[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

Tomasz Kojm tkojm at clamav.net
Sun Apr 4 01:21:39 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit a5b0f84b82e293e349b7bc788aa2a3f9ed097fe2
Author: Tomasz Kojm <tkojm at clamav.net>
Date:   Thu Mar 4 15:34:34 2010 +0100

    libclamav/scanners.c: set container type in cli_scanraw() (bb#1842)

diff --git a/ChangeLog b/ChangeLog
index 0296aa3..a82d59f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu Mar  4 15:32:40 CET 2010 (tk)
+---------------------------------
+ * libclamav/scanners.c: set container type in cli_scanraw() (bb#1842)
+
 Thu Mar  4 14:41:39 CET 2010 (tk)
 ---------------------------------
  * libclamav/matcher-bm.c: only sort correct offsets (bb#1840)
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index ceefb78..e6c5448 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -1693,6 +1693,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 	struct cli_exe_info peinfo;
 	unsigned int acmode = AC_SCAN_VIR, break_loop = 0;
 	fmap_t *map = *ctx->fmap;
+	cli_file_t current_container_type = ctx->container_type;
+	size_t current_container_size = ctx->container_size;
 
 
     if(ctx->engine->maxreclevel && ctx->recursion >= ctx->engine->maxreclevel)
@@ -1722,8 +1724,9 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 	    while(fpt) {
 		if(fpt->offset) switch(fpt->type) {
 		    case CL_TYPE_RARSFX:
-			    cli_dbgmsg("RAR/RAR-SFX signature found at %u\n", (unsigned int) fpt->offset);
 			if(type != CL_TYPE_RAR && have_rar && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_RAR)) {
+			    ctx->container_type = CL_TYPE_RAR;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("RAR/RAR-SFX signature found at %u\n", (unsigned int) fpt->offset);
 			    nret = cli_scanrar(map->fd, ctx, fpt->offset, &lastrar);
 			}
@@ -1731,6 +1734,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 
 		    case CL_TYPE_ZIPSFX:
 			if(type != CL_TYPE_ZIP && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ZIP)) {
+			    ctx->container_type = CL_TYPE_ZIP;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("ZIP/ZIP-SFX signature found at %u\n", (unsigned int) fpt->offset);
 			    nret = cli_unzip_single(ctx, fpt->offset);
 			}
@@ -1738,12 +1743,16 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 
 		    case CL_TYPE_CABSFX:
 			if(type != CL_TYPE_MSCAB && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_CAB)) {
+			    ctx->container_type = CL_TYPE_MSCAB;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("CAB/CAB-SFX signature found at %u\n", (unsigned int) fpt->offset);
 			    nret = cli_scanmscab(map->fd, ctx, fpt->offset);
 			}
 			break;
 		    case CL_TYPE_ARJSFX:
 			if(type != CL_TYPE_ARJ && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ARJ)) {
+			    ctx->container_type = CL_TYPE_ARJ;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("ARJ-SFX signature found at %u\n", (unsigned int) fpt->offset);
 			    nret = cli_scanarj(map->fd, ctx, fpt->offset, &lastrar);
 			}
@@ -1751,6 +1760,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 
 		    case CL_TYPE_NULSFT:
 		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_NSIS) && fpt->offset > 4) {
+			    ctx->container_type = CL_TYPE_NULSFT;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("NSIS signature found at %u\n", (unsigned int) fpt->offset-4);
 			    nret = cli_scannulsft(map->fd, ctx, fpt->offset - 4);
 			}
@@ -1758,6 +1769,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 
 		    case CL_TYPE_AUTOIT:
 		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_AUTOIT)) {
+			    ctx->container_type = CL_TYPE_AUTOIT;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("AUTOIT signature found at %u\n", (unsigned int) fpt->offset);
 			    nret = cli_scanautoit(map->fd, ctx, fpt->offset + 23);
 			}
@@ -1765,6 +1778,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 
 		    case CL_TYPE_ISHIELD_MSI:
 		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_ISHIELD)) {
+			    ctx->container_type = CL_TYPE_AUTOIT;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("ISHIELD-MSI signature found at %u\n", (unsigned int) fpt->offset);
 			    nret = cli_scanishield_msi(ctx, fpt->offset + 14);
 			}
@@ -1772,6 +1787,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 
 		    case CL_TYPE_PDF:
 			if(type != CL_TYPE_PDF && SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF)) {
+			    ctx->container_type = CL_TYPE_PDF;
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    cli_dbgmsg("PDF signature found at %u\n", (unsigned int) fpt->offset);
 			    nret = cli_scanpdf(ctx, fpt->offset);
 			}
@@ -1781,6 +1798,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
  			if(SCAN_PE && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP || type == CL_TYPE_MSOLE2) && ctx->dconf->pe) {
 			    if(map->len > 10485760)
 				break;
+			    ctx->container_type = CL_TYPE_MSEXE; /* PE is a container for another executable here */
+			    ctx->container_size = map->len - fpt->offset; /* not precise */
 			    memset(&peinfo, 0, sizeof(struct cli_exe_info));
 			    peinfo.offset = fpt->offset;
 			    lseek(map->fd, fpt->offset, SEEK_SET);
@@ -1809,6 +1828,8 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 
 		fpt = fpt->next;
 	    }
+	    ctx->container_type = current_container_type;
+	    ctx->container_size = current_container_size;
 	}
 
 	if(nret != CL_VIRUS) switch(ret) {
@@ -1820,8 +1841,12 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_
 		break;
 
 	    case CL_TYPE_MAIL:
+		ctx->container_type = CL_TYPE_MAIL;
+		ctx->container_size = map->len;
 		if(SCAN_MAIL && type == CL_TYPE_TEXT_ASCII && (DCONF_MAIL & MAIL_CONF_MBOX))
 		    nret = cli_scanmail(map->fd, ctx);
+		ctx->container_type = current_container_type;
+		ctx->container_size = current_container_size;
 		break;
 
 	    default:
@@ -1849,7 +1874,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	cli_file_t type, dettype = 0;
 	struct stat sb;
 	uint8_t typercg = 1;
-	cli_file_t current_container_type = ctx->container_type; /* TODO: container tracking code TBD - bb#1293 */
+	cli_file_t current_container_type = ctx->container_type;
 	size_t current_container_size = ctx->container_size, hashed_size;
 	unsigned char hash[16];
 	bitset_t *old_hook_lsig_matches;

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list