[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:14:17 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 55094a9c763875189a8a31d6db709000de8b1364
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Thu Jan 7 18:26:12 2010 +0100
libclamav: base code for unified container metadata matcher (bb#1579)
diff --git a/ChangeLog b/ChangeLog
index 0d21b6b..7b440a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu Jan 7 18:22:39 CET 2010 (tk)
+---------------------------------
+ * libclamav: base code for unified container metadata matcher (bb#1579)
+
Tue Jan 5 12:04:47 CET 2010 (acab)
-----------------------------------
* libclamav/readdb.c: force VI anchored sigs into AC
diff --git a/libclamav/blob.c b/libclamav/blob.c
index 2184eee..f988e30 100644
--- a/libclamav/blob.c
+++ b/libclamav/blob.c
@@ -636,10 +636,7 @@ fileblobScan(const fileblob *fb)
fflush(fb->fp);
lseek(fb->fd, 0, SEEK_SET);
- fb->ctx->container_type = CL_TYPE_MAIL;
rc = cli_magic_scandesc(fb->fd, fb->ctx);
- fb->ctx->container_type = 0;
-
if(rc == CL_VIRUS) {
cli_dbgmsg("%s is infected\n", fb->fullname);
return CL_VIRUS;
diff --git a/libclamav/filetypes.c b/libclamav/filetypes.c
index 69e7d77..88a6d5b 100644
--- a/libclamav/filetypes.c
+++ b/libclamav/filetypes.c
@@ -53,7 +53,7 @@ static const struct ftmap_s {
{ "CL_TYPE_TEXT_UTF16BE", CL_TYPE_TEXT_UTF16BE },
{ "CL_TYPE_BINARY_DATA", CL_TYPE_BINARY_DATA },
{ "CL_TYPE_IGNORED", CL_TYPE_IGNORED },
- { "CL_TYPE_ANY", 0 }, /* for ft-sigs */
+ { "CL_TYPE_ANY", CL_TYPE_ANY },
{ "CL_TYPE_MSEXE", CL_TYPE_MSEXE },
{ "CL_TYPE_ELF", CL_TYPE_ELF },
{ "CL_TYPE_MACHO", CL_TYPE_MACHO },
diff --git a/libclamav/filetypes.h b/libclamav/filetypes.h
index 62c8198..bd1934b 100644
--- a/libclamav/filetypes.h
+++ b/libclamav/filetypes.h
@@ -32,6 +32,7 @@
#define MAX_EMBEDDED_OBJ 10
typedef enum {
+ CL_TYPE_ANY = 0,
CL_TYPE_TEXT_ASCII = CL_TYPENO, /* X3.4, ISO-8859, non-ISO ext. ASCII */
CL_TYPE_TEXT_UTF8,
CL_TYPE_TEXT_UTF16LE,
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index 0173df8..09e832a 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -47,6 +47,7 @@
#include "macho.h"
#include "fmap.h"
#include "pe_icons.h"
+#include "regex/regex.h"
int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata)
{
@@ -541,3 +542,52 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
return (acmode & AC_SCAN_FT) ? type : CL_CLEAN;
}
+
+int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, void *res1, void *res2)
+{
+ const struct cli_cdb *cdb;
+
+ if(!(cdb = ctx->engine->cdb))
+ return CL_CLEAN;
+
+ do {
+ if(cdb->ctype != CL_TYPE_ANY && cdb->ctype != ctx->container_type)
+ continue;
+
+ if(cdb->ftype != CL_TYPE_ANY && cdb->ftype != ftype)
+ continue;
+
+ if(cdb->encrypted != 2 && cdb->encrypted != encrypted)
+ continue;
+
+ if(cdb->csize[0] != CLI_OFF_ANY) {
+ if(cdb->csize[0] == cdb->csize[1] && cdb->csize[0] != ctx->container_size)
+ continue;
+ else if(cdb->csize[0] != cdb->csize[1] && ((cdb->csize[0] && cdb->csize[0] > ctx->container_size) || (cdb->csize[1] && cdb->csize[1] < ctx->container_size)))
+ continue;
