Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

scan raw executables before trying to unpack them

Browse source 
git-svn: trunk@665
This commit is contained in:
Tomasz Kojm 2004-07-11 14:50:25 +00:00
parent 5ae8bdd567
commit 77e4bb1140
2 changed files with 23 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

5
clamav-devel/ChangeLog
View file

@ -1,3 +1,8 @@
Sun Jul 11 16:39:42 CEST 2004 (tk)
----------------------------------
* libclamav: scanners: scan raw executables before trying to unpack them
(requested by Christoph Cordes and Tomasz Papszun)
Fri Jul 9 04:14:37 CEST 2004 (tk) Fri Jul 9 04:14:37 CEST 2004 (tk)
---------------------------------- ----------------------------------
* libclamav: pe: detect skewed UPX1 (patch by aCaB) * libclamav: pe: detect skewed UPX1 (patch by aCaB)

30
clamav-devel/libclamav/scanners.c
View file

@ -1056,11 +1056,6 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned,
type == CL_MAILFILE ? (*mrec)++ : (*arec)++; type == CL_MAILFILE ? (*mrec)++ : (*arec)++;
switch(type) { switch(type) {
case CL_DOSEXE:
if(SCAN_PE)
ret = cli_scanpe(desc, virname, scanned, root, limits, options, arec, mrec);
break;
case CL_RARFILE: case CL_RARFILE:
if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse) if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse)
ret = cli_scanrar(desc, virname, scanned, root, limits, options, arec, mrec); ret = cli_scanrar(desc, virname, scanned, root, limits, options, arec, mrec);
@ -1118,11 +1113,12 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned,
type == CL_MAILFILE ? (*mrec)-- : (*arec)--; type == CL_MAILFILE ? (*mrec)-- : (*arec)--;
if(type != CL_DATAFILE && ret != CL_VIRUS) { /* scan the raw file */ if(type != CL_DATAFILE && ret != CL_VIRUS) { /* scan the raw file */
int typerec;
type == CL_UNKNOWN_TYPE ? (typerec = 1) : (typerec = 0);
lseek(desc, 0, SEEK_SET); lseek(desc, 0, SEEK_SET);
type == CL_UNKNOWN_TYPE ? (type = 1) : (type = 0); if((nret = cli_scandesc(desc, virname, scanned, root, typerec)) == CL_VIRUS) {
if((nret = cli_scandesc(desc, virname, scanned, root, type)) == CL_VIRUS) {
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc); cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
return CL_VIRUS; return CL_VIRUS;
@ -1145,6 +1141,20 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned,
} }
} }
(*arec)++;
lseek(desc, 0, SEEK_SET);
switch(type) {
/* Due to performance reasons all executables were first scanned
* in raw mode. Now we will try to unpack them
*/
case CL_DOSEXE:
if(SCAN_PE)
ret = cli_scanpe(desc, virname, scanned, root, limits, options, arec, mrec);
break;
}
(*arec)--;
return ret; return ret;
} }
@ -1160,8 +1170,6 @@ static int cli_scanfile(const char *filename, const char **virname, unsigned lon
int fd, ret; int fd, ret;
cli_dbgmsg("Scanning %s\n", filename);
/* internal version of cl_scanfile with arec/mrec preserved */ /* internal version of cl_scanfile with arec/mrec preserved */
if((fd = open(filename, O_RDONLY)) == -1) if((fd = open(filename, O_RDONLY)) == -1)
return CL_EOPEN; return CL_EOPEN;
@ -1177,8 +1185,6 @@ int cl_scanfile(const char *filename, const char **virname, unsigned long int *s
int fd, ret; int fd, ret;
cli_dbgmsg("Scanning %s\n", filename);
if((fd = open(filename, O_RDONLY)) == -1) if((fd = open(filename, O_RDONLY)) == -1)
return CL_EOPEN; return CL_EOPEN;