35
37
#define CL_SUCCESS CL_CLEAN
38
#define CL_EMAXREC -100 /* recursion limit exceeded */
39
#define CL_EMAXSIZE -101 /* size limit exceeded */
40
#define CL_EMAXFILES -102 /* files limit exceeded */
40
#define CL_EMAXREC -100 /* (internal) recursion limit exceeded */
41
#define CL_EMAXSIZE -101 /* (internal) size limit exceeded */
42
#define CL_EMAXFILES -102 /* (internal) files limit exceeded */
41
43
#define CL_ERAR -103 /* rar handler error */
42
44
#define CL_EZIP -104 /* zip handler error */
43
45
#define CL_EGZIP -105 /* gzip handler error */
48
50
#define CL_EACCES -110 /* access denied */
49
51
#define CL_ENULLARG -111 /* null argument */
50
52
#define CL_ETMPFILE -112 /* tmpfile() failed */
51
#define CL_EFSYNC -113 /* fsync() failed */
53
/* #define CL_EFSYNC -113 *//* fsync() failed */
52
54
#define CL_EMEM -114 /* memory allocation error */
53
55
#define CL_EOPEN -115 /* file open error */
54
56
#define CL_EMALFDB -116 /* malformed database */
59
61
#define CL_EMD5 -121 /* MD5 verification error */
60
62
#define CL_EDSIG -122 /* digital signature verification error */
61
63
#define CL_EIO -123 /* general I/O error */
62
#define CL_EFORMAT -124 /* bad format or broken file */
64
#define CL_EFORMAT -124 /* (internal) bad format or broken file */
63
65
#define CL_ESUPPORT -125 /* not supported data format */
64
#define CL_ELOCKDB -126 /* can't lock DB directory */
65
66
#define CL_EARJ -127 /* ARJ handler error */
69
70
#define CL_DB_ACONLY 0x4 /* WARNING: only for developers */
70
71
#define CL_DB_PHISHING_URLS 0x8
71
72
#define CL_DB_PUA 0x10
73
#define CL_DB_CVDNOTMP 0x20
74
#define CL_DB_OFFICIAL 0x40
75
#define CL_DB_PUA_MODE 0x80
76
#define CL_DB_PUA_INCLUDE 0x100
77
#define CL_DB_PUA_EXCLUDE 0x200
73
79
/* recommended db settings */
74
80
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS)
77
#define CL_SCAN_RAW 0x0
78
#define CL_SCAN_ARCHIVE 0x1
79
#define CL_SCAN_MAIL 0x2
80
#define CL_SCAN_OLE2 0x4
81
#define CL_SCAN_BLOCKENCRYPTED 0x8
82
#define CL_SCAN_HTML 0x10
83
#define CL_SCAN_PE 0x20
84
#define CL_SCAN_BLOCKBROKEN 0x40
85
#define CL_SCAN_MAILURL 0x80
86
#define CL_SCAN_BLOCKMAX 0x100
87
#define CL_SCAN_ALGORITHMIC 0x200
88
#define CL_SCAN_PHISHING_DOMAINLIST 0x400
89
#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/
90
#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000
91
#define CL_SCAN_ELF 0x2000
92
#define CL_SCAN_PDF 0x4000
83
#define CL_SCAN_RAW 0x0
84
#define CL_SCAN_ARCHIVE 0x1
85
#define CL_SCAN_MAIL 0x2
86
#define CL_SCAN_OLE2 0x4
87
#define CL_SCAN_BLOCKENCRYPTED 0x8
88
#define CL_SCAN_HTML 0x10
89
#define CL_SCAN_PE 0x20
90
#define CL_SCAN_BLOCKBROKEN 0x40
91
#define CL_SCAN_MAILURL 0x80
92
#define CL_SCAN_BLOCKMAX 0x100 /* ignored */
93
#define CL_SCAN_ALGORITHMIC 0x200
94
#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/
95
#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000
96
#define CL_SCAN_ELF 0x2000
97
#define CL_SCAN_PDF 0x4000
98
#define CL_SCAN_STRUCTURED 0x8000
99
#define CL_SCAN_STRUCTURED_SSN_NORMAL 0x10000
100
#define CL_SCAN_STRUCTURED_SSN_STRIPPED 0x20000
101
#define CL_SCAN_PARTIAL_MESSAGE 0x40000
102
#define CL_SCAN_HEURISTIC_PRECEDENCE 0x80000
94
104
/* recommended scan settings */
95
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF | CL_SCAN_PHISHING_DOMAINLIST)
105
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_PDF | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF)
97
107
/* aliases for backward compatibility */
98
108
#define CL_RAW CL_SCAN_RAW
131
144
/* Dynamic configuration */
147
/* Filetype definitions */
150
/* Ignored signatures */
153
/* PUA categories (to be included or excluded) */
135
157
struct cl_limits {
158
unsigned long int maxscansize; /* during the scanning of archives this size
159
* will never be exceeded
161
unsigned long int maxfilesize; /* compressed files will only be decompressed
162
* and scanned up to this size
136
164
unsigned int maxreclevel; /* maximum recursion level for archives */
137
165
unsigned int maxfiles; /* maximum number of files to be scanned
138
166
* within a single archive
140
unsigned int maxmailrec; /* maximum recursion level for mail files */
141
unsigned int maxratio; /* maximum compression ratio */
142
168
unsigned short archivememlim; /* limit memory usage for some unpackers */
143
unsigned long int maxfilesize; /* compressed files larger than this limit
144
* will not be scanned
170
/* This is for structured data detection. You can set the minimum
171
* number of occurences of an CC# or SSN before the system will
172
* generate a notification.
174
unsigned int min_cc_count;
175
unsigned int min_ssn_count;