+ }
+
+ if(cdb->fsizec[0] != CLI_OFF_ANY) {
+ if(cdb->fsizec[0] == cdb->fsizec[1] && cdb->fsizec[0] != fsizec)
+ continue;
+ else if(cdb->fsizec[0] != cdb->fsizec[1] && ((cdb->fsizec[0] && cdb->fsizec[0] > fsizec) || (cdb->fsizec[1] && cdb->fsizec[1] < fsizec)))
+ continue;
+ }
+
+ if(cdb->fsizer[0] != CLI_OFF_ANY) {
+ if(cdb->fsizer[0] == cdb->fsizer[1] && cdb->fsizer[0] != fsizer)
+ continue;
+ else if(cdb->fsizer[0] != cdb->fsizer[1] && ((cdb->fsizer[0] && cdb->fsizer[0] > fsizer) || (cdb->fsizer[1] && cdb->fsizer[1] < fsizer)))
+ continue;
+ }
+
+ if(cdb->name.re_magic && (!fname || cli_regexec(&cdb->name, fname, 0, NULL, 0) == REG_NOMATCH))
+ continue;
+
+ *ctx->virname = cdb->virname;
+ return CL_VIRUS;
+
+ } while((cdb = cdb->next));
+
+ return CL_CLEAN;
+}
diff --git a/libclamav/matcher.h b/libclamav/matcher.h
index 9a7f466..096dfe2 100644
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@ -106,6 +106,24 @@ struct cli_meta_node {
unsigned int crc32, fileno, encrypted, maxdepth;
};
+struct cli_cdb
+{
+ char *virname; /* virus name */
+ cli_file_t ctype; /* container type */
+ cli_file_t ftype; /* file type */
+ regex_t name; /* filename regex */
+ size_t csize[2]; /* container size (min, max); if csize[0] != csize[1]
+ * then value of 0 makes the field ignored
+ */
+ size_t fsizec[2]; /* file size in container */
+ size_t fsizer[2]; /* real file size */
+ int encrypted; /* file is encrypted; 2 == ignore */
+ void *res1; /* reserved / format specific */
+ void *res2; /* reserved / format specific */
+
+ struct cli_cdb *next;
+};
+
struct cli_mtarget {
cli_file_t target;
const char *name;
@@ -152,4 +170,6 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, fmap_t *map, un
int cli_checkfp(int fd, cli_ctx *ctx);
+int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, void *res1, void *res2);
+
#endif
diff --git a/libclamav/others.h b/libclamav/others.h
index 9d6eede..060c0d6 100644
--- a/libclamav/others.h
+++ b/libclamav/others.h
@@ -111,6 +111,7 @@ typedef struct {
unsigned int scannedfiles;
unsigned int found_possibly_unwanted;
cli_file_t container_type; /* FIXME: to be made into a stack or array - see bb#1579 & bb#1293 */
+ size_t container_size;
struct cli_dconf *dconf;
fmap_t **fmap;
} cli_ctx;
@@ -199,6 +200,9 @@ struct cl_engine {
/* RAR metadata */
struct cli_meta_node *rar_mlist;
+ /* Container metadata */
+ struct cli_cdb *cdb;
+
/* Phishing .pdb and .wdb databases*/
struct regex_matcher *whitelist_matcher;
struct regex_matcher *domainlist_matcher;
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 64f4005..d08eac6 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1869,6 +1869,200 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i
return CL_SUCCESS;
}
+/* 0 1 2 3 4 5 6 7 8 9 10 11
+ * VirusName:ContainerType:FileType:FileNameREGEX:ContainerSize:FileSizeInContainer:FileSizeReal:IsEncrypted:Res1:Res2[:MinFL[:MaxFL]]
+ */
+#define CDB_TOKENS 12
+static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio)
+{
+ const char *tokens[MD_TOKENS + 1];
+ char buffer[FILEBUFF], *buffer_cpy;
