... | ... |
@@ -196,13 +196,14 @@ extern int cl_engine_addref(struct cl_engine *engine); |
196 | 196 |
extern int cl_engine_free(struct cl_engine *engine); |
197 | 197 |
|
198 | 198 |
|
199 |
-/* CALLBACKS - WARNING: unstable API - WIP */ |
|
199 |
+/* CALLBACKS */ |
|
200 | 200 |
|
201 | 201 |
|
202 |
-typedef cl_error_t (*clcb_pre_scan)(int fd, void *context); |
|
202 |
+typedef cl_error_t (*clcb_pre_scan)(int fd, const char *type, void *context); |
|
203 | 203 |
/* PRE-SCAN |
204 | 204 |
Input: |
205 | 205 |
fd = File descriptor which is about to be scanned |
206 |
+type = File type detected via magic - i.e. NOT on the fly - (e.g. "CL_TYPE_MSEXE") |
|
206 | 207 |
context = Opaque application provided data |
207 | 208 |
|
208 | 209 |
Output: |
... | ... |
@@ -110,6 +110,17 @@ cli_file_t cli_ftcode(const char *name) |
110 | 110 |
return CL_TYPE_ERROR; |
111 | 111 |
} |
112 | 112 |
|
113 |
+const char *cli_ftname(cli_file_t code) |
|
114 |
+{ |
|
115 |
+ unsigned int i; |
|
116 |
+ |
|
117 |
+ for(i = 0; ftmap[i].name; i++) |
|
118 |
+ if(ftmap[i].code == code) |
|
119 |
+ return ftmap[i].name; |
|
120 |
+ |
|
121 |
+ return NULL; |
|
122 |
+} |
|
123 |
+ |
|
113 | 124 |
void cli_ftfree(const struct cl_engine *engine) |
114 | 125 |
{ |
115 | 126 |
struct cli_ftype *ftypes=engine->ftypes, *pt; |
... | ... |
@@ -104,6 +104,7 @@ struct cli_matched_type { |
104 | 104 |
}; |
105 | 105 |
|
106 | 106 |
cli_file_t cli_ftcode(const char *name); |
107 |
+const char *cli_ftname(cli_file_t code); |
|
107 | 108 |
void cli_ftfree(const struct cl_engine *engine); |
108 | 109 |
cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine); |
109 | 110 |
cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine); |
... | ... |
@@ -2089,6 +2089,35 @@ static void emax_reached(cli_ctx *ctx) { |
2089 | 2089 |
return retcode; \ |
2090 | 2090 |
} while(0) |
2091 | 2091 |
|
2092 |
+ |
|
2093 |
+#define CALL_PRESCAN_CB(type_name) \ |
|
2094 |
+ if(ctx->engine->cb_pre_scan) { \ |
|
2095 |
+ perf_start(ctx, PERFT_PRECB); \ |
|
2096 |
+ switch(ctx->engine->cb_pre_scan(desc, (type_name), ctx->cb_ctx)) { \ |
|
2097 |
+ case CL_BREAK: \ |
|
2098 |
+ cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n"); \ |
|
2099 |
+ funmap(*ctx->fmap); \ |
|
2100 |
+ ctx->fmap--; \ |
|
2101 |
+ perf_stop(ctx, PERFT_PRECB); \ |
|
2102 |
+ ret_from_magicscan(CL_CLEAN); \ |
|
2103 |
+ case CL_VIRUS: \ |
|
2104 |
+ cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n"); \ |
|
2105 |
+ if(ctx->virname) \ |
|
2106 |
+ *ctx->virname = "Detected.By.Callback"; \ |
|
2107 |
+ funmap(*ctx->fmap); \ |
|
2108 |
+ ctx->fmap--; \ |
|
2109 |
+ perf_stop(ctx, PERFT_PRECB); \ |
|
2110 |
+ ret_from_magicscan(CL_VIRUS); \ |
|
2111 |
+ case CL_CLEAN: \ |
|
2112 |
+ break; \ |
|
2113 |
+ default: \ |
|
2114 |
+ cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n"); \ |
|
