[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. 99ae9353f6834da0cb73f59f4b32d1f0ae1263fa
Stephen Gran
steve at lobefin.net
Thu Sep 4 12:36:59 UTC 2008
The following commit has been merged in the debian/unstable branch:
commit c3ab37c16a1f8b4f6e556826024b7784484b69cf
Author: Stephen Gran <steve at lobefin.net>
Date: Thu Sep 4 13:25:43 2008 +0100
Revert "remove detection of Suspect.Zip and Exploit.Zip.ModifiedHeaders (bb#997)"
This reverts commit 53fd66d308871041062e50efe42c9a2bd1a3e2ef.
diff --git a/ChangeLog b/ChangeLog
index 9c2b1f0..ffc04e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,3 @@
-Mon Apr 28 12:37:31 CEST 2008 (tk)
-----------------------------------
- * libclamav/unzip.c: remove detection of Suspect.Zip and
- Exploit.Zip.ModifiedHeaders (bb#997)
-
Thu Apr 24 17:44:38 MSD 2008 (tk)
---------------------------------
* libclamav: scan for embedded PEs inside OLE2 files (bb#914)
diff --git a/libclamav/unzip.c b/libclamav/unzip.c
index 6c1244c..93cfbb9 100644
--- a/libclamav/unzip.c
+++ b/libclamav/unzip.c
@@ -387,6 +387,25 @@ static unsigned int lhdr(uint8_t *zip, uint32_t zsize, unsigned int *fu, unsigne
zsize-=csize;
}
+ if(ch && !LH_flen) {
+ cli_dbgmsg("cli_unzip: found noname file\n");
+ *ctx->virname = "Suspect.Zip";
+ *ret = CL_VIRUS;
+ return 0;
+ }
+ if(ch && !LH_usize && LH_crc32) {
+ cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n");
+ *ctx->virname = "Exploit.Zip.ModifiedHeaders";
+ * ret = CL_VIRUS;
+ return 0;
+ }
+ if(ch && !LH_csize && LH_usize) {
+ cli_dbgmsg("Zip: Malformed file (csize == 0 but usize != 0)\n");
+ *ctx->virname = "Suspect.Zip";
+ *ret = CL_VIRUS;
+ return 0;
+ }
+
if(LH_flags & F_USEDD) {
if(zsize<12) {
cli_dbgmsg("cli_unzip: lh - data desc out of file\n");
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list