[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
aCaB
acab at clamav.net
Sun Apr 4 00:58:08 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 7ebede9b3c04bf78404da6d09ef64c989942e34b
Author: aCaB <acab at clamav.net>
Date: Mon Jul 13 02:37:16 2009 +0200
ishield-msi complete
diff --git a/libclamav/Makefile.am b/libclamav/Makefile.am
index 492089e..b57af8a 100644
--- a/libclamav/Makefile.am
+++ b/libclamav/Makefile.am
@@ -294,7 +294,9 @@ libclamav_la_SOURCES = \
cpio.c \
cpio.h \
macho.c \
- macho.h
+ macho.h \
+ ishield.c \
+ ishield.h
if !LINK_TOMMATH
libclamav_la_SOURCES += bignum.c \
diff --git a/libclamav/Makefile.in b/libclamav/Makefile.in
index 6c8ed86..6ce5710 100644
--- a/libclamav/Makefile.in
+++ b/libclamav/Makefile.in
@@ -122,7 +122,8 @@ am__libclamav_la_SOURCES_DIST = clamav.h matcher-ac.c matcher-ac.h \
jsparse/lexglobal.h jsparse/textbuf.h uniq.c uniq.h version.c \
version.h mpool.c mpool.h default.h sha256.c sha256.h bignum.h \
bytecode.c bytecode.h bytecode_vm.c bytecode_priv.h clambc.h \
- cpio.c cpio.h macho.c macho.h bignum.c bignum_class.h
+ cpio.c cpio.h macho.c macho.h ishield.c ishield.h bignum.c \
+ bignum_class.h
@LINK_TOMMATH_FALSE at am__objects_1 = libclamav_la-bignum.lo
am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \
libclamav_la-matcher-bm.lo libclamav_la-matcher.lo \
@@ -161,7 +162,7 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \
libclamav_la-version.lo libclamav_la-mpool.lo \
libclamav_la-sha256.lo libclamav_la-bytecode.lo \
libclamav_la-bytecode_vm.lo libclamav_la-cpio.lo \
- libclamav_la-macho.lo $(am__objects_1)
+ libclamav_la-macho.lo libclamav_la-ishield.lo $(am__objects_1)
libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)
libclamav_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libclamav_la_CFLAGS) \
@@ -533,7 +534,7 @@ libclamav_la_SOURCES = clamav.h matcher-ac.c matcher-ac.h matcher-bm.c \
uniq.h version.c version.h mpool.c mpool.h default.h sha256.c \
sha256.h bignum.h bytecode.c bytecode.h bytecode_vm.c \
bytecode_priv.h clambc.h cpio.c cpio.h macho.c macho.h \
- $(am__append_7)
+ ishield.c ishield.h $(am__append_7)
noinst_LTLIBRARIES = libclamav_internal_utils.la libclamav_internal_utils_nothreads.la
COMMON_CLEANFILES = version.h version.h.tmp *.gcda *.gcno lzma/*.gcda lzma/*.gcno
@MAINTAINER_MODE_TRUE at BUILT_SOURCES = jsparse/generated/operators.h jsparse/generated/keywords.h jsparse-keywords.gperf
@@ -669,6 +670,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-infblock.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-inflate64.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-is_tar.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-ishield.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-js-norm.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-line.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-lzma_iface.Plo at am__quote@
@@ -1275,6 +1277,13 @@ libclamav_la-macho.lo: macho.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-macho.lo `test -f 'macho.c' || echo '$(srcdir)/'`macho.c
+libclamav_la-ishield.lo: ishield.c
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-ishield.lo -MD -MP -MF $(DEPDIR)/libclamav_la-ishield.Tpo -c -o libclamav_la-ishield.lo `test -f 'ishield.c' || echo '$(srcdir)/'`ishield.c
+ at am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libclamav_la-ishield.Tpo $(DEPDIR)/libclamav_la-ishield.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ishield.c' object='libclamav_la-ishield.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-ishield.lo `test -f 'ishield.c' || echo '$(srcdir)/'`ishield.c
+
libclamav_la-bignum.lo: bignum.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-bignum.lo -MD -MP -MF $(DEPDIR)/libclamav_la-bignum.Tpo -c -o libclamav_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libclamav_la-bignum.Tpo $(DEPDIR)/libclamav_la-bignum.Plo
diff --git a/libclamav/filetypes_int.h b/libclamav/filetypes_int.h
index 6477dc6..8636b69 100644
--- a/libclamav/filetypes_int.h
+++ b/libclamav/filetypes_int.h
@@ -148,7 +148,7 @@ static const char *ftypes_int[] = {
"0:0:cffaedfe:Mach-O LE 64-bit:CL_TYPE_ANY:CL_TYPE_MACHO:45",
"0:0:feedface:Mach-O BE:CL_TYPE_ANY:CL_TYPE_MACHO:45",
"0:0:feedfacf:Mach-O BE 64-bit:CL_TYPE_ANY:CL_TYPE_MACHO:45",
- "1:*:496e7374616c6c536869656c6400{292}06000000:ISHIELD-MSI:CL_TYPE_ANY:CL_TYPE_ISHIELD_MSI:45",
+ "1:*:496e7374616c6c536869656c6400{292}0600000000000000{8}0000000001:ISHIELD-MSI:CL_TYPE_ANY:CL_TYPE_ISHIELD_MSI:45",
NULL
};
diff --git a/libclamav/ishield.c b/libclamav/ishield.c
new file mode 100644
index 0000000..1568a5a
--- /dev/null
+++ b/libclamav/ishield.c
@@ -0,0 +1,129 @@
+#if HAVE_CONFIG_H
+#include "clamav-config.h"
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+#include <zlib.h>
+
+#include "scanners.h"
+#include "cltypes.h"
+#include "others.h"
+#include "ishield.h"
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+static const uint8_t skey[] = { 0xec, 0xca, 0x79, 0xf8 }; /* ~0x13, ~0x35, ~0x86, ~0x07 */
+
+int cli_scanishield_msi(int desc, cli_ctx *ctx, off_t off) {
+ uint8_t buf[BUFSIZ];
+ unsigned int fcount;
+ int ret;
+
+ cli_dbgmsg("in ishield-msi\n");
+ lseek(desc, off, SEEK_SET);
+ if(cli_readn(desc, buf, 0x20) != 0x20) {
+ cli_dbgmsg("ishield-msi: short read for header\n");
+ return CL_CLEAN;
+ }
+ if(!(fcount = cli_readint32(buf))) {
+ cli_dbgmsg("ishield-msi: no files?\n");
+ return CL_CLEAN;
+ }
+ while(fcount--) {
+ struct {
+ char fname[0x104]; /* MAX_PATH */
+ uint32_t unk1; /* 6 */
+ uint32_t unk2;
+ uint64_t csize;
+ uint32_t unk3;
+ uint32_t unk4; /* 1 */
+ uint32_t unk5;
+ uint32_t unk6;
+ uint32_t unk7;
+ uint32_t unk8;
+ uint32_t unk9;
+ uint32_t unk10;
+ uint32_t unk11;
+ } __attribute__((packed)) fb;
+ uint8_t obuf[BUFSIZ], *key = (uint8_t *)&fb.fname;
+ char *tempfile;
+ unsigned int i, lameidx=0, keylen;
