[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
aCaB
acab at clamav.net
Sun Apr 4 01:13:50 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit d645bfd770cb6756d36c5f4a8e531d40d7ecbb3f
Merge: 761c97e53758396d896e368a4ab294047ae50a76 1e7afd202bc877f016b532e52e62a78b8c4787e7
Author: aCaB <acab at clamav.net>
Date: Tue Jan 5 02:08:20 2010 +0100
Merge branch 'versioninfo'
diff --combined libclamav/matcher.c
index 32765ea,84bcbed..0173df8
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@@ -180,6 -180,9 +180,9 @@@ int cli_caloff(const char *offstr, stru
return CL_EMALFDB;
}
offdata[1] = atoi(&offcpy[4]);
+ } else if(!strncmp(offcpy, "VI", 2)) {
+ /* versioninfo */
+ offdata[0] = CLI_OFF_VERSION;
} else {
offdata[0] = CLI_OFF_ABSOLUTE;
if(!cli_isnumber(offcpy)) {
@@@ -256,7 -259,9 +259,9 @@@
else
*offset_min = info->exeinfo.section[offdata[3]].raw + offdata[1];
break;
-
+ case CLI_OFF_VERSION:
+ *offset_min = *offset_max = CLI_OFF_ANY;
+ break;
default:
cli_errmsg("cli_caloff: Not a relative offset (type: %u)\n", offdata[0]);
return CL_EARG;
@@@ -360,8 -365,6 +365,8 @@@ int cli_fmap_scandesc(cli_ctx *ctx, cli
unsigned char digest[16];
struct cli_matcher *groot = NULL, *troot = NULL;
fmap_t *map = *ctx->fmap;
+ int (*einfo)(fmap_t *, struct cli_exe_info *) = NULL;
+ struct cli_exe_info exeinfo;
if(!ctx->engine) {
cli_errmsg("cli_scandesc: engine == NULL\n");
@@@ -462,65 -465,53 +467,65 @@@
offset += bytes - maxpatlen;
}
+#define LSIGEVAL(xroot, xdata) \
+ for(i = 0; i < xroot->ac_lsigs; i++) { \
+ evalcnt = 0; \
+ evalids = 0; \
+ if(cli_ac_chklsig(xroot->ac_lsigtable[i]->logic, xroot->ac_lsigtable[i]->logic + strlen(xroot->ac_lsigtable[i]->logic), xdata.lsigcnt[i], &evalcnt, &evalids, 0) == 1) { \
+ if(xroot->ac_lsigtable[i]->tdb.filesize && (xroot->ac_lsigtable[i]->tdb.filesize[0] > map->len || xroot->ac_lsigtable[i]->tdb.filesize[1] < map->len)) \
+ continue; \
+ \
+ if(xroot->ac_lsigtable[i]->tdb.ep || xroot->ac_lsigtable[i]->tdb.nos) { \
+ einfo = NULL; \
+ if(xroot->type == 1) \
+ einfo = cli_peheader; \
+ else if(xroot->type == 6) \
+ einfo = cli_elfheader; \
+ else if(xroot->type == 9) \
+ einfo = cli_machoheader; \
+ if(!einfo) \
+ continue; \
+ memset(&exeinfo, 0, sizeof(exeinfo)); \
+ if(einfo(map, &exeinfo)) \
+ continue; \
+ if(exeinfo.section) \
+ free(exeinfo.section); \
+ if(xroot->ac_lsigtable[i]->tdb.ep && (xroot->ac_lsigtable[i]->tdb.ep[0] > exeinfo.ep || xroot->ac_lsigtable[i]->tdb.ep[1] < exeinfo.ep)) \
+ continue; \
+ if(xroot->ac_lsigtable[i]->tdb.nos && (xroot->ac_lsigtable[i]->tdb.nos[0] > exeinfo.nsections || xroot->ac_lsigtable[i]->tdb.nos[1] < exeinfo.nsections)) \
+ continue; \
+ } \
+ if(xroot->ac_lsigtable[i]->tdb.icongrp1 || xroot->ac_lsigtable[i]->tdb.icongrp2) { \
