Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clam 2498 make image fuzzy hashing optional; Clam 2532 --force-to-disk missing documentation #1186

Conversation

micahsnyder
Copy link
Contributor

Image fuzzy hashing is enabled by default. The following options have been added to allow users to disable it, if desired.

New clamscan options:

  --scan-image[=yes(*)/no]

  --scan-image-fuzzy-hash[=yes(*)/no]

New clamd config options:

  ScanImage yes(*)/no

  ScanImageFuzzyHash yes(*)/no

New libclamav scan options:

  options.parse &= ~CL_SCAN_PARSE_IMAGE;

  options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;

This commit also changes scan behavior to disable image fuzzy hashing for specific types when the DCONF (.cfg) signatures disable those types. That is, if DCONF disables the PNG parser, it should not only disable the CVE/format checker for PNG files, but also disable image fuzzy hashing for PNG files.

Also adds a DCONF option to disable image fuzzy hashing: OTHER_CONF_IMAGE_FUZZY_HASH

DCONF allows scanning features to be disabled using a configuration "signature".

This PR also adds --force-to-disk option missing from the clamscan --help and clamscan manpage documentation.

Image fuzzy hashing is enabled by default. The following options have
been added to allow users to disable it, if desired.

New clamscan options:

  --scan-image[=yes(*)/no]

  --scan-image-fuzzy-hash[=yes(*)/no]

New clamd config options:

  ScanImage yes(*)/no

  ScanImageFuzzyHash yes(*)/no

New libclamav scan options:

  options.parse &= ~CL_SCAN_PARSE_IMAGE;

  options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;

This commit also changes scan behavior to disable image fuzzy hashing
for specific types when the DCONF (.cfg) signatures disable those types.
That is, if DCONF disables the PNG parser, it should not only disable
the CVE/format checker for PNG files, but also disable image fuzzy
hashing for PNG files.

Also adds a DCONF option to disable image fuzzy hashing:
  OTHER_CONF_IMAGE_FUZZY_HASH

DCONF allows scanning features to be disabled using a configuration
"signature".
The --force-to-disk option is missing from the clamscan --help and
clamscan manpage documentation.

Also change clamd.conf.sample suggestions to differ the from default
settings so that the sample is easier to use.
Use the existing clamscan image fuzzy hash tests to verify that both
--scan-image=no and also --scan-image-fuzzy-hash=no will disable image
fuzzy hash based detection (at least for PNG files).
@ragusaa
Copy link
Contributor

ragusaa commented Mar 7, 2024

verified that force-to-disk is there.

@micahsnyder micahsnyder merged commit 63e4318 into Cisco-Talos:main Mar 14, 2024
23 of 24 checks passed
@micahsnyder micahsnyder deleted the CLAM-2498-make-image-fuzzy-hashing-optional branch March 14, 2024 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants