diff --git a/clamav-devel/ChangeLog b/clamav-devel/ChangeLog index abc9466da..c4dc34e28 100644 --- a/clamav-devel/ChangeLog +++ b/clamav-devel/ChangeLog @@ -1,3 +1,7 @@ +Tue Jan 30 20:16:39 CET 2007 (tk) +--------------------------------- + * libclamav: add mew and upack into dconf + Tue Jan 30 16:31:37 CET 2007 (tk) --------------------------------- * libclamav/unrar/unrar.c: properly handle metadata for large files diff --git a/clamav-devel/libclamav/dconf.c b/clamav-devel/libclamav/dconf.c index 36c15ef7b..521db3ac5 100644 --- a/clamav-devel/libclamav/dconf.c +++ b/clamav-devel/libclamav/dconf.c @@ -61,8 +61,12 @@ static struct dconf_module modules[] = { #ifdef CL_EXPERIMENTAL /* enable by default in experimental mode */ { "PE", "NSPACK", PE_CONF_NSPACK, 1 }, + { "PE", "MEW", PE_CONF_MEW, 1 }, + { "PE", "UPACK", PE_CONF_UPACK, 1 }, #else { "PE", "NSPACK", PE_CONF_NSPACK, 0 }, + { "PE", "MEW", PE_CONF_MEW, 0 }, + { "PE", "UPACK", PE_CONF_UPACK, 0 }, #endif { "ELF", NULL, 0x1, 1 }, diff --git a/clamav-devel/libclamav/dconf.h b/clamav-devel/libclamav/dconf.h index 5f9ab841a..ea9455fec 100644 --- a/clamav-devel/libclamav/dconf.h +++ b/clamav-devel/libclamav/dconf.h @@ -47,6 +47,8 @@ struct cli_dconf { #define PE_CONF_YC 0x400 #define PE_CONF_WWPACK 0x800 #define PE_CONF_NSPACK 0x1000 +#define PE_CONF_MEW 0x2000 +#define PE_CONF_UPACK 0x4000 /* Archive flags */ #define ARCH_CONF_RAR 0x1 diff --git a/clamav-devel/libclamav/mew.c b/clamav-devel/libclamav/mew.c index 7064cb7cb..f0c8edb6a 100644 --- a/clamav-devel/libclamav/mew.c +++ b/clamav-devel/libclamav/mew.c @@ -30,7 +30,6 @@ #include "clamav-config.h" #endif -#ifdef CL_EXPERIMENTAL #include #include #include @@ -874,5 +873,3 @@ int unmew11(int sectnum, char *src, int off, int ssize, int dsize, uint32_t base return 1; } - -#endif /* CL_EXPERIMENTAL */ diff --git a/clamav-devel/libclamav/mew.h b/clamav-devel/libclamav/mew.h index 5d5f403f4..1db18760c 100644 --- a/clamav-devel/libclamav/mew.h +++ b/clamav-devel/libclamav/mew.h @@ -24,20 +24,18 @@ #include "clamav-config.h" #endif -#ifdef CL_EXPERIMENTAL +#include "cltypes.h" + struct lzmastate { char *p0; uint32_t p1, p2; }; -//int mew_lzma(struct pe_image_section_hdr *, char *, char *, uint32_t, uint32_t, uint32_t); int mew_lzma(char *, char *, uint32_t, uint32_t, uint32_t); uint32_t lzma_upack_esi_00(struct lzmastate *, char *, char *, uint32_t); uint32_t lzma_upack_esi_50(struct lzmastate *, uint32_t, uint32_t, char **, char *, uint32_t *, char *, uint32_t); uint32_t lzma_upack_esi_54(struct lzmastate *, uint32_t, uint32_t *, char **, uint32_t *, char *, uint32_t); -//int unmew11(struct pe_image_section_hdr *, int, char *, int, int, int, uint32_t, uint32_t, int, char **, char **, int); int unmew11(int, char *, int, int, int, uint32_t, uint32_t, int, char **, char **, int); -#endif #endif diff --git a/clamav-devel/libclamav/pe.c b/clamav-devel/libclamav/pe.c index 8ba15311d..7a6530f33 100644 --- a/clamav-devel/libclamav/pe.c +++ b/clamav-devel/libclamav/pe.c @@ -49,10 +49,8 @@ #include "str.h" #include "execs.h" #include "md5.h" -#ifdef CL_EXPERIMENTAL #include "mew.h" #include "upack.h" -#endif #ifndef O_BINARY #define O_BINARY 0 @@ -484,7 +482,9 @@ int cli_scanpe(int desc, cli_ctx *ctx) lseek(desc, (EC16(file_hdr.SizeOfOptionalHeader)-sizeof(struct pe_image_optional_hdr32)), SEEK_CUR); } - upack = (EC16(file_hdr.SizeOfOptionalHeader)==0x148); + if(DCONF & PE_CONF_UPACK) + upack = (EC16(file_hdr.SizeOfOptionalHeader)==0x148); + vep = EC32(optional_hdr32.AddressOfEntryPoint); cli_dbgmsg("File format: PE\n"); @@ -1080,7 +1080,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) /* try to find the first section with physical size == 0 */ found = 0; - if(DCONF & (PE_CONF_UPX | PE_CONF_FSG)) { + if(DCONF & (PE_CONF_UPX | PE_CONF_FSG | PE_CONF_MEW)) { for(i = 0; i < (unsigned int) nsections - 1; i++) { if(!section_hdr[i].SizeOfRawData && section_hdr[i].VirtualSize && section_hdr[i + 1].SizeOfRawData && section_hdr[i + 1].VirtualSize) { found = 1; @@ -1090,10 +1090,8 @@ int cli_scanpe(int desc, cli_ctx *ctx) } } - /* MEW support */ -#ifdef CL_EXPERIMENTAL - if (found) { + if (found && (DCONF & PE_CONF_MEW)) { uint32_t fileoffset; /* Check EP for MEW */ if(lseek(desc, ep, SEEK_SET) == -1) { @@ -1253,11 +1251,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) } while (0); } - if(found || upack) { -#else - if(found) { -#endif /* Check EP for UPX vs. FSG vs. Upack */ if(lseek(desc, ep, SEEK_SET) == -1) { cli_dbgmsg("UPX/FSG: lseek() failed\n"); @@ -1274,7 +1268,6 @@ int cli_scanpe(int desc, cli_ctx *ctx) return CL_CLEAN; } -#ifdef CL_EXPERIMENTAL /* Upack 0.39 produces 2 types of executables * 3 sections: | 2 sections (one empty, I don't chech found if !upack, since it's in OR above): * mov esi, value | pusha @@ -1424,7 +1417,6 @@ int cli_scanpe(int desc, cli_ctx *ctx) } } skip_upack_and_go_to_next_unpacker: -#endif if((DCONF & PE_CONF_FSG) && buff[0] == '\x87' && buff[1] == '\x25') { diff --git a/clamav-devel/libclamav/upack.c b/clamav-devel/libclamav/upack.c index 2a4067ca7..3132398e1 100644 --- a/clamav-devel/libclamav/upack.c +++ b/clamav-devel/libclamav/upack.c @@ -27,7 +27,6 @@ #include "clamav-config.h" #endif -#ifdef CL_EXPERIMENTAL #include #include #include @@ -39,6 +38,7 @@ #include "pe.h" #include "rebuildpe.h" #include "others.h" +#include "upack.h" #include "mew.h" #define EC32(x) le32_to_host(x) /* Convert little endian to host */ @@ -672,5 +672,3 @@ int unupack399(char *bs, uint32_t bl, uint32_t init_eax, char *init_ebx, uint32_ return 1; } - -#endif diff --git a/clamav-devel/libclamav/upack.h b/clamav-devel/libclamav/upack.h index 27207109c..b9cbb0cca 100644 --- a/clamav-devel/libclamav/upack.h +++ b/clamav-devel/libclamav/upack.h @@ -24,8 +24,8 @@ #include "clamav-config.h" #endif -#ifdef CL_EXPERIMENTAL +#include "cltypes.h" + int unupack(int, char *, uint32_t, char *, uint32_t, uint32_t, uint32_t, uint32_t, int); #endif -#endif