2003-07-29 15:48:06 +00:00
|
|
|
/*
|
2004-01-25 06:34:45 +00:00
|
|
|
* Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net>
|
2003-07-29 15:48:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
2004-02-06 13:46:08 +00:00
|
|
|
#if HAVE_CONFIG_H
|
|
|
|
|
#include "clamav-config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
#include <dirent.h>
|
|
|
|
|
|
2004-07-02 23:00:58 +00:00
|
|
|
#if HAVE_MMAP
|
|
|
|
|
#if HAVE_SYS_MMAN_H
|
|
|
|
|
#include <sys/mman.h>
|
|
|
|
|
#else /* HAVE_SYS_MMAN_H */
|
|
|
|
|
#undef HAVE_MMAP
|
|
|
|
|
#endif
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-06-02 00:36:05 +00:00
|
|
|
#include <mspack.h>
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
# include <pthread.h>
|
|
|
|
|
pthread_mutex_t cli_scanrar_mutex = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
|
#endif
|
2004-02-06 13:46:08 +00:00
|
|
|
int cli_scanrar_inuse = 0;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-06-02 00:36:05 +00:00
|
|
|
extern short cli_leavetemps_flag;
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
#include "clamav.h"
|
|
|
|
|
#include "others.h"
|
|
|
|
|
#include "matcher.h"
|
|
|
|
|
#include "unrarlib.h"
|
2004-01-23 11:17:16 +00:00
|
|
|
#include "ole2_extract.h"
|
|
|
|
|
#include "vba_extract.h"
|
2004-05-02 00:51:01 +00:00
|
|
|
#include "msexpand.h"
|
2004-07-05 23:50:55 +00:00
|
|
|
#include "pe.h"
|
2004-07-02 23:00:58 +00:00
|
|
|
#include "filetypes.h"
|
|
|
|
|
#include "htmlnorm.h"
|
2004-07-13 03:30:49 +00:00
|
|
|
#include "md5.h"
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
#ifdef HAVE_ZLIB_H
|
|
|
|
|
#include <zlib.h>
|
|
|
|
|
#include <zzip.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_BZLIB_H
|
|
|
|
|
#include <bzlib.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-03-04 02:27:37 +00:00
|
|
|
#define SCAN_ARCHIVE (options & CL_ARCHIVE)
|
|
|
|
|
#define SCAN_MAIL (options & CL_MAIL)
|
|
|
|
|
#define SCAN_OLE2 (options & CL_OLE2)
|
2004-07-02 23:00:58 +00:00
|
|
|
#define SCAN_HTML (options & CL_HTML)
|
2004-07-05 23:50:55 +00:00
|
|
|
#define SCAN_PE (options & CL_PE)
|
2004-03-04 02:27:37 +00:00
|
|
|
#define DISABLE_RAR (options & CL_DISABLERAR)
|
|
|
|
|
#define DETECT_ENCRYPTED (options & CL_ENCRYPTED)
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-07-06 02:27:22 +00:00
|
|
|
#define MAX_MAIL_RECURSION 15
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-07-13 03:30:49 +00:00
|
|
|
#define MD5_BLOCKSIZE 4096
|
2004-07-04 14:56:48 +00:00
|
|
|
|
|
|
|
|
static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec);
|
|
|
|
|
static int cli_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-07-13 03:30:49 +00:00
|
|
|
|
|
|
|
|
struct cli_md5_node *cli_vermd5(const char *md5, const struct cl_node *root)
|
|
|
|
|
{
|
|
|
|
|
struct cli_md5_node *pt;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if(!(pt = root->hlist[md5[0] & 0xff]))
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
while(pt) {
|
|
|
|
|
if(!memcmp(pt->md5, md5, 16))
|
|
|
|
|
return pt;
|
|
|
|
|
|
|
|
|
|
pt = pt->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-02 23:00:58 +00:00
|
|
|
static int cli_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, int typerec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
|
|
|
|
char *buffer, *buff, *endbl, *pt;
|
2004-07-02 23:00:58 +00:00
|
|
|
int bytes, buffsize, length, ret, *partcnt, type = CL_CLEAN;
|
2004-07-08 13:48:58 +00:00
|
|
|
unsigned long int *partoff, offset = 0;
|
2004-07-13 03:30:49 +00:00
|
|
|
struct md5_ctx ctx;
|
|
|
|
|
unsigned char md5buff[16];
|
|
|
|
|
struct cli_md5_node *md5_node;
|
2004-07-02 23:00:58 +00:00
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
/* prepare the buffer */
|
2003-11-09 02:29:23 +00:00
|
|
|
buffsize = root->maxpatlen + SCANBUFF;
|
2003-12-01 19:28:40 +00:00
|
|
|
if(!(buffer = (char *) cli_calloc(buffsize, sizeof(char)))) {
|
2004-04-05 21:42:11 +00:00
|
|
|
cli_dbgmsg("cli_scandesc(): unable to cli_malloc(%d)\n", buffsize);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EMEM;
|
2003-12-01 19:28:40 +00:00
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-03-31 07:15:00 +00:00
|
|
|
if((partcnt = (int *) cli_calloc(root->partsigs + 1, sizeof(int))) == NULL) {
|
2004-04-05 21:42:11 +00:00
|
|
|
cli_dbgmsg("cli_scandesc(): unable to cli_calloc(%d, %d)\n", root->partsigs + 1, sizeof(int));
|
2004-03-31 07:15:00 +00:00
|
|
|
free(buffer);
|
|
|
|
|
return CL_EMEM;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-08 13:48:58 +00:00
|
|
|
if((partoff = (unsigned long int *) cli_calloc(root->partsigs + 1, sizeof(unsigned long int))) == NULL) {
|
|
|
|
|
cli_dbgmsg("cli_scanbuff(): unable to cli_calloc(%d, %d)\n", root->partsigs + 1, sizeof(unsigned long int));
|
|
|
|
|
return CL_EMEM;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-13 03:30:49 +00:00
|
|
|
md5_init_ctx (&ctx);
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
buff = buffer;
|
|
|
|
|
buff += root->maxpatlen; /* pointer to read data block */
|
2003-11-09 02:29:23 +00:00
|
|
|
endbl = buff + SCANBUFF - root->maxpatlen; /* pointer to the last block
|
2003-07-29 15:48:06 +00:00
|
|
|
* length of root->maxpatlen
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
pt= buff;
|
2003-11-09 02:29:23 +00:00
|
|
|
length = SCANBUFF;
|
|
|
|
|
while((bytes = read(desc, buff, SCANBUFF)) > 0) {
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
if(scanned != NULL)
|
|
|
|
|
*scanned += bytes / CL_COUNT_PRECISION;
|
|
|
|
|
|
2003-11-09 02:29:23 +00:00
|
|
|
if(bytes < SCANBUFF)
|
|
|
|
|
length -= SCANBUFF - bytes;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-07-08 13:48:58 +00:00
|
|
|
if((ret = cli_scanbuff(pt, length, virname, root, partcnt, typerec, offset, partoff)) == CL_VIRUS) {
|
2003-07-29 15:48:06 +00:00
|
|
|
free(buffer);
|
2004-03-31 07:15:00 +00:00
|
|
|
free(partcnt);
|
2004-02-06 13:46:08 +00:00
|
|
|
return ret;
|
2004-07-02 23:00:58 +00:00
|
|
|
|
|
|
|
|
} else if(typerec && ret >= CL_TYPENO) {
|
|
|
|
|
if(ret >= type)
|
|
|
|
|
type = ret;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2004-07-08 13:48:58 +00:00
|
|
|
if(bytes == SCANBUFF) {
|
2003-07-29 15:48:06 +00:00
|
|
|
memmove(buffer, endbl, root->maxpatlen);
|
2004-07-08 13:48:58 +00:00
|
|
|
offset += bytes - root->maxpatlen;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
pt = buffer;
|
2004-07-08 13:48:58 +00:00
|
|
|
length = buffsize;
|
2004-07-13 03:30:49 +00:00
|
|
|
|
|
|
|
|
/* compute MD5 */
|
|
|
|
|
|
|
|
|
|
if(bytes % 64 == 0) {
|
|
|
|
|