+ int ofd;
+ uint64_t csize;
+ z_stream z;
+
+ if(cli_readn(desc, &fb, sizeof(fb)) != sizeof(fb)) {
+ cli_dbgmsg("ishield-msi: short read for fileblock\n");
+ return CL_CLEAN;
+ }
+ fb.fname[sizeof(fb.fname)-1] = '\0';
+ csize = le64_to_host(fb.csize);
+ keylen = strlen((const char *)key);
+ if(!keylen) return CL_CLEAN;
+ cli_dbgmsg("ishield-msi: File %s (csize: %x, unk1:%x unk2:%x unk3:%x unk4:%x unk5:%x unk6:%x unk7:%x unk8:%x unk9:%x unk10:%x unk11:%x)\n", key, csize, fb.unk1, fb.unk2, fb.unk3, fb.unk4, fb.unk5, fb.unk6, fb.unk7, fb.unk8, fb.unk9, fb.unk10, fb.unk11);
+ if(!(tempfile = cli_gentemp(ctx->engine->tmpdir))) return CL_EMEM;
+ if((ofd = open(tempfile, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, S_IRUSR|S_IWUSR)) < 0) {
+ cli_dbgmsg("ishield-msi: failed to create file %s\n", tempfile);
+ free(tempfile);
+ return CL_ECREAT;
+ }
+
+ for(i=0; i<keylen; i++)
+ key[i] ^= skey[i & 3];
+ memset(&z, 0, sizeof(z));
+ inflateInit(&z);
+
+ while(csize) {
+ unsigned int sz = csize < sizeof(buf) ? csize : sizeof(buf);
+ z.avail_in = cli_readn(desc, buf, sz);
+ if(z.avail_in <= 0) {
+ cli_dbgmsg("ishield-msi: premature EOS or read fail\n");
+ break;
+ }
+ for(i=0; i<z.avail_in; i++, lameidx++) {
+ uint8_t c = buf[i];
+ c = (c>>4) | (c<<4);
+ c ^= key[(lameidx & 0x3ff) % keylen];
+ buf[i] = c;
+ }
+ csize -= z.avail_in;
+ z.next_in = buf;
+ do {
+ int def;
+ z.avail_out = sizeof(obuf);
+ z.next_out = obuf;
+ def = inflate(&z, 0);
+ if(def != Z_OK && def != Z_STREAM_END && def != Z_BUF_ERROR) {
+ cli_dbgmsg("ishield-msi: bad stream\n");
+ csize = 0;
+ break;
+ }
+ write(ofd, obuf, sizeof(obuf) - z.avail_out);
+ } while (!z.avail_out);
+ }
+
+ inflateEnd(&z);
+
+ cli_dbgmsg("ishield-msi: extracted to %s\n", tempfile);
+
+ lseek(ofd, 0, SEEK_SET);
+ ret = cli_magic_scandesc(ofd, ctx);
+ close(ofd);
+
+ if(!ctx->engine->keeptmp)
+ if(cli_unlink(tempfile)) ret = CL_EUNLINK;
+ free(tempfile);
+
+ if(ret != CL_CLEAN)
+ return ret;
+ }
+ return CL_CLEAN;
+}
diff --git a/libclamav/ishield.h b/libclamav/ishield.h
new file mode 100644
index 0000000..9e49e71
--- /dev/null
+++ b/libclamav/ishield.h
@@ -0,0 +1,8 @@
+#ifndef __ISHIELD_H
+#define __ISHIELD_H
+
+#include "others.h"
+
+int cli_scanishield_msi(int desc, cli_ctx *ctx, off_t off);
+
+#endif
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index 736824f..4ead9ce 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -94,6 +94,7 @@
#include "default.h"
#include "cpio.h"
#include "macho.h"
+#include "ishield.h"
#ifdef HAVE_BZLIB_H
#include <bzlib.h>
@@ -104,8 +105,6 @@
#include <stddef.h>
#endif
-static int cli_scanishield_msi(int desc, cli_ctx *ctx, off_t off) { cli_dbgmsg("in ishield-msi\n"); return CL_CLEAN; }
-
static int cli_scanfile(const char *filename, cli_ctx *ctx);
static int cli_scandir(const char *dirname, cli_ctx *ctx, cli_file_t container)
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list