May 21, 2019 | ||
---|---|---|
View d009f9e
Change errmsg to dbgmsg when skipping imphash on PE with no importsAndrew authored on 2019/05/21 00:23:50 |
May 5, 2019 | ||
---|---|---|
View 6c03dc5
Argument and return types for fmap_readn(), cli_writen(), cli_readn() converted to use size_t instead of int.Micah Snyder authored on 2019/05/05 04:54:54 |
March 13, 2019 | ||
---|---|---|
View 5319602
Add option to not remove missing sections (PE)Andrew authored on 2019/03/13 05:57:05 |
||
View 8650c79
Address code-review comments, fix several memleaksAndrew authored on 2019/03/13 01:45:19 |
February 19, 2019 | ||
---|---|---|
View d92c012
Multiple blacklist sigs can now match with allmatchAndrew authored on 2019/02/19 06:04:46 |
February 13, 2019 | ||
---|---|---|
View 1d7f6b2
Add support for cert blacklisting and whitelisting upfrontAndrew authored on 2019/02/13 05:10:04 |
February 5, 2019 | ||
---|---|---|
View dd25061
Use genhash_pe instead of checkfp_pe for section hash computationAndrew authored on 2019/02/05 08:48:22 |
January 26, 2019 | ||
---|---|---|
View e1cbc27
Updating and cleaning up copyright notices.Micah Snyder authored on 2019/01/26 00:15:50 |
January 8, 2019 | ||
---|---|---|
View afe940d
PE parsing code improvements, db loading bug fixesAndrew authored on 2019/01/08 14:09:08 |
December 6, 2018 | ||
---|---|---|
View e030ba4
Replacing libclamav/cltypes.h with clamav-types.h.in, which generates a header clamav-types.h that we install alongside clamav.h.Micah Snyder authored on 2018/12/06 10:46:20 |
December 4, 2018 | ||
---|---|---|
View 288057e
clang-format'd using new .clang-format rules.Micah Snyder authored on 2018/12/04 02:40:13 |
September 15, 2018 | ||
---|---|---|
View b9c3525
Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat fileAndrew authored on 2018/09/15 03:39:47 |
September 12, 2018 | ||
---|---|---|
View 181fee0
Fix a memory leak that occurs when a PE is whitelisted due to a valid signatureAndrew authored on 2018/09/12 03:17:33 |
September 6, 2018 | ||
---|---|---|
View 1b3395f
Fix bug in how ptrs to file data are used for computing Authenticode hash We used to get a pointer to file data without locking and for some samples this pointer would be invalidated by the time we used it. Now, we just store the offset for the sections that should be hashed as part of the Authenticode hash computation and get the file data pointer right before it's needed.Andrew authored on 2018/09/06 07:50:59 |
September 5, 2018 | ||
---|---|---|
View 352a188
Ignore section information when computing Authenticode sig A more reliable way to calculate the authenticode hash appears to be to hash the header (minus the checksum and security table) and then just hash everything between the end of the header and the start of the security section.Andrew authored on 2018/09/05 12:54:32 |