open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve zip and tar support, minor cleanups

Browse Source 
git-svn: trunk@836
remotes/push_mirror/metadata
Tomasz Kojm 21 years ago
parent 7efb18383b
commit 2b25945358
8 changed files with 158 additions and 96 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      clamav-devel/ChangeLog
  2. 2
      clamav-devel/clamscan/options.c
  3. 4
      clamav-devel/libclamav/Makefile.am
  4. 11
      clamav-devel/libclamav/Makefile.in
  5. 16
      clamav-devel/libclamav/filetypes.c
  6. 3
      clamav-devel/libclamav/filetypes.h
  7. 208
      clamav-devel/libclamav/scanners.c
  8. 4
      clamav-devel/shared/misc.c

6
clamav-devel/ChangeLog
Unescape View File

@ -1,3 +1,9 @@
Tue Sep 7 23:14:42 CEST 2004 (tk)
----------------------------------
* libclamav/filetypes.c: add rule for "PK00PK" Zip archives (thanks to
Tomasz Papszun)
* libclamav: enable support for POSIX tar files (patch by Nigel)
Mon Sep 6 12:04:08 BST 2004 (njh)
----------------------------------
* libclamav/mbox.c: Normalise the HTML before looking for URLs to scan

2
clamav-devel/clamscan/options.c
Unescape View File

@ -209,7 +209,7 @@ void register_char_option(struct optstruct *opt, char ch, const char *longname)
void register_long_option(struct optstruct *opt, const char *optname)
{
struct optnode *newnode;
int i, found;
int i, found = 0;
if(clamdscan_mode) {

4
clamav-devel/libclamav/Makefile.am
Unescape View File

@ -114,6 +114,8 @@ libclamav_la_SOURCES = \
fsg.c \
fsg.h \
line.c \
line.h
line.h \
untar.c \
untar.h
lib_LTLIBRARIES = libclamav.la

11
clamav-devel/libclamav/Makefile.in
Unescape View File

@ -79,7 +79,7 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher.lo \
blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo \
text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo \
cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo \
chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo
chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo
libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
@ -102,8 +102,8 @@ am__depfiles_maybe = depfiles
@AMDEP_TRUE@ ./$(DEPDIR)/str.Plo ./$(DEPDIR)/strc.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/strrcpy.Plo ./$(DEPDIR)/system.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/table.Plo ./$(DEPDIR)/text.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/unrarlib.Plo ./$(DEPDIR)/upx.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/vba_extract.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/unrarlib.Plo ./$(DEPDIR)/untar.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/upx.Plo ./$(DEPDIR)/vba_extract.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/zzip-dir.Plo ./$(DEPDIR)/zzip-err.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/zzip-file.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/zzip-info.Plo ./$(DEPDIR)/zzip-io.Plo \
@ -324,7 +324,9 @@ libclamav_la_SOURCES = \
fsg.c \
fsg.h \
line.c \
line.h
line.h \
untar.c \
untar.h
lib_LTLIBRARIES = libclamav.la
all: all-am
@ -430,6 +432,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/table.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/text.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unrarlib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/untar.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upx.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vba_extract.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/zzip-dir.Plo@am__quote@

16
clamav-devel/libclamav/filetypes.c
Unescape View File

@ -53,13 +53,15 @@ static const struct cli_magic_s cli_magic[] = {
/* Archives */
{0, "Rar!", 4, "RAR", CL_RARFILE},
{0, "PK\003\004", 4, "ZIP", CL_ZIPFILE},
{0, "\037\213", 2, "GZip", CL_GZFILE},
{0, "BZh", 3, "BZip", CL_BZFILE},
{0, "SZDD", 4, "compress.exe'd", CL_MSCFILE},
{0, "MSCF", 4, "MS CAB", CL_MSCABFILE},
{0, "ITSF", 4, "MS CHM", CL_MSCHMFILE},
{0, "Rar!", 4, "RAR", CL_RARFILE},
{0, "PK\003\004", 4, "ZIP", CL_ZIPFILE},
{0, "PK00PK\003\004", 4, "ZIP", CL_ZIPFILE},
{0, "\037\213", 2, "GZip", CL_GZFILE},
{0, "BZh", 3, "BZip", CL_BZFILE},
{0, "SZDD", 4, "compress.exe'd", CL_MSCFILE},
{0, "MSCF", 4, "MS CAB", CL_MSCABFILE},
{0, "ITSF", 4, "MS CHM", CL_MSCHMFILE},
{257, "ustar", 5, "POSIX tar", CL_TARFILE},
/* Mail */

