[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:19:41 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 02eabc6d1ebba37f0e39c61c37e1290db67a8b08
Author: Török Edvin <edwin at clamav.net>
Date: Wed Feb 10 11:39:47 2010 +0200
Add the rest of the prefiltering glue code.
This is still disabled for now (see the & 0).
diff --git a/libclamav/matcher-ac.c b/libclamav/matcher-ac.c
index 21ae45e..dff56d4 100644
--- a/libclamav/matcher-ac.c
+++ b/libclamav/matcher-ac.c
@@ -42,6 +42,7 @@
#include "str.h"
#include "readdb.h"
#include "default.h"
+#include "filtering.h"
#include "mpool.h"
@@ -383,6 +384,18 @@ int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth)
root->ac_mindepth = mindepth;
root->ac_maxdepth = maxdepth;
+ /* TODO: dconf here ?*/
+ if (cli_mtargets[root->type].enable_prefiltering && 0) {/* Disabled for now */
+ root->filter = mpool_malloc(root->mempool, sizeof(*root->filter));
+ if (!root->filter) {
+ cli_errmsg("cli_ac_init: Can't allocate memory for ac_root->filter\n");
+ mpool_free(root->mempool, root->ac_root->trans);
+ mpool_free(root->mempool, root->ac_root);
+ return CL_EMEM;
+ }
+ filter_init(root->filter);
+ }
+
return CL_SUCCESS;
}
@@ -446,6 +459,8 @@ void cli_ac_free(struct cli_matcher *root)
mpool_free(root->mempool, root->ac_root->trans);
mpool_free(root->mempool, root->ac_root);
}
+ if (root->filter)
+ mpool_free(root->mempool, root->filter);
}
/*
@@ -1670,6 +1685,16 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex
new->length = strlen(hex ? hex : hexsig) / 2;
free(hex);
+ if (root->filter) {
+ /* so that we can show meaningful messages */
+ new->virname = (char*)virname;
+ if (filter_add_acpatt(root->filter, new) == -1) {
+ cli_warnmsg("cli_ac_addpatt: cannot use filter for trie\n");
+ mpool_free(root->mempool, root->filter);
+ root->filter = NULL;
+ }
+ }
+
for(i = 0; i < root->ac_maxdepth && i < new->length; i++) {
if(new->pattern[i] & CLI_MATCH_WILDCARD) {
wprefix = 1;
diff --git a/libclamav/matcher-bm.c b/libclamav/matcher-bm.c
index a206699..f6b510a 100644
--- a/libclamav/matcher-bm.c
+++ b/libclamav/matcher-bm.c
@@ -62,6 +62,16 @@ int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern, const
root->bm_reloff_num++;
}
+ if(root->filter) {
+ /* the bm_suffix load balancing below can shorten the sig,
+ * we want to see the entire signature! */
+ if (filter_add_static(root->filter, pattern->pattern, pattern->length, pattern->virname) == -1) {
+ cli_warnmsg("cli_bm_addpatt: cannot use filter for trie\n");
+ mpool_free(root->mempool, root->filter);
+ root->filter = NULL;
+ }
+ }
+
#if BM_MIN_LENGTH == BM_BLOCK_SIZE
/* try to load balance bm_suffix (at the cost of bm_shift) */
for(i = 0; i < pattern->length - BM_BLOCK_SIZE + 1; i++) {
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index ecd925f..bc306d2 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -48,6 +48,31 @@
#include "fmap.h"
#include "pe_icons.h"
#include "regex/regex.h"
+#include "filtering.h"
+#include "perflogging.h"
+
+#ifdef CLI_PERF_LOGGING
+
+static inline void PERF_LOG_FILTER(int32_t pos, int32_t length, int8_t trie)
+{
+ cli_perf_log_add(RAW_BYTES_SCANNED, length);
+ cli_perf_log_add(FILTER_BYTES_SCANNED, length - pos);
