Blob Blame Raw
Index: clamav-0.96.1/clamd/clamd.c
===================================================================
--- clamav-0.96.1.orig/clamd/clamd.c
+++ clamav-0.96.1/clamd/clamd.c
@@ -434,6 +434,9 @@ int main(int argc, char **argv)
     if((opt = optget(opts,"BytecodeTimeout"))->enabled) {
 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
     }
+    if((opt = optget(opts,"BytecodeDisableJIT"))->enabled) {
+	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_DISABLEJIT, opt->numarg);
+    }
 
     if(optget(opts,"PhishingScanURLs")->enabled)
 	dboptions |= CL_DB_PHISHING_URLS;
Index: clamav-0.96.1/clamscan/manager.c
===================================================================
--- clamav-0.96.1.orig/clamscan/manager.c
+++ clamav-0.96.1/clamscan/manager.c
@@ -404,6 +404,8 @@ int scanmanager(const struct optstruct *
 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL);
     if((opt = optget(opts,"bytecode-timeout"))->enabled)
 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
+    if((opt = optget(opts,"bytecode-disable-jit"))->enabled)
+	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_DISABLEJIT, opt->numarg);
 
     if((opt = optget(opts, "tempdir"))->enabled) {
 	if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
Index: clamav-0.96.1/docs/man/clamd.conf.5.in
===================================================================
--- clamav-0.96.1.orig/docs/man/clamd.conf.5.in
+++ clamav-0.96.1/docs/man/clamd.conf.5.in
@@ -253,6 +253,12 @@ Default: TrustSigned
 Set bytecode timeout in milliseconds.
 .br
 Default: 60000
+.TP
+\fBBytecodeDisableJIT BOOL\fR
+Disable the JIT and fallback to interpreter mode.
+WARNING: disabling the JIT affects performance!
+.br
+Default: No
 .TP 
 \fBDetectPUA BOOL\fR
 Detect Possibly Unwanted Applications.
Index: clamav-0.96.1/docs/man/clamscan.1.in
===================================================================
--- clamav-0.96.1.orig/docs/man/clamscan.1.in
+++ clamav-0.96.1/docs/man/clamscan.1.in
@@ -86,6 +86,10 @@ This option disables safety checks and m
 .TP 
 \fB\-\-bytecode\-timeout=N\fR
 Set bytecode timeout in milliseconds (default: 60000 = 60s)
+.TP
+\fB\-\-bytecode\-disable\-jit\fR
+Disable the JIT and fallback to interpreter mode.
+WARNING: disable the JIT affects performance!
 .TP 
 \fB\-\-detect\-pua[=yes/no(*)]\fR
 Detect Possibly Unwanted Applications.
Index: clamav-0.96.1/etc/clamd.conf
===================================================================
--- clamav-0.96.1.orig/etc/clamd.conf
+++ clamav-0.96.1/etc/clamd.conf
@@ -472,3 +472,8 @@ Example
 # 
 # Default: 60000
 # BytecodeTimeout 60000
+ 
+# Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance.
+# 
+# Default: no
+#BytecodeDisableJIT no
Index: clamav-0.96.1/libclamav/clamav.h
===================================================================
--- clamav-0.96.1.orig/libclamav/clamav.h
+++ clamav-0.96.1/libclamav/clamav.h
@@ -144,7 +144,8 @@ enum cl_engine_field {
     CL_ENGINE_TMPDIR,		    /* (char *) */
     CL_ENGINE_KEEPTMP,		    /* uint32_t */
     CL_ENGINE_BYTECODE_SECURITY,     /* uint32_t */
-    CL_ENGINE_BYTECODE_TIMEOUT       /* uint32_t */
+    CL_ENGINE_BYTECODE_TIMEOUT,       /* uint32_t */
+    CL_ENGINE_BYTECODE_DISABLEJIT        /* uint32_t */
 };
 
 enum bytecode_security {
Index: clamav-0.96.1/libclamav/others.c
===================================================================
--- clamav-0.96.1.orig/libclamav/others.c
+++ clamav-0.96.1/libclamav/others.c
@@ -301,6 +301,7 @@ struct cl_engine *cl_engine_new(void)
     new->bytecode_security = CL_BYTECODE_TRUST_SIGNED;
     /* 5 seconds timeout */
     new->bytecode_timeout = 60000;
+    new->disablejit = 0;
     new->refcount = 1;
     new->ac_only = 0;
     new->ac_mindepth = CLI_DEFAULT_AC_MINDEPTH;
@@ -399,6 +400,9 @@ int cl_engine_set_num(struct cl_engine *
 	case CL_ENGINE_BYTECODE_TIMEOUT:
 	    engine->bytecode_timeout = num;
 	    break;
+	case CL_ENGINE_BYTECODE_DISABLEJIT:
+	    engine->disablejit = num;
+	    break;
 	default:
 	    cli_errmsg("cl_engine_set_num: Incorrect field number\n");
 	    return CL_EARG;
Index: clamav-0.96.1/libclamav/others.h
===================================================================
--- clamav-0.96.1.orig/libclamav/others.h
+++ clamav-0.96.1/libclamav/others.h
@@ -253,6 +253,7 @@ struct cl_engine {
     unsigned hook_lsig_ids;
     enum bytecode_security bytecode_security;
     uint32_t bytecode_timeout;
+    unsigned disablejit;
 };
 
 struct cl_settings {
Index: clamav-0.96.1/libclamav/readdb.c
===================================================================
--- clamav-0.96.1.orig/libclamav/readdb.c
+++ clamav-0.96.1/libclamav/readdb.c
@@ -2595,7 +2595,10 @@ int cl_load(const char *path, struct cl_
 	    return ret;
 
     if((dboptions & CL_DB_BYTECODE) && !engine->bcs.engine && (engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
-	if((ret = cli_bytecode_init(&engine->bcs, engine->dconf->bytecode)))
+	unsigned dconfmask = engine->dconf->bytecode;
+	if (engine->disablejit)
+	    dconfmask &= BYTECODE_INTERPRETER;
+	if((ret = cli_bytecode_init(&engine->bcs, dconfmask)))
 	    return ret;
     } else {
 	cli_dbgmsg("Bytecode engine disabled\n");
Index: clamav-0.96.1/shared/optparser.c
===================================================================
--- clamav-0.96.1.orig/shared/optparser.c
+++ clamav-0.96.1/shared/optparser.c
@@ -252,6 +252,9 @@ const struct clam_option __clam_options[
 	"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
     { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
 	"Set bytecode timeout in miliseconds.\n","60000"},
+    { "BytecodeDisableJIT", "bytecode-disable-jit", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
+	"Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance.\n","no"},
+
     { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
 
     { "ExcludePUA", "exclude-pua", 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_CLAMSCAN, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool\nPWTool" },