[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:09:05 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 208ceae5c77086744736aba792989cfd6d7313ee
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Tue Nov 10 19:30:33 2009 +0100
clamd, clamscan: add support for OfficialDatabaseOnly/--official-db-only (bb#1743)
diff --git a/ChangeLog b/ChangeLog
index c7f64c6..6fd6592 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Nov 10 19:29:18 CET 2009 (tk)
+---------------------------------
+ * clamd, clamscan: add support for OfficialDatabaseOnly/--official-db-only
+ (bb#1743)
+
Tue Nov 10 16:50:56 CET 2009 (tk)
---------------------------------
* freshclam/notify.c: fix clamd notification in TCP mode (bb#1756)
diff --git a/clamd/clamd.c b/clamd/clamd.c
index db7864a..479fbd5 100644
--- a/clamd/clamd.c
+++ b/clamd/clamd.c
@@ -385,6 +385,11 @@ int main(int argc, char **argv)
logg("#Not loading PUA signatures.\n");
}
+ if(optget(opts, "OfficialDatabaseOnly")->enabled) {
+ dboptions |= CL_DB_OFFICIAL_ONLY;
+ logg("#Only loading official signatures.\n");
+ }
+
/* set the temporary dir */
if((opt = optget(opts, "TemporaryDirectory"))->enabled) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
diff --git a/clamscan/clamscan.c b/clamscan/clamscan.c
index 15b2708..b9fefcb 100644
--- a/clamscan/clamscan.c
+++ b/clamscan/clamscan.c
@@ -201,6 +201,7 @@ void help(void)
mprintf(" --leave-temps[=yes/no(*)] Do not remove temporary files\n");
mprintf(" --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load\n");
mprintf(" all supported db files from DIR\n");
+ mprintf(" --official-db-only[=yes/no(*)] Only load official signatures\n");
mprintf(" --log=FILE -l FILE Save scan report to FILE\n");
mprintf(" --recursive[=yes/no(*)] -r Scan subdirectories recursively\n");
mprintf(" --cross-fs[=yes(*)/no] Scan files and directories on other filesystems\n");
diff --git a/clamscan/manager.c b/clamscan/manager.c
index 08ecca2..b855806 100644
--- a/clamscan/manager.c
+++ b/clamscan/manager.c
@@ -326,6 +326,9 @@ int scanmanager(const struct optstruct *opts)
if(optget(opts, "phishing-sigs")->enabled)
dboptions |= CL_DB_PHISHING;
+ if(optget(opts, "official-db-only")->enabled)
+ dboptions |= CL_DB_OFFICIAL_ONLY;
+
if(optget(opts,"phishing-scan-urls")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
diff --git a/docs/man/clamscan.1.in b/docs/man/clamscan.1.in
index 019079f..339ca0c 100644
--- a/docs/man/clamscan.1.in
+++ b/docs/man/clamscan.1.in
@@ -33,6 +33,9 @@ Write all messages (except for libclamav output) to the standard output (stdout)
\fB\-d FILE/DIR, \-\-database=FILE/DIR\fR
Load virus database from FILE or load all virus database files from DIR.
.TP
+\fB\-\-official\-db\-only=[yes/no(*)]\fR
+Only load the official signatures published by the ClamAV project.
+.TP
\fB\-l FILE, \-\-log=FILE\fR
Save scan report to FILE.
.TP
diff --git a/etc/clamd.conf b/etc/clamd.conf
index 79666db..2a895fa 100644
--- a/etc/clamd.conf
+++ b/etc/clamd.conf
@@ -64,6 +64,10 @@ Example
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav
+# Only load the official signatures published by the ClamAV project.
+# Default: no
+#OfficialDatabaseOnly no
+
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
diff --git a/libclamav/clamav.h b/libclamav/clamav.h
index 80134f7..7f91e6b 100644
--- a/libclamav/clamav.h
+++ b/libclamav/clamav.h
@@ -80,6 +80,7 @@ typedef enum {
#define CL_DB_PUA_EXCLUDE 0x200
#define CL_DB_COMPILED 0x400 /* internal */
#define CL_DB_DIRECTORY 0x800 /* internal */
+#define CL_DB_OFFICIAL_ONLY 0x1000
/* recommended db settings */
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_CVDNOTMP)
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 68fdbc4..04721ca 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1808,6 +1808,11 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned
if(dent->d_ino)
{
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && strcmp(dent->d_name, "daily.cvd") && strcmp(dent->d_name, "daily.cld") && strcmp(dent->d_name, "daily.cfg") && CLI_DBEXT(dent->d_name)) {
+ if((options & CL_DB_OFFICIAL_ONLY) && !strstr(dirname, "clamav-") && !cli_strbcasestr(dent->d_name, ".cld") && !cli_strbcasestr(dent->d_name, ".cvd")) {
+ cli_dbgmsg("Skipping unofficial database %s\n", dent->d_name);
+ continue;
+ }
+
dbfile = (char *) cli_malloc(strlen(dent->d_name) + strlen(dirname) + 2);
if(!dbfile) {
cli_dbgmsg("cli_loaddbdir(): dbfile == NULL\n");
diff --git a/shared/optparser.c b/shared/optparser.c
index 53ba535..4d1fc96 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -172,6 +172,8 @@ const struct clam_option __clam_options[] = {
{ "DatabaseDirectory", "datadir", 0, TYPE_STRING, NULL, -1, DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "/var/lib/clamav" },
+ { "OfficialDatabaseOnly", "official-db-only", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no" },
+
{ "LocalSocket", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" },
{ "FixStaleSocket", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Remove a stale socket after unclean shutdown", "yes" },
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list