31 #include <openssl/ssl.h>
32 #include <openssl/err.h>
35 #if (!defined(__FreeBSD__) && !defined(__APPLE__))
41 #if defined(HAVE_STAT64) && STAT64_OK
45 #define STATBUF struct stat64
46 #define CLAMSTAT stat64
49 #define safe_open(a, b) open(a, b | O_LARGEFILE)
53 #define STATBUF struct stat
59 #define safe_open open
64 #define UNUSEDPARAM(x) (void)(x)
66 #include <sys/types.h>
70 #include "clamav-types.h"
71 #include "clamav-version.h"
77 #define CL_COUNT_PRECISION 4096
80 typedef enum cl_error_t {
116 CL_EBYTECODE_TESTFAIL,
132 #define CL_DB_PHISHING 0x2
133 #define CL_DB_PHISHING_URLS 0x8
134 #define CL_DB_PUA 0x10
135 #define CL_DB_CVDNOTMP 0x20
136 #define CL_DB_OFFICIAL 0x40
137 #define CL_DB_PUA_MODE 0x80
138 #define CL_DB_PUA_INCLUDE 0x100
139 #define CL_DB_PUA_EXCLUDE 0x200
140 #define CL_DB_COMPILED 0x400
141 #define CL_DB_DIRECTORY 0x800
142 #define CL_DB_OFFICIAL_ONLY 0x1000
143 #define CL_DB_BYTECODE 0x2000
144 #define CL_DB_SIGNED 0x4000
145 #define CL_DB_BYTECODE_UNSIGNED 0x8000
146 #define CL_DB_UNSIGNED 0x10000
147 #define CL_DB_BYTECODE_STATS 0x20000
148 #define CL_DB_ENHANCED 0x40000
149 #define CL_DB_PCRE_STATS 0x80000
150 #define CL_DB_YARA_EXCLUDE 0x100000
151 #define CL_DB_YARA_ONLY 0x200000
154 #define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE)
166 #define CL_SCAN_GENERAL_ALLMATCHES 0x1
167 #define CL_SCAN_GENERAL_COLLECT_METADATA 0x2
168 #define CL_SCAN_GENERAL_HEURISTICS 0x4
169 #define CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE 0x8
170 #define CL_SCAN_GENERAL_UNPRIVILEGED 0x10
173 #define CL_SCAN_PARSE_ARCHIVE 0x1
174 #define CL_SCAN_PARSE_ELF 0x2
175 #define CL_SCAN_PARSE_PDF 0x4
176 #define CL_SCAN_PARSE_SWF 0x8
177 #define CL_SCAN_PARSE_HWP3 0x10
178 #define CL_SCAN_PARSE_XMLDOCS 0x20
179 #define CL_SCAN_PARSE_MAIL 0x40
180 #define CL_SCAN_PARSE_OLE2 0x80
181 #define CL_SCAN_PARSE_HTML 0x100
182 #define CL_SCAN_PARSE_PE 0x200
183 #define CL_SCAN_PARSE_ONENOTE 0x400
184 #define CL_SCAN_PARSE_IMAGE 0x800
185 #define CL_SCAN_PARSE_IMAGE_FUZZY_HASH 0x1000
188 #define CL_SCAN_HEURISTIC_BROKEN 0x2
189 #define CL_SCAN_HEURISTIC_EXCEEDS_MAX 0x4
190 #define CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH 0x8
191 #define CL_SCAN_HEURISTIC_PHISHING_CLOAK 0x10
192 #define CL_SCAN_HEURISTIC_MACROS 0x20
193 #define CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE 0x40
194 #define CL_SCAN_HEURISTIC_ENCRYPTED_DOC 0x80
195 #define CL_SCAN_HEURISTIC_PARTITION_INTXN 0x100
196 #define CL_SCAN_HEURISTIC_STRUCTURED 0x200
197 #define CL_SCAN_HEURISTIC_STRUCTURED_SSN_NORMAL 0x400
198 #define CL_SCAN_HEURISTIC_STRUCTURED_SSN_STRIPPED 0x800
199 #define CL_SCAN_HEURISTIC_STRUCTURED_CC 0x1000
200 #define CL_SCAN_HEURISTIC_BROKEN_MEDIA 0x2000
203 #define CL_SCAN_MAIL_PARTIAL_MESSAGE 0x1
206 #define CL_SCAN_DEV_COLLECT_SHA 0x1
207 #define CL_SCAN_DEV_COLLECT_PERFORMANCE_INFO 0x2
210 #define CL_COUNTSIGS_OFFICIAL 0x1
211 #define CL_COUNTSIGS_UNOFFICIAL 0x2
212 #define CL_COUNTSIGS_ALL (CL_COUNTSIGS_OFFICIAL | CL_COUNTSIGS_UNOFFICIAL)
215 #define ENGINE_OPTIONS_NONE 0x0
216 #define ENGINE_OPTIONS_DISABLE_CACHE 0x1
217 #define ENGINE_OPTIONS_FORCE_TO_DISK 0x2
218 #define ENGINE_OPTIONS_DISABLE_PE_STATS 0x4
219 #define ENGINE_OPTIONS_DISABLE_PE_CERTS 0x8
220 #define ENGINE_OPTIONS_PE_DUMPCERTS 0x10
233 extern void cl_debug(
void);
240 extern void cl_always_gen_section_hash(
void);
254 int cl_initialize_crypto(
void);
262 void cl_cleanup_crypto(
void);
264 #define CL_INIT_DEFAULT 0x0
271 extern cl_error_t cl_init(
unsigned int initoptions);
280 extern struct cl_engine *cl_engine_new(
void);
282 enum cl_engine_field {
283 CL_ENGINE_MAX_SCANSIZE,
284 CL_ENGINE_MAX_FILESIZE,
285 CL_ENGINE_MAX_RECURSION,
287 CL_ENGINE_MIN_CC_COUNT,
288 CL_ENGINE_MIN_SSN_COUNT,
289 CL_ENGINE_PUA_CATEGORIES,
290 CL_ENGINE_DB_OPTIONS,
291 CL_ENGINE_DB_VERSION,
294 CL_ENGINE_AC_MINDEPTH,
295 CL_ENGINE_AC_MAXDEPTH,
298 CL_ENGINE_BYTECODE_SECURITY,
299 CL_ENGINE_BYTECODE_TIMEOUT,
300 CL_ENGINE_BYTECODE_MODE,
301 CL_ENGINE_MAX_EMBEDDEDPE,
302 CL_ENGINE_MAX_HTMLNORMALIZE,
303 CL_ENGINE_MAX_HTMLNOTAGS,
304 CL_ENGINE_MAX_SCRIPTNORMALIZE,
305 CL_ENGINE_MAX_ZIPTYPERCG,
306 CL_ENGINE_FORCETODISK,
307 CL_ENGINE_CACHE_SIZE,
308 CL_ENGINE_DISABLE_CACHE,
309 CL_ENGINE_DISABLE_PE_STATS,
310 CL_ENGINE_STATS_TIMEOUT,
311 CL_ENGINE_MAX_PARTITIONS,
312 CL_ENGINE_MAX_ICONSPE,
313 CL_ENGINE_MAX_RECHWP3,
314 CL_ENGINE_MAX_SCANTIME,
315 CL_ENGINE_PCRE_MATCH_LIMIT,
316 CL_ENGINE_PCRE_RECMATCH_LIMIT,
317 CL_ENGINE_PCRE_MAX_FILESIZE,
318 CL_ENGINE_DISABLE_PE_CERTS,
319 CL_ENGINE_PE_DUMPCERTS,
322 enum bytecode_security {
323 CL_BYTECODE_TRUST_ALL = 0,
324 CL_BYTECODE_TRUST_SIGNED,
325 CL_BYTECODE_TRUST_NOTHING
329 CL_BYTECODE_MODE_AUTO = 0,
330 CL_BYTECODE_MODE_JIT,
331 CL_BYTECODE_MODE_INTERPRETER,
332 CL_BYTECODE_MODE_TEST,
337 unsigned char md5[16];
358 extern cl_error_t cl_engine_set_num(
struct cl_engine *engine,
enum cl_engine_field field,
long long num);
368 extern long long cl_engine_get_num(
const struct cl_engine *engine,
enum cl_engine_field field,
int *err);
386 extern cl_error_t cl_engine_set_str(
struct cl_engine *engine,
enum cl_engine_field field,
const char *str);
396 extern const char *cl_engine_get_str(
const struct cl_engine *engine,
enum cl_engine_field field,
int *err);
406 extern struct cl_settings *cl_engine_settings_copy(
const struct cl_engine *engine);
418 extern cl_error_t cl_engine_settings_apply(
struct cl_engine *engine,
const struct cl_settings *settings);
427 extern cl_error_t cl_engine_settings_free(
struct cl_settings *settings);
439 extern cl_error_t cl_engine_compile(
struct cl_engine *engine);
453 extern cl_error_t cl_engine_addref(
struct cl_engine *engine);
465 extern cl_error_t cl_engine_free(
struct cl_engine *engine);
485 typedef cl_error_t (*clcb_pre_cache)(
int fd,
const char *type,
void *context);
494 extern void cl_engine_set_clcb_pre_cache(
struct cl_engine *engine, clcb_pre_cache callback);
499 #define LAYER_ATTRIBUTES_NONE 0x0
500 #define LAYER_ATTRIBUTES_NORMALIZED 0x1
501 #define LAYER_ATTRIBUTES_DECRYPTED 0x2
526 typedef cl_error_t (*clcb_file_inspection)(
int fd,
const char *type,
const char **ancestors,
size_t parent_file_size,
527 const char *file_name,
size_t file_size,
const char *file_buffer,
528 uint32_t recursion_level, uint32_t layer_attributes,
void *context);
540 extern void cl_engine_set_clcb_file_inspection(
struct cl_engine *engine, clcb_file_inspection callback);
557 typedef cl_error_t (*clcb_pre_scan)(
int fd,
const char *type,
void *context);
