bb11343: Adding yara-rules (yes|no|only) runtime option for clamscan.

2026-02-02 19:11:25 -05:00 · 2015-07-23 15:36:16 -04:00
parent e7b3198df2
commit bbfac25813
4 changed files with 27 additions and 1 deletions
--- a/clamscan/manager.c
+++ b/clamscan/manager.c
@@ -624,6 +624,17 @@ int scanmanager(const struct optstruct *opts)
        return 2;
    }

+    if(optget(opts, "yara-rules")->enabled) {
+	char *p = optget(opts, "yara-rules")->strarg;
+	if(strcmp(p, "yes")) {
+	    if(!strcmp(p, "only"))
+		dboptions |= CL_DB_YARA_ONLY;
+	    else if (!strcmp(p, "no"))
+		dboptions |= CL_DB_YARA_EXCLUDE;
+	}
+
+    }
+
    if(optget(opts, "phishing-sigs")->enabled)
        dboptions |= CL_DB_PHISHING;

--- a/libclamav/clamav.h
+++ b/libclamav/clamav.h
@@ -135,6 +135,8 @@ typedef enum {
 #define CL_DB_BYTECODE_STATS 0x20000
 #define CL_DB_ENHANCED      0x40000
 #define CL_DB_PCRE_STATS    0x80000
+#define CL_DB_YARA_EXCLUDE  0x100000
+#define CL_DB_YARA_ONLY     0x200000

 /* recommended db settings */
 #define CL_DB_STDOPT	    (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE)
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -4262,6 +4262,14 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
    else
 	dbname = filename;

+#ifdef HAVE_YARA
+    if(options & CL_DB_YARA_ONLY) {
+        if(cli_strbcasestr(dbname, ".yar") || cli_strbcasestr(dbname, ".yara"))
+	    ret = cli_loadyara(fs, engine, signo, options, dbio, filename);
+	else
+	    skipped = 1;
+    } else
+#endif
    if(cli_strbcasestr(dbname, ".db")) {
 	ret = cli_loaddb(fs, engine, signo, options, dbio, dbname);

@@ -4360,7 +4368,10 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
 	ret = cli_loadopenioc(fs, dbname, engine, options);
 #ifdef HAVE_YARA
    } else if(cli_strbcasestr(dbname, ".yar") || cli_strbcasestr(dbname, ".yara")) {
-        ret = cli_loadyara(fs, engine, signo, options, dbio, filename);
+	if(!(options & CL_DB_YARA_EXCLUDE))
+	    ret = cli_loadyara(fs, engine, signo, options, dbio, filename);
+	else
+	    skipped = 1;
 #endif
    } else if(cli_strbcasestr(dbname, ".pwdb")) {
        ret = cli_loadpwdb(fs, engine, options, 0, dbio);
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -218,6 +218,8 @@ const struct clam_option __clam_options[] = {

    { "OfficialDatabaseOnly", "official-db-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no" },

+    { "YaraRules", "yara-rules", 0, CLOPT_TYPE_STRING, NULL, 0, NULL, 0, OPT_CLAMSCAN, "By default, yara rules will be loaded. This option allows you to exclude yara rules when scanning and also to scan only using yara rules. Valid options are yes|no|only", "yes"},
+
    { "LocalSocket", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" },

    { "LocalSocketGroup", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the group ownership on the unix socket.", "virusgroup" },