|
[-]
[+]
|
Added |
clamav.changes
|
|
|
|
[-]
[+]
|
Changed |
clamav.spec
^
|
|
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/ChangeLog
^
|
| @@ -1,4 +1,40 @@
-Mon Jul 25 16:42:31 CEST 2011 (tk)
+Mon Oct 17 18:04:30 CEST 2011 (tk)
+----------------------------------
+ * V 0.97.3
+
+Mon Oct 10 14:41:48 CEST 2011 (tk)
+----------------------------------
+ * freshclam/manager.c: fix error when compiling without DNS support (bb#3056)
+
+Sat Oct 8 12:19:49 EEST 2011 (edwin)
+-------------------------------------
+ * libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)
+
+Sat Oct 8 12:10:13 EEST 2011 (edwin)
+-------------------------------------
+ * libclamav/bytecode.c,bytecode_api.c: fix recursion level crash (bb #3706).
+
+Tue Aug 2 17:03:33 CEST 2011 (tk)
+----------------------------------
+ * docs: clarify behavior of --scan-*/Scan* options (bb#3134)
+
+Mon Jul 25 16:09:19 EEST 2011 (edwin)
+-------------------------------------
+ * libclamav/bytecode_vm.c: fix opcode 20 error (bb #3100)
+
+Thu Sep 15 14:44:11 CEST 2011 (tk)
+----------------------------------
+ * freshclam: fix pidfile removal (bb#3499)
+
+Sun Aug 21 17:05:24 EEST 2011 (edwin)
+-------------------------------------
+ * libclamav/pdf.c: fix incorrect blocking of some encrypted PDF with empty user passwords. (bb #3364)
+
+Wed Aug 3 15:41:28 CEST 2011 (tk)
+----------------------------------
+ * sigtool/sigtool.c: fix calculation of max signature length
+
+Tue Aug 2 17:03:33 CEST 2011 (tk)
----------------------------------
* V 0.97.2
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/NEWS
^
|
| @@ -1,45 +1,8 @@
-0.97.2
+0.97.3
------
-ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,
-hash matcher, and other minor issues. Please see the ChangeLog file for
-details.
-
-*** Announcement ***
-
-The ClamAV project is launching a new service called "Third Party web
-interface". It will allow selected individuals/organizations to publish
-ClamAV Virus Databases (CVD) through the ClamAV mirror network.
-
-If you choose to publish your signatures through our Third Party
-web interface you will benefit from the following:
-
-- before publishing the signatures, we will test them for
- false positives against our false positive file collection.
-- before publishing the signatures, we'll verify that the latest two major
- versions of ClamAV can load them correctly.
-- the signatures will be digitally signed and packaged into a single
- .cvd compressed file.
-- there will be no ".UNOFFICIAL" suffix in the detection names.
-- a custom prefix will be added to the detection names, identifying the
- organization which published the signature.
-- updates will be distributed both as full CVD files and cdiff
- incremental updates. Users will benefit from lower network traffic.
-- the .cvd and .cdiff files will be distributed through the
- ClamAV mirror network.
-- the service should result in faster remediation of false positives.
-- ClamAV users will be able to download the third party databases
- using freshclam, by adding a single line to freshclam.conf, what
- should make signature maintenance significantly easier.
-
-The service is still in beta, you are welcome to contact Luca Gibelli
-<luca*clamav.net> if you intend to join the beta program.
-
-We especially welcome those who already distribute their own unofficial
-signatures to join. A list of databases distributed by the new service
-will be available at http://www.clamav.net/download/cvd/3rdparty
-
-We will be happy to answer any questions you might have.
+ClamAV 0.97.3 is a minor bugfix release and is recommended for all users.
+Please refer to the ChangeLog file for details.
--
The ClamAV team (http://www.clamav.net/team)
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/README
^
|
| @@ -2,6 +2,16 @@
here may not be available in binary packages.
--
+0.97.3
+------
+
+ClamAV 0.97.3 is a minor bugfix release and is recommended for all users.
+Please refer to the ChangeLog file for details.
+
+--
+The ClamAV team (http://www.clamav.net/team)
+
+
0.97.2
------
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/clamd/clamd.c
^
|
| @@ -440,10 +440,10 @@
enum bytecode_security s;
if (!strcmp(opt->strarg, "TrustSigned")) {
s = CL_BYTECODE_TRUST_SIGNED;
- logg("Bytecode: Security mode set to \"TrustSigned\".\n");
+ logg("#Bytecode: Security mode set to \"TrustSigned\".\n");
} else if (!strcmp(opt->strarg, "Paranoid")) {
s = CL_BYTECODE_TRUST_NOTHING;
- logg("Bytecode: Security mode set to \"Paranoid\".\n");
+ logg("#Bytecode: Security mode set to \"Paranoid\".\n");
} else {
logg("!Unable to parse bytecode security setting:%s\n",
opt->strarg);
@@ -451,14 +451,14 @@
break;
}
if ((ret = cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, s))) {
- logg("Invalid bytecode security setting %s: %s\n", opt->strarg, cl_strerror(ret));
+ logg("^Invalid bytecode security setting %s: %s\n", opt->strarg, cl_strerror(ret));
ret = 1;
break;
}
}
if((opt = optget(opts,"BytecodeUnsigned"))->enabled) {
dboptions |= CL_DB_BYTECODE_UNSIGNED;
- logg("Bytecode: Enabled support for unsigned bytecode.\n");
+ logg("#Bytecode: Enabled support for unsigned bytecode.\n");
}
if((opt = optget(opts,"BytecodeMode"))->enabled) {
enum bytecode_mode mode;
@@ -476,7 +476,7 @@
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
}
} else
- logg("Bytecode support disabled.\n");
+ logg("#Bytecode support disabled.\n");
if(optget(opts,"PhishingScanURLs")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/configure
^
|
| @@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.67 for ClamAV 0.97.2.
+# Generated by GNU Autoconf 2.67 for ClamAV 0.97.3.
#
# Report bugs to <http://bugs.clamav.net/>.
#
@@ -703,8 +703,8 @@
# Identity of this package.
PACKAGE_NAME='ClamAV'
PACKAGE_TARNAME='clamav'
-PACKAGE_VERSION='0.97.2'
-PACKAGE_STRING='ClamAV 0.97.2'
+PACKAGE_VERSION='0.97.3'
+PACKAGE_STRING='ClamAV 0.97.3'
PACKAGE_BUGREPORT='http://bugs.clamav.net/'
PACKAGE_URL='http://www.clamav.net/'
@@ -974,6 +974,7 @@
with_group
enable_clamav
enable_debug
+with_version
enable_no_cache
enable_dns_fix
enable_bigstack
@@ -1539,7 +1540,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ClamAV 0.97.2 to adapt to many kinds of systems.
+\`configure' configures ClamAV 0.97.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1610,7 +1611,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ClamAV 0.97.2:";;
+ short | recursive ) echo "Configuration of ClamAV 0.97.3:";;
esac
cat <<\_ACEOF
@@ -1683,6 +1684,7 @@
--with-iconv supports iconv() (default=auto)
--with-user=uid name of the clamav user (default=clamav)
--with-group=gid name of the clamav group (default=clamav)
+ --with-version=STR use custom version string (dev only)
--with-dbdir=path path to virus database directory
--with-libncurses-prefix[=DIR] search for libncurses in DIR/include and DIR/lib
--without-libncurses-prefix don't search for libncurses in includedir and libdir
@@ -1766,7 +1768,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ClamAV configure 0.97.2
+ClamAV configure 0.97.3
generated by GNU Autoconf 2.67
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2235,7 +2237,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ClamAV $as_me 0.97.2, which was
+It was created by ClamAV $as_me 0.97.3, which was
generated by GNU Autoconf 2.67. Invocation command line was
$ $0 $@
@@ -3356,7 +3358,7 @@
# Define the identity of the package.
PACKAGE='clamav'
- VERSION='0.97.2'
+ VERSION='0.97.3'
# Some tools Automake needs.
@@ -3485,15 +3487,10 @@
$as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h
-VERSION="0.97.2"
-
-cat >>confdefs.h <<_ACEOF
-#define VERSION "$VERSION"
-_ACEOF
-
+VERSION="0.97.3"
LC_CURRENT=7
-LC_REVISION=11
+LC_REVISION=12
LC_AGE=1
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
@@ -5180,13 +5177,13 @@
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:5183: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:5180: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:5186: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:5183: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:5189: output\"" >&5)
+ (eval echo "\"\$as_me:5186: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@@ -6381,7 +6378,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 6384 "configure"' > conftest.$ac_ext
+ echo '#line 6381 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -7908,11 +7905,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7911: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7908: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7915: \$? = $ac_status" >&5
+ echo "$as_me:7912: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8247,11 +8244,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8250: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8247: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8254: \$? = $ac_status" >&5
+ echo "$as_me:8251: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8352,11 +8349,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8355: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8352: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8359: \$? = $ac_status" >&5
+ echo "$as_me:8356: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -8407,11 +8404,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8410: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8407: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8414: \$? = $ac_status" >&5
+ echo "$as_me:8411: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -10791,7 +10788,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10794 "configure"
+#line 10791 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10887,7 +10884,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10890 "configure"
+#line 10887 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -11559,7 +11556,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 11562 "configure"
+#line 11559 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -16649,6 +16646,13 @@
fi
+
+# Check whether --with-version was given.
+if test "${with_version+set}" = set; then :
+ withval=$with_version; VERSION="$withval"
+fi
+
+
# Check whether --enable-no-cache was given.
if test "${enable_no_cache+set}" = set; then :
enableval=$enable_no_cache; enable_nocache=$enableval
@@ -18369,6 +18373,11 @@
cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
#define VERSION_SUFFIX "$VERSION_SUFFIX"
_ACEOF
@@ -20624,7 +20633,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ClamAV $as_me 0.97.2, which was
+This file was extended by ClamAV $as_me 0.97.3, which was
generated by GNU Autoconf 2.67. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -20691,7 +20700,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ClamAV config.status 0.97.2
+ClamAV config.status 0.97.3
configured by $0, generated by GNU Autoconf 2.67,
with options \\"\$ac_cs_config\\"
@@ -23224,7 +23233,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ClamAV $as_me 0.97.2, which was
+This file was extended by ClamAV $as_me 0.97.3, which was
generated by GNU Autoconf 2.67. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23291,7 +23300,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ClamAV config.status 0.97.2
+ClamAV config.status 0.97.3
configured by $0, generated by GNU Autoconf 2.67,
with options \\"\$ac_cs_config\\"
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/configure.in
^
|
| @@ -20,7 +20,7 @@
AC_PREREQ([2.59])
dnl For a release change [devel] to the real version [0.xy]
dnl also change VERSION below
-AC_INIT([ClamAV], [0.97.2], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/])
+AC_INIT([ClamAV], [0.97.3], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/])
AH_BOTTOM([#include "platform.h"])
dnl put configure auxiliary into config
@@ -43,11 +43,10 @@
dnl change this on a release
dnl VERSION="devel-`date +%Y%m%d`"
-VERSION="0.97.2"
-AC_DEFINE_UNQUOTED([VERSION],"$VERSION",[Version number of package])
+VERSION="0.97.3"
LC_CURRENT=7
-LC_REVISION=11
+LC_REVISION=12
LC_AGE=1
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
AC_SUBST([LIBCLAMAV_VERSION])
@@ -856,6 +855,10 @@
AC_DEFINE([NDEBUG],1,[disable assertions])
fi
+AC_ARG_WITH([version],
+[ --with-version=STR use custom version string (dev only)],
+VERSION="$withval", )
+
AC_ARG_ENABLE([no-cache],
[ --enable-no-cache use "Cache-Control: no-cache" in freshclam],
enable_nocache=$enableval, enable_nocache="no")
@@ -1528,6 +1531,7 @@
AC_C_FDPASSING
+AC_DEFINE_UNQUOTED([VERSION],"$VERSION",[Version number of package])
AC_DEFINE_UNQUOTED([VERSION_SUFFIX],"$VERSION_SUFFIX",[Version suffix for package])
AC_ARG_ENABLE(clamdtop,
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/contrib/safe_clamd/safe_clamd
^
|
| @@ -19,13 +19,13 @@
##################### END CONFIGURATION #####################
# Do not touch anything below this line, unless you know what you are doing
-trap "signalClamd HUP" SIGHUP
-trap "signalClamd TERM" SIGTERM
-trap "signalClamd USR2" SIGUSR2
+trap "signalClamd HUP" HUP
+trap "signalClamd TERM" TERM
+trap "signalClamd USR2" USR2
getPid() {
PIDFILE=`grep ^PidFile $CLAMDCONF | sed -e 's/^PidFile\s*//'`
- if [ -z "PIDFILE" ]
+ if [ -z "$PIDFILE" ]
then
# missing PidFile directive
echo "Please enable the PidFile directive in $CLAMDCONF. See man clamd.conf for more info."
|
|
|
Changed |
clamav-0.97.3.tar.bz2/database/daily.cvd
^
|
|
|
Changed |
clamav-0.97.3.tar.bz2/database/main.cvd
^
|
|
|
Changed |
clamav-0.97.3.tar.bz2/docs/clamdoc.pdf
^
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/docs/clamdoc.tex
^
|
| @@ -71,7 +71,7 @@
\vspace{3cm}
\begin{flushright}
\rule[-1ex]{8cm}{3pt}\\
- \huge Clam AntiVirus 0.97.2\\
+ \huge Clam AntiVirus 0.97.3\\
\huge \emph{User Manual}\\
\end{flushright}
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/docs/html/clamdoc.html
^
|
| @@ -56,7 +56,7 @@
<BR>
<BR>
<DIV ALIGN="RIGHT">
-<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.97.2
+<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.97.3
<BR> <BIG CLASS="HUGE"><SPAN CLASS="textit">User Manual</SPAN>
<BR>
</BIG></BIG></DIV>
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/docs/html/index.html
^
|
| @@ -56,7 +56,7 @@
<BR>
<BR>
<DIV ALIGN="RIGHT">
-<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.97.2
+<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.97.3
<BR> <BIG CLASS="HUGE"><SPAN CLASS="textit">User Manual</SPAN>
<BR>
</BIG></BIG></DIV>
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/docs/man/clamscan.1.in
^
|
| @@ -55,10 +55,10 @@
Scan files and directories on other filesystems.
.TP
\fB\-\-follow\-dir\-symlinks=[0/1(*)/2]\fR
-Follow directory symlinks. There are 3 options: 0 - never follow directory symlinks, 1 (default) - only follow directory symlinks, which are passed as direct arguments to clamscan. 2 - never follow directory symlinks.
+Follow directory symlinks. There are 3 options: 0 - never follow directory symlinks, 1 (default) - only follow directory symlinks, which are passed as direct arguments to clamscan. 2 - always follow directory symlinks.
.TP
\fB\-\-follow\-file\-symlinks=[0/1(*)/2]\fR
-Follow file symlinks. There are 3 options: 0 - never follow file symlinks, 1 (default) - only follow file symlinks, which are passed as direct arguments to clamscan. 2 - never follow file symlinks.
+Follow file symlinks. There are 3 options: 0 - never follow file symlinks, 1 (default) - only follow file symlinks, which are passed as direct arguments to clamscan. 2 - always follow file symlinks.
.TP
\fB\-\-bell\fR
Sound bell on virus detection.
@@ -115,7 +115,7 @@
This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).
.TP
\fB\-\-scan\-mail[=yes(*)/no]\fR
-Scan mail files.
+Scan mail files. If you turn off this option, the original files will still be scanned, but without parsing individual messages/attachments.
.TP
\fB\-\-phishing\-sigs[=yes(*)/no]\fR
Use the signature-based phishing detection.
@@ -136,22 +136,22 @@
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option can be used to control the algorithmic detection.
.TP
\fB\-\-scan\-pe[=yes(*)/no]\fR
-PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG.
+PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG. If you turn off this option, the original files will still be scanned but without additional processing.
.TP
\fB\-\-scan\-elf[=yes(*)/no]\fR
-Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.
+Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support. If you turn it off, the original files will still be scanned but without additional processing.
.TP
\fB\-\-scan\-ole2[=yes(*)/no]\fR
-Scan Microsoft Office documents and .msi files.
+Scan Microsoft Office documents and .msi files. If you turn off this option, the original files will still be scanned but without additional processing.
.TP
\fB\-\-scan\-pdf[=yes(*)/no]\fR
-Scan within PDF files.
+Scan within PDF files. If you turn off this option, the original files will still be scanned, but without decoding and additional processing.
.TP
\fB\-\-scan\-html[=yes(*)/no]\fR
-Detect, normalize/decrypt and scan HTML files and embedded scripts.
+Detect, normalize/decrypt and scan HTML files and embedded scripts. If you turn off this option, the original files will still be scanned, but without additional processing.
.TP
\fB\-\-scan\-archive[=yes(*)/no]\fR
-Scan archives supported by libclamav.
+Scan archives supported by libclamav. If you turn off this option, the original files will still be scanned, but without unpacking and additional processing.
.TP
\fB\-\-detect\-broken[=yes/no(*)]\fR
Mark broken executables as viruses (Broken.Executable).
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/etc/clamd.conf
^
|
| @@ -240,12 +240,15 @@
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
-# and Petite.
+# and Petite. If you turn off this option, the original files will still be
+# scanned, but without additional processing.
# Default: yes
#ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
+# If you turn off this option, the original files will still be scanned, but
+# without additional processing.