md5_process_block(buff, bytes, &ctx);
|
|
|
|
|
} else {
|
|
|
|
|
int block = bytes;
|
|
|
|
|
char *mpt = buff;
|
|
|
|
|
|
|
|
|
|
while(block >= MD5_BLOCKSIZE) {
|
|
|
|
|
md5_process_block(mpt, MD5_BLOCKSIZE, &ctx);
|
|
|
|
|
mpt += MD5_BLOCKSIZE;
|
|
|
|
|
block -= MD5_BLOCKSIZE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(block)
|
|
|
|
|
md5_process_bytes(mpt, block, &ctx);
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(buffer);
|
2004-03-31 07:15:00 +00:00
|
|
|
free(partcnt);
|
2004-07-02 23:00:58 +00:00
|
|
|
|
2004-07-13 03:30:49 +00:00
|
|
|
md5_finish_ctx(&ctx, &md5buff);
|
|
|
|
|
|
|
|
|
|
if((md5_node = cli_vermd5(md5buff, root))) {
|
|
|
|
|
if(virname)
|
|
|
|
|
*virname = md5_node->virname;
|
|
|
|
|
return CL_VIRUS;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-02 23:00:58 +00:00
|
|
|
return typerec ? type : CL_CLEAN;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef CL_THREAD_SAFE
|
2004-03-11 08:33:45 +00:00
|
|
|
static void cli_unlock_mutex(void *mtx)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
|
|
|
|
cli_dbgmsg("Pthread cancelled. Unlocking mutex.\n");
|
|
|
|
|
pthread_mutex_unlock(mtx);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanrar(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
2003-11-09 19:26:44 +00:00
|
|
|
FILE *tmp = NULL;
|
2004-03-15 16:01:55 +00:00
|
|
|
int files = 0, fd, ret = CL_CLEAN, afiles;
|
2003-07-29 15:48:06 +00:00
|
|
|
ArchiveList_struct *rarlist = NULL;
|
2004-03-11 08:33:45 +00:00
|
|
|
ArchiveList_struct *rarlist_head = NULL;
|
2003-07-29 15:48:06 +00:00
|
|
|
char *rar_data_ptr;
|
|
|
|
|
unsigned long rar_data_size;
|
|
|
|
|
|
|
|
|
|
cli_dbgmsg("Starting scanrar()\n");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
pthread_cleanup_push(cli_unlock_mutex, &cli_scanrar_mutex);
|
|
|
|
|
pthread_mutex_lock(&cli_scanrar_mutex);
|
|
|
|
|
cli_scanrar_inuse = 1;
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-03-15 16:01:55 +00:00
|
|
|
if(! (afiles = urarlib_list(desc, (ArchiveList_struct *) &rarlist))) {
|
2003-07-29 15:48:06 +00:00
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
pthread_mutex_unlock(&cli_scanrar_mutex);
|
|
|
|
|
cli_scanrar_inuse = 0;
|
|
|
|
|
#endif
|
|
|
|
|
return CL_ERAR;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-15 16:01:55 +00:00
|
|
|
cli_dbgmsg("Rar -> Number of archived files: %d\n", afiles);
|
|
|
|
|
|
2004-03-11 08:33:45 +00:00
|
|
|
rarlist_head = rarlist;
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
while(rarlist) {
|
2004-03-11 20:48:01 +00:00
|
|
|
if(DETECT_ENCRYPTED && (rarlist->item.Flags & 4)) {
|
|
|
|
|
files++;
|
|
|
|
|
cli_dbgmsg("Rar -> Encrypted files found in archive.\n");
|
2004-05-01 19:33:05 +00:00
|
|
|
lseek(desc, 0, SEEK_SET);
|
2004-07-02 23:00:58 +00:00
|
|
|
if(cli_scandesc(desc, virname, scanned, root, 0) != CL_VIRUS)
|
2004-05-01 19:33:05 +00:00
|
|
|
*virname = "Encrypted.RAR";
|
2004-03-11 20:48:01 +00:00
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
if(limits) {
|
2004-03-19 14:57:03 +00:00
|
|
|
if(limits->maxfilesize && (rarlist->item.UnpSize > (unsigned int) limits->maxfilesize)) {
|
|
|
|
|
cli_dbgmsg("RAR->%s: Size exceeded (%u, max: %lu)\n", rarlist->item.Name, (unsigned int) rarlist->item.UnpSize, limits->maxfilesize);
|
2003-07-29 15:48:06 +00:00
|
|
|
rarlist = rarlist->next;
|
|
|
|
|
files++;
|
2004-02-03 01:35:25 +00:00
|
|
|
/* ret = CL_EMAXSIZE; */
|
2003-07-29 15:48:06 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(limits->maxfiles && (files > limits->maxfiles)) {
|
|
|
|
|
cli_dbgmsg("RAR: Files limit reached (max: %d)\n", limits->maxfiles);
|
2004-02-03 01:35:25 +00:00
|
|
|
/* ret = CL_EMAXFILES; */
|
2003-07-29 15:48:06 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-02 23:00:58 +00:00
|
|
|
if(!(rarlist->item.FileAttr & RAR_FENTRY_ATTR_DIRECTORY)) {
|
2004-03-11 08:33:45 +00:00
|
|
|
rarlist = rarlist->next;
|
|
|
|
|
files++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
if((tmp = tmpfile()) == NULL) {
|
|
|
|
|
cli_dbgmsg("RAR -> Can't generate tmpfile().\n");
|
|
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
pthread_mutex_unlock(&cli_scanrar_mutex);
|
|
|
|
|
cli_scanrar_inuse = 0;
|
|
|
|
|
#endif
|
|
|
|
|
return CL_ETMPFILE;
|
|
|
|
|
}
|
|
|
|
|
fd = fileno(tmp);
|
|
|
|
|
|
2004-03-11 08:33:45 +00:00
|
|
|
if( urarlib_get(&rar_data_ptr, &rar_data_size, rarlist->item.Name, desc, "clam")) {
|
2004-03-19 14:57:03 +00:00
|
|
|
cli_dbgmsg("RAR -> Extracted: %s, size: %lu\n", rarlist->item.Name, rar_data_size);
|
2004-03-11 08:33:45 +00:00
|
|
|
if(fwrite(rar_data_ptr, 1, rar_data_size, tmp) != rar_data_size) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("RAR -> Can't write() file.\n");
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-07-29 15:48:06 +00:00
|
|
|
tmp = NULL;
|
|
|
|
|
ret = CL_ERAR;
|
2003-09-07 19:43:04 +00:00
|
|
|
if(rar_data_ptr) {
|
2003-07-29 15:48:06 +00:00
|
|
|
free(rar_data_ptr);
|
2003-09-07 19:43:04 +00:00
|
|
|
rar_data_ptr = NULL;
|
|
|
|
|
}
|
2003-09-21 20:02:01 +00:00
|
|
|
break;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2003-09-07 19:43:04 +00:00
|
|
|
if(rar_data_ptr) {
|
2003-07-29 15:48:06 +00:00
|
|
|
free(rar_data_ptr);
|
2003-09-07 19:43:04 +00:00
|
|
|
rar_data_ptr = NULL;
|
|
|
|
|
}
|
|
|
|
|
if(fflush(tmp) != 0) {
|
|
|
|
|
cli_dbgmsg("fflush() failed: %s\n", strerror(errno));
|
|
|
|
|
fclose(tmp);
|
2004-03-11 08:33:45 +00:00
|
|
|
urarlib_freelist(rarlist_head);
|
2003-07-29 15:48:06 +00:00
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
pthread_mutex_unlock(&cli_scanrar_mutex);
|
|
|
|
|
cli_scanrar_inuse = 0;
|
|
|
|
|
#endif
|
|
|
|
|
return CL_EFSYNC;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lseek(fd, 0, SEEK_SET);
|
2004-07-04 14:56:48 +00:00
|
|
|
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
|
2004-03-11 08:33:45 +00:00
|
|
|
cli_dbgmsg("RAR -> Found %s virus.\n", *virname);
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-07-29 15:48:06 +00:00
|
|
|
urarlib_freelist(rarlist);
|
|
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
pthread_mutex_unlock(&cli_scanrar_mutex);
|
|
|
|
|
cli_scanrar_inuse = 0;
|
|
|
|
|
#endif
|
2004-03-11 08:33:45 +00:00
|
|
|
return ret;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
cli_dbgmsg("RAR -> Can't decompress file %s\n", rarlist->item.Name);
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2004-03-16 19:39:49 +00:00
|
|
|
tmp = NULL;
|
2003-09-07 19:43:04 +00:00
|
|
|
ret = CL_ERAR; /* WinRAR 3.0 ? */
|
|
|
|
|
