@@ -1,3 +1,7 @@

+Tue Jan  9 21:04:03 CET 2007 (tk)

+---------------------------------

+  * libclamav: dynamic configuration support

+

 Mon Jan  8 22:41:21 CET 2007 (tk)

 ---------------------------------

   * libclamav/pe.h: add missing cltypes.h

@@ -158,6 +158,8 @@ libclamav_la_SOURCES = \

 	entitylist.h \

 	encoding_aliases.h \

 	hashtab.c \

-	hashtab.h

+	hashtab.h \

+	dconf.c \

+	dconf.h

 lib_LTLIBRARIES = libclamav.la

@@ -88,7 +88,7 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher-ncore.lo \

 	unrarppm.lo unrar20.lo unrarcmd.lo pdf.lo spin.lo yc.lo elf.lo \

 	sis.lo uuencode.lo pst.lo phishcheck.lo \

 	phish_domaincheck_db.lo phish_whitelist.lo regex_list.lo \

-	sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo

+	sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

 depcomp = $(SHELL) $(top_srcdir)/depcomp

@@ -370,7 +370,9 @@ libclamav_la_SOURCES = \

 	entitylist.h \

 	encoding_aliases.h \

 	hashtab.c \

-	hashtab.h

+	hashtab.h \

+	dconf.c \

+	dconf.h

 lib_LTLIBRARIES = libclamav.la

 all: all-am

@@ -447,6 +449,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cab.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chmunpack.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cvd.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dconf.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsig.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/elf.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/entconv.Plo@am__quote@

@@ -186,6 +186,9 @@ struct cl_engine {

     void *whitelist_matcher;

     void *domainlist_matcher;

     void *phishcheck;

+

+    /* Dynamic configuration */

+    void *dconf;

 };

 struct cl_limits {

new file mode 100644

@@ -0,0 +1,316 @@

+/*

+ *  Copyright (C) 2007 Tomasz Kojm <tkojm@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdio.h>

+#include <string.h>

+#include <stdlib.h>

+#include <ctype.h>

+

+#include "clamav.h"

+#include "cltypes.h"

+#include "dconf.h"

+#include "readdb.h"

+#include "str.h"

+#include "others.h"

+

+struct dconf_module {

+    const char	*mname;	    /* module name */

+    const char	*sname;	    /* submodule name */

+    uint32_t	bflag;	    /* bit flag */

+    uint8_t	state;	    /* default state (on/off) */

+};

