Source: c-icap-modules Version: 1:0.4.4-1 Severity: normal Tags: patch I would like to upload new clamav release to unstable/stable. This requires changes to the source package due to ABI changes on clamav's side. The new version 0.5.3 has support for that. I am also attaching a tiny backport of those changes.
Sebastian
From: Sebastian Andrzej Siewior <[email protected]> Date: Sat, 19 Jan 2019 21:12:25 +0100 Subject: [PATCH] backport clamav changes from 0.5.3 --- configure.ac | 12 ++++++++ services/virus_scan/clamav_mod.c | 62 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 6d01fad8e47b..df5060941b7b 100644 --- a/configure.ac +++ b/configure.ac @@ -187,7 +187,19 @@ if test a"$clamav" = "ayes"; then AC_DEFINE(HAVE_LIBCLAMAV_095,1,[Define HAVE_LIBCLAMAV_095 if have clamav 0.95.x or newer]) AC_MSG_RESULT(yes), ) + + # + # clamav dropped CL_SCAN_HEURISTIC_ENCRYPTED in 0.101 replacing it with + # CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE and CL_SCAN_HEURISTIC_ENCRYPTED_DOC # restore flags / clamav tests + AC_MSG_CHECKING([for HAVE_CL_SCAN_OPTIONS in clamav.h]) + AC_TRY_COMPILE( + [#include <clamav.h>], + [struct cl_scan_options CLAMSCAN_OPTIONS = { 0, 0, 0, 0, 0 };], + AC_DEFINE(HAVE_CL_SCAN_OPTIONS,1,[Define HAVE_CL_SCAN_OPTIONS if have clamav 0.101.x or newer]) + AC_MSG_RESULT(yes), + AC_MSG_RESULT(no), + ) CFLAGS=$OLD_CFLAGS fi # if test a"$clamav" = "ayes"; diff --git a/services/virus_scan/clamav_mod.c b/services/virus_scan/clamav_mod.c index e860a93d2e22..9a886f9e62b5 100644 --- a/services/virus_scan/clamav_mod.c +++ b/services/virus_scan/clamav_mod.c @@ -123,7 +123,12 @@ struct virus_db { #ifndef HAVE_LIBCLAMAV_095 struct cl_limits limits; #endif + +#ifdef HAVE_CL_SCAN_OPTIONS +struct cl_scan_options CLAMSCAN_OPTIONS; +#else unsigned int CLAMSCAN_OPTIONS = CL_SCAN_STDOPT; +#endif struct virus_db *virusdb = NULL; struct virus_db *old_virusdb = NULL; @@ -186,6 +191,55 @@ int clamav_post_init(struct ci_server_conf *server_conf) #endif /*Build scan options*/ +#ifdef HAVE_CL_SCAN_OPTIONS + memset(&CLAMSCAN_OPTIONS, 1, sizeof(CLAMSCAN_OPTIONS)); + CLAMSCAN_OPTIONS.parse = ~0; + +#if defined(CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE) + if (CLAMAV_BLOCKENCRYPTED) { + CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS; + CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE; + CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_ENCRYPTED_DOC; + } +#endif + +#if defined(CL_SCAN_HEURISTIC_BROKEN) + if (CLAMAV_BLOCKBROKEN) { + CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS; + CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_BROKEN; + } +#endif + +#if defined(CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE) + if (CLAMAV_HEURISTIC_PRECEDENCE) { + CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS; + CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE; + } +#endif + +#if defined(CL_SCAN_HEURISTIC_MACROS) + if (CLAMAV_BLOCKMACROS) { + CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS; + CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_MACROS; + } +#endif + +#if defined(CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH) + if (CLAMAV_PHISHING_BLOCKSSL) { + CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS; + CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH; + } +#endif + +#if defined(CL_SCAN_HEURISTIC_PHISHING_CLOAK) + if (CLAMAV_PHISHING_BLOCKCLOAK) { + CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS; + CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_PHISHING_CLOAK; + } +#endif + +#else /*!HAVE_CL_SCAN_OPTIONS*/ + #if defined(CL_SCAN_BLOCKENCRYPTED) if (CLAMAV_BLOCKENCRYPTED) CLAMSCAN_OPTIONS |= CL_SCAN_BLOCKENCRYPTED; @@ -211,6 +265,8 @@ int clamav_post_init(struct ci_server_conf *server_conf) CLAMSCAN_OPTIONS |= CL_SCAN_PHISHING_BLOCKCLOAK; #endif +#endif /*HAVE_CL_SCAN_OPTIONS*/ + clamav_set_versions(); av_register_engine(&clamav_engine); av_reload_istag(); @@ -483,7 +539,11 @@ int clamav_scan_simple_file(ci_simple_file_t *body, av_virus_info_t *vinfo) vinfo->virus_found = 0; vdb = get_virusdb(); lseek(fd, 0, SEEK_SET); -#ifndef HAVE_LIBCLAMAV_095 +#if defined(HAVE_CL_SCAN_OPTIONS) + ret = + cl_scandesc(fd, NULL, &virname, &scanned_data, vdb, + &CLAMSCAN_OPTIONS); +#elif !defined(HAVE_LIBCLAMAV_095) ret = cl_scandesc(fd, &virname, &scanned_data, vdb, &limits, CLAMSCAN_OPTIONS); -- 2.11.0
_______________________________________________ Pkg-clamav-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel
