int main()
{
int c,ectnum;
nlist[MAX_NODES+1].nid=0;
system("clear");
//scanfile();
printf("\nSucessfully Scanned the graph.\n");
//djkstra();
for(;;)
{
view();
printf("\n1.Rescan file.");
printf("\n2.View minimum route between nodes with ECT 1-16.");
printf("\n3.Exit.");
printf("\nEnter:");
scanf("%d",&c);
switch(c)
{
case 1:
{
scanfile();
djkstra();
system("clear");
break;
}
case 2:
{
for(ectnum=0; ectnum<17; ectnum++) {
printf("ECT%d-%2X\n",ectnum,ECT[ectnum]);
scanfile(ectnum);
sort();
djkstra();
view();
min_route(ectnum);
//if(ectnum==10)
//break;
}
system("clear");
break;
}
case 3:
{
exit(0);
}
default:
{
printf("\nEnter proper choice.\n");
break;
}
}
}
return (EXIT_SUCCESS);
}
static void
doinclude(State *s, char *p)
{
File *f;
int sysinc;
char term, *q, *path;
if(peek(s) & (Tdisable|Tinherit))
return;
switch(*p){
case '"': p++; term = '"'; break;
case '<': p++; term = '>'; break;
default:
cpperr(s, "%c - bad filename quote character\n", *p);
return;
}
if((q = strchr(p, term)) == nil){
cpperr(s, "%s - unterminated filename\n", p);
return;
}
*q = 0;
if((path = findinc(p, term, s->langincdirs, &sysinc)) == nil){
if(Autoconf && strcmp(p, "config.h") != 0)
cpperr(s, "%q - include file not found\n", p);
}
if(path == nil)
path = estrdup(p);
f = addfile(path, sysinc);
f->ref++;
free(path);
scanfile(s->dep, f, s->file, s->line);
}
int
main(int argc, char **argv)
{
for (argc--, argv++; argc; argc--, argv++)
scanfile(*argv);
return 0;
}
BOOL CGnuInfoDoc::OnOpenDocument(LPCTSTR lpszPathName)
{
char *res;
if (togdb_searchpath(togdb_get_info_path(),
0, lpszPathName, &res))
lpszPathName = res;
if (!CDocument::OnOpenDocument(lpszPathName))
return FALSE;
head = new CGnuInfoFile();
scanfile (head, lpszPathName, lpszPathName);
return TRUE;
}
void
scanfile( char *filename, int indent )
{
FILE *fp;
char buf[512], *name_p, *end_p, *str_p;
fp = fopen(filename,"r");
if(fp == NULL){
fprintf(stderr,"Cannot open %s\n",filename);
return;
}
while(fgets(buf,512,fp) != NULL){
if(strncmp(buf,include,sizeof(include)-1) != 0)
continue;
if((name_p = strchr(buf,'\"')) == NULL)
continue;
name_p++; /* skip quote */
if((end_p = strchr(name_p,'\"')) == NULL)
continue;
*end_p = '\0';
if( Tree ){
int i = 0;
while( i++ < indent )
printf("\t");
}
if( ( str_p = strstr( nameline, name_p ) ) != NULL
&& str_p[-1] == ' ' ){
if( Tree ){
printf( "***\t%s\n", name_p );
}
} else {
if( Tree ){
printf( "\t%s\n", name_p );
}
strcat( nameline, " " );
strcat( nameline, name_p );
if( Recurse )
scanfile( name_p, indent + 1 );
}
}
fclose(fp);
}
int CGnuInfoDoc::scanfile(CGnuInfoFile *file,
const char *name,
const char *parent)
{
if (!file->file.Open(name, CFile::modeRead| CFile::typeBinary))
{
/* Cant find this file, try again with the parents root */
CString trypath ;
trypath = parent;
int l = trypath.ReverseFind('\\');
l ++;
trypath = trypath.Left(l);
trypath += name;
if (!file->file.Open(trypath, CFile::modeRead| CFile::typeBinary))
return FALSE;
}
int c = file->gc();
while (c > 0)
{
if (c != 037)
c = file->gc();
else
{
long off = file->where();
int len = 0;
char buf1[200];
c = file->gc();
c = file->gc();
while (c != '\n' && len < sizeof(buf1)-1) {
buf1[len++] = c;
c = file->gc();
}
buf1[len]=0;
/* Scan out the node if there is one */
if (buf1[0] == 'I')
{
c = file->gc();
/* This is the start of an indirect file list, process