+ cli_perf_log_count2(TRIE_SCANNED, trie, length - pos);
+}
+
+static inline int PERF_LOG_TRIES(int8_t acmode, int8_t bm_called, int32_t length)
+{
+ if (bm_called)
+ cli_perf_log_add(BM_SCANNED, length);
+ if (acmode)
+ cli_perf_log_add(AC_SCANNED, length);
+ return 0;
+}
+
+#else
+static inline void PERF_LOG_FILTER(int32_t pos, uint32_t length, int8_t trie) {}
+static inline int PERF_LOG_TRIES(int8_t acmode, int8_t bm_called, int32_t length) { return 0; }
+#endif
static inline int matcher_run(const struct cli_matcher *root,
const unsigned char *buffer, uint32_t length,
@@ -60,8 +85,31 @@ static inline int matcher_run(const struct cli_matcher *root,
struct cli_bm_off *offdata)
{
int ret;
- if (root->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, NULL, root, offset, map, offdata)) != CL_VIRUS)
+ int32_t pos = 0;
+ struct filter_match_info info;
+ if (root->filter) {
+ if(filter_search_ext(root->filter, buffer, length, &info) == -1) {
+ /* for safety always scan last maxpatlen bytes */
+ pos = length - root->maxpatlen - 1;
+ if (pos < 0) pos = 0;
+ PERF_LOG_FILTER(pos, length, root->type);
+ } else {
+ /* must not cut buffer for 64[4-4]6161, because we must be able to check
+ * 64! */
+ pos = info.first_match - root->maxpatlen - 1;
+ if (pos < 0) pos = 0;
+ PERF_LOG_FILTER(pos, length, root->type);
+ }
+ } else {
+ PERF_LOG_FILTER(0, length, root->type);
+ }
+ length -= pos;
+ buffer += pos;
+ offset += pos;
+ if (root->ac_only || PERF_LOG_TRIES(0,1, length) || (ret = cli_bm_scanbuff(buffer, length, virname, NULL, root, offset, map, offdata)) != CL_VIRUS) {
+ PERF_LOG_TRIES(acmode, 0, length);
ret = cli_ac_scanbuff(buffer, length, virname, NULL, NULL, root, mdata, offset, ftype, ftoffset, acmode, NULL);
+ }
return ret;
}
diff --git a/libclamav/matcher.h b/libclamav/matcher.h
index 4df9d2f..1ed6ac4 100644
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@ -95,6 +95,7 @@ struct cli_matcher {
struct cli_ac_patt **ac_reloff;
uint32_t ac_reloff_num, ac_absoff_num;
uint8_t ac_mindepth, ac_maxdepth;
+ struct filter *filter;
uint16_t maxpatlen;
uint8_t ac_only;
@@ -126,20 +127,21 @@ struct cli_mtarget {
const char *name;
uint8_t idx; /* idx of matcher */
uint8_t ac_only;
+ uint8_t enable_prefiltering;
};
#define CLI_MTARGETS 10
static const struct cli_mtarget cli_mtargets[CLI_MTARGETS] = {
- { 0, "GENERIC", 0, 0 },
- { CL_TYPE_MSEXE, "PE", 1, 0 },
- { CL_TYPE_MSOLE2, "OLE2", 2, 1 },
- { CL_TYPE_HTML, "HTML", 3, 1 },
- { CL_TYPE_MAIL, "MAIL", 4, 1 },
- { CL_TYPE_GRAPHICS, "GRAPHICS", 5, 1 },
- { CL_TYPE_ELF, "ELF", 6, 1 },
- { CL_TYPE_TEXT_ASCII, "ASCII", 7, 1 },
- { CL_TYPE_ERROR, "NOT USED", 8, 1 },
- { CL_TYPE_MACHO, "MACH-O", 9, 1 }
+ { 0, "GENERIC", 0, 0, 1 },
+ { CL_TYPE_MSEXE, "PE", 1, 0, 1 },
+ { CL_TYPE_MSOLE2, "OLE2", 2, 1, 0 },
+ { CL_TYPE_HTML, "HTML", 3, 1, 0 },
+ { CL_TYPE_MAIL, "MAIL", 4, 1, 1 },
+ { CL_TYPE_GRAPHICS, "GRAPHICS", 5, 1, 0 },
+ { CL_TYPE_ELF, "ELF", 6, 1, 0 },
+ { CL_TYPE_TEXT_ASCII, "ASCII", 7, 1, 1 },
+ { CL_TYPE_ERROR, "NOT USED", 8, 1, 0 },
+ { CL_TYPE_MACHO, "MACH-O", 9, 1, 0 }
};
struct cli_target_info {
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list