... | ... |
@@ -216,6 +216,8 @@ void help(void) |
216 | 216 |
mprintf(" --include=REGEX Only scan file names matching REGEX\n"); |
217 | 217 |
mprintf(" --include-dir=REGEX Only scan directories matching REGEX\n"); |
218 | 218 |
mprintf("\n"); |
219 |
+ mprintf(" --bytecode[=yes(*)/no] Load bytecode from the database\n"); |
|
220 |
+ mprintf(" --bytecode-trust-all[=yes/no(*)] Trust all loaded bytecode\n"); |
|
219 | 221 |
mprintf(" --detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications\n"); |
220 | 222 |
mprintf(" --exclude-pua=CAT Skip PUA sigs of category CAT\n"); |
221 | 223 |
mprintf(" --include-pua=CAT Load PUA sigs of category CAT\n"); |
... | ... |
@@ -401,7 +401,7 @@ int scanmanager(const struct optstruct *opts) |
401 | 401 |
if(optget(opts, "leave-temps")->enabled) |
402 | 402 |
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1); |
403 | 403 |
|
404 |
- if(optget(opts, "trust-loaded-bytecode")->enabled) |
|
404 |
+ if(optget(opts, "bytecode-trust-all")->enabled) |
|
405 | 405 |
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL); |
406 | 406 |
|
407 | 407 |
if((opt = optget(opts, "tempdir"))->enabled) { |
... | ... |
@@ -78,8 +78,11 @@ Default: system specific (usually /tmp or /var/tmp). |
78 | 78 |
.TP |
79 | 79 |
\fBDatabaseDirectory STRING\fR |
80 | 80 |
Path to a directory containing database files. |
81 |
+.TP |
|
82 |
+\fBOfficialDatabaseOnly BOOL\fR |
|
83 |
+Only load the official signatures published by the ClamAV project. |
|
81 | 84 |
.br |
82 |
-Default: @DBDIR@ |
|
85 |
+Default: no |
|
83 | 86 |
.TP |
84 | 87 |
\fBLocalSocket STRING\fR |
85 | 88 |
Path to a local (Unix) socket the daemon will listen on. |
... | ... |
@@ -236,7 +239,17 @@ Limit data port range. |
236 | 236 |
.br |
237 | 237 |
Default: 2048 |
238 | 238 |
.TP |
239 |
-\fBDetectPUA\fR |
|
239 |
+\fBBytecode BOOL\fR |
|
240 |
+With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses. |
|
241 |
+.br |
|
242 |
+Default: yes |
|
243 |
+.TP |
|
244 |
+\fBBytecodeSecurity STRING\fR |
|
245 |
+Set bytecode security level. Possible values: \fBNone\fR: no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS, \fBTrustSigned\fR: trust bytecode loaded from signed .c[lv]d files and insert runtime safety checks for bytecode loaded from other sources, \fBParanoid\fR: don't trust any bytecode, insert runtime checks for all. The recommended setting is \fBTrustSigned\fR, because bytecode in .cvd files already has safety checks inserted into it. |
|
246 |
+.br |
|
247 |
+Default: TrustSigned |
|
248 |
+.TP |
|
249 |
+\fBDetectPUA BOOL\fR |
|
240 | 250 |
Detect Possibly Unwanted Applications. |
241 | 251 |
.br |
242 | 252 |
Default: No |
... | ... |
@@ -404,6 +417,11 @@ Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. |
404 | 404 |
.br |
405 | 405 |
Default: no |
406 | 406 |
.TP |
407 |
+\fBClamukoScannerCount NUMBER\fR |
|
408 |
+The number of scanner threads that will be started (DazukoFS only). Having multiple scanner threads allows Clamuko to serve multiple processes simultaneously. This is particularly beneficial on SMP machines. |
|
409 |
+.br |
|
410 |
+Default: 3 |
|
411 |
+.TP |
|
407 | 412 |
\fBClamukoScanOnOpen BOOL\fR |
408 | 413 |
Scan files on open. |
409 | 414 |
.br |
... | ... |
@@ -78,6 +78,12 @@ Move infected files into DIRECTORY. Directory must be writable for the '@CLAMAVU |
78 | 78 |
\fB\-\-copy=DIRECTORY\fR |
79 | 79 |
Copy infected files into DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan. |
80 | 80 |
.TP |
81 |
+\fB\-\-bytecode[=yes(*)/no]\fR |
|
82 |
+With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses. |
|
83 |
+.TP |
|
84 |
+\fB\-\-bytecode\-trust\-all[=yes/no(*)]\fR |
|
85 |
+This option disables safety checks and makes ClamAV trust all bytecode. It should only be used for debugging. |
|
86 |
+.TP |
|
81 | 87 |
\fB\-\-detect\-pua[=yes/no(*)]\fR |
82 | 88 |
Detect Possibly Unwanted Applications. |
83 | 89 |
.TP |
... | ... |
@@ -122,7 +122,7 @@ const struct clam_option __clam_options[] = { |
122 | 122 |
|
123 | 123 |
{ NULL, "force-interpreter", 'f', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Force using the interpreter instead of the JIT", "" }, |
124 | 124 |
{ NULL, "trust-bytecode", 't', TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMBC, "Trust loaded bytecode (default yes)", ""}, |
125 |
- { NULL, "trust-loaded-bytecode", 't', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Trust loaded bytecode (default: only if signed)", ""}, |
|
125 |
+ { NULL, "bytecode-trust-all", 't', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Trust loaded bytecode (default: only if signed)", ""}, |
|
126 | 126 |
{ NULL, "info", 'i', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Load and print bytecode information without executing", ""}, |
127 | 127 |
{ NULL, "printsrc", 'p', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Print source code of bytecode", ""}, |
128 | 128 |
{ NULL, "input", 'i', TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMBC, "Input file to run the bytecode n", ""}, |