File: phishcheck.h

package info (click to toggle)
clamav 0.99%2Bdfsg-0%2Bdeb6u1
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 63,444 kB
  • ctags: 51,567
  • sloc: cpp: 267,214; ansic: 163,108; sh: 35,371; python: 2,630; makefile: 2,249; perl: 1,690; yacc: 1,352; pascal: 1,218; lex: 714; lisp: 184; csh: 117; xml: 38; asm: 32; exp: 4
file content (81 lines) | stat: -rw-r--r-- 2,388 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
/*
 *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
 *  Copyright (C) 2007-2008 Sourcefire, Inc.
 *
 *  Authors: Török Edvin
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2 as
 *  published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 *  MA 02110-1301, USA.
 */


#ifndef _PHISH_CHECK_H
#define _PHISH_CHECK_H

#include "regex/regex.h"
#include "htmlnorm.h"

#define CL_PHISH_BASE 100
enum phish_status {CL_PHISH_NODECISION=0, CL_PHISH_CLEAN=CL_PHISH_BASE,
	CL_PHISH_CLOAKED_UIU, CL_PHISH_NUMERIC_IP, CL_PHISH_HEX_URL, CL_PHISH_CLOAKED_NULL, CL_PHISH_SSL_SPOOF, CL_PHISH_NOMATCH,
        CL_PHISH_HASH0, CL_PHISH_HASH1, CL_PHISH_HASH2};

#define CHECK_SSL         1
#define CHECK_CLOAKING    2
#define CLEANUP_URL       4
#define CHECK_IMG_URL     8

#define LINKTYPE_IMAGE     1

#define CL_PHISH_ALL_CHECKS (CLEANUP_URL|CHECK_SSL|CHECK_CLOAKING|CHECK_IMG_URL)

struct string {
	struct string* ref;
	char* data;
	int refcount;
};

struct phishcheck {
	regex_t preg_numeric;
	int      is_disabled;
};

struct pre_fixup_info {
	/* pre_* url before fixup_spaces */
	struct string pre_displayLink;
	size_t host_start;
	size_t host_end;
};

struct url_check {
	struct string realLink;
	struct string displayLink;
	struct pre_fixup_info pre_fixup;
	unsigned short       flags;
	unsigned short always_check_flags;
	unsigned short       link_type;
};

int phishingScan(cli_ctx* ctx,tag_arguments_t* hrefs);

void phish_disable(struct cl_engine* engine,const char* reason);
/* Global, non-thread-safe functions, call only once! */
int phishing_init(struct cl_engine* engine);
void phishing_done(struct cl_engine* engine);
int cli_url_canon(const char *inurl, size_t len, char *urlbuff, size_t dest_len, char **host, size_t *hostlen, const char **path, size_t *pathlen);
/* end of non-thread-safe functions */


#endif