open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

try to detect zip archives with modified information in local header

Browse Source 
git-svn: trunk@1105
remotes/push_mirror/metadata
Tomasz Kojm 21 years ago
parent 399815d9ed
commit d3779101c5
5 changed files with 16 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      clamav-devel/ChangeLog
  2. 10
      clamav-devel/libclamav/scanners.c
  3. 3
      clamav-devel/libclamav/zziplib/zzip-dir.c
  4. 1
      clamav-devel/libclamav/zziplib/zzip-zip.c
  5. 1
      clamav-devel/libclamav/zziplib/zziplib.h

5
clamav-devel/ChangeLog
Unescape View File

@ -1,3 +1,8 @@
Thu Nov 18 11:03:14 CET 2004 (tk)
---------------------------------
* libclamav: try to detect (and mark as Suspected.Zip) zip archives with
modified information in local header
Thu Nov 18 00:05:37 CET 2004 (tk) Thu Nov 18 00:05:37 CET 2004 (tk)
--------------------------------- ---------------------------------
* libclamav/pe.c: recognize more subsystem/machine types * libclamav/pe.c: recognize more subsystem/machine types

10
clamav-devel/libclamav/scanners.c
Unescape View File

@ -321,19 +321,21 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const
cli_dbgmsg("Zip: %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 ); cli_dbgmsg("Zip: %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );
/*
if(!zdirent.st_size) { if(!zdirent.st_size) {
files++; files++;
if(zdirent.d_crc32) {
cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n");
*virname = "Suspected.Zip";
ret = CL_VIRUS;
break;
}
continue; continue;
} }
*/
/* work-around for problematic zips (zziplib crashes with them) */ /* work-around for problematic zips (zziplib crashes with them) */
if(zdirent.d_csize <= 0 || zdirent.st_size < 0) { if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {
files++; files++;
cli_dbgmsg("Zip: Malformed archive detected.\n"); cli_dbgmsg("Zip: Malformed archive detected.\n");
/* ret = CL_EMALFZIP; */
/* report it as a virus */
*virname = "Suspected.Zip"; *virname = "Suspected.Zip";
ret = CL_VIRUS; ret = CL_VIRUS;
break; break;

3
clamav-devel/libclamav/zziplib/zzip-dir.c
Unescape View File

@ -1,3 +1,4 @@
#include <stdio.h>
/* /*
* Author: * Author:
* Guido Draheim <guidod@gmx.de> * Guido Draheim <guidod@gmx.de>
@ -145,6 +146,8 @@ zzip_readdir(ZZIP_DIR * dir)
dir->dirent.d_flags = dir->hdr->d_flags; dir->dirent.d_flags = dir->hdr->d_flags;
dir->dirent.d_crc32 = (int) dir->hdr->d_crc32;
if (! dir->hdr->d_reclen) dir->hdr = 0; if (! dir->hdr->d_reclen) dir->hdr = 0;
else dir->hdr = (struct zzip_dir_hdr *) else dir->hdr = (struct zzip_dir_hdr *)
((char *)dir->hdr + dir->hdr->d_reclen); ((char *)dir->hdr + dir->hdr->d_reclen);

1
clamav-devel/libclamav/zziplib/zzip-zip.c
Unescape View File

@ -730,6 +730,7 @@ zzip_dir_read(ZZIP_DIR * dir, ZZIP_DIRENT * d )
d->st_size = dir->hdr->d_usize; d->st_size = dir->hdr->d_usize;
d->d_name = dir->hdr->d_name; d->d_name = dir->hdr->d_name;
d->d_flags = dir->hdr->d_flags; d->d_flags = dir->hdr->d_flags;
d->d_crc32 = (int) dir->hdr->d_crc32;
if (! dir->hdr->d_reclen) if (! dir->hdr->d_reclen)
{ dir->hdr = 0; } { dir->hdr = 0; }

1
clamav-devel/libclamav/zziplib/zziplib.h
Unescape View File

@ -93,6 +93,7 @@ struct zzip_dirent
int st_size; /* file size / decompressed size */ int st_size; /* file size / decompressed size */
unsigned short d_flags; /* general purpose flags */ unsigned short d_flags; /* general purpose flags */
char * d_name; /* file name / strdupped name */ char * d_name; /* file name / strdupped name */
int d_crc32; /* the adler32-checksum */
}; };
/* /*

Write Preview
Loading…
Cancel
Save