use unaligned section's virtual size in Magistr detection

git-svn: trunk@2522

clamav-devel/ChangeLog

@@ -1,3 +1,7 @@
+Mon Nov 27 11:37:18 CET 2006 (tk)
+---------------------------------
+  * libclamav/pe.c: use unaligned section's virtual size in Magistr detection
+
 Sun Nov 26 23:28:59 CET 2006 (acab)
 -----------------------------------
   * libclamav/pe.c: Stuff forgotten in my previous commit

clamav-devel/libclamav/execs.h

@@ -25,6 +25,7 @@
 struct cli_exe_section {
     uint32_t rva;
     uint32_t vsz;
+    uint32_t uvsz; /* unaligned vsz */
     uint32_t raw;
     uint32_t rsz;
 };

clamav-devel/libclamav/pe.c

@@ -631,6 +631,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
 	sname[8] = 0;
 	exe_sections[i].rva = PEALIGN(EC32(section_hdr[i].VirtualAddress), valign);
 	exe_sections[i].vsz = PESALIGN(EC32(section_hdr[i].VirtualSize), valign);
+	exe_sections[i].uvsz = EC32(section_hdr[i].VirtualSize);
 	exe_sections[i].raw = PEALIGN(EC32(section_hdr[i].PointerToRawData), falign);
 	exe_sections[i].rsz = PESALIGN(EC32(section_hdr[i].SizeOfRawData), falign);
 	if (exe_sections[i].rsz && fsize>exe_sections[i].raw && !CLI_ISCONTAINED(0, (uint32_t) fsize, exe_sections[i].raw, exe_sections[i].rsz))
@@ -856,7 +857,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
 	    uint32_t rsize, vsize;
 
 	rsize = exe_sections[nsections - 1].rsz;
-	vsize = exe_sections[nsections - 1].vsz;
+	vsize = exe_sections[nsections - 1].uvsz;
 
 	if(rsize >= 0x612c && vsize >= 0x612c && ((vsize & 0xff) == 0xec)) {
 		int bw = rsize < 0x7000 ? rsize : 0x7000;