mirror/clamav
1
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2026-02-02 11:01:38 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,263 Commits 35 Branches 0 Tags
dac084fb91548399dcb4fc69cd2ab01dd67800dc
Commit Graph

245 Commits

Author SHA1 Message Date
Micah Snyder
dac084fb91 bb10979: clamd multi-threaded database reload #2 
Add clamd config option to force blocking clamd database reload to
conserve RAM. Users may set `ConcurrentDatabaseReload no` in their
clamd.conf config file to force a blocking reload.

The blocking mode will still perform the reload in a new thread, but
will first free the current database, wait for scans targeting that
database to complete, and then load the new database in the new thread
and wait (`pthread_join()`) on that thread. Once loaded, any pending
scans will continue. This is effectively the same behavior as how
clamd reloads worked before the multi-threaded database reload feature
was added.
 2020-07-01 22:06:15 -07:00
John Schember
a6a355629d Add DLP feature to detect credit cards only 
Add Data-Loss-Prevention option to detect credit cards only, excluding
debit and private label cards where possible.

You can select the credit card-only DLP mode for clamscan with the
`--structured-cc-mode` command-line option.

You can select the credit card-only DLP mode for clamd with the
`StructuredCCOnly` clamd.conf config option.

This patch also adds credit card matching for additional vendors:
- Mastercard 2016
- China Union Pay
- Discover 2009
 2020-04-29 13:55:25 -07:00
Micah Snyder (micasnyd)
6e17eb5e97 Adds missing clamscan --max-scantime documentation 2020-04-01 17:21:46 -07:00
Micah Snyder (micasnyd)
f5d465a864 bb12500: [docs] freshclam ReceiveTimeout clarity 2020-03-13 09:26:13 -07:00
Mickey Sola
f3e895c949 clamdscan - add ping and wait command line options 2020-02-03 09:08:00 -08:00
Tuomo Soini
2fd28e1d09 freshclam: change default of ReceiveTimeout to 0 
This fixes issues in cvd download when network speed is slow.
Setting is passed to libcurl CURLOPT_TIMEOUT. Original default of 60s
was not enough if network speed is limited. Curl handles this as
total time for http(s) transfer.

https://curl.haxx.se/libcurl/c/CURLOPT_TIMEOUT.html

Also change commented out setting of ReceiveTimeout on example configs
to somewhat sensible value (1800s).

Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2020-01-28 08:15:11 -08:00
Micah Snyder
206dbaefe8 Update copyright dates for 2020 2020-01-03 15:44:07 -05:00
Micah Snyder (micasnyd)
6a0abb897a Adds --max-scantime clamscan option and MaxScanTime clamd config option. 
--max-scantime replaces the --timelimit clamscan option that had been experimental.
Default max-scantime set to 2 minutes (120000 milliseconds).
 2019-10-02 16:08:29 -04:00
Mickey Sola
4fee702fc3 clamonacc - conform to clang-format 2019-10-02 16:08:29 -04:00
Mickey Sola
52dc3149e2 clamonacc - add pthread conditional wait to event consumer queue; add uname exclusion; add error handling for selinux permission denied case when reading fanotify kernel event queue; remove deprecated clamuko references; update clamd.conf.sample; remove unsused options in help output; add daemonization/foreground command-line option; add retry and deny on error functionality 2019-10-02 16:08:27 -04:00
Mickey Sola
132dd49bf9 clamonacc - add maxthreads config option; fix issue where mutex wasn't being unlocked on empty case; fix issue where pathname wasn't being passed in; added some noisy logging 2019-10-02 16:08:27 -04:00
Mickey Sola
0d78af13f1 clamonacc - add curl support for send receive and connecting to clam daemon; add new option for timeout when using curl; refactor all scanning into self-contained scanning thread; add non-blocking wait (via select) for receiving and sending data to and from clam daemon 2019-10-02 16:08:27 -04:00
Mickey Sola
e5ae2ad9fa clamonacc - clean/fix up command line option arg passing; use only logg for printing 2019-10-02 16:08:27 -04:00
Mickey Sola
497b72eae8 clamonacc - cleanup/improve logging; pare down uneeded proto functions; add initialfunctionality for watch and exclude list command line options; use reentrant safe onas_scan function 2019-10-02 16:08:27 -04:00
Micah Snyder
5f4f69102d Correcting types from int to cl_error_t where appropriate. Eliminating unused variables and referencing unused parameters to remove warnings. 2019-10-02 16:08:25 -04:00
Micah Snyder
06e3c1c896 Increased default freshclam receive timeout from 30 sec to 60 sec. Set default DatabaseMirror back to database.clamav.net, now that TLS/SSL is enabled on the mirrors that back the CDN. Some other updates to the man pages that were missing from previous changes. 2019-10-02 16:08:23 -04:00
Micah Snyder
cef54eaf8f Freshclam refresh. This update makes libcurl a hard requirement for ClamAV. 
New features added to freshclam:
- Update signature definitions over HTTPS.
- Support for HTTP protocol v1.1 (formerly v1.0).
- New libfreshclam library with an all new API and versioning separate from libclamav (v2.0.0). This library is now build and installed alongside libclamav as a hard dependency of freshclam.
- The ability to opt-in and opt-out of standard and optional official ClamAV databases (ExtraDatabase, ExcludeDatabase)
- The option to specify the protocol and port number of official and private mirror servers.
- Support for additional types of proxy servers beyond plain HTTP (SOCKS 4, SOCKS 5).

