[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:21:20 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit e943d06060369d9ed4813ce249e97b9f75b68279
Author: Török Edvin <edwin at clamav.net>
Date: Wed Feb 24 13:39:07 2010 +0200
Tweak swizzor threshold to fix some false positives.
diff --git a/libclamav/special.c b/libclamav/special.c
index ff518c8..ac72f55 100644
--- a/libclamav/special.c
+++ b/libclamav/special.c
@@ -358,12 +358,12 @@ static inline int swizz_j48(const uint16_t n[])
{
cli_dbgmsg("swizz_j48: %u, %u, %u\n",n[0],n[1],n[2]);
/* rules based on J48 tree */
- if (n[0] <= 945 || !n[1])
+ if (n[0] <= 961 || !n[1])
return 0;
if (n[0] <= 1006)
return (n[2] > 0 && n[2] <= 6);
else
- return n[1] <= 10;
+ return n[1] <= 10 && n[2];
}
void cli_detect_swizz_str(const unsigned char *str, uint32_t len, struct swizz_stats *stats, int blob)
@@ -429,7 +429,7 @@ void cli_detect_swizz_str(const unsigned char *str, uint32_t len, struct swizz_s
ngram_cnts[i] = (v<<10)/all;
}
ret = swizz_j48(ngram_cnts) ? CL_VIRUS : CL_CLEAN;
- if (!words) ret = CL_CLEAN;
+ if (words < 3) ret = CL_CLEAN;
cli_dbgmsg("cli_detect_swizz_str: %s, %u words\n", ret == CL_VIRUS ? "suspicious" : "ok", words);
if (ret == CL_VIRUS) {
stats->suspicious += j;
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list