diff --git a/clamav-devel/ChangeLog b/clamav-devel/ChangeLog index e6d64916e..ff86a5751 100644 --- a/clamav-devel/ChangeLog +++ b/clamav-devel/ChangeLog @@ -1,3 +1,7 @@ +Sat Feb 5 16:48:46 CET 2005 (tk) +--------------------------------- + * libclamav: activate RIFF code (patch by Trog) + Sat Feb 5 16:17:41 CET 2005 (tk) --------------------------------- * libclamav/scanners.c: do not report Suspected.Zip on standard breaking zip diff --git a/clamav-devel/libclamav/filetypes.c b/clamav-devel/libclamav/filetypes.c index 9753d42a0..0c96e6c39 100644 --- a/clamav-devel/libclamav/filetypes.c +++ b/clamav-devel/libclamav/filetypes.c @@ -108,12 +108,13 @@ static const struct cli_magic_s cli_magic[] = { {6, "JFIF", 4, "JPEG", CL_TYPE_GRAPHICS}, {6, "Exif", 4, "JPEG", CL_TYPE_GRAPHICS}, {0, "\x89PNG", 4, "PNG", CL_TYPE_GRAPHICS}, + {0, "RIFF", 4, "RIFF", CL_TYPE_RIFF}, + {0, "RIFX", 4, "RIFX", CL_TYPE_RIFF}, /* Ignored types */ {0, "\000\000\001\263", 4, "MPEG video stream", CL_TYPE_DATA}, {0, "\000\000\001\272", 4, "MPEG sys stream", CL_TYPE_DATA}, - {0, "RIFF", 4, "RIFF", CL_TYPE_DATA}, {0, "OggS", 4, "Ogg Stream", CL_TYPE_DATA}, {0, "ID3", 3, "MP3", CL_TYPE_DATA}, {0, "\377\373\220", 3, "MP3", CL_TYPE_DATA}, diff --git a/clamav-devel/libclamav/filetypes.h b/clamav-devel/libclamav/filetypes.h index 0d2e26683..602cbd59c 100644 --- a/clamav-devel/libclamav/filetypes.h +++ b/clamav-devel/libclamav/filetypes.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002 - 2004 Tomasz Kojm + * Copyright (C) 2002 - 2005 Tomasz Kojm * With enhancements from Thomas Lamy * * This program is free software; you can redistribute it and/or modify @@ -39,6 +39,7 @@ typedef enum { CL_TYPE_MSCHM, CL_TYPE_SCRENC, CL_TYPE_GRAPHICS, + CL_TYPE_RIFF, CL_TYPE_BINHEX, /* bigger numbers have higher priority (in o-t-f detection) */ diff --git a/clamav-devel/libclamav/scanners.c b/clamav-devel/libclamav/scanners.c index ad598f1cc..42e6ee43e 100644 --- a/clamav-devel/libclamav/scanners.c +++ b/clamav-devel/libclamav/scanners.c @@ -1146,6 +1146,18 @@ static int cli_scanscrenc(int desc, const char **virname, long int *scanned, con return ret; } +static int cli_scanriff(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec) +{ + int ret = CL_CLEAN; + + if(cli_check_riff_exploit(desc) == 2) { + ret = CL_VIRUS; + *virname = "Exploit.W32.MS05-002"; + } + + return ret; +} + static int cli_scanmail(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec) { char *dir; @@ -1296,6 +1308,10 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const ret = cli_scanscrenc(desc, virname, scanned, root, limits, options, arec, mrec); break; + case CL_TYPE_RIFF: + ret = cli_scanriff(desc, virname, scanned, root, limits, options, arec, mrec); + break; + case CL_TYPE_DATA: /* it could be a false positive and a standard DOS .COM file */ { diff --git a/clamav-devel/libclamav/special.c b/clamav-devel/libclamav/special.c index 65d640838..d1965d826 100644 --- a/clamav-devel/libclamav/special.c +++ b/clamav-devel/libclamav/special.c @@ -16,15 +16,18 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include "clamav-config.h" + #include #include #include #include #include +#include -#include "clamav-config.h" #include "clamav.h" #include "others.h" +#include "cltypes.h" #define FALSE (0) #define TRUE (1) diff --git a/clamav-devel/libclamav/special.h b/clamav-devel/libclamav/special.h index 768af5112..544b76d0d 100644 --- a/clamav-devel/libclamav/special.h +++ b/clamav-devel/libclamav/special.h @@ -21,5 +21,6 @@ int cli_check_mydoom_log(int desc, const char **virname); int cli_check_jpeg_exploit(int fd); +int cli_check_riff_exploit(int fd); #endif