[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:09:47 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 9c3bcd84fbad5fd7d78277efeedca7fc4aa64f1c
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Thu Nov 26 19:43:32 2009 +0100
sigtool: --decode-sigs: handle .ldb sigs
diff --git a/ChangeLog b/ChangeLog
index 6a5d849..96a6d67 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu Nov 26 19:43:06 CET 2009 (tk)
+---------------------------------
+ * sigtool: --decode-sigs: handle .ldb sigs
+
Thu Nov 26 16:06:30 CET 2009 (acab)
-----------------------------------
* libclamav/scanners.c: print inflateinit2 return code
diff --git a/libclamav/libclamav.map b/libclamav/libclamav.map
index a8a6169..7d9ba25 100644
--- a/libclamav/libclamav.map
+++ b/libclamav/libclamav.map
@@ -118,6 +118,7 @@ CLAMAV_PRIVATE {
cli_ac_scanbuff;
cli_ac_freedata;
cli_ac_free;
+ cli_ac_chklsig;
cli_parse_add;
cli_bm_init;
cli_bm_scanbuff;
diff --git a/sigtool/sigtool.c b/sigtool/sigtool.c
index 39328d5..54d97e0 100644
--- a/sigtool/sigtool.c
+++ b/sigtool/sigtool.c
@@ -1835,12 +1835,43 @@ static int decodehex(const char *hexsig)
static int decodesig(char *sig)
{
char *pt;
- const char *tokens[7];
- int tokens_count;
+ const char *tokens[68];
+ int tokens_count, subsigs, i;
if(strchr(sig, ';')) { /* lsig */
- mprintf("decodesig: Not supported signature format (yet)\n");
- return -1;
+ tokens_count = cli_strtokenize(sig, ';', 67 + 1, (const char **) tokens);
+ if(tokens_count < 4) {
+ mprintf("!decodesig: Invalid or not supported signature format\n");
+ return -1;
+ }
+ mprintf("VIRUS NAME: %s\n", tokens[0]);
+ mprintf("TDB: %s\n", tokens[1]);
+ mprintf("LOGICAL EXPRESSION: %s\n", tokens[2]);
+ subsigs = cli_ac_chklsig(tokens[2], tokens[2] + strlen(tokens[2]), NULL, NULL, NULL, 1);
+ if(subsigs == -1) {
+ mprintf("!decodesig: Broken logical expression\n");
+ return -1;
+ }
+ subsigs++;
+ if(subsigs > 64) {
+ mprintf("!decodesig: Too many subsignatures\n");
+ return -1;
+ }
+ if(subsigs != tokens_count - 3) {
+ mprintf("!decodesig: The number of subsignatures (==%u) doesn't match the IDs in the logical expression (==%u)\n", tokens_count - 3, subsigs);
+ return -1;
+ }
+ for(i = 0; i < subsigs; i++) {
+ mprintf(" * SUBSIG ID %d\n", i);
+ if((pt = strchr(tokens[3 + i], ':'))) {
+ *pt++ = 0;
+ mprintf(" +-> OFFSET: %s\n", pt);
+ } else {
+ mprintf(" +-> OFFSET: ANY\n");
+ }
+ mprintf(" +-> DECODED SUBSIGNATURE:\n");
+ decodehex(tokens[3 + i]);
+ }
} else if(strchr(sig, ':')) { /* ndb */
tokens_count = cli_strtokenize(sig, ':', 6 + 1, tokens);
if(tokens_count < 4 || tokens_count > 6) {
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list