... | ... |
@@ -624,6 +624,17 @@ int scanmanager(const struct optstruct *opts) |
624 | 624 |
return 2; |
625 | 625 |
} |
626 | 626 |
|
627 |
+ if(optget(opts, "yara-rules")->enabled) { |
|
628 |
+ char *p = optget(opts, "yara-rules")->strarg; |
|
629 |
+ if(strcmp(p, "yes")) { |
|
630 |
+ if(!strcmp(p, "only")) |
|
631 |
+ dboptions |= CL_DB_YARA_ONLY; |
|
632 |
+ else if (!strcmp(p, "no")) |
|
633 |
+ dboptions |= CL_DB_YARA_EXCLUDE; |
|
634 |
+ } |
|
635 |
+ |
|
636 |
+ } |
|
637 |
+ |
|
627 | 638 |
if(optget(opts, "phishing-sigs")->enabled) |
628 | 639 |
dboptions |= CL_DB_PHISHING; |
629 | 640 |
|
... | ... |
@@ -135,6 +135,8 @@ typedef enum { |
135 | 135 |
#define CL_DB_BYTECODE_STATS 0x20000 |
136 | 136 |
#define CL_DB_ENHANCED 0x40000 |
137 | 137 |
#define CL_DB_PCRE_STATS 0x80000 |
138 |
+#define CL_DB_YARA_EXCLUDE 0x100000 |
|
139 |
+#define CL_DB_YARA_ONLY 0x200000 |
|
138 | 140 |
|
139 | 141 |
/* recommended db settings */ |
140 | 142 |
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE) |
... | ... |
@@ -4262,6 +4262,14 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo |
4262 | 4262 |
else |
4263 | 4263 |
dbname = filename; |
4264 | 4264 |
|
4265 |
+#ifdef HAVE_YARA |
|
4266 |
+ if(options & CL_DB_YARA_ONLY) { |
|
4267 |
+ if(cli_strbcasestr(dbname, ".yar") || cli_strbcasestr(dbname, ".yara")) |
|
4268 |
+ ret = cli_loadyara(fs, engine, signo, options, dbio, filename); |
|
4269 |
+ else |
|
4270 |
+ skipped = 1; |
|
4271 |
+ } else |
|
4272 |
+#endif |
|
4265 | 4273 |
if(cli_strbcasestr(dbname, ".db")) { |
4266 | 4274 |
ret = cli_loaddb(fs, engine, signo, options, dbio, dbname); |
4267 | 4275 |
|
... | ... |
@@ -4360,7 +4368,10 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo |
4360 | 4360 |
ret = cli_loadopenioc(fs, dbname, engine, options); |
4361 | 4361 |
#ifdef HAVE_YARA |
4362 | 4362 |
} else if(cli_strbcasestr(dbname, ".yar") || cli_strbcasestr(dbname, ".yara")) { |
4363 |
- ret = cli_loadyara(fs, engine, signo, options, dbio, filename); |
|
4363 |
+ if(!(options & CL_DB_YARA_EXCLUDE)) |
|
4364 |
+ ret = cli_loadyara(fs, engine, signo, options, dbio, filename); |
|
4365 |
+ else |
|
4366 |
+ skipped = 1; |
|
4364 | 4367 |
#endif |
4365 | 4368 |
} else if(cli_strbcasestr(dbname, ".pwdb")) { |
4366 | 4369 |
ret = cli_loadpwdb(fs, engine, options, 0, dbio); |
... | ... |
@@ -218,6 +218,8 @@ const struct clam_option __clam_options[] = { |
218 | 218 |
|
219 | 219 |
{ "OfficialDatabaseOnly", "official-db-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no" }, |
220 | 220 |
|
221 |
+ { "YaraRules", "yara-rules", 0, CLOPT_TYPE_STRING, NULL, 0, NULL, 0, OPT_CLAMSCAN, "By default, yara rules will be loaded. This option allows you to exclude yara rules when scanning and also to scan only using yara rules. Valid options are yes|no|only", "yes"}, |
|
222 |
+ |
|
221 | 223 |
{ "LocalSocket", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" }, |
222 | 224 |
|
223 | 225 |
{ "LocalSocketGroup", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the group ownership on the unix socket.", "virusgroup" }, |