January 26, 2019 | ||
---|---|---|
View c442ca9
Updating and cleaning up copyright notices in 0.101 branch.Micah Snyder authored on 2019/01/26 00:15:50 |
December 6, 2018 | ||
---|---|---|
View 95b2d68
Replacing libclamav/cltypes.h with clamav-types.h.in, which generates a header clamav-types.h that we install alongside clamav.h.Micah Snyder authored on 2018/12/06 10:46:20 |
September 15, 2018 | ||
---|---|---|
View 64ecd10
Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat fileAndrew authored on 2018/09/15 03:39:47 |
August 28, 2018 | ||
---|---|---|
View 18a813a
Update PE parsing code related to Authenticode verification The following changes were made - The code to calculate the authenticode hash was not properly accounting for the case where a PE had sections that either overlapped with each other or overlapped with the PE header. One common case for this is UPX-packed binaries, where the first section with data on disk starts at offset 0x400, which overlaps with the specified PE header by 0xC00 bytes. - The code didn't wrap accesses to fields in the Security DataDirectory with EC32(), so it seems likely that authenticode parsing always encountered issues on big endian systems. I think I fixed all of the accesses in cli_checkfp_pe, but there might still be issues here. I'll test this further. - We parse the authenticode data header to better ensure that it's PCKS7 we are trying to parse, and not one of the other types - cli_checkfp_pe should now finish faster in the case where there is no authenticode data and we don't want to compute the section hashes. - Fixed a potential memory leak in one cli_checkfp_pe failure caseAndrew authored on 2018/08/28 11:53:23 |
March 6, 2018 | ||
---|---|---|
View 6289eda
Eliminating AUTHORS file, and moving acknowledgements for various source code contributions to the file comment blocks for the individual files, as appropriate.Micah Snyder authored on 2018/03/06 06:34:35 |
June 30, 2016 | ||
---|---|---|
View 3cc632a
sigtool: properly generates and reports pe section hashes (mdb)Kevin Lin authored on 2016/06/30 07:21:39 |
September 18, 2015 | ||
---|---|---|
View 46a35ab
mass update of copyright headersMickey Sola authored on 2015/09/18 02:41:26 |
January 22, 2014 | ||
---|---|---|
View 3c29ca0
Phase 1 of reporting hashes of PE sectionsShawn Webb authored on 2014/01/22 01:30:27 |
January 9, 2012 | ||
---|---|---|
View 7dfd90e
enable catalog based and embedded authenticode checkingaCaB authored on 2012/01/09 01:13:59 |
September 3, 2010 | ||
---|---|---|
View 4abbeb3
Sync headers with bytecode compiler.Török Edvin authored on 2010/09/03 00:04:00 |
July 30, 2010 | ||
---|---|---|
View 453d818
use cached metadata in icon parser, add icon unit testsaCaB authored on 2010/07/30 22:54:15 |
May 7, 2010 | ||
---|---|---|
View 1c4683a
add match_offsets support.Török Edvin authored on 2010/05/07 15:57:30 |
March 24, 2010 | ||
---|---|---|
View 50829fb
Fix read of pedata in interpreter.Török Edvin authored on 2010/03/24 17:41:11 |
February 16, 2010 | ||
---|---|---|
View c80f26a
distcheckTörök Edvin authored on 2010/02/16 01:12:02 |
February 12, 2010 | ||
---|---|---|
View 236fb13
New pointer handling rules.Török Edvin authored on 2010/02/12 23:47:44 |