE}, |
82 |
+ {0, ">From ", 6, "Mail", CL_MAILFILE}, |
|
83 |
+ {0, "Date: ", 6, "Mail", CL_MAILFILE}, |
|
84 |
+ {0, "Message-Id: ", 12, "Mail", CL_MAILFILE}, |
|
85 |
+ {0, "Message-ID: ", 12, "Mail", CL_MAILFILE}, |
|
86 |
+ {0, "X-Apparently-To: ", 17, "Mail", CL_MAILFILE}, |
|
82 | 87 |
{0, "For: ", 5, "Eserv mail", CL_MAILFILE}, |
83 | 88 |
{0, "From: ", 6, "Exim mail", CL_MAILFILE}, |
84 | 89 |
{0, "X-Symantec-", 11, "Symantec", CL_MAILFILE}, |
85 |
- {0, "X-Apparently-To: ", 17, "Mail", CL_MAILFILE}, |
|
86 |
- {0, "For: ", 5, "Eserv mail", CL_MAILFILE}, |
|
87 | 90 |
{0, "X-EVS", 5, "EVS mail", CL_MAILFILE}, |
88 |
- {0, ">From ", 6, "Symantec", CL_MAILFILE}, |
|
89 | 91 |
{0, "v:\015\012Received: ", 14, "VPOP3 Mail (DOS)", CL_MAILFILE}, |
90 | 92 |
{0, "v:\012Received: ", 13, "VPOP3 Mail (UNIX)", CL_MAILFILE}, |
91 | 93 |
{0, "Hi. This is the qmail-send", 26, "Qmail bounce", CL_MAILFILE}, |
92 | 94 |
{0, "\320\317\021\340\241\261\032\341", |
93 | 95 |
8, "OLE2 container", CL_OLE2FILE}, |
96 |
+ /* Ignored types */ |
|
97 |
+ |
|
98 |
+ {0, "\000\000\001\263", 4, "MPEG video stream", CL_DATAFILE}, |
|
99 |
+ {0, "\000\000\001\272", 4, "MPEG sys stream", CL_DATAFILE}, |
|
100 |
+ {0, "RIFF", 4, "RIFF file", CL_DATAFILE}, |
|
101 |
+ {0, "GIF87a", 6, "GIF (87a)", CL_DATAFILE}, |
|
102 |
+ {0, "GIF89a", 6, "GIF (89a)", CL_DATAFILE}, |
|
103 |
+ {0, "\x89PNG\r\n\x1a\n", 8, "PNG", CL_DATAFILE}, |
|
104 |
+ {0, "\377\330\377\340", 4, "JPEG", CL_DATAFILE}, |
|
105 |
+ {0, "\377\330\377\356", 4, "JPG", CL_DATAFILE}, |
|
106 |
+ {0, "OggS", 4, "Ogg Stream", CL_DATAFILE}, |
|
107 |
+ |
|
94 | 108 |
{-1, NULL, 0, NULL, CL_UNKNOWN_TYPE} |
95 | 109 |
}; |
96 | 110 |
|
... | ... |
@@ -352,19 +366,18 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
352 | 352 |
break; |
353 | 353 |
} |
354 | 354 |
|
355 |
- cli_dbgmsg("Zip -> %s, compressed: %d, normal: %d, encrypted flag: %d\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.d_flags); |
|
356 |
- |
|
357 |
- if(limits && limits->maxratio > 0 && source.st_size && (zdirent.st_size / source.st_size) >= limits->maxratio) { |
|
358 |
- *virname = "Oversized.Zip"; |
|
359 |
- ret = CL_VIRUS; |
|
360 |
- break; |
|
361 |
- } |
|
355 |
+ cli_dbgmsg("Zip -> %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 ); |
|
362 | 356 |
|
363 | 357 |
if(!zdirent.st_size) { /* omit directories and null files */ |
364 | 358 |
files++; |
365 | 359 |
continue; |
366 | 360 |
} |
367 | 361 |
|
362 |
+ if(limits && limits->maxratio > 0 && ((unsigned) zdirent.st_size / (unsigned) zdirent.d_csize) >= limits->maxratio) { |
|
363 |
+ files++; |
|
364 |
+ continue; |
|
365 |
+ } |
|
366 |
+ |
|
368 | 367 |
/* work-around for problematic zips (zziplib crashes with them) */ |
369 | 368 |
if(zdirent.d_csize < 0 || zdirent.st_size < 0) { |
370 | 369 |
files++; |
... | ... |
@@ -412,9 +425,8 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
412 | 412 |
break; |
413 | 413 |
} |
414 | 414 |
|
415 |
- |
|
416 | 415 |
while((bytes = zzip_file_read(zfp, buff, FILEBUFF)) > 0) { |
417 |
- if(fwrite(buff, bytes, 1, tmp)*bytes != bytes) { |
|
416 |
+ if(fwrite(buff, 1, bytes, tmp) != (size_t) bytes) { |
|
418 | 417 |
cli_dbgmsg("Zip -> Can't fwrite() file: %s\n", strerror(errno)); |
419 | 418 |
zzip_file_close(zfp); |
420 | 419 |
zzip_dir_close(zdir); |
... | ... |
@@ -624,89 +636,103 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const |
624 | 624 |
} |
625 | 625 |
#endif |
626 | 626 |
|
627 |
-static int cli_scanole2(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
627 |
+static int cli_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
628 | 628 |
{ |
629 |
- const char *tmpdir; |
|
630 |
- char *dir, *fullname; |
|
631 |
- unsigned char *data; |
|
632 |
- int ret = CL_CLEAN, fd, i, data_len; |
|
633 |
- vba_project_t *vba_project; |
|
634 |
- |
|
635 |
- cli_dbgmsg("in cli_scanole2()\n"); |
|
636 |
- |
|
637 |
- tmpdir = getenv("TMPDIR"); |
|
629 |
+ DIR *dd; |
|
630 |
+ struct dirent *dent; |
|
631 |
+ struct stat statbuf; |
|
632 |
+ char *fname; |
|
638 | 633 |
|
639 |
- if(tmpdir == NULL) |
|
640 |
-#ifdef P_tmpdir |
|
641 |
- tmpdir = P_tmpdir; |
|
642 |
-#else |
|
643 |
- tmpdir = "/tmp"; |
|
644 |
-#endif |
|
645 | 634 |
|
646 |
- /* generate the temporary directory */ |
|
647 |
- dir = cl_gentemp(tmpdir); |
|
648 |
- if(mkdir(dir, 0700)) { |
|
649 |
- cli_errmsg("ScanOLE2 -> Can't create temporary directory %s\n", dir); |
|
650 |
- return CL_ETMPDIR; |
|
651 |
- } |
|
635 |
+ if((dd = opendir(dirname)) != NULL) { |
|
636 |
+ while((dent = readdir(dd))) { |
|
637 |
+ if(dent->d_ino) { |
|
638 |
+ if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) { |
|
639 |
+ /* build the full name */ |
|
640 |
+ fname = cli_calloc(strlen(dirname) + strlen(dent->d_name) + 2, sizeof(char)); |
|
641 |
+ sprintf(fname, "%s/%s", dirname, dent->d_name); |
|
652 | 642 |
|
653 |
- if((ret = cli_ole2_extract(desc, dir))) { |
|
654 |
- cli_errmsg("ScanOLE2 -> %s\n", cl_strerror(ret)); |
|
655 |
- cli_rmdirs(dir); |
|
656 |
- free(dir); |
|
657 |
- return ret; |
|
658 |
- } |
|
643 |
+ /* stat the file */ |
|
644 |
+ if(lstat(fname, &statbuf) != -1) { |
|
645 |
+ if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) { |
|
646 |
+ if (cli_scandir(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) { |
|
647 |
+ free(fname); |
|
648 |
+ closedir(dd); |
|
649 |
+ return CL_VIRUS; |
|
650 |
+ } |
|
651 |
+ } else |
|
652 |
+ if(S_ISREG(statbuf.st_mode)) |
|
653 |
+ if(cli_scanfile(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) { |
|
654 |
+ free(fname); |
|
