mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 18:33:16 +00:00
zip: Fix false negative w. HeuristicScanPrecedence
This commit is contained in:
Jan Smutny
Micah Snyder (micasnyd)
parent
76d60e5451
commit
b33e4be3ea
1 changed files with 27 additions and 2 deletions
|
|
@ -957,6 +957,7 @@ cl_error_t index_the_central_directory(
|
||||||
struct zip_record *curr_record = NULL;
|
struct zip_record *curr_record = NULL;
|
||||||
struct zip_record *prev_record = NULL;
|
struct zip_record *prev_record = NULL;
|
||||||
uint32_t num_overlapping_files = 0;
|
uint32_t num_overlapping_files = 0;
|
||||||
|
int virus_found = 0;
|
||||||
|
|
||||||
if (NULL == catalogue || NULL == num_records) {
|
if (NULL == catalogue || NULL == num_records) {
|
||||||
cli_errmsg("index_the_central_directory: Invalid NULL arguments\n");
|
cli_errmsg("index_the_central_directory: Invalid NULL arguments\n");
|
||||||
|
|
@ -986,6 +987,15 @@ cl_error_t index_the_central_directory(
|
||||||
NULL, // tmpd not required
|
NULL, // tmpd not required
|
||||||
NULL,
|
NULL,
|
||||||
&(zip_catalogue[records_count])))) {
|
&(zip_catalogue[records_count])))) {
|
||||||
|
if (ret == CL_VIRUS) {
|
||||||
|
if (SCAN_ALLMATCHES)
|
||||||
|
virus_found = 1;
|
||||||
|
else {
|
||||||
|
status = CL_VIRUS;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
index++;
|
index++;
|
||||||
|
|
||||||
if (cli_checktimelimit(ctx) != CL_SUCCESS) {
|
if (cli_checktimelimit(ctx) != CL_SUCCESS) {
|
||||||
|
|
@ -1023,6 +1033,15 @@ cl_error_t index_the_central_directory(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ret == CL_VIRUS) {
|
||||||
|
if (SCAN_ALLMATCHES)
|
||||||
|
virus_found = 1;
|
||||||
|
else {
|
||||||
|
status = CL_VIRUS;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (records_count > 1) {
|
if (records_count > 1) {
|
||||||
/*
|
/*
|
||||||
* Sort the records by local file offset
|
* Sort the records by local file offset
|
||||||
|
|
@ -1090,6 +1109,8 @@ done:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virus_found) status = CL_VIRUS;
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1147,7 +1168,11 @@ cl_error_t cli_unzip(cli_ctx *ctx)
|
||||||
&zip_catalogue,
|
&zip_catalogue,
|
||||||
&records_count);
|
&records_count);
|
||||||
if (CL_SUCCESS != ret) {
|
if (CL_SUCCESS != ret) {
|
||||||
goto done;
|
if (CL_VIRUS == ret && SCAN_ALLMATCHES)
|
||||||
|
virus_found = 1;
|
||||||
|
else {
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -1227,7 +1252,7 @@ cl_error_t cli_unzip(cli_ctx *ctx)
|
||||||
if (virus_found == 1) {
|
if (virus_found == 1) {
|
||||||
ret = CL_VIRUS;
|
ret = CL_VIRUS;
|
||||||
}
|
}
|
||||||
if (num_files_unzipped <= (file_count / 4)) { /* FIXME: make up a sane ratio or remove the whole logic */
|
if (0 < num_files_unzipped && num_files_unzipped <= (file_count / 4)) { /* FIXME: make up a sane ratio or remove the whole logic */
|
||||||
file_count = 0;
|
file_count = 0;
|
||||||
while ((ret == CL_CLEAN) &&
|
while ((ret == CL_CLEAN) &&
|
||||||
(lhoff < fsize) &&
|
(lhoff < fsize) &&
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue