[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

Tomasz Kojm tkojm at clamav.net
Sun Apr 4 01:14:17 UTC 2010


The following commit has been merged in the debian/unstable branch:
commit 55094a9c763875189a8a31d6db709000de8b1364
Author: Tomasz Kojm <tkojm at clamav.net>
Date:   Thu Jan 7 18:26:12 2010 +0100

    libclamav: base code for unified container metadata matcher (bb#1579)

diff --git a/ChangeLog b/ChangeLog
index 0d21b6b..7b440a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu Jan  7 18:22:39 CET 2010 (tk)
+---------------------------------
+ * libclamav: base code for unified container metadata matcher (bb#1579)
+
 Tue Jan  5 12:04:47 CET 2010 (acab)
 -----------------------------------
  * libclamav/readdb.c: force VI anchored sigs into AC
diff --git a/libclamav/blob.c b/libclamav/blob.c
index 2184eee..f988e30 100644
--- a/libclamav/blob.c
+++ b/libclamav/blob.c
@@ -636,10 +636,7 @@ fileblobScan(const fileblob *fb)
 	fflush(fb->fp);
 	lseek(fb->fd, 0, SEEK_SET);
 
-	fb->ctx->container_type = CL_TYPE_MAIL;
 	rc = cli_magic_scandesc(fb->fd, fb->ctx);
-	fb->ctx->container_type = 0;
-
 	if(rc == CL_VIRUS) {
 		cli_dbgmsg("%s is infected\n", fb->fullname);
 		return CL_VIRUS;
diff --git a/libclamav/filetypes.c b/libclamav/filetypes.c
index 69e7d77..88a6d5b 100644
--- a/libclamav/filetypes.c
+++ b/libclamav/filetypes.c
@@ -53,7 +53,7 @@ static const struct ftmap_s {
     { "CL_TYPE_TEXT_UTF16BE",	CL_TYPE_TEXT_UTF16BE	},
     { "CL_TYPE_BINARY_DATA",	CL_TYPE_BINARY_DATA	},
     { "CL_TYPE_IGNORED",	CL_TYPE_IGNORED		},
-    { "CL_TYPE_ANY",		0			}, /* for ft-sigs */
+    { "CL_TYPE_ANY",		CL_TYPE_ANY		},
     { "CL_TYPE_MSEXE",		CL_TYPE_MSEXE		},
     { "CL_TYPE_ELF",		CL_TYPE_ELF		},
     { "CL_TYPE_MACHO",		CL_TYPE_MACHO		},
diff --git a/libclamav/filetypes.h b/libclamav/filetypes.h
index 62c8198..bd1934b 100644
--- a/libclamav/filetypes.h
+++ b/libclamav/filetypes.h
@@ -32,6 +32,7 @@
 #define MAX_EMBEDDED_OBJ 10
 
 typedef enum {
+    CL_TYPE_ANY = 0,
     CL_TYPE_TEXT_ASCII = CL_TYPENO, /* X3.4, ISO-8859, non-ISO ext. ASCII */
     CL_TYPE_TEXT_UTF8,
     CL_TYPE_TEXT_UTF16LE,
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index 0173df8..09e832a 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -47,6 +47,7 @@
 #include "macho.h"
 #include "fmap.h"
 #include "pe_icons.h"
+#include "regex/regex.h"
 
 int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata)
 {
@@ -541,3 +542,52 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
 
