From 372bed2ff072b17b82d82c045628d2a2a38b3b62 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Mon, 27 Nov 2023 20:07:48 -0500 Subject: [PATCH] squashme: fix options to disable/enable onenote parsing --- clamd/server-th.c | 7 +++++++ clamscan/manager.c | 3 +++ common/optparser.c | 2 ++ docs/man/clamd.conf.5.in | 7 +++++++ etc/clamd.conf.sample | 6 ++++++ libclamav/clamav.h | 1 + libclamav/dconf.c | 1 + libclamav/dconf.h | 1 + libclamav/others.h | 1 + libclamav/scanners.c | 2 +- win32/conf_examples/clamd.conf.sample | 6 ++++++ 11 files changed, 36 insertions(+), 1 deletion(-) diff --git a/clamd/server-th.c b/clamd/server-th.c index a7b5813c2a..f2f523204c 100644 --- a/clamd/server-th.c +++ b/clamd/server-th.c @@ -1291,6 +1291,13 @@ int recvloop(int *socketds, unsigned nsockets, struct cl_engine *engine, unsigne logg(LOGG_INFO, "HWP3 support disabled.\n"); } + if (optget(opts, "ScanOneNote")->enabled) { + logg(LOGG_INFO, "OneNote support enabled.\n"); + options.parse |= CL_SCAN_PARSE_ONENOTE; + } else { + logg(LOGG_INFO, "OneNote support disabled.\n"); + } + if (optget(opts, "PhishingScanURLs")->enabled) { /* TODO: Remove deprecated option in a future feature release */ if ((optget(opts, "PhishingAlwaysBlockCloak")->enabled) || diff --git a/clamscan/manager.c b/clamscan/manager.c index 4b1e4906c3..77e87aaa5b 100644 --- a/clamscan/manager.c +++ b/clamscan/manager.c @@ -1552,6 +1552,9 @@ int scanmanager(const struct optstruct *opts) if (optget(opts, "scan-hwp3")->enabled) options.parse |= CL_SCAN_PARSE_HWP3; + if (optget(opts, "scan-onenote")->enabled) + options.parse |= CL_SCAN_PARSE_ONENOTE; + /* TODO: Remove deprecated option in a future feature release */ if ((optget(opts, "algorithmic-detection")->enabled) && /* && used due to default-yes for both options */ (optget(opts, "heuristic-alerts")->enabled)) { diff --git a/common/optparser.c b/common/optparser.c index 219134946e..ed01991a16 100644 --- a/common/optparser.c +++ b/common/optparser.c @@ -434,6 +434,8 @@ const struct clam_option __clam_options[] = { {"ScanHWP3", "scan-hwp3", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning HWP3 files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes"}, + {"ScanOneNote", "scan-onenote", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning OneNote files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes"}, + {"ScanArchive", "scan-archive", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Scan within archives and compressed files.\nIf you turn off this option, the original files will still be scanned, but\nwithout unpacking and additional processing.", "yes"}, {"ForceToDisk", "force-to-disk", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option causes memory or nested map scans to dump the content to disk.