each sub file too until another esc is reached */
while (c != 037)
{
int i = 0;
while (c != ':') {
buf1[i++] = c;
c = file->gc();
}
buf1[i++] = 0;
while (c != '\n')
c = file->gc();
c = file->gc();
CGnuInfoFile *n = new CGnuInfoFile();
if (! scanfile (n,buf1, parent)) {
char buf[20];
sprintf(buf,"not found %s", buf1);
CGnuInfoNode *node = new CGnuInfoNode(buf);
node->init (0,0,0, file, off, npages);
vector.SetAtGrow(npages, node);
npages++;
}
else {
n->next = head;
head = n;
}
}
}
else if (buf1[0] == 'F')
{
char *f;
char *next;
char *prev;
char *nodename;
char *up;
int i =0;
i = get(buf1, i, "File:", &f);
i = get(buf1, i, "Node:", &nodename);
i = get(buf1, i, "Next:", &next);
i = get(buf1, i, "Prev:", &prev);
i = get(buf1, i, "Up:", &up);
CGnuInfoNode *node = LookupNode(nodename);
node->init (LookupNode(up),
LookupNode(prev),
LookupNode(next), file, file->where(), npages);
if (!nodes)
nodes = node;
vector.SetAtGrow(npages, node);
npages++;
}
}
}
open = 1;
return TRUE;
}
int main(int argc, char *argv[]) {
FILE *input, *output;
char fn_in[FILENAME_MAX], fn_out[FILENAME_MAX];
int k, firstarg=1;
char *s;
/* -n on command line means use /fontname (<FontName>) def output form */
/* -f gives FamilyName */
if (traceflag) {
for (k = 0; k < argc; k++) printf("%d\t%s\n", k, argv[k]);
}
while (firstarg < argc && argv[firstarg][0] == '-') {
if (strcmp(argv[firstarg], "-n") == 0) {
defineflag = 1;
}
else if (strncmp(argv[firstarg], "-f", 2) == 0) {
if ((s = strchr(argv[firstarg], '=')) != NULL) familyname = s+1;
else {
firstarg++;
familyname = argv[firstarg];
}
printf("FamilyName %s\n", familyname);
}
firstarg++;
}
if (argc <= firstarg) { /* file name specified ? */
exit(1);
}
strcpy(fn_in, argv[firstarg]);
input = fopen(fn_in, "rb");
if (input == NULL) {
strcpy(fn_in, argv[firstarg]);
input = tryopen(fn_in, "pfb", "rb");
}
if (input == NULL) {
strcpy(fn_in, argv[firstarg]);
input = tryopen(fn_in, "pfa", "r");
}
if (input == NULL) {
strcpy(fn_in, argv[firstarg]);
input = tryopen(fn_in, "afm", "r");
}
if (input == NULL) {
strcpy(fn_in, argv[firstarg]);
input = tryopen(fn_in, "pfm", "rb");
}
if (input == NULL) {
/* perror(fn_in); exit(2); */
perror(argv[firstarg]); exit(2);
}
if (traceflag) printf("Opened %s for input\n", fn_in);
if (verboseflag != 0) printf("FILE: %s\n", fn_in);
firstarg++;
if (argc > firstarg) {
outfilename = argv[firstarg];
strcpy(fn_out, outfilename);
if ((output = fopen(fn_out, "w")) == NULL) {
perror(fn_out); exit(2);
}
if (traceflag) printf("Opened %s for output\n", fn_out);
wrapflag++;
}
else {
output = stdout;
if (traceflag) printf("Using stdout for output\n");
}
if (scanfile(output, input) != 0) {
fclose(output);
fclose(input);
exit(5);
}
if (ferror(output) != 0) {
perror(fn_out); exit(3);
}
else fclose(output);
fclose(input);
return 0;
}
int scanmanager(const struct optstruct *opts)
{
int ret = 0, i;
unsigned int options = 0, dboptions = 0, dirlnk = 1, filelnk = 1;
struct cl_engine *engine;
STATBUF sb;
char *file, cwd[1024], *pua_cats = NULL;
const char *filename;
const struct optstruct *opt;
#ifndef _WIN32
struct rlimit rlim;
#endif
dirlnk = optget(opts, "follow-dir-symlinks")->numarg;
if(dirlnk > 2) {
logg("!--follow-dir-symlinks: Invalid argument\n");
return 2;
}
filelnk = optget(opts, "follow-file-symlinks")->numarg;