3
clamav-devel/libclamav/filetypes.h
Unescape View File

@ -20,7 +20,7 @@
#ifndef __FILETYPES_H
#define __FILETYPES_H
#define MAGIC_BUFFER_SIZE 26
#define MAGIC_BUFFER_SIZE 262
#define CL_TYPENO 500
typedef enum {
@ -28,6 +28,7 @@ typedef enum {
CL_UNKNOWN_DATA_TYPE,
CL_DOSEXE,
CL_DATAFILE,
CL_TARFILE,
CL_GZFILE,
CL_ZIPFILE,
CL_BZFILE,

208
clamav-devel/libclamav/scanners.c
Unescape View File

@ -65,6 +65,7 @@ extern int cli_mbox(const char *dir, int desc, unsigned int options); /* FIXME *
#include "pe.h"
#include "filetypes.h"
#include "htmlnorm.h"
#include "untar.h"
#ifdef HAVE_ZLIB_H
#include <zlib.h>
@ -106,7 +107,8 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
char *rar_data_ptr;
unsigned long rar_data_size;
cli_dbgmsg("Starting scanrar()\n");
cli_dbgmsg("in scanrar()\n");
#ifdef CL_THREAD_SAFE
@ -123,14 +125,14 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
return CL_ERAR;
}
cli_dbgmsg("Rar -> Number of archived files: %d\n", afiles);
cli_dbgmsg("RAR: Number of archived files: %d\n", afiles);
rarlist_head = rarlist;
while(rarlist) {
if(DETECT_ENCRYPTED && (rarlist->item.Flags & 4)) {
files++;
cli_dbgmsg("Rar -> Encrypted files found in archive.\n");
cli_dbgmsg("RAR: Encrypted files found in archive.\n");
lseek(desc, 0, SEEK_SET);
if(cli_scandesc(desc, virname, scanned, root, 0) != CL_VIRUS)
*virname = "Encrypted.RAR";
@ -140,7 +142,7 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
if(limits) {
if(limits->maxfilesize && (rarlist->item.UnpSize > (unsigned int) limits->maxfilesize)) {
cli_dbgmsg("RAR->%s: Size exceeded (%u, max: %lu)\n", rarlist->item.Name, (unsigned int) rarlist->item.UnpSize, limits->maxfilesize);
cli_dbgmsg("RAR: %s: Size exceeded (%u, max: %lu)\n", rarlist->item.Name, (unsigned int) rarlist->item.UnpSize, limits->maxfilesize);
rarlist = rarlist->next;
files++;
/* ret = CL_EMAXSIZE; */
@ -161,7 +163,7 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
}
if((tmp = tmpfile()) == NULL) {
cli_dbgmsg("RAR -> Can't generate tmpfile().\n");
cli_dbgmsg("RAR: Can't generate temporary file.\n");
#ifdef CL_THREAD_SAFE
pthread_mutex_unlock(&cli_scanrar_mutex);
cli_scanrar_inuse = 0;
@ -171,9 +173,9 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
fd = fileno(tmp);
if( urarlib_get(&rar_data_ptr, &rar_data_size, rarlist->item.Name, desc, "clam")) {
cli_dbgmsg("RAR -> Extracted: %s, size: %lu\n", rarlist->item.Name, rar_data_size);
cli_dbgmsg("RAR: Extracted: %s, size: %lu\n", rarlist->item.Name, rar_data_size);
if(fwrite(rar_data_ptr, 1, rar_data_size, tmp) != rar_data_size) {
cli_dbgmsg("RAR -> Can't write() file.\n");
cli_dbgmsg("RAR: Can't write to file.\n");
fclose(tmp);
tmp = NULL;
ret = CL_ERAR;
@ -189,7 +191,7 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
rar_data_ptr = NULL;
}
if(fflush(tmp) != 0) {
cli_dbgmsg("fflush() failed: %s\n", strerror(errno));
cli_dbgmsg("RAR: fflush() failed: %s\n", strerror(errno));
fclose(tmp);
urarlib_freelist(rarlist_head);
#ifdef CL_THREAD_SAFE
@ -201,7 +203,7 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
lseek(fd, 0, SEEK_SET);
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
cli_dbgmsg("RAR -> Found %s virus.\n", *virname);
cli_dbgmsg("RAR: Infected with %s\n", *virname);
fclose(tmp);
urarlib_freelist(rarlist);
@ -213,7 +215,7 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
}
} else {
cli_dbgmsg("RAR -> Can't decompress file %s\n", rarlist->item.Name);
cli_dbgmsg("RAR: Can't decompress file %s\n", rarlist->item.Name);
fclose(tmp);
tmp = NULL;
ret = CL_ERAR; /* WinRAR 3.0 ? */
@ -233,7 +235,7 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const
pthread_cleanup_pop(0);
#endif
cli_dbgmsg("RAR -> Exit code: %d\n", ret);
cli_dbgmsg("RAR: Exit code: %d\n", ret);
return ret;
}
@ -250,11 +252,12 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
struct stat source;
zzip_error_t err;
cli_dbgmsg("Starting scanzip()\n");
cli_dbgmsg("in scanzip()\n");
if((zdir = zzip_dir_fdopen(dup(desc), &err)) == NULL) {
cli_dbgmsg("Zip -> Not supported file format ?.\n");
cli_dbgmsg("zzip_dir_fdopen() return code: %d\n", err);
cli_dbgmsg("Zip: Not supported file format ?.\n");
cli_dbgmsg("Zip: zzip_dir_fdopen() return code: %d\n", err);
/* no return with CL_EZIP due to password protected zips */
return CL_CLEAN;
}
@ -262,7 +265,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
fstat(desc, &source);
if(!(buff = (char *) cli_malloc(FILEBUFF))) {
cli_dbgmsg("cli_scanzip(): unable to malloc(%d)\n", FILEBUFF);
cli_dbgmsg("Zip: unable to malloc(%d)\n", FILEBUFF);
zzip_dir_close(zdir);
return CL_EMEM;
}
@ -270,13 +273,13 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
while(zzip_dir_read(zdir, &zdirent)) {
if(!zdirent.d_name || !strlen(zdirent.d_name)) { /* Mimail fix */
cli_dbgmsg("strlen(zdirent.d_name) == %d\n", strlen(zdirent.d_name));
cli_dbgmsg("Zip: strlen(zdirent.d_name) == %d\n", strlen(zdirent.d_name));
*virname = "Suspected.Zip";
ret = CL_VIRUS;
break;
}
cli_dbgmsg("Zip -> %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );
cli_dbgmsg("Zip: %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );
if(!zdirent.st_size) { /* omit directories and empty files */
files++;
@ -286,7 +289,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
/* work-around for problematic zips (zziplib crashes with them) */
if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {
files++;
cli_dbgmsg("Zip -> Malformed archive detected.\n");
cli_dbgmsg("Zip: Malformed archive detected.\n");
/* ret = CL_EMALFZIP; */
/* report it as a virus */
*virname = "Suspected.Zip";
@ -302,7 +305,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
if(DETECT_ENCRYPTED && (zdirent.d_flags & 1 )) {
files++;
cli_dbgmsg("Zip -> Encrypted files found in archive.\n");
cli_dbgmsg("Zip: Encrypted files found in archive.\n");
lseek(desc, 0, SEEK_SET);
if(cli_scandesc(desc, virname, scanned, root, 0) != CL_VIRUS)
*virname = "Encrypted.Zip";
@ -312,7 +315,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
if(limits) {
if(limits->maxfilesize && (zdirent.st_size > limits->maxfilesize)) {
cli_dbgmsg("Zip -> %s: Size exceeded (%d, max: %ld)\n", zdirent.d_name, zdirent.st_size, limits->maxfilesize);
cli_dbgmsg("Zip: %s: Size exceeded (%d, max: %ld)\n", zdirent.d_name, zdirent.st_size, limits->maxfilesize);
files++;
/* ret = CL_EMAXSIZE; */
continue; /* this is not a bug */
@ -327,20 +330,20 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
/* generate temporary file and get its descriptor */
if((tmp = tmpfile()) == NULL) {
cli_dbgmsg("Zip -> Can't generate tmpfile().\n");
cli_dbgmsg("Zip: Can't generate tmpfile().\n");
ret = CL_ETMPFILE;
break;
}
if((zfp = zzip_file_open(zdir, zdirent.d_name, 0)) == NULL) {
cli_dbgmsg("Zip -> %s: Can't open file.\n", zdirent.d_name);
cli_dbgmsg("Zip: Can't open file %s\n", zdirent.d_name);
ret = CL_EZIP;
break;
}
while((bytes = zzip_file_read(zfp, buff, FILEBUFF)) > 0) {
if(fwrite(buff, 1, bytes, tmp) != (size_t) bytes) {
cli_dbgmsg("Zip -> Can't fwrite() file: %s\n", strerror(errno));
cli_dbgmsg("Zip: Can't write to file.\n");
zzip_file_close(zfp);
zzip_dir_close(zdir);
fclose(tmp);
@ -353,7 +356,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
if(fflush(tmp) != 0) {
cli_dbgmsg("fflush() failed: %s\n", strerror(errno));
cli_dbgmsg("Zip: fflush() failed: %s\n", strerror(errno));
ret = CL_EFSYNC;
break;
}
@ -362,7 +365,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
lseek(fd, 0, SEEK_SET);
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
cli_dbgmsg("Zip -> Found %s virus.\n", *virname);
cli_dbgmsg("Zip: Infected with %s\n", *virname);
ret = CL_VIRUS;
break;
} else if(ret == CL_EMALFZIP) {
@ -370,7 +373,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
* The trick with detection of ZoD only works with higher (>= 5)
* recursion limit level.
*/
cli_dbgmsg("Zip -> Malformed Zip, scanning stopped.\n");
cli_dbgmsg("Zip: Malformed Zip file, scanning stopped.\n");
*virname = "Suspected.Zip";
ret = CL_VIRUS;
break;
@ -405,19 +408,19 @@ static int cli_scangzip(int desc, const char **virname, long int *scanned, const
cli_dbgmsg("in cli_scangzip()\n");
if((gd = gzdopen(dup(desc), "rb")) == NULL) {
cli_dbgmsg("Can't gzdopen() descriptor %d.\n", desc);
cli_dbgmsg("GZip: Can't open descriptor %d\n", desc);
return CL_EGZIP;
}
if((tmp = tmpfile()) == NULL) {
cli_dbgmsg("Can't generate tmpfile().\n");
cli_dbgmsg("GZip: Can't generate temporary file.\n");
gzclose(gd);
return CL_ETMPFILE;
}
fd = fileno(tmp);
if(!(buff = (char *) cli_malloc(FILEBUFF))) {
cli_dbgmsg("cli_scangzip(): unable to malloc(%d)\n", FILEBUFF);
cli_dbgmsg("GZip: Unable to malloc %d bytes.\n", FILEBUFF);
gzclose(gd);
return CL_EMEM;
}
@ -427,13 +430,13 @@ static int cli_scangzip(int desc, const char **virname, long int *scanned, const
if(limits)
if(limits->maxfilesize && (size + FILEBUFF > limits->maxfilesize)) {
cli_dbgmsg("Gzip->desc(%d): Size exceeded (stopped at %ld, max: %ld)\n", desc, size, limits->maxfilesize);
cli_dbgmsg("GZip: Size exceeded (stopped at %ld, max: %ld)\n", size, limits->maxfilesize);
/* ret = CL_EMAXSIZE; */
break;
}
if(cli_writen(fd, buff, bytes) != bytes) {
cli_dbgmsg("Gzip -> Can't write() file.\n");
cli_dbgmsg("GZip: Can't write to file.\n");
fclose(tmp);
gzclose(gd);
free(buff);
@ -444,14 +447,14 @@ static int cli_scangzip(int desc, const char **virname, long int *scanned, const
free(buff);
gzclose(gd);
if(fsync(fd) == -1) {
cli_dbgmsg("fsync() failed for descriptor %d\n", fd);
cli_dbgmsg("GZip: Can't synchronise descriptor %d\n", fd);
fclose(tmp);
return CL_EFSYNC;
}
lseek(fd, 0, SEEK_SET);
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
cli_dbgmsg("Gzip -> Found %s virus.\n", *virname);
cli_dbgmsg("GZip: Infected with %s\n", *virname);
fclose(tmp);
return CL_VIRUS;
}
@ -480,7 +483,7 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const
if((fs = fdopen(dup(desc), "rb")) == NULL) {
cli_dbgmsg("Can't fdopen() descriptor %d.\n", desc);
cli_dbgmsg("Bzip: Can't open descriptor %d.\n", desc);
return CL_EBZIP;
}
@ -489,13 +492,13 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const
