scan for embedded PEs inside OLE2 files (bb#914)

git-svn: trunk@3763
17 years ago · 5d763f04a5
parent 705d9d8f1c
commit 5d763f04a5
3 changed files with 8 additions and 3 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+Mon Apr  7 12:51:43 CEST 2008 (tk)
+----------------------------------
+  * libclamav: scan for embedded PEs inside OLE2 files (bb#914)
+
 Mon Apr  7 11:15:49 CEST 2008 (tk)
 ----------------------------------
  * libclamav/chmunpack.c,cab.c: downgrade some error messages (bb#911, bb#798)
--- a/libclamav/matcher-ac.c
+++ b/libclamav/matcher-ac.c
@ -689,7 +689,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
 				    if((pt->type > type || pt->type >= CL_TYPE_SFX || pt->type == CL_TYPE_MSEXE) && (!pt->rtype || ftype == pt->rtype)) {
 					cli_dbgmsg("Matched signature for file type %s\n", pt->virname);
 					type = pt->type;
-					if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP) && type == CL_TYPE_MSEXE)))  {
+					if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP || ftype == CL_TYPE_MSOLE2) && type == CL_TYPE_MSEXE)))  {
 					    /* FIXME: we don't know which offset of the first part is the correct one */
 					    for(j = 1; j <= AC_DEFAULT_TRACKLEN && offmatrix[0][j] != -1; j++) {
 						if(ac_addtype(ftoffset, type, offmatrix[pt->parts - 1][j], ctx)) {
@ -727,7 +727,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
 				if((pt->type > type || pt->type >= CL_TYPE_SFX || pt->type == CL_TYPE_MSEXE) && (!pt->rtype || ftype == pt->rtype)) {
 				    cli_dbgmsg("Matched signature for file type %s at %u\n", pt->virname, realoff);
 				    type = pt->type;
-				    if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP) && type == CL_TYPE_MSEXE)))  {
+				    if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP || ftype == CL_TYPE_MSOLE2) && type == CL_TYPE_MSEXE)))  {

 					if(ac_addtype(ftoffset, type, realoff, ctx)) {
 					    if(info.exeinfo.section)
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@ -1529,6 +1529,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,
 	case CL_TYPE_TEXT_ASCII:
 	case CL_TYPE_MSEXE:
 	case CL_TYPE_ZIP:
+	case CL_TYPE_MSOLE2:
 	    acmode |= AC_SCAN_FT;
 	default:
 	    break;
@ -1553,7 +1554,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,
 	}
 */

-	if(nret != CL_VIRUS && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP)) {
+	if(nret != CL_VIRUS && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP || type == CL_TYPE_MSOLE2)) {
 	    lastzip = lastrar = 0xdeadbeef;
 	    fpt = ftoffset;
 	    while(fpt) {