+ unsigned int line = 0, sigs = 0, tokens_count, n0, n1;
+ int ret = CL_SUCCESS;
+ struct cli_cdb *new;
+
+
+ if(engine->ignored)
+ if(!(buffer_cpy = cli_malloc(FILEBUFF)))
+ return CL_EMEM;
+
+ while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) {
+ line++;
+ if(buffer[0] == '#')
+ continue;
+
+ cli_chomp(buffer);
+ if(engine->ignored)
+ strcpy(buffer_cpy, buffer);
+
+ tokens_count = cli_strtokenize(buffer, ':', CDB_TOKENS + 1, tokens);
+ if(tokens_count > CDB_TOKENS) {
+ ret = CL_EMALFDB;
+ break;
+ }
+
+ if(tokens_count > 10) { /* min version */
+ if(!cli_isnumber(tokens[10])) {
+ ret = CL_EMALFDB;
+ break;
+ }
+ if((unsigned int) atoi(tokens[10]) > cl_retflevel()) {
+ cli_dbgmsg("cli_loadcdb: Container signature for %s not loaded (required f-level: %u)\n", tokens[0], atoi(tokens[10]));
+ continue;
+ }
+ if(tokens_count == 12) { /* max version */
+ if(!cli_isnumber(tokens[11])) {
+ ret = CL_EMALFDB;
+ break;
+ }
+ if((unsigned int) atoi(tokens[11]) < cl_retflevel())
+ continue;
+ }
+ }
+
+ new = (struct cli_cdb *) mpool_calloc(engine->mempool, 1, sizeof(struct cli_cdb));
+ if(!new) {
+ ret = CL_EMEM;
+ break;
+ }
+
+ new->virname = cli_mpool_virname(engine->mempool, (char *)tokens[0], options & CL_DB_OFFICIAL);
+ if(!new->virname) {
+ mpool_free(engine->mempool, new);
+ ret = CL_EMEM;
+ break;
+ }
+
+ if(engine->ignored && cli_chkign(engine->ignored, new->virname, buffer/*_cpy*/)) {
+ mpool_free(engine->mempool, new->virname);
+ mpool_free(engine->mempool, new);
+ continue;
+ }
+
+ if(!strcmp(tokens[1], "*")) {
+ new->ctype = CL_TYPE_ANY;
+ } else if((new->ctype = cli_ftcode(tokens[1])) == CL_TYPE_ERROR) {
+ cli_dbgmsg("cli_cdb: Unknown container type %s in signature for %s, skipping\n", tokens[1], tokens[0]);
+ mpool_free(engine->mempool, new->virname);
+ mpool_free(engine->mempool, new);
+ continue;
+ }
+
+ if(!strcmp(tokens[2], "*")) {
+ new->ftype = CL_TYPE_ANY;
+ } else if((new->ftype = cli_ftcode(tokens[2])) == CL_TYPE_ERROR) {
+ cli_dbgmsg("cli_cdb: Unknown file type %s in signature for %s, skipping\n", tokens[2], tokens[0]);
+ mpool_free(engine->mempool, new->virname);
+ mpool_free(engine->mempool, new);
+ continue;
+ }
+
+ if(strcmp(tokens[3], "*") && cli_regcomp(&new->name, tokens[3], REG_EXTENDED | REG_NOSUB)) {
+ cli_errmsg("cli_cdb: Can't compile regular expression %s in signature for %s\n", tokens[3], tokens[0]);
+ mpool_free(engine->mempool, new->virname);
+ mpool_free(engine->mempool, new);
+ ret = CL_EMEM;
+ break;
+ }
+
+#define CDBRANGE(token_str, dest) \
+ if(strcmp(token_str, "*")) { \
+ if(strchr(token_str, '-')) { \
+ if(sscanf(token_str, "%u-%u", &n0, &n1) != 2) { \
+ ret = CL_EMALFDB; \
+ } else { \
+ dest[0] = n0; \
+ dest[1] = n1; \
+ } \
+ } else { \
+ if(!cli_isnumber(token_str)) \
+ ret = CL_EMALFDB; \
+ else \
+ dest[0] = dest[1] = atoi(token_str); \
+ } \
+ if(ret != CL_SUCCESS) { \
+ cli_errmsg("cli_cdb: Invalid value %s in signature for %s\n",\
+ token_str, tokens[0]); \
+ if(new->name.re_magic) \
+ cli_regfree(&new->name); \
+ mpool_free(engine->mempool, new->virname); \
