Support for extracting attachments from OneNote section files

INSTALL.md

@@ -585,6 +585,14 @@ But if you:
   -D OPENSSL_SSL_LIBRARY="_filepath of libssl library_"
 ```
 
+_Tip_: For Windows, you may need to do this instead:
+```sh
+  -D OPENSSL_ROOT_DIR="_path to openssl install root_"
+  -D OPENSSL_INCLUDE_DIR="_filepath of openssl header directory_"
+  -D LIB_EAY_RELEASE="_filepath of libcrypto library_"  # or LIB_EAY_DEBUG for Debug builds
+  -D SSL_EAY_RELEASE="_filepath of libssl library_"     # or SSL_EAY_DEBUG for Debug builds
+```
+
 ### `libjson-c`
 
 _Tip_: You're strongly encouraged to link with the a static json-c library.

clamd/server-th.c

@@ -1291,6 +1291,13 @@ int recvloop(int *socketds, unsigned nsockets, struct cl_engine *engine, unsigne
         logg(LOGG_INFO, "HWP3 support disabled.\n");
     }
 
+    if (optget(opts, "ScanOneNote")->enabled) {
+        logg(LOGG_INFO, "OneNote support enabled.\n");
+        options.parse |= CL_SCAN_PARSE_ONENOTE;
+    } else {
+        logg(LOGG_INFO, "OneNote support disabled.\n");
+    }
+
     if (optget(opts, "PhishingScanURLs")->enabled) {
         /* TODO: Remove deprecated option in a future feature release */
         if ((optget(opts, "PhishingAlwaysBlockCloak")->enabled) ||

clamscan/clamscan.c

@@ -304,6 +304,7 @@ void help(void)
     mprintf(LOGG_INFO, "    --scan-html[=yes(*)/no]              Scan HTML files\n");
     mprintf(LOGG_INFO, "    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files\n");
     mprintf(LOGG_INFO, "    --scan-hwp3[=yes(*)/no]              Scan HWP3 files\n");
+    mprintf(LOGG_INFO, "    --scan-onenote[=yes(*)/no]           Scan OneNote files\n");
     mprintf(LOGG_INFO, "    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)\n");
     mprintf(LOGG_INFO, "    --alert-broken[=yes/no(*)]           Alert on broken executable files (PE & ELF)\n");
     mprintf(LOGG_INFO, "    --alert-broken-media[=yes/no(*)]     Alert on broken graphics files (JPEG, TIFF, PNG, GIF)\n");

clamscan/manager.c

@@ -1552,6 +1552,9 @@ int scanmanager(const struct optstruct *opts)
     if (optget(opts, "scan-hwp3")->enabled)
         options.parse |= CL_SCAN_PARSE_HWP3;
 
+    if (optget(opts, "scan-onenote")->enabled)
+        options.parse |= CL_SCAN_PARSE_ONENOTE;
+
     /* TODO: Remove deprecated option in a future feature release */
     if ((optget(opts, "algorithmic-detection")->enabled) && /* && used due to default-yes for both options */
         (optget(opts, "heuristic-alerts")->enabled)) {

cmake/FindRust.cmake

@@ -236,7 +236,7 @@ function(add_rust_executable)
