32
30
#define CL_COUNT_PRECISION 4096
36
/* libclamav specific */
47
/* I/O and memory errors */
63
/* internal (not reported outside libclamav) */
69
CL_EBYTECODE,/* may be reported in testmode */
70
CL_EBYTECODE_TESTFAIL, /* may be reported in testmode */
77
/* no error codes below this line please */
33
#define CL_CLEAN 0 /* no virus found */
34
#define CL_VIRUS 1 /* virus(es) found */
35
#define CL_SUCCESS CL_CLEAN
38
#define CL_EMAXREC -100 /* recursion limit exceeded */
39
#define CL_EMAXSIZE -101 /* size limit exceeded */
40
#define CL_EMAXFILES -102 /* files limit exceeded */
41
#define CL_ERAR -103 /* rar handler error */
42
#define CL_EZIP -104 /* zip handler error */
43
#define CL_EGZIP -105 /* gzip handler error */
44
#define CL_EBZIP -106 /* bzip2 handler error */
45
#define CL_EOLE2 -107 /* OLE2 handler error */
46
#define CL_EMSCOMP -108 /* MS Expand handler error */
47
#define CL_EMSCAB -109 /* MS CAB module error */
48
#define CL_EACCES -110 /* access denied */
49
#define CL_ENULLARG -111 /* null argument */
50
#define CL_ETMPFILE -112 /* tmpfile() failed */
51
#define CL_EFSYNC -113 /* fsync() failed */
52
#define CL_EMEM -114 /* memory allocation error */
53
#define CL_EOPEN -115 /* file open error */
54
#define CL_EMALFDB -116 /* malformed database */
55
#define CL_EPATSHORT -117 /* pattern too short */
56
#define CL_ETMPDIR -118 /* mkdir() failed */
57
#define CL_ECVD -119 /* not a CVD file (or broken) */
58
#define CL_ECVDEXTR -120 /* CVD extraction failure */
59
#define CL_EMD5 -121 /* MD5 verification error */
60
#define CL_EDSIG -122 /* digital signature verification error */
61
#define CL_EIO -123 /* general I/O error */
62
#define CL_EFORMAT -124 /* bad format or broken file */
63
#define CL_ESUPPORT -125 /* not supported data format */
64
#define CL_ELOCKDB -126 /* can't lock DB directory */
65
#define CL_EARJ -127 /* ARJ handler error */
82
68
#define CL_DB_PHISHING 0x2
69
#define CL_DB_ACONLY 0x4 /* WARNING: only for developers */
83
70
#define CL_DB_PHISHING_URLS 0x8
84
71
#define CL_DB_PUA 0x10
85
#define CL_DB_CVDNOTMP 0x20 /* obsolete */
86
#define CL_DB_OFFICIAL 0x40 /* internal */
87
#define CL_DB_PUA_MODE 0x80
88
#define CL_DB_PUA_INCLUDE 0x100
89
#define CL_DB_PUA_EXCLUDE 0x200
90
#define CL_DB_COMPILED 0x400 /* internal */
91
#define CL_DB_DIRECTORY 0x800 /* internal */
92
#define CL_DB_OFFICIAL_ONLY 0x1000
93
#define CL_DB_BYTECODE 0x2000
94
#define CL_DB_SIGNED 0x4000 /* internal */
96
73
/* recommended db settings */
97
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE)
74
#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS)
100
#define CL_SCAN_RAW 0x0
101
#define CL_SCAN_ARCHIVE 0x1
102
#define CL_SCAN_MAIL 0x2
103
#define CL_SCAN_OLE2 0x4
104
#define CL_SCAN_BLOCKENCRYPTED 0x8
105
#define CL_SCAN_HTML 0x10
106
#define CL_SCAN_PE 0x20
107
#define CL_SCAN_BLOCKBROKEN 0x40
108
#define CL_SCAN_MAILURL 0x80 /* ignored */
109
#define CL_SCAN_BLOCKMAX 0x100 /* ignored */
110
#define CL_SCAN_ALGORITHMIC 0x200
111
#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/
112
#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000
113
#define CL_SCAN_ELF 0x2000
114
#define CL_SCAN_PDF 0x4000
115
#define CL_SCAN_STRUCTURED 0x8000
116
#define CL_SCAN_STRUCTURED_SSN_NORMAL 0x10000
117
#define CL_SCAN_STRUCTURED_SSN_STRIPPED 0x20000
118
#define CL_SCAN_PARTIAL_MESSAGE 0x40000
119
#define CL_SCAN_HEURISTIC_PRECEDENCE 0x80000
120
#define CL_SCAN_BLOCKMACROS 0x100000
122
#define CL_SCAN_INTERNAL_COLLECT_SHA 0x80000000 /* Enables hash output in sha-collect builds - for internal use only */
77
#define CL_SCAN_RAW 0x0
78
