...
|
...
|
@@ -854,7 +854,6 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U)
|
854
|
854
|
fd = open(vbaname, O_RDONLY|O_BINARY);
|
855
|
855
|
if (fd == -1) continue;
|
856
|
856
|
if ((fullname = cli_ppt_vba_read(fd, ctx))) {
|
857
|
|
- hasmacros++;
|
858
|
857
|
if(cli_scandir(fullname, ctx) == CL_VIRUS) {
|
859
|
858
|
ret = CL_VIRUS;
|
860
|
859
|
}
|
...
|
...
|
@@ -881,7 +880,6 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U)
|
881
|
881
|
for (i = 0; i < vba_project->count; i++) {
|
882
|
882
|
cli_dbgmsg("VBADir: Decompress WM project macro:%d key:%d length:%d\n", i, vba_project->key[i], vba_project->length[i]);
|
883
|
883
|
data = (unsigned char *)cli_wm_decrypt_macro(fd, vba_project->offset[i], vba_project->length[i], vba_project->key[i]);
|
884
|
|
- hasmacros++;
|
885
|
884
|
if(!data) {
|
886
|
885
|
cli_dbgmsg("VBADir: WARNING: WM project '%s' macro %d decrypted to NULL\n", vba_project->name[i], i);
|
887
|
886
|
} else {
|