Version in base suite: 0.103.2+dfsg-2 Base version: clamav_0.103.2+dfsg-2 Target version: clamav_0.103.3+dfsg-0+deb11u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/clamav/clamav_0.103.2+dfsg-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/c/clamav/clamav_0.103.3+dfsg-0+deb11u1.dsc CMakeLists.txt | 2 NEWS.md | 49 + clamd/scanner.c | 17 clamdscan/proto.c | 4 clamsubmit/clamsubmit.c | 357 ++++---- configure | 26 configure.ac | 2 debian/.git-dpm | 14 debian/changelog | 11 debian/clamav-base.postrm | 1 debian/clamav-freshclam.postrm | 1 debian/libclamav9.symbols | 410 +++++----- debian/patches/Add-support-for-LLVM-3.7.patch | 2 debian/patches/Add-support-for-LLVM-3.8.patch | 2 debian/patches/Add-support-for-LLVM-3.9.patch | 2 debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch | 2 debian/patches/Fix-ck_assert_msg-call.patch | 2 debian/patches/add-support-for-system-tomsfastmath.patch | 4 debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch | 2 debian/rules | 2 docs/man/freshclam.conf.5.in | 1 etc/freshclam.conf.sample | 4 examples/ex1.c | 2 freshclam/freshclam.c | 50 + libclamav/bytecode_api.h | 1 libclamav/c++/Makefile.in | 2 libclamav/macho.c | 9 libclamav/ole2_extract.c | 2 libclamav/others.h | 4 libclamav/others_common.c | 107 +- libclamav/png.c | 2 libclamav/scanners.c | 3 libfreshclam/libfreshclam.c | 30 libfreshclam/libfreshclam_internal.c | 112 +- libfreshclam/libfreshclam_internal.h | 14 m4/reorganization/version.m4 | 2 unit_tests/check_clamd.c | 2 37 files changed, 737 insertions(+), 522 deletions(-) diff -Nru clamav-0.103.2+dfsg/CMakeLists.txt clamav-0.103.3+dfsg/CMakeLists.txt --- clamav-0.103.2+dfsg/CMakeLists.txt 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/CMakeLists.txt 2021-06-19 21:15:59.000000000 +0000 @@ -15,7 +15,7 @@ set(VERSION_SUFFIX "") project( ClamAV - VERSION "0.103.2" + VERSION "0.103.3" DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." ) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) diff -Nru clamav-0.103.2+dfsg/NEWS.md clamav-0.103.3+dfsg/NEWS.md --- clamav-0.103.2+dfsg/NEWS.md 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/NEWS.md 2021-06-19 21:15:59.000000000 +0000 @@ -3,6 +3,55 @@ Note: This file refers to the source tarball. Things described here may differ slightly from the binary packages. +## 0.103.3 + +ClamAV 0.103.3 is a patch release with the following fixes: + +- Fixed a scan performance issue when ENGINE_OPTIONS_FORCE_TO_DISK is enabled. + This issue did not impacted most users but for those affected it caused every + scanned file to be copied to the temp directory before the scan. + +- Fix ClamDScan crashes when using the `--fdpass --multiscan` command-line + options in combination with the ClamD `ExcludePath` config file options. + +- Fixed an issue where the `mirrors.dat` file is owned by root when starting as + root (or with sudo) and using daemon-mode. File ownership will be set to the + `DatabaseOwner` just before FreshClam switches to run as that user. + +- Renamed the `mirrors.dat` file to `freshclam.dat`. + + We used to recommend deleting `mirrors.dat` if FreshClam failed to update. + This is because `mirrors.dat` used to keep track of offline mirrors and + network interruptions were known to cause FreshClam to think that all mirrors + were offline. ClamAV now uses a paid CDN instead of a mirror network, and the + new FreshClam DAT file no longer stores that kind of information. + The UUID used in ClamAV's HTTP User-Agent is stored in the FreshClam DAT file + and we want the UUID to persist between runs, even if there was a failure. + + Unfortunately, some users have FreshClam configured to automatically delete + `mirrors.dat` if FreshClam failed. Renaming `mirrors.dat` to `freshclam.dat` + should make it so those scripts don't delete important FreshClam data. + +- Disabled the `HTTPUserAgent` config option if the `DatabaseMirror` uses + clamav.net. This will prevent users from being inadvertently blocked and + will ensure that we can keep better metrics on which ClamAV versions are + being used. + + This change effectively deprecates the `HTTPUserAgent` option for most users. + +- Moved the detection for Heuristics.PNG.CVE-2010-1205 behind the + ClamScan `--alert-broken-media` option (ClamD `AlertBrokenMedia yes`) option. + This type of PNG issue appears to be common enough to be an annoyance, and + the CVE is old enough that no one should be vulnerable at this point. + +- Fix ClamSubmit failures after changes to Cloudflare "__cfduid" cookies. + See: https://blog.cloudflare.com/deprecating-cfduid-cookie/ + +Special thanks to the following for code contributions and bug reports: + +- Stephen Agate +- Tom Briden + ## 0.103.2 ClamAV 0.103.2 is a security patch release with the following fixes: diff -Nru clamav-0.103.2+dfsg/clamd/scanner.c clamav-0.103.3+dfsg/clamd/scanner.c --- clamav-0.103.2+dfsg/clamd/scanner.c 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/clamd/scanner.c 2021-06-19 21:15:59.000000000 +0000 @@ -146,8 +146,8 @@ if (NULL != filename) { if (CL_SUCCESS != cli_realpath((const char *)filename, &real_filename)) { - conn_reply_errno(scandata->conn, msg, "Failed to determine real path:"); - logg("^Failed to determine real path for: %s\n", filename); + conn_reply_errno(scandata->conn, msg, "File path check failure:"); + logg("^File path check failure for: %s\n", filename); logg("*Quarantine of the file may fail if file path contains symlinks.\n"); } else { free(filename); @@ -180,25 +180,30 @@ else logg("!Memory allocation failed during cli_ftw()\n"); scandata->errors++; + free(filename); return CL_EMEM; case error_stat: - conn_reply_errno(scandata->conn, msg, "lstat() failed:"); - logg("^lstat() failed on: %s\n", msg); + conn_reply_errno(scandata->conn, msg, "File path check failure:"); + logg("^File path check failure on: %s\n", msg); scandata->errors++; + free(filename); return CL_SUCCESS; case warning_skipped_dir: - logg("^Directory recursion limit reached, skipping %s\n", - msg); + logg("^Directory recursion limit reached, skipping %s\n", msg); + free(filename); return CL_SUCCESS; case warning_skipped_link: logg("$Skipping symlink: %s\n", msg); + free(filename); return CL_SUCCESS; case warning_skipped_special: if (msg == scandata->toplevel_path) conn_reply(scandata->conn, msg, "Not supported file type", "ERROR"); logg("*Not supported file type: %s\n", msg); + free(filename); return CL_SUCCESS; case visit_directory_toplev: + free(filename); return CL_SUCCESS; case visit_file: break; diff -Nru clamav-0.103.2+dfsg/clamdscan/proto.c clamav-0.103.3+dfsg/clamdscan/proto.c --- clamav-0.103.2+dfsg/clamdscan/proto.c 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/clamdscan/proto.c 2021-06-19 21:15:59.000000000 +0000 @@ -238,6 +238,10 @@ { const struct optstruct *opt; + if (!path) { + return 1; + } + if ((opt = optget(clamdopts, "ExcludePath"))->enabled) { while (opt) { if (match_regex(path, opt->strarg) == 1) { diff -Nru clamav-0.103.2+dfsg/clamsubmit/clamsubmit.c clamav-0.103.3+dfsg/clamsubmit/clamsubmit.c --- clamav-0.103.2+dfsg/clamsubmit/clamsubmit.c 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/clamsubmit/clamsubmit.c 2021-06-19 21:15:59.000000000 +0000 @@ -1,3 +1,30 @@ +/* + * ClamAV Malware and False Positive Reporting Tool + * + * Copyright (C) 2014-2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. + * + * Authors: Shawn Webb, Steve Morgan + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "clamav-config.h" +#endif + +#include #include #include #if HAVE_UNISTD_H @@ -23,6 +50,7 @@ #include "misc.h" #include "getopt.h" #include "cert_util.h" +#include "output.h" #define OPTS "e:p:n:N:V:H:h?v?d" @@ -32,7 +60,6 @@ typedef struct _header_data { int len; - char *cfduid; char *session; } header_data; @@ -41,7 +68,7 @@ char *str; } write_data; -int g_debug = 0; +bool g_debug = false; void usage(char *name) { @@ -85,22 +112,22 @@ sp = ptr + clen + 1; ep = strchr(sp, ';'); if (ep == NULL) { - fprintf(stderr, "header_cb(): malformed cookie\n"); + logg("!header_cb(): malformed cookie\n"); return 0; } mem = malloc(ep - sp + 1); if (mem == NULL) { - fprintf(stderr, "header_cb(): malloc failed\n"); + logg("!header_cb(): malloc failed\n"); return 0; } memcpy(mem, sp, ep - sp); mem[ep - sp] = '\0'; - if (!strncmp(mem, "__cfduid", 8)) - hd->cfduid = mem; - else if (!strncmp(mem, "_clamav-net_session", strlen("_clamav-net_session"))) + if (!strncmp(mem, "_clamav-net_session", strlen("_clamav-net_session"))) hd->session = mem; - else - fprintf(stderr, "header_cb(): unrecognized cookie\n"); + else { + logg("!header_cb(): unrecognized cookie\n"); + free(mem); + } } return len; } @@ -114,7 +141,7 @@ if (len) { str = realloc(wd->str, wd->len + len + 1); if (str == NULL) { - fprintf(stderr, "write_cb() realloc failure\n"); + logg("!write_cb() realloc failure\n"); return 0; } memcpy(str + wd->len, ptr, len); @@ -140,10 +167,10 @@ if (json_object_object_get_ex(ps_json_obj, key, &json_obj)) { json_str = json_object_get_string(json_obj); if (json_str == NULL) { - fprintf(stderr, "Error: json_object_get_string() for %s.\n", key); + logg("!Error: json_object_get_string() for %s.\n", key); } } else { - fprintf(stderr, "Error: json_object_object_get_ex() for %s.\n", key); + logg("!Error: json_object_object_get_ex() for %s.\n", key); } return json_str; } @@ -161,23 +188,28 @@ int setURL = 0, fromStream = 0; const char *json_str; write_data wd = {0, NULL}; - header_data hd_malware = {0, NULL, NULL}; - header_data hd_presigned = {0, NULL, NULL}; + header_data hd_malware = {0, NULL}; + header_data hd_presigned = {0, NULL}; json_object *ps_json_obj = NULL; - int malware = 0; + bool malware = false; int len = 0; char *submissionID = NULL; char *fpvname = NULL; - char *sp, *ep, *str; - char *authenticity_token = NULL; - char *urlp; + char *sp, *ep; + + char *authenticity_token_header = NULL; + char *authenticity_token = NULL; + char *session_cookie = NULL; + + char *url_for_auth_token; + char *url_for_presigned_cookie; curl_global_init(CURL_GLOBAL_ALL); clam_curl = curl_easy_init(); if (clam_curl == NULL) { - fprintf(stderr, "ERROR: Could not initialize libcurl.\n"); - goto cleanup; + logg("!ERROR: Could not initialize libcurl.\n"); + goto done; } memset(userAgent, 0, sizeof(userAgent)); @@ -187,7 +219,7 @@ userAgent[sizeof(userAgent) - 1] = 0; if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_USERAGENT, userAgent)) { - fprintf(stderr, "!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent); + logg("!!