[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-167-g4319a8f
tkojm
tkojm at 77e5149b-7576-45b1-b177-96237e5ba77b
Fri Jun 12 19:11:44 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 08653586f821154ed944f4e011ade22dc21e62e3
Author: tkojm <tkojm at 77e5149b-7576-45b1-b177-96237e5ba77b>
Date: Thu Apr 23 13:24:21 2009 +0000
libclamav: call cli_checkfp() whenever possible/makes sense (bb#1558)
git-svn-id: http://svn.clamav.net/svn/clamav-devel/trunk@5053 77e5149b-7576-45b1-b177-96237e5ba77b
diff --git a/ChangeLog b/ChangeLog
index 2546f77..9e4e1f1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu Apr 23 15:23:02 CEST 2009 (tk)
+----------------------------------
+ * libclamav: call cli_checkfp() whenever possible/makes sense (bb#1558)
+
Wed Apr 22 14:24:03 EEST 2009 (edwin)
-------------------------------------
* libclamav/special.c: tune sensitivity of Trojan.Swizzor.Gen
diff --git a/libclamav/elf.c b/libclamav/elf.c
index 36a5cea..2d8144a 100644
--- a/libclamav/elf.c
+++ b/libclamav/elf.c
@@ -37,6 +37,7 @@
#include "elf.h"
#include "clamav.h"
#include "execs.h"
+#include "matcher.h"
static inline uint16_t EC16(uint16_t v, uint8_t c)
{
@@ -195,7 +196,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_EFORMAT;
}
@@ -208,7 +209,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_EFORMAT;
}
@@ -219,7 +220,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -241,7 +242,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -262,7 +263,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_EFORMAT;
}
@@ -279,7 +280,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_EFORMAT;
}
@@ -290,7 +291,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_EFORMAT;
}
@@ -302,7 +303,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -324,7 +325,7 @@ int cli_scanelf(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index ba9557e..d12e6cc 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -204,26 +204,37 @@ off_t cli_caloff(const char *offstr, struct cli_target_info *info, int fd, cli_f
return 0;
}
-static int cli_checkfp(int fd, const struct cl_engine *engine)
+int cli_checkfp(int fd, cli_ctx *ctx)
{
unsigned char *digest;
const char *virname;
+ off_t pos;
- if(engine->md5_fp) {
+ if((pos = lseek(fd, 0, SEEK_CUR)) == -1) {
+ cli_errmsg("cli_checkfp(): lseek() failed\n");
+ return 0;
+ }
+
+ lseek(fd, 0, SEEK_SET);
+
+ if(ctx->engine->md5_fp) {
if(!(digest = cli_md5digest(fd))) {
cli_errmsg("cli_checkfp(): Can't generate MD5 checksum\n");
+ lseek(fd, pos, SEEK_SET);
return 0;
}
- if(cli_bm_scanbuff(digest, 16, &virname, engine->md5_fp, 0, 0, -1) == CL_VIRUS) {
- cli_dbgmsg("Eliminated false positive match (fp sig: %s)\n", virname);
+ if(cli_bm_scanbuff(digest, 16, &virname, ctx->engine->md5_fp, 0, 0, -1) == CL_VIRUS) {
+ cli_dbgmsg("cli_checkfp(): Found false positive detection (fp sig: %s)\n", virname);
free(digest);
+ lseek(fd, pos, SEEK_SET);
return 1;
}
free(digest);
}
+ lseek(fd, pos, SEEK_SET);
return 0;
}
@@ -340,8 +351,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
cli_ac_freedata(&gdata);
cli_ac_freedata(&tdata);
- lseek(desc, 0, SEEK_SET);
- if(cli_checkfp(desc, ctx->engine))
+ if(cli_checkfp(desc, ctx))
return CL_CLEAN;
else
return CL_VIRUS;
@@ -357,8 +367,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
cli_ac_freedata(&gdata);
if(troot)
cli_ac_freedata(&tdata);
- lseek(desc, 0, SEEK_SET);
- if(cli_checkfp(desc, ctx->engine))
+ if(cli_checkfp(desc, ctx))
return CL_CLEAN;
else
return CL_VIRUS;
@@ -420,7 +429,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
if(ret == CL_VIRUS) {
lseek(desc, 0, SEEK_SET);
- if(cli_checkfp(desc, ctx->engine))
+ if(cli_checkfp(desc, ctx))
return CL_CLEAN;
else
return CL_VIRUS;
diff --git a/libclamav/matcher.h b/libclamav/matcher.h
index 1355d56..70d8a39 100644