break;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-07-29 15:48:06 +00:00
|
|
|
tmp = NULL;
|
|
|
|
|
rarlist = rarlist->next;
|
|
|
|
|
files++;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-11 08:33:45 +00:00
|
|
|
urarlib_freelist(rarlist_head);
|
2003-07-29 15:48:06 +00:00
|
|
|
#ifdef CL_THREAD_SAFE
|
|
|
|
|
pthread_mutex_unlock(&cli_scanrar_mutex);
|
|
|
|
|
cli_scanrar_inuse = 0;
|
|
|
|
|
pthread_cleanup_pop(0);
|
|
|
|
|
#endif
|
2004-03-16 19:39:49 +00:00
|
|
|
|
|
|
|
|
cli_dbgmsg("RAR -> Exit code: %d\n", ret);
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_ZLIB_H
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanzip(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
|
|
|
|
ZZIP_DIR *zdir;
|
|
|
|
|
ZZIP_DIRENT zdirent;
|
|
|
|
|
ZZIP_FILE *zfp;
|
2003-11-09 19:26:44 +00:00
|
|
|
FILE *tmp = NULL;
|
2003-11-09 02:29:23 +00:00
|
|
|
char *buff;
|
2004-02-01 01:18:57 +00:00
|
|
|
int fd, bytes, files = 0, ret = CL_CLEAN;
|
2003-11-09 19:26:44 +00:00
|
|
|
struct stat source;
|
2004-02-01 01:18:57 +00:00
|
|
|
zzip_error_t err;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
cli_dbgmsg("Starting scanzip()\n");
|
|
|
|
|
|
2003-08-29 14:27:15 +00:00
|
|
|
if((zdir = zzip_dir_fdopen(dup(desc), &err)) == NULL) {
|
|
|
|
|
cli_dbgmsg("Zip -> Not supported file format ?.\n");
|
|
|
|
|
cli_dbgmsg("zzip_dir_fdopen() return code: %d\n", err);
|
2003-12-30 03:36:47 +00:00
|
|
|
/* no return with CL_EZIP due to password protected zips */
|
|
|
|
|
return CL_CLEAN;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2003-11-09 19:26:44 +00:00
|
|
|
fstat(desc, &source);
|
|
|
|
|
|
2003-11-15 00:22:10 +00:00
|
|
|
if(!(buff = (char *) cli_malloc(FILEBUFF))) {
|
2003-12-01 19:28:40 +00:00
|
|
|
cli_dbgmsg("cli_scanzip(): unable to malloc(%d)\n", FILEBUFF);
|
2003-11-15 00:22:10 +00:00
|
|
|
zzip_dir_close(zdir);
|
|
|
|
|
return CL_EMEM;
|
|
|
|
|
}
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
while(zzip_dir_read(zdir, &zdirent)) {
|
2003-11-09 19:26:44 +00:00
|
|
|
|
|
|
|
|
if(!zdirent.d_name || !strlen(zdirent.d_name)) { /* Mimail fix */
|
|
|
|
|
cli_dbgmsg("strlen(zdirent.d_name) == %d\n", strlen(zdirent.d_name));
|
2003-11-26 13:33:51 +00:00
|
|
|
*virname = "Suspected.Zip";
|
2003-11-09 19:26:44 +00:00
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
cli_dbgmsg("Zip -> %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );
|
2003-11-09 19:26:44 +00:00
|
|
|
|
2004-06-21 19:29:21 +00:00
|
|
|
if(!zdirent.st_size) { /* omit directories and empty files */
|
2003-07-29 15:48:06 +00:00
|
|
|
files++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* work-around for problematic zips (zziplib crashes with them) */
|
2004-06-21 19:29:21 +00:00
|
|
|
if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {
|
2003-07-29 15:48:06 +00:00
|
|
|
files++;
|
|
|
|
|
cli_dbgmsg("Zip -> Malformed archive detected.\n");
|
2003-11-09 19:26:44 +00:00
|
|
|
/* ret = CL_EMALFZIP; */
|
|
|
|
|
/* report it as a virus */
|
2003-11-26 13:33:51 +00:00
|
|
|
*virname = "Suspected.Zip";
|
2003-11-09 19:26:44 +00:00
|
|
|
ret = CL_VIRUS;
|
2003-07-29 15:48:06 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-21 19:29:21 +00:00
|
|
|
if(limits && limits->maxratio > 0 && ((unsigned) zdirent.st_size / (unsigned) zdirent.d_csize) >= limits->maxratio) {
|
|
|
|
|
*virname = "Oversized.Zip";
|
|
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-07 22:29:48 +00:00
|
|
|
if(DETECT_ENCRYPTED && (zdirent.d_flags & 1 )) {
|
2004-03-04 02:27:37 +00:00
|
|
|
files++;
|
|
|
|
|
cli_dbgmsg("Zip -> Encrypted files found in archive.\n");
|
2004-05-01 19:33:05 +00:00
|
|
|
lseek(desc, 0, SEEK_SET);
|
2004-07-02 23:00:58 +00:00
|
|
|
if(cli_scandesc(desc, virname, scanned, root, 0) != CL_VIRUS)
|
2004-05-01 19:33:05 +00:00
|
|
|
*virname = "Encrypted.Zip";
|
2004-03-04 02:27:37 +00:00
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
if(limits) {
|
|
|
|
|
if(limits->maxfilesize && (zdirent.st_size > limits->maxfilesize)) {
|
2004-03-19 14:57:03 +00:00
|
|
|
cli_dbgmsg("Zip -> %s: Size exceeded (%d, max: %ld)\n", zdirent.d_name, zdirent.st_size, limits->maxfilesize);
|
2003-07-29 15:48:06 +00:00
|
|
|
files++;
|
2004-02-03 01:35:25 +00:00
|
|
|
/* ret = CL_EMAXSIZE; */
|
2003-11-09 19:26:44 +00:00
|
|
|
continue; /* this is not a bug */
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(limits->maxfiles && (files > limits->maxfiles)) {
|
|
|
|
|
cli_dbgmsg("Zip: Files limit reached (max: %d)\n", limits->maxfiles);
|
2004-02-03 01:35:25 +00:00
|
|
|
/* ret = CL_EMAXFILES; */
|
2003-07-29 15:48:06 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* generate temporary file and get its descriptor */
|
|
|
|
|
if((tmp = tmpfile()) == NULL) {
|
|
|
|
|
cli_dbgmsg("Zip -> Can't generate tmpfile().\n");
|
2003-11-09 19:26:44 +00:00
|
|
|
ret = CL_ETMPFILE;
|
|
|
|
|
break;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if((zfp = zzip_file_open(zdir, zdirent.d_name, 0)) == NULL) {
|
|
|
|
|
cli_dbgmsg("Zip -> %s: Can't open file.\n", zdirent.d_name);
|
|
|
|
|
ret = CL_EZIP;
|
2003-11-09 19:26:44 +00:00
|
|
|
break;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2003-11-09 02:29:23 +00:00
|
|
|
while((bytes = zzip_file_read(zfp, buff, FILEBUFF)) > 0) {
|
2004-04-20 22:33:42 +00:00
|
|
|
if(fwrite(buff, 1, bytes, tmp) != (size_t) bytes) {
|
2003-09-07 19:43:04 +00:00
|
|
|
cli_dbgmsg("Zip -> Can't fwrite() file: %s\n", strerror(errno));
|
2003-07-29 15:48:06 +00:00
|
|
|
zzip_file_close(zfp);
|
2003-11-15 00:22:10 +00:00
|
|
|
zzip_dir_close(zdir);
|
|
|
|
|
fclose(tmp);
|
2003-11-09 02:29:23 +00:00
|
|
|
free(buff);
|
2003-11-15 00:22:10 +00:00
|
|
|
return CL_EZIP;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
zzip_file_close(zfp);
|
|
|
|
|
|
2004-06-29 21:34:05 +00:00
|
|
|
|
2003-09-07 19:43:04 +00:00
|
|
|
if(fflush(tmp) != 0) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("fflush() failed: %s\n", strerror(errno));
|
2003-11-09 19:26:44 +00:00
|
|
|
ret = CL_EFSYNC;
|
|
|
|
|
break;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2003-09-07 19:43:04 +00:00
|
|
|
fd = fileno(tmp);
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
lseek(fd, 0, SEEK_SET);
|
2004-07-04 14:56:48 +00:00
|
|
|
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("Zip -> Found %s virus.\n", *virname);
|
|
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
} else if(ret == CL_EMALFZIP) {
|
|
|
|
|
/*
|
2003-11-09 19:26:44 +00:00
|
|
|
* The trick with detection of ZoD only works with higher (>= 5)
|
2003-07-29 15:48:06 +00:00
|
|
|
* recursion limit level.