Features removed from freshclam:
- Mirror management (mirrors.dat) file. This feature is no longer needed as official signature databases are distributed using a paid content delivery network (Cloudflare).

This commit also adds the following features for Windows users:
- The clamsubmit tool.
- The json-c library dependency, which will enable the --gen-json option in clamscan.
- Third party libraries under the win32/3rdparty directory have been removed. Developers will need to build the libraries separately from ClamAV and provide the headers and lib/dll library files the same way they do for OpenSSL. This includes libxml2, pthread-win32, bzip2, zlib, pcre2 as well as new dependencies: curl, json-c. Developers are encouraged to use the build tool Mussels to simplify this task.
 2019-10-02 16:08:22 -04:00
Micah Snyder
52cddcbcfd Updating and cleaning up copyright notices. 2019-10-02 16:08:18 -04:00
Micah Snyder
29b6da0213 bb12227: Patch to adjust the default CommandReadTimeout to reduce the chance of mail loss when using clamav-milter with the TCP socket. Contribution by Scott Kitterman. 2019-10-02 16:08:17 -04:00
Micah Snyder
72fd33c8b2 clang-format'd using new .clang-format rules. 2019-10-02 16:08:16 -04:00
Micah Snyder (micasnyd)
78606d72ed Correction to logic enabling/disabling heuristic alerts. 2018-12-02 23:07:02 -05:00
Micah Snyder (micasnyd)
f61e92da8f Changing numerous scan options' names, primarily those of heuristic signatature alert options. Original options (command line and clamd) will remain as deprecated & undocumented for a couple releases. Added 2 extra scan options to allow users to differentiate between alerting on encrypted archives vs encrypted documents (bb11911). 2018-12-02 23:06:59 -05:00
Micah Snyder
a8c77430fd Removed cfgfile, line variables from optadditem() 
cfgfile and line variables make no sense as the function optadditem() exists to allow library users to set options programmatically without a config file.
 2018-12-02 23:06:58 -05:00
Josh Soref
33f14a688d Include filename in config file line reports 2018-12-02 23:06:58 -05:00
Micah Snyder
964a1e7321 Converting http urls to https urls. Primary focus was on clamav.net urls. I updated a couple others and fixes a few broken links as well. There are many (non-clamav.net) urls I didn't address, especially in 3rd party or contrib code. 2018-04-02 07:58:33 -04:00
Josh Soref
7cd9337a70 Spelling Adjustments (#30) 
* spelling: accessed

* spelling: alignment

* spelling: amalgamated

* spelling: answers

* spelling: another

* spelling: acquisition

* spelling: apitid

* spelling: ascii

* spelling: appending

* spelling: appropriate

* spelling: arbitrary

* spelling: architecture

* spelling: asynchronous

* spelling: attachments

* spelling: argument

* spelling: authenticode

* spelling: because

* spelling: boundary

* spelling: brackets

* spelling: bytecode

* spelling: calculation

* spelling: cannot

* spelling: changes

* spelling: check

* spelling: children

* spelling: codegen

* spelling: commands

* spelling: container

* spelling: concatenated

* spelling: conditions

* spelling: continuous

* spelling: conversions

* spelling: corresponding

* spelling: corrupted

* spelling: coverity

* spelling: crafting

* spelling: daemon

* spelling: definition

* spelling: delivered

* spelling: delivery

* spelling: delimit

* spelling: dependencies

* spelling: dependency

* spelling: detection

* spelling: determine

* spelling: disconnects

* spelling: distributed

* spelling: documentation

* spelling: downgraded

* spelling: downloading

* spelling: endianness

* spelling: entities

* spelling: especially

* spelling: empty

* spelling: expected

* spelling: explicitly

* spelling: existent

* spelling: finished

* spelling: flexibility

* spelling: flexible

* spelling: freshclam

* spelling: functions

* spelling: guarantee

* spelling: hardened

* spelling: headaches

* spelling: heighten

* spelling: improper

* spelling: increment

* spelling: indefinitely

* spelling: independent

* spelling: inaccessible

* spelling: infrastructure

Conflicts:
	docs/html/node68.html

* spelling: initializing

* spelling: inited

* spelling: instream

* spelling: installed

* spelling: initialization

* spelling: initialize

* spelling: interface

* spelling: intrinsics

* spelling: interpreter

* spelling: introduced

* spelling: invalid

* spelling: latency

* spelling: lawyers

* spelling: libclamav

* spelling: likelihood

* spelling: loop

* spelling: maximum

* spelling: million

* spelling: milliseconds

* spelling: minimum

* spelling: minzhuan

* spelling: multipart

* spelling: misled

* spelling: modifiers

* spelling: notifying

* spelling: objects

* spelling: occurred

* spelling: occurs

* spelling: occurrences

* spelling: optimization

* spelling: original

* spelling: originated

* spelling: output

* spelling: overridden

* spelling: parenthesis

* spelling: partition

* spelling: performance

* spelling: permission

* spelling: phishing

* spelling: portions

* spelling: positives

* spelling: preceded

* spelling: properties

* spelling: protocol

* spelling: protos

* spelling: quarantine

* spelling: recursive

* spelling: referring

* spelling: reorder

* spelling: reset

* spelling: resources

* spelling: resume

* spelling: retrieval

* spelling: rewrite

* spelling: sanity

* spelling: scheduled

* spelling: search

* spelling: section

* spelling: separator

* spelling: separated

* spelling: specify

* spelling: special

* spelling: statement

* spelling: streams

* spelling: succession

* spelling: suggests

* spelling: superfluous

* spelling: suspicious

* spelling: synonym

* spelling: temporarily

* spelling: testfiles

* spelling: transverse

* spelling: turkish

* spelling: typos

* spelling: unable

* spelling: unexpected

* spelling: unexpectedly

* spelling: unfinished

* spelling: unfortunately

* spelling: uninitialized

* spelling: unlocking

* spelling: unnecessary

* spelling: unpack

* spelling: unrecognized

* spelling: unsupported

* spelling: usable