     return (acmode & AC_SCAN_FT) ? type : CL_CLEAN;
 }
+
+int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, void *res1, void *res2)
+{
+	const struct cli_cdb *cdb;
+
+    if(!(cdb = ctx->engine->cdb))
+	return CL_CLEAN;
+
+    do {
+	if(cdb->ctype != CL_TYPE_ANY && cdb->ctype != ctx->container_type)
+	    continue;
+
+	if(cdb->ftype != CL_TYPE_ANY && cdb->ftype != ftype)
+	    continue;
+
+	if(cdb->encrypted != 2 && cdb->encrypted != encrypted)
+	    continue;
+
+	if(cdb->csize[0] != CLI_OFF_ANY) {
+	    if(cdb->csize[0] == cdb->csize[1] && cdb->csize[0] != ctx->container_size)
+		continue;
+	    else if(cdb->csize[0] != cdb->csize[1] && ((cdb->csize[0] && cdb->csize[0] > ctx->container_size) || (cdb->csize[1] && cdb->csize[1] < ctx->container_size)))
+		continue;
+	}
+
+	if(cdb->fsizec[0] != CLI_OFF_ANY) {
+	    if(cdb->fsizec[0] == cdb->fsizec[1] && cdb->fsizec[0] != fsizec)
+		continue;
+	    else if(cdb->fsizec[0] != cdb->fsizec[1] && ((cdb->fsizec[0] && cdb->fsizec[0] > fsizec) || (cdb->fsizec[1] && cdb->fsizec[1] < fsizec)))
+		continue;
+	}
+
+	if(cdb->fsizer[0] != CLI_OFF_ANY) {
+	    if(cdb->fsizer[0] == cdb->fsizer[1] && cdb->fsizer[0] != fsizer)
+		continue;
+	    else if(cdb->fsizer[0] != cdb->fsizer[1] && ((cdb->fsizer[0] && cdb->fsizer[0] > fsizer) || (cdb->fsizer[1] && cdb->fsizer[1] < fsizer)))
+		continue;
+	}
+
+	if(cdb->name.re_magic && (!fname || cli_regexec(&cdb->name, fname, 0, NULL, 0) == REG_NOMATCH))
+	    continue;
+
+	*ctx->virname = cdb->virname;
+	return CL_VIRUS;
+
+    } while((cdb = cdb->next));
+
+    return CL_CLEAN;
+}
diff --git a/libclamav/matcher.h b/libclamav/matcher.h
index 9a7f466..096dfe2 100644
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@ -106,6 +106,24 @@ struct cli_meta_node {
     unsigned int crc32, fileno, encrypted, maxdepth;
 };
 
+struct cli_cdb
+{
+    char	*virname;   /* virus name */
+    cli_file_t	ctype;	    /* container type */
+    cli_file_t	ftype;	    /* file type */
+    regex_t	name;	    /* filename regex */
+    size_t	csize[2];   /* container size (min, max); if csize[0] != csize[1]
+			     * then value of 0 makes the field ignored
+			     */
+    size_t	fsizec[2];  /* file size in container */
+    size_t	fsizer[2];  /* real file size */
+    int		encrypted;  /* file is encrypted; 2 == ignore */
+    void	*res1;	    /* reserved / format specific */
+    void	*res2;	    /* reserved / format specific */
+
+    struct cli_cdb *next;
+};
+
 struct cli_mtarget {
     cli_file_t target;
     const char *name;
@@ -152,4 +170,6 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, fmap_t *map, un
 
 int cli_checkfp(int fd, cli_ctx *ctx);
 
+int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, void *res1, void *res2);
+
 #endif
diff --git a/libclamav/others.h b/libclamav/others.h
index 9d6eede..060c0d6 100644
--- a/libclamav/others.h
+++ b/libclamav/others.h
@@ -111,6 +111,7 @@ typedef struct {
     unsigned int scannedfiles;
     unsigned int found_possibly_unwanted;
     cli_file_t container_type; /* FIXME: to be made into a stack or array - see bb#1579 & bb#1293 */
+    size_t container_size;
     struct cli_dconf *dconf;
     fmap_t **fmap;
 } cli_ctx;
@@ -199,6 +200,9 @@ struct cl_engine {
     /* RAR metadata */
     struct cli_meta_node *rar_mlist;
 
+    /* Container metadata */
+    struct cli_cdb *cdb;
+
     /* Phishing .pdb and .wdb databases*/
     struct regex_matcher *whitelist_matcher;
     struct regex_matcher *domainlist_matcher;
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 64f4005..d08eac6 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1869,6 +1869,200 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i
     return CL_SUCCESS;
 }
 
