... | ... |
@@ -2597,12 +2597,21 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
2597 | 2597 |
json_object *arrobj, *ftobj, *fsobj; |
2598 | 2598 |
|
2599 | 2599 |
if (NULL == ctx->properties) { |
2600 |
- ctx->properties = json_object_new_object(); |
|
2601 |
- if (NULL == ctx->properties) { |
|
2602 |
- cli_errmsg("magic_scandesc: no memory for json properties object\n"); |
|
2603 |
- early_ret_from_magicscan(CL_EMEM); |
|
2600 |
+ if (type == CL_TYPE_PDF || /* file types we collect properties about */ |
|
2601 |
+ type == CL_TYPE_MSOLE2 || |
|
2602 |
+ type == CL_TYPE_MSEXE || |
|
2603 |
+ type == CL_TYPE_OOXML_WORD || |
|
2604 |
+ type == CL_TYPE_OOXML_PPT || |
|
2605 |
+ type == CL_TYPE_OOXML_XL) { |
|
2606 |
+ ctx->properties = json_object_new_object(); |
|
2607 |
+ if (NULL == ctx->properties) { |
|
2608 |
+ cli_errmsg("magic_scandesc: no memory for json properties object\n"); |
|
2609 |
+ early_ret_from_magicscan(CL_EMEM); |
|
2610 |
+ } |
|
2611 |
+ ctx->wrkproperty = ctx->properties; |
|
2612 |
+ } else { /* turn off property collection flag for file types we don't care about */ |
|
2613 |
+ ctx->options &= ~CL_SCAN_FILE_PROPERTIES; |
|
2604 | 2614 |
} |
2605 |
- ctx->wrkproperty = ctx->properties; |
|
2606 | 2615 |
} |
2607 | 2616 |
else { |
2608 | 2617 |
parent_property = ctx->wrkproperty; |
... | ... |
@@ -500,6 +500,7 @@ int cli_unzip(cli_ctx *ctx) { |
500 | 500 |
fmap_t *map = *ctx->fmap; |
501 | 501 |
char *tmpd; |
502 | 502 |
const char *ptr; |
503 |
+ int virus_found = 0; |
|
503 | 504 |
|
504 | 505 |
cli_dbgmsg("in cli_unzip\n"); |
505 | 506 |
fsize = (uint32_t)map->len; |
... | ... |
@@ -546,6 +547,10 @@ int cli_unzip(cli_ctx *ctx) { |
546 | 546 |
while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(map, lhoff, fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd, 1, zip_scan_cb))) { |
547 | 547 |
fc++; |
548 | 548 |
lhoff+=coff; |
549 |
+ if (SCAN_ALL && ret == CL_VIRUS) { |
|
550 |
+ ret = CL_CLEAN; |
|
551 |
+ virus_found = 1; |
|
552 |
+ } |
|
549 | 553 |
if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) { |
550 | 554 |
cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->engine->maxfiles); |
551 | 555 |
ret=CL_EMAXFILES; |
... | ... |
@@ -556,6 +561,9 @@ int cli_unzip(cli_ctx *ctx) { |
556 | 556 |
if (!ctx->engine->keeptmp) cli_rmdirs(tmpd); |
557 | 557 |
free(tmpd); |
558 | 558 |
|
559 |
+ if (ret == CL_CLEAN && virus_found) |
|
560 |
+ ret = CL_VIRUS; |
|
561 |
+ |
|
559 | 562 |
return ret; |
560 | 563 |
} |
561 | 564 |
|