* spelling: wherever

* spelling: wishlist

* spelling: white

* spelling: infrastructure

* spelling: directories

* spelling: overridden

* spelling: permission

* spelling: yesterday

* spelling: initialization

* spelling: intrinsics

* space adjustment for spelling changes

* minor modifications by klin
 2018-02-27 22:00:09 -05:00
Micah Snyder
a1da16eee7 bb11025: Correcting PUA URL in man pages and shared optparser. 2018-02-08 16:00:09 -05:00
Steven Morgan
961ab24c66 bb11996 - deprecate AllowSupplementaryGroups more gracefully. 2017-12-21 17:00:37 -05:00
Mickey Sola
ef48b6af14 0.99.3 - bb11978 - onas - adding ExcludeRootUID option as cleaner alternative to using negative values to whitelist root UIDs using the ExcludeUID option 2017-12-12 16:30:57 -05:00
Mickey Sola
a20128bb21 0.99.3 - bb11963 - ensuring users have a way to correctly exlcude UID 0 when using the onaccess scanner 2017-11-27 15:01:55 -05:00
Micah Snyder
22880de038 eliminating additional option references to stat collection and submission until such time as a new stats website and associated clamav code is ready. 2017-10-24 13:38:37 -04:00
Steven Morgan
dc30ba752d bb11910 - remove DetectionStatsHostID. 2017-10-18 16:46:58 -04:00
Mickey Sola
7a85da5c9a increasing size of pcre match limit 2017-03-01 16:19:17 -05:00
Steven Morgan
e7dfe57d3a bb11522 - additional block-max w.i.p. : clamd, man pages. 2016-09-20 17:45:40 -04:00
Steven Morgan
312b7e5391 bb11522 - enable clamscan option --blockmax to flag files as virus Heuristic.Limits.Exceeded when --max-filesize, --max-scansize, or --max-recursion is exceeded. 2016-08-24 17:39:20 -04:00
Kevin Lin
9c30a4fc6e sigtool: patch hybrid cvd generation 2016-08-17 11:31:56 -04:00
Kevin Lin
832d44e748 sig: convert .ith to .imp; add .imp to sigtool 2016-07-13 15:08:30 -04:00
Mickey Sola
2ea4230df2 bb11557 - drop AllowSupplementaryGroups option and make it default, patch by Sebastian A. Siewior 2016-06-09 10:40:38 -04:00
Ningirsu
f4265a5acd Adds a module to use Prelude and connect to a prelude manager 
To enable prelude compile with ./configure --enable-prelude

In ClamAV configuration file set Prelude Enable on yes and choose an analyzer name with PreludeAnalyzerName (default ClamAV).

You need to have a prelude manager to use this module.
 2016-06-09 10:40:38 -04:00
Steven Morgan
ce6becd511 bb11471 - add clamscan parameter --normalize=no for yara compatibility. 2016-06-02 18:09:25 -04:00
Kevin Lin
ec3e946d11 additional change of PCREMaxFileSize from MATCH_NUMBER to MATCH_SIZE 2016-05-04 12:09:00 -04:00
Steven Morgan
c18363244b bb1436 - clamscan 'block-macros' option. Patch by Kai Risku. 2016-03-10 18:26:33 -05:00
Mickey Sola
92e8a9ed93 bb11455 - patch by Mark Allan to add show-progress option to freshclam. 2016-02-11 15:57:31 -05:00
Mickey Sola
b68375fdbb bb10568 - patch from Andreas Cadhalpun to add systemd support for clamd and freshclam 2016-02-09 15:32:40 -05:00
Kevin Lin
9ee4cea182 optparser: fix to pcre-match-limit option 2016-02-08 11:30:16 -05:00
Kevin Lin
ea9ffd291b add scanning options for scanning xml-based documents (MSXML, OOXML, HWPML) and HWP3 2016-02-02 14:23:19 -05:00
Kevin Lin
731c8e6213 hwp3.x: add support for maximum recursive calls to hwp3 parsing 2016-01-19 14:28:48 -05:00
Kevin Lin
41e8fd628f change PCREMaxFileSize from MATCH_NUMBER to MATCH_SIZE to match documentation 2016-01-11 10:39:03 -05:00
Mickey Sola
7ee8537215 onas: adding optional extra scanning for inotify events 2015-10-15 14:35:41 -04:00
Mickey Sola
cf703fa100 onas: changing clamd NotifyOnly option to Prevention and disabling Prevention option by default. 2015-09-17 16:49:42 -04:00