+

+static struct dconf_module modules[] = {

+

+    { "PE",	    "PARITE",	    PE_CONF_PARITE,	    1 },

+    { "PE",	    "KRIZ",	    PE_CONF_KRIZ,	    1 },

+    { "PE",	    "MAGISTR",	    PE_CONF_MAGISTR,	    1 },

+    { "PE",	    "POLIPOS",	    PE_CONF_POLIPOS,	    1 },

+    { "PE",	    "MD5SECT",	    PE_CONF_MD5SECT,	    1 },

+    { "PE",	    "UPX",	    PE_CONF_UPX,	    1 },

+    { "PE",	    "FSG",	    PE_CONF_FSG,	    1 },

+    { "PE",	    "SUE",	    PE_CONF_SUE,	    0 },

+    { "PE",	    "PETITE",	    PE_CONF_PETITE,	    1 },

+    { "PE",	    "PESPIN",	    PE_CONF_PESPIN,	    1 },

+    { "PE",	    "YC",	    PE_CONF_YC,		    1 },

+    { "PE",	    "WWPACK",	    PE_CONF_WWPACK,	    1 },

+    { "PE",	    "NSPACK",	    PE_CONF_NSPACK,	    0 },

+

+    { "ELF",	    NULL,	    0x1,		    1 },

+

+    { "ARCHIVE",    "RAR",	    ARCH_CONF_RAR,	    1 },

+    { "ARCHIVE",    "ZIP",	    ARCH_CONF_ZIP,	    1 },

+    { "ARCHIVE",    "GZIP",	    ARCH_CONF_GZ,	    1 },

+    { "ARCHIVE",    "BZIP",	    ARCH_CONF_BZ,	    1 },

+    { "ARCHIVE",    "SZDD",	    ARCH_CONF_SZDD,	    1 },

+    { "ARCHIVE",    "CAB",	    ARCH_CONF_CAB,	    1 },

+    { "ARCHIVE",    "CHM",	    ARCH_CONF_CHM,	    1 },

+    { "ARCHIVE",    "OLE2",	    ARCH_CONF_OLE2,	    1 },

+    { "ARCHIVE",    "TAR",	    ARCH_CONF_TAR,	    1 },

+    { "ARCHIVE",    "BINHEX",	    ARCH_CONF_BINHEX,	    1 },

+    { "ARCHIVE",    "SIS",	    ARCH_CONF_SIS,	    1 },

+

+    { "DOCUMENT",   "HTML",	    DOC_CONF_HTML,	    1 },

+    { "DOCUMENT",   "RTF",	    DOC_CONF_RTF,	    1 },

+    { "DOCUMENT",   "PDF",	    DOC_CONF_PDF,	    1 },

+

+    { "MAIL",	    "MBOX",	    MAIL_CONF_MBOX,	    1 },

+    { "MAIL",	    "TNEF",	    MAIL_CONF_TNEF,	    1 },

+    { "MAIL",	    "PST",	    MAIL_CONF_PST,	    1 },

+

+    { "OTHER",	    "UUENCODED",    OTHER_CONF_UUENC,	    1 },

+    { "OTHER",	    "SCRENC",	    OTHER_CONF_SCRENC,	    1 },

+    { "OTHER",	    "RIFF",	    OTHER_CONF_RIFF,	    1 },

+    { "OTHER",	    "JPEG",	    OTHER_CONF_JPEG,	    1 },

+    { "OTHER",	    "CRYPTFF",	    OTHER_CONF_CRYPTFF,	    1 },

+

+    { NULL,	    NULL,	    0,			    0 }

+};

+

+struct cli_dconf *cli_dconf_init(void)

+{

+	unsigned int i;

+	struct cli_dconf *dconf;

+

+

+    dconf = (struct cli_dconf *) cli_calloc(sizeof(struct cli_dconf), 1);

+    if(!dconf)

+	return NULL;

+

+    for(i = 0; modules[i].mname; i++) {

+	if(!strcmp(modules[i].mname, "PE")) {

+	    if(modules[i].state)

+		dconf->pe |= modules[i].bflag;

+

+	} else if(!strcmp(modules[i].mname, "ELF")) {

+	    if(modules[i].state)

+		dconf->elf |= modules[i].bflag;

+

+	} else if(!strcmp(modules[i].mname, "ARCHIVE")) {

+	    if(modules[i].state)

+		dconf->archive |= modules[i].bflag;

+

+	} else if(!strcmp(modules[i].mname, "DOCUMENT")) {

+	    if(modules[i].state)

+		dconf->doc |= modules[i].bflag;

+

+	} else if(!strcmp(modules[i].mname, "MAIL")) {

+	    if(modules[i].state)

+		dconf->mail |= modules[i].bflag;

+

+	} else if(!strcmp(modules[i].mname, "OTHER")) {

+	    if(modules[i].state)

+		dconf->other |= modules[i].bflag;

+	}

+    }

+

+    return dconf;

+}

+

+void cli_dconf_print(struct cli_dconf *dconf)

+{

+	uint8_t pe = 0, elf = 0, arch = 0, doc = 0, mail = 0, other = 0;

+	unsigned int i;

+

+

+    cli_dbgmsg("Dynamic engine configuration settings:\n");

+    cli_dbgmsg("--------------------------------------\n");

+

+    for(i = 0; modules[i].mname; i++) {

+	if(!strcmp(modules[i].mname, "PE")) {

+	    if(!pe) {

+		cli_dbgmsg("Module PE: %s\n", dconf->pe ? "On" : "Off");

+		pe = 1;

+	    }

+	    if(dconf->pe)

+		cli_dbgmsg("   * Submodule %10s:\t%s\n", modules[i].sname, (dconf->pe & modules[i].bflag) ? "On" : "** Off **");

+	    else

+		continue;

+

+	} else if(!strcmp(modules[i].mname, "ELF")) {

+	    if(!elf) {

+		cli_dbgmsg("Module ELF: %s\n", dconf->elf ? "On" : "Off");

+		elf = 1;

+	    }

+

+	} else if(!strcmp(modules[i].mname, "ARCHIVE")) {

+	    if(!arch) {

+		cli_dbgmsg("Module ARCHIVE: %s\n", dconf->archive ? "On" : "Off");

+		arch = 1;

+	    }

+	    if(dconf->archive)

+		cli_dbgmsg("   * Submodule %10s:\t%s\n", modules[i].sname, (dconf->archive & modules[i].bflag) ? "On" : "** Off **");

+	    else

+		continue;