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@ -131,4 +131,6 @@ int cli_validatesig(cli_file_t ftype, const char *offstr, off_t fileoff, struct
off_t cli_caloff(const char *offstr, struct cli_target_info *info, int fd, cli_file_t ftype, int *ret, unsigned int *maxshift);
+int cli_checkfp(int fd, cli_ctx *ctx);
+
#endif
diff --git a/libclamav/pe.c b/libclamav/pe.c
index e140eb5..60d6b45 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -472,7 +472,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -608,7 +608,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
if(nsections)
cli_warnmsg("PE file contains %d sections\n", nsections);
@@ -628,7 +628,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -638,7 +638,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -651,7 +651,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -667,7 +667,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
cli_dbgmsg("9x compatibility mode\n");
}
@@ -709,7 +709,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -790,14 +790,14 @@ int cli_scanpe(int desc, cli_ctx *ctx)
cli_dbgmsg("Bad virtual alignemnt\n");
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
if (DETECT_BROKEN && !native && (!(pe_plus?EC32(optional_hdr64.FileAlignment):EC32(optional_hdr32.FileAlignment)) || (pe_plus?EC32(optional_hdr64.FileAlignment):EC32(optional_hdr32.FileAlignment))%0x200)) {
cli_dbgmsg("Bad file alignemnt\n");
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
if(fstat(desc, &sb) == -1) {
@@ -833,7 +833,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -902,7 +902,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
*ctx->virname = "Broken.Executable";
free(section_hdr);
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
if (exe_sections[i].rsz) { /* Don't bother with virtual only sections */
@@ -913,7 +913,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN; /* no ninjas to see here! move along! */
}
@@ -928,16 +928,11 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(md5_sect->soff[j] == exe_sections[i].rsz) {
unsigned char md5_dig[16];
if(cli_md5sect(desc, &exe_sections[i], md5_dig) && cli_bm_scanbuff(md5_dig, 16, ctx->virname, ctx->engine->md5_mdb, 0, 0, -1) == CL_VIRUS) {
- /* Since .mdb sigs are not fp-prone, to save
- * performance we don't call cli_checkfp() here,
- * just give the possibility of whitelisting
- * idividual .mdb entries via daily.fp
- */
if(cli_bm_scanbuff(md5_dig, 16, NULL, ctx->engine->md5_fp, 0, 0, -1) != CL_VIRUS) {
free(section_hdr);
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
}
break;
@@ -953,7 +948,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -965,7 +960,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
*ctx->virname = "Broken.Executable";
free(section_hdr);
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
min = exe_sections[i].rva;
max = exe_sections[i].rva + exe_sections[i].rsz;
@@ -976,7 +971,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
*ctx->virname = "Broken.Executable";
free(section_hdr);
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
if(exe_sections[i].rva < min)
min = exe_sections[i].rva;
@@ -994,7 +989,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(DETECT_BROKEN) {
if(ctx->virname)
*ctx->virname = "Broken.Executable";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
}
@@ -1031,7 +1026,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if((((uint32_t)cli_readint32(pt) ^ (uint32_t)cli_readint32(pt + 4)) == 0x505a4f) && (((uint32_t)cli_readint32(pt + 8) ^ (uint32_t)cli_readint32(pt + 12)) == 0xffffb) && (((uint32_t)cli_readint32(pt + 16) ^ (uint32_t)cli_readint32(pt + 20)) == 0xb8)) {
*ctx->virname = "W32.Parite.B";
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
}
}
@@ -1114,7 +1109,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if (op==kzdsize+0x48 && *kzcode==0x75 && kzlen-(int8_t)kzcode[1]-3<=kzinitlen && kzlen-(int8_t)kzcode[1]>=kzxorlen) {