2115 |
+ } \ |
|
2116 |
+ perf_stop(ctx, PERFT_PRECB); \ |
|
2117 |
+ } |
|
2118 |
+ |
|
2119 |
+ |
|
2120 |
+ |
|
2092 | 2121 |
static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2093 | 2122 |
{ |
2094 | 2123 |
int ret = CL_CLEAN; |
... | ... |
@@ -2146,31 +2175,6 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2146 | 2146 |
} |
2147 | 2147 |
perf_stop(ctx, PERFT_MAP); |
2148 | 2148 |
|
2149 |
- if(ctx->engine->cb_pre_scan) { |
|
2150 |
- perf_start(ctx, PERFT_PRECB); |
|
2151 |
- switch(ctx->engine->cb_pre_scan(desc, ctx->cb_ctx)) { |
|
2152 |
- case CL_BREAK: |
|
2153 |
- cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n"); |
|
2154 |
- funmap(*ctx->fmap); |
|
2155 |
- ctx->fmap--; |
|
2156 |
- perf_stop(ctx, PERFT_PRECB); |
|
2157 |
- ret_from_magicscan(CL_CLEAN); |
|
2158 |
- case CL_VIRUS: |
|
2159 |
- cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n"); |
|
2160 |
- if(ctx->virname) |
|
2161 |
- *ctx->virname = "Detected.By.Callback"; |
|
2162 |
- funmap(*ctx->fmap); |
|
2163 |
- ctx->fmap--; |
|
2164 |
- perf_stop(ctx, PERFT_PRECB); |
|
2165 |
- ret_from_magicscan(CL_VIRUS); |
|
2166 |
- case CL_CLEAN: |
|
2167 |
- break; |
|
2168 |
- default: |
|
2169 |
- cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n"); |
|
2170 |
- } |
|
2171 |
- perf_stop(ctx, PERFT_PRECB); |
|
2172 |
- } |
|
2173 |
- |
|
2174 | 2149 |
perf_start(ctx, PERFT_CACHE); |
2175 | 2150 |
if(cache_check(hash, ctx) == CL_CLEAN) { |
2176 | 2151 |
funmap(*ctx->fmap); |
... | ... |
@@ -2189,6 +2193,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2189 | 2189 |
else |
2190 | 2190 |
cli_dbgmsg("Raw mode: No support for special files\n"); |
2191 | 2191 |
|
2192 |
+ CALL_PRESCAN_CB("CL_TYPE_BINARY_DATA"); |
|
2192 | 2193 |
if((ret = cli_fmap_scandesc(ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, hash)) == CL_VIRUS) |
2193 | 2194 |
cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, desc); |
2194 | 2195 |
else if(ret == CL_CLEAN) { |
... | ... |
@@ -2206,7 +2211,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2206 | 2206 |
|
2207 | 2207 |
perf_start(ctx, PERFT_FT); |
2208 | 2208 |
if(type == CL_TYPE_ANY) |
2209 |
- type = cli_filetype2(*ctx->fmap, ctx->engine); /* FIXMEFMAP: port to fmap */ |
|
2209 |
+ type = cli_filetype2(*ctx->fmap, ctx->engine); |
|
2210 | 2210 |
perf_stop(ctx, PERFT_FT); |
2211 | 2211 |
if(type == CL_TYPE_ERROR) { |
2212 | 2212 |
cli_dbgmsg("cli_magic_scandesc: cli_filetype2 returned CL_TYPE_ERROR\n"); |
... | ... |
@@ -2216,6 +2221,8 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2216 | 2216 |
ret_from_magicscan(CL_EREAD); |
2217 | 2217 |
} |
2218 | 2218 |
|
2219 |
+ CALL_PRESCAN_CB(cli_ftname(type)); |
|
2220 |
+ |
|
2219 | 2221 |
#ifdef HAVE__INTERNAL__SHA_COLLECT |
2220 | 2222 |
if(!ctx->sha_collect && type==CL_TYPE_MSEXE) ctx->sha_collect = 1; |
2221 | 2223 |
#endif |