[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:03:23 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 006f5fe642b228a4bff8f19f7bf194b208e69be8
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Tue Sep 1 11:19:31 2009 +0200
libclamav: in bm_offmode only load sigs with non-floating absolute
and relative offsets into BM matcher (load other ones into AC) and
use per-file computed offset table to pick up best shifts (not
enabled by default, bb#1300)
diff --git a/ChangeLog b/ChangeLog
index 7ba9ce9..3b4141b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue Sep 1 11:11:43 CEST 2009 (tk)
+----------------------------------
+ * libclamav: in bm_offmode only load sigs with non-floating absolute and
+ relative offsets into BM matcher (load other ones into AC)
+ and use per-file computed offset table to pick up best shifts
+ (not enabled by default, bb#1300)
+
Sun Aug 30 23:56:49 CEST 2009 (acab)
------------------------------------
* libclamav: unify CL_TYPE_MAIL scanning
diff --git a/libclamav/matcher-ac.c b/libclamav/matcher-ac.c
index 3ac5abc..ca2eead 100644
--- a/libclamav/matcher-ac.c
+++ b/libclamav/matcher-ac.c
@@ -856,7 +856,7 @@ int cli_ac_caloff(const struct cli_matcher *root, struct cli_ac_data *data, int
if(info.exeinfo.section)
free(info.exeinfo.section);
return ret;
- } else if(data->offset[patt->offset_min] + patt->length > info.fsize) {
+ } else if((data->offset[patt->offset_min] != CLI_OFF_NONE) && (data->offset[patt->offset_min] + patt->length > info.fsize)) {
data->offset[patt->offset_min] = CLI_OFF_NONE;
}
}
diff --git a/libclamav/matcher-bm.c b/libclamav/matcher-bm.c
index adb96cf..6b6b130 100644
--- a/libclamav/matcher-bm.c
+++ b/libclamav/matcher-bm.c
@@ -104,6 +104,17 @@ int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern, const
pattern->pattern0 = pattern->pattern[0];
root->bm_suffix[idx]->cnt++;
+ if(root->bm_offmode) {
+ root->bm_pattab = (struct cli_bm_patt **) mpool_realloc2(root->mempool, root->bm_pattab, (root->bm_patterns + 1) * sizeof(struct cli_bm_patt *));
+ if(!root->bm_pattab) {
+ cli_errmsg("cli_bm_addpatt: Can't allocate memory for root->bm_pattab\n");
+ return CL_EMEM;
+ }
+ root->bm_pattab[root->bm_patterns] = pattern;
+ if(pattern->offdata[0] != CLI_OFF_ABSOLUTE)
+ pattern->offset_min = root->bm_patterns;
+ }
+
root->bm_patterns++;
return CL_SUCCESS;
}
@@ -114,6 +125,7 @@ int cli_bm_init(struct cli_matcher *root)
#ifdef USE_MPOOL
assert (root->mempool && "mempool must be initialized");
#endif
+
if(!(root->bm_shift = (uint8_t *) mpool_calloc(root->mempool, size, sizeof(uint8_t))))
return CL_EMEM;
@@ -128,6 +140,77 @@ int cli_bm_init(struct cli_matcher *root)
return CL_SUCCESS;
}
+static int qcompare(const void *a, const void *b)
+{
+ return *(const uint32_t *)a - *(const uint32_t *)b;
+}
+
+int cli_bm_initoff(const struct cli_matcher *root, struct cli_bm_off *data, int fd)
+{
+ int ret;
+ unsigned int i;
+ struct cli_bm_patt *patt;
+ struct cli_target_info info;
+ struct stat sb;
+
+
+ if(!root->bm_patterns) {
+ data->offtab = data->offset = 0;
+ data->cnt = data->pos = 0;
+ }
+ memset(&info, 0, sizeof(info));
+ if(fstat(fd, &sb) == -1) {
+ cli_errmsg("cli_bm_initoff: fstat(%d) failed\n", fd);
+ return CL_ESTAT;
+ }
+ info.fsize = sb.st_size;
+
+ data->cnt = data->pos = 0;
+ data->offtab = (uint32_t *) cli_malloc(root->bm_patterns * sizeof(uint32_t));
+ if(!data->offtab) {
+ cli_errmsg("cli_bm_initoff: Can't allocate memory for data->offtab\n");
+ return CL_EMEM;
+ }
+ data->offset = (uint32_t *) cli_malloc(root->bm_patterns * sizeof(uint32_t));
+ if(!data->offset) {
+ cli_errmsg("cli_bm_initoff: Can't allocate memory for data->offset\n");
+ free(data->offtab);
+ return CL_EMEM;
+ }
+ for(i = 0; i < root->bm_patterns; i++) {
+ patt = root->bm_pattab[i];
+ if(patt->offdata[0] == CLI_OFF_ABSOLUTE) {
+ data->offtab[data->cnt] = patt->offset_min + patt->prefix_length;
+ data->cnt++;
+ } else if((ret = cli_caloff(NULL, &info, fd, root->type, patt->offdata, &data->offset[patt->offset_min], NULL))) {
+ cli_errmsg("cli_bm_initoff: Can't calculate relative offset in signature for %s\n", patt->virname);
+ if(info.exeinfo.section)
+ free(info.exeinfo.section);
+ free(data->offtab);
+ free(data->offset);
+ return ret;
+ } else if((data->offset[patt->offset_min] != CLI_OFF_NONE) && (data->offset[patt->offset_min] + patt->length <= info.fsize)) {
+ if(!data->cnt || (data->offset[patt->offset_min] != data->offtab[data->cnt - 1])) {
+ data->offtab[data->cnt] = data->offset[patt->offset_min] + patt->prefix_length;
+ data->cnt++;
+ }
+ }
+ }
+ if(info.exeinfo.section)
+ free(info.exeinfo.section);
+
+ qsort(data->offtab, data->cnt, sizeof(uint32_t), qcompare);
+ return CL_SUCCESS;
+}
+
+void cli_bm_freeoff(struct cli_bm_off *data)
+{
+ free(data->offset);
+ data->offset = NULL;
+ free(data->offtab);
+ data->offtab = NULL;
+}
+
void cli_bm_free(struct cli_matcher *root)
{
struct cli_bm_patt *patt, *prev;
@@ -137,6 +220,9 @@ void cli_bm_free(struct cli_matcher *root)
if(root->bm_shift)
mpool_free(root->mempool, root->bm_shift);
+ if(root->bm_pattab)
+ mpool_free(root->mempool, root->bm_pattab);
+
if(root->bm_suffix) {
for(i = 0; i < size; i++) {
patt = root->bm_suffix[i];
@@ -156,7 +242,7 @@ void cli_bm_free(struct cli_matcher *root)
}
}
-int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, int fd)
+int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, int fd, struct cli_bm_off *offdata)
{
uint32_t i, j, off, off_min, off_max;
uint8_t found, pchain, shift;
@@ -174,7 +260,13 @@ int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
return CL_CLEAN;
memset(&info, 0, sizeof(info));
- for(i = BM_MIN_LENGTH - BM_BLOCK_SIZE; i < length - BM_BLOCK_SIZE + 1; ) {
+ i = BM_MIN_LENGTH - BM_BLOCK_SIZE;
+ if(root->bm_offmode) {
+ if(offdata->pos == offdata->cnt)
+ return CL_CLEAN;
+ i += offdata->offtab[offdata->pos];
+ }
+ for(; i < length - BM_BLOCK_SIZE + 1; ) {
idx = HASH(buffer[i], buffer[i + 1], buffer[i + 2]);
shift = root->bm_shift[idx];
@@ -182,7 +274,15 @@ int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
prefix = buffer[i - BM_MIN_LENGTH + BM_BLOCK_SIZE];
p = root->bm_suffix[idx];
if(p && p->cnt == 1 && p->pattern0 != prefix) {
- i++;
+ if(root->bm_offmode) {
+ off = offset + i - BM_MIN_LENGTH + BM_BLOCK_SIZE;
+ for(; off >= offdata->offtab[offdata->pos] && offdata->pos < offdata->cnt; offdata->pos++);