if(filelnk > 2) {
logg("!--follow-file-symlinks: Invalid argument\n");
return 2;
}
if(optget(opts, "yara-rules")->enabled) {
char *p = optget(opts, "yara-rules")->strarg;
if(strcmp(p, "yes")) {
if(!strcmp(p, "only"))
dboptions |= CL_DB_YARA_ONLY;
else if (!strcmp(p, "no"))
dboptions |= CL_DB_YARA_EXCLUDE;
}
}
if(optget(opts, "phishing-sigs")->enabled)
dboptions |= CL_DB_PHISHING;
if(optget(opts, "official-db-only")->enabled)
dboptions |= CL_DB_OFFICIAL_ONLY;
if(optget(opts,"phishing-scan-urls")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
if(optget(opts,"bytecode")->enabled)
dboptions |= CL_DB_BYTECODE;
if((ret = cl_init(CL_INIT_DEFAULT))) {
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret));
return 2;
}
if(!(engine = cl_engine_new())) {
logg("!Can't initialize antivirus engine\n");
return 2;
}
cl_engine_set_clcb_virus_found(engine, clamscan_virus_found_cb);
if (optget(opts, "disable-cache")->enabled)
cl_engine_set_num(engine, CL_ENGINE_DISABLE_CACHE, 1);
if (optget(opts, "disable-pe-stats")->enabled) {
cl_engine_set_num(engine, CL_ENGINE_DISABLE_PE_STATS, 1);
}
if (optget(opts, "enable-stats")->enabled) {
cl_engine_stats_enable(engine);
}
if (optget(opts, "stats-timeout")->enabled) {
cl_engine_set_num(engine, CL_ENGINE_STATS_TIMEOUT, optget(opts, "StatsTimeout")->numarg);
}
if (optget(opts, "stats-host-id")->enabled) {
char *p = optget(opts, "stats-host-id")->strarg;
if (strcmp(p, "default")) {
if (!strcmp(p, "none")) {
cl_engine_set_clcb_stats_get_hostid(engine, NULL);
} else if (!strcmp(p, "anonymous")) {
strcpy(hostid, STATS_ANON_UUID);
} else {
if (strlen(p) > 36) {
logg("!Invalid HostID\n");
cl_engine_set_clcb_stats_submit(engine, NULL);
cl_engine_free(engine);
return 2;
}
strcpy(hostid, p);
}
cl_engine_set_clcb_stats_get_hostid(engine, get_hostid);
}
}
if(optget(opts, "detect-pua")->enabled) {
dboptions |= CL_DB_PUA;
if((opt = optget(opts, "exclude-pua"))->enabled) {
dboptions |= CL_DB_PUA_EXCLUDE;
i = 0;
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
cl_engine_free(engine);
return 2;
}
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
opt = opt->nextarg;
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if((opt = optget(opts, "include-pua"))->enabled) {
if(pua_cats) {
logg("!--exclude-pua and --include-pua cannot be used at the same time\n");
cl_engine_free(engine);
free(pua_cats);
return 2;
}
dboptions |= CL_DB_PUA_INCLUDE;
i = 0;
while(opt) {
if(!(pua_cats = realloc(pua_cats, i + strlen(opt->strarg) + 3))) {
logg("!Can't allocate memory for pua_cats\n");
cl_engine_free(engine);
return 2;
}
sprintf(pua_cats + i, ".%s", opt->strarg);
i += strlen(opt->strarg) + 1;
pua_cats[i] = 0;
opt = opt->nextarg;
}
pua_cats[i] = '.';
pua_cats[i + 1] = 0;
}
if(pua_cats) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_PUA_CATEGORIES, pua_cats))) {
logg("!cli_engine_set_str(CL_ENGINE_PUA_CATEGORIES) failed: %s\n", cl_strerror(ret));
free(pua_cats);
cl_engine_free(engine);
return 2;
}
free(pua_cats);
}
}
if(optget(opts, "dev-ac-only")->enabled)
cl_engine_set_num(engine, CL_ENGINE_AC_ONLY, 1);
if(optget(opts, "dev-ac-depth")->enabled)
cl_engine_set_num(engine, CL_ENGINE_AC_MAXDEPTH, optget(opts, "dev-ac-depth")->numarg);
if(optget(opts, "leave-temps")->enabled)
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
if(optget(opts, "force-to-disk")->enabled)
cl_engine_set_num(engine, CL_ENGINE_FORCETODISK, 1);
if(optget(opts, "bytecode-unsigned")->enabled)
dboptions |= CL_DB_BYTECODE_UNSIGNED;
if((opt = optget(opts,"bytecode-timeout"))->enabled)
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
if (optget(opts, "nocerts")->enabled)
cl_engine_set_num(engine, CL_ENGINE_DISABLE_PE_CERTS, 1);
if (optget(opts, "dumpcerts")->enabled)
cl_engine_set_num(engine, CL_ENGINE_PE_DUMPCERTS, 1);
if((opt = optget(opts,"bytecode-mode"))->enabled) {
enum bytecode_mode mode;
if (!strcmp(opt->strarg, "ForceJIT"))
mode = CL_BYTECODE_MODE_JIT;
else if(!strcmp(opt->strarg, "ForceInterpreter"))
mode = CL_BYTECODE_MODE_INTERPRETER;
else if(!strcmp(opt->strarg, "Test"))
mode = CL_BYTECODE_MODE_TEST;
else
mode = CL_BYTECODE_MODE_AUTO;
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_MODE, mode);
}
if((opt = optget(opts, "statistics"))->enabled) {
while(opt) {
if (!strcasecmp(opt->strarg, "bytecode")) {
dboptions |= CL_DB_BYTECODE_STATS;
}
else if (!strcasecmp(opt->strarg, "pcre")) {
dboptions |= CL_DB_PCRE_STATS;
}
opt = opt->nextarg;
}
}
if((opt = optget(opts, "tempdir"))->enabled) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
logg("!cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "database"))->active) {
while(opt) {
if((ret = cl_load(opt->strarg, engine, &info.sigs, dboptions))) {
logg("!%s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
opt = opt->nextarg;
}
} else {
char *dbdir = freshdbdir();
if((ret = cl_load(dbdir, engine, &info.sigs, dboptions))) {
logg("!%s\n", cl_strerror(ret));
free(dbdir);
cl_engine_free(engine);
return 2;
}
free(dbdir);
}
/* pcre engine limits - required for cl_engine_compile */
if ((opt = optget(opts, "pcre-match-limit"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MATCH_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_PCRE_MATCH_LIMIT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if ((opt = optget(opts, "pcre-recmatch-limit"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_RECMATCH_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_PCRE_RECMATCH_LIMIT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((ret = cl_engine_compile(engine)) != 0) {
logg("!Database initialization error: %s\n", cl_strerror(ret));;
cl_engine_free(engine);
return 2;
}
if(optget(opts, "archive-verbose")->enabled) {
cl_engine_set_clcb_meta(engine, meta);
cl_engine_set_clcb_pre_cache(engine, pre);
cl_engine_set_clcb_post_scan(engine, post);
}
/* set limits */
if((opt = optget(opts, "max-scansize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-filesize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
#ifndef _WIN32
if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_FILESIZE, NULL))
logg("^System limit for file size is lower than engine->maxfilesize\n");
if(rlim.rlim_cur < (rlim_t) cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL))
logg("^System limit for file size is lower than engine->maxscansize\n");
} else {
logg("^Cannot obtain resource limits for file size\n");
}
#endif
if((opt = optget(opts, "max-files"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_FILES, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_FILES) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-recursion"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
/* Engine max sizes */
if((opt = optget(opts, "max-embeddedpe"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_EMBEDDEDPE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_EMBEDDEDPE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-htmlnormalize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNORMALIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNORMALIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-htmlnotags"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_HTMLNOTAGS, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_HTMLNOTAGS) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-scriptnormalize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCRIPTNORMALIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCRIPTNORMALIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-ziptypercg"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ZIPTYPERCG, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_ZIPTYPERCG) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-partitions"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_PARTITIONS, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_PARTITIONS) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-iconspe"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_ICONSPE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "max-rechwp3"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECHWP3, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_RECHWP3) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if ((opt = optget(opts, "timelimit"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_TIME_LIMIT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_TIME_LIMIT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if ((opt = optget(opts, "pcre-max-filesize"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MAX_FILESIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_PCRE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
/* set scan options */
if(optget(opts, "allmatch")->enabled) {
options |= CL_SCAN_ALLMATCHES;
}
if(optget(opts,"phishing-ssl")->enabled)
options |= CL_SCAN_PHISHING_BLOCKSSL;
if(optget(opts,"phishing-cloak")->enabled)
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
if(optget(opts,"partition-intersection")->enabled)
options |= CL_SCAN_PARTITION_INTXN;
if(optget(opts,"heuristic-scan-precedence")->enabled)
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
if(optget(opts, "scan-archive")->enabled)
options |= CL_SCAN_ARCHIVE;
if(optget(opts, "detect-broken")->enabled)
options |= CL_SCAN_BLOCKBROKEN;
if(optget(opts, "block-encrypted")->enabled)
options |= CL_SCAN_BLOCKENCRYPTED;
if(optget(opts, "block-macros")->enabled)
options |= CL_SCAN_BLOCKMACROS;
if(optget(opts, "scan-pe")->enabled)
options |= CL_SCAN_PE;
if(optget(opts, "scan-elf")->enabled)
options |= CL_SCAN_ELF;
if(optget(opts, "scan-ole2")->enabled)
options |= CL_SCAN_OLE2;
if(optget(opts, "scan-pdf")->enabled)
options |= CL_SCAN_PDF;
if(optget(opts, "scan-swf")->enabled)
options |= CL_SCAN_SWF;
if(optget(opts, "scan-html")->enabled && optget(opts, "normalize")->enabled)
options |= CL_SCAN_HTML;
if(optget(opts, "scan-mail")->enabled)
options |= CL_SCAN_MAIL;
if(optget(opts, "scan-xmldocs")->enabled)
options |= CL_SCAN_XMLDOCS;
if(optget(opts, "scan-hwp3")->enabled)
options |= CL_SCAN_HWP3;
if(optget(opts, "algorithmic-detection")->enabled)
options |= CL_SCAN_ALGORITHMIC;
if(optget(opts, "block-max")->enabled) {
options |= CL_SCAN_BLOCKMAX;
}
#ifdef HAVE__INTERNAL__SHA_COLLECT
if(optget(opts, "dev-collect-hashes")->enabled)
options |= CL_SCAN_INTERNAL_COLLECT_SHA;
#endif
if(optget(opts, "dev-performance")->enabled)
options |= CL_SCAN_PERFORMANCE_INFO;
if(optget(opts, "detect-structured")->enabled) {
options |= CL_SCAN_STRUCTURED;
if((opt = optget(opts, "structured-ssn-format"))->enabled) {
switch(opt->numarg) {
case 0:
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
break;
case 1:
options |= CL_SCAN_STRUCTURED_SSN_STRIPPED;
break;
case 2:
options |= (CL_SCAN_STRUCTURED_SSN_NORMAL | CL_SCAN_STRUCTURED_SSN_STRIPPED);
break;
default:
logg("!Invalid argument for --structured-ssn-format\n");
return 2;
}
} else {
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
}
if((opt = optget(opts, "structured-ssn-count"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_SSN_COUNT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MIN_SSN_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
if((opt = optget(opts, "structured-cc-count"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MIN_CC_COUNT, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MIN_CC_COUNT) failed: %s\n", cl_strerror(ret));
cl_engine_free(engine);
return 2;
}
}
} else {
options &= ~CL_SCAN_STRUCTURED;
}
#ifdef C_LINUX
procdev = (dev_t) 0;
if(CLAMSTAT("/proc", &sb) != -1 && !sb.st_size)
procdev = sb.st_dev;
#endif
#if HAVE_JSON
if (optget(opts, "gen-json")->enabled)
options |= CL_SCAN_FILE_PROPERTIES;
#endif
/* check filetype */
if(!opts->filename && !optget(opts, "file-list")->enabled) {
/* we need full path for some reasons (eg. archive handling) */
if(!getcwd(cwd, sizeof(cwd))) {
logg("!Can't get absolute pathname of current working directory\n");
ret = 2;
} else {
CLAMSTAT(cwd, &sb);
scandirs(cwd, engine, opts, options, 1, sb.st_dev);
}
} else if(opts->filename && !optget(opts, "file-list")->enabled && !strcmp(opts->filename[0], "-")) { /* read data from stdin */
ret = scanstdin(engine, opts, options);
} else {
if(opts->filename && optget(opts, "file-list")->enabled)
logg("^Only scanning files from --file-list (files passed at cmdline are ignored)\n");
while((filename = filelist(opts, &ret)) && (file = strdup(filename))) {
if(LSTAT(file, &sb) == -1) {
perror(file);
logg("^%s: Can't access file\n", file);
ret = 2;
} else {
for(i = strlen(file) - 1; i > 0; i--) {
if(file[i] == *PATHSEP)
file[i] = 0;
else
break;
}
if(S_ISLNK(sb.st_mode)) {
if(dirlnk == 0 && filelnk == 0) {
if(!printinfected)
logg("%s: Symbolic link\n", file);
} else if(CLAMSTAT(file, &sb) != -1) {
if(S_ISREG(sb.st_mode) && filelnk) {
scanfile(file, engine, opts, options);
} else if(S_ISDIR(sb.st_mode) && dirlnk) {
scandirs(file, engine, opts, options, 1, sb.st_dev);
} else {
if(!printinfected)
logg("%s: Symbolic link\n", file);
}
}
} else if(S_ISREG(sb.st_mode)) {
scanfile(file, engine, opts, options);
} else if(S_ISDIR(sb.st_mode)) {
scandirs(file, engine, opts, options, 1, sb.st_dev);
} else {
logg("^%s: Not supported file type\n", file);
ret = 2;
}
}
free(file);
}
}
if((opt = optget(opts, "statistics"))->enabled) {
while(opt) {
if (!strcasecmp(opt->strarg, "bytecode")) {
cli_sigperf_print();
cli_sigperf_events_destroy();
}
#if HAVE_PCRE
else if (!strcasecmp(opt->strarg, "pcre")) {
cli_pcre_perf_print();
cli_pcre_perf_events_destroy();
}
#endif
opt = opt->nextarg;
}
}
/* free the engine */
cl_engine_free(engine);
/* overwrite return code - infection takes priority */
if(info.ifiles)
ret = 1;
else if(info.errors)
ret = 2;
return ret;
}
static void scandirs(const char *dirname, struct cl_engine *engine, const struct optstruct *opts, unsigned int options, unsigned int depth, dev_t dev)
{
DIR *dd;
struct dirent *dent;
STATBUF sb;
char *fname;
int included;
const struct optstruct *opt;
unsigned int dirlnk, filelnk;
if((opt = optget(opts, "exclude-dir"))->enabled) {
while(opt) {
if(match_regex(dirname, opt->strarg) == 1) {
if(!printinfected)
logg("~%s: Excluded\n", dirname);
return;
}
opt = opt->nextarg;
}
}
if((opt = optget(opts, "include-dir"))->enabled) {
included = 0;
while(opt) {
if(match_regex(dirname, opt->strarg) == 1) {
included = 1;
break;
}
opt = opt->nextarg;
}
if(!included) {
if(!printinfected)
logg("~%s: Excluded\n", dirname);
return;
}
}
if(depth > (unsigned int) optget(opts, "max-dir-recursion")->numarg)
return;
dirlnk = optget(opts, "follow-dir-symlinks")->numarg;
filelnk = optget(opts, "follow-file-symlinks")->numarg;
if((dd = opendir(dirname)) != NULL) {
info.dirs++;
depth++;
while((dent = readdir(dd))) {
if(dent->d_ino) {
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {
/* build the full name */
fname = malloc(strlen(dirname) + strlen(dent->d_name) + 2);
if (fname == NULL) { /* oops, malloc() failed, print warning and return */
logg("!scandirs: Memory allocation failed for fname\n");
break;
}
if(!strcmp(dirname, PATHSEP))
sprintf(fname, PATHSEP"%s", dent->d_name);
else
sprintf(fname, "%s"PATHSEP"%s", dirname, dent->d_name);
/* stat the file */
if(LSTAT(fname, &sb) != -1) {
if(!optget(opts, "cross-fs")->enabled) {
if(sb.st_dev != dev) {
if(!printinfected)
logg("~%s: Excluded\n", fname);
free(fname);
continue;
}
}
if(S_ISLNK(sb.st_mode)) {
if(dirlnk != 2 && filelnk != 2) {
if(!printinfected)
logg("%s: Symbolic link\n", fname);
} else if(CLAMSTAT(fname, &sb) != -1) {
if(S_ISREG(sb.st_mode) && filelnk == 2) {
scanfile(fname, engine, opts, options);
} else if(S_ISDIR(sb.st_mode) && dirlnk == 2) {
if(recursion)
scandirs(fname, engine, opts, options, depth, dev);
} else {
if(!printinfected)
logg("%s: Symbolic link\n", fname);
}
}
} else if(S_ISREG(sb.st_mode)) {
scanfile(fname, engine, opts, options);
} else if(S_ISDIR(sb.st_mode) && recursion) {
scandirs(fname, engine, opts, options, depth, dev);
}
}
free(fname);
}
}
}
closedir(dd);
} else {
if(!printinfected)
logg("~%s: Can't open directory.\n", dirname);
info.errors++;
}
}
static int scandirs(const char *dirname, struct cl_engine *engine, const struct optstruct *opt, const struct cl_limits *limits, unsigned int options, unsigned int depth)
{
DIR *dd;
struct dirent *dent;
struct stat statbuf;
char *fname;
int scanret = 0, included;
unsigned int maxdepth;
const struct optnode *optnode;
char *argument;
if(opt_check(opt, "exclude-dir")) {
argument = opt_firstarg(opt, "exclude-dir", &optnode);
while(argument) {
if(cli_matchregex(dirname, argument)) {
if(!printinfected)
logg("~%s: Excluded\n", dirname);
return 0;
}
argument = opt_nextarg(&optnode, "exclude-dir");
}