566 extern void cl_engine_set_clcb_pre_scan(
struct cl_engine *engine, clcb_pre_scan callback);
584 typedef cl_error_t (*clcb_post_scan)(
int fd,
int result,
const char *virname,
void *context);
593 extern void cl_engine_set_clcb_post_scan(
struct cl_engine *engine, clcb_post_scan callback);
609 typedef void (*clcb_virus_found)(
int fd,
const char *virname,
void *context);
618 extern void cl_engine_set_clcb_virus_found(
struct cl_engine *engine, clcb_virus_found callback);
636 typedef int (*clcb_sigload)(
const char *type,
const char *name,
unsigned int custom,
void *context);
646 extern void cl_engine_set_clcb_sigload(
struct cl_engine *engine, clcb_sigload callback,
void *context);
650 CL_MSG_INFO_VERBOSE = 32,
669 typedef cl_error_t (*clcb_progress)(
size_t total_items,
size_t now_completed,
void *context);
681 extern void cl_engine_set_clcb_sigload_progress(
struct cl_engine *engine, clcb_progress callback,
void *context);
697 extern void cl_engine_set_clcb_engine_compile_progress(
struct cl_engine *engine, clcb_progress callback,
void *context);
713 extern void cl_engine_set_clcb_engine_free_progress(
struct cl_engine *engine, clcb_progress callback,
void *context);
738 typedef void (*clcb_msg)(
enum cl_msg severity,
const char *fullmsg,
const char *msg,
void *context);
744 extern void cl_set_clcb_msg(clcb_msg callback);
758 typedef void (*clcb_hash)(
int fd,
unsigned long long size,
const unsigned char *md5,
const char *virname,
void *context);
767 extern void cl_engine_set_clcb_hash(
struct cl_engine *engine, clcb_hash callback);
788 typedef cl_error_t (*clcb_meta)(
const char *container_type,
unsigned long fsize_container,
const char *filename,
789 unsigned long fsize_real,
int is_encrypted,
unsigned int filepos_container,
void *context);
798 extern void cl_engine_set_clcb_meta(
struct cl_engine *engine, clcb_meta callback);
810 typedef int (*clcb_file_props)(
const char *j_propstr,
int rc,
void *cbdata);
819 extern void cl_engine_set_clcb_file_props(
struct cl_engine *engine, clcb_file_props callback);
830 typedef int (*clcb_generic_data)(
const unsigned char *
const data,
const size_t data_len,
void *cbdata);
840 extern void cl_engine_set_clcb_vba(
struct cl_engine *engine, clcb_generic_data callback);
863 extern void cl_engine_set_stats_set_cbdata(
struct cl_engine *engine,
void *cbdata);
874 typedef void (*clcb_stats_add_sample)(
const char *virname,
const unsigned char *md5,
size_t size,
stats_section_t *sections,
void *cbdata);
883 extern void cl_engine_set_clcb_stats_add_sample(
struct cl_engine *engine, clcb_stats_add_sample callback);
893 typedef void (*clcb_stats_remove_sample)(
const char *virname,
const unsigned char *md5,
size_t size,
void *cbdata);
902 extern void cl_engine_set_clcb_stats_remove_sample(
struct cl_engine *engine, clcb_stats_remove_sample callback);
912 typedef void (*clcb_stats_decrement_count)(
const char *virname,
const unsigned char *md5,
size_t size,
void *cbdata);
921 extern void cl_engine_set_clcb_stats_decrement_count(
struct cl_engine *engine, clcb_stats_decrement_count callback);
929 typedef void (*clcb_stats_submit)(
struct cl_engine *engine,
void *cbdata);
938 extern void cl_engine_set_clcb_stats_submit(
struct cl_engine *engine, clcb_stats_submit callback);