+ if(offdata->pos == offdata->cnt || off >= offdata->offtab[offdata->pos])
+ return CL_CLEAN;
+ i += offdata->offtab[offdata->pos] - off;
+ } else {
+ i++;
+ }
continue;
}
pchain = 0;
@@ -202,6 +302,18 @@ int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
continue;
}
+ if(root->bm_offmode) {
+ if(p->offdata[0] == CLI_OFF_ABSOLUTE) {
+ if(p->offset_min != offset + off - p->prefix_length) {
+ p = p->next;
+ continue;
+ }
+ } else if((offdata->offset[p->offset_min] == CLI_OFF_NONE) || (offdata->offset[p->offset_min] != offset + off - p->prefix_length)) {
+ p = p->next;
+ continue;
+ }
+ }
+
idxchk = MIN(p->length, length - off) - 1;
if(idxchk) {
if((bp[idxchk] != p->pattern[idxchk]) || (bp[idxchk / 2] != p->pattern[idxchk / 2])) {
@@ -227,39 +339,49 @@ int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
}
if(found && p->length + p->prefix_length == j) {
- if(p->offset_min != CLI_OFF_ANY) {
- if(p->offdata[0] != CLI_OFF_ABSOLUTE) {
- ret = cli_caloff(NULL, &info, fd, root->type, p->offdata, &off_min, &off_max);
- if(ret != CL_SUCCESS) {
- cli_errmsg("cli_bm_scanbuff: Can't calculate relative offset in signature for %s\n", p->virname);
- if(info.exeinfo.section)
- free(info.exeinfo.section);
- return ret;
+ if(!root->bm_offmode) {
+ if(p->offset_min != CLI_OFF_ANY) {
+ if(p->offdata[0] != CLI_OFF_ABSOLUTE) {
+ ret = cli_caloff(NULL, &info, fd, root->type, p->offdata, &off_min, &off_max);
+ if(ret != CL_SUCCESS) {
+ cli_errmsg("cli_bm_scanbuff: Can't calculate relative offset in signature for %s\n", p->virname);
+ if(info.exeinfo.section)
+ free(info.exeinfo.section);
+ return ret;
+ }
+ } else {
+ off_min = p->offset_min;
+ off_max = p->offset_max;
+ }
+ off = offset + i - p->prefix_length - BM_MIN_LENGTH + BM_BLOCK_SIZE;
+ if(off_max < off || off_min > off) {
+ p = p->next;
+ continue;
}
- } else {
- off_min = p->offset_min;
- off_max = p->offset_max;
- }
- off = offset + i - p->prefix_length - BM_MIN_LENGTH + BM_BLOCK_SIZE;
- if(off_max < off || off_min > off) {
- p = p->next;
- continue;
}
+ if(virname)
+ *virname = p->virname;
+ if(info.exeinfo.section)
+ free(info.exeinfo.section);
+ return CL_VIRUS;
}
- if(virname)
- *virname = p->virname;
- if(info.exeinfo.section)
- free(info.exeinfo.section);
- return CL_VIRUS;
}
-
p = p->next;
}
shift = 1;
}
- i += shift;
+ if(root->bm_offmode) {
+ off = offset + i - BM_MIN_LENGTH + BM_BLOCK_SIZE;
+ for(; off >= offdata->offtab[offdata->pos] && offdata->pos < offdata->cnt; offdata->pos++);
+ if(offdata->pos == offdata->cnt || off >= offdata->offtab[offdata->pos])
+ return CL_CLEAN;
+ i += offdata->offtab[offdata->pos] - off;
+ } else {
+ i += shift;
+ }
+
}
if(info.exeinfo.section)
diff --git a/libclamav/matcher-bm.h b/libclamav/matcher-bm.h
index f4458ae..75e2e94 100644
--- a/libclamav/matcher-bm.h
+++ b/libclamav/matcher-bm.h
@@ -35,9 +35,15 @@ struct cli_bm_patt {
unsigned char pattern0;
};
+struct cli_bm_off {
+ uint32_t *offset, *offtab, cnt, pos;
+};
+
int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern, const char *offset);
int cli_bm_init(struct cli_matcher *root);
-int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, int fd);
