Skip to content

Clam 2256 add alz support#1183

Merged
val-ms merged 3 commits intoCisco-Talos:mainfrom
ragusaa:CLAM-2256-AddALZSupport
Apr 15, 2024
Merged

Clam 2256 add alz support#1183
val-ms merged 3 commits intoCisco-Talos:mainfrom
ragusaa:CLAM-2256-AddALZSupport

Conversation

@ragusaa
Copy link
Contributor

@ragusaa ragusaa commented Feb 23, 2024

No description provided.

@ragusaa ragusaa force-pushed the CLAM-2256-AddALZSupport branch 3 times, most recently from beef30b to 387cbc4 Compare February 27, 2024 16:08
@ragusaa ragusaa changed the title Clam 2256 add alz support (NOT READY TO MERGE) Clam 2256 add alz support Feb 27, 2024
@val-ms
Copy link
Contributor

val-ms commented Mar 15, 2024

PR needs to be rebased with the upstream main branch to bump the FLEVEL to 210 so ALZ file type detection works and tests pass, and to resolve merge conflicts.

val-ms
val-ms requested changes Mar 15, 2024
View reviewed changes
Copy link
Contributor

@val-ms val-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Over all I'm super impressed with this being your first large amount of Rust code. Pretty awesome.

@ragusaa
Copy link
Contributor Author

ragusaa commented Mar 15, 2024

Over all I'm super impressed with this being your first large amount of Rust code. Pretty awesome.

Thank you, I am starting to really like rust.

@ragusaa ragusaa force-pushed the CLAM-2256-AddALZSupport branch 2 times, most recently from fe90c1f to c5bc180 Compare March 19, 2024 17:53
val-ms
val-ms requested changes Mar 22, 2024
View reviewed changes
Copy link
Contributor

@val-ms val-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor things this time. My main concern is I don't think we should use info! at all. We've gotten (understandable) complaints about the "early end" warnings in the PDF parser. Users get confused by warnings when scanning malformed (but non-malicious) files.

In the future, we would want to record such events as weak indicators that could be used by signatures. That is of course pending implementing the weak indicator feature. Anyways... I ramble.

Final thing -- there is a linker error when building on Windows. It seems that the bzip-sys crate is compiling bzip2-1.0.8 into our libclamav_rust static library. That of course causes a linker error when we link libclamav (+libclamav_rust) with bz2.dll.
I'm not sure how to solve it. I created this issue to seek help: trifectatechfoundation/bzip2-rs#102

@val-ms val-ms mentioned this pull request Mar 22, 2024
Open
@ragusaa
Copy link
Contributor Author

ragusaa commented Mar 25, 2024

A few minor things this time. My main concern is I don't think we should use info! at all. We've gotten (understandable) complaints about the "early end" warnings in the PDF parser. Users get confused by warnings when scanning malformed (but non-malicious) files.

In the future, we would want to record such events as weak indicators that could be used by signatures. That is of course pending implementing the weak indicator feature. Anyways... I ramble.

Final thing -- there is a linker error when building on Windows. It seems that the bzip-sys crate is compiling bzip2-1.0.8 into our libclamav_rust static library. That of course causes a linker error when we link libclamav (+libclamav_rust) with bz2.dll. I'm not sure how to solve it. I created this issue to seek help: alexcrichton/bzip2-rs#102

I agree on the info!.

So we'll wait to merge until we resolve the link issue?

@ragusaa
Copy link
Contributor Author

ragusaa commented Mar 25, 2024

Re-ran testing with your changes, and everything still looks good.

@val-ms val-ms force-pushed the CLAM-2256-AddALZSupport branch from 473af46 to 4695e20 Compare April 13, 2024 18:51
@val-ms
Copy link
Contributor

val-ms commented Apr 13, 2024

I just rebased it, fixed merged conflicts, and squashed commits down, and re-ran clam-format once more.

val-ms
val-ms approved these changes Apr 13, 2024
View reviewed changes
Copy link
Contributor

@val-ms val-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jenkins test pipeline looks good to me as well.

@val-ms val-ms merged commit b6ebfbd into Cisco-Talos:main Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@val-ms val-ms val-ms approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ragusaa @val-ms