|
|
|
|
|
*/
|
|
|
|
|
cli_dbgmsg("Zip -> Malformed Zip, scanning stopped.\n");
|
2003-11-26 13:33:51 +00:00
|
|
|
*virname = "Suspected.Zip";
|
2003-07-29 15:48:06 +00:00
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-07 19:43:04 +00:00
|
|
|
if (tmp) {
|
|
|
|
|
fclose(tmp);
|
|
|
|
|
tmp = NULL;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
files++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
zzip_dir_close(zdir);
|
2003-09-07 19:43:04 +00:00
|
|
|
if (tmp) {
|
|
|
|
|
fclose(tmp);
|
|
|
|
|
tmp = NULL;
|
|
|
|
|
}
|
2003-11-15 00:22:10 +00:00
|
|
|
|
|
|
|
|
free(buff);
|
2003-07-29 15:48:06 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scangzip(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
|
|
|
|
int fd, bytes, ret = CL_CLEAN;
|
|
|
|
|
long int size = 0;
|
2003-11-09 02:29:23 +00:00
|
|
|
char *buff;
|
2003-11-09 19:26:44 +00:00
|
|
|
FILE *tmp = NULL;
|
2003-07-29 15:48:06 +00:00
|
|
|
gzFile gd;
|
|
|
|
|
|
|
|
|
|
|
2003-11-09 19:26:44 +00:00
|
|
|
cli_dbgmsg("in cli_scangzip()\n");
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
if((gd = gzdopen(dup(desc), "rb")) == NULL) {
|
|
|
|
|
cli_dbgmsg("Can't gzdopen() descriptor %d.\n", desc);
|
|
|
|
|
return CL_EGZIP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if((tmp = tmpfile()) == NULL) {
|
|
|
|
|
cli_dbgmsg("Can't generate tmpfile().\n");
|
|
|
|
|
gzclose(gd);
|
|
|
|
|
return CL_ETMPFILE;
|
|
|
|
|
}
|
|
|
|
|
fd = fileno(tmp);
|
|
|
|
|
|
2003-11-09 19:26:44 +00:00
|
|
|
if(!(buff = (char *) cli_malloc(FILEBUFF))) {
|
2003-12-01 19:28:40 +00:00
|
|
|
cli_dbgmsg("cli_scangzip(): unable to malloc(%d)\n", FILEBUFF);
|
2003-11-09 19:26:44 +00:00
|
|
|
gzclose(gd);
|
2003-11-09 02:29:23 +00:00
|
|
|
return CL_EMEM;
|
2003-11-09 19:26:44 +00:00
|
|
|
}
|
2003-11-09 02:29:23 +00:00
|
|
|
|
2003-11-09 19:26:44 +00:00
|
|
|
while((bytes = gzread(gd, buff, FILEBUFF)) > 0) {
|
2003-07-29 15:48:06 +00:00
|
|
|
size += bytes;
|
|
|
|
|
|
|
|
|
|
if(limits)
|
2003-11-09 19:26:44 +00:00
|
|
|
if(limits->maxfilesize && (size + FILEBUFF > limits->maxfilesize)) {
|
2004-03-11 08:33:45 +00:00
|
|
|
cli_dbgmsg("Gzip->desc(%d): Size exceeded (stopped at %ld, max: %ld)\n", desc, size, limits->maxfilesize);
|
2004-02-03 01:35:25 +00:00
|
|
|
/* ret = CL_EMAXSIZE; */
|
2003-07-29 15:48:06 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-26 15:31:01 +00:00
|
|
|
if(cli_writen(fd, buff, bytes) != bytes) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("Gzip -> Can't write() file.\n");
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-07-29 15:48:06 +00:00
|
|
|
gzclose(gd);
|
2003-11-09 02:29:23 +00:00
|
|
|
free(buff);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EGZIP;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2003-11-09 02:29:23 +00:00
|
|
|
free(buff);
|
2003-07-29 15:48:06 +00:00
|
|
|
gzclose(gd);
|
|
|
|
|
if(fsync(fd) == -1) {
|
|
|
|
|
cli_dbgmsg("fsync() failed for descriptor %d\n", fd);
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EFSYNC;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lseek(fd, 0, SEEK_SET);
|
2004-07-04 14:56:48 +00:00
|
|
|
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("Gzip -> Found %s virus.\n", *virname);
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_VIRUS;
|
|
|
|
|
}
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_BZLIB_H
|
|
|
|
|
|
|
|
|
|
#ifdef NOBZ2PREFIX
|
|
|
|
|
#define BZ2_bzReadOpen bzReadOpen
|
|
|
|
|
#define BZ2_bzReadClose bzReadClose
|
|
|
|
|
#define BZ2_bzRead bzRead
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanbzip(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
|
|
|
|
int fd, bytes, ret = CL_CLEAN, bzerror = 0;
|
|
|
|
|
short memlim = 0;
|
|
|
|
|
long int size = 0;
|
2003-11-09 02:29:23 +00:00
|
|
|
char *buff;
|
2003-11-09 19:26:44 +00:00
|
|
|
FILE *fs, *tmp = NULL;
|
2003-07-29 15:48:06 +00:00
|
|
|
BZFILE *bfd;
|
|
|
|
|
|
|
|
|
|
|
2003-12-01 19:28:40 +00:00
|
|
|
if((fs = fdopen(dup(desc), "rb")) == NULL) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("Can't fdopen() descriptor %d.\n", desc);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EBZIP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(limits)
|
|
|
|
|
if(limits->archivememlim)
|
|
|
|
|
memlim = 1;
|
|
|
|
|
|
2003-12-20 12:27:44 +00:00
|
|
|
if((bfd = BZ2_bzReadOpen(&bzerror, fs, 0, memlim, NULL, 0)) == NULL) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("Can't initialize bzip2 library (descriptor %d).\n", desc);
|
2003-12-01 19:28:40 +00:00
|
|
|
fclose(fs);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EBZIP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if((tmp = tmpfile()) == NULL) {
|
|
|
|
|
cli_dbgmsg("Can't generate tmpfile().\n");
|
|
|
|
|
BZ2_bzReadClose(&bzerror, bfd);
|
2003-12-01 19:28:40 +00:00
|
|
|
fclose(fs);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_ETMPFILE;
|
|
|
|
|
}
|
|
|
|
|
fd = fileno(tmp);
|
|
|
|
|
|
2003-12-01 19:28:40 +00:00
|
|
|
if(!(buff = (char *) malloc(FILEBUFF))) {
|
|
|
|
|
cli_dbgmsg("cli_scanbzip(): unable to malloc(%d)\n", FILEBUFF);
|
|
|
|
|
fclose(tmp);
|
|
|
|
|
fclose(fs);
|
|
|
|
|
BZ2_bzReadClose(&bzerror, bfd);
|
2003-11-09 02:29:23 +00:00
|
|
|
return CL_EMEM;
|
2003-12-01 19:28:40 +00:00
|
|
|
}
|
2003-11-09 02:29:23 +00:00
|
|
|
|
2003-11-09 19:26:44 +00:00
|
|
|
while((bytes = BZ2_bzRead(&bzerror, bfd, buff, FILEBUFF)) > 0) {
|
2003-07-29 15:48:06 +00:00
|
|
|
size += bytes;
|
|
|
|
|
|
|
|
|
|
if(limits)
|
2003-11-09 19:26:44 +00:00
|
|
|
if(limits->maxfilesize && (size + FILEBUFF > limits->maxfilesize)) {
|
2004-03-11 08:33:45 +00:00
|
|
|
cli_dbgmsg("Bzip2->desc(%d): Size exceeded (stopped at %ld, max: %ld)\n", desc, size, limits->maxfilesize);
|
2004-02-03 01:35:25 +00:00
|
|
|
/* ret = CL_EMAXSIZE; */
|
2003-07-29 15:48:06 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-26 15:31:01 +00:00
|
|
|
if(cli_writen(fd, buff, bytes) != bytes) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("Bzip2 -> Can't write() file.\n");
|
|
|
|
|
BZ2_bzReadClose(&bzerror, bfd);
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-11-09 02:29:23 +00:00
|
|
|
free(buff);
|
2003-12-01 19:28:40 +00:00
|
|
|
fclose(fs);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EGZIP;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2003-11-09 02:29:23 +00:00
|
|
|
free(buff);
|
2003-07-29 15:48:06 +00:00
|
|
|
BZ2_bzReadClose(&bzerror, bfd);
|
|
|
|
|
if(fsync(fd) == -1) {
|
|
|
|
|
cli_dbgmsg("fsync() failed for descriptor %d\n", fd);
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-12-01 19:28:40 +00:00
|
|
|
fclose(fs);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EFSYNC;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lseek(fd, 0, SEEK_SET);
|
2004-07-04 14:56:48 +00:00
|
|
|
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS ) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("Bzip2 -> Found %s virus.\n", *virname);
|
|
|
|
|
}
|
2003-09-07 19:43:04 +00:00
|
|
|
fclose(tmp);
|
2003-12-01 19:28:40 +00:00
|
|
|
fclose(fs);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanmscomp(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2004-05-02 00:51:01 +00:00
|
|
|
{
|
|
|
|
|
int fd, ret = CL_CLEAN;
|
|
|
|
|
FILE *tmp = NULL, *in;
|
|
|
|
|
|
|
|
|
|
cli_dbgmsg("in cli_scanmscomp()\n");
|
|
|
|
|
|
|
|
|
|
if((in = fdopen(dup(desc), "rb")) == NULL) {
|
|
|
|
|
cli_dbgmsg("Can't fdopen() descriptor %d.\n", desc);
|
|
|
|
|
return CL_EMSCOMP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if((tmp = tmpfile()) == NULL) {
|
|
|
|
|
cli_dbgmsg("Can't generate tmpfile().\n");
|
|
|
|
|
fclose(in);
|
|
|
|
|
return CL_ETMPFILE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(cli_msexpand(in, tmp) == -1) {
|
|
|
|
|
cli_dbgmsg("msexpand failed.\n");
|
|
|
|
|
return CL_EMSCOMP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fclose(in);
|
|
|
|
|
if(fflush(tmp)) {
|
|
|
|
|
cli_dbgmsg("fflush() failed\n");
|
|
|
|
|
fclose(tmp);
|
|
|
|
|
return CL_EFSYNC;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fd = fileno(tmp);
|
|
|
|
|
lseek(fd, 0, SEEK_SET);
|
2004-07-04 14:56:48 +00:00
|
|
|
if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec)) == CL_VIRUS) {
|
2004-05-02 00:51:01 +00:00
|
|
|
cli_dbgmsg("MSCompress -> Found %s virus.\n", *virname);
|
|
|
|
|
fclose(tmp);
|
|
|
|
|
return CL_VIRUS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fclose(tmp);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanmscab(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2004-06-02 00:36:05 +00:00
|
|
|
{
|
|
|
|
|
struct mscab_decompressor *cabd = NULL;
|
|
|
|
|
struct mscabd_cabinet *base, *cab;
|
|
|
|
|
struct mscabd_file *file;
|
|
|
|
|
const char *tmpdir;
|
|
|
|
|
char *tempname;
|
|
|
|
|
int ret = CL_CLEAN;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cli_dbgmsg("in cli_scanmscab()\n");
|
|
|
|
|
|
|
|
|
|
if((cabd = mspack_create_cab_decompressor(NULL)) == NULL) {
|
|
|
|
|
cli_dbgmsg("Can't create libmspack CAB decompressor\n");
|
|
|
|
|
return CL_EMSCAB;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if((base = cabd->dsearch(cabd, desc)) == NULL) {
|
|
|
|
|
cli_dbgmsg("I/O error or no valid cabinets found\n");
|
|
|
|
|
mspack_destroy_cab_decompressor(cabd);
|
|
|
|
|
return CL_EMSCAB;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if((tmpdir = getenv("TMPDIR")) == NULL)
|
|
|
|
|
#ifdef P_tmpdir
|
|
|
|
|
tmpdir = P_tmpdir;
|
|
|
|
|
#else
|
|
|
|
|
tmpdir = "/tmp";
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
for(cab = base; cab; cab = cab->next) {
|
|
|
|
|
for(file = cab->files; file; file = file->next) {
|
|
|
|
|
tempname = cl_gentemp(tmpdir);
|
|
|
|
|
cli_dbgmsg("Extracting data to %s\n", tempname);
|
|
|
|
|
if(cabd->extract(cabd, file, tempname)) {
|
|
|
|
|
cli_dbgmsg("libmscab error code: %d\n", cabd->last_error(cabd));
|
|
|
|
|
} else {
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanfile(tempname, virname, scanned, root, limits, options, arec, mrec);
|
2004-06-02 00:36:05 +00:00
|
|
|
}
|
|
|
|
|
if(!cli_leavetemps_flag)
|
|
|
|
|
unlink(tempname);
|
|
|
|
|
free(tempname);
|
|
|
|
|
if(ret == CL_VIRUS)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if(ret == CL_VIRUS)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cabd->close(cabd, base);
|
|
|
|
|
mspack_destroy_cab_decompressor(cabd);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanhtml(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2004-07-02 23:00:58 +00:00
|
|
|
{
|
|
|
|
|
unsigned char *membuff, *newbuff, *newbuff2;
|
|
|
|
|
struct stat statbuf;
|
|
|
|
|
int ret;
|
|
|
|
|
|
2004-07-06 15:51:12 +00:00
|
|
|
|
2004-07-02 23:00:58 +00:00
|
|
|
cli_dbgmsg("in cli_scanhtml()\n");
|
|
|
|
|
|
|
|
|
|
if(fstat(desc, &statbuf) != 0) {
|
|
|
|
|
cli_dbgmsg("fstat failed\n");
|
|
|
|
|
return CL_EIO;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_MMAP
|
|
|
|
|
membuff = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, desc, 0);
|
|
|
|
|
#else /* FIXME */
|
|
|
|
|
return CL_CLEAN;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* TODO: do file operations if mmap fails */
|
|
|
|
|
if(membuff == MAP_FAILED) {
|
|
|
|
|
cli_dbgmsg("mmap failed\n");
|
|
|
|
|
return CL_EMEM;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-06 15:51:12 +00:00
|
|
|
newbuff = html_normalize(membuff, statbuf.st_size);
|
2004-07-02 23:00:58 +00:00
|
|
|
|
|
|
|
|
if(newbuff) {
|
|
|
|
|
newbuff2 = remove_html_comments(newbuff);
|
|
|
|
|
free(newbuff);
|
|
|
|
|
newbuff = remove_html_char_ref(newbuff2);
|
|
|
|
|
free(newbuff2);
|
|
|
|
|
/* Normalise a second time as the above can leave inconsistent white
|
|
|
|
|
* space
|
|
|
|
|
*/
|
|
|
|
|
newbuff2 = html_normalize(newbuff, strlen(newbuff));
|
|
|
|
|
free(newbuff);
|
2004-07-06 15:51:12 +00:00
|
|
|
newbuff = newbuff2;
|
2004-07-02 23:00:58 +00:00
|
|
|
}
|
|
|
|
|
|
2004-07-06 15:51:12 +00:00
|
|
|
ret = cl_scanbuff(newbuff, strlen(newbuff), virname, root);
|
2004-07-02 23:00:58 +00:00
|
|
|
|
2004-07-06 15:51:12 +00:00
|
|
|
free(newbuff);
|
2004-07-02 23:00:58 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2004-01-23 11:17:16 +00:00
|
|
|
{
|
2004-04-20 22:33:42 +00:00
|
|
|
DIR *dd;
|
|
|
|
|
struct dirent *dent;
|
|
|
|
|
struct stat statbuf;
|
|
|
|
|