+int cli_bm_initoff(const struct cli_matcher *root, struct cli_bm_off *data, int fd);
+void cli_bm_freeoff(struct cli_bm_off *data);
+int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, int fd, struct cli_bm_off *offdata);
void cli_bm_free(struct cli_matcher *root);
#endif
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index e4e83b2..0e4cc04 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -76,7 +76,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,
if(!acdata && (ret = cli_ac_initdata(&mdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)))
return ret;
- if(troot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, troot, offset, -1)) != CL_VIRUS)
+ if(troot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, troot, offset, -1, NULL)) != CL_VIRUS)
ret = cli_ac_scanbuff(buffer, length, virname, NULL, NULL, troot, acdata ? (acdata[0]) : (&mdata), offset, ftype, NULL, AC_SCAN_VIR, NULL);
if(!acdata)
@@ -89,7 +89,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,
if(!acdata && (ret = cli_ac_initdata(&mdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)))
return ret;
- if(groot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, groot, offset, -1)) != CL_VIRUS)
+ if(groot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, groot, offset, -1, NULL)) != CL_VIRUS)
ret = cli_ac_scanbuff(buffer, length, virname, NULL, NULL, groot, acdata ? (acdata[1]) : (&mdata), offset, ftype, NULL, AC_SCAN_VIR, NULL);
if(!acdata)
@@ -201,7 +201,9 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, int fd, unsigne
} else {
/* calculate relative offsets */
if(info->status == -1) {
- *offset_min = *offset_max = 0;
+ *offset_min = CLI_OFF_NONE;
+ if(offset_max)
+ *offset_max = CLI_OFF_NONE;
return CL_SUCCESS;
}
@@ -237,7 +239,9 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, int fd, unsigne
/* einfo *may* fail */
lseek(fd, pos, SEEK_SET);
info->status = -1;
- *offset_min = *offset_max = 0;
+ *offset_min = CLI_OFF_NONE;
+ if(offset_max)
+ *offset_max = CLI_OFF_NONE;
return CL_SUCCESS;
}
lseek(fd, pos, SEEK_SET);
@@ -263,7 +267,7 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, int fd, unsigne
case CLI_OFF_SX_PLUS:
if(offdata[3] >= info->exeinfo.nsections)
- *offset_min = 0;
+ *offset_min = CLI_OFF_NONE;
else
*offset_min = info->exeinfo.section[offdata[3]].raw + offdata[1];
break;
@@ -273,9 +277,7 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, int fd, unsigne
return CL_EARG;
}
- if(!*offset_min)
- *offset_max = 0;
- else
+ if(offset_max && *offset_min != CLI_OFF_NONE)
*offset_max = *offset_min + offdata[2];
}
@@ -303,7 +305,7 @@ int cli_checkfp(int fd, cli_ctx *ctx)
return 0;
}
- if(cli_bm_scanbuff(digest, 16, &virname, ctx->engine->md5_fp, 0, -1) == CL_VIRUS) {
+ if(cli_bm_scanbuff(digest, 16, &virname, ctx->engine->md5_fp, 0, -1, NULL) == CL_VIRUS) {
cli_dbgmsg("cli_checkfp(): Found false positive detection (fp sig: %s)\n", virname);
free(digest);
lseek(fd, pos, SEEK_SET);
@@ -324,6 +326,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
uint32_t buffersize, length, maxpatlen, shift = 0, offset = 0;
uint64_t evalids;
struct cli_ac_data gdata, tdata;
+ struct cli_bm_off toff;
cli_md5_ctx md5ctx;