memlim = 1;
if((bfd = BZ2_bzReadOpen(&bzerror, fs, 0, memlim, NULL, 0)) == NULL) {
cli_dbgmsg("Can't initialize bzip2 library (descriptor %d).\n", desc);
cli_dbgmsg("Bzip: Can't initialize bzip2 library (descriptor: %d).\n", desc);
fclose(fs);
return CL_EBZIP;
}
if((tmp = tmpfile()) == NULL) {
cli_dbgmsg("Can't generate tmpfile().\n");
cli_dbgmsg("Bzip: Can't generate temporary file.\n");
BZ2_bzReadClose(&bzerror, bfd);
fclose(fs);
return CL_ETMPFILE;
@ -503,7 +506,7 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const
fd = fileno(tmp);
if(!(buff = (char *) malloc(FILEBUFF))) {
cli_dbgmsg("cli_scanbzip(): unable to malloc(%d)\n", FILEBUFF);
cli_dbgmsg("Bzip: Unable to malloc %d bytes.\n", FILEBUFF);
fclose(tmp);
fclose(fs);
BZ2_bzReadClose(&bzerror, bfd);
@ -515,13 +518,13 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const
if(limits)
if(limits->maxfilesize && (size + FILEBUFF > limits->maxfilesize)) {
cli_dbgmsg("Bzip2->desc(%d): Size exceeded (stopped at %ld, max: %ld)\n", desc, size, limits->maxfilesize);
cli_dbgmsg("Bzip: Size exceeded (stopped at %ld, max: %ld)\n", size, limits->maxfilesize);
/* ret = CL_EMAXSIZE; */
break;
}
if(cli_writen(fd, buff, bytes) != bytes) {
cli_dbgmsg("Bzip2 -> Can't write() file.\n");
cli_dbgmsg("Bzip: Can't write to file.\n");
BZ2_bzReadClose(&bzerror, bfd);
fclose(tmp);
free(buff);
@ -533,7 +536,7 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const
free(buff);
BZ2_bzReadClose(&bzerror, bfd);
if(fsync(fd) == -1) {
cli_dbgmsg("fsync() failed for descriptor %d\n", fd);
cli_dbgmsg("Bzip: Synchronisation failed for descriptor %d\n", fd);
fclose(tmp);
fclose(fs);
return CL_EFSYNC;
@ -541,7 +544,7 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const
lseek(fd, 0, SEEK_SET);
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
cli_dbgmsg("Bzip2 -> Found %s virus.\n", *virname);
cli_dbgmsg("Bzip: Infected with %s\n", *virname);
}
fclose(tmp);
fclose(fs);
@ -555,27 +558,28 @@ static int cli_scanmscomp(int desc, const char **virname, long int *scanned, con
int fd, ret = CL_CLEAN;
FILE *tmp = NULL, *in;
cli_dbgmsg("in cli_scanmscomp()\n");
if((in = fdopen(dup(desc), "rb")) == NULL) {
cli_dbgmsg("Can't fdopen() descriptor %d.\n", desc);
cli_dbgmsg("SZDD: Can't open descriptor %d\n", desc);
return CL_EMSCOMP;
}
if((tmp = tmpfile()) == NULL) {
cli_dbgmsg("Can't generate tmpfile().\n");
cli_dbgmsg("SZDD: Can't generate temporary file.\n");
fclose(in);
return CL_ETMPFILE;
}
if(cli_msexpand(in, tmp) == -1) {
cli_dbgmsg("msexpand failed.\n");
cli_dbgmsg("SZDD: msexpand failed.\n");
return CL_EMSCOMP;
}
fclose(in);
if(fflush(tmp)) {
cli_dbgmsg("fflush() failed\n");
cli_dbgmsg("SZDD: fflush() failed.\n");
fclose(tmp);
return CL_EFSYNC;
}
@ -583,7 +587,7 @@ static int cli_scanmscomp(int desc, const char **virname, long int *scanned, con
fd = fileno(tmp);
lseek(fd, 0, SEEK_SET);
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS) {
cli_dbgmsg("MSCompress -> Found %s virus.\n", *virname);
cli_dbgmsg("SZDD: Infected with %s\n", *virname);
fclose(tmp);
return CL_VIRUS;
}
@ -605,12 +609,12 @@ static int cli_scanmscab(int desc, const char **virname, long int *scanned, cons
cli_dbgmsg("in cli_scanmscab()\n");
if((cabd = mspack_create_cab_decompressor(NULL)) == NULL) {
cli_dbgmsg("Can't create libmspack CAB decompressor\n");
