From 870ac0b6796f382ed52faa6c9eb026fc58720320 Mon Sep 17 00:00:00 2001 From: Michele Di Maria Date: Fri, 16 Mar 2012 19:40:04 +0100 Subject: Added the option to enable/disable "Heuristics.Broken.Executable" scan. See http://forum.pfsense.org/index.php/topic,47271.0.html for more info --- config/havp/havp.inc | 8 +++++++- config/havp/havp.xml | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'config/havp') diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 9d1e4501..7b4f08a5 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -160,6 +160,7 @@ define('F_SCANIMG', 'scanimg'); define('F_SCANARC', 'scanarc'); define('F_SCANSTREAM', 'scanstream'); define('F_SCANARCMAXSIZE', 'scanarcmaxsize'); +define('F_SCANBROKENEXE', 'scanbrokenexe'); # antivirus options define('F_HAVPUPDATE', 'havpavupdate'); define('F_DBREGION', 'dbregion'); @@ -539,6 +540,7 @@ function havp_convert_pfxml_xml() $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' ); $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' ); $havp_config[F_SCANSTREAM] = ( $pfconf[F_SCANSTREAM] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANBROKENEXE] = ( $pfconf[F_SCANBROKENEXE] === 'on' ? 'true' : 'false' ); $havp_config[F_SCANARCMAXSIZE] = ( is_numeric($pfconf[F_SCANARCMAXSIZE]) ? $pfconf[F_SCANARCMAXSIZE] : HVDEF_MAXARCSCANSIZE ); # log $havp_config[F_SYSLOG] = ( $pfconf[F_SYSLOG] === 'on' ? 'true' : 'false' ); @@ -751,9 +753,13 @@ function havp_config_clam() $conf[] = "DetectPUA no"; # possible unwanted applications $conf[] = "AlgorithmicDetection yes"; $conf[] = "# executable"; + if ($havp_config[F_SCANBROKENEXE] === 'true') + {$conf[] = "DetectBrokenExecutables yes";} + else + {$conf[] = "DetectBrokenExecutables no";} + # $conf[] = "ScanPE yes"; $conf[] = "ScanELF yes"; - $conf[] = "DetectBrokenExecutables yes"; $conf[] = "# documents"; $conf[] = "ScanOLE2 yes"; $conf[] = "ScanPDF yes"; diff --git a/config/havp/havp.xml b/config/havp/havp.xml index c7841956..27f1866f 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -266,6 +266,13 @@ Check this for scan media (audio/video) stream. Use this for additional scan exploits for players. checkbox + + Scan Broken Executables + scanbrokenexe + Check this to enable the Heuristic Broken Executable scan. + checkbox + on + Log log -- cgit v1.2.3