}
if(opt_check(opt, "include-dir")) {
included = 0;
argument = opt_firstarg(opt, "include-dir", &optnode);
while(argument && !included) {
if(cli_matchregex(dirname, argument)) {
included = 1;
break;
}
argument = opt_nextarg(&optnode, "include-dir");
}
if(!included) {
if(!printinfected)
logg("~%s: Excluded\n", dirname);
return 0;
}
}
if(opt_check(opt, "max-dir-recursion"))
maxdepth = atoi(opt_arg(opt, "max-dir-recursion"));
else
maxdepth = 15;
if(depth > maxdepth)
return 0;
info.dirs++;
depth++;
if((dd = opendir(dirname)) != NULL) {
while((dent = readdir(dd))) {
#if !defined(C_INTERIX) && !defined(_WIN32)
if(dent->d_ino)
#endif
{
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {
/* build the full name */
fname = malloc(strlen(dirname) + strlen(dent->d_name) + 2);
if(!strcmp(dirname, "/"))
sprintf(fname, "/%s", dent->d_name);
else
sprintf(fname, "%s/%s", dirname, dent->d_name);
#ifdef _WIN32
NORMALIZE_PATH(fname, 1, continue);
#endif
/* stat the file */
if(lstat(fname, &statbuf) != -1) {
if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode) && recursion) {
if(scandirs(fname, engine, opt, limits, options, depth) == 1)
scanret++;
} else {
if(S_ISREG(statbuf.st_mode))
scanret += scanfile(fname, engine, opt, limits, options);
}
}
free(fname);
}
}
}
} else {
int
main(int argc, char **argv)
{
time_t tloc;
struct tm *tmp;
int year;
int month;
off_t rectmpin;
(void) setlocale(LC_ALL, "");
setbuf(stdout, NULL);
(void) time(&tloc);
tmp = localtime(&tloc);
year = tmp->tm_year;
month = tmp->tm_mon + 1;
lastmonth = ((year + 1900 - 1970) * 365 +
(month - 1) * 30) * DAYEPOCH;
nextmonth = ((year + 1900 - 1970) * 365 +
(month + 1) * 30) * DAYEPOCH;
if (argc < 2) {
argv[argc] = "-";
argc++;
}
/*
* Almost all system call failures in this program are unrecoverable
* and therefore fatal. Typical causes might be lack of memory or
* of space in a filesystem. If necessary, the system administrator
* can invoke /usr/lib/acct/runacct interactively after making room
* to complete the remaining phases of last night's accounting.
*/
if ((Temp = tmpfile()) == NULL) {
perror("Cannot create temporary file");
return (EXIT_FAILURE);
}
while (--argc > 0) {
argv++;
if (strcmp(*argv, "-") == 0) {
Wtmpx = stdin;
cur_input_name = STDIN_NAME;
} else if ((Wtmpx = fopen(*argv, "r")) == NULL) {
(void) fprintf(stderr, "Cannot open %s: %s\n",
*argv, strerror(errno));
return (EXIT_FAILURE);
} else {
cur_input_name = *argv;
}
/*
* Filter records reading from current input stream Wtmpx,
* writing to Temp.
*/
scanfile();
if (Wtmpx != stdin)
(void) fclose(Wtmpx);
}
/* flush and rewind Temp for readback */
if (fflush(Temp) != 0) {
perror("<temporary file>: fflush");
return (EXIT_FAILURE);
}
if (fseeko(Temp, (off_t)0L, SEEK_SET) != 0) {
perror("<temporary file>: seek");
return (EXIT_FAILURE);
}
/* second pass: apply time adjustments */
rectmpin = 0;
while (winp(Temp, &Ut)) {
adjust(rectmpin, &Ut);
rectmpin += UTRSZ;
if (fwrite(&Ut, UTRSZ, 1, stdout) < 1) {
perror("<stdout>: fwrite");
return (EXIT_FAILURE);
}
}
(void) fclose(Temp);
/*
* Detect if we've run out of space (say) and exit unsuccessfully
* so that downstream accounting utilities won't start processing an
* incomplete tmpwtmp file.
*/
if (fflush(stdout) != 0) {
perror("<stdout>: fflush");
return (EXIT_FAILURE);
}
return (EXIT_SUCCESS);
}
