[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
aCaB
acab at clamav.net
Sun Apr 4 01:10:32 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit a8d621cf808a4f843277229d6e90e2acd7852d6b
Author: aCaB <acab at clamav.net>
Date: Sun Dec 6 19:49:40 2009 +0100
test icon scan
diff --git a/libclamav/others.h b/libclamav/others.h
index e66db3f..91f8c3c 100644
--- a/libclamav/others.h
+++ b/libclamav/others.h
@@ -113,6 +113,32 @@ typedef struct {
fmap_t **fmap;
} cli_ctx;
+struct icomtr {
+ unsigned int color_avg[3];
+ unsigned int color_x[3];
+ unsigned int color_y[3];
+ unsigned int gray_avg[3];
+ unsigned int gray_x[3];
+ unsigned int gray_y[3];
+ unsigned int bright_avg[3];
+ unsigned int bright_x[3];
+ unsigned int bright_y[3];
+ unsigned int dark_avg[3];
+ unsigned int dark_x[3];
+ unsigned int dark_y[3];
+ unsigned int edge_avg[3];
+ unsigned int edge_x[3];
+ unsigned int edge_y[3];
+ unsigned int noedge_avg[3];
+ unsigned int noedge_x[3];
+ unsigned int noedge_y[3];
+ unsigned int rsum;
+ unsigned int gsum;
+ unsigned int bsum;
+ unsigned int ccount;
+ char *name;
+};
+
struct cl_engine {
uint32_t refcount; /* reference counter */
uint32_t sdb;
@@ -177,6 +203,9 @@ struct cl_engine {
/* PUA categories (to be included or excluded) */
char *pua_cats;
+ /* Icon reference storage */
+ struct icomtr *icons;
+
/* Used for memory pools */
mpool_t *mempool;
};
diff --git a/libclamav/pe_icons.c b/libclamav/pe_icons.c
index 3eccc97..1bd4cec 100644
--- a/libclamav/pe_icons.c
+++ b/libclamav/pe_icons.c
@@ -37,6 +37,29 @@
#define LABDIFF(x) labdiff2(x)
#endif
+static const struct icomtr reference = {
+ { 2923, 2746, 945 }, /* col avg */
+ { 13, 0, 17 }, /* col x */
+ { 3, 3, 15 }, /* col y */
+ { 0, 0, 0 }, /* gray avg */
+ { 22, 22, 0 }, /* gray x */
+ { 0, 8, 12 }, /* gray y */
+ { 255, 255, 251 }, /* bright avg */
+ { 0, 0, 10 }, /* bright x */
+ { 13, 21, 16 }, /* bright y */
+ { 158, 184, 205 }, /* dark avg */
+ { 17, 16, 0 }, /* dark x */
+ { 23, 4, 5 }, /* dark y */
+ { 105, 94, 73 }, /* edge avg */
+ { 15, 5, 15 }, /* edge x */
+ { 2, 2, 21 }, /* edge y */
+ { 2, 2, 13 }, /* noedge avg */
+ { 0, 0, 21 }, /* noedge x */
+ { 23, 15, 12 }, /* noedge y */
+ 99, 0, 0, 20,
+ "mario"
+};
+
struct GICONS {
unsigned int cnt;
uint32_t lastg;
@@ -717,11 +740,12 @@ static void hsv(unsigned int c, unsigned int *r, unsigned int *g, unsigned int *
*s = 255 * (*delta) / max;
}
-static void getmetrics(unsigned int width, unsigned int height, unsigned int *imagedata, struct icomtr *res) {
+static int getmetrics(unsigned int width, unsigned int height, unsigned int *imagedata, struct icomtr *res) {
unsigned int x, y, xk, yk, i, j, *tmp;
unsigned int ksize = width / 4;
- tmp = malloc(width*height*4*2);
+ if(!(tmp = cli_malloc(width*height*4*2)))
+ return CL_EMEM;
memset(res, 0, sizeof(*res));
for(i=0; i<3; i++) {
@@ -731,8 +755,8 @@ static void getmetrics(unsigned int width, unsigned int height, unsigned int *im
/* compute colored, gray, bright and dark areas, color presence */
