2
2
* Phishing module: domain list implementation.
4
* Copyright (C) 2007-2008 Sourcefire, Inc.
4
* Copyright (C) 2006 T�r�k Edvin <edwintorok@gmail.com>
8
6
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License version 2 as
10
* published by the Free Software Foundation.
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
12
11
* This program is distributed in the hope that it will be useful,
13
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
18
17
* along with this program; if not, write to the Free Software
19
18
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
20
19
* MA 02110-1301, USA.
21
* $Log: phish_domaincheck_db.c,v $
22
* Revision 1.5 2006/10/10 23:51:49 tkojm
23
* apply patches for the anti-phish code from Edwin
25
* Revision 1.4 2006/10/07 13:55:01 tkojm
28
* Revision 1.3 2006/10/07 11:00:46 tkojm
29
* make the experimental anti-phishing code more thread safe
31
* Revision 1.2 2006/09/26 18:55:36 njh
32
* Fixed portability issues
34
* Revision 1.1 2006/09/13 19:40:27 njh
37
* Revision 1.1 2006/09/12 19:38:39 acab
38
* Phishing module merge - libclamav
40
* Revision 1.3 2006/08/20 21:18:11 edwin
41
* Added the script used to generate iana_tld.sh
42
* Added checks for phish_domaincheck_db
43
* Added phishing module design document from wiki (as discussed with aCaB).
44
* Updated .wdb/.pdb format documentation (in regex_list.c)
45
* Fixed some memory leaks in regex_list.c
46
* IOW: cleanups before the deadline.
47
* I consider my module to be ready for evaluation now.
49
* Revision 1.2 2006/08/09 16:26:44 edwin
50
* Forgot to add these files
24
55
#include "clamav-config.h"
58
#ifdef CL_EXPERIMENTAL
27
64
#ifdef CL_THREAD_SAFE
34
73
#include <string.h>
37
80
#include "clamav.h"
81
#include <sys/types.h>
88
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2)
38
92
#include "others.h"
39
#include "phishcheck.h"
95
#include "filetypes.h"
40
97
#include "phish_domaincheck_db.h"
41
98
#include "regex_list.h"
99
#include "matcher-ac.h"
43
int domainlist_match(const struct cl_engine* engine,char* real_url,const char* display_url,const struct pre_fixup_info* pre_fixup,int hostOnly)
101
int domainlist_match(const struct cl_engine* engine,const char* real_url,const char* display_url,int hostOnly,unsigned short* flags)
46
int rc = engine->domainlist_matcher ? regex_list_match(engine->domainlist_matcher,real_url,display_url,hostOnly ? pre_fixup : NULL,hostOnly,&info,0) : 0;
104
int rc = engine->domainlist_matcher ? regex_list_match(engine->domainlist_matcher,real_url,display_url,hostOnly,&info,0) : 0;
105
if(rc && info && info[0]) {/*match successfull, and has custom flags*/
106
if(strlen(info)==3 && isxdigit(info[0]) && isxdigit(info[1]) && isxdigit(info[2])) {
107
unsigned short notwantedflags=0;
108
sscanf(info,"%hx",¬wantedflags);
109
*flags &= ~notwantedflags;/* filter unwanted phishcheck flags */
112
cli_warnmsg("Phishcheck:Unknown flag format in domainlist, 3 hex digits expected");
53
121
engine->domainlist_matcher = (struct regex_matcher *) cli_malloc(sizeof(struct regex_matcher));
54
122
if(!engine->domainlist_matcher)
57
((struct regex_matcher*)engine->domainlist_matcher)->mempool = engine->mempool;
59
return init_regex_list(engine->domainlist_matcher, engine->dconf->other&OTHER_CONF_PREFILTERING);
124
return init_regex_list(engine->domainlist_matcher);
62
127
return CL_ENULLARG;
67
132
return (engine && engine->domainlist_matcher) ? is_regex_ok(engine->domainlist_matcher) : 1;
135
void domainlist_cleanup(const struct cl_engine* engine)
137
if(engine && engine->domainlist_matcher) {
138
regex_list_cleanup(engine->domainlist_matcher);
70
142
void domainlist_done(struct cl_engine* engine)
72
144
if(engine && engine->domainlist_matcher) {
73
145
regex_list_done(engine->domainlist_matcher);
74
146
free(engine->domainlist_matcher);
147
engine->domainlist_matcher = NULL;