*ctx->virname = "W32.Kriz";
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
cli_dbgmsg("kriz: loop out of bounds, corrupted sample?\n");
kzstate++;
@@ -1141,7 +1136,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(cli_memstr(buff, 4091, "\xe8\x2c\x61\x00\x00", 5)) {
*ctx->virname = dam ? "W32.Magistr.A.dam" : "W32.Magistr.A";
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
}
@@ -1153,7 +1148,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
if(cli_memstr(buff, 4091, "\xe8\x04\x72\x00\x00", 5)) {
*ctx->virname = dam ? "W32.Magistr.B.dam" : "W32.Magistr.B";
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
}
}
@@ -1211,7 +1206,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
*ctx->virname = "W32.Polipos.A";
free(jumps);
free(exe_sections);
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
}
free(jumps);
@@ -1236,6 +1231,8 @@ int cli_scanpe(int desc, cli_ctx *ctx)
}
if (ret != CL_CLEAN) {
free(exe_sections);
+ if(ret == CL_VIRUS)
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
return ret;
}
}
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index 164af75..0d17870 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -245,7 +245,7 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx
if(mdata) {
*ctx->virname = mdata->virname;
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
if(DETECT_ENCRYPTED && metadata->encrypted) {
@@ -1336,13 +1336,15 @@ static int cli_scanscrenc(int desc, cli_ctx *ctx)
return ret;
}
-static int cli_scanriff(int desc, const char **virname)
+static int cli_scanriff(int desc, cli_ctx *ctx)
{
int ret = CL_CLEAN;
if(cli_check_riff_exploit(desc) == 2) {
- ret = CL_VIRUS;
- *virname = "Exploit.W32.MS05-002";
+ if(!cli_checkfp(desc, ctx)) {
+ ret = CL_VIRUS;
+ *ctx->virname = "Exploit.W32.MS05-002";
+ }
}
return ret;
@@ -1353,8 +1355,10 @@ static int cli_scanjpeg(int desc, cli_ctx *ctx)
int ret = CL_CLEAN;
if(cli_check_jpeg_exploit(desc, ctx) == 1) {
- ret = CL_VIRUS;
- *ctx->virname = "Exploit.W32.MS04-028";
+ if(!cli_checkfp(desc, ctx)) {
+ ret = CL_VIRUS;
+ *ctx->virname = "Exploit.W32.MS04-028";
+ }
}
return ret;
@@ -1614,13 +1618,13 @@ static int cli_scan_structured(int desc, cli_ctx *ctx)
if(cc_count != 0 && cc_count >= ctx->engine->min_cc_count) {
cli_dbgmsg("cli_scan_structured: %u credit card numbers detected\n", cc_count);
*ctx->virname = "Structured.CreditCardNumber";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
if(ssn_count != 0 && ssn_count >= ctx->engine->min_ssn_count) {
cli_dbgmsg("cli_scan_structured: %u social security numbers detected\n", ssn_count);
*ctx->virname = "Structured.SSN";
- return CL_VIRUS;
+ return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
}
return CL_CLEAN;
@@ -2025,7 +2029,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
case CL_TYPE_RIFF:
if(SCAN_ALGO && (DCONF_OTHER & OTHER_CONF_RIFF))
- ret = cli_scanriff(desc, ctx->virname);
+ ret = cli_scanriff(desc, ctx);
break;
case CL_TYPE_GRAPHICS:
@@ -2055,7 +2059,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
case CL_TYPE_BINARY_DATA:
if(SCAN_ALGO && (DCONF_OTHER & OTHER_CONF_MYDOOMLOG))
- ret = cli_check_mydoom_log(desc, ctx->virname);
+ ret = cli_check_mydoom_log(desc, ctx);
break;
case CL_TYPE_TEXT_ASCII:
diff --git a/libclamav/special.c b/libclamav/special.c
index 232d1a9..7241f2a 100644
--- a/libclamav/special.c
+++ b/libclamav/special.c
@@ -39,6 +39,7 @@
#include "others.h"
#include "cltypes.h"
#include "special.h"
+#include "matcher.h"
/* NOTE: Photoshop stores data in BIG ENDIAN format, this is the opposite
to virtually everything else */
@@ -46,7 +47,7 @@
#define special_endian_convert_16(v) be16_to_host(v)
#define special_endian_convert_32(v) be32_to_host(v)
-int cli_check_mydoom_log(int desc, const char **virname)
+int cli_check_mydoom_log(int desc, cli_ctx *ctx)
{
int32_t record[8], check;