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent); } while ((ch = my_getopt(argc, argv, OPTS)) > 0) { @@ -209,14 +241,14 @@ case 'n': if (setURL) usage(argv[0]); - malware = 1; + malware = true; filename = optarg; break; case 'V': fpvname = optarg; break; case 'd': - g_debug = 1; + g_debug = true; break; case 'h': case '?': @@ -228,15 +260,15 @@ if (!(name) || !(email) || !(filename)) usage(argv[0]); - if (malware == 0 && fpvname == NULL) { - fprintf(stderr, "Detected virus name(-V) required for false positive submissions.\n"); + if (malware == false && fpvname == NULL) { + logg("!Detected virus name(-V) required for false positive submissions.\n"); usage(argv[0]); } if (strlen(filename) == 1 && filename[0] == '-') { filename = read_stream(); if (!(filename)) { - fprintf(stderr, "ERROR: Unable to read stream\n"); - goto cleanup; + logg("!ERROR: Unable to read stream\n"); + goto done; } fromStream = 1; } @@ -244,31 +276,34 @@ if (g_debug) { /* ask libcurl to show us the verbose output */ if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_VERBOSE, 1L)) { - fprintf(stderr, "!ERROR: Failed to set CURLOPT_VERBOSE!\n"); + logg("!!ERROR: Failed to set CURLOPT_VERBOSE!\n"); } if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_STDERR, stdout)) { - fprintf(stderr, "!ERROR: Failed to direct curl debug output to stdout!\n"); + logg("!!ERROR: Failed to direct curl debug output to stdout!\n"); } } if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1)) { - fprintf(stderr, "ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n"); + logg("!ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n"); } #if defined(C_DARWIN) || defined(_WIN32) if (CURLE_OK != curl_easy_setopt(clam_curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function)) { - fprintf(stderr, "ERROR: Failed to set SSL CTX function!\n"); + logg("!ERROR: Failed to set SSL CTX function!\n"); } #else set_tls_ca_bundle(clam_curl); #endif - /*** The GET malware|fp ***/ - if (malware == 1) - urlp = "https://www.clamav.net/reports/malware"; - else - urlp = "https://www.clamav.net/reports/fp"; - curl_easy_setopt(clam_curl, CURLOPT_URL, urlp); + /* + * GET authenticity token + */ + if (malware == true) { + url_for_auth_token = "https://www.clamav.net/reports/malware"; + } else { + url_for_auth_token = "https://www.clamav.net/reports/fp"; + } + curl_easy_setopt(clam_curl, CURLOPT_URL, url_for_auth_token); curl_easy_setopt(clam_curl, CURLOPT_HTTPGET, 1); curl_easy_setopt(clam_curl, CURLOPT_WRITEDATA, &wd); curl_easy_setopt(clam_curl, CURLOPT_WRITEFUNCTION, write_cb); @@ -276,30 +311,30 @@ curl_easy_setopt(clam_curl, CURLOPT_HEADERFUNCTION, header_cb); res = curl_easy_perform(clam_curl); if (res != CURLE_OK) { - fprintf(stderr, "Error in GET %s: %s\n", urlp, curl_easy_strerror(res)); - goto cleanup; + logg("!Error in GET %s: %s\n", url_for_auth_token, curl_easy_strerror(res)); + goto done; } if (wd.str != NULL) { sp = strstr(wd.str, "name=\"authenticity_token\""); if (sp == NULL) { - fprintf(stderr, "Authenticity token element not found.\n"); - goto cleanup; + logg("!Authenticity token element not found.\n"); + goto done; } sp = strstr(sp, "value="); if (sp == NULL) { - fprintf(stderr, "Authenticity token value not found.\n"); - goto cleanup; + logg("!Authenticity token value not found.\n"); + goto done; } sp += 7; ep = strchr(sp, '"'); if (ep == NULL) { - fprintf(stderr, "Authenticity token malformed.\n"); - goto cleanup; + logg("!Authenticity token malformed.\n"); + goto done; } authenticity_token = malloc(ep - sp + 1); if (authenticity_token == NULL) { - fprintf(stderr, "no memory for authenticity token.\n"); - goto cleanup; + logg("!no memory for authenticity token.\n"); + goto done; } memcpy(authenticity_token, sp, ep - sp); authenticity_token[ep - sp] = '\0'; @@ -307,120 +342,128 @@ wd.str = NULL; } wd.len = 0; - urlp = NULL; - /*** The GET presigned ***/ - if (malware == 1) - curl_easy_setopt(clam_curl, CURLOPT_URL, "https://www.clamav.net/presigned?type=malware"); - else - curl_easy_setopt(clam_curl, CURLOPT_URL, "https://www.clamav.net/presigned?type=fp"); + /* record the session cookie for later use, if exists */ + if (NULL == hd_malware.session) { + logg("!clamav.net/presigned response missing session ID cookie.\nWill try without the cookie.\n"); + // goto done; // Note: unclear if the session cookie is required. Can't hurt to try w/out it? + } else { + len = strlen(hd_malware.session) + 3; + session_cookie = malloc(len); + if (session_cookie == NULL) { + logg("!No memory for GET presigned cookies\n"); + goto done; + } + if (snprintf(session_cookie, len, "%s;", hd_malware.session) > len) { + logg("!snprintf() failed formatting GET presigned cookies\n"); + goto done; + } + } + + /* + * GET presigned cookie + */ + if (malware == true) { + url_for_presigned_cookie = "https://www.clamav.net/presigned?type=malware"; + } else { + url_for_presigned_cookie = "https://www.clamav.net/presigned?type=fp"; + } + + curl_easy_setopt(clam_curl, CURLOPT_URL, url_for_presigned_cookie); curl_easy_setopt(clam_curl, CURLOPT_HTTPGET, 1); - if (NULL == hd_malware.cfduid || NULL == hd_malware.session) { - fprintf(stderr, "invalid cfduid and/or session id values provided by clamav.net/presigned. Unable to continue submission."); - goto cleanup; - } - - len = strlen(hd_malware.cfduid) + strlen(hd_malware.session) + 3; - str = malloc(len); - if (str == NULL) { - fprintf(stderr, "No memory for GET presigned cookies\n"); - goto cleanup; - } - if (snprintf(str, len, "%s; %s;", hd_malware.cfduid, hd_malware.session) > len) { - fprintf(stderr, "snprintf() failed formatting GET presigned cookies\n"); - free(str); - goto cleanup; - } - curl_easy_setopt(clam_curl, CURLOPT_COOKIE, str); - free(str); - len = strlen(authenticity_token) + 15; - str = malloc(len); - if (str == NULL) { - fprintf(stderr, "No memory for GET presigned X-CSRF-Token\n"); - goto cleanup; - } - if (snprintf(str, len, "X-CSRF-Token: %s", authenticity_token) > len) { - fprintf(stderr, "snprintf() failed for GET presigned X-CSRF-Token\n"); - free(str); - goto cleanup; + if (NULL != session_cookie) { + curl_easy_setopt(clam_curl, CURLOPT_COOKIE, session_cookie); } - slist = curl_slist_append(slist, str); - free(str); + + /* Include an X-CSRF-Token header using the authenticity token retrieved with the presigned GET request */ + len = strlen(authenticity_token) + strlen("X-CSRF-Token: ") + 1; + authenticity_token_header = malloc(len); + if (authenticity_token_header == NULL) { + logg("!No memory for GET presigned X-CSRF-Token\n"); + goto done; + } + if (snprintf(authenticity_token_header, len, "X-CSRF-Token: %s", authenticity_token) > len) { + logg("!snprintf() failed for GET presigned X-CSRF-Token\n"); + goto done; + } + slist = curl_slist_append(slist, authenticity_token_header); + free(authenticity_token_header); + authenticity_token_header = NULL; + curl_easy_setopt(clam_curl, CURLOPT_HTTPHEADER, slist); curl_easy_setopt(clam_curl, CURLOPT_HEADERDATA, &hd_presigned); curl_easy_setopt(clam_curl, CURLOPT_HEADERFUNCTION, header_cb); - if (malware == 1) - curl_easy_setopt(clam_curl, CURLOPT_REFERER, "https://www.clamav.net/reports/malware"); - else - curl_easy_setopt(clam_curl, CURLOPT_REFERER, "https://www.clamav.net/reports/fp"); + curl_easy_setopt(clam_curl, CURLOPT_REFERER, url_for_auth_token); res = curl_easy_perform(clam_curl); if (res != CURLE_OK) { - fprintf(stderr, "Error in GET presigned: %s\n", curl_easy_strerror(res)); - goto cleanup; + logg("!Error in GET reports: %s\n", curl_easy_strerror(res)); + goto done; } curl_slist_free_all(slist); slist = NULL; - /*** The POST to AWS ***/ + /* + * POST the report to AWS + */ ps_json_obj = json_tokener_parse(wd.str); if (ps_json_obj == NULL) { - fprintf(stderr, "Error in json_tokener_parse of %.*s\n", wd.len, wd.str); - goto cleanup; + logg("!Error in json_tokener_parse of %.*s\n", wd.len, wd.str); + goto done; } json_str = presigned_get_string(ps_json_obj, "key"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing key from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing key from json object\n"); + goto done; } sp = strchr(json_str, '/'); if (sp == NULL) { - fprintf(stderr, "Error: malformed 'key' string in GET presigned response (missing '/'.\n"); - goto cleanup; + logg("!Error: malformed 'key' string in GET presigned response (missing '/'.\n"); + goto done; } sp++; ep = strchr(sp, '-'); if (ep == NULL) { - fprintf(stderr, "Error: malformed 'key' string in GET presigned response (missing '-'.\n"); - goto cleanup; + logg("!Error: malformed 'key' string in GET presigned response (missing '-'.\n"); + goto done; } submissionID = malloc(ep - sp + 1); if (submissionID == NULL) { - fprintf(stderr, "Error: malloc submissionID.\n"); - goto cleanup; + logg("!Error: malloc submissionID.\n"); + goto done; } memcpy(submissionID, sp, ep - sp); submissionID[ep - sp] = '\0'; aws_curl = curl_easy_init(); if (!(aws_curl)) { - fprintf(stderr, "ERROR: Could not initialize libcurl POST presigned\n"); - goto cleanup; + logg("!ERROR: Could not initialize libcurl POST presigned\n"); + goto done; } if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_USERAGENT, userAgent)) { - fprintf(stderr, "!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent); + logg("!!create_curl_handle: Failed to set CURLOPT_USERAGENT (%s)!\n", userAgent); } if (g_debug) { /* ask libcurl to show us the verbose output */ if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_VERBOSE, 1L)) { - fprintf(stderr, "!ERROR: Failed to set CURLOPT_VERBOSE!\n"); + logg("!!ERROR: Failed to set CURLOPT_VERBOSE!\n"); } if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_STDERR, stdout)) { - fprintf(stderr, "!ERROR: Failed to direct curl debug output to stdout!\n"); + logg("!!ERROR: Failed to direct curl debug output to stdout!\n"); } } if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1)) { - fprintf(stderr, "ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n"); + logg("!ERROR: Failed to set HTTP version to 1.1 (to prevent 2.0 responses which we don't yet parse properly)!\n"); } #if defined(C_DARWIN) || defined(_WIN32) if (CURLE_OK != curl_easy_setopt(aws_curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function)) { - fprintf(stderr, "ERROR: Failed to set SSL CTX function!\n"); + logg("!ERROR: Failed to set SSL CTX function!