Retab cli_checkfp()

12 years ago · 06bd94f0fd
parent 8fdd05d2aa
commit 06bd94f0fd
1 changed files with 85 additions and 77 deletions
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@ -461,6 +461,7 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)
                SHA1Init(&sha1);
                SHA1Update(&sha1, ptr, size);
                SHA1Final(&sha1, &shash1[SHA1_HASH_SIZE]);
+
                if(cli_hm_scan(&shash1[SHA1_HASH_SIZE], size, &virname, ctx->engine->hm_fp, CLI_HASH_SHA1) == CL_VIRUS) {
                    cli_dbgmsg("cli_checkfp(sha1): Found false positive detection (fp sig: %s)\n", virname);
                    return CL_CLEAN;
@ -474,10 +475,12 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)
                    return CL_CLEAN;
                }
            }
+
            if(have_sha256) {
                sha256_init(&sha256);
                sha256_update(&sha256, ptr, size);
                sha256_final(&sha256, &shash256[SHA256_HASH_SIZE]);
+
                if(cli_hm_scan(&shash256[SHA256_HASH_SIZE], size, &virname, ctx->engine->hm_fp, CLI_HASH_SHA256) == CL_VIRUS) {
                    cli_dbgmsg("cli_checkfp(sha256): Found false positive detection (fp sig: %s)\n", virname);
                    return CL_CLEAN;
@ -498,6 +501,7 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)
                sha256_update(&sha256, ptr, size);
                sha256_final(&sha256, &shash256[SHA256_HASH_SIZE]);
            }
+
            for(i=0; i<SHA256_HASH_SIZE; i++)
                sprintf((char *)shash256+i*2, "%02x", shash256[SHA256_HASH_SIZE+i]);

@ -506,12 +510,14 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)
                SHA1Update(&sha1, ptr, size);
                SHA1Final(&sha1, &shash1[SHA1_HASH_SIZE]);
            }
+
            for(i=0; i<SHA1_HASH_SIZE; i++)
                sprintf((char *)shash1+i*2, "%02x", shash1[SHA1_HASH_SIZE+i]);

            cli_errmsg("COLLECT:%s:%s:%u:%s:%s\n", shash256, shash1, size, cli_get_last_virus(ctx), ctx->entry_filename);
        } else
            cli_errmsg("can't compute sha\n!");
+
        ctx->sha_collect = -1;
    }
 #endif
@ -524,10 +530,12 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)
        case CL_VIRUS:
            if(cli_hm_scan(shash1, 2, &virname, ctx->engine->hm_fp, CLI_HASH_SHA1) == CL_VIRUS) {
                cli_dbgmsg("cli_checkfp(pe): PE file whitelisted by catalog file\n");
+
            return CL_CLEAN;
            }
        }
    }
+
    if (ctx->engine->cb_hash)
        ctx->engine->cb_hash(fmap_fd(*ctx->fmap), size, md5, cli_get_last_virus(ctx), ctx->cb_ctx);