655 |
+ closedir(dd); |
|
656 |
+ return CL_VIRUS; |
|
657 |
+ } |
|
659 | 658 |
|
660 |
- if((vba_project = (vba_project_t *) vba56_dir_read(dir))) { |
|
661 |
- |
|
662 |
- for(i = 0; i < vba_project->count; i++) { |
|
663 |
- fullname = (char *) malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2); |
|
664 |
- sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]); |
|
665 |
- fd = open(fullname, O_RDONLY); |
|
666 |
- if(fd == -1) { |
|
667 |
- cli_errmsg("Scan->OLE2 -> Can't open file %s\n", fullname); |
|
668 |
- free(fullname); |
|
669 |
- ret = CL_EOPEN; |
|
670 |
- break; |
|
671 |
- } |
|
672 |
- free(fullname); |
|
673 |
- cli_dbgmsg("decompress VBA project '%s'\n", vba_project->name[i]); |
|
674 |
- data = (unsigned char *) vba_decompress(fd, vba_project->offset[i], &data_len); |
|
675 |
- close(fd); |
|
676 |
- |
|
677 |
- if(!data) { |
|
678 |
- cli_dbgmsg("WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]); |
|
679 |
- } else { |
|
680 |
- if(cl_scanbuff(data, data_len, virname, root) == CL_VIRUS) { |
|
681 |
- free(data); |
|
682 |
- ret = CL_VIRUS; |
|
683 |
- break; |
|
684 | 659 |
} |
685 |
- |
|
686 |
- free(data); |
|
660 |
+ free(fname); |
|
687 | 661 |
} |
688 | 662 |
} |
689 |
- |
|
690 |
- for(i = 0; i < vba_project->count; i++) |
|
691 |
- free(vba_project->name[i]); |
|
692 |
- free(vba_project->name); |
|
693 |
- free(vba_project->dir); |
|
694 |
- free(vba_project->offset); |
|
695 |
- free(vba_project); |
|
696 | 663 |
} |
664 |
+ } else { |
|
665 |
+ cli_errmsg("ScanDir -> Can't open directory %s.\n", dirname); |
|
666 |
+ return CL_EOPEN; |
|
667 |
+ } |
|
697 | 668 |
|
698 |
- |
|
699 |
- cli_rmdirs(dir); |
|
700 |
- free(dir); |
|
701 |
- return ret; |
|
669 |
+ closedir(dd); |
|
670 |
+ return 0; |
|
702 | 671 |
} |
703 |
-static int cli_scandir(char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
672 |
+ |
|
673 |
+static int cli_vba_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
704 | 674 |
{ |
675 |
+ int ret = CL_CLEAN, i, fd, data_len; |
|
676 |
+ vba_project_t *vba_project; |
|
705 | 677 |
DIR *dd; |
706 | 678 |
struct dirent *dent; |
707 | 679 |
struct stat statbuf; |
708 |
- char *fname; |
|
680 |
+ char *fname, *dir, *fullname; |
|
681 |
+ unsigned char *data; |
|
682 |
+ |
|
683 |
+ cli_dbgmsg("VBA scan dir: %s\n", dirname); |
|
684 |
+ if((vba_project = (vba_project_t *) vba56_dir_read(dirname))) { |
|
709 | 685 |
|
686 |
+ for(i = 0; i < vba_project->count; i++) { |
|
687 |
+ fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2); |
|
688 |
+ sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]); |
|
689 |
+ fd = open(fullname, O_RDONLY); |
|
690 |
+ if(fd == -1) { |
|
691 |
+ cli_errmsg("Scan->OLE2 -> Can't open file %s\n", fullname); |
|
692 |
+ free(fullname); |
|
693 |