# Default: yes
#ScanELF yes
@@ -261,6 +264,8 @@
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
+# If you turn off this option, the original files will still be scanned, but
+# without additional processing.
# Default: yes
#ScanOLE2 yes
@@ -271,6 +276,8 @@
#OLE2BlockMacros no
# This option enables scanning within PDF files.
+# If you turn off this option, the original files will still be scanned, but
+# without decoding and additional processing.
# Default: yes
#ScanPDF yes
@@ -280,6 +287,8 @@
##
# Enable internal e-mail scanner.
+# If you turn off this option, the original files will still be scanned, but
+# without parsing individual messages/attachments.
# Default: yes
#ScanMail yes
@@ -363,6 +372,8 @@
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
+# If you turn off this option, the original files will still be scanned, but
+# without additional processing.
#ScanHTML yes
@@ -371,6 +382,8 @@
##
# ClamAV can scan within archives and compressed files.
+# If you turn off this option, the original files will still be scanned, but
+# without unpacking and additional processing.
# Default: yes
#ScanArchive yes
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/freshclam/freshclam.c
^
|
| @@ -50,6 +50,7 @@
#include "clamav.h"
#include "libclamav/others.h"
+#include "libclamav/str.h"
#include "shared/optparser.h"
#include "shared/output.h"
@@ -65,6 +66,7 @@
static short foreground = 1;
char updtmpdir[512], dbdir[512];
int sigchld_wait = 1;
+const char *pidfile = NULL;
static void sighandler(int sig) {
@@ -103,7 +105,9 @@
default:
if(*updtmpdir)
cli_rmdirs(updtmpdir);
- logg("Update process interrupted\n");
+ if(pidfile)
+ unlink(pidfile);
+ logg("Update process terminated\n");
exit(2);
}
@@ -223,7 +227,7 @@
int main(int argc, char **argv)
{
int ret = 52, retcl;
- const char *cfgfile, *arg = NULL, *pidfile = NULL;
+ const char *cfgfile, *arg = NULL;
char *pt;
struct optstruct *opts;
const struct optstruct *opt;
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/freshclam/manager.c
^
|
| @@ -1388,21 +1388,25 @@
err = 1;
} else {
if(tar_addfile(fd, gzs, "COPYING") == -1) {
- logg("!buildcld: Can't add COPYING to .cld file\n");
+ logg("!buildcld: Can't add COPYING to new %s.cld - please check if there is enough disk space available\n", dbname);
+ if(!strcmp(dbname, "main") || !strcmp(dbname, "safebrowsing"))
+ logg("Updates to main.cvd or safebrowsing.cvd may require 200MB of disk space or more\n");
err = 1;
}
}
if(!err && !access(info, R_OK)) {
if(tar_addfile(fd, gzs, info) == -1) {
- logg("!buildcld: Can't add %s to .cld file\n", info);
+ logg("!buildcld: Can't add %s to new %s.cld - please check if there is enough disk space available\n", info, dbname);
+ if(!strcmp(dbname, "main") || !strcmp(dbname, "safebrowsing"))
+ logg("Updates to main.cvd or safebrowsing.cvd may require 200MB of disk space or more\n");
err = 1;
}
}
if(!err && !access("daily.cfg", R_OK)) {
if(tar_addfile(fd, gzs, "daily.cfg") == -1) {
- logg("!buildcld: Can't add daily.cfg to .cld file\n");
+ logg("!buildcld: Can't add daily.cfg to new %s.cld - please check if there is enough disk space available\n", dbname);
err = 1;
}
}
@@ -1425,7 +1429,9 @@
continue;
if(tar_addfile(fd, gzs, dent->d_name) == -1) {
- logg("!buildcld: Can't add %s to .cld file\n", dent->d_name);
+ logg("!buildcld: Can't add %s to new %s.cld - please check if there is enough disk space available\n", dent->d_name, dbname);
+ if(!strcmp(dbname, "main") || !strcmp(dbname, "safebrowsing"))
+ logg("Updates to main.cvd or safebrowsing.cvd may require 200MB of disk space or more\n");
CHDIR_ERR(cwd);
if(gzs)
gzclose(gzs);
@@ -1757,20 +1763,24 @@
if(!nodb && !ims) {
logg("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder);
*signo += current->sigs;
+#ifdef HAVE_RESOLV_H
if(mirror_stats && strlen(ip)) {
snprintf(squery, sizeof(squery), "%s.%u.%u.%u.%u.%s.ping.clamav.net", dbname, current->version, flevel, 1, w32, ip);
dnsquery(squery, T_A, NULL);
