git-svn: trunk@2608
Tomasz Kojm authored on 2007/01/13 02:36:54... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Fri Jan 12 18:35:02 CET 2007 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav/phishcheck.c: add img url link-type filtering (patch from Edwin) |
|
4 |
+ |
|
1 | 5 |
Fri Jan 12 18:18:43 CET 2007 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* libclamav: phishing patch from Edwin (closes bb#157, #174, #222, #224) |
... | ... |
@@ -19,6 +19,9 @@ |
19 | 19 |
* MA 02110-1301, USA. |
20 | 20 |
* |
21 | 21 |
* $Log: phishcheck.c,v $ |
22 |
+ * Revision 1.18 2007/01/12 17:36:53 tkojm |
|
23 |
+ * add img url link-type filtering |
|
24 |
+ * |
|
22 | 25 |
* Revision 1.17 2007/01/12 17:29:09 tkojm |
23 | 26 |
* phishing patch from Edwin (closes bb#157, #174, #222, #224) |
24 | 27 |
* |
... | ... |
@@ -952,8 +955,12 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs) |
952 | 952 |
struct url_check urls; |
953 | 953 |
enum phish_status rc; |
954 | 954 |
urls.flags = strncmp((char*)hrefs->tag[i],href_text,href_text_len)? (CL_PHISH_ALL_CHECKS&~CHECK_SSL): CL_PHISH_ALL_CHECKS; |
955 |
- if (!(urls.flags&CHECK_IMG_URL) && !strncmp((char*)hrefs->tag[i],src_text,src_text_len)) |
|
955 |
+ urls.link_type = 0; |
|
956 |
+ if(!strncmp((char*)hrefs->tag[i],src_text,src_text_len)) { |
|
957 |
+ if (!(urls.flags&CHECK_IMG_URL)) |
|
956 | 958 |
continue; |
959 |
+ urls.link_type |= LINKTYPE_IMAGE; |
|
960 |
+ } |
|
957 | 961 |
if (ctx->options&CL_SCAN_PHISHING_DOMAINLIST) |
958 | 962 |
urls.flags |= DOMAINLIST_REQUIRED; |
959 | 963 |
if (ctx->options & CL_SCAN_PHISHING_BLOCKSSL) { |
... | ... |
@@ -1282,6 +1289,7 @@ enum phish_status phishingCheck(const struct cl_engine* engine,struct url_check* |
1282 | 1282 |
* so defer phishing decisions till we know if host is listed*/ |
1283 | 1283 |
} |
1284 | 1284 |
|
1285 |
+ |
|
1285 | 1286 |
url_check_init(&host_url); |
1286 | 1287 |
|
1287 | 1288 |
if((rc = url_get_host(pchk, urls,&host_url,DOMAIN_DISPLAY,&phishy))) { |
... | ... |
@@ -1301,6 +1309,10 @@ enum phish_status phishingCheck(const struct cl_engine* engine,struct url_check* |
1301 | 1301 |
} |
1302 | 1302 |
} |
1303 | 1303 |
|
1304 |
+ /* link type filtering must occur after last domainlist_match */ |
|
1305 |
+ if(urls->link_type & LINKTYPE_IMAGE && !(urls->flags&CHECK_IMG_URL)) |
|
1306 |
+ return CL_PHISH_HOST_NOT_LISTED;/* its listed, but this link type is filtered */ |
|
1307 |
+ |
|
1304 | 1308 |
if(urls->flags & DOMAINLIST_REQUIRED && !(phishy & DOMAIN_LISTED) ) { |
1305 | 1309 |
urls->flags &= urls->always_check_flags; |
1306 | 1310 |
if(!urls->flags) { |
... | ... |
@@ -1313,7 +1325,7 @@ enum phish_status phishingCheck(const struct cl_engine* engine,struct url_check* |
1313 | 1313 |
/*Checks if URL is cloaked. |
1314 | 1314 |
Should we check if it containts another http://, https://? |
1315 | 1315 |
No because we might get false positives from redirect services.*/ |
1316 |
- if(strchr(urls->realLink.data,'\0x1')) { |
|
1316 |
+ if(strchr(urls->realLink.data,0x1)) { |
|
1317 | 1317 |
free_if_needed(&host_url); |
1318 | 1318 |
return CL_PHISH_CLOAKED_NULL; |
1319 | 1319 |
} |
... | ... |
@@ -48,6 +48,7 @@ enum phish_status {CL_PHISH_NODECISION=0,CL_PHISH_CLEAN=CL_PHISH_BASE, CL_PHISH_ |
48 | 48 |
#define DOMAINLIST_REQUIRED 512 |
49 | 49 |
/* img checking disabled by default */ |
50 | 50 |
|
51 |
+#define LINKTYPE_IMAGE 1 |
|
51 | 52 |
|
52 | 53 |
#define CL_PHISH_ALL_CHECKS (CLEANUP_URL|DOMAIN_SUFFICIENT|CHECK_SSL|CHECK_CLOAKING|DOMAINLIST_REQUIRED|CHECK_IMG_URL) |
53 | 54 |
|
... | ... |
@@ -72,6 +73,7 @@ struct url_check { |
72 | 72 |
struct string displayLink; |
73 | 73 |
unsigned short flags; |
74 | 74 |
unsigned short always_check_flags; |
75 |
+ unsigned short link_type; |
|
75 | 76 |
}; |
76 | 77 |
|
77 | 78 |
int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs); |