[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:16:16 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit be43f951c61a002511bd10523621121283a22063
Author: Török Edvin <edwin at clamav.net>
Date: Fri Jan 22 14:36:56 2010 +0200
BytecodeSecurity setting.
diff --git a/clambc/bcrun.c b/clambc/bcrun.c
index 4e35367..1f27eee 100644
--- a/clambc/bcrun.c
+++ b/clambc/bcrun.c
@@ -192,7 +192,7 @@ int main(int argc, char *argv[])
bcs.all_bcs = bc;
bcs.count = 1;
- rc = cli_bytecode_load(bc, f, NULL);
+ rc = cli_bytecode_load(bc, f, NULL, 0);
if (rc != CL_SUCCESS) {
fprintf(stderr,"Unable to load bytecode: %s\n", cl_strerror(rc));
optfree(opts);
diff --git a/clamd/clamd.c b/clamd/clamd.c
index 8871302..cdb5e59 100644
--- a/clamd/clamd.c
+++ b/clamd/clamd.c
@@ -410,6 +410,23 @@ int main(int argc, char **argv)
if(optget(opts,"Bytecode")->enabled)
dboptions |= CL_DB_BYTECODE;
+ if((opt = optget(opts,"BytecodeSecurity"))->enabled) {
+ enum bytecode_security s;
+ if (!strcmp(opt->strarg, "TrustSigned"))
+ s = CL_BYTECODE_TRUST_SIGNED;
+ else if (!strcmp(opt->strarg, "None"))
+ s = CL_BYTECODE_TRUST_ALL;
+ else if (!strcmp(opt->strarg, "Paranoid"))
+ s = CL_BYTECODE_TRUST_NOTHING;
+ else {
+ logg("!Unable to parse bytecode security setting:%s\n",
+ opt->strarg);
+ ret = 1;
+ break;
+ }
+ cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, s);
+ }
+
if(optget(opts,"PhishingScanURLs")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
else
diff --git a/etc/clamd.conf b/etc/clamd.conf
index 2a895fa..e586d28 100644
--- a/etc/clamd.conf
+++ b/etc/clamd.conf
@@ -442,3 +442,14 @@ LocalSocket /tmp/clamd.socket
# Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
# Default: disabled
#ClamukoExcludePath /home/bofh
+
+# Set bytecode security level.
+# Possible values:
+# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
+# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
+# insert runtime safety checks for bytecode loaded from other sources
+# Paranoid - don't trust any bytecode, insert runtime checks for all
+# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
+#
+# Default: TrustSigned
+#BytecodeSecurity TrustSigned
diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index 690f758..f747a44 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -1222,7 +1222,7 @@ enum parse_state {
PARSE_BB
};
-int cli_bytecode_load(struct cli_bc *bc, FILE *f, struct cli_dbio *dbio)
+int cli_bytecode_load(struct cli_bc *bc, FILE *f, struct cli_dbio *dbio, int trust)
{
unsigned row = 0, current_func = 0, bb=0;
char *buffer;
@@ -1232,6 +1232,7 @@ int cli_bytecode_load(struct cli_bc *bc, FILE *f, struct cli_dbio *dbio)
int rc;
memset(bc, 0, sizeof(*bc));
+ bc->trusted = trust;
if (!f && !dbio) {
cli_errmsg("Unable to load bytecode (null file)\n");
return CL_ENULLARG;
diff --git a/libclamav/bytecode.h b/libclamav/bytecode.h
index d3be533..1917791 100644
--- a/libclamav/bytecode.h
+++ b/libclamav/bytecode.h
@@ -67,6 +67,7 @@ struct cli_bc {
struct cli_bc_dbgnode *dbgnodes;
unsigned dbgnode_cnt;
unsigned hook_lsig_id;
+ unsigned trusted;
};
struct cli_all_bc {
@@ -99,7 +100,7 @@ extern int have_clamjit;
}
#endif
int cli_bytecode_init(struct cli_all_bc *allbc);
-int cli_bytecode_load(struct cli_bc *bc, FILE *f, struct cli_dbio *dbio);
+int cli_bytecode_load(struct cli_bc *bc, FILE *f, struct cli_dbio *dbio, int security);
int cli_bytecode_prepare(struct cli_all_bc *allbc);
int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, struct cli_bc_ctx *ctx);
void cli_bytecode_destroy(struct cli_bc *bc);
diff --git a/libclamav/c++/bytecode2llvm.cpp b/libclamav/c++/bytecode2llvm.cpp
index c22d0e8..7acb34e 100644
--- a/libclamav/c++/bytecode2llvm.cpp
+++ b/libclamav/c++/bytecode2llvm.cpp
@@ -1204,6 +1204,9 @@ public:
}
}
}
+ if (!bc->trusted) {
+ //TODO: call verifier to insert runtime checks
+ }
delete [] Functions;
return true;
}
diff --git a/libclamav/clamav.h b/libclamav/clamav.h
index a5da093..b81672a 100644
--- a/libclamav/clamav.h
+++ b/libclamav/clamav.h
@@ -134,7 +134,14 @@ enum cl_engine_field {
CL_ENGINE_AC_MINDEPTH, /* uint32_t */
