@@ -1,3 +1,7 @@

+Fri Mar  4 18:26:44 CET 2011 (acab)

+-----------------------------------

+ * libclamav: Extend prescan_cb with file types

+

 Mon Feb 28 21:46:50 CET 2011 (tk)

 ---------------------------------

  * clamd: add new option ClamukoExcludeUID (bb#2260)

@@ -196,13 +196,14 @@ extern int cl_engine_addref(struct cl_engine *engine);

 extern int cl_engine_free(struct cl_engine *engine);

-/* CALLBACKS - WARNING: unstable API - WIP */

+/* CALLBACKS */

-typedef cl_error_t (*clcb_pre_scan)(int fd, void *context);

+typedef cl_error_t (*clcb_pre_scan)(int fd, const char *type, void *context);

 /* PRE-SCAN

 Input:

 fd      = File descriptor which is about to be scanned

+type    = File type detected via magic - i.e. NOT on the fly - (e.g. "CL_TYPE_MSEXE")

 context = Opaque application provided data

 Output:

@@ -110,6 +110,17 @@ cli_file_t cli_ftcode(const char *name)

     return CL_TYPE_ERROR;

 }

+const char *cli_ftname(cli_file_t code)

+{

+	unsigned int i;

+

+    for(i = 0; ftmap[i].name; i++)

+	if(ftmap[i].code == code)

+	    return ftmap[i].name;

+

+    return NULL;

+}

+

 void cli_ftfree(const struct cl_engine *engine)

 {

 	struct cli_ftype *ftypes=engine->ftypes, *pt;

@@ -104,6 +104,7 @@ struct cli_matched_type {

 };

 cli_file_t cli_ftcode(const char *name);

+const char *cli_ftname(cli_file_t code);

 void cli_ftfree(const struct cl_engine *engine);

 cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine);

 cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine);

@@ -2089,6 +2089,35 @@ static void emax_reached(cli_ctx *ctx) {

     return retcode;										\

     } while(0)

+

+#define CALL_PRESCAN_CB(type_name)	                                                     \

+    if(ctx->engine->cb_pre_scan) {		                                             \

+	perf_start(ctx, PERFT_PRECB);                                                        \

+	switch(ctx->engine->cb_pre_scan(desc, (type_name), ctx->cb_ctx)) {                   \

+	case CL_BREAK:                                                                       \

+	    cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n");                \

+	    funmap(*ctx->fmap);                                                              \

+	    ctx->fmap--;                                                                     \

+	    perf_stop(ctx, PERFT_PRECB);                                                     \

+	    ret_from_magicscan(CL_CLEAN);                                                    \

+	case CL_VIRUS:                                                                       \

+	    cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n");                \

+	    if(ctx->virname)                                                                 \

+		*ctx->virname = "Detected.By.Callback";                                      \

+	    funmap(*ctx->fmap);                                                              \

+	    ctx->fmap--;                                                                     \

+	    perf_stop(ctx, PERFT_PRECB);                                                     \

+	    ret_from_magicscan(CL_VIRUS);                                                    \

+	case CL_CLEAN:                                                                       \

+	    break;                                                                           \

+	default:                                                                             \

+	    cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n");     \

+	}                                                                                    \

+	perf_stop(ctx, PERFT_PRECB);                                                         \

+    }

+

+

+

 static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)

 {

 	int ret = CL_CLEAN;

@@ -2146,31 +2175,6 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)

     }

     perf_stop(ctx, PERFT_MAP);

-    if(ctx->engine->cb_pre_scan) {

-	perf_start(ctx, PERFT_PRECB);

-	switch(ctx->engine->cb_pre_scan(desc, ctx->cb_ctx)) {

-	case CL_BREAK:

-	    cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n");

-	    funmap(*ctx->fmap);

-	    ctx->fmap--;

-	    perf_stop(ctx, PERFT_PRECB);

-	    ret_from_magicscan(CL_CLEAN);

-	case CL_VIRUS:

-	    cli_dbgmsg("cli_magic_scandesc: file blacklisted by callback\n");

-	    if(ctx->virname)

-		*ctx->virname = "Detected.By.Callback";

-	    funmap(*ctx->fmap);

-	    ctx->fmap--;

-	    perf_stop(ctx, PERFT_PRECB);

-	    ret_from_magicscan(CL_VIRUS);

-	case CL_CLEAN:

-	    break;

-	default:

-	    cli_warnmsg("cli_magic_scandesc: ignoring bad return code from callback\n");

-	}

-	perf_stop(ctx, PERFT_PRECB);

-    }

-

     perf_start(ctx, PERFT_CACHE);

     if(cache_check(hash, ctx) == CL_CLEAN) {

 	funmap(*ctx->fmap);

@@ -2189,6 +2193,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)

 	else

 	    cli_dbgmsg("Raw mode: No support for special files\n");

+	CALL_PRESCAN_CB("CL_TYPE_BINARY_DATA");

 	if((ret = cli_fmap_scandesc(ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, hash)) == CL_VIRUS)

 	    cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, desc);

 	else if(ret == CL_CLEAN) {

@@ -2206,7 +2211,7 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)

     perf_start(ctx, PERFT_FT);

     if(type == CL_TYPE_ANY)

-	type = cli_filetype2(*ctx->fmap, ctx->engine); /* FIXMEFMAP: port to fmap */

+	type = cli_filetype2(*ctx->fmap, ctx->engine);

     perf_stop(ctx, PERFT_FT);

     if(type == CL_TYPE_ERROR) {

 	cli_dbgmsg("cli_magic_scandesc: cli_filetype2 returned CL_TYPE_ERROR\n");

@@ -2216,6 +2221,8 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type)

 	ret_from_magicscan(CL_EREAD);

     }

+    CALL_PRESCAN_CB(cli_ftname(type));

+

 #ifdef HAVE__INTERNAL__SHA_COLLECT

     if(!ctx->sha_collect && type==CL_TYPE_MSEXE) ctx->sha_collect = 1;

 #endif