git-svn: trunk@3427
Tomasz Kojm authored on 2007/12/17 03:49:51... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sun Dec 16 19:09:36 CET 2007 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav/pe.c: support whitelisting of individual .mdb sigs |
|
4 |
+ |
|
1 | 5 |
Sat Dec 15 20:50:02 CET 2007 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* libclamav: - use B-M to handle .hdb and .fp databases |
... | ... |
@@ -804,9 +804,17 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
804 | 804 |
if(md5_sect->soff[j] == exe_sections[i].rsz) { |
805 | 805 |
unsigned char md5_dig[16]; |
806 | 806 |
if(cli_md5sect(desc, &exe_sections[i], md5_dig) && cli_bm_scanbuff(md5_dig, 16, ctx->virname, ctx->engine->md5_mdb, 0, 0, -1) == CL_VIRUS) { |
807 |
+ /* Since .mdb sigs are not fp-prone, to save |
|
808 |
+ * performance we don't call cli_checkfp() here, |
|
809 |
+ * just give the possibility of whitelisting |
|
810 |
+ * idividual .mdb entries via daily.fp |
|
811 |
+ */ |
|
812 |
+ if(cli_bm_scanbuff(md5_dig, 16, NULL, ctx->engine->md5_fp, 0, 0, -1) != CL_VIRUS) { |
|
813 |
+ |
|
807 | 814 |
free(section_hdr); |
808 | 815 |
free(exe_sections); |
809 | 816 |
return CL_VIRUS; |
817 |
+ } |
|
810 | 818 |
} |
811 | 819 |
break; |
812 | 820 |
} |