From d3779101c5c8e6266432ecb9d5da38a99cadf85e Mon Sep 17 00:00:00 2001
From: Tomasz Kojm <tkojm@clamav.net>
Date: Thu, 18 Nov 2004 10:05:58 +0000
Subject: [PATCH] try to detect zip archives with modified information in local
 header

git-svn: trunk@1105
---
 clamav-devel/ChangeLog                    |  5 +++++
 clamav-devel/libclamav/scanners.c         | 10 ++++++----
 clamav-devel/libclamav/zziplib/zzip-dir.c |  3 +++
 clamav-devel/libclamav/zziplib/zzip-zip.c |  1 +
 clamav-devel/libclamav/zziplib/zziplib.h  |  1 +
 5 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/clamav-devel/ChangeLog b/clamav-devel/ChangeLog
index 3bdd2f147..297c55e9d 100644
--- a/clamav-devel/ChangeLog
+++ b/clamav-devel/ChangeLog
@@ -1,3 +1,8 @@
+Thu Nov 18 11:03:14 CET 2004 (tk)
+---------------------------------
+  * libclamav: try to detect (and mark as Suspected.Zip) zip archives with
+	       modified information in local header
+
 Thu Nov 18 00:05:37 CET 2004 (tk)
 ---------------------------------
   * libclamav/pe.c: recognize more subsystem/machine types
diff --git a/clamav-devel/libclamav/scanners.c b/clamav-devel/libclamav/scanners.c
index 8b3ef4564..d15bc4f0e 100644
--- a/clamav-devel/libclamav/scanners.c
+++ b/clamav-devel/libclamav/scanners.c
@@ -321,19 +321,21 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
 
 	cli_dbgmsg("Zip: %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );
 
-	/*
 	if(!zdirent.st_size) {
 	    files++;
+	    if(zdirent.d_crc32) {
+		cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n");
+		*virname = "Suspected.Zip";
+		ret = CL_VIRUS;
+		break;
+	    }
 	    continue;
 	}
-	*/
 
 	/* work-around for problematic zips (zziplib crashes with them) */
 	if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {
 	    files++;
 	    cli_dbgmsg("Zip: Malformed archive detected.\n");
-	    /* ret = CL_EMALFZIP; */
-	    /* report it as a virus */
 	    *virname = "Suspected.Zip";
 	    ret = CL_VIRUS;
 	    break;
diff --git a/clamav-devel/libclamav/zziplib/zzip-dir.c b/clamav-devel/libclamav/zziplib/zzip-dir.c
index 7f292e5ef..91560517f 100644
--- a/clamav-devel/libclamav/zziplib/zzip-dir.c
+++ b/clamav-devel/libclamav/zziplib/zzip-dir.c
@@ -1,3 +1,4 @@
+#include <stdio.h>
 /*
  * Author: 
  *	Guido Draheim <guidod@gmx.de>
@@ -145,6 +146,8 @@ zzip_readdir(ZZIP_DIR * dir)
 
 	dir->dirent.d_flags = dir->hdr->d_flags;
 
+        dir->dirent.d_crc32 = (int) dir->hdr->d_crc32;
+
         if (! dir->hdr->d_reclen) dir->hdr = 0;
         else  dir->hdr = (struct zzip_dir_hdr *)
 		  ((char *)dir->hdr + dir->hdr->d_reclen);
diff --git a/clamav-devel/libclamav/zziplib/zzip-zip.c b/clamav-devel/libclamav/zziplib/zzip-zip.c
index 1d330e6e0..53fdd92d8 100644
--- a/clamav-devel/libclamav/zziplib/zzip-zip.c
+++ b/clamav-devel/libclamav/zziplib/zzip-zip.c
@@ -730,6 +730,7 @@ zzip_dir_read(ZZIP_DIR * dir, ZZIP_DIRENT * d )
     d->st_size = dir->hdr->d_usize;
     d->d_name  = dir->hdr->d_name;
     d->d_flags = dir->hdr->d_flags;
+    d->d_crc32 = (int) dir->hdr->d_crc32;
 
     if (! dir->hdr->d_reclen) 
     { dir->hdr = 0; }
diff --git a/clamav-devel/libclamav/zziplib/zziplib.h b/clamav-devel/libclamav/zziplib/zziplib.h
index 423b13d24..b0b638bda 100644
--- a/clamav-devel/libclamav/zziplib/zziplib.h
+++ b/clamav-devel/libclamav/zziplib/zziplib.h
@@ -93,6 +93,7 @@ struct zzip_dirent
     int	 	st_size;	/* file size / decompressed size */
     unsigned short d_flags;	/* general purpose flags */
     char * 	d_name;		/* file name / strdupped name */
+    int	        d_crc32;        /* the adler32-checksum */
 };
 
 /*