+ mpool_free(engine->mempool, new); \
+ ret = CL_EMEM; \
+ break; \
+ } \
+ } else { \
+ dest[0] = dest[1] = CLI_OFF_ANY; \
+ }
+
+ CDBRANGE(tokens[4], new->csize);
+ CDBRANGE(tokens[5], new->fsizec);
+ CDBRANGE(tokens[6], new->fsizer);
+
+ if(!strcmp(tokens[7], "*")) {
+ new->encrypted = 2;
+ } else {
+ if(strcmp(tokens[7], "0") && strcmp(tokens[7], "1")) {
+ cli_errmsg("cli_cdb: Invalid encryption flag value in signature for %s\n", tokens[0]);
+ if(new->name.re_magic)
+ cli_regfree(&new->name);
+ mpool_free(engine->mempool, new->virname);
+ mpool_free(engine->mempool, new);
+ ret = CL_EMEM;
+ break;
+ }
+ new->encrypted = *tokens[7] - 0x30;
+ }
+
+ if(strcmp(tokens[8], "*")) {
+ new->res1 = cli_mpool_strdup(engine->mempool, tokens[8]);
+ if(!new->res1) {
+ cli_errmsg("cli_cdb: Can't allocate memory for res1 in signature for %s\n", tokens[0]);
+ if(new->name.re_magic)
+ cli_regfree(&new->name);
+ mpool_free(engine->mempool, new->virname);
+ mpool_free(engine->mempool, new);
+ ret = CL_EMEM;
+ break;
+ }
+ }
+
+ if(strcmp(tokens[9], "*")) {
+ new->res2 = cli_mpool_strdup(engine->mempool, tokens[9]);
+ if(!new->res2) {
+ cli_errmsg("cli_cdb: Can't allocate memory for res2 in signature for %s\n", tokens[0]);
+ if(new->name.re_magic)
+ cli_regfree(&new->name);
+ mpool_free(engine->mempool, new->res1);
+ mpool_free(engine->mempool, new->virname);
+ mpool_free(engine->mempool, new);
+ ret = CL_EMEM;
+ break;
+ }
+ }
+
+ new->next = engine->cdb;
+ engine->cdb = new;
+ sigs++;
+ }
+ if(engine->ignored)
+ free(buffer_cpy);
+
+ if(!line) {
+ cli_errmsg("Empty database file\n");
+ return CL_EMALFDB;
+ }
+
+ if(ret) {
+ cli_errmsg("Problem parsing database at line %u\n", line);
+ return ret;
+ }
+
+ if(signo)
+ *signo += sigs;
+
+ return CL_SUCCESS;
+}
+
static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned int *signo, unsigned int options);
int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio)
@@ -1980,6 +2174,9 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
} else if(cli_strbcasestr(dbname, ".idb")) {
ret = cli_loadidb(fs, engine, signo, options, dbio);
+ } else if(cli_strbcasestr(dbname, ".cdb")) {
+ ret = cli_loadcdb(fs, engine, signo, options, dbio);
+
} else {
cli_dbgmsg("cli_load: unknown extension - assuming old database format\n");
ret = cli_loaddb(fs, engine, signo, options, dbio, dbname);
@@ -2494,6 +2691,17 @@ int cl_engine_free(struct cl_engine *engine)
mpool_free(engine->mempool, metah);
}
+ while(engine->cdb) {
+ struct cli_cdb *pt = engine->cdb;
+ engine->cdb = pt->next;
+ if(pt->name.re_magic)
+ cli_regfree(&pt->name);
+ mpool_free(engine->mempool, pt->res2);
+ mpool_free(engine->mempool, pt->res1);
+ mpool_free(engine->mempool, pt->virname);
+ mpool_free(engine->mempool, pt);
+ }
+
if(engine->dconf->bytecode & BYTECODE_ENGINE_MASK) {
unsigned i;
if (engine->bcs.all_bcs)
diff --git a/libclamav/readdb.h b/libclamav/readdb.h
index 730541f..d8b48de 100644
--- a/libclamav/readdb.h
+++ b/libclamav/readdb.h
@@ -52,6 +52,7 @@
cli_strbcasestr(ext, ".cfg") || \
cli_strbcasestr(ext, ".cvd") || \