+

+	} else if(!strcmp(modules[i].mname, "DOCUMENT")) {

+	    if(!doc) {

+		cli_dbgmsg("Module DOCUMENT: %s\n", dconf->doc ? "On" : "Off");

+		doc = 1;

+	    }

+	    if(dconf->doc)

+		cli_dbgmsg("   * Submodule %10s:\t%s\n", modules[i].sname, (dconf->doc & modules[i].bflag) ? "On" : "** Off **");

+	    else

+		continue;

+

+	} else if(!strcmp(modules[i].mname, "MAIL")) {

+	    if(!mail) {

+		cli_dbgmsg("Module MAIL: %s\n", dconf->mail ? "On" : "Off");

+		mail = 1;

+	    }

+	    if(dconf->mail)

+		cli_dbgmsg("   * Submodule %10s:\t%s\n", modules[i].sname, (dconf->mail & modules[i].bflag) ? "On" : "** Off **");

+	    else

+		continue;

+

+	} else if(!strcmp(modules[i].mname, "OTHER")) {

+	    if(!other) {

+		cli_dbgmsg("Module OTHER: %s\n", dconf->other ? "On" : "Off");

+		other = 1;

+	    }

+	    if(dconf->other)

+		cli_dbgmsg("   * Submodule %10s:\t%s\n", modules[i].sname, (dconf->other & modules[i].bflag) ? "On" : "** Off **");

+	    else

+		continue;

+	}

+    }

+}

+

+static int chkflevel(const char *entry, int field)

+{

+	char *pt;

+

+

+    if((pt = cli_strtok(entry, field, ":"))) { /* min version */

+	if(!isdigit(*pt)) {

+	    free(pt);

+	    return 0;

+	}

+

+	if((unsigned int) atoi(pt) > cl_retflevel()) {

+	    free(pt);

+	    return 0;

+	}

+

+	free(pt);

+

+	if((pt = cli_strtok(entry, field + 1, ":"))) { /* max version */

+	    if(!isdigit(*pt)) {

+		free(pt);

+		return 0;

+	    }

+

+	    if((unsigned int) atoi(pt) < cl_retflevel()) {

+		free(pt);

+		return 0;

+	    }

+

+	    free(pt);

+	}

+    }

+

+    return 1;

+}

+

+int cli_dconf_load(FILE *fd, struct cl_engine **engine, unsigned int options)

+{

+	char buffer[FILEBUFF];

+	unsigned int line = 0;

+	int ret = 0;

+	struct cli_dconf *dconf;

+	uint32_t val;

+

+

+    if((ret = cli_initengine(engine, options))) {

+	cl_free(*engine);

+	return ret;

+    }

+

+    dconf = (struct cli_dconf *) (*engine)->dconf;

+

+    while(fgets(buffer, FILEBUFF, fd)) {

+	line++;

+	cli_chomp(buffer);

+

+	if(!strncmp(buffer, "PE:", 3) && chkflevel(buffer, 2)) {

+	    if(sscanf(buffer + 3, "0x%x", &val) == 1) {

+		dconf->pe = val;

+	    } else {

+		ret = CL_EMALFDB;

+		break;

+	    }

+	}

+

+	if(!strncmp(buffer, "ELF:", 4) && chkflevel(buffer, 2)) {

+	    if(sscanf(buffer + 4, "0x%x", &val) == 1) {

+		dconf->elf = val;

+	    } else {

+		ret = CL_EMALFDB;

+		break;

+	    }

+	}

+

+	if(!strncmp(buffer, "ARCHIVE:", 8) && chkflevel(buffer, 2)) {

+	    if(sscanf(buffer + 8, "0x%x", &val) == 1) {

+		dconf->archive = val;

+	    } else {

+		ret = CL_EMALFDB;

+		break;

+	    }

+	}

+

+	if(!strncmp(buffer, "DOCUMENT:", 9) && chkflevel(buffer, 2)) {

+	    if(sscanf(buffer + 9, "0x%x", &val) == 1) {

+		dconf->doc = val;

+	    } else {

+		ret = CL_EMALFDB;

+		break;

+	    }

+	}

+

+	if(!strncmp(buffer, "MAIL:", 5) && chkflevel(buffer, 2)) {

+	    if(sscanf(buffer + 5, "0x%x", &val) == 1) {

+		dconf->mail = val;

+	    } else {

+		ret = CL_EMALFDB;

+		break;