CL_ENGINE_AC_MAXDEPTH, /* uint32_t */
CL_ENGINE_TMPDIR, /* (char *) */
- CL_ENGINE_KEEPTMP /* uint32_t */
+ CL_ENGINE_KEEPTMP, /* uint32_t */
+ CL_ENGINE_BYTECODE_SECURITY /* uint32_t */
+};
+
+enum bytecode_security {
+ CL_BYTECODE_TRUST_ALL=0, /* insecure, debug setting */
+ CL_BYTECODE_TRUST_SIGNED, /* default */
+ CL_BYTECODE_TRUST_NOTHING /* paranoid setting */
};
extern int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long long num);
diff --git a/libclamav/cvd.c b/libclamav/cvd.c
index 31b38e0..b5bf583 100644
--- a/libclamav/cvd.c
+++ b/libclamav/cvd.c
@@ -300,6 +300,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un
dbio->readpt = dbio->buf;
cli_md5_init(&dbio->md5ctx);
dbio->bread = 0;
+ dbio->secure = 0;
/* cli_dbgmsg("cli_tgzload: Loading %s, size: %u\n", name, size); */
if(compr)
diff --git a/libclamav/cvd.h b/libclamav/cvd.h
index c5ca6c9..d3701ca 100644
--- a/libclamav/cvd.h
+++ b/libclamav/cvd.h
@@ -33,6 +33,7 @@ struct cli_dbio {
unsigned int size, bread;
char *buf, *bufpt, *readpt;
unsigned int usebuf, bufsize, readsize;
+ unsigned secure;
cli_md5_ctx md5ctx; /* TODO: replace with sha256 */
};
diff --git a/libclamav/others.c b/libclamav/others.c
index 9f40859..6a130a5 100644
--- a/libclamav/others.c
+++ b/libclamav/others.c
@@ -291,6 +291,7 @@ struct cl_engine *cl_engine_new(void)
new->min_cc_count = CLI_DEFAULT_MIN_CC_COUNT;
new->min_ssn_count = CLI_DEFAULT_MIN_SSN_COUNT;
+ new->bytecode_security = CL_BYTECODE_TRUST_SIGNED;
new->refcount = 1;
new->ac_only = 0;
new->ac_mindepth = CLI_DEFAULT_AC_MINDEPTH;
@@ -373,6 +374,9 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long
case CL_ENGINE_KEEPTMP:
engine->keeptmp = num;
break;
+ case CL_ENGINE_BYTECODE_SECURITY:
+ engine->bytecode_security = num;
+ break;
default:
cli_errmsg("cl_engine_set_num: Incorrect field number\n");
return CL_EARG;
diff --git a/libclamav/others.h b/libclamav/others.h
index 0e54d3a..3562257 100644
--- a/libclamav/others.h
+++ b/libclamav/others.h
@@ -246,6 +246,7 @@ struct cl_engine {
unsigned *hooks[_BC_LAST_HOOK - _BC_START_HOOKS];
unsigned hooks_cnt[_BC_LAST_HOOK - _BC_START_HOOKS];
unsigned hook_lsig_ids;
+ enum bytecode_security bytecode_security;
};
struct cl_settings {
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index f01c143..f6f3026 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1316,6 +1316,8 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
struct cli_all_bc *bcs = &engine->bcs;
struct cli_bc *bc;
unsigned sigs = 0;
+ unsigned security_trust = 0;
+
/* TODO: virusname have a common prefix, and whitelist by that */
if((rc = cli_initroots(engine, options)))
@@ -1331,7 +1333,25 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
}
bcs->count++;
bc = &bcs->all_bcs[bcs->count-1];
- rc = cli_bytecode_load(bc, fs, dbio);
+
+ switch (engine->bytecode_security) {
+ case CL_BYTECODE_TRUST_ALL:
+ security_trust = 1;
+ cli_dbgmsg("bytecode: trusting all bytecode!\n");
+ break;
+ case CL_BYTECODE_TRUST_SIGNED:
+ if (dbio && (!engine->dbinfo || !engine->dbinfo->cvd
+ || !engine->dbinfo->cvd->dsig)) {
+ cli_errmsg("CVD without signed .info?\n");
+ return CL_EMALFDB;
+ }
+ security_trust = dbio ? 1 : 0;
+ break;
+ default:
+ security_trust = 0;
+ }
+
+ rc = cli_bytecode_load(bc, fs, dbio, security_trust);
if (rc != CL_SUCCESS) {
cli_errmsg("Unable to load %s bytecode: %s\n", dbname, cl_strerror(rc));
return rc;
diff --git a/shared/optparser.c b/shared/optparser.c
index d84cace..03039cf 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -240,6 +240,8 @@ const struct clam_option __clam_options[] = {
/* Scan options */
{ "Bytecode", "bytecode", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
+ { "BytecodeSecurity", NULL, 0, TYPE_STRING, "^(None|TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD,
+ "Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
{ "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
{ "ExcludePUA", "exclude-pua", 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_CLAMSCAN, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool\nPWTool" },
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list