+ ret = CL_EOPEN; |
|
694 |
+ break; |
|
695 |
+ } |
|
696 |
+ free(fullname); |
|
697 |
+ cli_dbgmsg("decompress VBA project '%s'\n", vba_project->name[i]); |
|
698 |
+ data = (unsigned char *) vba_decompress(fd, vba_project->offset[i], &data_len); |
|
699 |
+ close(fd); |
|
700 |
+ |
|
701 |
+ if(!data) { |
|
702 |
+ cli_dbgmsg("WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]); |
|
703 |
+ } else { |
|
704 |
+ if(cl_scanbuff(data, data_len, virname, root) == CL_VIRUS) { |
|
705 |
+ free(data); |
|
706 |
+ ret = CL_VIRUS; |
|
707 |
+ break; |
|
708 |
+ } |
|
709 |
+ |
|
710 |
+ free(data); |
|
711 |
+ } |
|
712 |
+ } |
|
713 |
+ |
|
714 |
+ for(i = 0; i < vba_project->count; i++) |
|
715 |
+ free(vba_project->name[i]); |
|
716 |
+ free(vba_project->name); |
|
717 |
+ free(vba_project->dir); |
|
718 |
+ free(vba_project->offset); |
|
719 |
+ free(vba_project); |
|
720 |
+ } |
|
721 |
+ |
|
722 |
+ if(ret != CL_CLEAN) |
|
723 |
+ return ret; |
|
710 | 724 |
|
711 | 725 |
if((dd = opendir(dirname)) != NULL) { |
712 | 726 |
while((dent = readdir(dd))) { |
... | ... |
@@ -719,15 +745,11 @@ static int cli_scandir(char *dirname, const char **virname, long int *scanned, c |
719 | 719 |
/* stat the file */ |
720 | 720 |
if(lstat(fname, &statbuf) != -1) { |
721 | 721 |
if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) |
722 |
- cli_scandir(fname, virname, scanned, root, limits, options, reclev); |
|
723 |
- else |
|
724 |
- if(S_ISREG(statbuf.st_mode)) |
|
725 |
- if(cli_scanfile(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) { |
|
726 |
- free(fname); |
|
727 |
- closedir(dd); |
|
728 |
- return CL_VIRUS; |
|
729 |
- } |
|
730 |
- |
|
722 |
+ if (cli_vba_scandir(fname, virname, scanned, root, limits, options, reclev) == CL_VIRUS) { |
|
723 |
+ ret = CL_VIRUS; |
|
724 |
+ free(fname); |
|
725 |
+ break; |
|
726 |
+ } |
|
731 | 727 |
} |
732 | 728 |
free(fname); |
733 | 729 |
} |
... | ... |
@@ -739,7 +761,51 @@ static int cli_scandir(char *dirname, const char **virname, long int *scanned, c |
739 | 739 |
} |
740 | 740 |
|
741 | 741 |
closedir(dd); |
742 |
- return 0; |
|
742 |
+ return ret; |
|
743 |
+} |
|
744 |
+ |
|
745 |
+static int cli_scanole2(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
|
746 |
+{ |
|
747 |
+ const char *tmpdir; |
|
748 |
+ char *dir, *fullname; |
|
749 |
+ unsigned char *data; |
|
750 |
+ int ret = CL_CLEAN, fd, i, data_len; |
|
751 |
+ vba_project_t *vba_project; |
|
752 |
+ |
|
753 |
+ cli_dbgmsg("in cli_scanole2()\n"); |
|
754 |
+ |
|
755 |
+ tmpdir = getenv("TMPDIR"); |
|
756 |
+ |
|
757 |
+ if(tmpdir == NULL) |
|
758 |
+#ifdef P_tmpdir |
|
759 |
+ tmpdir = P_tmpdir; |
|
760 |
+#else |
|
761 |
+ tmpdir = "/tmp"; |
|
762 |
+#endif |
|
763 |
+ |
|
764 |
+ /* generate the temporary directory */ |