+/*    0		1	     2		3	       4	       5		 6	     7	      8     9    10     11
+ * VirusName:ContainerType:FileType:FileNameREGEX:ContainerSize:FileSizeInContainer:FileSizeReal:IsEncrypted:Res1:Res2[:MinFL[:MaxFL]]
+ */
+#define CDB_TOKENS 12
+static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio)
+{
+	const char *tokens[MD_TOKENS + 1];
+	char buffer[FILEBUFF], *buffer_cpy;
+	unsigned int line = 0, sigs = 0, tokens_count, n0, n1;
+	int ret = CL_SUCCESS;
+	struct cli_cdb *new;
+
+
+    if(engine->ignored)
+	if(!(buffer_cpy = cli_malloc(FILEBUFF)))
+	    return CL_EMEM;
+
+    while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) {
+	line++;
+	if(buffer[0] == '#')
+	    continue;
+
+	cli_chomp(buffer);
+	if(engine->ignored)
+	    strcpy(buffer_cpy, buffer);
+
+	tokens_count = cli_strtokenize(buffer, ':', CDB_TOKENS + 1, tokens);
+	if(tokens_count > CDB_TOKENS) {
+	    ret = CL_EMALFDB;
+	    break;
+	}
+
+	if(tokens_count > 10) { /* min version */
+	    if(!cli_isnumber(tokens[10])) {
+		ret = CL_EMALFDB;
+		break;
+	    }
+	    if((unsigned int) atoi(tokens[10]) > cl_retflevel()) {
+		cli_dbgmsg("cli_loadcdb: Container signature for %s not loaded (required f-level: %u)\n", tokens[0], atoi(tokens[10]));
+		continue;
+	    }
+	    if(tokens_count == 12) { /* max version */
+		if(!cli_isnumber(tokens[11])) {
+		    ret = CL_EMALFDB;
+		    break;
+		}
+		if((unsigned int) atoi(tokens[11]) < cl_retflevel())
+		    continue;
+	    }
+	}
+
+	new = (struct cli_cdb *) mpool_calloc(engine->mempool, 1, sizeof(struct cli_cdb));
+	if(!new) {
+	    ret = CL_EMEM;
+	    break;
+	}
+
+	new->virname = cli_mpool_virname(engine->mempool, (char *)tokens[0], options & CL_DB_OFFICIAL);
+	if(!new->virname) {
+	    mpool_free(engine->mempool, new);
+	    ret = CL_EMEM;
+	    break;
+	}
+
+	if(engine->ignored && cli_chkign(engine->ignored, new->virname, buffer/*_cpy*/)) {
+	    mpool_free(engine->mempool, new->virname);
+	    mpool_free(engine->mempool, new);
+	    continue;
+	}
+
+	if(!strcmp(tokens[1], "*")) {
+	    new->ctype = CL_TYPE_ANY;
+	} else if((new->ctype = cli_ftcode(tokens[1])) == CL_TYPE_ERROR) {
+	    cli_dbgmsg("cli_cdb: Unknown container type %s in signature for %s, skipping\n", tokens[1], tokens[0]);
+	    mpool_free(engine->mempool, new->virname);
+	    mpool_free(engine->mempool, new);
+	    continue;
+	}
+
+	if(!strcmp(tokens[2], "*")) {
+	    new->ftype = CL_TYPE_ANY;
+	} else if((new->ftype = cli_ftcode(tokens[2])) == CL_TYPE_ERROR) {
+	    cli_dbgmsg("cli_cdb: Unknown file type %s in signature for %s, skipping\n", tokens[2], tokens[0]);
+	    mpool_free(engine->mempool, new->virname);
+	    mpool_free(engine->mempool, new);
+	    continue;
+	}
+
+	if(strcmp(tokens[3], "*") && cli_regcomp(&new->name, tokens[3], REG_EXTENDED | REG_NOSUB)) {
+	    cli_errmsg("cli_cdb: Can't compile regular expression %s in signature for %s\n", tokens[3], tokens[0]);