cli_dbgmsg("MSCAB: Can't create libmspack CAB decompressor\n");
return CL_EMSCAB;
}
if((base = cabd->dsearch(cabd, desc)) == NULL) {
cli_dbgmsg("I/O error or no valid cabinets found\n");
cli_dbgmsg("MSCAB: I/O error or no valid cabinets found\n");
mspack_destroy_cab_decompressor(cabd);
return CL_EMSCAB;
}
@ -625,9 +629,9 @@ static int cli_scanmscab(int desc, const char **virname, long int *scanned, cons
for(cab = base; cab; cab = cab->next) {
for(file = cab->files; file; file = file->next) {
tempname = cli_gentemp(tmpdir);
cli_dbgmsg("Extracting data to %s\n", tempname);
cli_dbgmsg("MSCAB: Extracting data to %s\n", tempname);
if(cabd->extract(cabd, file, tempname)) {
cli_dbgmsg("libmscab error code: %d\n", cabd->last_error(cabd));
cli_dbgmsg("MSCAB: libmscab error code: %d\n", cabd->last_error(cabd));
} else {
ret = cli_scanfile(tempname, virname, scanned, root, limits, options, arec, mrec);
}
@ -658,12 +662,12 @@ static int cli_scanhtml(int desc, const char **virname, long int *scanned, const
cli_dbgmsg("in cli_scanhtml()\n");
if(fstat(desc, &statbuf) != 0) {
cli_dbgmsg("fstat failed\n");
cli_dbgmsg("HTML: Can't stat descriptor %d\n", desc);
return CL_EIO;
}
if(limits && limits->maxfilesize && (statbuf.st_size > limits->maxfilesize)) {
cli_dbgmsg("ScanHTML -> Size exceeded (%d, max: %ld)\n", statbuf.st_size, limits->maxfilesize);
cli_dbgmsg("HTML: Size exceeded (%d, max: %ld)\n", statbuf.st_size, limits->maxfilesize);
return CL_CLEAN;
}
@ -671,7 +675,7 @@ static int cli_scanhtml(int desc, const char **virname, long int *scanned, const
/* TODO: do file operations if mmap fails */
if(membuff == MAP_FAILED) {
cli_dbgmsg("mmap failed\n");
cli_dbgmsg("HTML: mmap failed\n");
return CL_EMEM;
}
@ -705,7 +709,7 @@ static int cli_scan_mydoom_log(int desc, const char **virname, long int *scanne
int32_t record[8], check;
int i, retval=CL_VIRUS, j;
cli_dbgmsg("in mydoom_log\n");
cli_dbgmsg("in mydoom_log()\n");
/* Check upto the first five records in the file */
for (j=0 ; j<5 ; j++) {
@ -715,13 +719,13 @@ static int cli_scan_mydoom_log(int desc, const char **virname, long int *scanne
/* Decode the key */
record[0] = ~ntohl(record[0]);
cli_dbgmsg("key: %lu\n", record[0]);
cli_dbgmsg("Mydoom: key: %lu\n", record[0]);
check = 0;
for (i=1 ; i<8; i++) {
record[i] = ntohl(record[i]) ^ record[0];
check += record[i];
}
cli_dbgmsg("check: %lu\n", ~check);
cli_dbgmsg("Mydoom: check: %lu\n", ~check);
if ((~check) != record[0]) {
return CL_CLEAN;
}
@ -731,7 +735,7 @@ static int cli_scan_mydoom_log(int desc, const char **virname, long int *scanne
retval = CL_CLEAN;
} else if (retval==CL_VIRUS) {
if(virname)
*virname = "Mydoom.M.log";
*virname = "Worm.Mydoom.M.log";
}
return retval;
@ -778,7 +782,7 @@ static int cli_scandir(const char *dirname, const char **virname, long int *scan
}
}
} else {
cli_dbgmsg("ScanDir -> Can't open directory %s.\n", dirname);
cli_dbgmsg("ScanDir: Can't open directory %s.\n", dirname);
return CL_EOPEN;
}
@ -796,7 +800,8 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *
char *fname, *fullname;
unsigned char *data;
cli_dbgmsg("VBA scan dir: %s\n", dirname);
cli_dbgmsg("VBADir: %s\n", dirname);
if((vba_project = (vba_project_t *) vba56_dir_read(dirname))) {
for(i = 0; i < vba_project->count; i++) {
@ -804,18 +809,18 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *
sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]);
