... | ... |
@@ -933,6 +933,13 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi |
933 | 933 |
logg("Archive support disabled.\n"); |
934 | 934 |
} |
935 | 935 |
|
936 |
+ if (optget(opts, "BlockMax")->enabled) { |
|
937 |
+ logg("BlockMax heuristic detection enabled.\n"); |
|
938 |
+ options |= CL_SCAN_BLOCKMAX; |
|
939 |
+ } else { |
|
940 |
+ logg("BlockMax heuristic detection disabled.\n"); |
|
941 |
+ } |
|
942 |
+ |
|
936 | 943 |
if(optget(opts, "AlgorithmicDetection")->enabled) { |
937 | 944 |
logg("Algorithmic detection enabled.\n"); |
938 | 945 |
options |= CL_SCAN_ALGORITHMIC; |
... | ... |
@@ -447,6 +447,11 @@ Default: yes |
447 | 447 |
With this option enabled OLE2 files with VBA macros, which were not detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". |
448 | 448 |
.br |
449 | 449 |
Default: no |
450 |
+.TP |
|
451 |
+\fBBlockMax BOOL\fR |
|
452 |
+ Flag files with "Heuristics.Limits.Exceeded" when scanning is incomplete due to exceeding a scan or file size limit. |
|
453 |
+.br |
|
454 |
+Default: no |
|
450 | 455 |
.TP |
451 | 456 |
\fBScanPDF BOOL\fR |
452 | 457 |
This option enables scanning within PDF files. |
... | ... |
@@ -189,6 +189,9 @@ Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). |
189 | 189 |
\fB\-\-block\-macros[=yes/no(*)]\fR |
190 | 190 |
Mark OLE2 files containing VBA macros as viruses (Heuristics.OLE2.ContainsMacros). |
191 | 191 |
.TP |
192 |
+\fB\-\-block\-max[=yes/no(*)]\fR |
|
193 |
+Flag files with "Heuristics.Limits.Exceeded" when scanning is incomplete due to exceeding a scan or file size limit. |
|
194 |
+.TP |
|
192 | 195 |
\fB\-\-max\-filesize=#n\fR |
193 | 196 |
Extract and scan at most #n bytes from each archive. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB) |
194 | 197 |
.TP |
... | ... |
@@ -570,6 +570,10 @@ Example |
570 | 570 |
# Default: 25M |
571 | 571 |
#PCREMaxFileSize 100M |
572 | 572 |
|
573 |
+# When BlockMax is set, files exceeding the MaxFileSize, MaxScanSize, or MaxRecursion limit will be flagged |
|
574 |
+# with the virus "Heuristic.Limits.Exceeded". |
|
575 |
+# Default: no |
|
576 |
+#BlockMax yes |
|
573 | 577 |
|
574 | 578 |
## |
575 | 579 |
## On-access Scan Settings |
... | ... |
@@ -175,7 +175,6 @@ const struct clam_option __clam_options[] = { |
175 | 175 |
{ NULL, "no-phishing-restrictedscan", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, |
176 | 176 |
{ NULL, "max-ratio", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, |
177 | 177 |
{ NULL, "max-space", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, |
178 |
- { NULL, "block-max", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", "" }, |
|
179 | 178 |
{ NULL, "unzip", 0, CLOPT_TYPE_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, |
180 | 179 |
{ NULL, "unrar", 0, CLOPT_TYPE_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, |
181 | 180 |
{ NULL, "arj", 0, CLOPT_TYPE_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, |
... | ... |
@@ -187,6 +186,8 @@ const struct clam_option __clam_options[] = { |
187 | 187 |
{ NULL, "deb", 0, CLOPT_TYPE_STRING, NULL, -1, "foo", 0, OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, |
188 | 188 |
|
189 | 189 |
/* config file/cmdline options */ |
190 |
+ { "BlockMax", "block-max", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "", "" }, |
|
191 |
+ |
|
190 | 192 |
{ "PreludeEnable", "prelude-enable", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Enable prelude"}, |
191 | 193 |
|
192 | 194 |
{ "PreludeAnalyzerName", "prelude-analyzer-name", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Name of the analyzer as seen in prewikka"}, |