}
+#endif
cl_cvdfree(current);
return 1;
}
if(!remote) {
logg("^Can't read %s header from %s (IP: %s)\n", cvdfile, hostname, ip);
+#ifdef HAVE_RESOLV_H
if(mirror_stats && strlen(ip)) {
snprintf(squery, sizeof(squery), "%s.%u.%u.%u.%u.%s.ping.clamav.net", dbname, current->version + 1, flevel, 0, w32, ip);
dnsquery(squery, T_A, NULL);
}
+#endif
cl_cvdfree(current);
return 58;
}
@@ -1824,10 +1834,12 @@
if(nodb) {
ret = getcvd(cvdfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, newver, ctimeout, rtimeout, mdat, logerr, can_whitelist, opts);
if(ret) {
+#ifdef HAVE_RESOLV_H
if(mirror_stats && strlen(ip)) {
snprintf(squery, sizeof(squery), "%s.%u.%u.%u.%u.%s.ping.clamav.net", dbname, 0, flevel, 0, w32, ip);
dnsquery(squery, T_A, NULL);
}
+#endif
memset(ip, 0, 16);
free(newfile);
return ret;
@@ -1846,10 +1858,12 @@
llogerr = (j == maxattempts - 1);
ret = getpatch(dbname, tmpdir, i, hostname, ip, localip, proxy, port, user, pass, uas, ctimeout, rtimeout, mdat, llogerr, can_whitelist, opts);
if(ret == 52 || ret == 58) {
+#ifdef HAVE_RESOLV_H
if(mirror_stats && strlen(ip)) {
snprintf(squery, sizeof(squery), "%s.%u.%u.%u.%u.%s.ping.clamav.net", dbname, i, flevel, 0, w32, ip);
dnsquery(squery, T_A, NULL);
}
+#endif
memset(ip, 0, 16);
continue;
} else {
@@ -1868,10 +1882,12 @@
mirman_whitelist(mdat, 2);
ret = getcvd(cvdfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, newver, ctimeout, rtimeout, mdat, logerr, can_whitelist, opts);
if(ret) {
+#ifdef HAVE_RESOLV_H
if(mirror_stats && strlen(ip)) {
snprintf(squery, sizeof(squery), "%s.%u.%u.%u.%u.%s.ping.clamav.net", dbname, 0, flevel, 0, w32, ip);
dnsquery(squery, T_A, NULL);
}
+#endif
free(newfile);
return ret;
}
@@ -1920,7 +1936,7 @@
newfile = newfile2;
sigchld_wait = 0;/* we need to wait() for the child ourselves */
if (test_database_wrap(newfile, newdb, optget(opts, "Bytecode")->enabled)) {
- logg("!Failed to load new database: %s\n", cl_strerror(ret));
+ logg("!Failed to load new database\n");
unlink(newfile);
free(newfile);
return 55;
@@ -1967,10 +1983,12 @@
}
*signo += current->sigs;
+#ifdef HAVE_RESOLV_H
if(mirror_stats && strlen(ip)) {
snprintf(squery, sizeof(squery), "%s.%u.%u.%u.%u.%s.ping.clamav.net", dbname, current->version, flevel, 1, w32, ip);
dnsquery(squery, T_A, NULL);
}
+#endif
cl_cvdfree(current);
return 0;
}
@@ -2094,7 +2112,7 @@
newfile = newfile2;
sigchld_wait = 0;/* we need to wait() for the child ourselves */
if (test_database_wrap(newfile, dbname, optget(opts, "Bytecode")->enabled)) {
- logg("!Failed to load new database: %s\n", cl_strerror(ret));
+ logg("!Failed to load new database\n");
unlink(newfile);
free(newfile);
return 55;
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/bytecode.c
^
|
| @@ -2686,7 +2686,9 @@
cli_dbgmsg("Bytecode %u unpacked file\n", bc->id);
lseek(fd, 0, SEEK_SET);
cli_dbgmsg("***** Scanning unpacked file ******\n");
+ cctx->recursion++;
ret = cli_magic_scandesc(fd, cctx);
+ cctx->recursion--;
if (!cctx || !cctx->engine->keeptmp)
if (ftruncate(fd, 0) == -1)
cli_dbgmsg("ftruncate failed on %d\n", fd);
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/bytecode_api.c
^
|
| @@ -506,7 +506,9 @@
cli_file_t current = cctx->container_type;
if (ctx->containertype != CL_TYPE_ANY)
cctx->container_type = ctx->containertype;
+ cctx->recursion++;
res = cli_magic_scandesc(ctx->outfd, cctx);
+ cctx->recursion--;
cctx->container_type = current;
if (res == CL_VIRUS) {
if (cctx->virname)
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/bytecode_api.h
^
|
| @@ -102,7 +102,8 @@
BAD_STREAMLEN,
ENCRYPTED_PDF,
LINEARIZED_PDF, /* not bad, just as flag */
- DECRYPTABLE_PDF
+ DECRYPTABLE_PDF,
+ HAS_LAUNCHACTION
};
/** PDF obj flags */
@@ -128,7 +129,8 @@
OBJ_IMAGE,
OBJ_TRUNCATED,
OBJ_FORCEDUMP,
- OBJ_FILTER_STANDARD
+ OBJ_FILTER_STANDARD,
+ OBJ_LAUNCHACTION
};
#ifdef __CLAMBC__
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/bytecode_vm.c
^
|
| @@ -741,6 +741,12 @@