char *fname;
|
2004-01-23 11:17:16 +00:00
|
|
|
|
|
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
if((dd = opendir(dirname)) != NULL) {
|
|
|
|
|
while((dent = readdir(dd))) {
|
2004-06-27 07:22:19 +00:00
|
|
|
#ifndef C_INTERIX
|
|
|
|
|
if(dent->d_ino)
|
|
|
|
|
#endif
|
|
|
|
|
{
|
2004-04-20 22:33:42 +00:00
|
|
|
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {
|
|
|
|
|
/* build the full name */
|
|
|
|
|
fname = cli_calloc(strlen(dirname) + strlen(dent->d_name) + 2, sizeof(char));
|
|
|
|
|
sprintf(fname, "%s/%s", dirname, dent->d_name);
|
2004-01-23 11:17:16 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
/* stat the file */
|
|
|
|
|
if(lstat(fname, &statbuf) != -1) {
|
|
|
|
|
if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) {
|
2004-07-04 14:56:48 +00:00
|
|
|
if (cli_scandir(fname, virname, scanned, root, limits, options, arec, mrec) == CL_VIRUS) {
|
2004-04-20 22:33:42 +00:00
|
|
|
free(fname);
|
|
|
|
|
closedir(dd);
|
|
|
|
|
return CL_VIRUS;
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
if(S_ISREG(statbuf.st_mode))
|
2004-07-04 14:56:48 +00:00
|
|
|
if(cli_scanfile(fname, virname, scanned, root, limits, options, arec, mrec) == CL_VIRUS) {
|
2004-04-20 22:33:42 +00:00
|
|
|
free(fname);
|
|
|
|
|
closedir(dd);
|
|
|
|
|
return CL_VIRUS;
|
|
|
|
|
}
|
2004-01-23 11:17:16 +00:00
|
|
|
|
2004-02-06 19:52:13 +00:00
|
|
|
}
|
2004-04-20 22:33:42 +00:00
|
|
|
free(fname);
|
2004-01-23 11:17:16 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-04-20 22:33:42 +00:00
|
|
|
} else {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("ScanDir -> Can't open directory %s.\n", dirname);
|
2004-04-20 22:33:42 +00:00
|
|
|
return CL_EOPEN;
|
|
|
|
|
}
|
2004-01-23 11:17:16 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
closedir(dd);
|
|
|
|
|
return 0;
|
2004-01-23 11:17:16 +00:00
|
|
|
}
|
2004-04-20 22:33:42 +00:00
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_vba_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
2004-04-20 22:33:42 +00:00
|
|
|
int ret = CL_CLEAN, i, fd, data_len;
|
|
|
|
|
vba_project_t *vba_project;
|
2003-07-29 15:48:06 +00:00
|
|
|
DIR *dd;
|
|
|
|
|
struct dirent *dent;
|
|
|
|
|
struct stat statbuf;
|
2004-04-27 12:55:18 +00:00
|
|
|
char *fname, *fullname;
|
2004-04-20 22:33:42 +00:00
|
|
|
unsigned char *data;
|
|
|
|
|
|
|
|
|
|
cli_dbgmsg("VBA scan dir: %s\n", dirname);
|
|
|
|
|
if((vba_project = (vba_project_t *) vba56_dir_read(dirname))) {
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
for(i = 0; i < vba_project->count; i++) {
|
|
|
|
|
fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2);
|
|
|
|
|
sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]);
|
|
|
|
|
fd = open(fullname, O_RDONLY);
|
|
|
|
|
if(fd == -1) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("Scan->OLE2 -> Can't open file %s\n", fullname);
|
2004-04-20 22:33:42 +00:00
|
|
|
free(fullname);
|
|
|
|
|
ret = CL_EOPEN;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
free(fullname);
|
|
|
|
|
cli_dbgmsg("decompress VBA project '%s'\n", vba_project->name[i]);
|
|
|
|
|
data = (unsigned char *) vba_decompress(fd, vba_project->offset[i], &data_len);
|
|
|
|
|
close(fd);
|
|
|
|
|
|
|
|
|
|
if(!data) {
|
|
|
|
|
cli_dbgmsg("WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]);
|
|
|
|
|
} else {
|
|
|
|
|
if(cl_scanbuff(data, data_len, virname, root) == CL_VIRUS) {
|
|
|
|
|
free(data);
|
|
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(data);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for(i = 0; i < vba_project->count; i++)
|
|
|
|
|
free(vba_project->name[i]);
|
|
|
|
|
free(vba_project->name);
|
|
|
|
|
free(vba_project->dir);
|
|
|
|
|
free(vba_project->offset);
|
|
|
|
|
free(vba_project);
|
2004-05-29 23:42:42 +00:00
|
|
|
} else if ((fullname = ppt_vba_read(dirname))) {
|
2004-07-04 14:56:48 +00:00
|
|
|
if(cli_scandir(fullname, virname, scanned, root, limits, options, arec, mrec) == CL_VIRUS) {
|
2004-05-29 23:42:42 +00:00
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
}
|
|
|
|
|
cli_rmdirs(fullname);
|
|
|
|
|
free(fullname);
|
2004-05-06 20:16:54 +00:00
|
|
|
} else if ((vba_project = (vba_project_t *) wm_dir_read(dirname))) {
|
|
|
|
|
for (i = 0; i < vba_project->count; i++) {
|
|
|
|
|
fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2);
|
|
|
|
|
sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]);
|
|
|
|
|
fd = open(fullname, O_RDONLY);
|
|
|
|
|
if(fd == -1) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("Scan->OLE2 -> Can't open file %s\n", fullname);
|
2004-05-06 20:16:54 +00:00
|
|
|
free(fullname);
|
|
|
|
|
ret = CL_EOPEN;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
free(fullname);
|
|
|
|
|
cli_dbgmsg("decompress WM project '%s' macro:%d key:%d\n", vba_project->name[i], i, vba_project->key[i]);
|
|
|
|
|
data = (unsigned char *) wm_decrypt_macro(fd, vba_project->offset[i], vba_project->length[i], vba_project->key[i]);
|
|
|
|
|
close(fd);
|
|
|
|
|
|
|
|
|
|
if(!data) {
|
|
|
|
|
cli_dbgmsg("WARNING: WM project '%s' macro %d decrypted to NULL\n", vba_project->name[i], i);
|
|
|
|
|
} else {
|
|
|
|
|
if(cl_scanbuff(data, vba_project->length[i], virname, root) == CL_VIRUS) {
|
|
|
|
|
free(data);
|
|
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
free(data);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for(i = 0; i < vba_project->count; i++)
|
|
|
|
|
free(vba_project->name[i]);
|
|
|
|
|
free(vba_project->key);
|
|
|
|
|
free(vba_project->length);
|
|
|
|
|
free(vba_project->offset);
|
|
|
|
|
free(vba_project->name);
|
|
|
|
|
free(vba_project->dir);
|
|
|
|
|
free(vba_project);
|
2004-04-20 22:33:42 +00:00
|
|
|
}
|
2004-05-06 20:16:54 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
if(ret != CL_CLEAN)
|
|
|
|
|
return ret;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
if((dd = opendir(dirname)) != NULL) {
|
|
|
|
|
while((dent = readdir(dd))) {
|
2004-06-27 07:22:19 +00:00
|
|
|
#ifndef C_INTERIX
|
|
|
|
|
if(dent->d_ino)
|
|
|
|
|
#endif
|
|
|
|
|
{
|
2003-07-29 15:48:06 +00:00
|
|
|
if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {
|
|
|
|
|