#define CL_SCAN_ARCHIVE 0x1
79
#define CL_SCAN_MAIL 0x2
80
#define CL_SCAN_OLE2 0x4
81
#define CL_SCAN_BLOCKENCRYPTED 0x8
82
#define CL_SCAN_HTML 0x10
83
#define CL_SCAN_PE 0x20
84
#define CL_SCAN_BLOCKBROKEN 0x40
85
#define CL_SCAN_MAILURL 0x80
86
#define CL_SCAN_BLOCKMAX 0x100
87
#define CL_SCAN_ALGORITHMIC 0x200
88
#define CL_SCAN_PHISHING_DOMAINLIST 0x400
89
#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/
90
#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000
91
#define CL_SCAN_ELF 0x2000
92
#define CL_SCAN_PDF 0x4000
124
94
/* recommended scan settings */
125
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_PDF | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF)
127
/* cl_countsigs options */
128
#define CL_COUNTSIGS_OFFICIAL 0x1
129
#define CL_COUNTSIGS_UNOFFICIAL 0x2
130
#define CL_COUNTSIGS_ALL (CL_COUNTSIGS_OFFICIAL | CL_COUNTSIGS_UNOFFICIAL)
135
#define CL_INIT_DEFAULT 0x0
136
extern int cl_init(unsigned int initoptions);
138
extern struct cl_engine *cl_engine_new(void);
140
enum cl_engine_field {
141
CL_ENGINE_MAX_SCANSIZE, /* uint64_t */
142
CL_ENGINE_MAX_FILESIZE, /* uint64_t */
143
CL_ENGINE_MAX_RECURSION, /* uint32_t */
144
CL_ENGINE_MAX_FILES, /* uint32_t */
145
CL_ENGINE_MIN_CC_COUNT, /* uint32_t */
146
CL_ENGINE_MIN_SSN_COUNT, /* uint32_t */
147
CL_ENGINE_PUA_CATEGORIES, /* (char *) */
148
CL_ENGINE_DB_OPTIONS, /* uint32_t */
149
CL_ENGINE_DB_VERSION, /* uint32_t */
150
CL_ENGINE_DB_TIME, /* time_t */
151
CL_ENGINE_AC_ONLY, /* uint32_t */
152
CL_ENGINE_AC_MINDEPTH, /* uint32_t */
153
CL_ENGINE_AC_MAXDEPTH, /* uint32_t */
154
CL_ENGINE_TMPDIR, /* (char *) */
155
CL_ENGINE_KEEPTMP, /* uint32_t */
156
CL_ENGINE_BYTECODE_SECURITY, /* uint32_t */
157
CL_ENGINE_BYTECODE_TIMEOUT, /* uint32_t */
158
CL_ENGINE_BYTECODE_MODE /* uint32_t */
161
enum bytecode_security {
162
CL_BYTECODE_TRUST_ALL=0, /* insecure, debug setting */
163
CL_BYTECODE_TRUST_SIGNED, /* default */
164
CL_BYTECODE_TRUST_NOTHING /* paranoid setting */
168
CL_BYTECODE_MODE_AUTO=0, /* JIT if possible, fallback to interpreter */
169
CL_BYTECODE_MODE_JIT, /* force JIT */
170
CL_BYTECODE_MODE_INTERPRETER, /* force interpreter */
171
CL_BYTECODE_MODE_TEST, /* both JIT and interpreter, compare results,
172
all failures are fatal */
173
CL_BYTECODE_MODE_OFF /* for query only, not settable */
176
extern int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long long num);
178
extern long long cl_engine_get_num(const struct cl_engine *engine, enum cl_engine_field field, int *err);
180
extern int cl_engine_set_str(struct cl_engine *engine, enum cl_engine_field field, const char *str);
182
extern const char *cl_engine_get_str(const struct cl_engine *engine, enum cl_engine_field field, int *err);
184
extern struct cl_settings *cl_engine_settings_copy(const struct cl_engine *engine);
186
extern int cl_engine_settings_apply(struct cl_engine *engine, const struct cl_settings *settings);
188
extern int cl_engine_settings_free(struct cl_settings *settings);
190
extern int cl_engine_compile(struct cl_engine *engine);
192
extern int cl_engine_addref(struct cl_engine *engine);
194
extern int cl_engine_free(struct cl_engine *engine);
197
/* CALLBACKS - WARNING: unstable API - WIP */
200
typedef cl_error_t (*clcb_pre_scan)(int fd, void *context);
203
fd = File descriptor which is about to be scanned
204
context = Opaque application provided data
207
CL_CLEAN = File is scanned
208
CL_BREAK = Whitelisted by callback - file is skipped and marked as clean
209
CL_VIRUS = Blacklisted by callback - file is skipped and marked as infected
211
extern void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback);
