July 13, 2019 | ||
---|---|---|
View e013359
Update to clamav-devel to synchronize with the clamav-bytecode-compiler project.Micah Snyder (micasnyd) authored on 2019/07/13 23:53:24 |
March 13, 2019 | ||
---|---|---|
View 5319602
Add option to not remove missing sections (PE)Andrew authored on 2019/03/13 05:57:05 |
February 19, 2019 | ||
---|---|---|
View d92c012
Multiple blacklist sigs can now match with allmatchAndrew authored on 2019/02/19 06:04:46 |
February 13, 2019 | ||
---|---|---|
View 1d7f6b2
Add support for cert blacklisting and whitelisting upfrontAndrew authored on 2019/02/13 05:10:04 |
February 5, 2019 | ||
---|---|---|
View dd25061
Use genhash_pe instead of checkfp_pe for section hash computationAndrew authored on 2019/02/05 08:48:22 |
January 26, 2019 | ||
---|---|---|
View e1cbc27
Updating and cleaning up copyright notices.Micah Snyder authored on 2019/01/26 00:15:50 |
January 8, 2019 | ||
---|---|---|
View afe940d
PE parsing code improvements, db loading bug fixesAndrew authored on 2019/01/08 14:09:08 |
December 6, 2018 | ||
---|---|---|
View e030ba4
Replacing libclamav/cltypes.h with clamav-types.h.in, which generates a header clamav-types.h that we install alongside clamav.h.Micah Snyder authored on 2018/12/06 10:46:20 |
December 4, 2018 | ||
---|---|---|
View 288057e
clang-format'd using new .clang-format rules.Micah Snyder authored on 2018/12/04 02:40:13 |
September 15, 2018 | ||
---|---|---|
View b9c3525
Fix support for authenticode signatures from external .cat files This commit adds back in support for whitelisting files based on signatures from .cat files loaded in via a '-d' flag to clamscan. This also makes it so that a .crb blacklist rule match can't be overruled by a signature in a .cat fileAndrew authored on 2018/09/15 03:39:47 |
August 28, 2018 | ||
---|---|---|
View b7d7a7b
Update PE parsing code related to Authenticode verification The following changes were made - The code to calculate the authenticode hash was not properly accounting for the case where a PE had sections that either overlapped with each other or overlapped with the PE header. One common case for this is UPX-packed binaries, where the first section with data on disk starts at offset 0x400, which overlaps with the specified PE header by 0xC00 bytes. - The code didn't wrap accesses to fields in the Security DataDirectory with EC32(), so it seems likely that authenticode parsing always encountered issues on big endian systems. I think I fixed all of the accesses in cli_checkfp_pe, but there might still be issues here. I'll test this further. - We parse the authenticode data header to better ensure that it's PCKS7 we are trying to parse, and not one of the other types - cli_checkfp_pe should now finish faster in the case where there is no authenticode data and we don't want to compute the section hashes. - Fixed a potential memory leak in one cli_checkfp_pe failure caseAndrew authored on 2018/08/28 11:53:23 |
March 6, 2018 | ||
---|---|---|
View 6289eda
Eliminating AUTHORS file, and moving acknowledgements for various source code contributions to the file comment blocks for the individual files, as appropriate.Micah Snyder authored on 2018/03/06 06:34:35 |
June 30, 2016 | ||
---|---|---|
View 3cc632a
sigtool: properly generates and reports pe section hashes (mdb)Kevin Lin authored on 2016/06/30 07:21:39 |
September 18, 2015 | ||
---|---|---|
View 46a35ab
mass update of copyright headersMickey Sola authored on 2015/09/18 02:41:26 |
January 22, 2014 | ||
---|---|---|
View 3c29ca0
Phase 1 of reporting hashes of PE sectionsShawn Webb authored on 2014/01/22 01:30:27 |