\n"); } #else set_tls_ca_bundle(aws_curl); @@ -430,50 +473,50 @@ json_str = presigned_get_string(ps_json_obj, "acl"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing acl from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing acl from json object\n"); + goto done; } curl_formadd(&post, &last, CURLFORM_COPYNAME, "acl", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END); json_str = presigned_get_string(ps_json_obj, "policy"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing policy from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing policy from json object\n"); + goto done; } curl_formadd(&post, &last, CURLFORM_COPYNAME, "policy", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END); json_str = presigned_get_string(ps_json_obj, "x-amz-meta-original-filename"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing x-amz-meta-original-filename from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing x-amz-meta-original-filename from json object\n"); + goto done; } curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-meta-original-filename", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END); json_str = presigned_get_string(ps_json_obj, "x-amz-credential"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing x-amz-credential from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing x-amz-credential from json object\n"); + goto done; } curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-credential", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END); json_str = presigned_get_string(ps_json_obj, "x-amz-algorithm"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing x-amz-algorithm from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing x-amz-algorithm from json object\n"); + goto done; } curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-algorithm", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END); json_str = presigned_get_string(ps_json_obj, "x-amz-date"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing x-amz-date from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing x-amz-date from json object\n"); + goto done; } curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-date", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END); json_str = presigned_get_string(ps_json_obj, "x-amz-signature"); if (json_str == NULL) { - fprintf(stderr, "Error in presigned_get_string parsing x-amz-signature from json object\n"); - goto cleanup; + logg("!Error in presigned_get_string parsing x-amz-signature from json object\n"); + goto done; } curl_formadd(&post, &last, CURLFORM_COPYNAME, "x-amz-signature", CURLFORM_COPYCONTENTS, json_str, CURLFORM_END); @@ -486,8 +529,8 @@ res = curl_easy_perform(aws_curl); if (res != CURLE_OK) { - fprintf(stderr, "Error in POST AWS: %s\n", curl_easy_strerror(res)); - goto cleanup; + logg("!Error in POST AWS: %s\n", curl_easy_strerror(res)); + goto done; } curl_slist_free_all(slist); slist = NULL; @@ -497,36 +540,30 @@ curl_easy_cleanup(aws_curl); aws_curl = NULL; json_object_put(ps_json_obj); - free(wd.str); - wd.str = NULL; + + if (wd.str != NULL) { + free(wd.str); + wd.str = NULL; + } wd.len = 0; /*** The POST submit to clamav.net ***/ slist = curl_slist_append(slist, "Expect:"); - len = strlen(hd_malware.cfduid) + strlen(hd_malware.session) + 3; - str = malloc(len); - if (str == NULL) { - fprintf(stderr, "No memory for POST submit cookies.\n"); - goto cleanup; - } - if (snprintf(str, len, "%s; %s;", hd_malware.cfduid, hd_malware.session) > len) { - fprintf(stderr, "snprintf() failed formatting POST submit cookies\n"); - free(str); - goto cleanup; + + if (NULL != session_cookie) { + curl_easy_setopt(clam_curl, CURLOPT_COOKIE, session_cookie); } - curl_easy_setopt(clam_curl, CURLOPT_COOKIE, str); - free(str); + curl_formadd(&post, &last, CURLFORM_COPYNAME, "utf8", CURLFORM_COPYCONTENTS, "\x27\x13", CURLFORM_END); curl_formadd(&post, &last, CURLFORM_COPYNAME, "authenticity_token", CURLFORM_COPYCONTENTS, authenticity_token, CURLFORM_END); curl_formadd(&post, &last, CURLFORM_COPYNAME, "submissionID", CURLFORM_COPYCONTENTS, submissionID, CURLFORM_END); curl_formadd(&post, &last, CURLFORM_COPYNAME, "type", CURLFORM_COPYCONTENTS, malware ? "malware" : "fp", CURLFORM_END); curl_formadd(&post, &last, CURLFORM_COPYNAME, "sendername", CURLFORM_COPYCONTENTS, name, CURLFORM_END); curl_formadd(&post, &last, CURLFORM_COPYNAME, "email", CURLFORM_COPYCONTENTS, email, CURLFORM_END); - if (malware == 0) { - curl_formadd(&post, &last, CURLFORM_COPYNAME, "virusname", CURLFORM_COPYCONTENTS, fpvname, CURLFORM_END); + if (malware == true) { + curl_formadd(&post, &last, CURLFORM_COPYNAME, "shareSample", CURLFORM_COPYCONTENTS, "on", CURLFORM_END); } else { - if (malware == 1) - curl_formadd(&post, &last, CURLFORM_COPYNAME, "shareSample", CURLFORM_COPYCONTENTS, "on", CURLFORM_END); + curl_formadd(&post, &last, CURLFORM_COPYNAME, "virusname", CURLFORM_COPYCONTENTS, fpvname, CURLFORM_END); } curl_formadd(&post, &last, CURLFORM_COPYNAME, "description", CURLFORM_COPYCONTENTS, "clamsubmit", CURLFORM_END); curl_formadd(&post, &last, CURLFORM_COPYNAME, "notify", CURLFORM_COPYCONTENTS, "on", CURLFORM_END); @@ -537,37 +574,43 @@ curl_easy_setopt(clam_curl, CURLOPT_HEADERFUNCTION, NULL); res = curl_easy_perform(clam_curl); if (res != CURLE_OK) { - fprintf(stderr, "Error in POST submit: %s\n", curl_easy_strerror(res)); - goto cleanup; + logg("!Error in POST submit: %s\n", curl_easy_strerror(res)); + goto done; } else { long response_code; curl_easy_getinfo(clam_curl, CURLINFO_RESPONSE_CODE, &response_code); if (response_code / 100 == 3) { - curl_easy_getinfo(clam_curl, CURLINFO_REDIRECT_URL, &urlp); - if (urlp == NULL) { - fprintf(stderr, "POST submit Location URL is NULL.\n"); - goto cleanup; + curl_easy_getinfo(clam_curl, CURLINFO_REDIRECT_URL, &url_for_auth_token); + if (url_for_auth_token == NULL) { + logg("!POST submit Location URL is NULL.\n"); + goto done; } - sp = strstr(urlp, "/reports/"); + sp = strstr(url_for_auth_token, "/reports/"); if (sp == NULL) { - fprintf(stderr, "POST submit Location URL is malformed.\n"); + logg("!POST submit Location URL is malformed.\n"); } else if (!strcmp(sp, "/reports/success")) { - fprintf(stdout, "Submission success!\n"); + logg("Submission success!\n"); status = 0; } else if (!strcmp(sp, "/reports/failure")) { - fprintf(stdout, "Submission failed\n"); + logg("Submission failed\n"); } else { - fprintf(stdout, "Unknown submission status %s\n", sp); + logg("Unknown submission status %s\n", sp); } } else { - fprintf(stderr, "Unexpected POST submit response code: %li\n", response_code); + logg("!Unexpected POST submit response code: %li\n", response_code); } } -cleanup: +done: /* * Cleanup */ + if (authenticity_token_header != NULL) { + free(authenticity_token_header); + } + if (session_cookie != NULL) { + free(session_cookie); + } if (slist != NULL) { curl_slist_free_all(slist); } @@ -587,15 +630,9 @@ wd.str = NULL; wd.len = 0; } - if (hd_malware.cfduid != NULL) { - free(hd_malware.cfduid); - } if (hd_malware.session != NULL) { free(hd_malware.session); } - if (hd_presigned.cfduid != NULL) { - free(hd_presigned.cfduid); - } if (hd_presigned.session != NULL) { free(hd_presigned.session); } diff -Nru clamav-0.103.2+dfsg/configure clamav-0.103.3+dfsg/configure --- clamav-0.103.2+dfsg/configure 2021-04-06 19:04:41.000000000 +0000 +++ clamav-0.103.3+dfsg/configure 2021-06-19 21:16:29.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ClamAV 0.103.2. +# Generated by GNU Autoconf 2.69 for ClamAV 0.103.3. # # Report bugs to . # @@ -592,8 +592,8 @@ # Identity of this package. PACKAGE_NAME='ClamAV' PACKAGE_TARNAME='clamav' -PACKAGE_VERSION='0.103.2' -PACKAGE_STRING='ClamAV 0.103.2' +PACKAGE_VERSION='0.103.3' +PACKAGE_STRING='ClamAV 0.103.3' PACKAGE_BUGREPORT='https://bugzilla.clamav.net/' PACKAGE_URL='https://www.clamav.net/' @@ -1606,7 +1606,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ClamAV 0.103.2 to adapt to many kinds of systems. +\`configure' configures ClamAV 0.103.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1687,7 +1687,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ClamAV 0.103.2:";; + short | recursive ) echo "Configuration of ClamAV 0.103.3:";; esac cat <<\_ACEOF --enable-dependency-tracking @@ -1922,7 +1922,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ClamAV configure 0.103.2 +ClamAV configure 0.103.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2550,7 +2550,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ClamAV $as_me 0.103.2, which was +It was created by ClamAV $as_me 0.103.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4308,7 +4308,7 @@ # Define the identity of the package. PACKAGE='clamav' - VERSION='0.103.2' + VERSION='0.103.3' # Some tools Automake needs. @@ -6036,7 +6036,7 @@ $as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h -VERSION="0.103.2" +VERSION="0.103.3" major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/^0-9//g"` minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/^0-9//g"` @@ -31896,7 +31896,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ClamAV $as_me 0.103.2, which was +This file was extended by ClamAV $as_me 0.103.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -31963,7 +31963,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ClamAV config.status 0.103.2 +ClamAV config.status 0.103.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -34813,7 +34813,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ClamAV $as_me 0.103.2, which was +This file was extended by ClamAV $as_me 0.103.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -34880,7 +34880,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ClamAV config.status 0.103.2 +ClamAV config.status 0.103.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru clamav-0.103.2+dfsg/configure.ac clamav-0.103.3+dfsg/configure.ac --- clamav-0.103.2+dfsg/configure.ac 2021-04-12 18:43:41.000000000 +0000 +++ clamav-0.103.3+dfsg/configure.ac 2021-06-27 19:39:58.000000000 +0000 @@ -22,7 +22,7 @@ dnl For a release change [devel] to the real version [0.xy] dnl also change VERSION below -AC_INIT([ClamAV], [0.103.2], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/]) +AC_INIT([ClamAV], [0.103.3], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/]) dnl put configure auxiliary into config AC_CONFIG_AUX_DIR([config]) diff -Nru clamav-0.103.2+dfsg/debian/.git-dpm clamav-0.103.3+dfsg/debian/.git-dpm --- clamav-0.103.2+dfsg/debian/.git-dpm 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/.git-dpm 2021-09-04 14:48:13.000000000 +0000 @@ -1,8 +1,8 @@ # see git-dpm(1) from git-dpm package -d1675a89d94c7e6e90e5087f587cdeb23b9af66d -d1675a89d94c7e6e90e5087f587cdeb23b9af66d -21b35cadc5ce6e45c2700201681499bc45eb5419 -21b35cadc5ce6e45c2700201681499bc45eb5419 -clamav_0.103.2+dfsg.orig.tar.xz -461ec3a7b45851e31a1cd9a4458473f9b4dc2677 -5123788 +de2e7f2bf2479a18a94f0bbe2e32fe67f49b845d +de2e7f2bf2479a18a94f0bbe2e32fe67f49b845d +576c3dc22d608d90c712c86aab8905d8d5ce619a +576c3dc22d608d90c712c86aab8905d8d5ce619a +clamav_0.103.3+dfsg.orig.tar.xz +1c8ffd98a7bdeec6bc329218da5d4f8e1f912333 +5124272 diff -Nru clamav-0.103.2+dfsg/debian/changelog clamav-0.103.3+dfsg/debian/changelog --- clamav-0.103.2+dfsg/debian/changelog 2021-04-15 19:59:11.