+	    mpool_free(engine->mempool, new->virname);
+	    mpool_free(engine->mempool, new);
+	    ret = CL_EMEM;
+	    break;
+	}
+
+#define CDBRANGE(token_str, dest)					    \
+	if(strcmp(token_str, "*")) {					    \
+	    if(strchr(token_str, '-')) {				    \
+		if(sscanf(token_str, "%u-%u", &n0, &n1) != 2) {		    \
+		    ret = CL_EMALFDB;					    \
+		} else {						    \
+		    dest[0] = n0;					    \
+		    dest[1] = n1;					    \
+		}							    \
+	    } else {							    \
+		if(!cli_isnumber(token_str))				    \
+		    ret = CL_EMALFDB;					    \
+		else							    \
+		    dest[0] = dest[1] = atoi(token_str);		    \
+	    }								    \
+	    if(ret != CL_SUCCESS) {					    \
+		cli_errmsg("cli_cdb: Invalid value %s in signature for %s\n",\
+		    token_str, tokens[0]);				    \
+		if(new->name.re_magic)					    \
+		    cli_regfree(&new->name);				    \
+		mpool_free(engine->mempool, new->virname);		    \
+		mpool_free(engine->mempool, new);			    \
+		ret = CL_EMEM;						    \
+		break;							    \
+	    }								    \
+	} else {							    \
+	    dest[0] = dest[1] = CLI_OFF_ANY;				    \
+	}
+
+	CDBRANGE(tokens[4], new->csize);
+	CDBRANGE(tokens[5], new->fsizec);
+	CDBRANGE(tokens[6], new->fsizer);
+
+	if(!strcmp(tokens[7], "*")) {
+	    new->encrypted = 2;
+	} else {
+	    if(strcmp(tokens[7], "0") && strcmp(tokens[7], "1")) {
+		cli_errmsg("cli_cdb: Invalid encryption flag value in signature for %s\n", tokens[0]);
+		if(new->name.re_magic)
+		    cli_regfree(&new->name);
+		mpool_free(engine->mempool, new->virname);
+		mpool_free(engine->mempool, new);
+		ret = CL_EMEM;
+		break;
+	    }
+	    new->encrypted = *tokens[7] - 0x30;
+	}
+
+	if(strcmp(tokens[8], "*")) {
+	    new->res1 = cli_mpool_strdup(engine->mempool, tokens[8]);
+	    if(!new->res1) {
+		cli_errmsg("cli_cdb: Can't allocate memory for res1 in signature for %s\n", tokens[0]);
+		if(new->name.re_magic)
+		    cli_regfree(&new->name);
+		mpool_free(engine->mempool, new->virname);
+		mpool_free(engine->mempool, new);
+		ret = CL_EMEM;
+		break;
+	    }
+	}
+
+	if(strcmp(tokens[9], "*")) {
+	    new->res2 = cli_mpool_strdup(engine->mempool, tokens[9]);
+	    if(!new->res2) {
+		cli_errmsg("cli_cdb: Can't allocate memory for res2 in signature for %s\n", tokens[0]);
+		if(new->name.re_magic)
+		    cli_regfree(&new->name);
+		mpool_free(engine->mempool, new->res1);
+		mpool_free(engine->mempool, new->virname);
+		mpool_free(engine->mempool, new);
+		ret = CL_EMEM;
+		break;
+	    }
+	}
+
+	new->next = engine->cdb;
+	engine->cdb = new;
+	sigs++;
+    }
+    if(engine->ignored)
+	free(buffer_cpy);
+
+    if(!line) {
+	cli_errmsg("Empty database file\n");
+	return CL_EMALFDB;
+    }
+
+    if(ret) {
+	cli_errmsg("Problem parsing database at line %u\n", line);
+	return ret;
+    }
+
+    if(signo)
+	*signo += sigs;
+
+    return CL_SUCCESS;
+}
+
 static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned int *signo, unsigned int options);
 