214
typedef cl_error_t (*clcb_post_scan)(int fd, int result, const char *virname, void *context);
217
fd = File descriptor which is was scanned
218
result = The scan result for the file
219
virname = Virus name if infected
220
context = Opaque application provided data
223
CL_CLEAN = Scan result is not overridden
224
CL_BREAK = Whitelisted by callback - scan result is set to CL_CLEAN
225
CL_VIRUS = Blacklisted by callback - scan result is set to CL_VIRUS
227
extern void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback);
230
typedef int (*clcb_sigload)(const char *type, const char *name, void *context);
233
type = The signature type (e.g. "db", "ndb", "mdb", etc.)
234
name = The virus name
235
context = Opaque application provided data
238
0 = Load the current signature
239
Non 0 = Skip the current signature
241
WARNING: Some signatures (notably ldb, cbc) can be dependent upon other signatures.
242
Failure to preserve dependency chains will result in database loading failure.
243
It is the implementor's responsibility to guarantee consistency.
245
extern void cl_engine_set_clcb_sigload(struct cl_engine *engine, clcb_sigload callback, void *context);
247
/* LibClamAV messages callback
248
* The specified callback will be called instead of logging to stderr.
249
* Messages of lower severity than specified are logged as usual.
251
* Just like with cl_debug() this must be called before going multithreaded.
252
* Callable before cl_init, if you want to log messages from cl_init() itself.
254
* You can use context of cl_scandesc_callback to convey more information to the callback (such as the filename!)
255
* Note: setting a 2nd callbacks overwrites previous, multiple callbacks are not
259
/* leave room for more message levels in the future */
260
CL_MSG_INFO_VERBOSE = 32, /* verbose */
261
CL_MSG_WARN = 64, /* LibClamAV WARNING: */
262
CL_MSG_ERROR = 128/* LibClamAV ERROR: */
264
typedef void (*clcb_msg)(enum cl_msg severity, const char *fullmsg, const char *msg, void *context);
265
extern void cl_set_clcb_msg(clcb_msg callback);
267
/* LibClamAV hash stats callback */
268
typedef void (*clcb_hash)(int fd, unsigned long long size, const unsigned char *md5, const char *virname, void *context);
269
extern void cl_engine_set_clcb_hash(struct cl_engine *engine, clcb_hash callback);
95
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF | CL_SCAN_PHISHING_DOMAINLIST)
97
/* aliases for backward compatibility */
98
#define CL_RAW CL_SCAN_RAW
99
#define CL_ARCHIVE CL_SCAN_ARCHIVE
100
#define CL_MAIL CL_SCAN_MAIL
101
#define CL_OLE2 CL_SCAN_OLE2
102
#define CL_ENCRYPTED CL_SCAN_BLOCKENCRYPTED
103
#define cl_node cl_engine
104
#define cl_perror cl_strerror
107
unsigned int refcount; /* reference counter */
109
unsigned int dboptions;
117
/* B-M matcher for MD5 sigs for PE sections */
126
/* Phishing .pdb and .wdb databases*/
127
void *whitelist_matcher;
128
void *domainlist_matcher;
131
/* Dynamic configuration */
136
unsigned int maxreclevel; /* maximum recursion level for archives */
137
unsigned int maxfiles; /* maximum number of files to be scanned
138
* within a single archive
140
unsigned int maxmailrec; /* maximum recursion level for mail files */
141
unsigned int maxratio; /* maximum compression ratio */
142
unsigned short archivememlim; /* limit memory usage for some unpackers */
143
unsigned long int maxfilesize; /* compressed files larger than this limit
144
* will not be scanned
150
unsigned int entries;
273
151
struct stat *stattab;
274
152
char **statdname;
275
unsigned int entries;
278
155
struct cl_cvd { /* field no. */