+	    }

+	}

+

+	if(!strncmp(buffer, "OTHER:", 6) && chkflevel(buffer, 2)) {

+	    if(sscanf(buffer + 6, "0x%x", &val) == 1) {

+		dconf->other = val;

+	    } else {

+		ret = CL_EMALFDB;

+		break;

+	    }

+	}

+    }

+

+    if(ret) {

+	cli_errmsg("Problem parsing configuration file at line %u\n", line);

+	cl_free(*engine);

+	return ret;

+    }

+

+    return CL_SUCCESS;

+}

new file mode 100644

@@ -0,0 +1,86 @@

+/*

+ *  Copyright (C) 2007 Tomasz Kojm <tkojm@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#ifndef __DCONF_H

+#define __DCONF_H

+

+#include <stdio.h>

+

+#include "clamav.h"

+#include "cltypes.h"

+

+struct cli_dconf {

+    uint32_t pe;

+    uint32_t elf;

+    uint32_t archive;

+    uint32_t doc;

+    uint32_t mail;

+    uint32_t other;

+};

+

+/* PE flags */

+#define PE_CONF_PARITE	    0x1

+#define PE_CONF_KRIZ	    0x2

+#define PE_CONF_MAGISTR	    0x4

+#define PE_CONF_POLIPOS	    0x8

+#define PE_CONF_MD5SECT	    0x10

+#define PE_CONF_UPX	    0x20

+#define PE_CONF_FSG	    0x40

+#define PE_CONF_SUE	    0x80

+#define PE_CONF_PETITE	    0x100

+#define PE_CONF_PESPIN	    0x200

+#define PE_CONF_YC	    0x400

+#define PE_CONF_WWPACK	    0x800

+#define PE_CONF_NSPACK	    0x1000

+

+/* Archive flags */

+#define ARCH_CONF_RAR	    0x1

+#define ARCH_CONF_ZIP	    0x2

+#define ARCH_CONF_GZ	    0x4

+#define ARCH_CONF_BZ	    0x8

+#define ARCH_CONF_SZDD	    0x10

+#define ARCH_CONF_CAB	    0x20

+#define ARCH_CONF_CHM	    0x40

+#define ARCH_CONF_OLE2	    0x80

+#define ARCH_CONF_TAR	    0x100

+#define ARCH_CONF_BINHEX    0x200

+#define ARCH_CONF_SIS	    0x400

+

+/* Document flags */

+#define DOC_CONF_HTML	    0x1

+#define DOC_CONF_RTF	    0x2

+#define DOC_CONF_PDF	    0x4

+

+/* Mail flags */

+#define MAIL_CONF_MBOX	    0x1

+#define MAIL_CONF_TNEF	    0x2

+#define MAIL_CONF_PST	    0x4

+

+/* Other flags */

+#define OTHER_CONF_UUENC    0x1

+#define OTHER_CONF_SCRENC   0x2

+#define OTHER_CONF_RIFF	    0x4

+#define OTHER_CONF_JPEG	    0x8

+#define OTHER_CONF_CRYPTFF  0x10

+

+

+struct cli_dconf *cli_dconf_init(void);

+void cli_dconf_print(struct cli_dconf *dconf);

+int cli_dconf_load(FILE *fd, struct cl_engine **engine, unsigned int options);

+

+#endif

@@ -25,6 +25,7 @@

 #include "cltypes.h"

 #include "clamav.h"

+#include "dconf.h"

 /*

  * CLI_ISCONTAINED(buf1, size1, buf2, size2) checks if buf2 is contained

@@ -55,6 +56,7 @@ typedef struct {

     unsigned int options;

     unsigned int arec;

     unsigned int mrec;

+    struct cli_dconf *dconf;

 } cli_ctx;

 #define SCAN_ARCHIVE	    (ctx->options & CL_SCAN_ARCHIVE)

@@ -54,6 +54,8 @@

 #define	O_BINARY	0

 #endif

+#define DCONF ctx->dconf->pe

+

 #define IMAGE_DOS_SIGNATURE	    0x5a4d	    /* MZ */

 #define IMAGE_DOS_SIGNATURE_OLD	    0x4d5a          /* ZM */

 #define IMAGE_NT_SIGNATURE	    0x00004550

@@ -692,7 +694,11 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    }

 	    /* check MD5 section sigs */

-	    md5_sect = ctx->engine->md5_sect;

+	    if(DCONF & PE_CONF_MD5SECT)

+		md5_sect = ctx->engine->md5_sect;

+	    else

+		md5_sect = NULL;

+

 	    while(md5_sect && md5_sect->size < exe_sections[i].rsz)

 	        md5_sect = md5_sect->next;

