GitList

Browse code

Reduce bytecodetimeout to 5s instead of 60.

In case of buggy bytecode limits the amount of resources consumed.

Török Edvin authored on 2011/01/20 23:12:11
Showing 3 changed files

ChangeLog index c111483..cfa840c 100644
etc/clamd.conf index 000d8f7..67ebee1 100644
shared/optparser.c index e6fb017..900cefd 100644

History View file @ c19477e

@@ -1,3 +1,7 @@
                     +Thu Jan 20 16:11:43 EET 2011 (edwin)
                     +------------------------------------
                     + * shared/optparser.c: reduce BytecodeTimeout to 5s (instead of 60).
+                    +
                      Thu Jan 20 16:09:29 EET 2011 (edwin)
                      -----------------------------------
                       * libclamav/bytecode_vm.c: fix memset on bigendian arch (bb #2478).

History View file @ c19477e

@@ -480,5 +480,5 @@ Example
                      # Set bytecode timeout in miliseconds.
+                     #
                     -# Default: 60000
                     -# BytecodeTimeout 60000
                     +# Default: 5000
                     +# BytecodeTimeout 1000

shared/optparser.c

History View file @ c19477e

@@ -256,8 +256,8 @@ const struct clam_option __clam_options[] = {
                          { "Bytecode", "bytecode", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
                          { "BytecodeSecurity", NULL, 0, TYPE_STRING, "^(None|TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD,
                      	"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
                     -    { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
                     -	"Set bytecode timeout in miliseconds.\n","60000"},
                     +    { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 5000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
                     +	"Set bytecode timeout in miliseconds.\n","5000"},
                          { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
                      	"Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceIntepreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal\n","Auto"},
                          { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },