| December 4, 2018 | ||
|---|---|---|
 |
View 27948a0
Added .clang-format style rules, clam-format script to automate formatting of ClamAV code, and preparing select files so that clang-format does not alter carefully formatted sections.Micah Snyder authored on 2018/12/04 02:37:58 |
|
| October 26, 2018 | ||
|---|---|---|
|
View 4d62654
Moving variable declaration to top of function because ‘for’ loop initial declarations are only allowed in C99 mode.Micah Snyder authored on 2018/10/26 12:30:44 |
|
| October 10, 2018 | ||
|---|---|---|
 |
View d26a6fd
Allow the NULL to be missing on all AlgorithmIdsAndrew authored on 2018/10/10 03:00:28 |
|
| September 15, 2018 | ||
|---|---|---|
|
View b9c3525
Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat fileAndrew authored on 2018/09/15 03:39:47 |
|
| September 14, 2018 | ||
|---|---|---|
|
View 39f735b
Make --dumpcerts be more consistent, improve cert processing This commit makes the following changes: - --dumpcerts will print certificates even if they already exist in any .crb files loaded - --dumpcerts will print certificates only once - Having a whitelist CRB rule on a leaf certificate should no longer prevent signature verification from happening. NOTE, this doesn't mean that you can have whitelist rules for leaf certificates and have that result in a trusted signature - that doesn't work yet - Determining whether a certificate is blacklisted now includes comparing the public key data (modulus and exponent) in addition to the subject and serial hashes - If a blacklisted certificate is detected, the code will return immediately instead of continuing on to parse the rest of the signatureAndrew authored on 2018/09/14 01:04:17 |
|
| September 12, 2018 | ||
|---|---|---|
|
View a493156
Add debug message in the case where a seemingly useless cert is detectedAndrew authored on 2018/09/12 23:41:59 |
|
|
View 7c55d4f
Set the certSign flag for certificates without a KeyUsage The MS MD5 root cert doesn't have the KeyUsage set and appears to validate just fineAndrew authored on 2018/09/12 23:04:35 |
|
| September 11, 2018 | ||
|---|---|---|
|
View c6c71ef
Allow x509 certs with v1 TBSCertificate sections in the timestamp chain There are some Windows binaries that have certificates with version 1 TBSCertificate sections. This technically isn't allowed by the spec, but the Windows API still seems to report these are being OKAndrew authored on 2018/09/11 05:27:21 |
|
| September 10, 2018 | ||
|---|---|---|
|
View a26ed93
Fix a bug causing nested signatures to trigger the no-countersignature case In an earlier commit, I mistakenly check for whether a nested signature has been seen when determining whether a countersignature is present instead of checking that the countersignature has been seenAndrew authored on 2018/09/10 23:43:08 |
|
|
View 5f11b08
Allow for the timestampToken OID in place of pkcs7-data OID in the countersignatureAndrew authored on 2018/09/10 23:41:56 |
|
| September 9, 2018 | ||
|---|---|---|
|
View 72771d9
Allow '0' as a counterSignature versionAndrew authored on 2018/09/09 04:16:18 |
|
| September 7, 2018 | ||
|---|---|---|
|
View cc9381a
Add more support for SHA384/SHA512 I think SHA384/SHA512 hashes are supported in all parts of the authenticode signature nowAndrew authored on 2018/09/07 23:46:26 |
|
|
View b7f6b61
Allow <hashtype>WithRSAEncryption OIDs when expecting <hashtype> OIDs Some of the signature seem to use the former instead, and it appears to be accepted as legitimate, so allow it.Andrew authored on 2018/09/07 09:59:00 |
|
| September 6, 2018 | ||
|---|---|---|
|
View 1b3395f
Fix bug in how ptrs to file data are used for computing Authenticode hash We used to get a pointer to file data without locking and for some samples this pointer would be invalidated by the time we used it. Now, we just store the offset for the sections that should be hashed as part of the Authenticode hash computation and get the file data pointer right before it's needed.Andrew authored on 2018/09/06 07:50:59 |
|
| September 3, 2018 | ||
|---|---|---|
|
View 125360a
Add more complete support for SHA384, SHA512 hashesAndrew authored on 2018/09/03 11:07:14 |
|