- for(y=0; y<height - ksize; y++) {
- for(x=0; x<width - ksize; x++) {
+ for(y=0; y<=height - ksize; y++) {
+ for(x=0; x<=width - ksize; x++) {
unsigned int colsum = 0, lightsum = 0;
unsigned int r, g, b, s, v, delta;
@@ -870,7 +894,8 @@ static void getmetrics(unsigned int width, unsigned int height, unsigned int *im
res->rsum /= res->ccount;
res->gsum /= res->ccount;
res->bsum /= res->ccount;
- res->ccount /= width * height / 100;
+ cli_errmsg("res count = %u, width * height = %u\n", res->ccount, width * height);
+ res->ccount = res->ccount * 100 / width / height;
}
cli_dbgmsg("color areas: %u@(%u,%u) %u@(%u,%u) %u@(%u,%u)\n", res->color_avg[0], res->color_x[0], res->color_y[0], res->color_avg[1], res->color_x[1], res->color_y[1], res->color_avg[2], res->color_x[2], res->color_y[2]);
@@ -884,7 +909,11 @@ static void getmetrics(unsigned int width, unsigned int height, unsigned int *im
/* Sobel 1 - gradients */
i = 0;
#ifdef USE_FLOATS
- double *sobel = malloc(width * height * sizeof(double));
+ double *sobel = cli_malloc(width * height * sizeof(double));
+ if(!sobel) {
+ free(tmp);
+ return CL_EMEM;
+ }
#else
unsigned int *sobel = imagedata;
#endif
@@ -984,8 +1013,8 @@ static void getmetrics(unsigned int width, unsigned int height, unsigned int *im
res->noedge_avg[i] = 0xffffffff;
/* calculate edges */
- for(y=0; y<height - ksize; y++) {
- for(x=0; x<width-1 - ksize; x++) {
+ for(y=0; y<=height - ksize; y++) {
+ for(x=0; x<=width-1 - ksize; x++) {
unsigned int sum = 0;
if(x==0 && y==0) { /* 1st windows */
@@ -1052,6 +1081,8 @@ static void getmetrics(unsigned int width, unsigned int height, unsigned int *im
cli_dbgmsg("edge areas: %u@(%u,%u) %u@(%u,%u) %u@(%u,%u)\n", res->edge_avg[0], res->edge_x[0], res->edge_y[0], res->edge_avg[1], res->edge_x[1], res->edge_y[1], res->edge_avg[2], res->edge_x[2], res->edge_y[2]);
cli_dbgmsg("noedge areas: %u@(%u,%u) %u@(%u,%u) %u@(%u,%u)\n", res->noedge_avg[0], res->noedge_x[0], res->noedge_y[0], res->noedge_avg[1], res->noedge_x[1], res->noedge_y[1], res->noedge_avg[2], res->noedge_x[2], res->noedge_y[2]);
+
+ return CL_CLEAN;
}
@@ -1101,6 +1132,8 @@ static int parseicon(uint32_t rva, cli_ctx *ctx, struct cli_exe_section *exe_sec
width = EC32(bmphdr.w);
height = EC32(bmphdr.h) / 2;
+ if(width > 256 || height > 256)
+ return CL_SUCCESS;
depth = EC32(bmphdr.depth);
cli_dbgmsg("Bitmap - %ux%ux%u\n", width, height, depth);
@@ -1275,25 +1308,25 @@ static int parseicon(uint32_t rva, cli_ctx *ctx, struct cli_exe_section *exe_sec
getmetrics(width, height, imagedata, &metrics);
{
-#define ref metrics
- unsigned int color = matchpoint(width, height, metrics.color_x, metrics.color_y, metrics.color_avg, ref.color_x, ref.color_y, ref.color_avg, 4072);
- unsigned int gray = matchpoint(width, height, metrics.gray_x, metrics.gray_y, metrics.gray_avg, ref.gray_x, ref.gray_y, ref.gray_avg, 4072);
- unsigned int bright = matchpoint(width, height, metrics.bright_x, metrics.bright_y, metrics.bright_avg, ref.bright_x, ref.bright_y, ref.bright_avg, 255);
- unsigned int dark = matchpoint(width, height, metrics.dark_x, metrics.dark_y, metrics.dark_avg, ref.dark_x, ref.dark_y, ref.dark_avg, 255);
- unsigned int edge = matchpoint(width, height, metrics.edge_x, metrics.edge_y, metrics.edge_avg, ref.edge_x, ref.edge_y, ref.edge_avg, 255);
- unsigned int noedge = matchpoint(width, height, metrics.noedge_x, metrics.noedge_y, metrics.noedge_avg, ref.noedge_x, ref.noedge_y, ref.noedge_avg, 255);
- unsigned int reds = abs((int)metrics.rsum - (int)ref.rsum) * 10;
+ unsigned int color = matchpoint(width, height, metrics.color_x, metrics.color_y, metrics.color_avg, reference.color_x, reference.color_y, reference.color_avg, 4072);
+ unsigned int gray = matchpoint(width, height, metrics.gray_x, metrics.gray_y, metrics.gray_avg, reference.gray_x, reference.gray_y, reference.gray_avg, 4072);
+ unsigned int bright = matchpoint(width, height, metrics.bright_x, metrics.bright_y, metrics.bright_avg, reference.bright_x, reference.bright_y, reference.bright_avg, 255);
+ unsigned int dark = matchpoint(width, height, metrics.dark_x, metrics.dark_y, metrics.dark_avg, reference.dark_x, reference.dark_y, reference.dark_avg, 255);
+ unsigned int edge = matchpoint(width, height, metrics.edge_x, metrics.edge_y, metrics.edge_avg, reference.edge_x, reference.edge_y, reference.edge_avg, 255);
+ unsigned int noedge = matchpoint(width, height, metrics.noedge_x, metrics.noedge_y, metrics.noedge_avg, reference.noedge_x, reference.noedge_y, reference.noedge_avg, 255);
+ unsigned int reds = abs((int)metrics.rsum - (int)reference.rsum) * 10;
reds = (reds < 100) * (100 - reds);
- unsigned int greens = abs((int)metrics.gsum - (int)ref.gsum) * 10;
+ unsigned int greens = abs((int)metrics.gsum - (int)reference.gsum) * 10;
greens = (greens < 100) * (100 - greens);
- unsigned int blues = abs((int)metrics.bsum - (int)ref.bsum) * 10;
+ unsigned int blues = abs((int)metrics.bsum - (int)reference.bsum) * 10;
blues = (blues < 100) * (100 - blues);
- unsigned int ccount = abs((int)metrics.ccount - (int)ref.ccount) * 10;
+ unsigned int ccount = abs((int)metrics.ccount - (int)reference.ccount) * 10;
ccount = (ccount < 100) * (100 - ccount);
unsigned int colors = (reds + greens + blues + ccount) / 4;
unsigned int used = 6;
+ unsigned int confidence;
- if(!metrics.ccount && !ref.ccount) {
+ if(!metrics.ccount && !reference.ccount) {
colors = 0;
used--;
}
@@ -1306,7 +1339,14 @@ static int parseicon(uint32_t rva, cli_ctx *ctx, struct cli_exe_section *exe_sec
cli_warnmsg("noedge confidence: %u%%\n", noedge);
cli_warnmsg("spread confidence: red %u%%, green %u%%, blue %u%% - colors %u%%\n", reds, greens, blues, ccount);
- cli_warnmsg("confidence: %u\n", (color + gray*2/3 + bright*2/3 + dark + edge + noedge*2/3 + colors) / used);
+ confidence = (color + gray*2/3 + bright*2/3 + dark + edge + noedge*2/3 + colors) / used;
+ cli_warnmsg("confidence: %u\n", confidence);
+ if(confidence > 60) {
+ if(ctx->virname)
+ *ctx->virname = "PDF.ICON";
+ return CL_VIRUS;
+ }
+
/* CURRENTLY >=60% IS A MATCH */