@@ -741,7 +747,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	        max = exe_sections[i].rva + exe_sections[i].rsz;

 	}

-	if(SCAN_ALGO && !strlen(sname)) {

+	if(SCAN_ALGO && (DCONF & PE_CONF_POLIPOS) && !strlen(sname)) {

 	    if(exe_sections[i].vsz > 40000 && exe_sections[i].vsz < 70000) {

 		if(EC32(section_hdr[i].Characteristics) == 0xe0000060) {

 		    polipos = i;

@@ -774,7 +780,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     /* Attempt to detect some popular polymorphic viruses */

     /* W32.Parite.B */

-    if(SCAN_ALGO && !dll && ep == exe_sections[nsections - 1].raw) {

+    if(SCAN_ALGO && (DCONF & PE_CONF_PARITE) && !dll && ep == exe_sections[nsections - 1].raw) {

 	lseek(desc, ep, SEEK_SET);

 	if(cli_readn(desc, buff, 4096) == 4096) {

 		const char *pt = cli_memstr(buff, 4040, "\x47\x65\x74\x50\x72\x6f\x63\x41\x64\x64\x72\x65\x73\x73\x00", 15);

@@ -793,7 +799,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     }

     /* Kriz */

-    if(SCAN_ALGO && CLI_ISCONTAINED(exe_sections[nsections - 1].raw, exe_sections[nsections - 1].rsz, ep, 0x0fd2)) {

+    if(SCAN_ALGO && (DCONF & PE_CONF_KRIZ) && CLI_ISCONTAINED(exe_sections[nsections - 1].raw, exe_sections[nsections - 1].rsz, ep, 0x0fd2)) {

 	cli_dbgmsg("in kriz\n");

 	lseek(desc, ep, SEEK_SET);

 	if(cli_readn(desc, buff, 200) == 200) {

@@ -855,7 +861,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     }

     /* W32.Magistr.A/B */

-    if(SCAN_ALGO && !dll && (EC32(section_hdr[nsections - 1].Characteristics) & 0x80000000)) {

+    if(SCAN_ALGO && (DCONF & PE_CONF_MAGISTR) && !dll && (EC32(section_hdr[nsections - 1].Characteristics) & 0x80000000)) {

 	    uint32_t rsize, vsize, dam = 0;

 	vsize = exe_sections[nsections - 1].uvsz;

@@ -986,11 +992,9 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	}

     }

-

-#ifdef CL_EXPERIMENTAL

     /* SUE */

-    if(nsections > 2 && vep == exe_sections[nsections - 1].rva && exe_sections[nsections - 1].rsz > 0x350 && exe_sections[nsections - 1].rsz < 0x292+0x350+1000) {

+    if((DCONF & PE_CONF_SUE) && nsections > 2 && vep == exe_sections[nsections - 1].rva && exe_sections[nsections - 1].rsz > 0x350 && exe_sections[nsections - 1].rsz < 0x292+0x350+1000) {

       char *sue=buff+0x74;

@@ -1066,17 +1070,18 @@ int cli_scanpe(int desc, cli_ctx *ctx)

       }

     }

-#endif

     /* UPX & FSG support */

     /* try to find the first section with physical size == 0 */

     found = 0;

-    for(i = 0; i < (unsigned int) nsections - 1; i++) {

-	if(!section_hdr[i].SizeOfRawData && section_hdr[i].VirtualSize && section_hdr[i + 1].SizeOfRawData && section_hdr[i + 1].VirtualSize) {

-	    found = 1;

-	    cli_dbgmsg("UPX/FSG: empty section found - assuming compression\n");

-	    break;

+    if(DCONF & (PE_CONF_UPX | PE_CONF_FSG)) {

+	for(i = 0; i < (unsigned int) nsections - 1; i++) {

+	    if(!section_hdr[i].SizeOfRawData && section_hdr[i].VirtualSize && section_hdr[i + 1].SizeOfRawData && section_hdr[i + 1].VirtualSize) {

+		found = 1;

+		cli_dbgmsg("UPX/FSG: empty section found - assuming compression\n");

+		break;

+	    }

 	}

     }

@@ -1098,7 +1103,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    return CL_CLEAN;

 	}

-	if(buff[0] == '\x87' && buff[1] == '\x25') {

+	if((DCONF & PE_CONF_FSG) && buff[0] == '\x87' && buff[1] == '\x25') {

 	    /* FSG v2.0 support - thanks to aCaB ! */

@@ -1270,7 +1275,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    }

 	}

- 	if(found && buff[0] == '\xbe' && cli_readint32(buff + 1) - EC32(optional_hdr32.ImageBase) < min) {