946 typedef void (*clcb_stats_flush)(
struct cl_engine *engine,
void *cbdata);
955 extern void cl_engine_set_clcb_stats_flush(
struct cl_engine *engine, clcb_stats_flush callback);
962 typedef size_t (*clcb_stats_get_num)(
void *cbdata);
971 extern void cl_engine_set_clcb_stats_get_num(
struct cl_engine *engine, clcb_stats_get_num callback);
978 typedef size_t (*clcb_stats_get_size)(
void *cbdata);
987 extern void cl_engine_set_clcb_stats_get_size(
struct cl_engine *engine, clcb_stats_get_size callback);
994 typedef char *(*clcb_stats_get_hostid)(
void *cbdata);
1003 extern void cl_engine_set_clcb_stats_get_hostid(
struct cl_engine *engine, clcb_stats_get_hostid callback);
1010 extern void cl_engine_stats_enable(
struct cl_engine *engine);
1027 extern cl_error_t cl_scandesc(
int desc,
const char *filename,
const char **virname,
unsigned long int *scanned,
const struct cl_engine *engine,
struct cl_scan_options *scanoptions);
1043 extern cl_error_t cl_scandesc_callback(
int desc,
const char *filename,
const char **virname,
unsigned long int *scanned,
const struct cl_engine *engine,
struct cl_scan_options *scanoptions,
void *context);
1055 extern cl_error_t cl_scanfile(
const char *filename,
const char **virname,
unsigned long int *scanned,
const struct cl_engine *engine,
struct cl_scan_options *scanoptions);
1070 extern cl_error_t cl_scanfile_callback(
const char *filename,
const char **virname,
unsigned long int *scanned,
const struct cl_engine *engine,
struct cl_scan_options *scanoptions,
void *context);
1085 extern cl_error_t cl_load(
const char *path,
struct cl_engine *engine,
unsigned int *signo,
unsigned int dboptions);
1092 extern const char *cl_retdbdir(
void);
1100 unsigned int version;
1118 extern struct cl_cvd *cl_cvdhead(
const char *file);
1131 extern struct cl_cvd *cl_cvdparse(
const char *head);
1139 extern cl_error_t cl_cvdverify(
const char *file);
1146 extern void cl_cvdfree(
struct cl_cvd *cvd);
1158 extern cl_error_t cl_cvdunpack(
const char *file,
const char *dir,
bool dont_verify);
1170 extern cl_error_t cl_cvdgetage(
const char *path, time_t *age_seconds);
1181 unsigned int entries;
1193 extern cl_error_t cl_statinidir(
const char *dirname,
struct cl_stat *dbstat);
1202 extern int cl_statchkdir(
const struct cl_stat *dbstat);
1211 extern cl_error_t cl_statfree(
struct cl_stat *dbstat);
1221 extern cl_error_t cl_countsigs(
const char *path,
unsigned int countoptions,
unsigned int *sigs);
1232 extern unsigned int cl_retflevel(
void);
1241 extern const char *cl_retver(
void);
1246 extern const char *cl_strerror(cl_error_t clerror);
1252 typedef struct cl_fmap cl_fmap_t;
1276 typedef off_t (*clcb_pread)(
void *handle,
void *buf,
size_t count, off_t offset);
1295 extern cl_fmap_t *cl_fmap_open_handle(
void *handle,
size_t offset,
size_t len,
1296 clcb_pread pread_cb,
int use_aging);
1310 extern cl_fmap_t *cl_fmap_open_memory(
const void *start,
size_t len);
1320 extern void cl_fmap_close(cl_fmap_t *);
1339 extern cl_error_t cl_scanmap_callback(cl_fmap_t *map,
const char *filename,
const char **virname,
unsigned long int *scanned,
const struct cl_engine *engine,
struct cl_scan_options *scanoptions,
void *context);
1344 #define MD5_HASH_SIZE 16
1345 #define SHA1_HASH_SIZE 20
1346 #define SHA256_HASH_SIZE 32
