Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clam 1106 clamdscan allmatch stickiness #741

Merged
merged 2 commits into from
Nov 4, 2022
Merged

Clam 1106 clamdscan allmatch stickiness #741

merged 2 commits into from
Nov 4, 2022

Conversation

val-ms
Copy link
Contributor

@val-ms val-ms commented Nov 2, 2022

  • Fix clamdscan --allmatch stickiness bug

    If you run clamdscan with the --allmatch option, it will cause all
    subsequent clamdscan scans to have all-match mode enabled.
    This bug is specific to clamd / clamdscan and does not affect clamscan.
    The problem was introduced when we converted the scan options from a
    single integer bitfield to a struct. The scan options set by the
    clamdscan parameters should be saved in a local copy of the scan
    options, but instead it is saving a copy of the pointer to the scan
    options struct, and so any changes to the scan options affect future
    scans.

  • Test: Add clamdscan --allmatch stickiness regression test

    Test that clamdscan --allmatch does not cause future clamdscans to run
    in allmatch mode.

Fixes #276

val-ms added 2 commits November 1, 2022 21:39
@val-ms
Test: Add clamdscan --allmatch stickiness regression test
14e9b84 
Test that clamdscan --allmatch does not cause future clamdscans to run
in allmatch mode.
@val-ms
Fix clamdscan --allmatch stickiness bug
1ed5989 
If you run clamdscan with the --allmatch option, it will cause all
subsequent clamdscan scans to have all-match mode enabled.
This bug is specific to clamd / clamdscan and does not affect clamscan.

The problem was introduced when we converted the scan options from a
single integer bitfield to a struct. The scan options set by the
clamdscan parameters should be saved in a local copy of the scan
options, but instead it is saving a copy of the pointer to the scan
options struct, and so any changes to the scan options affect future
scans.
m-sola
m-sola approved these changes Nov 4, 2022
View reviewed changes
Copy link
Contributor

@m-sola m-sola left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comparison testing by running clamd, then clamdscan 3 times (no allmatch, allmatch, no allmatch):

In the previous version the last scan gave allmatch results.

Same test on this PR fixes that.

The code itself is straightforward. No issues there.

@val-ms val-ms merged commit 836e8d4 into Cisco-Talos:main Nov 4, 2022
@val-ms val-ms deleted the CLAM-1106-clamdscan-allmatch-stickiness branch November 4, 2022 22:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kirkham kirkham kirkham approved these changes

@m-sola m-sola m-sola approved these changes

Assignees
No one assigned
Labels
🌍allmatch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

clamdscan --allmatch option is sticky: all subsequent scans will be allmatch-mode
3 participants
@val-ms @kirkham @m-sola