unsigned char digest[16];
struct cli_matcher *groot = NULL, *troot = NULL;
@@ -375,6 +378,12 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
cli_ac_freedata(&gdata);
return ret;
}
+ if(troot->bm_offmode && (ret = cli_bm_initoff(troot, &toff, desc))) {
+ if(!ftonly)
+ cli_ac_freedata(&gdata);
+ cli_ac_freedata(&tdata);
+ return ret;
+ }
}
if(!ftonly && ctx->engine->md5_hdb)
@@ -397,7 +406,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
length += maxpatlen;
if(troot) {
- if(troot->ac_only || (ret = cli_bm_scanbuff(upt, length, ctx->virname, troot, offset, desc)) != CL_VIRUS)
+ if(troot->ac_only || (ret = cli_bm_scanbuff(upt, length, ctx->virname, troot, offset, desc, &toff)) != CL_VIRUS)
ret = cli_ac_scanbuff(upt, length, ctx->virname, NULL, NULL, troot, &tdata, offset, ftype, ftoffset, acmode, NULL);
if(ret == CL_VIRUS) {
@@ -405,6 +414,8 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
if(!ftonly)
cli_ac_freedata(&gdata);
cli_ac_freedata(&tdata);
+ if(troot->bm_offmode)
+ cli_bm_freeoff(&toff);
if(cli_checkfp(desc, ctx))
return CL_CLEAN;
@@ -414,14 +425,17 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
}
if(!ftonly) {
- if(groot->ac_only || (ret = cli_bm_scanbuff(upt, length, ctx->virname, groot, offset, desc)) != CL_VIRUS)
+ if(groot->ac_only || (ret = cli_bm_scanbuff(upt, length, ctx->virname, groot, offset, desc, NULL)) != CL_VIRUS)
ret = cli_ac_scanbuff(upt, length, ctx->virname, NULL, NULL, groot, &gdata, offset, ftype, ftoffset, acmode, NULL);
if(ret == CL_VIRUS) {
free(buffer);
cli_ac_freedata(&gdata);
- if(troot)
+ if(troot) {
cli_ac_freedata(&tdata);
+ if(troot->bm_offmode)
+ cli_bm_freeoff(&toff);
+ }
if(cli_checkfp(desc, ctx))
return CL_CLEAN;
else
@@ -466,6 +480,8 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
}
}
cli_ac_freedata(&tdata);
+ if(troot->bm_offmode)
+ cli_bm_freeoff(&toff);
}
if(groot) {
@@ -492,7 +508,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
if(!ftonly && ctx->engine->md5_hdb) {
cli_md5_final(digest, &md5ctx);
- if(cli_bm_scanbuff(digest, 16, ctx->virname, ctx->engine->md5_hdb, 0, -1) == CL_VIRUS && (cli_bm_scanbuff(digest, 16, NULL, ctx->engine->md5_fp, 0, -1) != CL_VIRUS))
+ if(cli_bm_scanbuff(digest, 16, ctx->virname, ctx->engine->md5_hdb, 0, -1, NULL) == CL_VIRUS && (cli_bm_scanbuff(digest, 16, NULL, ctx->engine->md5_fp, 0, -1, NULL) != CL_VIRUS))
return CL_VIRUS;
}
diff --git a/libclamav/matcher.h b/libclamav/matcher.h
index 6074263..79c686f 100644
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@ -73,10 +73,10 @@ struct cli_matcher {
/* Extended Boyer-Moore */
uint8_t *bm_shift;
- struct cli_bm_patt **bm_suffix;
+ struct cli_bm_patt **bm_suffix, **bm_pattab;
struct cli_hashset md5_sizes_hs;
uint32_t *soff, soff_len; /* for PE section sigs */
- uint32_t bm_patterns, bm_reloff_num, bm_absoff_num;
+ uint32_t bm_offmode, bm_patterns, bm_reloff_num, bm_absoff_num;
/* Extended Aho-Corasick */
uint32_t ac_partsigs, ac_nodes, ac_patterns, ac_lsigs;
diff --git a/libclamav/pe.c b/libclamav/pe.c
index 06b9a26..9b80936 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -928,8 +928,8 @@ int cli_scanpe(int desc, cli_ctx *ctx)
