int cli_addtypesigs(struct cl_engine *engine) { int i, ret; struct cli_matcher *root; if(!engine->root[0]) { cli_dbgmsg("cli_addtypesigs: Need to allocate AC trie in engine->root[0]\n"); root = engine->root[0] = (struct cli_matcher *) cli_calloc(1, sizeof(struct cli_matcher)); if(!root) { cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n"); return CL_EMEM; } if((ret = cli_ac_init(root, cli_ac_mindepth, cli_ac_maxdepth))) { /* No need to free previously allocated memory here - all engine * elements will be properly freed by cl_free() */ cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n"); return ret; } } else { root = engine->root[0]; } for(i = 0; cli_smagic[i].sig; i++) { if((ret = cli_parse_add(root, cli_smagic[i].descr, cli_smagic[i].sig, cli_smagic[i].type, NULL, 0))) { cli_errmsg("cli_addtypesigs: Problem adding signature for %s\n", cli_smagic[i].descr); return ret; } } return 0; }
END_TEST START_TEST (test_ac_scanbuff_allscan) { struct cli_ac_data mdata; struct cli_matcher *root; unsigned int i; int ret; root = ctx.engine->root[0]; fail_unless(root != NULL, "root == NULL"); root->ac_only = 1; #ifdef USE_MPOOL root->mempool = mpool_create(); #endif ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1); fail_unless(ret == CL_SUCCESS, "cli_ac_init() failed"); for(i = 0; ac_testdata[i].data; i++) { ret = cli_parse_add(root, ac_testdata[i].virname, ac_testdata[i].hexsig, 0, 0, 0, "*", 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); } ret = cli_ac_buildtrie(root); fail_unless(ret == CL_SUCCESS, "cli_ac_buildtrie() failed"); ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, 0, CLI_DEFAULT_AC_TRACKLEN); fail_unless(ret == CL_SUCCESS, "cli_ac_initdata() failed"); ctx.options |= CL_SCAN_ALLMATCHES; for(i = 0; ac_testdata[i].data; i++) { ret = cli_ac_scanbuff((const unsigned char*)ac_testdata[i].data, strlen(ac_testdata[i].data), &virname, NULL, NULL, root, &mdata, 0, 0, NULL, AC_SCAN_VIR, NULL); fail_unless_fmt(ret == CL_VIRUS, "cli_ac_scanbuff() failed for %s", ac_testdata[i].virname); fail_unless_fmt(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); ret = cli_scanbuff((const unsigned char*)ac_testdata[i].data, strlen(ac_testdata[i].data), 0, &ctx, 0, NULL); fail_unless_fmt(ret == CL_VIRUS, "cli_scanbuff() failed for %s", ac_testdata[i].virname); fail_unless_fmt(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); if (ctx.num_viruses) ctx.num_viruses = 0; } cli_ac_freedata(&mdata); }
END_TEST START_TEST (test_ac_scanbuff_ex) { struct cli_ac_data mdata; struct cli_matcher *root; unsigned int i; int ret; root = ctx.engine->root[0]; fail_unless(root != NULL, "root == NULL"); root->ac_only = 1; #ifdef USE_MPOOL root->mempool = mpool_create(); #endif ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1); fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_init() failed"); for(i = 0; ac_sigopts_testdata[i].data; i++) { ret = cli_sigopts_handler(root, ac_sigopts_testdata[i].virname, ac_sigopts_testdata[i].hexsig, ac_sigopts_testdata[i].sigopts, 0, 0, ac_sigopts_testdata[i].offset, 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_sigopts_handler() failed"); } ret = cli_ac_buildtrie(root); fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_buildtrie() failed"); ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, 0, CLI_DEFAULT_AC_TRACKLEN); fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_initdata() failed"); for(i = 0; ac_sigopts_testdata[i].data; i++) { ret = cli_ac_scanbuff((const unsigned char*)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, &virname, NULL, NULL, root, &mdata, 0, 0, NULL, AC_SCAN_VIR, NULL); fail_unless_fmt(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); if (ac_sigopts_testdata[i].expected_result == CL_VIRUS) fail_unless_fmt(!strncmp(virname, ac_sigopts_testdata[i].virname, strlen(ac_sigopts_testdata[i].virname)), "[ac_ex] Dataset %u matched with %s", i, virname); ret = cli_scanbuff((const unsigned char*)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, 0, &ctx, 0, NULL); fail_unless_fmt(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); } cli_ac_freedata(&mdata); }