\nIf you turn on this option, more data is written to disk and is available\nwhen the leave-temps option is enabled at the cost of more disk writes.", "no"}, diff --git a/docs/man/clamd.conf.5.in b/docs/man/clamd.conf.5.in index 1f9e25583d..d0e2dccad2 100644 --- a/docs/man/clamd.conf.5.in +++ b/docs/man/clamd.conf.5.in @@ -479,6 +479,13 @@ If you turn off this option, the original files will still be scanned, but witho .br Default: yes .TP +\fBScanOneNote BOOL\fR +This option enables scanning OneNote files. +.br +If you turn off this option, the original files will still be scanned, but without additional processing. +.br +Default: yes +.TP \fBScanArchive BOOL\fR Scan within archives and compressed files. .br diff --git a/etc/clamd.conf.sample b/etc/clamd.conf.sample index b9f282824a..c0a6bbe7bd 100644 --- a/etc/clamd.conf.sample +++ b/etc/clamd.conf.sample @@ -426,6 +426,12 @@ Example # Default: yes #ScanHWP3 yes +# This option enables scanning of OneNote files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +#ScanOneNote yes + ## ## Mail files diff --git a/libclamav/clamav.h b/libclamav/clamav.h index f4ba496e4c..325d2d0f55 100644 --- a/libclamav/clamav.h +++ b/libclamav/clamav.h @@ -180,6 +180,7 @@ struct cl_scan_options { #define CL_SCAN_PARSE_OLE2 0x80 #define CL_SCAN_PARSE_HTML 0x100 #define CL_SCAN_PARSE_PE 0x200 +#define CL_SCAN_PARSE_ONENOTE 0x400 /* heuristic alerting options */ #define CL_SCAN_HEURISTIC_BROKEN 0x2 /* alert on broken PE and broken ELF files */ diff --git a/libclamav/dconf.c b/libclamav/dconf.c index fc1a119593..b1fe370a4c 100644 --- a/libclamav/dconf.c +++ b/libclamav/dconf.c @@ -118,6 +118,7 @@ static struct dconf_module modules[] = { {"DOCUMENT", "OOXML", DOC_CONF_OOXML, 1}, {"DOCUMENT", "MSPML", DOC_CONF_MSXML, 1}, {"DOCUMENT", "HWP", DOC_CONF_HWP, 1}, + {"DOCUMENT", "ONENOTE", DOC_CONF_ONENOTE, 1}, {"MAIL", "MBOX", MAIL_CONF_MBOX, 1}, {"MAIL", "TNEF", MAIL_CONF_TNEF, 1}, diff --git a/libclamav/dconf.h b/libclamav/dconf.h index 7bb5fabd08..f70989887f 100644 --- a/libclamav/dconf.h +++ b/libclamav/dconf.h @@ -109,6 +109,7 @@ struct cli_dconf { #define DOC_CONF_MSXML 0x80 #define DOC_CONF_OOXML 0x100 #define DOC_CONF_HWP 0x200 +#define DOC_CONF_ONENOTE 0x400 /* Mail flags */ #define MAIL_CONF_MBOX 0x1 diff --git a/libclamav/others.h b/libclamav/others.h index 71b740c492..6f584c546a 100644 --- a/libclamav/others.h +++ b/libclamav/others.h @@ -569,6 +569,7 @@ extern LIBCLAMAV_EXPORT int have_rar; #define SCAN_PARSE_OLE2 (ctx->options->parse & CL_SCAN_PARSE_OLE2) #define SCAN_PARSE_HTML (ctx->options->parse & CL_SCAN_PARSE_HTML) #define SCAN_PARSE_PE (ctx->options->parse & CL_SCAN_PARSE_PE) +#define SCAN_PARSE_ONENOTE (ctx->options->parse & CL_SCAN_PARSE_ONENOTE) #define SCAN_HEURISTIC_BROKEN (ctx->options->heuristic & CL_SCAN_HEURISTIC_BROKEN) #define SCAN_HEURISTIC_BROKEN_MEDIA (ctx->options->heuristic & CL_SCAN_HEURISTIC_BROKEN_MEDIA) diff --git a/libclamav/scanners.c b/libclamav/scanners.c index d057912145..7daf1c2a39 100644 --- a/libclamav/scanners.c +++ b/libclamav/scanners.c @@ -4592,7 +4592,7 @@ cl_error_t cli_magic_scan(cli_ctx *ctx, cli_file_t type) break; case CL_TYPE_ONENOTE: - if (SCAN_PARSE_ARCHIVE && (DCONF_ARCH & ARCH_CONF_EGG)) + if (SCAN_PARSE_ONENOTE && (DCONF_ARCH & DOC_CONF_ONENOTE)) ret = scan_onenote(ctx); break; diff --git a/win32/conf_examples/clamd.conf.sample b/win32/conf_examples/clamd.conf.sample index d44d7beb64..98fff9454a 100644 --- a/win32/conf_examples/clamd.conf.sample +++ b/win32/conf_examples/clamd.conf.sample @@ -398,6 +398,12 @@ TCPAddr localhost # Default: yes #ScanHWP3 yes +# This option enables scanning of OneNote files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +#ScanOneNote yes + ## ## Mail files