XLM is a macro language in Excel that was used before VBA (before
1996). It is still parsed and executed by modern Excel and is gaining
popularity with malware authors.
This patch adds rudimentary support for detecting and extracting
Excel 4.0 (XLM) macros.
The code is based on Didier Steven's plugin_biff for oletools.py.
Tests in libcheck 0.13 must have {} between START_TEST and END_TEST
else it will not compile.
Also replaced all deprecated "fail_" macros with "ck_" macros.
E.g. fail_unless() becomes ck_assert_msg()
The checks_common.h header file provided a couple of macros to
support versions older than 0.9.3. As these older versions are
no longer relevant, I've removed those compatibility macros
entirely.
* fmapify: (54 commits)
workaround for unrar not supporting fmap.
stfu on large lzma allocs
handle 7z encryption detection albeit post extraction and blockencrypted
add 7z SFX support - bb#3063
fix makefile for external LLVM 2.9
fix wrong interaction between prescan_cb caching and postscan_cb
bytecode_watchdog: fix use of unaddressable data
UPgrade lzma SDK to version 9.20 Also fmapify
export cl_fmap_close
cli_map_scandesc convenience API
Introduce cli_map_scandesc to scan a portion of the existing file
fix utf16_to_utf8, and add testcase
cli_utf16_to_utf8
fmapify jpeg_exploit
fmaify cli_scan_riff
fmapify mydoom
export filetype cb
factor out common code
fix mem API of new fmap
unit tests for new fmap scan API
...
Conflicts:
libclamav/Makefile.in
libclamav/c++/Makefile.am
libclamav/c++/Makefile.in
libclamav/filetypes_int.h
libclamav/scanners.c
libclamav/str.c
unit_tests/check_clamav.c
by skipping checks that require it. (bb #1157)
if configure is not able to find check, you can use
--with-libcheck-prefix, instead of CHECK_CFLAGS and
CHECK_LIBS.
remove accidental AC_DEFINE GETHOSTBYNAME_R_6 from last commit.
git-svn: trunk@4172
Makefile portability fixes
fix assert failure
add lcov to top level makefile
cleanup after lcov when you run make clean (bb #1112)
fix parsing of [^.] character class
fix parsing of [r-t]
fix handling of @ for URL hashes
fix handling of &# inside URLs
drop some dead code
more unit tests for str
portability fixes
git-svn: trunk@4078
