activate RIFF code

git-svn: trunk@1311

clamav-devel/ChangeLog

@@ -1,3 +1,7 @@
+Sat Feb  5 16:48:46 CET 2005 (tk)
+---------------------------------
+  * libclamav: activate RIFF code (patch by Trog)
+
 Sat Feb  5 16:17:41 CET 2005 (tk)
 ---------------------------------
   * libclamav/scanners.c: do not report Suspected.Zip on standard breaking zip

clamav-devel/libclamav/filetypes.c

@@ -108,12 +108,13 @@ static const struct cli_magic_s cli_magic[] = {
     {6,  "JFIF",			 4, "JPEG",         CL_TYPE_GRAPHICS},
     {6,  "Exif",			 4, "JPEG",         CL_TYPE_GRAPHICS},
     {0,  "\x89PNG",			 4, "PNG",          CL_TYPE_GRAPHICS},
+    {0,  "RIFF",                         4, "RIFF",         CL_TYPE_RIFF},
+    {0,  "RIFX",                         4, "RIFX",         CL_TYPE_RIFF},
 
     /* Ignored types */
 
     {0,  "\000\000\001\263",             4, "MPEG video stream",  CL_TYPE_DATA},
     {0,  "\000\000\001\272",             4, "MPEG sys stream",    CL_TYPE_DATA},
-    {0,  "RIFF",                         4, "RIFF",		  CL_TYPE_DATA},
     {0,  "OggS",                         4, "Ogg Stream",         CL_TYPE_DATA},
     {0,  "ID3",				 3, "MP3",		  CL_TYPE_DATA},
     {0,  "\377\373\220",		 3, "MP3",		  CL_TYPE_DATA},

clamav-devel/libclamav/filetypes.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net>
+ *  Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net>
  *  With enhancements from Thomas Lamy <Thomas.Lamy@in-online.net>
  *
  *  This program is free software; you can redistribute it and/or modify
@@ -39,6 +39,7 @@ typedef enum {
     CL_TYPE_MSCHM,
     CL_TYPE_SCRENC,
     CL_TYPE_GRAPHICS,
+    CL_TYPE_RIFF,
     CL_TYPE_BINHEX,
 
     /* bigger numbers have higher priority (in o-t-f detection) */

clamav-devel/libclamav/scanners.c

@@ -1146,6 +1146,18 @@ static int cli_scanscrenc(int desc, const char **virname, long int *scanned, con
     return ret;
 }
 
+static int cli_scanriff(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec)
+{
+	int ret = CL_CLEAN;
+
+    if(cli_check_riff_exploit(desc) == 2) {
+	ret = CL_VIRUS;
+	*virname = "Exploit.W32.MS05-002";
+    }
+
+    return ret;
+}
+
 static int cli_scanmail(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec)
 {
 	char *dir;
@@ -1296,6 +1308,10 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const
 	    ret = cli_scanscrenc(desc, virname, scanned, root, limits, options, arec, mrec);
 	    break;
 
+	case CL_TYPE_RIFF:
+	    ret = cli_scanriff(desc, virname, scanned, root, limits, options, arec, mrec);
+	    break;
+
 	case CL_TYPE_DATA:
 	    /* it could be a false positive and a standard DOS .COM file */
 	    {

clamav-devel/libclamav/special.c

@@ -16,15 +16,18 @@
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
+#include "clamav-config.h"
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <netinet/in.h>
+#include <string.h>
 
-#include "clamav-config.h"
 #include "clamav.h"
 #include "others.h"
+#include "cltypes.h"
 
 #define FALSE (0)
 #define TRUE (1)

clamav-devel/libclamav/special.h

@@ -21,5 +21,6 @@
 
 int cli_check_mydoom_log(int desc, const char **virname);
 int cli_check_jpeg_exploit(int fd);
+int cli_check_riff_exploit(int fd);
 
 #endif