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/changelog 2021-09-04 14:48:13.000000000 +0000 @@ -1,3 +1,14 @@ +clamav (0.103.3+dfsg-0+deb11u1) bullseye; urgency=medium + + * Import 0.103.3 + - Update symbol file. + - Regression: clamdscan segfaults with --fdpass --multipass and + ExcludePath (Closes: #988218). + * Remove clamav user on purge (Closes: #987861). + * Remove freshclam.dat on purge. + + -- Sebastian Andrzej Siewior Sat, 04 Sep 2021 16:48:13 +0200 + clamav (0.103.2+dfsg-2) unstable; urgency=medium * Remove deprecated option SafeBrowsing from debconf templates. diff -Nru clamav-0.103.2+dfsg/debian/clamav-base.postrm clamav-0.103.3+dfsg/debian/clamav-base.postrm --- clamav-0.103.2+dfsg/debian/clamav-base.postrm 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/clamav-base.postrm 2021-09-04 14:48:13.000000000 +0000 @@ -41,6 +41,7 @@ rm -f /var/log/clamav/*.log* /etc/clamav/*.conf.dpkg-old rm -f /var/lib/clamav/*.md5sum || true rm -f $DATABASEDIR/main.cvd $DATABASEDIR/daily.cvd $DATABASEDIR/bytecode.cvd $DATABASEDIR/bytecode.cld + userdel clamav || true ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; diff -Nru clamav-0.103.2+dfsg/debian/clamav-freshclam.postrm clamav-0.103.3+dfsg/debian/clamav-freshclam.postrm --- clamav-0.103.2+dfsg/debian/clamav-freshclam.postrm 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/clamav-freshclam.postrm 2021-09-04 14:48:13.000000000 +0000 @@ -45,6 +45,7 @@ ${workdir}/daily.inc/* \ ${workdir}/main.inc/* \ ${workdir}/mirrors.dat \ + ${workdir}/freshclam.dat \ ${workdir}/interface" for i in $RMLIST; do rm -f $i > /dev/null 2>&1 || true diff -Nru clamav-0.103.2+dfsg/debian/libclamav9.symbols clamav-0.103.3+dfsg/debian/libclamav9.symbols --- clamav-0.103.2+dfsg/debian/libclamav9.symbols 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/libclamav9.symbols 2021-09-04 14:47:50.000000000 +0000 @@ -1,20 +1,20 @@ libclamav.so.9 libclamav9 #MINVER# * Build-Depends-Package: libclamav-dev - CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.103.2 + CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.103.3 CLAMAV_PUBLIC@CLAMAV_PUBLIC 0.101.0 - __cli_strcasestr@CLAMAV_PRIVATE 0.103.2 - __cli_strndup@CLAMAV_PRIVATE 0.103.2 - __cli_strnlen@CLAMAV_PRIVATE 0.103.2 - __cli_strnstr@CLAMAV_PRIVATE 0.103.2 - base64Flush@CLAMAV_PRIVATE 0.103.2 - blobAddData@CLAMAV_PRIVATE 0.103.2 - blobCreate@CLAMAV_PRIVATE 0.103.2 - blobDestroy@CLAMAV_PRIVATE 0.103.2 - cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.103.2 + __cli_strcasestr@CLAMAV_PRIVATE 0.103.3 + __cli_strndup@CLAMAV_PRIVATE 0.103.3 + __cli_strnlen@CLAMAV_PRIVATE 0.103.3 + __cli_strnstr@CLAMAV_PRIVATE 0.103.3 + base64Flush@CLAMAV_PRIVATE 0.103.3 + blobAddData@CLAMAV_PRIVATE 0.103.3 + blobCreate@CLAMAV_PRIVATE 0.103.3 + blobDestroy@CLAMAV_PRIVATE 0.103.3 + cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.103.3 cl_always_gen_section_hash@CLAMAV_PUBLIC 0.101.0 - cl_base64_decode@CLAMAV_PRIVATE 0.103.2 - cl_base64_encode@CLAMAV_PRIVATE 0.103.2 - cl_cleanup_crypto@CLAMAV_PRIVATE 0.103.2 + cl_base64_decode@CLAMAV_PRIVATE 0.103.3 + cl_base64_encode@CLAMAV_PRIVATE 0.103.3 + cl_cleanup_crypto@CLAMAV_PRIVATE 0.103.3 cl_countsigs@CLAMAV_PUBLIC 0.101.0 cl_cvdfree@CLAMAV_PUBLIC 0.101.0 cl_cvdhead@CLAMAV_PUBLIC 0.101.0 @@ -54,19 +54,19 @@ cl_fmap_close@CLAMAV_PUBLIC 0.101.0 cl_fmap_open_handle@CLAMAV_PUBLIC 0.101.0 cl_fmap_open_memory@CLAMAV_PUBLIC 0.101.0 - cl_get_pkey_file@CLAMAV_PRIVATE 0.103.2 - cl_get_x509_from_mem@CLAMAV_PRIVATE 0.103.2 - cl_hash_data@CLAMAV_PRIVATE 0.103.2 + cl_get_pkey_file@CLAMAV_PRIVATE 0.103.3 + cl_get_x509_from_mem@CLAMAV_PRIVATE 0.103.3 + cl_hash_data@CLAMAV_PRIVATE 0.103.3 cl_hash_destroy@CLAMAV_PUBLIC 0.101.0 - cl_hash_file_fd@CLAMAV_PRIVATE 0.103.2 - cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.103.2 - cl_hash_file_fp@CLAMAV_PRIVATE 0.103.2 + cl_hash_file_fd@CLAMAV_PRIVATE 0.103.3 + cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.103.3 + cl_hash_file_fp@CLAMAV_PRIVATE 0.103.3 cl_hash_init@CLAMAV_PUBLIC 0.101.0 cl_init@CLAMAV_PUBLIC 0.101.0 - cl_initialize_crypto@CLAMAV_PRIVATE 0.103.2 + cl_initialize_crypto@CLAMAV_PRIVATE 0.103.3 cl_load@CLAMAV_PUBLIC 0.101.0 - cl_load_cert@CLAMAV_PRIVATE 0.103.2 - cl_load_crl@CLAMAV_PRIVATE 0.103.2 + cl_load_cert@CLAMAV_PRIVATE 0.103.3 + cl_load_crl@CLAMAV_PRIVATE 0.103.3 cl_retdbdir@CLAMAV_PUBLIC 0.101.0 cl_retflevel@CLAMAV_PUBLIC 0.103.0 cl_retver@CLAMAV_PUBLIC 0.101.0 @@ -76,195 +76,195 @@ cl_scanfile_callback@CLAMAV_PUBLIC 0.101.0 cl_scanmap_callback@CLAMAV_PUBLIC 0.101.0 cl_set_clcb_msg@CLAMAV_PUBLIC 0.101.0 - cl_sha1@CLAMAV_PRIVATE 0.103.2 - cl_sha256@CLAMAV_PRIVATE 0.103.2 - cl_sign_data@CLAMAV_PRIVATE 0.103.2 - cl_sign_data_keyfile@CLAMAV_PRIVATE 0.103.2 - cl_sign_file_fd@CLAMAV_PRIVATE 0.103.2 - cl_sign_file_fp@CLAMAV_PRIVATE 0.103.2 + cl_sha1@CLAMAV_PRIVATE 0.103.3 + cl_sha256@CLAMAV_PRIVATE 0.103.3 + cl_sign_data@CLAMAV_PRIVATE 0.103.3 + cl_sign_data_keyfile@CLAMAV_PRIVATE 0.103.3 + cl_sign_file_fd@CLAMAV_PRIVATE 0.103.3 + cl_sign_file_fp@CLAMAV_PRIVATE 0.103.3 cl_statchkdir@CLAMAV_PUBLIC 0.101.0 cl_statfree@CLAMAV_PUBLIC 0.101.0 cl_statinidir@CLAMAV_PUBLIC 0.101.0 cl_strerror@CLAMAV_PUBLIC 0.101.0 cl_update_hash@CLAMAV_PUBLIC 0.101.0 - cl_validate_certificate_chain@CLAMAV_PRIVATE 0.103.2 - cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_fd@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_fd_x509@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_hash@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_hash_x509@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_x509@CLAMAV_PRIVATE 0.103.2 - cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 0.103.2 - cli_ac_buildtrie@CLAMAV_PRIVATE 0.103.2 - cli_ac_chklsig@CLAMAV_PRIVATE 0.103.2 - cli_ac_free@CLAMAV_PRIVATE 0.103.2 - cli_ac_freedata@CLAMAV_PRIVATE 0.103.2 - cli_ac_init@CLAMAV_PRIVATE 0.103.2 - cli_ac_initdata@CLAMAV_PRIVATE 0.103.2 - cli_ac_scanbuff@CLAMAV_PRIVATE 0.103.2 - cli_basename@CLAMAV_PRIVATE 0.103.2 - cli_bm_free@CLAMAV_PRIVATE 0.103.2 - cli_bm_init@CLAMAV_PRIVATE 0.103.2 - cli_bm_scanbuff@CLAMAV_PRIVATE 0.103.2 - cli_build_regex_list@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_alloc@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_clear@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_destroy@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_set_trace@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_setfile@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_debug@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_describe@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_destroy@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_done@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_init@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_load@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_prepare2@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_printversion@CLAMAV_PRIVATE 0.103.2 - cli_bytecode_run@CLAMAV_PRIVATE 0.103.2 - cli_bytefunc_describe@CLAMAV_PRIVATE 0.103.2 - cli_byteinst_describe@CLAMAV_PRIVATE 0.103.2 - cli_bytetype_describe@CLAMAV_PRIVATE 0.103.2 - cli_bytevalue_describe@CLAMAV_PRIVATE 0.103.2 - cli_calloc@CLAMAV_PRIVATE 0.103.2 - cli_check_auth_header@CLAMAV_PRIVATE 0.103.2 - cli_chomp@CLAMAV_PRIVATE 0.103.2 - cli_codepage_to_utf8@CLAMAV_PRIVATE 0.103.2 - cli_ctime@CLAMAV_PRIVATE 0.103.2 - cli_cvdunpack@CLAMAV_PRIVATE 0.103.2 - cli_dbgmsg_internal@CLAMAV_PRIVATE 0.103.2 - cli_dconf_init@CLAMAV_PRIVATE 0.103.2 - cli_debug_flag@CLAMAV_PRIVATE 0.103.2 - cli_detect_environment@CLAMAV_PRIVATE 0.103.2 - cli_disasm_one@CLAMAV_PRIVATE 0.103.2 - cli_errmsg@CLAMAV_PRIVATE 0.103.2 - cli_filecopy@CLAMAV_PRIVATE 0.103.2 - cli_free_vba_project@CLAMAV_PRIVATE 0.103.2 - cli_ftw@CLAMAV_PRIVATE 0.103.2 - cli_genhash_pe@CLAMAV_PRIVATE 0.103.2 - cli_gentemp@CLAMAV_PRIVATE 0.103.2 - cli_gentemp_with_prefix@CLAMAV_PRIVATE 0.103.2 - cli_gentempfd@CLAMAV_PRIVATE 0.103.2 - cli_get_filepath_from_filedesc@CLAMAV_PRIVATE 0.103.2 - cli_gettmpdir@CLAMAV_PRIVATE 0.103.2 - cli_hashfile@CLAMAV_PRIVATE 0.103.2 - cli_hashset_destroy@CLAMAV_PRIVATE 0.103.2 - cli_hashstream@CLAMAV_PRIVATE 0.103.2 - cli_hex2str@CLAMAV_PRIVATE 0.103.2 - cli_hex2ui@CLAMAV_PRIVATE 0.103.2 - cli_initroots@CLAMAV_PRIVATE 0.103.2 - cli_isnumber@CLAMAV_PRIVATE 0.103.2 - cli_js_destroy@CLAMAV_PRIVATE 0.103.2 - cli_js_init@CLAMAV_PRIVATE 0.103.2 - cli_js_output@CLAMAV_PRIVATE 0.103.2 - cli_js_parse_done@CLAMAV_PRIVATE 0.103.2 - cli_js_process_buffer@CLAMAV_PRIVATE 0.103.2 - cli_ldbtokenize@CLAMAV_PRIVATE 0.103.2 - cli_malloc@CLAMAV_PRIVATE 0.103.2 - cli_memstr@CLAMAV_PRIVATE 0.103.2 - cli_ole2_extract@CLAMAV_PRIVATE 0.103.2 - cli_parse_add@CLAMAV_PRIVATE 0.103.2 - cli_pcre_build@CLAMAV_PRIVATE 0.103.2 - cli_pcre_freeoff@CLAMAV_PRIVATE 0.103.2 - cli_pcre_init@CLAMAV_PRIVATE 0.103.2 - cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 0.103.2 - cli_pcre_perf_print@CLAMAV_PRIVATE 0.103.2 - cli_pcre_recaloff@CLAMAV_PRIVATE 0.103.2 - cli_pcre_scanbuf@CLAMAV_PRIVATE 0.103.2 - cli_ppt_vba_read@CLAMAV_PRIVATE 0.103.2 - cli_printcxxver@CLAMAV_PRIVATE 0.103.2 - cli_readn@CLAMAV_PRIVATE 0.103.2 - cli_realloc@CLAMAV_PRIVATE 0.103.2 - cli_realpath@CLAMAV_PRIVATE 0.103.2 - cli_regcomp@CLAMAV_PRIVATE 0.103.2 - cli_regex2suffix@CLAMAV_PRIVATE 0.103.2 - cli_regexec@CLAMAV_PRIVATE 0.103.2 - cli_regfree@CLAMAV_PRIVATE 0.103.2 - cli_rmdirs@CLAMAV_PRIVATE 0.103.2 - cli_rndnum@CLAMAV_PRIVATE 0.103.2 - cli_sanitize_filepath@CLAMAV_PRIVATE 0.103.2 - cli_scan_buff@CLAMAV_PRIVATE 0.103.2 - cli_scan_fmap@CLAMAV_PRIVATE 0.103.2 - cli_sigopts_handler@CLAMAV_PRIVATE 0.103.2 - cli_sigperf_events_destroy@CLAMAV_PRIVATE 0.103.2 - cli_sigperf_print@CLAMAV_PRIVATE 0.103.2 - cli_str2hex@CLAMAV_PRIVATE 0.103.2 - cli_strbcasestr@CLAMAV_PRIVATE 0.103.2 - cli_strdup@CLAMAV_PRIVATE 0.103.2 - cli_strerror@CLAMAV_PRIVATE 0.103.2 - cli_strlcat@CLAMAV_PRIVATE 0.103.2 - cli_strlcpy@CLAMAV_PRIVATE 0.103.2 - cli_strntoul@CLAMAV_PRIVATE 0.103.2 - cli_strrcpy@CLAMAV_PRIVATE 0.103.2 - cli_strtok@CLAMAV_PRIVATE 0.103.2 - cli_strtokbuf@CLAMAV_PRIVATE 0.103.2 - cli_strtokenize@CLAMAV_PRIVATE 0.103.2 - cli_textbuffer_append_normalize@CLAMAV_PRIVATE 0.103.2 - cli_unescape@CLAMAV_PRIVATE 0.103.2 - cli_unlink@CLAMAV_PRIVATE 0.103.2 - cli_url_canon@CLAMAV_PRIVATE 0.103.2 - cli_utf16_to_utf8@CLAMAV_PRIVATE 0.103.2 - cli_utf16toascii@CLAMAV_PRIVATE 0.103.2 - cli_vba_inflate@CLAMAV_PRIVATE 0.103.2 - cli_vba_readdir@CLAMAV_PRIVATE 0.103.2 - cli_versig2@CLAMAV_PRIVATE 0.103.2 - cli_versig@CLAMAV_PRIVATE 0.103.2 - cli_warnmsg@CLAMAV_PRIVATE 0.103.2 - cli_wm_decrypt_macro@CLAMAV_PRIVATE 0.103.2 - cli_wm_readdir@CLAMAV_PRIVATE 0.103.2 - cli_writen@CLAMAV_PRIVATE 0.103.2 - decodeLine@CLAMAV_PRIVATE 0.103.2 - disasmbuf@CLAMAV_PRIVATE 0.103.2 - fmap@CLAMAV_PRIVATE 0.103.2 - fmap_duplicate@CLAMAV_PRIVATE 0.103.2 - free_duplicate_fmap@CLAMAV_PRIVATE 0.103.2 - get_fpu_endian@CLAMAV_PRIVATE 0.103.2 - have_clamjit@CLAMAV_PRIVATE 0.103.2 - have_rar@CLAMAV_PRIVATE 0.103.2 - html_normalise_map@CLAMAV_PRIVATE 0.103.2 - html_normalise_mem@CLAMAV_PRIVATE 0.103.2 - html_screnc_decode@CLAMAV_PRIVATE 0.103.2 - html_tag_arg_free@CLAMAV_PRIVATE 0.103.2 - init_domainlist@CLAMAV_PRIVATE 0.103.2 - init_regex_list@CLAMAV_PRIVATE 0.103.2 - init_whitelist@CLAMAV_PRIVATE 0.103.2 - is_regex_ok@CLAMAV_PRIVATE 0.103.2 - load_regex_matcher@CLAMAV_PRIVATE 0.103.2 + cl_validate_certificate_chain@CLAMAV_PRIVATE 0.103.3 + cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_fd@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_fd_x509@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_hash@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_hash_x509@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_x509@CLAMAV_PRIVATE 0.103.3 + cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 0.103.3 + cli_ac_buildtrie@CLAMAV_PRIVATE 0.103.3 + cli_ac_chklsig@CLAMAV_PRIVATE 0.103.3 + cli_ac_free@CLAMAV_PRIVATE 0.103.3 + cli_ac_freedata@CLAMAV_PRIVATE 0.103.3 + cli_ac_init@CLAMAV_PRIVATE 0.103.3 + cli_ac_initdata@CLAMAV_PRIVATE 0.103.3 + cli_ac_scanbuff@CLAMAV_PRIVATE 0.103.3 + cli_basename@CLAMAV_PRIVATE 0.103.3 + cli_bm_free@CLAMAV_PRIVATE 0.103.3 + cli_bm_init@CLAMAV_PRIVATE 0.103.3 + cli_bm_scanbuff@CLAMAV_PRIVATE 0.103.3 + cli_build_regex_list@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_alloc@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_clear@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_destroy@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_set_trace@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_setfile@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_debug@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_describe@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_destroy@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_done@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_init@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_load@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_prepare2@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_printversion@CLAMAV_PRIVATE 0.103.3 + cli_bytecode_run@CLAMAV_PRIVATE 0.103.3 + cli_bytefunc_describe@CLAMAV_PRIVATE 0.103.3 + cli_byteinst_describe@CLAMAV_PRIVATE 0.103.3 + cli_bytetype_describe@CLAMAV_PRIVATE 0.103.3 + cli_bytevalue_describe@CLAMAV_PRIVATE 0.103.3 + cli_calloc@CLAMAV_PRIVATE 0.103.3 + cli_check_auth_header@CLAMAV_PRIVATE 0.103.3 + cli_chomp@CLAMAV_PRIVATE 0.103.3 + cli_codepage_to_utf8@CLAMAV_PRIVATE 0.103.3 + cli_ctime@CLAMAV_PRIVATE 0.103.3 + cli_cvdunpack@CLAMAV_PRIVATE 0.103.3 + cli_dbgmsg_internal@CLAMAV_PRIVATE 0.103.3 + cli_dconf_init@CLAMAV_PRIVATE 0.103.3 + cli_debug_flag@CLAMAV_PRIVATE 0.103.3 + cli_detect_environment@CLAMAV_PRIVATE 0.103.3 + cli_disasm_one@CLAMAV_PRIVATE 0.103.3 + cli_errmsg@CLAMAV_PRIVATE 0.103.3 + cli_filecopy@CLAMAV_PRIVATE 0.103.3 + cli_free_vba_project@CLAMAV_PRIVATE 0.103.3 + cli_ftw@CLAMAV_PRIVATE 0.103.3 + cli_genhash_pe@CLAMAV_PRIVATE 0.103.3 + cli_gentemp@CLAMAV_PRIVATE 0.103.3 + cli_gentemp_with_prefix@CLAMAV_PRIVATE 0.103.3 + cli_gentempfd@CLAMAV_PRIVATE 0.103.3 + cli_get_filepath_from_filedesc@CLAMAV_PRIVATE 0.103.3 + cli_gettmpdir@CLAMAV_PRIVATE 0.103.3 + cli_hashfile@CLAMAV_PRIVATE 0.103.3 + cli_hashset_destroy@CLAMAV_PRIVATE 0.103.3 + cli_hashstream@CLAMAV_PRIVATE 0.103.3 + cli_hex2str@CLAMAV_PRIVATE 0.103.3 + cli_hex2ui@CLAMAV_PRIVATE 0.103.3 + cli_initroots@CLAMAV_PRIVATE 0.103.3 + cli_isnumber@CLAMAV_PRIVATE 0.103.3 + cli_js_destroy@CLAMAV_PRIVATE 0.103.3 + cli_js_init@CLAMAV_PRIVATE 0.103.3 + cli_js_output@CLAMAV_PRIVATE 0.103.3 + cli_js_parse_done@CLAMAV_PRIVATE 0.103.3 + cli_js_process_buffer@CLAMAV_PRIVATE 0.103.3 + cli_ldbtokenize@CLAMAV_PRIVATE 0.103.3 + cli_malloc@CLAMAV_PRIVATE 0.103.3 + cli_memstr@CLAMAV_PRIVATE 0.103.3 + cli_ole2_extract@CLAMAV_PRIVATE 0.103.3 + cli_parse_add@CLAMAV_PRIVATE 0.103.3 + cli_pcre_build@CLAMAV_PRIVATE 0.103.3 + cli_pcre_freeoff@CLAMAV_PRIVATE 0.103.3 + cli_pcre_init@CLAMAV_PRIVATE 0.103.3 + cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 0.103.3 + cli_pcre_perf_print@CLAMAV_PRIVATE 0.103.3 + cli_pcre_recaloff@CLAMAV_PRIVATE 0.103.3 + cli_pcre_scanbuf@CLAMAV_PRIVATE 0.103.3 + cli_ppt_vba_read@CLAMAV_PRIVATE 0.103.3 + cli_printcxxver@CLAMAV_PRIVATE 0.103.3 + cli_readn@CLAMAV_PRIVATE 0.103.3 + cli_realloc@CLAMAV_PRIVATE 0.103.3 + cli_realpath@CLAMAV_PRIVATE 0.103.3 + cli_regcomp@CLAMAV_PRIVATE 0.103.3 + cli_regex2suffix@CLAMAV_PRIVATE 0.103.3 + cli_regexec@CLAMAV_PRIVATE 0.103.3 + cli_regfree@CLAMAV_PRIVATE 0.103.3 + cli_rmdirs@CLAMAV_PRIVATE 0.103.3 + cli_rndnum@CLAMAV_PRIVATE 0.103.3 + cli_sanitize_filepath@CLAMAV_PRIVATE 0.103.3 + cli_scan_buff@CLAMAV_PRIVATE 0.103.3 + cli_scan_fmap@CLAMAV_PRIVATE 0.103.3 + cli_sigopts_handler@CLAMAV_PRIVATE 0.103.3 + cli_sigperf_events_destroy@CLAMAV_PRIVATE 0.103.3 + cli_sigperf_print@CLAMAV_PRIVATE 0.103.3 + cli_str2hex@CLAMAV_PRIVATE 0.103.3 + cli_strbcasestr@CLAMAV_PRIVATE 0.103.3 + cli_strdup@CLAMAV_PRIVATE 0.103.3 + cli_strerror@CLAMAV_PRIVATE 0.103.3 + cli_strlcat@CLAMAV_PRIVATE 0.103.3 + cli_strlcpy@CLAMAV_PRIVATE 0.103.3 + cli_strntoul@CLAMAV_PRIVATE 0.103.3 + cli_strrcpy@CLAMAV_PRIVATE 0.103.3 + cli_strtok@CLAMAV_PRIVATE 0.103.3 + cli_strtokbuf@CLAMAV_PRIVATE 0.103.3 + cli_strtokenize@CLAMAV_PRIVATE 0.103.3 + cli_textbuffer_append_normalize@CLAMAV_PRIVATE 0.103.3 + cli_unescape@CLAMAV_PRIVATE 0.103.3 + cli_unlink@CLAMAV_PRIVATE 0.103.3 + cli_url_canon@CLAMAV_PRIVATE 0.103.3 + cli_utf16_to_utf8@CLAMAV_PRIVATE 0.103.3 + cli_utf16toascii@CLAMAV_PRIVATE 0.103.3 + cli_vba_inflate@CLAMAV_PRIVATE 0.103.3 + cli_vba_readdir@CLAMAV_PRIVATE 0.103.3 + cli_versig2@CLAMAV_PRIVATE 0.103.3 + cli_versig@CLAMAV_PRIVATE 0.103.3 + cli_warnmsg@CLAMAV_PRIVATE 0.103.3 + cli_wm_decrypt_macro@CLAMAV_PRIVATE 0.103.3 + cli_wm_readdir@CLAMAV_PRIVATE 0.103.3 + cli_writen@CLAMAV_PRIVATE 0.103.3 + decodeLine@CLAMAV_PRIVATE 0.103.3 + disasmbuf@CLAMAV_PRIVATE 0.103.3 + fmap@CLAMAV_PRIVATE 0.103.3 + fmap_duplicate@CLAMAV_PRIVATE 0.103.3 + free_duplicate_fmap@CLAMAV_PRIVATE 0.103.3 + get_fpu_endian@CLAMAV_PRIVATE 0.103.3 + have_clamjit@CLAMAV_PRIVATE 0.103.3 + have_rar@CLAMAV_PRIVATE 0.103.3 + html_normalise_map@CLAMAV_PRIVATE 0.103.3 + html_normalise_mem@CLAMAV_PRIVATE 0.103.3 + html_screnc_decode@CLAMAV_PRIVATE 0.103.3 + html_tag_arg_free@CLAMAV_PRIVATE 0.103.3 + init_domainlist@CLAMAV_PRIVATE 0.103.3 + init_regex_list@CLAMAV_PRIVATE 0.103.3 + init_whitelist@CLAMAV_PRIVATE 0.103.3 + is_regex_ok@CLAMAV_PRIVATE 0.103.3 + load_regex_matcher@CLAMAV_PRIVATE 0.103.3 lsig_sub_matched@CLAMAV_PUBLIC 0.101.0 - messageCreate@CLAMAV_PRIVATE 0.103.2 - messageDestroy@CLAMAV_PRIVATE 0.103.2 - mpool_calloc@CLAMAV_PRIVATE 0.103.2 - mpool_create@CLAMAV_PRIVATE 0.103.2 - mpool_destroy@CLAMAV_PRIVATE 0.103.2 - mpool_free@CLAMAV_PRIVATE 0.103.2 - mpool_getstats@CLAMAV_PRIVATE 0.103.2 - phishingScan@CLAMAV_PRIVATE 0.103.2 - phishing_done@CLAMAV_PRIVATE 0.103.2 - phishing_init@CLAMAV_PRIVATE 0.103.2 - regex_list_add_pattern@CLAMAV_PRIVATE 0.103.2 - regex_list_done@CLAMAV_PRIVATE 0.103.2 - regex_list_match@CLAMAV_PRIVATE 0.103.2 - tableCreate@CLAMAV_PRIVATE 0.103.2 - tableDestroy@CLAMAV_PRIVATE 0.103.2 - tableFind@CLAMAV_PRIVATE 0.103.2 - tableInsert@CLAMAV_PRIVATE 0.103.2 - tableIterate@CLAMAV_PRIVATE 0.103.2 - tableRemove@CLAMAV_PRIVATE 0.103.2 - tableUpdate@CLAMAV_PRIVATE 0.103.2 - text_normalize_init@CLAMAV_PRIVATE 0.103.2 - text_normalize_map@CLAMAV_PRIVATE 0.103.2 - text_normalize_reset@CLAMAV_PRIVATE 0.103.2 - uniq_add@CLAMAV_PRIVATE 0.103.2 - uniq_free@CLAMAV_PRIVATE 0.103.2 - uniq_get@CLAMAV_PRIVATE 0.103.2 - uniq_init@CLAMAV_PRIVATE 0.103.2 + messageCreate@CLAMAV_PRIVATE 0.103.3 + messageDestroy@CLAMAV_PRIVATE 0.103.3 + mpool_calloc@CLAMAV_PRIVATE 0.103.3 + mpool_create@CLAMAV_PRIVATE 0.103.3 + mpool_destroy@CLAMAV_PRIVATE 0.103.3 + mpool_free@CLAMAV_PRIVATE 0.103.3 + mpool_getstats@CLAMAV_PRIVATE 0.103.3 + phishingScan@CLAMAV_PRIVATE 0.103.3 + phishing_done@CLAMAV_PRIVATE 0.103.3 + phishing_init@CLAMAV_PRIVATE 0.103.3 + regex_list_add_pattern@CLAMAV_PRIVATE 0.103.3 + regex_list_done@CLAMAV_PRIVATE 0.103.3 + regex_list_match@CLAMAV_PRIVATE 0.103.3 + tableCreate@CLAMAV_PRIVATE 0.103.3 + tableDestroy@CLAMAV_PRIVATE 0.103.3 + tableFind@CLAMAV_PRIVATE 0.103.3 + tableInsert@CLAMAV_PRIVATE 0.103.3 + tableIterate@CLAMAV_PRIVATE 0.103.3 + tableRemove@CLAMAV_PRIVATE 0.103.3 + tableUpdate@CLAMAV_PRIVATE 0.103.3 + text_normalize_init@CLAMAV_PRIVATE 0.103.3 + text_normalize_map@CLAMAV_PRIVATE 0.103.3 + text_normalize_reset@CLAMAV_PRIVATE 0.103.3 + uniq_add@CLAMAV_PRIVATE 0.103.3 + uniq_free@CLAMAV_PRIVATE 0.103.3 + uniq_get@CLAMAV_PRIVATE 0.103.3 + uniq_init@CLAMAV_PRIVATE 0.103.3 libfreshclam.so.2 libclamav9 #MINVER# FRESHCLAM_PRIVATE@FRESHCLAM_PRIVATE 0.103.0 FRESHCLAM_PUBLIC@FRESHCLAM_PUBLIC 0.102.1 diff -Nru clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch --- clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch 2021-09-04 14:48:13.000000000 +0000 @@ -1,4 +1,4 @@ -From 4e68f22bcfc3a5ecfa1ae06cb107cacdc4bef03c Mon Sep 17 00:00:00 2001 +From 1a5190649a499548b964702ac015b430b1080d3d Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Fri, 14 Oct 2016 20:24:39 +0200 Subject: Add support for LLVM 3.7 diff -Nru clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch --- clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch 2021-09-04 14:48:13.000000000 +0000 @@ -1,4 +1,4 @@ -From 