     # Build the executable.
     add_custom_command(
         OUTPUT "${OUTPUT}"
-        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
+        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "CARGO_INCLUDE_DIRECTORIES=\"${ARGS_INCLUDE_DIRECTORIES}\"" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
         WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
         DEPENDS ${EXE_SOURCES}
         COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
@@ -265,7 +265,7 @@ endfunction()
 
 function(add_rust_library)
     set(options)
-    set(oneValueArgs TARGET SOURCE_DIRECTORY BINARY_DIRECTORY PRECOMPILE_TESTS)
+    set(oneValueArgs TARGET SOURCE_DIRECTORY BINARY_DIRECTORY PRECOMPILE_TESTS INCLUDE_DIRECTORIES)
     cmake_parse_arguments(ARGS "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
 
     if(WIN32)
@@ -287,8 +287,8 @@ function(add_rust_library)
     if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$")
         add_custom_command(
             OUTPUT "${OUTPUT}"
-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
+            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "CARGO_INCLUDE_DIRECTORIES=\"${ARGS_INCLUDE_DIRECTORIES}\"" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
+            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "CARGO_INCLUDE_DIRECTORIES=\"${ARGS_INCLUDE_DIRECTORIES}\"" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
             COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}"
             COMMAND lipo -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}"
             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
@@ -297,22 +297,22 @@ function(add_rust_library)
     elseif("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64)$")
         add_custom_command(
             OUTPUT "${OUTPUT}"
-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
+            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "CARGO_INCLUDE_DIRECTORIES=\"${ARGS_INCLUDE_DIRECTORIES}\"" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
             DEPENDS ${LIB_SOURCES}
             COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:  ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
     elseif("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(x86_64)$")
         add_custom_command(
             OUTPUT "${OUTPUT}"
-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
+            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "CARGO_INCLUDE_DIRECTORIES=\"${ARGS_INCLUDE_DIRECTORIES}\"" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
             COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}"
             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
             DEPENDS ${LIB_SOURCES}
             COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:  ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
     else()
         add_custom_command(
             OUTPUT "${OUTPUT}"
-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
+            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "CARGO_INCLUDE_DIRECTORIES=\"${ARGS_INCLUDE_DIRECTORIES}\"" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
             DEPENDS ${LIB_SOURCES}
             COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:  ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")

common/optparser.c

@@ -434,6 +434,8 @@ const struct clam_option __clam_options[] = {
 
     {"ScanHWP3", "scan-hwp3", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning HWP3 files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes"},
 
+    {"ScanOneNote", "scan-onenote", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning OneNote files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes"},
+
     {"ScanArchive", "scan-archive", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Scan within archives and compressed files.\nIf you turn off this option, the original files will still be scanned, but\nwithout unpacking and additional processing.", "yes"},
 
     {"ForceToDisk", "force-to-disk", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option causes memory or nested map scans to dump the content to disk.\nIf you turn on this option, more data is written to disk and is available\nwhen the leave-temps option is enabled at the cost of more disk writes.", "no"},

docs/man/clamd.conf.5.in

@@ -479,6 +479,13 @@ If you turn off this option, the original files will still be scanned, but witho
 .br
 Default: yes
 .TP
+\fBScanOneNote BOOL\fR
+This option enables scanning OneNote files.
+.br
+If you turn off this option, the original files will still be scanned, but without additional processing.
+.br
+Default: yes
+.TP
 \fBScanArchive BOOL\fR
 Scan within archives and compressed files.
 .br

etc/clamd.conf.sample

@@ -426,6 +426,12 @@ Example
 # Default: yes
 #ScanHWP3 yes
 
+# This option enables scanning of OneNote files.
+# If you turn off this option, the original files will still be scanned, but
+# without additional processing.
+# Default: yes
+#ScanOneNote yes
+
 
 ##
 ## Mail files

libclamav/clamav.h

@@ -180,6 +180,7 @@ struct cl_scan_options {
 #define CL_SCAN_PARSE_OLE2                          0x80
 #define CL_SCAN_PARSE_HTML                          0x100
 #define CL_SCAN_PARSE_PE                            0x200
+#define CL_SCAN_PARSE_ONENOTE                       0x400
 
 /* heuristic alerting options */
 #define CL_SCAN_HEURISTIC_BROKEN                    0x2    /* alert on broken PE and broken ELF files */

libclamav/dconf.c

@@ -118,6 +118,7 @@ static struct dconf_module modules[] = {
     {"DOCUMENT", "OOXML", DOC_CONF_OOXML, 1},
     {"DOCUMENT", "MSPML", DOC_CONF_MSXML, 1},
     {"DOCUMENT", "HWP", DOC_CONF_HWP, 1},
+    {"DOCUMENT", "ONENOTE", DOC_CONF_ONENOTE, 1},
 
     {"MAIL", "MBOX", MAIL_CONF_MBOX, 1},
     {"MAIL", "TNEF", MAIL_CONF_TNEF, 1},

libclamav/dconf.h

@@ -109,6 +109,7 @@ struct cli_dconf {
 #define DOC_CONF_MSXML        0x80
 #define DOC_CONF_OOXML        0x100
 #define DOC_CONF_HWP          0x200
+#define DOC_CONF_ONENOTE      0x400
 
 /* Mail flags */
 #define MAIL_CONF_MBOX 0x1

libclamav/filetypes.c

@@ -138,6 +138,7 @@ static const struct ftmap_s {
     { "CL_TYPE_EGG",          CL_TYPE_EGG          },
     { "CL_TYPE_EGGSFX",       CL_TYPE_EGGSFX       },
     { "CL_TYPE_UDF",          CL_TYPE_UDF          },
+    { "CL_TYPE_ONENOTE",      CL_TYPE_ONENOTE      },
     { NULL,                   CL_TYPE_IGNORED      }
 };
 // clang-format on

libclamav/filetypes.h

@@ -92,6 +92,7 @@ typedef enum cli_file {
     CL_TYPE_OOXML_HWP,
     CL_TYPE_PS,
     CL_TYPE_EGG,
+    CL_TYPE_ONENOTE,
 
     /* Section for partition types */
     CL_TYPE_PART_ANY, /* unknown partition type */

libclamav/filetypes_int.h

@@ -204,5 +204,6 @@ static const char *ftypes_int[] = {
     "0:0:4d4d:TIFF Big Endian:CL_TYPE_ANY:CL_TYPE_GRAPHICS:81:121",
     "1:*:377abcaf271c:7zip-SFX:CL_TYPE_ANY:CL_TYPE_7ZSFX:74",
     "1:0:3c3f786d6c2076657273696f6e3d22312e3022{0-1024}70726f6769643d22576f72642e446f63756d656e74223f3e:Microsoft Word 2003 XML Document:CL_TYPE_ANY:CL_TYPE_XML_WORD:80",
+    "0:0:e4525c7b8cd8a74daeb15378d02996d3:Microsoft OneNote Document:CL_TYPE_ANY:CL_TYPE_ONENOTE:200",
     NULL};
 #endif

libclamav/fmap.c

@@ -132,7 +132,7 @@ fmap_t *fmap_check_empty(int fd, off_t offset, size_t len, int *empty, const cha
     m = cl_fmap_open_handle((void *)(ssize_t)fd, offset, len, pread_cb, 1);
     if (!m)
         return NULL;
-    m->mtime = st.st_mtime;
+    m->mtime = (uint64_t)st.st_mtime;
 
     if (NULL != name) {
         m->name = cli_strdup(name);
@@ -152,8 +152,8 @@ static void unmap_win32(fmap_t *m)
         if (NULL != m->data) {
             UnmapViewOfFile(m->data);
         }
-        if (NULL != m->mh) {
-            CloseHandle(m->mh);
+        if (NULL != m->windows_map_handle) {
+            CloseHandle(m->windows_map_handle);
         }
         if (NULL != m->name) {
             free(m->name);
@@ -169,8 +169,8 @@ fmap_t *fmap_check_empty(int fd, off_t offset, size_t len, int *empty, const cha
     STATBUF st;
     fmap_t *m = NULL;
     const void *data;
-    HANDLE fh;
-    HANDLE mh;
+    HANDLE windows_file_handle;
+    HANDLE windows_map_handle;
 
     *empty = 0;
     if (FSTAT(fd, &st)) {
@@ -194,30 +194,30 @@ fmap_t *fmap_check_empty(int fd, off_t offset, size_t len, int *empty, const cha
 
     pages = fmap_align_items(len, pgsz);
 
-    if ((fh = (HANDLE)_get_osfhandle(fd)) == INVALID_HANDLE_VALUE) {
+    if ((windows_file_handle = (HANDLE)_get_osfhandle(fd)) == INVALID_HANDLE_VALUE) {
         cli_errmsg("fmap: cannot get a valid handle for descriptor %d\n", fd);
         return NULL;
     }
-    if (!(mh = CreateFileMapping(fh, NULL, PAGE_READONLY, (DWORD)((len >> 31) >> 1), (DWORD)len, NULL))) {
+    if (!(windows_map_handle = CreateFileMapping(windows_file_handle, NULL, PAGE_READONLY, (DWORD)((len >> 31) >> 1), (DWORD)len, NULL))) {
         cli_errmsg("fmap: cannot create a map of descriptor %d\n", fd);
         return NULL;
     }
-    if (!(data = MapViewOfFile(mh, FILE_MAP_READ, (DWORD)((offset >> 31) >> 1), (DWORD)(offset), len))) {
+    if (!(data = MapViewOfFile(windows_map_handle, FILE_MAP_READ, (DWORD)((offset >> 31) >> 1), (DWORD)(offset), len))) {
         cli_errmsg("fmap: cannot map file descriptor %d\n", fd);
-        CloseHandle(mh);
+        CloseHandle(windows_map_handle);
         return NULL;
     }
     if (!(m = cl_fmap_open_memory(data, len))) {
         cli_errmsg("fmap: cannot allocate fmap_t\n", fd);
         UnmapViewOfFile(data);
-        CloseHandle(mh);
+        CloseHandle(windows_map_handle);
         return NULL;
     }
-    m->handle       = (void *)(size_t)fd;
-    m->handle_is_fd = 1; /* This is probably(?) needed so `fmap_fd()` can return the file descriptor. */
-    m->fh           = fh;
-    m->mh           = mh;
-    m->unmap        = unmap_win32;
+    m->handle              = (void *)(size_t)fd;
+    m->handle_is_fd        = true; /* This is probably(?) needed so `fmap_fd()` can return the file descriptor. */
+    m->windows_file_handle = (void *)windows_file_handle;
+    m->windows_map_handle  = (void *)windows_map_handle;
+    m->unmap               = unmap_win32;
 
     if (NULL != name) {
         m->name = cli_strdup(name);
@@ -416,7 +416,7 @@ extern cl_fmap_t *cl_fmap_open_handle(void *handle, size_t offset, size_t len,
     }
     m->handle          = handle;
     m->pread_cb        = pread_cb;
-    m->aging           = use_aging;
+    m->aging           = use_aging != 0 ? true : false;
     m->offset          = offset;
     m->nested_offset   = 0;
     m->len             = len; /* m->nested_offset + m->len = m->real_len */
@@ -430,7 +430,7 @@ extern cl_fmap_t *cl_fmap_open_handle(void *handle, size_t offset, size_t len,
     m->need_offstr     = handle_need_offstr;
     m->gets            = handle_gets;
     m->unneed_off      = handle_unneed_off;
-    m->handle_is_fd    = 1;
+    m->handle_is_fd    = true;
     m->have_md5        = false;
     m->have_sha1       = false;
     m->have_sha256     = false;
@@ -587,7 +587,7 @@ static int fmap_readpage(fmap_t *m, uint64_t first_page, uint64_t count, uint64_
                             cli_warnmsg("fmap_readpage: fstat failed: %s\n", errtxt);
                             return 1;
                         }
-                        if (m->mtime != st.st_mtime) {
+                        if (m->mtime != (uint64_t)st.st_mtime) {
                             cli_warnmsg("fmap_readpage: file changed as we read it\n");
                             return 1;
                         }

libclamav/fmap.h

@@ -51,19 +51,19 @@ struct cl_fmap {
     const void *data;
 
     /* internal */
-    time_t mtime;
+    uint64_t mtime;
     uint64_t pages;
     uint64_t pgsz;
     uint64_t paged;
-    uint16_t aging;
-    bool dont_cache_flag;  /** indicates if we should not cache scan results for this fmap. Used if limits exceeded */
-    uint16_t handle_is_fd; /** non-zero if map->handle is an fd. */
-    size_t offset;         /** file offset representing start of original fmap, if the fmap created reading from a file starting at offset other than 0 */
-    size_t nested_offset;  /** offset from start of original fmap (data) for nested scan. 0 for orig fmap. */
-    size_t real_len;       /** len from start of original fmap (data) to end of current (possibly nested) map. */
-                           /* real_len == nested_offset + len.
-                              real_len is needed for nested maps because we only reference the original mapping data.
-                              We convert caller's fmap offsets & lengths to real data offsets using nested_offset & real_len. */
+    bool aging;           /** indicates if we should age off memory mapped pages */
+    bool dont_cache_flag; /** indicates if we should not cache scan results for this fmap. Used if limits exceeded */
+    bool handle_is_fd;    /** non-zero if map->handle is an fd. */
+    size_t offset;        /** file offset representing start of original fmap, if the fmap created reading from a file starting at offset other than 0 */
+    size_t nested_offset; /** offset from start of original fmap (data) for nested scan. 0 for orig fmap. */
+    size_t real_len;      /** len from start of original fmap (data) to end of current (possibly nested) map. */
+                          /* real_len == nested_offset + len.
+                             real_len is needed for nested maps because we only reference the original mapping data.
+                             We convert caller's fmap offsets & lengths to real data offsets using nested_offset & real_len. */
 
     /* external */
     size_t len; /** length of data from nested_offset, accessible via current fmap */
@@ -82,10 +82,8 @@ struct cl_fmap {
     const void *(*need_offstr)(fmap_t *, size_t at, size_t len_hint);
     const void *(*gets)(fmap_t *, char *dst, size_t *at, size_t max_len);
     void (*unneed_off)(fmap_t *, size_t at, size_t len);
-#ifdef _WIN32
-    HANDLE fh;
-    HANDLE mh;
-#endif
+    void *windows_file_handle;
+    void *windows_map_handle;
     bool have_md5;
     unsigned char md5[CLI_HASHLEN_MD5];
     bool have_sha1;
@@ -424,7 +422,7 @@ cl_error_t fmap_dump_to_file(fmap_t *map, const char *filepath, const char *tmpd
  * @brief   Return the open file descriptor for the fmap (if available).
  *
  * This function will only provide the file descriptor if the fmap handle is set,
- * and if the handle is in fact a file descriptor (handle_is_fd != 0).
+ * and if the handle is in fact a file descriptor (handle_is_fd == true).
  *
  * @param m     The fmap.
  * @return int  The file descriptor, or -1 if not available.

libclamav/libclamav.map

@@ -292,6 +292,7 @@ CLAMAV_PRIVATE {
     readdb_parse_ldb_subsignature;
     fuzzy_hash_calculate_image;
     ffierror_fmt;
+    cli_magic_scan_buff;
 
     __cli_strcasestr;
     __cli_strndup;

libclamav/others.h

@@ -191,6 +191,7 @@ typedef struct recursion_level_tag {
 } recursion_level_t;
 
 typedef void *evidence_t;
+typedef void *onedump_t;
 
 /* internal clamav context */
 typedef struct cli_ctx_tag {
@@ -568,6 +569,7 @@ extern LIBCLAMAV_EXPORT int have_rar;
 #define SCAN_PARSE_OLE2 (ctx->options->parse & CL_SCAN_PARSE_OLE2)
 #define SCAN_PARSE_HTML (ctx->options->parse & CL_SCAN_PARSE_HTML)
 #define SCAN_PARSE_PE (ctx->options->parse & CL_SCAN_PARSE_PE)
+#define SCAN_PARSE_ONENOTE (ctx->options->parse & CL_SCAN_PARSE_ONENOTE)
 
 #define SCAN_HEURISTIC_BROKEN (ctx->options->heuristic & CL_SCAN_HEURISTIC_BROKEN)
 #define SCAN_HEURISTIC_BROKEN_MEDIA (ctx->options->heuristic & CL_SCAN_HEURISTIC_BROKEN_MEDIA)