1. clamav-devel
  2. Commit 0b30b9e2afc0d5b8705c7aae68a0fdf0df440cad
Browse code

match obfuscated JPEG files

git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@951 77e5149b-7576-45b1-b177-96237e5ba77b

Trog authored on 2004/09/30 17:28:53
Showing 2 changed files
ChangeLog
History View file @ 0b30b9e
... ... 
@@ -1,3 +1,7 @@
1 
+Thu Sep 30 09:24:26 BST 2004 (trog)
2 
+-----------------------------------
3 
+  * libclamav/special.c: match obfuscated JPEG files
4 
+
1 5 
 Thu Sep 30 10:01:23 CEST 2004 (tk)
2 6 
 ----------------------------------
3 7 
   * libclamav/matcher: handle Exploit.JPEG.Comment.*
libclamav/special.c
History View file @ 0b30b9e
... ... 
@@ -82,6 +82,12 @@ int cli_check_jpeg_exploit(int fd)
82 82 
 		if ((retval=cli_readn(fd, buffer, 4)) != 4) {
83 83 
 			return 0;
84 84 
 		}
85 
+		/* Check for multiple 0xFF values, we need to skip them */
86 
+		if ((buffer[0] == 0xff) && (buffer[1] == 0xff)) {
87 
+			lseek(fd, -3, SEEK_CUR);
88 
+			continue;
89 
+		}
90 
+
85 91 
 		if ((buffer[0] == 0xff) && (buffer[1] == 0xfe)) {
86 92 
 			if (buffer[2] == 0x00) {
87 93 
 				if ((buffer[3] == 0x00) || (buffer[3] == 0x01)) {