| January 26, 2019 | ||
|---|---|---|
 |
View 52cddcb
Updating and cleaning up copyright notices.Micah Snyder authored on 2019/01/26 00:15:50 |
|
| January 8, 2019 | ||
|---|---|---|
 |
View 7ba310e
PE parsing code improvements, db loading bug fixesAndrew authored on 2019/01/08 14:09:08 |
|
| December 6, 2018 | ||
|---|---|---|
|
View b3e82e5
Replacing libclamav/cltypes.h with clamav-types.h.in, which generates a header clamav-types.h that we install alongside clamav.h.Micah Snyder authored on 2018/12/06 10:46:20 |
|
| December 4, 2018 | ||
|---|---|---|
|
View 72fd33c
clang-format'd using new .clang-format rules.Micah Snyder authored on 2018/12/04 02:40:13 |
|
| September 15, 2018 | ||
|---|---|---|
|
View 64ecd10
Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat fileAndrew authored on 2018/09/15 03:39:47 |
|
| August 28, 2018 | ||
|---|---|---|
|
View 18a813a
Update PE parsing code related to Authenticode verification The following changes were made - The code to calculate the authenticode hash was not properly accounting for the case where a PE had sections that either overlapped with each other or overlapped with the PE header. One common case for this is UPX-packed binaries, where the first section with data on disk starts at offset 0x400, which overlaps with the specified PE header by 0xC00 bytes. - The code didn't wrap accesses to fields in the Security DataDirectory with EC32(), so it seems likely that authenticode parsing always encountered issues on big endian systems. I think I fixed all of the accesses in cli_checkfp_pe, but there might still be issues here. I'll test this further. - We parse the authenticode data header to better ensure that it's PCKS7 we are trying to parse, and not one of the other types - cli_checkfp_pe should now finish faster in the case where there is no authenticode data and we don't want to compute the section hashes. - Fixed a potential memory leak in one cli_checkfp_pe failure caseAndrew authored on 2018/08/28 11:53:23 |
|
| March 6, 2018 | ||
|---|---|---|
|
View 6289eda
Eliminating AUTHORS file, and moving acknowledgements for various source code contributions to the file comment blocks for the individual files, as appropriate.Micah Snyder authored on 2018/03/06 06:34:35 |
|
| June 30, 2016 | ||
|---|---|---|
 |
View 3cc632a
sigtool: properly generates and reports pe section hashes (mdb)Kevin Lin authored on 2016/06/30 07:21:39 |
|
| September 18, 2015 | ||
|---|---|---|
 |
View 46a35ab
mass update of copyright headersMickey Sola authored on 2015/09/18 02:41:26 |
|
| January 22, 2014 | ||
|---|---|---|
 |
View 3c29ca0
Phase 1 of reporting hashes of PE sectionsShawn Webb authored on 2014/01/22 01:30:27 |
|
| January 9, 2012 | ||
|---|---|---|
 |
View 7dfd90e
enable catalog based and embedded authenticode checkingaCaB authored on 2012/01/09 01:13:59 |
|
| September 3, 2010 | ||
|---|---|---|
 |
View 4abbeb3
Sync headers with bytecode compiler.Török Edvin authored on 2010/09/03 00:04:00 |
|
| July 30, 2010 | ||
|---|---|---|
|
View 453d818
use cached metadata in icon parser, add icon unit testsaCaB authored on 2010/07/30 22:54:15 |
|
| May 7, 2010 | ||
|---|---|---|
|
View 1c4683a
add match_offsets support.Török Edvin authored on 2010/05/07 15:57:30 |
|
| March 24, 2010 | ||
|---|---|---|
|
View 50829fb
Fix read of pedata in interpreter.Török Edvin authored on 2010/03/24 17:41:11 |
|