|
765 |
+ dir = cl_gentemp(tmpdir); |
|
766 |
+ if(mkdir(dir, 0700)) { |
|
767 |
+ cli_errmsg("ScanOLE2 -> Can't create temporary directory %s\n", dir); |
|
768 |
+ return CL_ETMPDIR; |
|
769 |
+ } |
|
770 |
+ |
|
771 |
+ if((ret = cli_ole2_extract(desc, dir))) { |
|
772 |
+ cli_errmsg("ScanOLE2 -> %s\n", cl_strerror(ret)); |
|
773 |
+ cli_rmdirs(dir); |
|
774 |
+ free(dir); |
|
775 |
+ return ret; |
|
776 |
+ } |
|
777 |
+ |
|
778 |
+ if((ret = cli_vba_scandir(dir, virname, scanned, root, limits, options, reclev)) != CL_VIRUS) { |
|
779 |
+ if(cli_scandir(dir, virname, scanned, root, limits, options, reclev) == CL_VIRUS) { |
|
780 |
+ ret = CL_VIRUS; |
|
781 |
+ } |
|
782 |
+ } |
|
783 |
+ |
|
784 |
+ cli_rmdirs(dir); |
|
785 |
+ free(dir); |
|
786 |
+ return ret; |
|
743 | 787 |
} |
744 | 788 |
|
745 | 789 |
static int cli_scanmail(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
... | ... |
@@ -797,77 +863,74 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
797 | 797 |
return -1; |
798 | 798 |
} |
799 | 799 |
|
800 |
- |
|
801 |
- if(SCAN_ARCHIVE || SCAN_MAIL) { |
|
802 |
- /* Need to examine file type */ |
|
803 |
- |
|
804 |
- if(SCAN_ARCHIVE && limits && limits->maxreclevel) |
|
805 |
- if(*reclev > limits->maxreclevel) |
|
806 |
- /* return CL_EMAXREC; */ |
|
807 |
- return CL_CLEAN; |
|
808 |
- |
|
809 |
- (*reclev)++; |
|
800 |
+ if(SCAN_ARCHIVE && limits && limits->maxreclevel) |
|
801 |
+ if(*reclev > limits->maxreclevel) |
|
802 |
+ /* return CL_EMAXREC; */ |
|
803 |
+ return CL_CLEAN; |
|
810 | 804 |
|
811 | 805 |
|
812 |
- lseek(desc, 0, SEEK_SET); |
|
813 |
- bread = read(desc, magic, MAGIC_BUFFER_SIZE); |
|
814 |
- magic[MAGIC_BUFFER_SIZE] = '\0'; /* terminate magic string properly */ |
|
815 |
- lseek(desc, 0, SEEK_SET); |
|
806 |
+ (*reclev)++; |
|
807 |
+ lseek(desc, 0, SEEK_SET); |
|
808 |
+ bread = read(desc, magic, MAGIC_BUFFER_SIZE); |
|
809 |
+ magic[MAGIC_BUFFER_SIZE] = '\0'; |
|
810 |
+ lseek(desc, 0, SEEK_SET); |
|
816 | 811 |
|
812 |
+ if (bread != MAGIC_BUFFER_SIZE) { |
|
813 |
+ /* short read: No need to do magic */ |
|
814 |
+ (*reclev)--; |
|
815 |
+ return ret; |
|
816 |
+ } |
|
817 | 817 |
|
818 |
- if (bread != MAGIC_BUFFER_SIZE) { |
|
819 |
- /* short read: No need to do magic */ |
|
820 |
- (*reclev)--; |
|
821 |
- return ret; |
|
822 |
- } |
|
823 |
- |
|
824 |
- type = cli_filetype(magic, bread); |
|
818 |
+ type = cli_filetype(magic, bread); |
|
825 | 819 |
|
826 |
- switch(type) { |
|
827 |
- case CL_RARFILE: |
|
828 |
- if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse) { |
|
829 |
- ret = cli_scanrar(desc, virname, scanned, root, limits, options, reclev); |
|
830 |
- } |
|
831 |
- break; |
|
820 |
+ switch(type) { |
|
821 |
+ case CL_RARFILE: |
|
822 |
+ if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse) |