cli_strbcasestr(ext, ".cld") || \
+ cli_strbcasestr(ext, ".cdb") || \
cli_strbcasestr(ext, ".idb") \
)
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index 7c68204..2c9a61f 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -978,7 +978,6 @@ static int cli_scanscript(cli_ctx *ctx)
unsigned char *buff;
unsigned char* normalized;
struct text_norm_state state;
- struct stat sb;
char *tmpname = NULL;
int ofd = -1, ret;
const struct cli_matcher *troot = ctx->engine->root[7];
@@ -1529,9 +1528,7 @@ static int cli_scanmail(int desc, cli_ctx *ctx)
return ret;
}
- ctx->container_type = CL_TYPE_MAIL;
ret = cli_scandir(dir, ctx);
- ctx->container_type = 0;
if(!ctx->engine->keeptmp)
cli_rmdirs(dir);
@@ -1839,7 +1836,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
cli_file_t type, dettype = 0;
struct stat sb;
uint8_t typercg = 1;
- cli_file_t current_container = ctx->container_type; /* TODO: container tracking code TBD - bb#1293 */
+ cli_file_t current_container_type = ctx->container_type; /* TODO: container tracking code TBD - bb#1293 */
+ size_t current_container_size = ctx->container_size;
if(ctx->engine->maxreclevel && ctx->recursion > ctx->engine->maxreclevel) {
cli_dbgmsg("cli_magic_scandesc: Archive recursion limit exceeded (%u, max: %u)\n", ctx->recursion, ctx->engine->maxreclevel);
@@ -1906,18 +1904,21 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
lseek(desc, 0, SEEK_SET); /* FIXMEFMAP: remove ? */
}
- ctx->container_type = 0;
ctx->recursion++;
switch(type) {
case CL_TYPE_IGNORED:
break;
case CL_TYPE_RAR:
+ ctx->container_type = CL_TYPE_RAR;
+ ctx->container_size = sb.st_size;
if(have_rar && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_RAR))
ret = cli_scanrar(desc, ctx, 0, NULL);
break;
case CL_TYPE_ZIP:
+ ctx->container_type = CL_TYPE_ZIP;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ZIP))
ret = cli_unzip(ctx);
break;
@@ -1931,17 +1932,24 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_BZ))
ret = cli_scanbzip(desc, ctx);
break;
+
case CL_TYPE_ARJ:
+ ctx->container_type = CL_TYPE_ARJ;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ARJ))
ret = cli_scanarj(desc, ctx, 0, NULL);
break;
case CL_TYPE_NULSFT:
- if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_NSIS))
+ ctx->container_type = CL_TYPE_NULSFT;
+ ctx->container_size = sb.st_size;
+ if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_NSIS))
ret = cli_scannulsft(desc, ctx, 0);
break;
case CL_TYPE_AUTOIT:
+ ctx->container_type = CL_TYPE_AUTOIT;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_AUTOIT))
ret = cli_scanautoit(desc, ctx, 23);
break;
@@ -1952,6 +1960,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
break;
case CL_TYPE_MSCAB:
+ ctx->container_type = CL_TYPE_MSCAB;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CAB))
ret = cli_scanmscab(desc, ctx, 0);
break;
@@ -1972,11 +1982,15 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
break;
case CL_TYPE_RTF:
+ ctx->container_type = CL_TYPE_RTF;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_DOC & DOC_CONF_RTF))
ret = cli_scanrtf(desc, ctx);
