mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2026-02-01 02:21:25 -05:00
201e1b12a7
The split test files are flagged by some AV's because they look like broken executables. Instead of splitting the test files to prevent detections, we should encrypt them. This commit replaces the "reassemble testfiles" script with a basic "XOR testfiles" script that can be used to encrypt or decrypt test files. This commit also of course then replaces all the split files with xor'ed files. The test and unit_tests directories were a bit of a mess, so I reorganized them all into unit_tests with all of the test files placed under "unit_tests/input" using subdirectories for different types of files.
OSS-Fuzz
ClamAV has chosen to integrate with oss-fuzz.
What this means is that this repository includes:
-
Fuzz targets:
- A function to which we apply fuzzing.
- For ClamAV, clamav_scanfile_fuzzer.cc may be compiled with specific macros defined to produce multiple fuzz targets.
- Additional fuzz targets may be added to fuzz other ClamAV inputs.
-
Seed corpora:
- A set of minimal test inputs that generate maximal code coverage.
- Each ClamAV fuzz target has a seed corpus located under: fuzz/corpus/
-
Fuzzing dictionaries:
- A simple dictionary of tokens used by the input language. This can have a dramatic positive effect on fuzzing efficiency. For example, when fuzzing an XML parser, a dictionary of XML tokens will help.
- Some ClamAV fuzz targets have a dictionary located under: fuzz/dictionaries/.dict
For more information on how this is set up, see: ideal OSS-Fuzz integration