+ if(matchicon(ctx, xroot->ac_lsigtable[i]->tdb.icongrp1, xroot->ac_lsigtable[i]->tdb.icongrp2) == CL_VIRUS) { \
+ ret = CL_VIRUS; \
+ break; \
+ } else { \
+ continue; \
+ } \
+ } \
+ if(!xroot->ac_lsigtable[i]->bc) { \
+ if(ctx->virname) \
+ *ctx->virname = xroot->ac_lsigtable[i]->virname; \
+ ret = CL_VIRUS; \
+ break; \
+ } \
+ if(cli_bytecode_runlsig(&ctx->engine->bcs, xroot->ac_lsigtable[i]->bc, ctx->virname, xdata.lsigcnt[i], map) == CL_VIRUS) { \
+ ret = CL_VIRUS; \
+ break; \
+ } \
+ } \
+ }
+
if(troot) {
- for(i = 0; i < troot->ac_lsigs; i++) {
- evalcnt = 0;
- evalids = 0;
- if(cli_ac_chklsig(troot->ac_lsigtable[i]->logic, troot->ac_lsigtable[i]->logic + strlen(troot->ac_lsigtable[i]->logic), tdata.lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
- if(troot->ac_lsigtable[i]->tdb.icongrp1 || troot->ac_lsigtable[i]->tdb.icongrp2) {
- if(matchicon(ctx, troot->ac_lsigtable[i]->tdb.icongrp1, troot->ac_lsigtable[i]->tdb.icongrp2) == CL_VIRUS) {
- ret = CL_VIRUS;
- break;
- } else {
- continue;
- }
- }
- if (!troot->ac_lsigtable[i]->bc) {
- if(ctx->virname)
- *ctx->virname = troot->ac_lsigtable[i]->virname;
- ret = CL_VIRUS;
- break;
- }
- if (cli_bytecode_runlsig(&ctx->engine->bcs, troot->ac_lsigtable[i]->bc, ctx->virname, tdata.lsigcnt[i], map) == CL_VIRUS) {
- ret = CL_VIRUS;
- break;
- }
- }
- }
+ LSIGEVAL(troot, tdata);
cli_ac_freedata(&tdata);
if(bm_offmode)
cli_bm_freeoff(&toff);
}
if(groot) {
- if(ret != CL_VIRUS) for(i = 0; i < groot->ac_lsigs; i++) {
- evalcnt = 0;
- evalids = 0;
- if(cli_ac_chklsig(groot->ac_lsigtable[i]->logic, groot->ac_lsigtable[i]->logic + strlen(groot->ac_lsigtable[i]->logic), gdata.lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
- if (!groot->ac_lsigtable[i]->bc) {
- if(ctx->virname)
- *ctx->virname = groot->ac_lsigtable[i]->virname;
- ret = CL_VIRUS;
- break;
- }
- if (cli_bytecode_runlsig(&ctx->engine->bcs, groot->ac_lsigtable[i]->bc, ctx->virname, gdata.lsigcnt[i], map) == CL_VIRUS) {
- ret = CL_VIRUS;
- break;
- }
- }
- }
+ if(ret != CL_VIRUS)
+ LSIGEVAL(groot, gdata);
cli_ac_freedata(&gdata);
}
diff --combined libclamav/matcher.h
index 8f6315a,d3b30f3..9a7f466
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@@ -53,7 -53,7 +53,7 @@@ struct cli_lsig_tdb
uint32_t cnt[3];
const uint32_t *target;
- const uint32_t *engine, *nos, *ep;
+ const uint32_t *engine, *nos, *ep, *filesize;
/*
const uint32_t *sectoff, *sectrva, *sectvsz, *sectraw, *sectrsz,
*secturva, *sectuvsz, *secturaw, *sectursz;
@@@ -141,6 -141,7 +141,7 @@@ struct cli_target_info
#define CLI_OFF_EP_MINUS 4
#define CLI_OFF_SL_PLUS 5
#define CLI_OFF_SX_PLUS 6
+ #define CLI_OFF_VERSION 7
int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata);
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list