DEFINE_OP_BC_RET_N(OP_BC_RET*5+3, uint32_t, READ32, WRITE32);
DEFINE_OP_BC_RET_N(OP_BC_RET*5+4, uint64_t, READ64, WRITE64);
+ DEFINE_OP_BC_RET_N(OP_BC_RET_VOID*5, uint8_t, (void), (void));
+ DEFINE_OP_BC_RET_N(OP_BC_RET_VOID*5+1, uint8_t, (void), (void));
+ DEFINE_OP_BC_RET_N(OP_BC_RET_VOID*5+2, uint8_t, (void), (void));
+ DEFINE_OP_BC_RET_N(OP_BC_RET_VOID*5+3, uint8_t, (void), (void));
+ DEFINE_OP_BC_RET_N(OP_BC_RET_VOID*5+4, uint8_t, (void), (void));
+
DEFINE_ICMPOP(OP_BC_ICMP_EQ, res = (op0 == op1));
DEFINE_ICMPOP(OP_BC_ICMP_NE, res = (op0 != op1));
DEFINE_ICMPOP(OP_BC_ICMP_UGT, res = (op0 > op1));
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/filetypes_int.h
^
|
| @@ -40,7 +40,6 @@
"0:0:1f8b:GZip:CL_TYPE_ANY:CL_TYPE_GZ",
"0:0:23407e5e:SCRENC:CL_TYPE_ANY:CL_TYPE_SCRENC",
"0:0:252150532d41646f62652d:PostScript:CL_TYPE_ANY:CL_TYPE_IGNORED",
- "0:0:255044462d:PDF document:CL_TYPE_ANY:CL_TYPE_PDF",
"0:0:28546869732066696c65206d75737420626520636f6e76657274656420776974682042696e48657820342e3029:BinHex:CL_TYPE_ANY:CL_TYPE_BINHEX",
"0:0:2e524d46:Real Media File:CL_TYPE_ANY:CL_TYPE_IGNORED",
"0:0:3e46726f6d20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL",
@@ -130,8 +129,6 @@
"0:0:5349502d48495420285349502f48:SIP log:CL_TYPE_ANY:CL_TYPE_IGNORED",
"1:0:3c2540204c414e4755414745203d:HTML data:CL_TYPE_ANY:CL_TYPE_HTML",
"0:0:7b5c727466:RTF:CL_TYPE_ANY:CL_TYPE_RTF:30",
- "1:0,1024:255044462d??2e:PDF:CL_TYPE_ANY:CL_TYPE_PDF:30",
- "1:0,1024:257064662d??2e:PDF:CL_TYPE_ANY:CL_TYPE_PDF:30",
"0:257:7573746172:TAR-POSIX:CL_TYPE_ANY:CL_TYPE_POSIX_TAR",
"0:0:5b616c69617365735d:mirc ini:CL_TYPE_ANY:CL_TYPE_SCRIPT",
"1:0,1024:0a(46|66)726f6d3a20{-1024}0a(4d|6d)(49|69)(4d|6d)(45|65)2d(56|76)657273696f6e3a20:Mail file:CL_TYPE_ANY:CL_TYPE_MAIL",
@@ -143,7 +140,6 @@
"0:0:feedface:Mach-O BE:CL_TYPE_ANY:CL_TYPE_MACHO:45",
"0:0:feedfacf:Mach-O BE 64-bit:CL_TYPE_ANY:CL_TYPE_MACHO:45",
"0:0:cafebabe:Universal Binary/Java Bytecode:CL_TYPE_ANY:CL_TYPE_MACHO_UNIBIN:46",
- "1:*:496e7374616c6c536869656c6400{292}0600000000000000????????????????0000000001:ISHIELD-MSI:CL_TYPE_ANY:CL_TYPE_ISHIELD_MSI:45",
"0:0:377abcaf271c:7zip:CL_TYPE_ANY:CL_TYPE_7Z:47",
"0:0:52656365697665642d5350463a20:Mail file:CL_TYPE_ANY:CL_TYPE_MAIL",
"1:0,2048:0a(52|72)656365697665643a20{-2048}0a(43|63)6f6e74656e742d(54|74)7970653a20:Mail file:CL_TYPE_ANY:CL_TYPE_MAIL",
@@ -152,6 +148,23 @@
"0:0:303730373037:CPIO ODC:CL_TYPE_ANY:CL_TYPE_CPIO_ODC:45",
"0:0:71c7:CPIO OLD BINARY BE:CL_TYPE_ANY:CL_TYPE_CPIO_OLD:45",
"0:0:c771:CPIO OLD BINARY LE:CL_TYPE_ANY:CL_TYPE_CPIO_OLD:45",
+ "1:*:496e7374616c6c536869656c6400{292}0600000000000000????????????????0000000001:ISHIELD-MSI:CL_TYPE_ANY:CL_TYPE_ISHIELD_MSI:45",
+ "0:0:255044462d:PDF document:CL_TYPE_ANY:CL_TYPE_PDF:30:53",
+ "1:*:255044462d??2e*737461727478726566*2525454f46:PDF:CL_TYPE_ANY:CL_TYPE_PDF:54:54",
+ "1:*:255044462d??2e:PDF:CL_TYPE_ANY:CL_TYPE_PDF:30:53",
+ "1:*:257064662d??2e*737461727478726566*2525454f46:PDF:CL_TYPE_ANY:CL_TYPE_PDF:54:54",
+ "1:*:257064662d??2e:PDF:CL_TYPE_ANY:CL_TYPE_PDF:30:53",
+ "1:0:255044462d*737461727478726566*2525454f46:PDF document:CL_TYPE_ANY:CL_TYPE_PDF:54:54",
+ "0:0:255044462d:PDF document:CL_TYPE_ANY:CL_TYPE_PDF:55",
+ "1:*:255044462d??2e:PDF:CL_TYPE_ANY:CL_TYPE_PDF:55",
+ "1:*:257064662d??2e:PDF:CL_TYPE_ANY:CL_TYPE_PDF:55",
+ "0:0:53594d430100:SYM DATFILE:CL_TYPE_ANY:CL_TYPE_IGNORED",
+ "1:0,128:2f5247420a49440affffffffffffffffffffffffffffffffffffffffffffffff:PDF image:CL_TYPE_ANY:CL_TYPE_IGNORED",
+ "0:0:377f0682002de218:SQLite WAL:CL_TYPE_ANY:CL_TYPE_IGNORED",
+ "0:0:377f0683002de218:SQLite WAL:CL_TYPE_ANY:CL_TYPE_IGNORED",
+ "0:0:53514c69746520666f726d6174203300:SQLite database:CL_TYPE_ANY:CL_TYPE_IGNORED",
+ "0:0:d9d505f920a163d7:SQLite journal:CL_TYPE_ANY:CL_TYPE_IGNORED",
+ "0:0:ffd9ffd8:JPEG (bad header):CL_TYPE_ANY:CL_TYPE_GRAPHICS:70",
NULL
};
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/others.h
^
|
| @@ -53,7 +53,7 @@
* in re-enabling affected modules.
