Tue Dec 14 11:15:22 GMT 2004 (trog)

----------------------------------- * sigtool/options.c sigtool/sigtool.c: New options: --vba and --vba-hex * sigtool/vba.c sigtool/vba.h: New files. Code to extract VBA/Word6 macros git-svn: trunk@1183
21 years ago · 9d0b7ebd61
parent 2bfa221aa7
commit 9d0b7ebd61
6 changed files with 1146 additions and 0 deletions
--- a/clamav-devel/ChangeLog
+++ b/clamav-devel/ChangeLog
@ -1,3 +1,8 @@
+Tue Dec 14 11:15:22 GMT 2004 (trog)
+-----------------------------------
+  * sigtool/options.c sigtool/sigtool.c: New options: --vba and --vba-hex
+  * sigtool/vba.c sigtool/vba.h: New files. Code to extract VBA/Word6 macros
+
 Tue Dec 14 10:30:15 GMT 2004 (njh)
 ----------------------------------
  * libclamav/message.c:	better recovery if memory softlimit is hit
--- a/clamav-devel/sigtool/Makefile.am
+++ b/clamav-devel/sigtool/Makefile.am
@ -30,6 +30,8 @@ sigtool_SOURCES = \
    $(top_srcdir)/shared/misc.h \
    options.c \
    options.h \
+    vba.c \
+    vba.h \
    sigtool.c

 sigtool_LDADD = $(top_builddir)/clamscan/others.o 
--- a/clamav-devel/sigtool/options.c
+++ b/clamav-devel/sigtool/options.c
@ -58,6 +58,8 @@ int main(int argc, char **argv)
 	    {"unpack-current", 1, 0, 0},
 	    {"info", 1, 0, 'i'},
 	    {"list-sigs", 2, 0, 'l'},
+	    {"vba", 1, 0 ,0},
+	    {"vba-hex", 1, 0, 0},
 	    {0, 0, 0, 0}
    	};

--- a/clamav-devel/sigtool/sigtool.c
+++ b/clamav-devel/sigtool/sigtool.c
@ -52,6 +52,7 @@
 #include "../clamscan/others.h"
 #include "../libclamav/others.h"
 #include "../libclamav/str.h"
+#include "vba.h"

 #ifndef	O_BINARY
 #define	O_BINARY	0
@ -169,6 +170,51 @@ void sigtool(struct optstruct *opt)

 	listsigs(opt);

+    } else if(optl(opt, "vba") || optl(opt, "vba-hex")) {
+            int fd, hex_output=0;
+	    char *dir;
+	    const char *tmpdir;
+
+
+	if (optl(opt, "vba-hex"))
+		hex_output = 1;
+ 
+	tmpdir = getenv("TMPDIR");
+                                                                                                                                                     
+	if(tmpdir == NULL)
+#ifdef P_tmpdir
+	    tmpdir = P_tmpdir;
+#else
+	    tmpdir = "/tmp";
+#endif
+                                                                                                                                                     
+        /* generate the temporary directory */
+        dir = cli_gentemp(tmpdir);
+        if(mkdir(dir, 0700)) {
+            mprintf("vba dump: Can't create temporary directory %s\n", dir);
+            return;
+        }
+                                                                                                                                     
+        if((fd = open(getargl(opt, "vba"), O_RDONLY)) == -1) {
+	    if((fd = open(getargl(opt, "vba-hex"), O_RDONLY)) == -1) {
+        	mprintf("Can't open file %s\n", getargl(opt, "vba"));
+        	exit(1);
+	    }
+        }
+
+        if(cli_ole2_extract(fd, dir, NULL)) {
+            cli_rmdirs(dir);
+            free(dir);
+	    close(fd);
+            return;
+        }                                                                                                                                        
+
+	close(fd);
+        sigtool_vba_scandir(dir, hex_output);
+                                                                                                                                                     
+        cli_rmdirs(dir);
+        free(dir);
+
    } else {

 	help();
@ -773,6 +819,8 @@ void help(void)
    mprintf("    --unpack=FILE          -u FILE         Unpack a CVD file\n");
    mprintf("    --unpack-current=NAME                  Unpack local CVD\n");
    mprintf("    --list-sigs[=FILE]     -l[FILE]        List signature names\n");
+    mprintf("    --vba=FILE                             Extract VBA/Word6 macro code\n");
+    mprintf("    --vba-hex=FILE                         Extract Word6 macro code with hex values\n");
    mprintf("\n");

    exit(0);
--- a/clamav-devel/sigtool/vba.c
+++ b/clamav-devel/sigtool/vba.c
--- a/clamav-devel/sigtool/vba.h
+++ b/clamav-devel/sigtool/vba.h
@ -0,0 +1,25 @@
+/*
+ *  Copyright (C) 2004 Trog <trog@uncon.org>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+ 
+#ifndef __VBA_H
+#define __VBA_H
+
+extern int hex_output;
+int sigtool_vba_scandir(const char *dirname, int hex_output);
+
+#endif