break;
case CL_TYPE_MAIL:
+ ctx->container_type = CL_TYPE_MAIL;
+ ctx->container_size = sb.st_size;
if(SCAN_MAIL && (DCONF_MAIL & MAIL_CONF_MBOX))
ret = cli_scanmail(desc, ctx);
break;
@@ -1992,46 +2006,64 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
break;
case CL_TYPE_MSCHM:
+ ctx->container_type = CL_TYPE_MSCHM;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CHM))
ret = cli_scanmschm(desc, ctx);
break;
case CL_TYPE_MSOLE2:
+ ctx->container_type = CL_TYPE_MSOLE2;
+ ctx->container_size = sb.st_size;
if(SCAN_OLE2 && (DCONF_ARCH & ARCH_CONF_OLE2))
ret = cli_scanole2(ctx);
break;
case CL_TYPE_7Z:
+ ctx->container_type = CL_TYPE_7Z;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_7Z))
ret = cli_7unz(desc, ctx);
break;
case CL_TYPE_POSIX_TAR:
+ ctx->container_type = CL_TYPE_POSIX_TAR;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_TAR))
ret = cli_scantar(desc, ctx, 1);
break;
case CL_TYPE_OLD_TAR:
+ ctx->container_type = CL_TYPE_OLD_TAR;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_TAR))
ret = cli_scantar(desc, ctx, 0);
break;
case CL_TYPE_CPIO_OLD:
+ ctx->container_type = CL_TYPE_CPIO_OLD;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
ret = cli_scancpio_old(desc, ctx);
break;
case CL_TYPE_CPIO_ODC:
+ ctx->container_type = CL_TYPE_CPIO_ODC;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
ret = cli_scancpio_odc(desc, ctx);
break;
case CL_TYPE_CPIO_NEWC:
+ ctx->container_type = CL_TYPE_CPIO_NEWC;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
ret = cli_scancpio_newc(desc, ctx, 0);
break;
case CL_TYPE_CPIO_CRC:
+ ctx->container_type = CL_TYPE_CPIO_CRC;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
ret = cli_scancpio_newc(desc, ctx, 1);
break;
@@ -2057,6 +2089,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
break;
case CL_TYPE_PDF: /* FIXMELIMITS: pdf should be an archive! */
+ ctx->container_type = CL_TYPE_PDF;
+ ctx->container_size = sb.st_size;
if(SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF))
ret = cli_scanpdf(ctx, 0);
break;
@@ -2082,6 +2116,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
break;
case CL_TYPE_SIS:
+ ctx->container_type = CL_TYPE_SIS;
+ ctx->container_size = sb.st_size;
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_SIS))
ret = cli_scansis(desc, ctx);
break;
@@ -2103,7 +2139,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
break;
}
ctx->recursion--;
- ctx->container_type = current_container;
+ ctx->container_type = current_container_type;
+ ctx->container_size = current_container_size;
if(ret == CL_VIRUS) {
ret = cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
@@ -2184,7 +2221,8 @@ int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, cons
ctx.scanned = scanned;
ctx.options = scanoptions;
ctx.found_possibly_unwanted = 0;
- ctx.container_type = 0;
+ ctx.container_type = CL_TYPE_ANY;
+ ctx.container_size = 0;
ctx.dconf = (struct cli_dconf *) engine->dconf;
ctx.fmap = cli_calloc(sizeof(fmap_t *), ctx.engine->maxreclevel + 1);
if(!ctx.fmap)
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list