Clam 2498 make image fuzzy hashing optional; Clam 2532 --force-to-disk missing documentation#1186
Merged
val-ms merged 3 commits intoCisco-Talos:mainfrom Mar 14, 2024
Conversation
Image fuzzy hashing is enabled by default. The following options have been added to allow users to disable it, if desired. New clamscan options: --scan-image[=yes(*)/no] --scan-image-fuzzy-hash[=yes(*)/no] New clamd config options: ScanImage yes(*)/no ScanImageFuzzyHash yes(*)/no New libclamav scan options: options.parse &= ~CL_SCAN_PARSE_IMAGE; options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH; This commit also changes scan behavior to disable image fuzzy hashing for specific types when the DCONF (.cfg) signatures disable those types. That is, if DCONF disables the PNG parser, it should not only disable the CVE/format checker for PNG files, but also disable image fuzzy hashing for PNG files. Also adds a DCONF option to disable image fuzzy hashing: OTHER_CONF_IMAGE_FUZZY_HASH DCONF allows scanning features to be disabled using a configuration "signature".
The --force-to-disk option is missing from the clamscan --help and clamscan manpage documentation. Also change clamd.conf.sample suggestions to differ the from default settings so that the sample is easier to use.
Use the existing clamscan image fuzzy hash tests to verify that both --scan-image=no and also --scan-image-fuzzy-hash=no will disable image fuzzy hash based detection (at least for PNG files).
Contributor
|
verified that force-to-disk is there. |
ragusaa
approved these changes
Mar 7, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Image fuzzy hashing is enabled by default. The following options have been added to allow users to disable it, if desired.
New clamscan options:
New clamd config options:
New libclamav scan options:
This commit also changes scan behavior to disable image fuzzy hashing for specific types when the DCONF (.cfg) signatures disable those types. That is, if DCONF disables the PNG parser, it should not only disable the CVE/format checker for PNG files, but also disable image fuzzy hashing for PNG files.
Also adds a DCONF option to disable image fuzzy hashing:
OTHER_CONF_IMAGE_FUZZY_HASHDCONF allows scanning features to be disabled using a configuration "signature".
This PR also adds
--force-to-diskoption missing from theclamscan --helpand clamscan manpage documentation.