*/
-#define CL_FLEVEL 62
+#define CL_FLEVEL 63
#define CL_FLEVEL_DCONF CL_FLEVEL
#define CL_FLEVEL_SIGTOOL CL_FLEVEL
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/others_common.c
^
|
| @@ -396,7 +396,7 @@
{
#ifdef _WIN32
- return !CopyFileA(src, dest, 0) ? 0 : -1;
+ return CopyFileA(src, dest, 0) ? 0 : -1;
#else
char *buffer;
int s, d, bytes;
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/libclamav/pdf.c
^
|
| @@ -281,6 +281,9 @@
case HAS_OPENACTION:
s = "has /OpenAction";
break;
+ case HAS_LAUNCHACTION:
+ s = "has /LaunchAction";
+ break;
case BAD_STREAMLEN:
s = "bad /Length, too small";
break;
@@ -493,7 +496,7 @@
return length;
}
-#define DUMP_MASK ((1 << OBJ_FILTER_FLATE) | (1 << OBJ_FILTER_DCT) | (1 << OBJ_FILTER_AH) | (1 << OBJ_FILTER_A85) | (1 << OBJ_EMBEDDED_FILE) | (1 << OBJ_JAVASCRIPT) | (1 << OBJ_OPENACTION))
+#define DUMP_MASK ((1 << OBJ_FILTER_FLATE) | (1 << OBJ_FILTER_DCT) | (1 << OBJ_FILTER_AH) | (1 << OBJ_FILTER_A85) | (1 << OBJ_EMBEDDED_FILE) | (1 << OBJ_JAVASCRIPT) | (1 << OBJ_OPENACTION) | (1 << OBJ_LAUNCHACTION))
static int obj_size(struct pdf_struct *pdf, struct pdf_obj *obj, int binary)
{
@@ -771,6 +774,7 @@
STATE_JAVASCRIPT,
STATE_OPENACTION,
STATE_LINEARIZED,
+ STATE_LAUNCHACTION,
STATE_ANY /* for actions table below */
};
@@ -811,7 +815,8 @@
{"Length", OBJ_DICT, STATE_FILTER, STATE_NONE},
{"S", OBJ_DICT, STATE_NONE, STATE_S},
{"Type", OBJ_DICT, STATE_NONE, STATE_NONE},
- {"OpenAction", OBJ_OPENACTION, STATE_ANY, STATE_OPENACTION}
+ {"OpenAction", OBJ_OPENACTION, STATE_ANY, STATE_OPENACTION},
+ {"Launch", OBJ_LAUNCHACTION, STATE_ANY, STATE_LAUNCHACTION}
};
#define KNOWN_FILTERS ((1 << OBJ_FILTER_AH) | (1 << OBJ_FILTER_RL) | (1 << OBJ_FILTER_A85) | (1 << OBJ_FILTER_FLATE) | (1 << OBJ_FILTER_LZW) | (1 << OBJ_FILTER_FAX) | (1 << OBJ_FILTER_DCT) | (1 << OBJ_FILTER_JPX) | (1 << OBJ_FILTER_CRYPT))
@@ -868,6 +873,9 @@
}
}
+static char *pdf_readstring(const char *q0, int len, const char *key, unsigned *slen);
+static int pdf_readint(const char *q0, int len, const char *key);
+static const char *pdf_getdict(const char *q0, int* len, const char *key);
static void pdf_parseobj(struct pdf_struct *pdf, struct pdf_obj *obj)
{
/* enough to hold common pdf names, we don't need all the names */
@@ -943,9 +951,22 @@
handle_pdfname(pdf, obj, pdfname, escapes, &objstate);
if (objstate == STATE_LINEARIZED) {
+ long trailer_end, trailer;
pdfobj_flag(pdf, obj, LINEARIZED_PDF);
objstate = STATE_NONE;
+ trailer_end = pdf_readint(q, dict_length, "/H");
+ if (trailer_end > 0 && trailer_end < pdf->size) {
+ trailer = trailer_end - 1024;
+ if (trailer < 0) trailer = 0;
+ q2 = pdf->map + trailer;
+ cli_dbgmsg("cli_pdf: looking for trailer in linearized pdf: %ld - %ld\n", trailer, trailer_end);
+ pdf->fileID = pdf_readstring(q2, trailer_end - trailer, "/ID", &pdf->fileIDlen);
+ if (pdf->fileID)
+ cli_dbgmsg("found fileID\n");
+ }
}
+ if (objstate == STATE_LAUNCHACTION)
+ pdfobj_flag(pdf, obj, HAS_LAUNCHACTION);
if (dict_length > 0 && (objstate == STATE_JAVASCRIPT ||
objstate == STATE_OPENACTION)) {
if (objstate == STATE_OPENACTION)
@@ -1035,6 +1056,10 @@
{
const char *q;
+ if (*len <= 0) {
+ cli_dbgmsg("cli_pdf: bad length %d\n", *len);
+ return NULL;
+ }
q = cli_memstr(q0, *len, key, strlen(key));
if (!q) {
cli_dbgmsg("cli_pdf: %s not found in dict\n", key);
@@ -1065,7 +1090,7 @@
if (*q == '(') {
int paren = 1;
start = ++q;
- for (;paren > 0 && len > 0; q++) {
+ for (;paren > 0 && len > 0; q++,len--) {
switch (*q) {
case '(':
paren++;
@@ -1265,7 +1290,7 @@
memcpy(data, key_padding, 32);
arc4_init(&arc4, pdf->key, pdf->keylen);
arc4_apply(&arc4, data, 32);
- dbg_printhex("computed U", data, 32);
+ dbg_printhex("computed U (R2)", data, 32);
if (!memcmp(data, U, 32))
password_empty = 1;
} else if (R >= 3) {
@@ -1285,7 +1310,8 @@
arc4_init(&arc4, data, len);
arc4_apply(&arc4, result, 16);
}
- dbg_printhex("computed U", result, 16);
+ dbg_printhex("fileID", pdf->fileID, pdf->fileIDlen);
+ dbg_printhex("computed U (R>=3)", result, 16);
if (!memcmp(result, U, 16))
password_empty = 1;
} else {
@@ -1311,14 +1337,17 @@
char *O, *U;
const char *q, *q2;
- if (pdf->enc_objid == ~0u || !pdf->fileID)
+ if (pdf->enc_objid == ~0u)
return;
- obj = find_obj(pdf, pdf->objs, pdf->enc_objid);
- if (!obj)
+ if (!pdf->fileID) {
+ cli_dbgmsg("cli_pdf: pdf_handle_enc no file ID\n");
return;
- required_flags = (1 << OBJ_HASFILTERS) | (1 << OBJ_FILTER_STANDARD);
- if (!(obj->flags & required_flags))
+ }
+ obj = find_obj(pdf, pdf->objs, pdf->enc_objid);
+ if (!obj) {
+ cli_dbgmsg("cli_pdf: can't find encrypted object %d %d\n", pdf->enc_objid>>8, pdf->enc_objid&0xff);
return;
+ }
len = obj_size(pdf, obj, 1);
q = pdf->map + obj->start;
@@ -1336,8 +1365,19 @@
cli_dbgmsg("cli_pdf: /Standard not found\n");
break;
}
- len -= q2-q;
- q = q2;
+ /* we can have both of these:
+ * /AESV2/Length /Standard/Length
+ * /Length /Standard
+ * make sure we don't mistake AES's length for Standard's */
+ length = pdf_readint(q2, len - (q2 - q), "/Length");
+ if (length == ~0u)
+ length = pdf_readint(q, len, "/Length");
+ if (length == ~0u)
+ length = 40;
+ if (length < 40) {
+ cli_dbgmsg("cli_pdf: invalid length: %d\n", length);
+ length = 40;
+ }
R = pdf_readint(q, len, "/R");
if (R == ~0u) {
@@ -1385,13 +1425,6 @@
break;
}
}
- length = pdf_readint(q, len, "/Length");
- if (length == ~0u)