+ 	if(found && (DCONF & PE_CONF_FSG) && buff[0] == '\xbe' && cli_readint32(buff + 1) - EC32(optional_hdr32.ImageBase) < min) {

 	    /* FSG support - v. 1.33 (thx trog for the many samples) */

@@ -1493,7 +1498,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	}

 	/* FIXME: easy 2 hack */

- 	if(found && buff[0] == '\xbb' && cli_readint32(buff + 1) - EC32(optional_hdr32.ImageBase) < min && buff[5] == '\xbf' && buff[10] == '\xbe' && vep >= exe_sections[i + 1].rva && vep - exe_sections[i + 1].rva > exe_sections[i + 1].rva - 0xe0 ) {

+ 	if(found && (DCONF & PE_CONF_FSG) && buff[0] == '\xbb' && cli_readint32(buff + 1) - EC32(optional_hdr32.ImageBase) < min && buff[5] == '\xbf' && buff[10] == '\xbe' && vep >= exe_sections[i + 1].rva && vep - exe_sections[i + 1].rva > exe_sections[i + 1].rva - 0xe0 ) {

 	    /* FSG support - v. 1.31 */

@@ -1712,7 +1717,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	}

-	if(found) {

+	if(found && (DCONF & PE_CONF_UPX)) {

 	    /* UPX support */

@@ -1938,7 +1943,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    found = 1;

     }

-    if(found) {

+    if((DCONF & PE_CONF_PETITE) && found) {

 	cli_dbgmsg("Petite: v2.%d compression detected\n", found);

 	if(cli_readint32(buff + 0x80) == 0x163c988d) {

@@ -2029,7 +2034,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     /* PESpin 1.1 */

-    if(nsections > 1 &&

+    if((DCONF & PE_CONF_PESPIN) && nsections > 1 &&

        vep >= EC32(section_hdr[nsections - 1].VirtualAddress) &&

        vep < EC32(section_hdr[nsections - 1].VirtualAddress) + EC32(section_hdr[nsections - 1].SizeOfRawData) - 0x3217 - 4 &&

        memcmp(buff+4, "\xe8\x00\x00\x00\x00\x8b\x1c\x24\x83\xc3", 10) == 0)  {

@@ -2127,7 +2132,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     /* yC 1.3 */

-    if(nsections > 1 &&

+    if((DCONF & PE_CONF_YC) && nsections > 1 &&

        EC32(optional_hdr32.AddressOfEntryPoint) == EC32(section_hdr[nsections - 1].VirtualAddress) + 0x60 &&

        memcmp(buff, "\x55\x8B\xEC\x53\x56\x57\x60\xE8\x00\x00\x00\x00\x5D\x81\xED\x6C\x28\x40\x00\xB9\x5D\x34\x40\x00\x81\xE9\xC6\x28\x40\x00\x8B\xD5\x81\xC2\xC6\x28\x40\x00\x8D\x3A\x8B\xF7\x33\xC0\xEB\x04\x90\xEB\x01\xC2\xAC", 51) == 0)  {

@@ -2203,7 +2208,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     /* WWPack */

-    if(nsections > 1 &&

+    if((DCONF & PE_CONF_WWPACK) && nsections > 1 &&

        exe_sections[nsections-1].raw>0x2b1 &&

        vep == exe_sections[nsections - 1].rva &&

        exe_sections[nsections - 1].rva + exe_sections[nsections - 1].rsz == max &&

@@ -2337,10 +2342,9 @@ int cli_scanpe(int desc, cli_ctx *ctx)

       }

     }

-#ifdef CL_EXPERIMENTAL

     /* NsPack */

-    while (1) {

+    while (DCONF & PE_CONF_NSPACK) {

       uint32_t eprva = vep;

       uint32_t start_of_stuff, ssize, dsize, rep = ep;

       unsigned int nowinldr;

@@ -2452,7 +2456,6 @@ int cli_scanpe(int desc, cli_ctx *ctx)

       free(tempfile);

       break;

     }

-#endif /* CL_EXPERIMENTAL - NsPack */

     /* to be continued ... */

@@ -48,6 +48,7 @@

 #include "others.h"

 #include "str.h"

 #include "defaults.h"

+#include "dconf.h"

 #ifdef CL_EXPERIMENTAL

 #include "phish_whitelist.h"