/* build the full name */
|
|
|
|
|
fname = cli_calloc(strlen(dirname) + strlen(dent->d_name) + 2, sizeof(char));
|
|
|
|
|
sprintf(fname, "%s/%s", dirname, dent->d_name);
|
|
|
|
|
|
|
|
|
|
/* stat the file */
|
|
|
|
|
if(lstat(fname, &statbuf) != -1) {
|
|
|
|
|
if(S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode))
|
2004-07-04 14:56:48 +00:00
|
|
|
if (cli_vba_scandir(fname, virname, scanned, root, limits, options, arec, mrec) == CL_VIRUS) {
|
2004-04-20 22:33:42 +00:00
|
|
|
ret = CL_VIRUS;
|
|
|
|
|
free(fname);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
free(fname);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("ScanDir -> Can't open directory %s.\n", dirname);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_EOPEN;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
closedir(dd);
|
2004-04-20 22:33:42 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanole2(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2004-04-20 22:33:42 +00:00
|
|
|
{
|
|
|
|
|
const char *tmpdir;
|
2004-04-27 12:55:18 +00:00
|
|
|
char *dir;
|
|
|
|
|
int ret = CL_CLEAN;
|
2004-04-20 22:33:42 +00:00
|
|
|
|
|
|
|
|
cli_dbgmsg("in cli_scanole2()\n");
|
|
|
|
|
|
2004-06-02 00:36:05 +00:00
|
|
|
if((tmpdir = getenv("TMPDIR")) == NULL)
|
2004-04-20 22:33:42 +00:00
|
|
|
#ifdef P_tmpdir
|
|
|
|
|
tmpdir = P_tmpdir;
|
|
|
|
|
#else
|
|
|
|
|
tmpdir = "/tmp";
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* generate the temporary directory */
|
|
|
|
|
dir = cl_gentemp(tmpdir);
|
|
|
|
|
if(mkdir(dir, 0700)) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("ScanOLE2 -> Can't create temporary directory %s\n", dir);
|
2004-04-20 22:33:42 +00:00
|
|
|
return CL_ETMPDIR;
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-24 08:11:13 +00:00
|
|
|
if((ret = cli_ole2_extract(desc, dir, limits))) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("ScanOLE2 -> %s\n", cl_strerror(ret));
|
2004-04-20 22:33:42 +00:00
|
|
|
cli_rmdirs(dir);
|
|
|
|
|
free(dir);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
if((ret = cli_vba_scandir(dir, virname, scanned, root, limits, options, arec, mrec)) != CL_VIRUS) {
|
|
|
|
|
if(cli_scandir(dir, virname, scanned, root, limits, options, arec, mrec) == CL_VIRUS) {
|
2004-04-27 12:55:18 +00:00
|
|
|
ret = CL_VIRUS;
|
2004-04-20 22:33:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cli_rmdirs(dir);
|
|
|
|
|
free(dir);
|
|
|
|
|
return ret;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanmail(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
|
|
|
|
const char *tmpdir;
|
|
|
|
|
char *dir;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
|
2004-07-06 02:27:22 +00:00
|
|
|
cli_dbgmsg("Starting cli_scanmail(), mrec == %d, arec == %d\n", *mrec, *arec);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-06-02 00:36:05 +00:00
|
|
|
if((tmpdir = getenv("TMPDIR")) == NULL)
|
2003-07-29 15:48:06 +00:00
|
|
|
#ifdef P_tmpdir
|
|
|
|
|
tmpdir = P_tmpdir;
|
|
|
|
|
#else
|
|
|
|
|
tmpdir = "/tmp";
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* generate the temporary directory */
|
2003-09-29 11:44:52 +00:00
|
|
|
dir = cl_gentemp(tmpdir);
|
2003-07-29 15:48:06 +00:00
|
|
|
if(mkdir(dir, 0700)) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_dbgmsg("ScanMail -> Can't create temporary directory %s\n", dir);
|
2003-07-29 15:48:06 +00:00
|
|
|
return CL_ETMPDIR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Extract the attachments into the temporary directory
|
|
|
|
|
*/
|
|
|
|
|
ret = cl_mbox(dir, desc);
|
|
|
|
|
/* FIXME: check mbox return code */
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scandir(dir, virname, scanned, root, limits, options, arec, mrec);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
cli_rmdirs(dir);
|
|
|
|
|
free(dir);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
2003-09-07 19:43:04 +00:00
|
|
|
char magic[MAGIC_BUFFER_SIZE+1];
|
2004-07-02 23:00:58 +00:00
|
|
|
int ret = CL_CLEAN, nret;
|
2003-09-07 19:43:04 +00:00
|
|
|
int bread = 0;
|
2004-03-20 14:49:22 +00:00
|
|
|
cli_file_t type;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
if(!root) {
|
2004-06-02 00:36:05 +00:00
|
|
|
cli_errmsg("CRITICAL: root == NULL\n");
|
2003-07-29 15:48:06 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-25 20:38:25 +00:00
|
|
|
if(!options) { /* raw mode (stdin, etc.) */
|
2004-07-03 15:24:43 +00:00
|
|
|
cli_dbgmsg("Raw mode: no support for archives.\n");
|
2004-07-02 23:00:58 +00:00
|
|
|
if((ret = cli_scandesc(desc, virname, scanned, root, 0) == CL_VIRUS))
|
2004-05-25 20:38:25 +00:00
|
|
|
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
if(SCAN_ARCHIVE && limits && limits->maxreclevel)
|
2004-07-04 14:56:48 +00:00
|
|
|
if(*arec > limits->maxreclevel) {
|
|
|
|
|
cli_dbgmsg("Archive recursion limit exceeded (arec == %d).\n", *arec);
|
2004-04-20 22:33:42 +00:00
|
|
|
/* return CL_EMAXREC; */
|
|
|
|
|
return CL_CLEAN;
|
2004-07-04 14:56:48 +00:00
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
if(SCAN_MAIL)
|
|
|
|
|
if(*mrec > MAX_MAIL_RECURSION) {
|
|
|
|
|
cli_dbgmsg("Mail recursion level exceeded (mrec == %d).\n", *mrec);
|
|
|
|
|
/* return CL_EMAXREC; */
|
|
|
|
|
return CL_CLEAN;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
lseek(desc, 0, SEEK_SET);
|
|
|
|
|
bread = read(desc, magic, MAGIC_BUFFER_SIZE);
|
|
|
|
|
magic[MAGIC_BUFFER_SIZE] = '\0';
|
|
|
|
|
lseek(desc, 0, SEEK_SET);
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-07-02 23:00:58 +00:00
|
|
|
if(bread != MAGIC_BUFFER_SIZE) {
|
2004-07-03 15:24:43 +00:00
|
|
|
cli_dbgmsg("File recognition failed: bread != MAGIC_BUFFER_SIZE (%d != %d)\n", bread, MAGIC_BUFFER_SIZE);
|
2004-04-20 22:33:42 +00:00
|
|
|
/* short read: No need to do magic */
|
2004-07-02 23:00:58 +00:00
|
|
|
if((ret = cli_scandesc(desc, virname, scanned, root, 0) == CL_VIRUS))
|
|
|
|
|
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
|
2004-04-20 22:33:42 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
type = cli_filetype(magic, bread);
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
type == CL_MAILFILE ? (*mrec)++ : (*arec)++;
|