for(j = 0; j < md5_sect->soff_len && md5_sect->soff[j] <= exe_sections[i].rsz; j++) {
if(md5_sect->soff[j] == exe_sections[i].rsz) {
unsigned char md5_dig[16];
- if(cli_md5sect(desc, &exe_sections[i], md5_dig) && cli_bm_scanbuff(md5_dig, 16, ctx->virname, ctx->engine->md5_mdb, 0, -1) == CL_VIRUS) {
- if(cli_bm_scanbuff(md5_dig, 16, NULL, ctx->engine->md5_fp, 0, -1) != CL_VIRUS) {
+ if(cli_md5sect(desc, &exe_sections[i], md5_dig) && cli_bm_scanbuff(md5_dig, 16, ctx->virname, ctx->engine->md5_mdb, 0, -1, NULL) == CL_VIRUS) {
+ if(cli_bm_scanbuff(md5_dig, 16, NULL, ctx->engine->md5_fp, 0, -1, NULL) != CL_VIRUS) {
free(section_hdr);
free(exe_sections);
diff --git a/libclamav/phishcheck.c b/libclamav/phishcheck.c
index 8b5f241..987716e 100644
--- a/libclamav/phishcheck.c
+++ b/libclamav/phishcheck.c
@@ -1198,13 +1198,13 @@ static int hash_match(const struct regex_matcher *rlist, const char *host, size_
h[64]='\0';
cli_dbgmsg("Looking up hash %s for %s(%u)%s(%u)\n", h, host, (unsigned)hlen, path, (unsigned)plen);
if (prefix_matched) {
- if (cli_bm_scanbuff(sha256_dig, 4, &virname, &rlist->hostkey_prefix,0,-1) == CL_VIRUS) {
+ if (cli_bm_scanbuff(sha256_dig, 4, &virname, &rlist->hostkey_prefix,0,-1,NULL) == CL_VIRUS) {
cli_dbgmsg("prefix matched\n");
*prefix_matched = 1;
} else
return CL_SUCCESS;
}
- if (cli_bm_scanbuff(sha256_dig, 32, &virname, &rlist->sha256_hashes,0,-1) == CL_VIRUS) {
+ if (cli_bm_scanbuff(sha256_dig, 32, &virname, &rlist->sha256_hashes,0,-1,NULL) == CL_VIRUS) {
cli_dbgmsg("This hash matched: %s\n", h);
switch(*virname) {
case 'W':
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 6aebed9..9cc7cc2 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -246,7 +246,7 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex
free(pt);
}
- } else if(root->ac_only || type || lsigid /* || (hexlen / 2 < CLI_DEFAULT_MOVETOAC_LEN) FIXME: unit tests */ || strpbrk(hexsig, "?(")) {
+ } else if(root->ac_only || type || lsigid /* || (hexlen / 2 < CLI_DEFAULT_MOVETOAC_LEN) FIXME: unit tests */ || strpbrk(hexsig, "?(") || (root->bm_offmode && (!strcmp(offset, "*") || strchr(offset, ',')))) {
if((ret = cli_ac_addsig(root, virname, hexsig, 0, 0, 0, rtype, type, 0, 0, offset, lsigid, options))) {
cli_errmsg("cli_parse_add(): Problem adding signature (3).\n");
return ret;
@@ -322,7 +322,7 @@ static int cli_initroots(struct cl_engine *engine, unsigned int options)
}
}
}
-
+ /* engine->root[1]->bm_offmode = 1; */ /* BM offset mode for PE files */
return CL_SUCCESS;
}
diff --git a/libclamav/regex_list.c b/libclamav/regex_list.c
index 11d6ed0..db47d67 100644
--- a/libclamav/regex_list.c
+++ b/libclamav/regex_list.c
@@ -455,7 +455,7 @@ static int add_hash(struct regex_matcher *matcher, char* pattern, const char fl,
if (fl != 'W' && pat->length == 32 &&
cli_hashset_contains(&matcher->sha256_pfx_set, cli_readint32(pat->pattern)) &&
- cli_bm_scanbuff(pat->pattern, 32, &vname, &matcher->sha256_hashes,0,-1) == CL_VIRUS) {
+ cli_bm_scanbuff(pat->pattern, 32, &vname, &matcher->sha256_hashes,0,-1,NULL) == CL_VIRUS) {
if (*vname == 'W') {
/* hash is whitelisted in local.gdb */
cli_dbgmsg("Skipping hash %s\n", pattern);
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list