 int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio)
@@ -1980,6 +2174,9 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
     } else if(cli_strbcasestr(dbname, ".idb")) {
     	ret = cli_loadidb(fs, engine, signo, options, dbio);
 
+    } else if(cli_strbcasestr(dbname, ".cdb")) {
+    	ret = cli_loadcdb(fs, engine, signo, options, dbio);
+
     } else {
 	cli_dbgmsg("cli_load: unknown extension - assuming old database format\n");
 	ret = cli_loaddb(fs, engine, signo, options, dbio, dbname);
@@ -2494,6 +2691,17 @@ int cl_engine_free(struct cl_engine *engine)
 	mpool_free(engine->mempool, metah);
     }
 
+    while(engine->cdb) {
+	struct cli_cdb *pt = engine->cdb;
+	engine->cdb = pt->next;
+	if(pt->name.re_magic)
+	    cli_regfree(&pt->name);
+	mpool_free(engine->mempool, pt->res2);
+	mpool_free(engine->mempool, pt->res1);
+	mpool_free(engine->mempool, pt->virname);
+	mpool_free(engine->mempool, pt);
+    }
+
     if(engine->dconf->bytecode & BYTECODE_ENGINE_MASK) {
 	unsigned i;
 	if (engine->bcs.all_bcs)
diff --git a/libclamav/readdb.h b/libclamav/readdb.h
index 730541f..d8b48de 100644
--- a/libclamav/readdb.h
+++ b/libclamav/readdb.h
@@ -52,6 +52,7 @@
 	cli_strbcasestr(ext, ".cfg")   ||	\
 	cli_strbcasestr(ext, ".cvd")   ||	\
 	cli_strbcasestr(ext, ".cld")   ||	\
+	cli_strbcasestr(ext, ".cdb")   ||	\
 	cli_strbcasestr(ext, ".idb")		\
     )
 
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index 7c68204..2c9a61f 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -978,7 +978,6 @@ static int cli_scanscript(cli_ctx *ctx)
 	unsigned char *buff;
 	unsigned char* normalized;
 	struct text_norm_state state;
-	struct stat sb;
 	char *tmpname = NULL;
 	int ofd = -1, ret;
 	const struct cli_matcher *troot = ctx->engine->root[7];
@@ -1529,9 +1528,7 @@ static int cli_scanmail(int desc, cli_ctx *ctx)
 	return ret;
     }
 
-    ctx->container_type = CL_TYPE_MAIL;
     ret = cli_scandir(dir, ctx);
-    ctx->container_type = 0;
 
     if(!ctx->engine->keeptmp)
 	cli_rmdirs(dir);
@@ -1839,7 +1836,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	cli_file_t type, dettype = 0;
 	struct stat sb;
 	uint8_t typercg = 1;
-	cli_file_t current_container = ctx->container_type; /* TODO: container tracking code TBD - bb#1293 */
+	cli_file_t current_container_type = ctx->container_type; /* TODO: container tracking code TBD - bb#1293 */
+	size_t current_container_size = ctx->container_size;
 
     if(ctx->engine->maxreclevel && ctx->recursion > ctx->engine->maxreclevel) {
         cli_dbgmsg("cli_magic_scandesc: Archive recursion limit exceeded (%u, max: %u)\n", ctx->recursion, ctx->engine->maxreclevel);
@@ -1906,18 +1904,21 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	lseek(desc, 0, SEEK_SET); /* FIXMEFMAP: remove ? */
     }
 
-    ctx->container_type = 0;
     ctx->recursion++;
     switch(type) {
 	case CL_TYPE_IGNORED:
 	    break;
 
 	case CL_TYPE_RAR:
+	    ctx->container_type = CL_TYPE_RAR;
+	    ctx->container_size = sb.st_size;
 	    if(have_rar && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_RAR))
 		ret = cli_scanrar(desc, ctx, 0, NULL);
 	    break;
 
 	case CL_TYPE_ZIP:
+	    ctx->container_type = CL_TYPE_ZIP;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ZIP))
 		ret = cli_unzip(ctx);
 	    break;
@@ -1931,17 +1932,24 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_BZ))
 		ret = cli_scanbzip(desc, ctx);
 	    break;
+
 	case CL_TYPE_ARJ:
+	    ctx->container_type = CL_TYPE_ARJ;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ARJ))
 		ret = cli_scanarj(desc, ctx, 0, NULL);
 	    break;
 
         case CL_TYPE_NULSFT:
-	  if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_NSIS))
+	    ctx->container_type = CL_TYPE_NULSFT;
+	    ctx->container_size = sb.st_size;
+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_NSIS))
 		ret = cli_scannulsft(desc, ctx, 0);
 	    break;
 
         case CL_TYPE_AUTOIT:
+	    ctx->container_type = CL_TYPE_AUTOIT;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_AUTOIT))
 		ret = cli_scanautoit(desc, ctx, 23);
 	    break;
@@ -1952,6 +1960,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	    break;
 