- length = 40;
- if (length < 40) {
- cli_dbgmsg("cli_pdf: invalid length: %d\n", length);
- length = 40;
- }
cli_dbgmsg("cli_pdf: Encrypt R: %d, P %x, length: %d\n", R, P, length);
if (length % 8) {
cli_dbgmsg("cli_pdf: wrong key length, not multiple of 8\n");
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/shared/optparser.c
^
|
| @@ -275,13 +275,13 @@
{ "AlgorithmicDetection", "algorithmic-detection", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "In some cases (eg. complex malware, exploits in graphic files, and others),\nClamAV uses special algorithms to provide accurate detection. This option\ncontrols the algorithmic detection.", "yes" },
- { "ScanPE", "scan-pe", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "PE stands for Portable Executable - it's an executable file format used\nin all 32- and 64-bit versions of Windows operating systems. This option\nallows ClamAV to perform a deeper analysis of executable files and it's also\nrequired for decompression of popular executable packers such as UPX or FSG.", "yes" },
+ { "ScanPE", "scan-pe", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "PE stands for Portable Executable - it's an executable file format used\nin all 32- and 64-bit versions of Windows operating systems. This option\nallows ClamAV to perform a deeper analysis of executable files and it's also\nrequired for decompression of popular executable packers such as UPX or FSG.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes" },
- { "ScanELF", "scan-elf", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Executable and Linking Format is a standard format for UN*X executables.\nThis option allows you to control the scanning of ELF files.", "yes" },
+ { "ScanELF", "scan-elf", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Executable and Linking Format is a standard format for UN*X executables.\nThis option allows you to control the scanning of ELF files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes" },
{ "DetectBrokenExecutables", "detect-broken", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled clamav will try to detect broken executables\n(both PE and ELF) and mark them as Broken.Executable.", "yes" },
- { "ScanMail", "scan-mail", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Enable the built in email scanner.", "yes" },
+ { "ScanMail", "scan-mail", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Enable the built in email scanner.\nIf you turn off this option, the original files will still be scanned, but\nwithout parsing individual messages/attachments.", "yes" },
{ "ScanPartialMessages", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Scan RFC1341 messages split over many emails. You will need to\nperiodically clean up $TemporaryDirectory/clamav-partial directory.\nWARNING: This option may open your system to a DoS attack. Please don't use\nthis feature on highly loaded servers.", "no" },
@@ -305,15 +305,15 @@
{ "StructuredSSNFormatStripped", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "With this option enabled the DLP module will search for valid\nSSNs formatted as xxxyyzzzz", "no" },
- { "ScanHTML", "scan-html", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Perform HTML/JavaScript/ScriptEncoder normalisation and decryption.", "yes" },
+ { "ScanHTML", "scan-html", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Perform HTML/JavaScript/ScriptEncoder normalisation and decryption.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes" },
- { "ScanOLE2", "scan-ole2", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning of OLE2 files, such as Microsoft Office\ndocuments and .msi files.", "yes" },
+ { "ScanOLE2", "scan-ole2", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning of OLE2 files, such as Microsoft Office\ndocuments and .msi files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes" },
{ "OLE2BlockMacros", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "With this option enabled OLE2 files with VBA macros, which were not\ndetected by signatures will be marked as \"Heuristics.OLE2.ContainsMacros\".", "no" },
- { "ScanPDF", "scan-pdf", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning within PDF files.", "yes" },
+ { "ScanPDF", "scan-pdf", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning within PDF files.\nIf you turn off this option, the original files will still be scanned, but\nwithout decoding and additional processing.", "yes" },
- { "ScanArchive", "scan-archive", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Scan within archives and compressed files.", "yes" },
+ { "ScanArchive", "scan-archive", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Scan within archives and compressed files.\nIf you turn off this option, the original files will still be scanned, but\nwithout unpacking and additional processing.", "yes" },
{ "ArchiveBlockEncrypted", "block-encrypted", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).", "no" },
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/sigtool/sigtool.c
^
|
| @@ -1598,7 +1598,7 @@
return -1;
}
- return nmax;
+ return nmax + 1;
}
static int compare(const char *oldpath, const char *newpath, FILE *diff)
|
|
[-]
[+]
|
Changed |
clamav-0.97.3.tar.bz2/unit_tests/valgrind.supp
^
|
| @@ -1,6 +1,6 @@
{
glibc-tls
- Memcheck:Free
+ Memcheck:Leak
fun:*
fun:_dl_allocate_tls
}
|
