mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2026-04-29 11:14:20 -04:00
0ea66b540a
If the outermost layer is trusted (e.g. using an FP signature), the verdict passed back by the `cl_scan*_ex()` functions should be CL_VERDICT_TRUSTED. To ensure this, and other correct verdicts, I moved the logic setting the verdict to occur when adding indicators, or trusting a given layer. Then at the end of a scan, it will set the output verdict parameter to the top level verdict. This commit also: * Fixes a bug in the `ex_scan_callbacks` program where a crash would happen when a hash was retrieved for an inner layer, but isn't for the container. * Added debug logs whenever a hash is calculated or set, printing the hash type and hash string. * When a layer is trusted, in addition to removing evidence for that layer, it will also index the metadata JSON (if that feature is enabled) and will rename any "Viruses" to "IgnoredAlerts", and rename "ContainedIndicators" to "IgnoredContainedIndicators". * Fixed an issue where setting the hash algorithm with extra characters, like setting to "sha256789" would ignore the extra characters, and report the hash type as the same. It will now fail if the string length differs from the known hash algorithm.