Hi Micah,
On Fri 01/Mar/2019 03:34:10 +0100 Micah Snyder (micasnyd) wrote:
>
> Your attachment is correct. I will also note that the following macros enable
> the same feature. The name "collect metadata" seemed to be more intelligible
> than simply "properties":
>
> -#define CL_SCAN_FILE_PROPERTIES 0x10000000
> +#define CL_SCAN_GENERAL_COLLECT_METADATA 0x2 /* collect metadata
> (--gen-json) */
I suspected that, thank you for confirming.
> To be clear about how the new scan options defines work... Instead of one
> bit-flag variable, we now have 5 bitflags variables to select options using
> the cl_scan_options structure. They are categorized by feature, like this:
>
> struct cl_scan_options {
> uint32_t general; // <-- CL_SCAN_GENERAL_...
> uint32_t parse; // <-- CL_SCAN_PARSE_...
> uint32_t heuristic; // <-- CL_SCAN_HEURISTIC_...
> uint32_t mail; // <-- CL_SCAN_MAIL_...
> uint32_t dev; // <-- CL_SCAN_DEV_...
> };
Yeah, I got that. After I slept on it, I dropped the idea of keeping
compatibility with previous version. The problem is user options to my client
program. Following the example, I coded something like so:
if (load_options == 0)
load_options = CL_DB_STDOPT;
if (scan_options.general == 0 &&
scan_options.parse == 0 &&
scan_options.heuristic == 0 &&
scan_options.mail == 0 &&
scan_options.dev == 0)
{
scan_options.parse |= ~0; /* enable all parsers */
scan_options.general |= CL_SCAN_GENERAL_HEURISTICS; /* enable heuristic
alert options */
scan_options.mail |= CL_SCAN_MAIL_PARTIAL_MESSAGE; /* no easy attack
paths... */
}
if ((scan_options.parse & CL_SCAN_PARSE_MAIL) == 0) // no nonsense
{
err = 1;
filelog(logfile, LOG_ERR, "scan_mail disabled?!");
}
That snippet runs after user options are loaded from config file. If it's all
zeroes, the user configured no option —the most likely case. Choosy users can
set default options and then adjust them as needed. Testing single fields
separately would make it difficult to disable heuristics, say.
The client program is a mail filter, so I routinely enable
CL_SCAN_MAIL_PARTIAL_MESSAGE, lest allow attachments like:
Content-Type: Message/Partial; number=1; total=1;
id="easy.attack@malware.example"
> Come to think of it, I'm not sure why we don't include a macro in clamav.h to
> define the libclamav version number. I will have to discuss it with the
> team. To programmatically query a string of the version number, you can use
> `cl_retver()`.
Yup, I coded:
if (strstr(cl_retver(), ".101.") == NULL)
{
filelog(logfile, LOG_ALERT, "Need libclamav 101, found %s",
cl_retver());
return 1;
}
> Let me know if you have any other questions, and my apologies for the
> confusion.
You've got nothing to apologize for, your answers are crystal clear, and let me
thank you for them once more.
Best
Ale
--
_______________________________________________
clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel
Please submit your patches to our Bugzilla: http://bugzilla.clamav.net
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
