Browse code
support whitelisting of individual .mdb sigs
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Sun Dec 16 19:09:36 CET 2007 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/pe.c: support whitelisting of individual .mdb sigs |
|
| 4 |
+ |
|
| 1 | 5 |
Sat Dec 15 20:50:02 CET 2007 (tk) |
| 2 | 6 |
--------------------------------- |
| 3 | 7 |
* libclamav: - use B-M to handle .hdb and .fp databases |
| ... | ... |
@@ -804,9 +804,17 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
| 804 | 804 |
if(md5_sect->soff[j] == exe_sections[i].rsz) {
|
| 805 | 805 |
unsigned char md5_dig[16]; |
| 806 | 806 |
if(cli_md5sect(desc, &exe_sections[i], md5_dig) && cli_bm_scanbuff(md5_dig, 16, ctx->virname, ctx->engine->md5_mdb, 0, 0, -1) == CL_VIRUS) {
|
| 807 |
+ /* Since .mdb sigs are not fp-prone, to save |
|
| 808 |
+ * performance we don't call cli_checkfp() here, |
|
| 809 |
+ * just give the possibility of whitelisting |
|
| 810 |
+ * idividual .mdb entries via daily.fp |
|
| 811 |
+ */ |
|
| 812 |
+ if(cli_bm_scanbuff(md5_dig, 16, NULL, ctx->engine->md5_fp, 0, 0, -1) != CL_VIRUS) {
|
|
| 813 |
+ |
|
| 807 | 814 |
free(section_hdr); |
| 808 | 815 |
free(exe_sections); |
| 809 | 816 |
return CL_VIRUS; |
| 817 |
+ } |
|
| 810 | 818 |
} |
| 811 | 819 |
break; |
| 812 | 820 |
} |