 	case CL_TYPE_MSCAB:
+	    ctx->container_type = CL_TYPE_MSCAB;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CAB))
 		ret = cli_scanmscab(desc, ctx, 0);
 	    break;
@@ -1972,11 +1982,15 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	    break;
 
 	case CL_TYPE_RTF:
+	    ctx->container_type = CL_TYPE_RTF;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_DOC & DOC_CONF_RTF))
 		ret = cli_scanrtf(desc, ctx);
 	    break;
 
 	case CL_TYPE_MAIL:
+	    ctx->container_type = CL_TYPE_MAIL;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_MAIL && (DCONF_MAIL & MAIL_CONF_MBOX))
 		ret = cli_scanmail(desc, ctx);
 	    break;
@@ -1992,46 +2006,64 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	    break;
 
 	case CL_TYPE_MSCHM:
+	    ctx->container_type = CL_TYPE_MSCHM;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CHM))
 		ret = cli_scanmschm(desc, ctx);
 	    break;
 
 	case CL_TYPE_MSOLE2:
+	    ctx->container_type = CL_TYPE_MSOLE2;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_OLE2 && (DCONF_ARCH & ARCH_CONF_OLE2))
 		ret = cli_scanole2(ctx);
 	    break;
 
 	case CL_TYPE_7Z:
+	    ctx->container_type = CL_TYPE_7Z;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_7Z))
 		ret = cli_7unz(desc, ctx);
 	    break;
 
 	case CL_TYPE_POSIX_TAR:
+	    ctx->container_type = CL_TYPE_POSIX_TAR;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_TAR))
 		ret = cli_scantar(desc, ctx, 1);
 	    break;
 
 	case CL_TYPE_OLD_TAR:
+	    ctx->container_type = CL_TYPE_OLD_TAR;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_TAR))
 		ret = cli_scantar(desc, ctx, 0);
 	    break;
 
 	case CL_TYPE_CPIO_OLD:
+	    ctx->container_type = CL_TYPE_CPIO_OLD;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
 		ret = cli_scancpio_old(desc, ctx);
 	    break;
 
 	case CL_TYPE_CPIO_ODC:
+	    ctx->container_type = CL_TYPE_CPIO_ODC;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
 		ret = cli_scancpio_odc(desc, ctx);
 	    break;
 
 	case CL_TYPE_CPIO_NEWC:
+	    ctx->container_type = CL_TYPE_CPIO_NEWC;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
 		ret = cli_scancpio_newc(desc, ctx, 0);
 	    break;
 
 	case CL_TYPE_CPIO_CRC:
+	    ctx->container_type = CL_TYPE_CPIO_CRC;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CPIO))
 		ret = cli_scancpio_newc(desc, ctx, 1);
 	    break;
@@ -2057,6 +2089,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	    break;
 
         case CL_TYPE_PDF: /* FIXMELIMITS: pdf should be an archive! */
+	    ctx->container_type = CL_TYPE_PDF;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF))
 		ret = cli_scanpdf(ctx, 0);
 	    break;
@@ -2082,6 +2116,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	    break;
 
 	case CL_TYPE_SIS:
+	    ctx->container_type = CL_TYPE_SIS;
+	    ctx->container_size = sb.st_size;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_SIS))
 		ret = cli_scansis(desc, ctx);
 	    break;
@@ -2103,7 +2139,8 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	    break;
     }
     ctx->recursion--;
-    ctx->container_type = current_container;
+    ctx->container_type = current_container_type;
+    ctx->container_size = current_container_size;
 
     if(ret == CL_VIRUS) {
 	ret = cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
@@ -2184,7 +2221,8 @@ int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, cons
     ctx.scanned = scanned;
     ctx.options = scanoptions;
     ctx.found_possibly_unwanted = 0;
-    ctx.container_type = 0;
+    ctx.container_type = CL_TYPE_ANY;
+    ctx.container_size = 0;
     ctx.dconf = (struct cli_dconf *) engine->dconf;
     ctx.fmap = cli_calloc(sizeof(fmap_t *), ctx.engine->maxreclevel + 1);
     if(!ctx.fmap)

-- 
Debian repository for ClamAV



More information about the Pkg-clamav-commits mailing list