1347 #define SHA384_HASH_SIZE 48
1348 #define SHA512_HASH_SIZE 64
1360 unsigned char *cl_hash_data(
const char *alg,
const void *buf,
size_t len,
unsigned char *obuf,
unsigned int *olen);
1370 unsigned char *cl_hash_file_fd_ctx(EVP_MD_CTX *ctx,
int fd,
unsigned int *olen);
1380 unsigned char *cl_hash_file_fd(
int fd,
const char *alg,
unsigned int *olen);
1390 unsigned char *cl_hash_file_fp(FILE *fp,
const char *alg,
unsigned int *olen);
1401 unsigned char *cl_sha256(
const void *buf,
size_t len,
unsigned char *obuf,
unsigned int *olen);
1412 unsigned char *cl_sha384(
const void *buf,
size_t len,
unsigned char *obuf,
unsigned int *olen);
1423 unsigned char *cl_sha512(
const void *buf,
size_t len,
unsigned char *obuf,
unsigned int *olen);
1434 unsigned char *cl_sha1(
const void *buf,
size_t len,
unsigned char *obuf,
unsigned int *olen);
1448 int cl_verify_signature(EVP_PKEY *pkey,
const char *alg,
unsigned char *sig,
unsigned int siglen,
unsigned char *data,
size_t datalen,
int decode);
1460 int cl_verify_signature_hash(EVP_PKEY *pkey,
const char *alg,
unsigned char *sig,
unsigned int siglen,
unsigned char *digest);
1472 int cl_verify_signature_fd(EVP_PKEY *pkey,
const char *alg,
unsigned char *sig,
unsigned int siglen,
int fd);
1484 int cl_verify_signature_hash_x509_keyfile(
char *x509path,
const char *alg,
unsigned char *sig,
unsigned int siglen,
unsigned char *digest);
1496 int cl_verify_signature_fd_x509_keyfile(
char *x509path,
const char *alg,
unsigned char *sig,
unsigned int siglen,
int fd);
1510 int cl_verify_signature_x509_keyfile(
char *x509path,
const char *alg,
unsigned char *sig,
unsigned int siglen,
unsigned char *data,
size_t datalen,
int decode);
1522 int cl_verify_signature_hash_x509(X509 *x509,
const char *alg,
unsigned char *sig,
unsigned int siglen,
unsigned char *digest);
1534 int cl_verify_signature_fd_x509(X509 *x509,
const char *alg,
unsigned char *sig,
unsigned int siglen,
int fd);
1548 int cl_verify_signature_x509(X509 *x509,
const char *alg,
unsigned char *sig,
unsigned int siglen,
unsigned char *data,
size_t datalen,
int decode);
1557 X509 *cl_get_x509_from_mem(
void *data,
unsigned int len);
1566 int cl_validate_certificate_chain_ts_dir(
char *tsdir,
char *certpath);
1576 int cl_validate_certificate_chain(
char **authorities,
char *crlpath,
char *certpath);
1583 X509 *cl_load_cert(
const char *certpath);
1591 struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj);
1599 X509_CRL *cl_load_crl(
const char *timeobj);
1611 unsigned char *cl_sign_data_keyfile(
char *keypath,
const char *alg,
unsigned char *hash,
unsigned int *olen,
int encode);
1623 unsigned char *cl_sign_data(EVP_PKEY *pkey,
const char *alg,
unsigned char *hash,
unsigned int *olen,
int encode);
1635 unsigned char *cl_sign_file_fd(
int fd, EVP_PKEY *pkey,
const char *alg,
unsigned int *olen,
int encode);
1647 unsigned char *cl_sign_file_fp(FILE *fp, EVP_PKEY *pkey,
const char *alg,
unsigned int *olen,
int encode);
1655 EVP_PKEY *cl_get_pkey_file(
char *keypath);
1657 void *cl_hash_init(
const char *alg);
1658 int cl_update_hash(
void *ctx,
const void *data,
size_t sz);
1659 int cl_finish_hash(
void *ctx,
void *buf);
1660 void cl_hash_destroy(
void *ctx);
Definition: clamav.h:1098
Definition: clamav.h:1177