... | ... |
@@ -575,7 +575,7 @@ fileblobAddData(fileblob *fb, const unsigned char *data, size_t len) |
575 | 575 |
fb->bytes_scanned += (unsigned long)len; |
576 | 576 |
|
577 | 577 |
if((len > 5) && cli_updatelimits(ctx, len)==CL_CLEAN && (cli_scanbuff(data, (unsigned int)len, 0, ctx->virname, ctx->engine, CL_TYPE_BINARY_DATA, NULL) == CL_VIRUS)) { |
578 |
- cli_dbgmsg("fileblobAddData: found %s\n", *ctx->virname); |
|
578 |
+ cli_dbgmsg("fileblobAddData: found %s\n", cli_get_last_virus_str(ctx->virname)); |
|
579 | 579 |
fb->isInfected = 1; |
580 | 580 |
} |
581 | 581 |
} |
... | ... |
@@ -138,23 +138,21 @@ static inline int matcher_run(const struct cli_matcher *root, |
138 | 138 |
if (ret == CL_VIRUS) { |
139 | 139 |
if (ctx) { |
140 | 140 |
cli_append_virus(ctx, *virname); |
141 |
-#if 1 |
|
142 | 141 |
if (SCAN_ALL) |
143 | 142 |
viruses_found++; |
144 | 143 |
else |
145 |
-#endif |
|
146 | 144 |
return ret; |
147 | 145 |
} |
148 | 146 |
} |
149 | 147 |
} |
150 | 148 |
PERF_LOG_TRIES(acmode, 0, length); |
151 | 149 |
ret = cli_ac_scanbuff(buffer, length, virname, NULL, acres, root, mdata, offset, ftype, ftoffset, acmode, NULL); |
152 |
-#if 1 |
|
150 |
+ |
|
153 | 151 |
if (ctx && ret == CL_VIRUS) |
154 | 152 |
cli_append_virus(ctx, *virname); |
155 | 153 |
if (ctx && SCAN_ALL && viruses_found) |
156 | 154 |
return CL_VIRUS; |
157 |
-#endif |
|
155 |
+ |
|
158 | 156 |
return ret; |
159 | 157 |
} |
160 | 158 |
|
... | ... |
@@ -190,8 +188,6 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, |
190 | 190 |
|
191 | 191 |
ret = matcher_run(troot, buffer, length, &virname, acdata ? (acdata[0]): (&mdata), offset, NULL, ftype, NULL, AC_SCAN_VIR, NULL, *ctx->fmap, NULL, NULL, ctx); |
192 | 192 |
|
193 |
- // if (virname) |
|
194 |
- // cli_append_virus(ctx, virname); |
|
195 | 193 |
if(!acdata) |
196 | 194 |
cli_ac_freedata(&mdata); |
197 | 195 |
|
... | ... |
@@ -206,8 +202,6 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, |
206 | 206 |
|
207 | 207 |
ret = matcher_run(groot, buffer, length, &virname, acdata ? (acdata[1]): (&mdata), offset, NULL, ftype, NULL, AC_SCAN_VIR, NULL, *ctx->fmap, NULL, NULL, ctx); |
208 | 208 |
|
209 |
- // if (virname) |
|
210 |
- // cli_append_virus(ctx, virname); |
|
211 | 209 |
if(!acdata) |
212 | 210 |
cli_ac_freedata(&mdata); |
213 | 211 |
|
... | ... |
@@ -492,7 +486,7 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx) |
492 | 492 |
for(i=0; i<SHA1_HASH_SIZE; i++) |
493 | 493 |
sprintf((char *)shash1+i*2, "%02x", shash1[SHA1_HASH_SIZE+i]); |
494 | 494 |
|
495 |
- cli_errmsg("COLLECT:%s:%s:%u:%s:%s\n", shash256, shash1, size, *ctx->virname, ctx->entry_filename); |
|
495 |
+ cli_errmsg("COLLECT:%s:%s:%u:%s:%s\n", shash256, shash1, size, cli_get_last_virus(ctx), ctx->entry_filename); |
|
496 | 496 |
} else |
497 | 497 |
cli_errmsg("can't compute sha\n!"); |
498 | 498 |
ctx->sha_collect = -1; |
... | ... |
@@ -803,7 +797,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