fd = open(fullname, O_RDONLY);
if(fd == -1) {
cli_dbgmsg("Scan->OLE2 -> Can't open file %s\n", fullname);
cli_dbgmsg("VBADir: Can't open file %s\n", fullname);
free(fullname);
ret = CL_EOPEN;
break;
}
free(fullname);
cli_dbgmsg("decompress VBA project '%s'\n", vba_project->name[i]);
cli_dbgmsg("VBADir: Decompress VBA project '%s'\n", vba_project->name[i]);
data = (unsigned char *) vba_decompress(fd, vba_project->offset[i], &data_len);
close(fd);
if(!data) {
cli_dbgmsg("WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]);
cli_dbgmsg("VBADir: WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]);
} else {
if(cl_scanbuff(data, data_len, virname, root) == CL_VIRUS) {
free(data);
@ -845,18 +850,18 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *
sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]);
fd = open(fullname, O_RDONLY);
if(fd == -1) {
cli_dbgmsg("Scan->OLE2 -> Can't open file %s\n", fullname);
cli_dbgmsg("VBADir: Can't open file %s\n", fullname);
free(fullname);
ret = CL_EOPEN;
break;
}
free(fullname);
cli_dbgmsg("decompress WM project '%s' macro:%d key:%d\n", vba_project->name[i], i, vba_project->key[i]);
cli_dbgmsg("VBADir: Decompress WM project '%s' macro:%d key:%d\n", vba_project->name[i], i, vba_project->key[i]);
data = (unsigned char *) wm_decrypt_macro(fd, vba_project->offset[i], vba_project->length[i], vba_project->key[i]);
close(fd);
if(!data) {
cli_dbgmsg("WARNING: WM project '%s' macro %d decrypted to NULL\n", vba_project->name[i], i);
cli_dbgmsg("VBADir: WARNING: WM project '%s' macro %d decrypted to NULL\n", vba_project->name[i], i);
} else {
if(cl_scanbuff(data, vba_project->length[i], virname, root) == CL_VIRUS) {
free(data);
@ -904,7 +909,7 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *
}
}
} else {
cli_dbgmsg("ScanDir -> Can't open directory %s.\n", dirname);
cli_dbgmsg("VBADir: Can't open directory %s.\n", dirname);
return CL_EOPEN;
}
@ -918,6 +923,7 @@ static int cli_scanole2(int desc, const char **virname, long int *scanned, const
char *dir;
int ret = CL_CLEAN;
cli_dbgmsg("in cli_scanole2()\n");
if((tmpdir = getenv("TMPDIR")) == NULL)
@ -930,12 +936,12 @@ static int cli_scanole2(int desc, const char **virname, long int *scanned, const
/* generate the temporary directory */
dir = cli_gentemp(tmpdir);
if(mkdir(dir, 0700)) {
cli_dbgmsg("ScanOLE2 -> Can't create temporary directory %s\n", dir);
cli_dbgmsg("OLE2: Can't create temporary directory %s\n", dir);
return CL_ETMPDIR;
}
if((ret = cli_ole2_extract(desc, dir, limits))) {
cli_dbgmsg("ScanOLE2 -> %s\n", cl_strerror(ret));
cli_dbgmsg("OLE2: %s\n", cl_strerror(ret));
cli_rmdirs(dir);
free(dir);
return ret;
@ -952,6 +958,41 @@ static int cli_scanole2(int desc, const char **virname, long int *scanned, const
return ret;
}
static int cli_scantar(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
{
const char *tmpdir;
char *dir;
int ret = CL_CLEAN;
cli_dbgmsg("in cli_scantar()\n");
if((tmpdir = getenv("TMPDIR")) == NULL)
#ifdef P_tmpdir
tmpdir = P_tmpdir;
#else
tmpdir = "/tmp";
#endif
/* generate temporary directory */
dir = cli_gentemp(tmpdir);
if(mkdir(dir, 0700)) {
cli_errmsg("Tar: Can't create temporary directory %s\n", dir);
return CL_ETMPDIR;
}
if((ret = cli_untar(dir, desc)))
cli_dbgmsg("Tar: %s\n", cl_strerror(ret));
else
ret = cli_scandir(dir, virname, scanned, root, limits, options, arec, mrec);