@@ -499,6 +500,12 @@ int cli_initengine(struct cl_engine **engine, unsigned int options)

 	    cli_errmsg("Can't allocate memory for roots!\n");

 	    return CL_EMEM;

 	}

+

+	(*engine)->dconf = cli_dconf_init();

+	if(!(*engine)->dconf) {

+	    cli_errmsg("Can't initialize dynamic configuration\n");

+	    return CL_EMEM;

+	}

     }

 #ifdef CL_EXPERIMENTAL

@@ -1159,6 +1166,9 @@ static int cli_load(const char *filename, struct cl_engine **engine, unsigned in

     } else if(cli_strbcasestr(filename, ".rmd")) {

 	ret = cli_loadmd(fd, engine, signo, 2, options);

+    } else if(cli_strbcasestr(filename, ".cfg")) {

+	ret = cli_dconf_load(fd, engine, options);

+

     } else if(cli_strbcasestr(filename, ".ncdb")) {

 #ifdef HAVE_NCORE

 	if(options & CL_DB_NCORE)

@@ -1243,6 +1253,7 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigne

 	     cli_strbcasestr(dent->d_name, ".sdb")  ||

 	     cli_strbcasestr(dent->d_name, ".zmd")  ||

 	     cli_strbcasestr(dent->d_name, ".rmd")  ||

+	     cli_strbcasestr(dent->d_name, ".cfg")  ||

 #ifdef CL_EXPERIMENTAL

 	     cli_strbcasestr(dent->d_name, ".pdb")  ||

 	     cli_strbcasestr(dent->d_name, ".wdb")  ||

@@ -1298,15 +1309,22 @@ int cl_load(const char *path, struct cl_engine **engine, unsigned int *signo, un

     switch(sb.st_mode & S_IFMT) {

 	case S_IFREG: 

-	    return cli_load(path, engine, signo, options);

+	    ret = cli_load(path, engine, signo, options);

+	    break;

 	case S_IFDIR:

-	    return cli_loaddbdir(path, engine, signo, options);

+	    ret = cli_loaddbdir(path, engine, signo, options);

+	    break;

 	default:

-	    cli_errmsg("cl_load(): Not supported database file type\n");

+	    cli_errmsg("cl_load(%s): Not supported database file type\n", path);

 	    return CL_EOPEN;

     }

+

+    if(ret == CL_SUCCESS)

+	cli_dconf_print((*engine)->dconf);

+

+    return ret;

 }

 const char *cl_retdbdir(void)

@@ -1366,6 +1384,7 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".sdb")  || 

 	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".rmd")  || 

+	    cli_strbcasestr(dent->d_name, ".cfg")  ||

 #ifdef CL_EXPERIMENTAL

 	    cli_strbcasestr(dent->d_name, ".pdb")  ||

 	    cli_strbcasestr(dent->d_name, ".wdb")  ||

@@ -1452,6 +1471,7 @@ int cl_statchkdir(const struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".sdb")  || 

 	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".rmd")  || 

+	    cli_strbcasestr(dent->d_name, ".cfg")  ||

 #ifdef CL_EXPERIMENTAL

 	    cli_strbcasestr(dent->d_name, ".pdb")  ||

 	    cli_strbcasestr(dent->d_name, ".wdb")  ||

@@ -1563,16 +1583,19 @@ void cl_free(struct cl_engine *engine)

 	cli_ncore_unload(engine);

 #endif

-    for(i = 0; i < CL_TARGET_TABLE_SIZE; i++) {

-	if((root = engine->root[i])) {

-	    cli_ac_free(root);

-	    if(!engine->root[i]->ac_only)

-		cli_bm_free(root);

-	    free(root);

+    if(engine->root) {

+	for(i = 0; i < CL_TARGET_TABLE_SIZE; i++) {

+	    if((root = engine->root[i])) {

+		cli_ac_free(root);

+		if(!engine->root[i]->ac_only)

+		    cli_bm_free(root);

+		free(root);

+	    }

 	}

+

+	free(engine->root);

     }

-    free(engine->root);

     if(engine->md5_hlist) {

 	for(i = 0; i < 256; i++) {

 	    md5pt = engine->md5_hlist[i];

@@ -1612,6 +1635,10 @@ void cl_free(struct cl_engine *engine)

 #ifdef CL_EXPERIMENTAL

     phishing_done(engine);

 #endif

+

+    if(engine->dconf)

+	free(engine->dconf);

+

     free(engine);