}
diff --git a/libclamav/pe_icons.h b/libclamav/pe_icons.h
index 6303ec2..feadf50 100644
--- a/libclamav/pe_icons.h
+++ b/libclamav/pe_icons.h
@@ -22,31 +22,6 @@
#define __PE_ICONS_H
#include "pe.h"
-struct icomtr {
- unsigned int color_avg[3];
- unsigned int color_x[3];
- unsigned int color_y[3];
- unsigned int gray_avg[3];
- unsigned int gray_x[3];
- unsigned int gray_y[3];
- unsigned int bright_avg[3];
- unsigned int bright_x[3];
- unsigned int bright_y[3];
- unsigned int dark_avg[3];
- unsigned int dark_x[3];
- unsigned int dark_y[3];
- unsigned int edge_avg[3];
- unsigned int edge_x[3];
- unsigned int edge_y[3];
- unsigned int noedge_avg[3];
- unsigned int noedge_x[3];
- unsigned int noedge_y[3];
- unsigned int rsum;
- unsigned int gsum;
- unsigned int bsum;
- unsigned int ccount;
-};
-
int scanicon(uint32_t resdir_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size);
#endif
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 37194a8..9c6e238 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -521,6 +521,53 @@ static int cli_loaddb(FILE *fs, struct cl_engine *engine, unsigned int *signo, u
return CL_SUCCESS;
}
+#define ICO_TOKENS 9
+/* static int cli_loadico(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int mode, unsigned int options, struct cli_dbio *dbio, const char *dbname) */
+/* { */
+/* const char *tokens[ICO_TOKENS + 1]; */
+/* char buffer[FILEBUFF], *buffer_cpy; */
+/* const char *pt; */
+/* int ret = CL_SUCCESS; */
+/* unsigned int size_field = 1, md5_field = 0, line = 0, sigs = 0, tokens_count; */
+
+
+/* if(engine->ignored) */
+/* if(!(buffer_cpy = cli_malloc(FILEBUFF))) */
+/* return CL_EMEM; */
+
+/* while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) { */
+/* line++; */
+/* cli_chomp(buffer); */
+/* if(engine->ignored) */
+/* strcpy(buffer_cpy, buffer); */
+
+/* tokens_count = cli_strtokenize(buffer, ':', ICO_TOKENS + 1, tokens); */
+/* if(tokens_count != ICO_TOKENS) { */
+/* ret = CL_EMALFDB; */
+/* break; */
+/* } */
+
+/* sigs++; */
+/* } */
+/* if(engine->ignored) */
+/* free(buffer_cpy); */
+
+/* if(!line) { */
+/* cli_errmsg("cli_loadmd5: Empty database file\n"); */
+/* return CL_EMALFDB; */
+/* } */
+
+/* if(ret) { */
+/* cli_errmsg("cli_loadmd5: Problem parsing database at line %u\n", line); */
+/* return ret; */
+/* } */
+
+/* if(signo) */
+/* *signo += sigs; */
+
+/* return CL_SUCCESS; */
+/* } */
+
static int cli_loadwdb(FILE *fs, struct cl_engine *engine, unsigned int options, struct cli_dbio *dbio)
{
int ret = 0;
@@ -1656,6 +1703,9 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
} else if(cli_strbcasestr(dbname, ".ign") || cli_strbcasestr(dbname, ".ign2")) {
ret = cli_loadign(fs, engine, options, dbio);
+ /* } else if(cli_strbcasestr(dbname, ".idb")) { */
+ /* ret = cli_loadico(fs, engine, options, dbio); */
+
} else {
cli_dbgmsg("cli_load: unknown extension - assuming old database format\n");
ret = cli_loaddb(fs, engine, signo, options, dbio, dbname);
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list