if(!cli_leavetemps_flag)
cli_rmdirs(dir);
free(dir);
return ret;
}
static int cli_scanmschm(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
{
const char *tmpdir;
@ -971,7 +1012,7 @@ static int cli_scanmschm(int desc, const char **virname, long int *scanned, cons
tempname = cli_gentemp(tmpdir);
if(mkdir(tempname, 0700)) {
cli_dbgmsg("ScanCHM -> Can't create temporary directory %s\n", tempname);
cli_dbgmsg("CHM: Can't create temporary directory %s\n", tempname);
return CL_ETMPDIR;
}
@ -1004,7 +1045,7 @@ static int cli_scanmail(int desc, const char **virname, long int *scanned, const
/* generate the temporary directory */
dir = cli_gentemp(tmpdir);
if(mkdir(dir, 0700)) {
cli_dbgmsg("ScanMail -> Can't create temporary directory %s\n", dir);
cli_dbgmsg("Mail: Can't create temporary directory %s\n", dir);
return CL_ETMPDIR;
}
@ -1024,7 +1065,7 @@ static int cli_scanmail(int desc, const char **virname, long int *scanned, const
int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
{
char magic[MAGIC_BUFFER_SIZE+1];
char magic[MAGIC_BUFFER_SIZE + 1];
int ret = CL_CLEAN, nret;
int bread = 0;
cli_file_t type;
@ -1038,7 +1079,7 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const
if(!options) { /* raw mode (stdin, etc.) */
cli_dbgmsg("Raw mode: no support for archives.\n");
if((ret = cli_scandesc(desc, virname, scanned, root, 0) == CL_VIRUS))
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
cli_dbgmsg("%s found in descriptor %d\n", *virname, desc);
return ret;
}
@ -1057,17 +1098,17 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const
}
lseek(desc, 0, SEEK_SET);
bread = read(desc, magic, MAGIC_BUFFER_SIZE);
magic[MAGIC_BUFFER_SIZE] = '\0';
lseek(desc, 0, SEEK_SET);
memset(magic, 0, sizeof(magic));
if(bread != MAGIC_BUFFER_SIZE) {
/* short read: No need to do magic */
if((ret = cli_scandesc(desc, virname, scanned, root, 0) == CL_VIRUS))
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
return ret;
if((bread = read(desc, magic, MAGIC_BUFFER_SIZE)) == -1) {
cli_dbgmsg("Can't read from descriptor %d\n");
return CL_EIO;
} else if(bread < 2) {
/* short read - no need to do magic */
return CL_CLEAN;
}
lseek(desc, 0, SEEK_SET);
type = cli_filetype(magic, bread);
type == CL_MAILFILE ? (*mrec)++ : (*arec)++;
@ -1120,6 +1161,11 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const
ret = cli_scanole2(desc, virname, scanned, root, limits, options, arec, mrec);
break;
case CL_TARFILE:
if(SCAN_ARCHIVE)
ret = cli_scantar(desc, virname, scanned, root, limits, options, arec, mrec);
break;
case CL_DATAFILE:
/* it could be a false positive and a standard DOS .COM file */
{
@ -1145,7 +1191,7 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const
lseek(desc, 0, SEEK_SET);
if((nret = cli_scandesc(desc, virname, scanned, root, typerec)) == CL_VIRUS) {
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
cli_dbgmsg("%s found in descriptor %d.\n", *virname, desc);
return CL_VIRUS;
} else if(nret >= CL_TYPENO) {

4
clamav-devel/shared/misc.c
Unescape View File

@ -27,6 +27,8 @@
#include "clamav.h"
#include "cfgparser.h"
#include "memory.h"
#include "output.h"
const char *freshdbdir(void)
{
@ -70,7 +72,7 @@ const char *freshdbdir(void)
void print_version(void)
{
const char *dbdir;
char *path, *timecpy;
char *path;
struct cl_cvd *daily;

Write Preview
Loading…
Cancel
Save