int i, retval=CL_VIRUS, j;
@@ -78,8 +79,9 @@ int cli_check_mydoom_log(int desc, const char **virname)
if (j < 2) {
retval = CL_CLEAN;
} else if (retval==CL_VIRUS) {
- if(virname)
- *virname = "Worm.Mydoom.M.log";
+ if(cli_checkfp(desc, ctx))
+ return CL_CLEAN;
+ *ctx->virname = "Worm.Mydoom.M.log";
}
return retval;
diff --git a/libclamav/special.h b/libclamav/special.h
index 55d8a51..41b9644 100644
--- a/libclamav/special.h
+++ b/libclamav/special.h
@@ -33,7 +33,7 @@ struct swizz_stats {
int entries;
};
-int cli_check_mydoom_log(int desc, const char **virname);
+int cli_check_mydoom_log(int desc, cli_ctx *ctx);
int cli_check_jpeg_exploit(int fd, cli_ctx *ctx);
int cli_check_riff_exploit(int fd);
void cli_detect_swizz_str(const unsigned char *str, uint32_t len, struct swizz_stats *stats, int blob);
diff --git a/libclamav/unzip.c b/libclamav/unzip.c
index 162f0ac..aec537c 100644
--- a/libclamav/unzip.c
+++ b/libclamav/unzip.c
@@ -317,7 +317,7 @@ static int unz(uint8_t *src, uint32_t csize, uint32_t usize, uint16_t method, ui
return ret;
}
-static unsigned int lhdr(uint8_t *zip, uint32_t zsize, unsigned int *fu, unsigned int fc, uint8_t *ch, int *ret, cli_ctx *ctx, char *tmpd) {
+static unsigned int lhdr(uint8_t *zip, uint32_t zsize, unsigned int *fu, unsigned int fc, uint8_t *ch, int *ret, cli_ctx *ctx, char *tmpd, int fd) {
uint8_t *lh = zip;
char name[256];
uint32_t csize, usize;
@@ -364,8 +364,12 @@ static unsigned int lhdr(uint8_t *zip, uint32_t zsize, unsigned int *fu, unsigne
)
) meta = meta->next;
if(meta) {
- *ctx->virname = meta->virname;
- *ret = CL_VIRUS;
+ if(!cli_checkfp(fd, ctx)) {
+ *ctx->virname = meta->virname;
+ *ret = CL_VIRUS;
+ } else
+ *ret = CL_CLEAN;
+
return 0;
}
@@ -427,7 +431,7 @@ static unsigned int lhdr(uint8_t *zip, uint32_t zsize, unsigned int *fu, unsigne
}
-static unsigned int chdr(uint8_t *zip, uint32_t coff, uint32_t zsize, unsigned int *fu, unsigned int fc, int *ret, cli_ctx *ctx, char *tmpd) {
+static unsigned int chdr(uint8_t *zip, uint32_t coff, uint32_t zsize, unsigned int *fu, unsigned int fc, int *ret, cli_ctx *ctx, char *tmpd, int fd) {
uint8_t *ch = &zip[coff];
char name[256];
int last = 0;
@@ -465,7 +469,7 @@ static unsigned int chdr(uint8_t *zip, uint32_t coff, uint32_t zsize, unsigned i
coff+=CH_clen;
if(CH_off<zsize-SIZEOF_LH) {
- lhdr(&zip[CH_off], zsize-CH_off, fu, fc, ch, ret, ctx, tmpd);
+ lhdr(&zip[CH_off], zsize-CH_off, fu, fc, ch, ret, ctx, tmpd, fd);
} else cli_dbgmsg("cli_unzip: ch - local hdr out of file\n");
return last?0:coff;
}
@@ -535,7 +539,7 @@ int cli_unzip(int f, cli_ctx *ctx) {
if(coff) {
cli_dbgmsg("cli_unzip: central @%x\n", coff);
- while(ret==CL_CLEAN && (coff=chdr(map, coff, fsize, &fu, fc+1, &ret, ctx, tmpd))) {
+ while(ret==CL_CLEAN && (coff=chdr(map, coff, fsize, &fu, fc+1, &ret, ctx, tmpd, f))) {
fc++;
if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) {
cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->engine->maxfiles);
@@ -545,7 +549,7 @@ int cli_unzip(int f, cli_ctx *ctx) {
} else cli_dbgmsg("cli_unzip: central not found, using localhdrs\n");
if(fu<=(fc/4)) { /* FIXME: make up a sane ratio or remove the whole logic */
fc = 0;
- while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(&map[lhoff], fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd))) {
+ while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(&map[lhoff], fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd, f))) {
fc++;
lhoff+=coff;
if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) {
@@ -602,7 +606,7 @@ int cli_unzip_single(int f, cli_ctx *ctx, off_t lhoffl) {
return CL_EREAD;
}
#endif
- lhdr(&map[lhoffl], fsize, &fu, 0, NULL, &ret, ctx, NULL);
+ lhdr(&map[lhoffl], fsize, &fu, 0, NULL, &ret, ctx, NULL, f);
destroy_map(map, st.st_size);
return ret;
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list