1 /* 2 * Copyright (C) 2013-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. 3 * Copyright (C) 2007-2013 Sourcefire, Inc. 4 * 5 * Authors: Tomasz Kojm 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 19 * MA 02110-1301, USA. 20 */ 21 22 #ifndef __DCONF_H 23 #define __DCONF_H 24 25 #include <stdio.h> 26 #include <zlib.h> 27 28 #include "clamav.h" 29 #include "cvd.h" 30 31 #include "mpool.h" 32 33 struct cli_dconf { 34 uint32_t pe; 35 uint32_t elf; 36 uint32_t macho; 37 uint32_t archive; 38 uint32_t doc; 39 uint32_t mail; 40 uint32_t other; 41 uint32_t phishing; 42 uint32_t bytecode; 43 uint32_t stats; 44 uint32_t pcre; 45 }; 46 47 // clang-format off 48 49 /* PE flags */ 50 #define PE_CONF_PARITE 0x1 51 #define PE_CONF_KRIZ 0x2 52 #define PE_CONF_MAGISTR 0x4 53 #define PE_CONF_POLIPOS 0x8 54 #define PE_CONF_MD5SECT 0x10 55 #define PE_CONF_UPX 0x20 56 #define PE_CONF_FSG 0x40 57 #define PE_CONF_SWIZZOR 0x80 58 #define PE_CONF_PETITE 0x100 59 #define PE_CONF_PESPIN 0x200 60 #define PE_CONF_YC 0x400 61 #define PE_CONF_WWPACK 0x800 62 #define PE_CONF_NSPACK 0x1000 63 #define PE_CONF_MEW 0x2000 64 #define PE_CONF_UPACK 0x4000 65 #define PE_CONF_ASPACK 0x8000 66 #define PE_CONF_CATALOG 0x10000 67 #define PE_CONF_CERTS 0x20000 68 #define PE_CONF_MATCHICON 0x40000 69 #define PE_CONF_IMPTBL 0x80000 70 71 /* Archive flags */ 72 #define ARCH_CONF_RAR 0x1 73 #define ARCH_CONF_ZIP 0x2 74 #define ARCH_CONF_GZ 0x4 75 #define ARCH_CONF_BZ 0x8 76 #define ARCH_CONF_SZDD 0x10 77 #define ARCH_CONF_CAB 0x20 78 #define ARCH_CONF_CHM 0x40 79 #define ARCH_CONF_OLE2 0x80 80 #define ARCH_CONF_TAR 0x100 81 #define ARCH_CONF_BINHEX 0x200 82 #define ARCH_CONF_SIS 0x400 83 #define ARCH_CONF_NSIS 0x800 84 #define ARCH_CONF_ARJ 0x1000 85 #define ARCH_CONF_AUTOIT 0x2000 86 #define ARCH_CONF_CPIO 0x4000 87 #define ARCH_CONF_ISHIELD 0x8000 88 #define ARCH_CONF_7Z 0x10000 89 #define ARCH_CONF_ISO9660 0x20000 90 #define ARCH_CONF_DMG 0x40000 91 #define ARCH_CONF_XAR 0x80000 92 #define ARCH_CONF_HFSPLUS 0x100000 93 #define ARCH_CONF_XZ 0x200000 94 #define ARCH_CONF_PASSWD 0x400000 95 #define ARCH_CONF_MBR 0x800000 96 #define ARCH_CONF_GPT 0x1000000 97 #define ARCH_CONF_APM 0x2000000 98 #define ARCH_CONF_EGG 0x4000000 99 100 /* Document flags */ 101 #define DOC_CONF_HTML 0x1 102 #define DOC_CONF_RTF 0x2 103 #define DOC_CONF_PDF 0x4 104 #define DOC_CONF_SCRIPT 0x8 105 #define DOC_CONF_HTML_SKIPRAW 0x10 106 #define DOC_CONF_JSNORM 0x20 107 #define DOC_CONF_SWF 0x40 108 #define DOC_CONF_MSXML 0x80 109 #define DOC_CONF_OOXML 0x100 110 #define DOC_CONF_HWP 0x200 111 112 /* Mail flags */ 113 #define MAIL_CONF_MBOX 0x1 114 #define MAIL_CONF_TNEF 0x2 115 116 /* Other flags */ 117 #define OTHER_CONF_UUENC 0x1 118 #define OTHER_CONF_SCRENC 0x2 119 #define OTHER_CONF_RIFF 0x4 120 #define OTHER_CONF_JPEG 0x8 121 #define OTHER_CONF_CRYPTFF 0x10 122 #define OTHER_CONF_DLP 0x20 123 #define OTHER_CONF_MYDOOMLOG 0x40 124 #define OTHER_CONF_PREFILTERING 0x80 125 #define OTHER_CONF_PDFNAMEOBJ 0x100 126 #define OTHER_CONF_PRTNINTXN 0x200 127 #define OTHER_CONF_LZW 0x400 128 #define OTHER_CONF_PNG 0x800 129 #define OTHER_CONF_GIF 0x1000 130 #define OTHER_CONF_TIFF 0x2000 131 132 /* Phishing flags */ 133 #define PHISHING_CONF_ENGINE 0x1 134 #define PHISHING_CONF_ENTCONV 0x2 135 136 /* Bytecode flags */ 137 #define BYTECODE_INTERPRETER 0x1 138 #define BYTECODE_JIT_X86 0x2 139 #define BYTECODE_JIT_PPC 0x4 140 #define BYTECODE_JIT_ARM 0x8 141 142 /* Stats/Intel flags */ 143 #define DCONF_STATS_DISABLED 0x1 144 #define DCONF_STATS_PE_SECTION_DISABLED 0x2 145 146 /* PCRE flags */ 147 #define PCRE_CONF_SUPPORT 0x1 148 #define PCRE_CONF_OPTIONS 0x2 149 #define PCRE_CONF_GLOBAL 0x4 150 151 // clang-format on 152 153 #define BYTECODE_ENGINE_MASK (BYTECODE_INTERPRETER | BYTECODE_JIT_X86 | BYTECODE_JIT_PPC | BYTECODE_JIT_ARM) 154 155 #ifdef USE_MPOOL 156 struct cli_dconf * 157 cli_dconf_init(mpool_t *); 158 #define cli_mpool_dconf_init(a) cli_dconf_init(a) 159 #else 160 struct cli_dconf * 161 cli_dconf_init(void); 162 #define cli_mpool_dconf_init(a) cli_dconf_init() 163 #endif 164 void cli_dconf_print(struct cli_dconf *dconf); 165 int cli_dconf_load(FILE *fs, struct cl_engine *engine, unsigned int options, struct cli_dbio *dbio); 166 #endif 167