2004-07-02 23:00:58 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
switch(type) {
|
|
|
|
|
case CL_RARFILE:
|
|
|
|
|
if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanrar(desc, virname, scanned, root, limits, options, arec, mrec);
|
2004-04-20 22:33:42 +00:00
|
|
|
break;
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
case CL_ZIPFILE:
|
|
|
|
|
if(SCAN_ARCHIVE)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanzip(desc, virname, scanned, root, limits, options, arec, mrec);
|
2004-04-20 22:33:42 +00:00
|
|
|
break;
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
case CL_GZFILE:
|
|
|
|
|
if(SCAN_ARCHIVE)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scangzip(desc, virname, scanned, root, limits, options, arec, mrec);
|
2004-04-20 22:33:42 +00:00
|
|
|
break;
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
case CL_BZFILE:
|
2004-03-11 08:33:45 +00:00
|
|
|
#ifdef HAVE_BZLIB_H
|
2004-04-20 22:33:42 +00:00
|
|
|
if(SCAN_ARCHIVE)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanbzip(desc, virname, scanned, root, limits, options, arec, mrec);
|
2003-07-29 15:48:06 +00:00
|
|
|
#endif
|
2004-04-20 22:33:42 +00:00
|
|
|
break;
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-05-02 00:51:01 +00:00
|
|
|
case CL_MSCFILE:
|
|
|
|
|
if(SCAN_ARCHIVE)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanmscomp(desc, virname, scanned, root, limits, options, arec, mrec);
|
2004-05-02 00:51:01 +00:00
|
|
|
break;
|
|
|
|
|
|
2004-06-02 00:36:05 +00:00
|
|
|
case CL_MSCABFILE:
|
|
|
|
|
if(SCAN_ARCHIVE)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanmscab(desc, virname, scanned, root, limits, options, arec, mrec);
|
2004-06-02 00:36:05 +00:00
|
|
|
break;
|
|
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
case CL_MAILFILE:
|
|
|
|
|
if(SCAN_MAIL)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanmail(desc, virname, scanned, root, limits, options, arec, mrec);
|
2004-04-20 22:33:42 +00:00
|
|
|
break;
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
case CL_OLE2FILE:
|
|
|
|
|
if(SCAN_OLE2)
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_scanole2(desc, virname, scanned, root, limits, options, arec, mrec);
|
2004-04-20 22:33:42 +00:00
|
|
|
break;
|
2004-02-06 13:46:08 +00:00
|
|
|
|
2004-04-20 22:33:42 +00:00
|
|
|
case CL_DATAFILE:
|
|
|
|
|
/* it could be a false positive and a standard DOS .COM file */
|
|
|
|
|
{
|
|
|
|
|
struct stat s;
|
|
|
|
|
if(fstat(desc, &s) == 0 && S_ISREG(s.st_mode) && s.st_size < 65536)
|
|
|
|
|
type = CL_UNKNOWN_TYPE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case CL_UNKNOWN_TYPE:
|
|
|
|
|
break;
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
type == CL_MAILFILE ? (*mrec)-- : (*arec)--;
|
2004-04-20 22:33:42 +00:00
|
|
|
|
|
|
|
|
if(type != CL_DATAFILE && ret != CL_VIRUS) { /* scan the raw file */
|
2004-07-11 14:50:25 +00:00
|
|
|
int typerec;
|
2004-07-02 23:00:58 +00:00
|
|
|
|
2004-07-11 14:50:25 +00:00
|
|
|
type == CL_UNKNOWN_TYPE ? (typerec = 1) : (typerec = 0);
|
|
|
|
|
lseek(desc, 0, SEEK_SET);
|
2004-07-04 14:56:48 +00:00
|
|
|
|
2004-07-11 14:50:25 +00:00
|
|
|
if((nret = cli_scandesc(desc, virname, scanned, root, typerec)) == CL_VIRUS) {
|
2003-07-29 15:48:06 +00:00
|
|
|
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
|
|
|
|
|
return CL_VIRUS;
|
2004-07-02 23:00:58 +00:00
|
|
|
|
|
|
|
|
} else if(nret >= CL_TYPENO) {
|
|
|
|
|
lseek(desc, 0, SEEK_SET);
|
|
|
|
|
|
|
|
|
|
switch(nret) {
|
|
|
|
|
case CL_HTMLFILE:
|
|
|
|
|
if(SCAN_HTML)
|
2004-07-04 14:56:48 +00:00
|
|
|
if(cli_scanhtml(desc, virname, scanned, root, limits, options, arec, mrec) == CL_VIRUS)
|
2004-07-02 23:00:58 +00:00
|
|
|
return CL_VIRUS;
|
|
|
|
|
break;
|
2004-07-03 15:24:43 +00:00
|
|
|
|
|
|
|
|
case CL_MAILFILE:
|
|
|
|
|
if(SCAN_MAIL)
|
2004-07-04 14:56:48 +00:00
|
|
|
if(cli_scanmail(desc, virname, scanned, root, limits, options, arec, mrec) == CL_VIRUS)
|
2004-07-03 15:24:43 +00:00
|
|
|
return CL_VIRUS;
|
|
|
|
|
break;
|
2004-07-02 23:00:58 +00:00
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
2003-12-12 17:48:47 +00:00
|
|
|
}
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-07-11 14:50:25 +00:00
|
|
|
(*arec)++;
|
|
|
|
|
lseek(desc, 0, SEEK_SET);
|
|
|
|
|
switch(type) {
|
|
|
|
|
/* Due to performance reasons all executables were first scanned
|
|
|
|
|
* in raw mode. Now we will try to unpack them
|
|
|
|
|
*/
|
|
|
|
|
case CL_DOSEXE:
|
|
|
|
|
if(SCAN_PE)
|
|
|
|
|
ret = cli_scanpe(desc, virname, scanned, root, limits, options, arec, mrec);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
(*arec)--;
|
|
|
|
|
|
|
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-11 08:33:45 +00:00
|
|
|
int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
2004-07-04 14:56:48 +00:00
|
|
|
int arec = 0, mrec = 0;
|
2003-07-29 15:48:06 +00:00
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
return cli_magic_scandesc(desc, virname, scanned, root, limits, options, &arec, &mrec);
|
2003-07-29 15:48:06 +00:00
|
|
|
}
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
static int cli_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)
|
2004-04-14 22:55:44 +00:00
|
|
|
{
|
|
|
|
|
int fd, ret;
|
|
|
|
|
|
2004-07-05 23:50:55 +00:00
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
/* internal version of cl_scanfile with arec/mrec preserved */
|
2004-04-14 22:55:44 +00:00
|
|
|
if((fd = open(filename, O_RDONLY)) == -1)
|
|
|
|
|
return CL_EOPEN;
|
|
|
|
|
|
2004-07-04 14:56:48 +00:00
|
|
|
ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, arec, mrec);
|
2004-04-14 22:55:44 +00:00
|
|
|
|
|
|
|
|
close(fd);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-11 08:33:45 +00:00
|
|
|
int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options)
|
2003-07-29 15:48:06 +00:00
|
|
|
{
|
|
|
|
|
int fd, ret;
|
|
|
|
|
|
2004-07-03 15:24:43 +00:00
|
|
|
|
2003-07-29 15:48:06 +00:00
|
|
|
if((fd = open(filename, O_RDONLY)) == -1)
|
|
|
|
|
return CL_EOPEN;
|
|
|
|
|
|
|
|
|
|
ret = cl_scandesc(fd, virname, scanned, root, limits, options);
|
|
|
|
|
close(fd);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
