1 /*
2  *  Copyright (C) 2013-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
3  *  Copyright (C) 2007-2013 Sourcefire, Inc.
4  *
5  *  Authors: Tomasz Kojm
6  *
7  *  This program is free software; you can redistribute it and/or modify
8  *  it under the terms of the GNU General Public License version 2 as
9  *  published by the Free Software Foundation.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, write to the Free Software
18  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
19  *  MA 02110-1301, USA.
20  */
21 
22 #ifndef __DCONF_H
23 #define __DCONF_H
24 
25 #include <stdio.h>
26 #include <zlib.h>
27 
28 #include "clamav.h"
29 #include "cvd.h"
30 
31 #include "mpool.h"
32 
33 struct cli_dconf {
34     uint32_t pe;
35     uint32_t elf;
36     uint32_t macho;
37     uint32_t archive;
38     uint32_t doc;
39     uint32_t mail;
40     uint32_t other;
41     uint32_t phishing;
42     uint32_t bytecode;
43     uint32_t stats;
44     uint32_t pcre;
45 };
46 
47 // clang-format off
48 
49 /* PE flags */
50 #define PE_CONF_PARITE    0x1
51 #define PE_CONF_KRIZ      0x2
52 #define PE_CONF_MAGISTR   0x4
53 #define PE_CONF_POLIPOS   0x8
54 #define PE_CONF_MD5SECT   0x10
55 #define PE_CONF_UPX       0x20
56 #define PE_CONF_FSG       0x40
57 #define PE_CONF_SWIZZOR   0x80
58 #define PE_CONF_PETITE    0x100
59 #define PE_CONF_PESPIN    0x200
60 #define PE_CONF_YC        0x400
61 #define PE_CONF_WWPACK    0x800
62 #define PE_CONF_NSPACK    0x1000
63 #define PE_CONF_MEW       0x2000
64 #define PE_CONF_UPACK     0x4000
65 #define PE_CONF_ASPACK    0x8000
66 #define PE_CONF_CATALOG   0x10000
67 #define PE_CONF_CERTS     0x20000
68 #define PE_CONF_MATCHICON 0x40000
69 #define PE_CONF_IMPTBL    0x80000
70 
71 /* Archive flags */
72 #define ARCH_CONF_RAR     0x1
73 #define ARCH_CONF_ZIP     0x2
74 #define ARCH_CONF_GZ      0x4
75 #define ARCH_CONF_BZ      0x8
76 #define ARCH_CONF_SZDD    0x10
77 #define ARCH_CONF_CAB     0x20
78 #define ARCH_CONF_CHM     0x40
79 #define ARCH_CONF_OLE2    0x80
80 #define ARCH_CONF_TAR     0x100
81 #define ARCH_CONF_BINHEX  0x200
82 #define ARCH_CONF_SIS     0x400
83 #define ARCH_CONF_NSIS    0x800
84 #define ARCH_CONF_ARJ     0x1000
85 #define ARCH_CONF_AUTOIT  0x2000
86 #define ARCH_CONF_CPIO    0x4000
87 #define ARCH_CONF_ISHIELD 0x8000
88 #define ARCH_CONF_7Z      0x10000
89 #define ARCH_CONF_ISO9660 0x20000
90 #define ARCH_CONF_DMG     0x40000
91 #define ARCH_CONF_XAR     0x80000
92 #define ARCH_CONF_HFSPLUS 0x100000
93 #define ARCH_CONF_XZ      0x200000
94 #define ARCH_CONF_PASSWD  0x400000
95 #define ARCH_CONF_MBR     0x800000
96 #define ARCH_CONF_GPT     0x1000000
97 #define ARCH_CONF_APM     0x2000000
98 #define ARCH_CONF_EGG     0x4000000
99 
100 /* Document flags */
101 #define DOC_CONF_HTML         0x1
102 #define DOC_CONF_RTF          0x2
103 #define DOC_CONF_PDF          0x4
104 #define DOC_CONF_SCRIPT       0x8
105 #define DOC_CONF_HTML_SKIPRAW 0x10
106 #define DOC_CONF_JSNORM       0x20
107 #define DOC_CONF_SWF          0x40
108 #define DOC_CONF_MSXML        0x80
109 #define DOC_CONF_OOXML        0x100
110 #define DOC_CONF_HWP          0x200
111 
112 /* Mail flags */
113 #define MAIL_CONF_MBOX 0x1
114 #define MAIL_CONF_TNEF 0x2
115 
116 /* Other flags */
117 #define OTHER_CONF_UUENC        0x1
118 #define OTHER_CONF_SCRENC       0x2
119 #define OTHER_CONF_RIFF         0x4
120 #define OTHER_CONF_JPEG         0x8
121 #define OTHER_CONF_CRYPTFF      0x10
122 #define OTHER_CONF_DLP          0x20
123 #define OTHER_CONF_MYDOOMLOG    0x40
124 #define OTHER_CONF_PREFILTERING 0x80
125 #define OTHER_CONF_PDFNAMEOBJ   0x100
126 #define OTHER_CONF_PRTNINTXN    0x200
127 #define OTHER_CONF_LZW          0x400
128 #define OTHER_CONF_PNG          0x800
129 #define OTHER_CONF_GIF          0x1000
130 #define OTHER_CONF_TIFF         0x2000
131 
132 /* Phishing flags */
133 #define PHISHING_CONF_ENGINE  0x1
134 #define PHISHING_CONF_ENTCONV 0x2
135 
136 /* Bytecode flags */
137 #define BYTECODE_INTERPRETER 0x1
138 #define BYTECODE_JIT_X86     0x2
139 #define BYTECODE_JIT_PPC     0x4
140 #define BYTECODE_JIT_ARM     0x8
141 
142 /* Stats/Intel flags */
143 #define DCONF_STATS_DISABLED            0x1
144 #define DCONF_STATS_PE_SECTION_DISABLED 0x2
145 
146 /* PCRE flags */
147 #define PCRE_CONF_SUPPORT 0x1
148 #define PCRE_CONF_OPTIONS 0x2
149 #define PCRE_CONF_GLOBAL  0x4
150 
151 // clang-format on
152 
153 #define BYTECODE_ENGINE_MASK (BYTECODE_INTERPRETER | BYTECODE_JIT_X86 | BYTECODE_JIT_PPC | BYTECODE_JIT_ARM)
154 
155 #ifdef USE_MPOOL
156 struct cli_dconf *
157 cli_dconf_init(mpool_t *);
158 #define cli_mpool_dconf_init(a) cli_dconf_init(a)
159 #else
160 struct cli_dconf *
161 cli_dconf_init(void);
162 #define cli_mpool_dconf_init(a) cli_dconf_init()
163 #endif
164 void cli_dconf_print(struct cli_dconf *dconf);
165 int cli_dconf_load(FILE *fs, struct cl_engine *engine, unsigned int options, struct cli_dbio *dbio);
166 #endif
167