January 26, 2019 | ||
---|---|---|
View 52cddcb
Updating and cleaning up copyright notices.Micah Snyder authored on 2019/01/26 00:15:50 |
January 8, 2019 | ||
---|---|---|
View 7ba310e
PE parsing code improvements, db loading bug fixesAndrew authored on 2019/01/08 14:09:08 |
December 4, 2018 | ||
---|---|---|
View 72fd33c
clang-format'd using new .clang-format rules.Micah Snyder authored on 2018/12/04 02:40:13 |
||
View 38fe8b6
Added .clang-format style rules, clam-format script to automate formatting of ClamAV code, and preparing select files so that clang-format does not alter carefully formatted sections.Micah Snyder authored on 2018/12/04 02:37:58 |
October 26, 2018 | ||
---|---|---|
View ebea41e
Moving variable declaration to top of function because ‘for’ loop initial declarations are only allowed in C99 mode.Micah Snyder authored on 2018/10/26 12:30:44 |
October 10, 2018 | ||
---|---|---|
View 7f46503
Allow the NULL to be missing on all AlgorithmIdsAndrew authored on 2018/10/10 03:00:28 |
September 15, 2018 | ||
---|---|---|
View 64ecd10
Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat fileAndrew authored on 2018/09/15 03:39:47 |
September 14, 2018 | ||
---|---|---|
View 50d1a0b
Make --dumpcerts be more consistent, improve cert processing This commit makes the following changes: - --dumpcerts will print certificates even if they already exist in any .crb files loaded - --dumpcerts will print certificates only once - Having a whitelist CRB rule on a leaf certificate should no longer prevent signature verification from happening. NOTE, this doesn't mean that you can have whitelist rules for leaf certificates and have that result in a trusted signature - that doesn't work yet - Determining whether a certificate is blacklisted now includes comparing the public key data (modulus and exponent) in addition to the subject and serial hashes - If a blacklisted certificate is detected, the code will return immediately instead of continuing on to parse the rest of the signatureAndrew authored on 2018/09/14 01:04:17 |
September 12, 2018 | ||
---|---|---|
View db39ba2
Add debug message in the case where a seemingly useless cert is detectedAndrew authored on 2018/09/12 23:41:59 |
||
View 5df252e
Set the certSign flag for certificates without a KeyUsage The MS MD5 root cert doesn't have the KeyUsage set and appears to validate just fineAndrew authored on 2018/09/12 23:04:35 |
September 11, 2018 | ||
---|---|---|
View b1c1353
Allow x509 certs with v1 TBSCertificate sections in the timestamp chain There are some Windows binaries that have certificates with version 1 TBSCertificate sections. This technically isn't allowed by the spec, but the Windows API still seems to report these are being OKAndrew authored on 2018/09/11 05:27:21 |
September 10, 2018 | ||
---|---|---|
View 0bbf4e1
Fix a bug causing nested signatures to trigger the no-countersignature case In an earlier commit, I mistakenly check for whether a nested signature has been seen when determining whether a countersignature is present instead of checking that the countersignature has been seenAndrew authored on 2018/09/10 23:43:08 |
||
View d28779e
Allow for the timestampToken OID in place of pkcs7-data OID in the countersignatureAndrew authored on 2018/09/10 23:41:56 |
September 9, 2018 | ||
---|---|---|
View 796cf4c
Allow '0' as a counterSignature versionAndrew authored on 2018/09/09 04:16:18 |
September 7, 2018 | ||
---|---|---|
View 0973eb9
Add more support for SHA384/SHA512 I think SHA384/SHA512 hashes are supported in all parts of the authenticode signature nowAndrew authored on 2018/09/07 23:46:26 |