76910b319dfdad40383d09ec0d860010d8e993df Mon Sep 17 00:00:00 2001 +From 84185995b22d4fa38bd9fdd608853440b558643f Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Fri, 14 Oct 2016 20:24:48 +0200 Subject: Add support for LLVM 3.8 diff -Nru clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch --- clamav-0.103.2+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch 2021-09-04 14:48:13.000000000 +0000 @@ -1,4 +1,4 @@ -From 515617f9f29874d9c3cdb6127e62f8c4ac22c685 Mon Sep 17 00:00:00 2001 +From 8b0d5f9c7c392a5965b2861fdfd9de32f267802b Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Fri, 14 Oct 2016 20:24:56 +0200 Subject: Add support for LLVM 3.9 diff -Nru clamav-0.103.2+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch clamav-0.103.3+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch --- clamav-0.103.2+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch 2021-09-04 14:48:13.000000000 +0000 @@ -1,4 +1,4 @@ -From 77302f5486baf3747a35afcec052705d059691ca Mon Sep 17 00:00:00 2001 +From 7e24482e7b91ca4aff48618c0b75e600118b6a0c Mon Sep 17 00:00:00 2001 From: Scott Kitterman Date: Mon, 10 Mar 2014 19:20:18 -0400 Subject: Change paths in sample conf file to match Debian diff -Nru clamav-0.103.2+dfsg/debian/patches/Fix-ck_assert_msg-call.patch clamav-0.103.3+dfsg/debian/patches/Fix-ck_assert_msg-call.patch --- clamav-0.103.2+dfsg/debian/patches/Fix-ck_assert_msg-call.patch 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/patches/Fix-ck_assert_msg-call.patch 2021-09-04 14:48:13.000000000 +0000 @@ -1,4 +1,4 @@ -From d1675a89d94c7e6e90e5087f587cdeb23b9af66d Mon Sep 17 00:00:00 2001 +From de2e7f2bf2479a18a94f0bbe2e32fe67f49b845d Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 17 Sep 2020 22:26:04 -0600 Subject: unit tests: Fix ck_assert_msg() call diff -Nru clamav-0.103.2+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch clamav-0.103.3+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch --- clamav-0.103.2+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch 2021-09-04 14:48:13.000000000 +0000 @@ -1,4 +1,4 @@ -From 9bffde2bc8f8b917b3bf9396f6671d129af957c0 Mon Sep 17 00:00:00 2001 +From 38a984c476dab64ea9909041bec503631893e173 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Wed, 11 Mar 2015 20:03:15 +0100 Subject: add support for system tomsfastmath @@ -14,7 +14,7 @@ create mode 100644 m4/reorganization/libs/tomsfastmath.m4 diff --git a/configure.ac b/configure.ac -index 6da01a3..1e46398 100644 +index b8f4ba8..6d967be 100644 --- a/configure.ac +++ b/configure.ac @@ -98,6 +98,7 @@ m4_include([m4/reorganization/libs/libmspack.m4]) diff -Nru clamav-0.103.2+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch clamav-0.103.3+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch --- clamav-0.103.2+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch 2021-09-04 14:48:13.000000000 +0000 @@ -1,4 +1,4 @@ -From 66ac638a624c0db07b40e47cc9ee9cc7f826db3e Mon Sep 17 00:00:00 2001 +From 79825218e6b66c3cf02ca57804812e4d780696ba Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior Date: Thu, 11 Aug 2016 21:54:10 +0200 Subject: clamd: don't depend on clamav-demon.socket diff -Nru clamav-0.103.2+dfsg/debian/rules clamav-0.103.3+dfsg/debian/rules --- clamav-0.103.2+dfsg/debian/rules 2021-04-15 19:43:06.000000000 +0000 +++ clamav-0.103.3+dfsg/debian/rules 2021-09-04 14:48:13.000000000 +0000 @@ -88,7 +88,7 @@ fi;\ done; \ # Check for library features which may have been upgraded. - if ! grep -q "CL_FLEVEL 123" libclamav/others.h ; then \ + if ! grep -q "CL_FLEVEL 124" libclamav/others.h ; then \ echo "cl_retflevel needs boosting in symbol file"; \ touch debian/exit; \ fi; diff -Nru clamav-0.103.2+dfsg/docs/man/freshclam.conf.5.in clamav-0.103.3+dfsg/docs/man/freshclam.conf.5.in --- clamav-0.103.2+dfsg/docs/man/freshclam.conf.5.in 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/docs/man/freshclam.conf.5.in 2021-06-19 21:15:59.000000000 +0000 @@ -165,6 +165,7 @@ .TP \fBHTTPUserAgent STRING\fR If your servers are behind a firewall/proxy which applies User-Agent filtering, you can use this option to force the use of a different User-Agent header. +As of ClamAV 0.103.3, this setting may not be used when updating from the clamav.net CDN and can only be used when updating from a private mirror. .br . Default: clamav/version_number .TP diff -Nru clamav-0.103.2+dfsg/etc/freshclam.conf.sample clamav-0.103.3+dfsg/etc/freshclam.conf.sample --- clamav-0.103.2+dfsg/etc/freshclam.conf.sample 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/etc/freshclam.conf.sample 2021-06-19 21:15:59.000000000 +0000 @@ -135,7 +135,9 @@ # If your servers are behind a firewall/proxy which applies User-Agent # filtering you can use this option to force the use of a different # User-Agent header. -# Default: clamav/version_number +# As of ClamAV 0.103.3, this setting may not be used when updating from the +# clamav.net CDN and can only be used when updating from a private mirror. +# Default: clamav/version_number (OS: ..., ARCH: ..., CPU: ..., UUID: ...) #HTTPUserAgent SomeUserAgentIdString # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for diff -Nru clamav-0.103.2+dfsg/examples/ex1.c clamav-0.103.3+dfsg/examples/ex1.c --- clamav-0.103.2+dfsg/examples/ex1.c 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/examples/ex1.c 2021-06-19 21:15:59.000000000 +0000 @@ -24,7 +24,9 @@ #include #include #include +#ifndef _WIN32 #include +#endif #include #include #include diff -Nru clamav-0.103.2+dfsg/freshclam/freshclam.c clamav-0.103.3+dfsg/freshclam/freshclam.c --- clamav-0.103.2+dfsg/freshclam/freshclam.c 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/freshclam/freshclam.c 2021-06-19 21:15:59.000000000 +0000 @@ -927,8 +927,24 @@ logg("Connecting via %s\n", fcConfig.proxyServer); } - if (optget(opts, "HTTPUserAgent")->enabled) - fcConfig.userAgent = optget(opts, "HTTPUserAgent")->strarg; + if (optget(opts, "HTTPUserAgent")->enabled) { + + if (!(optget(opts, "PrivateMirror")->enabled) && + (optget(opts, "DatabaseMirror")->enabled) && + (strstr(optget(opts, "DatabaseMirror")->strarg, "clamav.net"))) { + /* + * Using the official project CDN. + */ + logg("In an effort to reduce CDN data costs, HTTPUserAgent may not be used when updating from clamav.net.\n"); + logg("The HTTPUserAgent specified in your config will be ignored so that FreshClam is not blocked by the CDN.\n"); + logg("If ClamAV's user agent is not allowed through your firewall/proxy, please contact your network administrator.\n\n"); + } else { + /* + * Using some other CDN or private mirror. + */ + fcConfig.userAgent = optget(opts, "HTTPUserAgent")->strarg; + } + } fcConfig.maxAttempts = optget(opts, "MaxAttempts")->numarg; fcConfig.connectTimeout = optget(opts, "ConnectTimeout")->numarg; @@ -1891,6 +1907,36 @@ } /* + * freshclam may have created the freshclam.dat file with as root + * if run in daemon-mode, so we should give ownership to the + * DatabaseOwner if we're supposed to drop privileges.. + */ + if ((0 == geteuid()) && (NULL != optget(opts, "DatabaseOwner")->strarg)) { + struct passwd *user = NULL; + STATBUF sb; + + if ((user = getpwnam(optget(opts, "DatabaseOwner")->strarg)) == NULL) { + logg("^Can't get information about user %s.\n", optget(opts, "DatabaseOwner")->strarg); + fprintf(stderr, "ERROR: Can't get information about user %s.\n", optget(opts, "DatabaseOwner")->strarg); + status = FC_ECONFIG; + goto done; + } + + /*Change ownership of the freshclam DAT file to the user we are going to switch to.*/ + if (CLAMSTAT("freshclam.dat", &sb) != -1) { + int ret = lchown("freshclam.dat", user->pw_uid, user->pw_gid); + if (ret) { + fprintf(stderr, "ERROR: lchown to user '%s' failed on freshclam.dat\n", user->pw_name); + fprintf(stderr, "Error was '%s'\n", strerror(errno)); + logg("^lchown to user '%s' failed on freshclam.dat. Error was '%s'\n", + user->pw_name, strerror(errno)); + status = FC_ECONFIG; + goto done; + } + } + } + + /* * freshclam shouldn't work with root privileges. * Drop privileges to the DatabaseOwner user, if specified. */ diff -Nru clamav-0.103.2+dfsg/libclamav/bytecode_api.h clamav-0.103.3+dfsg/libclamav/bytecode_api.h --- clamav-0.103.2+dfsg/libclamav/bytecode_api.h 2021-04-06 19:03:42.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/bytecode_api.h 2021-06-19 21:15:59.000000000 +0000 @@ -148,6 +148,7 @@ FUNC_LEVEL_0103 = 121, /**< LibClamAV release 0.103.0 */ FUNC_LEVEL_0103_1 = 122, /**< LibClamAV release 0.103.1 */ FUNC_LEVEL_0103_2 = 123, /**< LibClamAV release 0.103.2 */ + FUNC_LEVEL_0103_3 = 124, /**< LibClamAV release 0.103.3 */ }; /** diff -Nru clamav-0.103.2+dfsg/libclamav/c++/Makefile.in clamav-0.103.3+dfsg/libclamav/c++/Makefile.in --- clamav-0.103.2+dfsg/libclamav/c++/Makefile.in 2021-04-06 19:04:34.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/c++/Makefile.in 2021-06-19 21:16:22.000000000 +0000 @@ -5333,8 +5333,8 @@ @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -@BUILD_EXTERNAL_LLVM_TRUE@distclean-local: @BUILD_EXTERNAL_LLVM_TRUE@clean-local: +@BUILD_EXTERNAL_LLVM_TRUE@distclean-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local \ diff -Nru clamav-0.103.2+dfsg/libclamav/macho.c clamav-0.103.3+dfsg/libclamav/macho.c --- clamav-0.103.2+dfsg/libclamav/macho.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/macho.c 2021-06-19 21:15:59.000000000 +0000 @@ -562,6 +562,15 @@ cli_dbgmsg("UNIBIN: Binary %u of %u\n", i + 1, fat_header.nfats); cli_dbgmsg("UNIBIN: File offset: %u\n", fat_arch.offset); cli_dbgmsg("UNIBIN: File size: %u\n", fat_arch.size); + + /* The offset must be greater than the location of the header or we risk + re-scanning the same data over and over again. The scan recursion max + will save us, but it will still cause other problems and waste CPU. */ + if (fat_arch.offset < at) { + cli_dbgmsg("Invalid fat offset: %d\n", fat_arch.offset); + RETURN_BROKEN; + } + ret = cli_magic_scan_nested_fmap_type(map, fat_arch.offset, fat_arch.size, ctx, CL_TYPE_ANY, NULL); if (ret == CL_VIRUS) break; diff -Nru clamav-0.103.2+dfsg/libclamav/ole2_extract.c clamav-0.103.3+dfsg/libclamav/ole2_extract.c --- clamav-0.103.2+dfsg/libclamav/ole2_extract.