803 | 803 |
ret = matcher_run(troot, buff, bytes, &virname, &tdata, offset, &info, ftype, ftoffset, acmode, acres, map, bm_offmode ? &toff : NULL, &viroffset, ctx); |
804 | 804 |
|
805 | 805 |
if (virname) { |
806 |
- // cli_append_virus(ctx, virname); |
|
807 | 806 |
viruses_found++; |
808 | 807 |
} |
809 | 808 |
if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) { |
... | ... |
@@ -825,7 +818,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
825 | 825 |
ret = matcher_run(groot, buff, bytes, &virname, &gdata, offset, &info, ftype, ftoffset, acmode, acres, map, NULL, &viroffset, ctx); |
826 | 826 |
|
827 | 827 |
if (virname) { |
828 |
- // cli_append_virus(ctx, virname); |
|
829 | 828 |
viruses_found++; |
830 | 829 |
} |
831 | 830 |
if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) { |
... | ... |
@@ -866,8 +858,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
866 | 866 |
} |
867 | 867 |
|
868 | 868 |
if(!ftonly && hdb) { |
869 |
- enum CLI_HASH_TYPE hashtype; |
|
870 |
- unsigned int hvirs = 0, hfps = 0; |
|
869 |
+ enum CLI_HASH_TYPE hashtype, hashtype2; |
|
871 | 870 |
|
872 | 871 |
if(compute_hash[CLI_HASH_MD5]) |
873 | 872 |
cli_md5_final(digest[CLI_HASH_MD5], &md5ctx); |
... | ... |
@@ -880,23 +871,26 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
880 | 880 |
|
881 | 881 |
virname = NULL; |
882 | 882 |
for(hashtype = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype++) { |
883 |
- if(compute_hash[hashtype] && (ret = cli_hm_scan(digest[hashtype], map->len, &virname, hdb, hashtype)) == CL_VIRUS) { |
|
884 |
- |
|
885 |
- if(fp && cli_hm_scan(digest[hashtype], map->len, NULL, fp, hashtype) == CL_VIRUS) { |
|
886 |
- hfps++; |
|
887 |
- continue; |
|
883 |
+ if(compute_hash[hashtype] && |
|
884 |
+ (ret = cli_hm_scan(digest[hashtype], map->len, &virname, hdb, hashtype)) == CL_VIRUS) { |
|
885 |
+ if(fp) { |
|
886 |
+ for(hashtype2 = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype2++) { |
|
887 |
+ if(compute_hash[hashtype2] && |
|
888 |
+ cli_hm_scan(digest[hashtype2], map->len, NULL, fp, hashtype2) == CL_VIRUS) { |
|
889 |
+ ret = CL_CLEAN; |
|
890 |
+ break; |
|
891 |
+ } |
|
892 |
+ } |
|
893 |
+ } |
|
894 |
+ if (ret == CL_VIRUS) { |
|
895 |
+ viruses_found++; |
|
896 |
+ cli_append_virus(ctx, virname); |
|
897 |
+ if (!SCAN_ALL) |
|
898 |
+ break; |
|
888 | 899 |
} |
889 |
- hvirs++; |
|
890 |
- cli_append_virus(ctx, virname); |
|
891 | 900 |
virname = NULL; |
892 |
- if(!SCAN_ALL) |
|
893 |
- break; |
|
894 | 901 |
} |
895 | 902 |
} |
896 |
- if(hvirs > hfps) |
|
897 |
- ret = CL_VIRUS; |
|
898 |
- else |
|
899 |
- ret = CL_CLEAN; |
|
900 | 903 |
} |
901 | 904 |
|
902 | 905 |
if(troot) { |
... | ... |
@@ -545,15 +545,9 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
545 | 545 |
messageDestroy(body); |
546 | 546 |
} |
547 | 547 |
|
548 |
-#if 0 |
|
549 |
- if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted && (*ctx->virname == NULL)) { |