|
823 |
+ ret = cli_scanrar(desc, virname, scanned, root, limits, options, reclev); |
|
824 |
+ break; |
|
832 | 825 |
|
833 |
- case CL_ZIPFILE: |
|
834 |
- if(SCAN_ARCHIVE) { |
|
835 |
- ret = cli_scanzip(desc, virname, scanned, root, limits, options, reclev); |
|
836 |
- } |
|
837 |
- break; |
|
826 |
+ case CL_ZIPFILE: |
|
827 |
+ if(SCAN_ARCHIVE) |
|
828 |
+ ret = cli_scanzip(desc, virname, scanned, root, limits, options, reclev); |
|
829 |
+ break; |
|
838 | 830 |
|
839 |
- case CL_GZFILE: |
|
840 |
- if(SCAN_ARCHIVE) { |
|
841 |
- ret = cli_scangzip(desc, virname, scanned, root, limits, options, reclev); |
|
842 |
- } |
|
843 |
- break; |
|
831 |
+ case CL_GZFILE: |
|
832 |
+ if(SCAN_ARCHIVE) |
|
833 |
+ ret = cli_scangzip(desc, virname, scanned, root, limits, options, reclev); |
|
834 |
+ break; |
|
844 | 835 |
|
845 |
- case CL_BZFILE: |
|
836 |
+ case CL_BZFILE: |
|
846 | 837 |
#ifdef HAVE_BZLIB_H |
847 |
- if(SCAN_ARCHIVE) { |
|
848 |
- ret = cli_scanbzip(desc, virname, scanned, root, limits, options, reclev); |
|
849 |
- } |
|
838 |
+ if(SCAN_ARCHIVE) |
|
839 |
+ ret = cli_scanbzip(desc, virname, scanned, root, limits, options, reclev); |
|
850 | 840 |
#endif |
851 |
- break; |
|
841 |
+ break; |
|
852 | 842 |
|
853 |
- case CL_MAILFILE: |
|
854 |
- if (SCAN_MAIL) { |
|
855 |
- ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev); |
|
856 |
- } |
|
857 |
- break; |
|
843 |
+ case CL_MAILFILE: |
|
844 |
+ if(SCAN_MAIL) |
|
845 |
+ ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev); |
|
846 |
+ break; |
|
858 | 847 |
|
859 |
- case CL_OLE2FILE: |
|
860 |
- if(SCAN_OLE2) { |
|
861 |
- ret = cli_scanole2(desc, virname, scanned, root, limits, options, reclev); |
|
862 |
- } |
|
863 |
- case CL_UNKNOWN_TYPE: |
|
864 |
- break; |
|
865 |
- } |
|
848 |
+ case CL_OLE2FILE: |
|
849 |
+ if(SCAN_OLE2) |
|
850 |
+ ret = cli_scanole2(desc, virname, scanned, root, limits, options, reclev); |
|
851 |
+ break; |
|
866 | 852 |
|
867 |
- (*reclev)--; |
|
853 |
+ case CL_DATAFILE: |
|
854 |
+ /* it could be a false positive and a standard DOS .COM file */ |
|
855 |
+ { |
|
856 |
+ struct stat s; |
|
857 |
+ if(fstat(desc, &s) == 0 && S_ISREG(s.st_mode) && s.st_size < 65536) |
|
858 |
+ type = CL_UNKNOWN_TYPE; |
|
859 |
+ } |
|
860 |
+ |
|
861 |
+ case CL_UNKNOWN_TYPE: |
|
862 |
+ break; |
|
868 | 863 |
} |
869 | 864 |
|
870 |
- if(ret != CL_VIRUS) { /* scan the raw file */ |
|
865 |
+ (*reclev)--; |
|
866 |
+ |
|
867 |
+ if(type != CL_DATAFILE && ret != CL_VIRUS) { /* scan the raw file */ |
|
871 | 868 |
lseek(desc, 0, SEEK_SET); /* If archive scan didn't rewind desc */ |
872 | 869 |
if(cli_scandesc(desc, virname, scanned, root) == CL_VIRUS) { |
873 | 870 |
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc); |