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/ole2_extract.c 2021-06-19 21:15:59.000000000 +0000 @@ -673,7 +673,7 @@ break; case 2: /* File */ ole2_listmsg("file node\n"); - if (ctx && ctx->engine->maxfiles && ctx->scannedfiles + *file_count > ctx->engine->maxfiles) { + if (ctx && ctx->engine->maxfiles && ((*file_count > ctx->engine->maxfiles) || (ctx->scannedfiles > ctx->engine->maxfiles - *file_count))) { cli_dbgmsg("OLE2: files limit reached (max: %u)\n", ctx->engine->maxfiles); ole2_list_delete(&node_list); return CL_EMAXFILES; diff -Nru clamav-0.103.2+dfsg/libclamav/others.h clamav-0.103.3+dfsg/libclamav/others.h --- clamav-0.103.2+dfsg/libclamav/others.h 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/others.h 2021-06-19 21:15:59.000000000 +0000 @@ -72,7 +72,7 @@ * in re-enabling affected modules. */ -#define CL_FLEVEL 123 +#define CL_FLEVEL 124 #define CL_FLEVEL_DCONF CL_FLEVEL #define CL_FLEVEL_SIGTOOL CL_FLEVEL @@ -951,7 +951,7 @@ * which one it is. * If it is a file, it simply calls the callback once, otherwise recurses. */ -int cli_ftw(char *base, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk); +cl_error_t cli_ftw(char *base, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk); const char *cli_strerror(int errnum, char *buf, size_t len); diff -Nru clamav-0.103.2+dfsg/libclamav/others_common.c clamav-0.103.3+dfsg/libclamav/others_common.c --- clamav-0.103.2+dfsg/libclamav/others_common.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/others_common.c 2021-06-19 21:15:59.000000000 +0000 @@ -574,28 +574,46 @@ return stated; } -static int handle_filetype(const char *fname, int flags, - STATBUF *statbuf, int *stated, enum filetype *ft, - cli_ftw_cb callback, struct cli_ftw_cbdata *data) +static cl_error_t handle_filetype(const char *fname, int flags, + STATBUF *statbuf, int *stated, enum filetype *ft, + cli_ftw_cb callback, struct cli_ftw_cbdata *data) { - int ret; + cl_error_t status = CL_EMEM; *stated = get_filetype(fname, flags, flags & CLI_FTW_NEED_STAT, statbuf, ft); if (*stated == -1) { - /* we failed a stat() or lstat() */ - ret = callback(NULL, NULL, fname, error_stat, data); - if (ret != CL_SUCCESS) - return ret; + /* we failed a stat() or lstat() */ + char *fname_copy = cli_strdup(fname); + if (NULL == fname_copy) { + goto done; + } + + status = callback(NULL, fname_copy, fname, error_stat, data); + if (status != CL_SUCCESS) { + goto done; + } *ft = ft_unknown; } else if (*ft == ft_skipped_link || *ft == ft_skipped_special) { /* skipped filetype */ - ret = callback(stated ? statbuf : NULL, NULL, fname, - *ft == ft_skipped_link ? warning_skipped_link : warning_skipped_special, data); - if (ret != CL_SUCCESS) - return ret; + char *fname_copy = cli_strdup(fname); + if (NULL == fname_copy) { + goto done; + } + + status = callback(stated ? statbuf : NULL, + fname_copy, + fname, + *ft == ft_skipped_link ? warning_skipped_link : warning_skipped_special, + data); + if (status != CL_SUCCESS) + goto done; } - return CL_SUCCESS; + + status = CL_SUCCESS; + +done: + return status; } static int cli_ftw_dir(const char *dirname, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk); @@ -608,13 +626,14 @@ } } -int cli_ftw(char *path, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk) +cl_error_t cli_ftw(char *path, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk) { + cl_error_t status = CL_EMEM; STATBUF statbuf; enum filetype ft = ft_unknown; struct dirent_data entry; - int stated = 0; - int ret; + int stated = 0; + char *path_copy = NULL; if (((flags & CLI_FTW_TRIM_SLASHES) || pathchk) && path[0] && path[1]) { char *pathend; @@ -627,23 +646,49 @@ while (pathend > path && pathend[-1] == *PATHSEP) --pathend; *pathend = '\0'; } - if (pathchk && pathchk(path, data) == 1) - return CL_SUCCESS; - ret = handle_filetype(path, flags, &statbuf, &stated, &ft, callback, data); - if (ret != CL_SUCCESS) - return ret; - if (ft_skipped(ft)) - return CL_SUCCESS; - entry.statbuf = stated ? &statbuf : NULL; - entry.is_dir = ft == ft_directory; - entry.filename = entry.is_dir ? NULL : strdup(path); - entry.dirname = entry.is_dir ? path : NULL; + + if (pathchk && pathchk(path, data) == 1) { + status = CL_SUCCESS; + goto done; + } + + status = handle_filetype(path, flags, &statbuf, &stated, &ft, callback, data); + if (status != CL_SUCCESS) { + goto done; + } + + if (ft_skipped(ft)) { + status = CL_SUCCESS; + goto done; + } + + entry.statbuf = stated ? &statbuf : NULL; + entry.is_dir = ft == ft_directory; + if (entry.is_dir) { - ret = callback(entry.statbuf, NULL, path, visit_directory_toplev, data); - if (ret != CL_SUCCESS) - return ret; + path_copy = cli_strdup(path); + if (NULL == path_copy) { + goto done; + } + + status = callback(entry.statbuf, path_copy, path, visit_directory_toplev, data); + if (status != CL_SUCCESS) { + goto done; + } + } + + path_copy = cli_strdup(path); + if (NULL == path_copy) { + goto done; } - return handle_entry(&entry, flags, maxdepth, callback, data, pathchk); + + entry.filename = entry.is_dir ? NULL : path_copy; + entry.dirname = entry.is_dir ? path : NULL; + + status = handle_entry(&entry, flags, maxdepth, callback, data, pathchk); + +done: + return status; } static int cli_ftw_dir(const char *dirname, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk) diff -Nru clamav-0.103.2+dfsg/libclamav/png.c clamav-0.103.3+dfsg/libclamav/png.c --- clamav-0.103.2+dfsg/libclamav/png.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/png.c 2021-06-19 21:15:59.000000000 +0000 @@ -357,7 +357,7 @@ zstrm_initialized = false; idat_state = PNG_IDAT_DECOMPRESSION_COMPLETE; - if (decompressed_data_len > image_size) { + if ((decompressed_data_len > image_size) && (SCAN_HEURISTIC_BROKEN_MEDIA)) { status = cli_append_virus(ctx, "Heuristics.PNG.CVE-2010-1205"); goto done; } diff -Nru clamav-0.103.2+dfsg/libclamav/scanners.c clamav-0.103.3+dfsg/libclamav/scanners.c --- clamav-0.103.2+dfsg/libclamav/scanners.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libclamav/scanners.c 2021-06-19 21:15:59.000000000 +0000 @@ -3123,6 +3123,7 @@ (type != CL_TYPE_GPT) && /* Omit GPT files because it's an image format that we can extract and scan manually. */ (type != CL_TYPE_CPIO_OLD) && /* Omit CPIO_OLD files because it's an image format that we can extract and scan manually. */ (type != CL_TYPE_ZIP) && /* Omit ZIP files because it'll detect each zip file entry as SFXZIP, which is a waste. We'll extract it and then scan. */ + (type != CL_TYPE_ZIPSFX) && /* Omit ZIPSFX files because we should've already detected each entry with embedded file type recognition already! */ (type != CL_TYPE_OLD_TAR) && /* Omit OLD TAR files because it's a raw archive format that we can extract and scan manually. */ (type != CL_TYPE_POSIX_TAR)) { /* Omit POSIX TAR files because it's a raw archive format that we can extract and scan manually. */ /* @@ -4875,7 +4876,7 @@ cli_logg_setup(&ctx); - rc = cli_magic_scan_nested_fmap_type(map, 0, map->len, &ctx, CL_TYPE_ANY, target_basename); + rc = cli_magic_scan(&ctx, CL_TYPE_ANY); if (rc == CL_CLEAN && ctx.found_possibly_unwanted) { cli_virus_found_cb(&ctx); diff -Nru clamav-0.103.2+dfsg/libfreshclam/libfreshclam.c clamav-0.103.3+dfsg/libfreshclam/libfreshclam.c --- clamav-0.103.2+dfsg/libfreshclam/libfreshclam.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libfreshclam/libfreshclam.c 2021-06-19 21:16:00.000000000 +0000 @@ -250,12 +250,12 @@ g_bCompressLocalDatabase = fcConfig->bCompressLocalDatabase; - /* Load or create mirrors.dat */ - if (FC_SUCCESS != load_mirrors_dat()) { - logg("*Failed to load mirrors.dat; will create a new mirrors.dat\n"); + /* Load or create freshclam.dat */ + if (FC_SUCCESS != load_freshclam_dat()) { + logg("*Failed to load freshclam.dat; will create a new freshclam.dat\n"); - if (FC_SUCCESS != new_mirrors_dat()) { - logg("^Failed to create a new mirrors.dat!\n"); + if (FC_SUCCESS != new_freshclam_dat()) { + logg("^Failed to create a new freshclam.dat!\n"); status = FC_EINIT; goto done; } @@ -308,9 +308,9 @@ free(g_tempDirectory); g_tempDirectory = NULL; } - if (NULL != g_mirrorsDat) { - free(g_mirrorsDat); - g_mirrorsDat = NULL; + if (NULL != g_freshclamDat) { + free(g_freshclamDat); + g_freshclamDat = NULL; } } @@ -683,7 +683,7 @@ case FC_ERETRYLATER: { char retry_after_string[26]; struct tm *tm_info; - tm_info = localtime(&g_mirrorsDat->retry_after); + tm_info = localtime(&g_freshclamDat->retry_after); if (NULL == tm_info) { logg("!Failed to query the local time for the retry-after date!\n"); status = FC_ERROR; @@ -750,12 +750,12 @@ *nUpdated = 0; - if (g_mirrorsDat->retry_after > 0) { - if (g_mirrorsDat->retry_after > time(NULL)) { + if (g_freshclamDat->retry_after > 0) { + if (g_freshclamDat->retry_after > time(NULL)) { /* We're on cool-down, try again later. */ char retry_after_string[26]; struct tm *tm_info; - tm_info = localtime(&g_mirrorsDat->retry_after); + tm_info = localtime(&g_freshclamDat->retry_after); if (NULL == tm_info) { logg("!Failed to query the local time for the retry-after date!\n"); status = FC_ERROR; @@ -776,9 +776,9 @@ status = FC_SUCCESS; goto done; } else { - g_mirrorsDat->retry_after = 0; + g_freshclamDat->retry_after = 0; logg("^Cool-down expired, ok to try again.\n"); - save_mirrors_dat(); + save_freshclam_dat(); } } @@ -889,7 +889,7 @@ case FC_ERETRYLATER: { char retry_after_string[26]; struct tm *tm_info; - tm_info = localtime(&g_mirrorsDat->retry_after); + tm_info = localtime(&g_freshclamDat->retry_after); if (NULL == tm_info) { logg("!Failed to query the local time for the retry-after date!\n"); status = FC_ERROR; diff -Nru clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.c clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.c --- clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.c 2021-06-19 21:16:00.000000000 +0000 @@ -116,7 +116,7 @@ uint32_t g_bCompressLocalDatabase = 0; -mirrors_dat_v1_t *g_mirrorsDat = NULL; +freshclam_dat_v1_t *g_freshclamDat = NULL; /** @brief Generate a Version 4 UUID according to RFC-4122 * @@ -164,12 +164,12 @@ return; } -fc_error_t load_mirrors_dat(void) +fc_error_t load_freshclam_dat(void) { fc_error_t status = FC_EINIT; int handle = -1; ssize_t bread = 0; - mirrors_dat_v1_t *mdat = NULL; + freshclam_dat_v1_t *mdat = NULL; uint32_t version = 0; char magic[13] = {0}; @@ -181,13 +181,13 @@ } logg("*Current working dir is %s\n", g_databaseDirectory); - if (-1 == (handle = open("mirrors.dat", O_RDONLY | O_BINARY))) { + if (-1 == (handle = open("freshclam.dat", O_RDONLY | O_BINARY))) { char currdir[PATH_MAX]; if (getcwd(currdir, sizeof(currdir))) - logg("*Can't open mirrors.dat in %s\n", currdir); + logg("*Can't open freshclam.dat in %s\n", currdir); else - logg("*Can't open mirrors.dat in the current directory\n"); + logg("*Can't open freshclam.dat in the current directory\n"); logg("*It probably doesn't exist yet. That's ok.\n"); status = FC_EFILE; @@ -197,18 +197,18 @@ if (strlen(MIRRORS_DAT_MAGIC) != (bread = read(handle, &magic, strlen(MIRRORS_DAT_MAGIC)))) { char error_message[260]; cli_strerror(errno, error_message, 260); - logg("!Can't read magic from mirrors.dat. Bytes read: %zi, error: %s\n", bread, error_message); + logg("!Can't read magic from freshclam.dat. Bytes read: %zi, error: %s\n", bread, error_message); goto done; } if (0 != strncmp(magic, MIRRORS_DAT_MAGIC, strlen(MIRRORS_DAT_MAGIC))) { - logg("*Magic bytes for mirrors.dat did not match expectations.\n"); + logg("*Magic bytes for freshclam.dat did not match expectations.\n"); goto done; } if (sizeof(uint32_t) != (bread = read(handle, &version, sizeof(uint32_t)))) { char error_message[260]; cli_strerror(errno, error_message, 260); - logg("!Can't read version from mirrors.dat. Bytes read: %zi, error: %s\n", bread, error_message); + logg("!Can't read version from freshclam.dat. Bytes read: %zi, error: %s\n", bread, error_message); goto done; } @@ -217,25 +217,25 @@ /* Verify that file size is as expected. */ off_t file_size = lseek(handle, 0L, SEEK_END); - if (strlen(MIRRORS_DAT_MAGIC) + sizeof(mirrors_dat_v1_t) != (size_t)file_size) { - logg("*mirrors.dat is bigger than expected: %zu != %ld\n", sizeof(mirrors_dat_v1_t), file_size); + if (strlen(MIRRORS_DAT_MAGIC) + sizeof(freshclam_dat_v1_t) != (size_t)file_size) { + logg("*freshclam.dat is bigger than expected: %zu != %ld\n", sizeof(freshclam_dat_v1_t), file_size); goto done; } /* Rewind to just after the magic bytes and read data struct */ lseek(handle, strlen(MIRRORS_DAT_MAGIC), SEEK_SET); - mdat = malloc(sizeof(mirrors_dat_v1_t)); + mdat = malloc(sizeof(freshclam_dat_v1_t)); if (NULL == mdat) { - logg("!Failed to allocate memory for mirrors.dat\n"); + logg("!Failed to allocate memory for freshclam.dat\n"); status = FC_EMEM; goto done; } - if (sizeof(mirrors_dat_v1_t) != (bread = read(handle, mdat, sizeof(mirrors_dat_v1_t)))) { + if (sizeof(freshclam_dat_v1_t) != (bread = read(handle, mdat, sizeof(freshclam_dat_v1_t)))) { char error_message[260]; cli_strerror(errno, error_message, 260); - logg("!Can't read from mirrors.dat. Bytes read: %zi, error: %s\n", bread, error_message); + logg("!Can't read from freshclam.dat. Bytes read: %zi, error: %s\n", bread, error_message); goto done; } @@ -245,27 +245,27 @@ /* This is the latest version. If we change the format in the future, we may wish to create a new - mirrors dat struct, import the relevant bits to the new format, - and then save (overwrite) mirrors.dat with the new data. */ - if (NULL != g_mirrorsDat) { - free(g_mirrorsDat); + freshclam.dat struct, import the relevant bits to the new format, + and then save (overwrite) freshclam.dat with the new data. */ + if (NULL != g_freshclamDat) { + free(g_freshclamDat); } - g_mirrorsDat = mdat; + g_freshclamDat = mdat; mdat = NULL; break; } default: { - logg("*mirrors.dat version is different than expected: %u != %u\n", 1, version); + logg("*freshclam.dat version is different than expected: %u != %u\n", 1, version); goto done; } } - logg("*Loaded mirrors.dat:\n"); - logg("* version: %d\n", g_mirrorsDat->version); - logg("* uuid: %s\n", g_mirrorsDat->uuid); - if (g_mirrorsDat->retry_after > 0) { + logg("*Loaded freshclam.dat:\n"); + logg("* version: %d\n", g_freshclamDat->version); + logg("* uuid: %s\n", g_freshclamDat->uuid); + if (g_freshclamDat->retry_after > 0) { char retry_after_string[26]; - struct tm *tm_info = localtime(&g_mirrorsDat->retry_after); + struct tm *tm_info = localtime(&g_freshclamDat->retry_after); if (NULL == tm_info) { logg("!Failed to query the local time for the retry-after date!\n"); goto done; @@ -284,45 +284,45 @@ if (NULL != mdat) { free(mdat); } - if (NULL != g_mirrorsDat) { - free(g_mirrorsDat); - g_mirrorsDat = NULL; + if (NULL != g_freshclamDat) { + free(g_freshclamDat); + g_freshclamDat = NULL; } } return status; } -fc_error_t save_mirrors_dat(void) +fc_error_t save_freshclam_dat(void) { fc_error_t status = FC_EINIT; int handle = -1; - if (NULL == g_mirrorsDat) { - logg("!Attempted to save mirrors data to mirrors.dat before initializing it!\n"); + if (NULL == g_freshclamDat) { + logg("!Attempted to save freshclam.dat before initializing data struct!\n"); goto done; } - if (-1 == (handle = open("mirrors.dat", O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644))) { + if (-1 == (handle = open("freshclam.dat", O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644))) { char currdir[PATH_MAX]; if (getcwd(currdir, sizeof(currdir))) - logg("!Can't create mirrors.dat in %s\n", currdir); + logg("!Can't create freshclam.dat in %s\n", currdir); else - logg("!Can't create mirrors.dat in the current directory\n"); + logg("!Can't create freshclam.dat in the current directory\n"); logg("Hint: The database directory must be writable for UID %d or GID %d\n", getuid(), getgid()); status = FC_EDBDIRACCESS; goto done; } if (-1 == write(handle, MIRRORS_DAT_MAGIC, strlen(MIRRORS_DAT_MAGIC))) { - logg("!Can't write to mirrors.dat\n"); + logg("!Can't write to freshclam.dat\n"); } - if (-1 == write(handle, g_mirrorsDat, sizeof(mirrors_dat_v1_t))) { - logg("!Can't write to mirrors.dat\n"); + if (-1 == write(handle, g_freshclamDat, sizeof(freshclam_dat_v1_t))) { + logg("!Can't write to freshclam.dat\n"); } - logg("*Saved mirrors.dat\n"); + logg("*Saved freshclam.dat\n"); status = FC_SUCCESS; done: @@ -333,13 +333,13 @@ return status; } -fc_error_t new_mirrors_dat(void) +fc_error_t new_freshclam_dat(void) { fc_error_t status = FC_EINIT; - mirrors_dat_v1_t *mdat = calloc(1, sizeof(mirrors_dat_v1_t)); + freshclam_dat_v1_t *mdat = calloc(1, sizeof(freshclam_dat_v1_t)); if (NULL == mdat) { - logg("!Failed to allocate memory for mirrors.dat\n"); + logg("!Failed to allocate memory for freshclam.dat\n"); status = FC_EMEM; goto done; } @@ -348,15 +348,15 @@ mdat->retry_after = 0; uuid_v4_gen(mdat->uuid); - if (NULL != g_mirrorsDat) { - free(g_mirrorsDat); + if (NULL != g_freshclamDat) { + free(g_freshclamDat); } - g_mirrorsDat = mdat; + g_freshclamDat = mdat; - logg("*Creating new mirrors.dat\n"); + logg("*Creating new freshclam.dat\n"); - if (FC_SUCCESS != save_mirrors_dat()) { - logg("!Failed to save mirrors.dat!\n"); + if (FC_SUCCESS != save_freshclam_dat()) { + logg("!Failed to save freshclam.dat!\n"); status = FC_EFILE; goto done; } @@ -368,7 +368,7 @@ if (NULL != mdat) { free(mdat); } - g_mirrorsDat = NULL; + g_freshclamDat = NULL; } return status; } @@ -597,7 +597,7 @@ snprintf(userAgent, sizeof(userAgent), PACKAGE "/%s (OS: " TARGET_OS_TYPE ", ARCH: " TARGET_ARCH_TYPE ", CPU: " TARGET_CPU_TYPE ", UUID: %s)", get_version(), - g_mirrorsDat->uuid); + g_freshclamDat->uuid); } userAgent[sizeof(userAgent) - 1] = 0; @@ -1013,13 +1013,13 @@ if (retry_after > 0) { /* The response gave us a Retry-After date. Use that. */ - g_mirrorsDat->retry_after = time(NULL) + (time_t)retry_after; + g_freshclamDat->retry_after = time(NULL) + (time_t)retry_after; } else { /* Try again in no less than 4 hours if the response didn't specify or if CURLINFO_RETRY_AFTER is not supported. */ - g_mirrorsDat->retry_after = time(NULL) + 60 * 60 * 4; + g_freshclamDat->retry_after = time(NULL) + 60 * 60 * 4; } - (void)save_mirrors_dat(); + (void)save_freshclam_dat(); break; } @@ -1309,13 +1309,13 @@ if (retry_after > 0) { /* The response gave us a Retry-After date. Use that. */ - g_mirrorsDat->retry_after = time(NULL) + (time_t)retry_after; + g_freshclamDat->retry_after = time(NULL) + (time_t)retry_after; } else { /* Try again in no less than 4 hours if the response didn't specify or if CURLINFO_RETRY_AFTER is not supported. */ - g_mirrorsDat->retry_after = time(NULL) + 60 * 60 * 4; + g_freshclamDat->retry_after = time(NULL) + 60 * 60 * 4; } - (void)save_mirrors_dat(); + (void)save_freshclam_dat(); break; } diff -Nru clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.h clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.h --- clamav-0.103.2+dfsg/libfreshclam/libfreshclam_internal.h 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/libfreshclam/libfreshclam_internal.h 2021-06-19 21:16:00.000000000 +0000 @@ -33,12 +33,12 @@ // clang-format on #define SIZEOF_UUID_V4 37 /** For uuid_v4_gen(), includes NULL byte */ -#define MIRRORS_DAT_MAGIC "FreshClamData" /** Magic bytes for mirrors.dat found before mirrors_dat_v1_t */ -typedef struct _mirrors_dat_v1 { +#define MIRRORS_DAT_MAGIC "FreshClamData" /** Magic bytes for freshclam.dat found before freshclam_dat_v1_t */ +typedef struct _freshclam_dat_v1 { uint32_t version; /** version of this dat format */ char uuid[SIZEOF_UUID_V4]; /** uuid to be used in user-agent */ time_t retry_after; /** retry date. If > 0, don't update until after this date */ -} mirrors_dat_v1_t; +} freshclam_dat_v1_t; /* ---------------------------------------------------------------------------- * Internal libfreshclam globals @@ -63,11 +63,11 @@ extern uint32_t g_bCompressLocalDatabase; -extern mirrors_dat_v1_t *g_mirrorsDat; +extern freshclam_dat_v1_t *g_freshclamDat; -fc_error_t load_mirrors_dat(void); -fc_error_t save_mirrors_dat(void); -fc_error_t new_mirrors_dat(void); +fc_error_t load_freshclam_dat(void); +fc_error_t save_freshclam_dat(void); +fc_error_t new_freshclam_dat(void); fc_error_t updatedb( const char *database, diff -Nru clamav-0.103.2+dfsg/m4/reorganization/version.m4 clamav-0.103.3+dfsg/m4/reorganization/version.m4 --- clamav-0.103.2+dfsg/m4/reorganization/version.m4 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/m4/reorganization/version.m4 2021-06-19 21:16:00.000000000 +0000 @@ -3,7 +3,7 @@ dnl For beta, set: VERSION="-beta" dnl For release candidate, set: VERSION="-rc" dnl For release, set: VERSION="" -VERSION="0.103.2" +VERSION="0.103.3" major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"` minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"` diff -Nru clamav-0.103.2+dfsg/unit_tests/check_clamd.c clamav-0.103.3+dfsg/unit_tests/check_clamd.c --- clamav-0.103.2+dfsg/unit_tests/check_clamd.c 2021-04-06 19:03:43.000000000 +0000 +++ clamav-0.103.3+dfsg/unit_tests/check_clamd.c 2021-06-19 21:16:00.000000000 +0000 @@ -121,7 +121,7 @@ #define NONEXISTENT "/nonexistent\vfilename" -#define NONEXISTENT_REPLY NONEXISTENT ": lstat() failed: No such file or directory. ERROR" +#define NONEXISTENT_REPLY NONEXISTENT ": File path check failure: No such file or directory. ERROR" #define ACCDENIED BUILDDIR "/accdenied" #define ACCDENIED_REPLY ACCDENIED ": Access denied. ERROR"