|
550 |
- *ctx->virname = "Heuristics.Phishing.Email"; |
|
551 |
-#else |
|
552 |
- /* TBD: Breaks unit_test/check1_clamscan.sh and check2_clamd.sh w/SCAN_ALL */ |
|
553 | 548 |
if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted && |
554 | 549 |
(*ctx->virname == NULL || SCAN_ALL)) { |
555 | 550 |
cli_append_virus(ctx, "Heuristics.Phishing.Email"); |
556 |
-#endif |
|
557 | 551 |
ctx->found_possibly_unwanted = 0; |
558 | 552 |
retcode = CL_VIRUS; |
559 | 553 |
} |
... | ... |
@@ -797,16 +797,24 @@ void cli_append_virus(cli_ctx * ctx, const char * virname) |
797 | 797 |
|
798 | 798 |
const char * cli_get_last_virus(const cli_ctx * ctx) |
799 | 799 |
{ |
800 |
- if (!ctx->virname) |
|
800 |
+ if (!ctx || !ctx->virname || !(*ctx->virname)) |
|
801 | 801 |
return NULL; |
802 | 802 |
|
803 |
- if (SCAN_ALL && ctx->num_viruses) { |
|
803 |
+ if (SCAN_ALL && ctx->num_viruses) |
|
804 | 804 |
return ctx->virname[ctx->num_viruses-1]; |
805 |
- } |
|
806 | 805 |
else |
807 | 806 |
return *ctx->virname; |
808 | 807 |
} |
809 | 808 |
|
809 |
+const char * cli_get_last_virus_str(const cli_ctx * ctx) |
|
810 |
+{ |
|
811 |
+ const char * ret; |
|
812 |
+ if ((ret = cli_get_last_virus(ctx))) |
|
813 |
+ return ret; |
|
814 |
+ return ""; |
|
815 |
+} |
|
816 |
+ |
|
817 |
+ |
|
810 | 818 |
|
811 | 819 |
#ifdef C_WINDOWS |
812 | 820 |
/* |
... | ... |
@@ -427,6 +427,7 @@ static inline void cli_writeint32(char *offset, uint32_t value) |
427 | 427 |
|
428 | 428 |
void cli_append_virus(cli_ctx *ctx, const char *virname); |
429 | 429 |
const char *cli_get_last_virus(const cli_ctx *ctx); |
430 |
+const char *cli_get_last_virus_str(const cli_ctx *ctx); |
|
430 | 431 |
|
431 | 432 |
/* used by: spin, yc (C) aCaB */ |
432 | 433 |
#define __SHIFTBITS(a) (sizeof(a)<<3) |
... | ... |
@@ -1675,7 +1675,7 @@ static int cli_scan_structured(cli_ctx *ctx) |
1675 | 1675 |
size_t pos = 0; |
1676 | 1676 |
int (*ccfunc)(const unsigned char *buffer, int length); |
1677 | 1677 |
int (*ssnfunc)(const unsigned char *buffer, int length); |
1678 |
- unsigned int viruses_found; |
|
1678 |
+ unsigned int viruses_found = 0; |
|
1679 | 1679 |
|
1680 | 1680 |
if(ctx == NULL) |
1681 | 1681 |
return CL_ENULLARG; |
... | ... |
@@ -2202,7 +2202,7 @@ static void emax_reached(cli_ctx *ctx) { |
2202 | 2202 |
cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", retcode, __AT__); \ |
2203 | 2203 |
if(ctx->engine->cb_post_scan) { \ |
2204 | 2204 |
perf_start(ctx, PERFT_POSTCB); \ |
2205 |
- switch(ctx->engine->cb_post_scan(fmap_fd(*ctx->fmap), retcode, ret == CL_VIRUS ? cli_get_last_virus(ctx) : NULL, ctx->cb_ctx)) { \ |
|
2205 |
+ switch(ctx->engine->cb_post_scan(fmap_fd(*ctx->fmap), retcode, retcode == CL_VIRUS ? cli_get_last_virus(ctx) : NULL, ctx->cb_ctx)) { \ |
|
2206 | 2206 |
case CL_BREAK: \ |
2207 | 2207 |
cli_dbgmsg("cli_magic_scandesc: file whitelisted by post_scan callback\n"); \ |
2208 | 2208 |
perf_stop(ctx, PERFT_POSTCB); \ |