 }

@@ -52,8 +52,14 @@

 extern short cli_leavetemps_flag;

+#define DCONF_ARCH  ctx->dconf->archive

+#define DCONF_DOC   ctx->dconf->doc

+#define DCONF_MAIL  ctx->dconf->mail

+#define DCONF_OTHER ctx->dconf->other

+

 #include "clamav.h"

 #include "others.h"

+#include "dconf.h"

 #include "scanners.h"

 #include "matcher-ac.h"

 #include "matcher-bm.h"

@@ -1615,13 +1621,13 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type)

 	ret == CL_TYPE_MAIL ? ctx->mrec++ : ctx->arec++;

 	switch(ret) {

 	    case CL_TYPE_HTML:

-		if(SCAN_HTML && type == CL_TYPE_UNKNOWN_TEXT)

+		if(SCAN_HTML && type == CL_TYPE_UNKNOWN_TEXT && (DCONF_DOC & DOC_CONF_HTML))

 		    if((nret = cli_scanhtml(desc, ctx)) == CL_VIRUS)

 			return CL_VIRUS;

 		break;

 	    case CL_TYPE_MAIL:

-		if(SCAN_MAIL && type == CL_TYPE_UNKNOWN_TEXT)

+		if(SCAN_MAIL && type == CL_TYPE_UNKNOWN_TEXT && (DCONF_MAIL & MAIL_CONF_MBOX))

 		    if((nret = cli_scanmail(desc, ctx)) == CL_VIRUS)

 			return CL_VIRUS;

 		break;

@@ -1634,15 +1640,15 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type)

 			lastzip = lastrar = 0xdeadbeef;

 			fpt = ftoffset;

 			while(fpt) {

-			    if(fpt->type == CL_TYPE_RARSFX) {

+			    if(fpt->type == CL_TYPE_RARSFX && (DCONF_ARCH & ARCH_CONF_RAR)) {

 				cli_dbgmsg("RAR-SFX signature found at %d\n", fpt->offset);

 				if((nret = cli_scanrar(desc, ctx, fpt->offset, &lastrar)) == CL_VIRUS)

 				    break;

-			    } else if(fpt->type == CL_TYPE_ZIPSFX) {

+			    } else if(fpt->type == CL_TYPE_ZIPSFX && (DCONF_ARCH & ARCH_CONF_ZIP)) {

 				cli_dbgmsg("ZIP-SFX signature found at %d\n", fpt->offset);

 				if((nret = cli_scanzip(desc, ctx, fpt->offset, &lastzip)) == CL_VIRUS)

 				    break;

-			    } else if(fpt->type == CL_TYPE_CABSFX) {

+			    } else if(fpt->type == CL_TYPE_CABSFX && (DCONF_ARCH & ARCH_CONF_CAB)) {

 				cli_dbgmsg("CAB-SFX signature found at %d\n", fpt->offset);

 				if((nret = cli_scanmscab(desc, ctx, fpt->offset)) == CL_VIRUS)

 				    break;

@@ -1733,124 +1739,129 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

     switch(type) {

 	case CL_TYPE_RAR:

-	    if(SCAN_ARCHIVE)

+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_RAR))

 		ret = cli_scanrar(desc, ctx, 0, NULL);

 	    break;

 	case CL_TYPE_ZIP:

-	    if(SCAN_ARCHIVE)

+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ZIP))

 		ret = cli_scanzip(desc, ctx, 0, NULL);

 	    break;

 	case CL_TYPE_GZ:

-	    if(SCAN_ARCHIVE)

+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_GZ))

 		ret = cli_scangzip(desc, ctx);

 	    break;

 	case CL_TYPE_BZ:

 #ifdef HAVE_BZLIB_H

-	    if(SCAN_ARCHIVE)

+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_BZ))

 		ret = cli_scanbzip(desc, ctx);

 #endif

 	    break;

 	case CL_TYPE_MSSZDD:

-	    if(SCAN_ARCHIVE)

+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_SZDD))

 		ret = cli_scanszdd(desc, ctx);

 	    break;

 	case CL_TYPE_MSCAB:

-	    if(SCAN_ARCHIVE)

+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CAB))

 		ret = cli_scanmscab(desc, ctx, 0);

 	    break;

 	case CL_TYPE_HTML:

-	    if(SCAN_HTML)

+	    if(SCAN_HTML && (DCONF_DOC & DOC_CONF_HTML))

 		ret = cli_scanhtml(desc, ctx);

 	    break;

 	case CL_TYPE_HTML_UTF16: