[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:11:18 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit a96eead45078f54b48b79a23d7a8464387ab221c
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Wed Dec 9 23:32:34 2009 +0100
sigtool: add --test-sigs (basic functionality) (bb#1246)
diff --git a/ChangeLog b/ChangeLog
index 650aa13..766f906 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Dec 9 23:31:54 CET 2009 (tk)
+---------------------------------
+ * sigtool: add --test-sigs (basic functionality) (bb#1246)
+
Fri Dec 4 15:55:51 CET 2009 (tk)
---------------------------------
* freshclam/manager.c: improve handling of problematic mirrors (bb#1758)
diff --git a/docs/man/sigtool.1.in b/docs/man/sigtool.1.in
index 4067ba7..a9f01e7 100644
--- a/docs/man/sigtool.1.in
+++ b/docs/man/sigtool.1.in
@@ -74,6 +74,12 @@ List all signature names from the local database directory (default) or from FIL
.TP
\fB\-fREGEX, \-\-find\-sigs=REGEX\fR
Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
+.TP
+\fB\-fREGEX, \-\-decode\-sigs=REGEX\fR
+Decode signatures read from the standard input (eg. piped from \-\-find\-sigs)
+.TP
+\fB\-fREGEX, \-\-test\-sigs=DATABASE TARGET_FILE\fR
+Test all signatures from DATABASE against TARGET_FILE.
.SH "EXAMPLES"
.LP
.TP
diff --git a/libclamav/libclamav.map b/libclamav/libclamav.map
index 7d9ba25..4aa27d7 100644
--- a/libclamav/libclamav.map
+++ b/libclamav/libclamav.map
@@ -123,6 +123,7 @@ CLAMAV_PRIVATE {
cli_bm_init;
cli_bm_scanbuff;
cli_bm_free;
+ cli_initroots;
html_screnc_decode;
mpool_create;
mpool_destroy;
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 37194a8..0c8a546 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -273,7 +273,7 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex
return CL_SUCCESS;
}
-static int cli_initroots(struct cl_engine *engine, unsigned int options)
+int cli_initroots(struct cl_engine *engine, unsigned int options)
{
int i, ret;
struct cli_matcher *root;
diff --git a/libclamav/readdb.h b/libclamav/readdb.h
index 07f18f7..c478350 100644
--- a/libclamav/readdb.h
+++ b/libclamav/readdb.h
@@ -61,4 +61,6 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio);
+int cli_initroots(struct cl_engine *engine, unsigned int options);
+
#endif
diff --git a/shared/optparser.c b/shared/optparser.c
index 4c834c3..ff4e8c7 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -108,6 +108,7 @@ const struct clam_option __clam_options[] = {
{ NULL, "list-sigs", 'l', TYPE_STRING, NULL, -1, DATADIR, 0, OPT_SIGTOOL, "", "" },
{ NULL, "find-sigs", 'f', TYPE_STRING, NULL, -1, DATADIR, FLAG_REQUIRED, OPT_SIGTOOL, "", "" },
{ NULL, "decode-sigs", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },
+ { NULL, "test-sigs", 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
{ NULL, "vba", 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
{ NULL, "vba-hex", 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
{ NULL, "diff", 'd', TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
diff --git a/sigtool/sigtool.c b/sigtool/sigtool.c
index c9fc963..7d15325 100644
--- a/sigtool/sigtool.c
+++ b/sigtool/sigtool.c
@@ -65,6 +65,7 @@
#include "libclamav/htmlnorm.h"
#include "libclamav/default.h"
#include "libclamav/fmap.h"
+#include "libclamav/readdb.h"
#define MAX_DEL_LOOKAHEAD 200
@@ -1627,6 +1628,41 @@ static int verifydiff(const char *diff, const char *cvd, const char *incdir)
return ret;
}
+static int matchsig(const char *sig, int fd)
+{
+ struct cl_engine *engine;
+ int ret;
+
+ if(!(engine = cl_engine_new())) {
+ mprintf("!matchsig: Can't create new engine\n");
+ return 0;
+ }
+
+ if(cli_initroots(engine, 0) != CL_SUCCESS) {
+ mprintf("!matchsig: cli_initroots() failed\n");
+ cl_engine_free(engine);
+ return 0;
+ }
+
+ if(cli_parse_add(engine->root[0], "test", sig, 0, 0, "*", 0, NULL, 0) != CL_SUCCESS) {
+ mprintf("!matchsig: Can't parse signature\n");
+ cl_engine_free(engine);
+ return 0;
+ }
+
+ if(cl_engine_compile(engine) != CL_SUCCESS) {
+ mprintf("!matchsig: Can't compile engine\n");
+ cl_engine_free(engine);
+ return 0;
+ }
+
+ lseek(fd, 0, SEEK_SET);
+ ret = cl_scandesc(fd, NULL, NULL, engine, CL_SCAN_STDOPT);
+ cl_engine_free(engine);
+
+ return (ret == CL_VIRUS) ? 1 : 0;
+}
+
static char *decodehexstr(const char *hex, unsigned int *dlen)
{
uint16_t *str16;
@@ -1982,7 +2018,7 @@ static int decodehex(const char *hexsig)
return 0;
}
-static int decodesig(char *sig)
+static int decodesig(char *sig, int fd)
{
char *pt;
const char *tokens[68];
@@ -2019,8 +2055,12 @@ static int decodesig(char *sig)
} else {
mprintf(" +-> OFFSET: ANY\n");
}
- mprintf(" +-> DECODED SUBSIGNATURE:\n");
- decodehex(tokens[3 + i]);
+ if(fd == -1) {
+ mprintf(" +-> DECODED SUBSIGNATURE:\n");
+ decodehex(tokens[3 + i]);
+ } else {
+ mprintf(" +-> MATCH: %s\n", matchsig(tokens[3 + i], fd) ? "YES" : "** NO **");
+ }
}
} else if(strchr(sig, ':')) { /* ndb */
tokens_count = cli_strtokenize(sig, ':', 6 + 1, tokens);
@@ -2076,13 +2116,21 @@ static int decodesig(char *sig)
return -1;
}
mprintf("OFFSET: %s\n", tokens[2]);
- mprintf("DECODED SIGNATURE:\n");
- decodehex(tokens[3]);
+ if(fd == -1) {
+ mprintf("DECODED SIGNATURE:\n");
+ decodehex(tokens[3]);
+ } else {
+ mprintf("MATCH: %s\n", matchsig(tokens[3], fd) ? "YES" : "** NO **");
+ }
} else if((pt = strchr(sig, '='))) {
*pt++ = 0;
mprintf("VIRUS NAME: %s\n", sig);
- mprintf("DECODED SIGNATURE:\n");
- decodehex(pt);
+ if(fd == -1) {
+ mprintf("DECODED SIGNATURE:\n");
+ decodehex(pt);
+ } else {
+ mprintf("MATCH: %s\n", matchsig(pt, fd) ? "YES" : "** NO **");
+ }
} else {
mprintf("decodesig: Not supported signature format\n");
return -1;
@@ -2100,12 +2148,57 @@ static int decodesigs(void)
cli_chomp(buffer);
if(!strlen(buffer))
break;
- if(decodesig(buffer) == -1)
+ if(decodesig(buffer, -1) == -1)
return -1;
}
return 0;
}
+static int testsigs(const struct optstruct *opts)
+{
+ char buffer[32769];
+ FILE *sigs;
+ int ret = 0, fd;
+
+
+ if(!opts->filename) {
+ mprintf("!--test-sigs requires two arguments\n");
+ return -1;
+ }
+
+ if(cl_init(CL_INIT_DEFAULT) != CL_SUCCESS) {
+ mprintf("!testsigs: Can't initialize libclamav: %s\n", cl_strerror(ret));
+ return -1;
+ }
+
+ sigs = fopen(optget(opts, "test-sigs")->strarg, "rb");
+ if(!sigs) {
+ mprintf("!testsigs: Can't open file %s\n", optget(opts, "test-sigs")->strarg);
+ return -1;
+ }
+
+ fd = open(opts->filename[0], O_RDONLY|O_BINARY);
+ if(fd == -1) {
+ mprintf("!testsigs: Can't open file %s\n", optget(opts, "test-sigs")->strarg);
+ fclose(sigs);
+ return -1;
+ }
+
+ while(fgets(buffer, sizeof(buffer), sigs)) {
+ cli_chomp(buffer);
+ if(!strlen(buffer))
+ break;
+ if(decodesig(buffer, fd) == -1) {
+ ret = -1;
+ break;
+ }
+ }
+
+ close(fd);
+ fclose(sigs);
+ return ret;
+}
+
static int diffdirs(const char *old, const char *new, const char *patch)
{
FILE *diff;
@@ -2312,6 +2405,7 @@ static void help(void)
mprintf(" --list-sigs[=FILE] -l[FILE] List signature names\n");
mprintf(" --find-sigs=REGEX -fREGEX Find signatures matching REGEX\n");
mprintf(" --decode-sigs Decode signatures from stdin\n");
+ mprintf(" --test-sigs=DATABASE TARGET_FILE Test signatures from DATABASE against TARGET_FILE\n");
mprintf(" --vba=FILE Extract VBA/Word6 macro code\n");
mprintf(" --vba-hex=FILE Extract Word6 macro code with hex values\n");
mprintf(" --diff=OLD NEW -d OLD NEW Create diff for OLD and NEW CVDs\n");
@@ -2379,6 +2473,8 @@ int main(int argc, char **argv)
ret = listsigs(opts, 1);
else if(optget(opts, "decode-sigs")->active)
ret = decodesigs();
+ else if(optget(opts, "test-sigs")->enabled)
+ ret = testsigs(opts);
else if(optget(opts, "vba")->enabled || optget(opts, "vba-hex")->enabled)
ret = vbadump(opts);
else if(optget(opts, "diff")->enabled)
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list