Browse code
scan raw executables before trying to unpack them
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@665 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/07/11 23:50:25Showing 2 changed files
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Sun Jul 11 16:39:42 CEST 2004 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav: scanners: scan raw executables before trying to unpack them |
|
| 4 |
+ (requested by Christoph Cordes and Tomasz Papszun) |
|
| 5 |
+ |
|
| 1 | 6 |
Fri Jul 9 04:14:37 CEST 2004 (tk) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* libclamav: pe: detect skewed UPX1 (patch by aCaB) |
| ... | ... |
@@ -1056,11 +1056,6 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
| 1056 | 1056 |
type == CL_MAILFILE ? (*mrec)++ : (*arec)++; |
| 1057 | 1057 |
|
| 1058 | 1058 |
switch(type) {
|
| 1059 |
- case CL_DOSEXE: |
|
| 1060 |
- if(SCAN_PE) |
|
| 1061 |
- ret = cli_scanpe(desc, virname, scanned, root, limits, options, arec, mrec); |
|
| 1062 |
- break; |
|
| 1063 |
- |
|
| 1064 | 1059 |
case CL_RARFILE: |
| 1065 | 1060 |
if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse) |
| 1066 | 1061 |
ret = cli_scanrar(desc, virname, scanned, root, limits, options, arec, mrec); |
| ... | ... |
@@ -1118,11 +1113,12 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
| 1118 | 1118 |
type == CL_MAILFILE ? (*mrec)-- : (*arec)--; |
| 1119 | 1119 |
|
| 1120 | 1120 |
if(type != CL_DATAFILE && ret != CL_VIRUS) { /* scan the raw file */
|
| 1121 |
- lseek(desc, 0, SEEK_SET); |
|
| 1121 |
+ int typerec; |
|
| 1122 | 1122 |
|
| 1123 |
- type == CL_UNKNOWN_TYPE ? (type = 1) : (type = 0); |
|
| 1123 |
+ type == CL_UNKNOWN_TYPE ? (typerec = 1) : (typerec = 0); |
|
| 1124 |
+ lseek(desc, 0, SEEK_SET); |
|
| 1124 | 1125 |
|
| 1125 |
- if((nret = cli_scandesc(desc, virname, scanned, root, type)) == CL_VIRUS) {
|
|
| 1126 |
+ if((nret = cli_scandesc(desc, virname, scanned, root, typerec)) == CL_VIRUS) {
|
|
| 1126 | 1127 |
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc);
|
| 1127 | 1128 |
return CL_VIRUS; |
| 1128 | 1129 |
|
| ... | ... |
@@ -1145,6 +1141,20 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
| 1145 | 1145 |
} |
| 1146 | 1146 |
} |
| 1147 | 1147 |
|
| 1148 |
+ (*arec)++; |
|
| 1149 |
+ lseek(desc, 0, SEEK_SET); |
|
| 1150 |
+ switch(type) {
|
|
| 1151 |
+ /* Due to performance reasons all executables were first scanned |
|
| 1152 |
+ * in raw mode. Now we will try to unpack them |
|
| 1153 |
+ */ |
|
| 1154 |
+ case CL_DOSEXE: |
|
| 1155 |
+ if(SCAN_PE) |
|
| 1156 |
+ ret = cli_scanpe(desc, virname, scanned, root, limits, options, arec, mrec); |
|
| 1157 |
+ break; |
|
| 1158 |
+ } |
|
| 1159 |
+ (*arec)--; |
|
| 1160 |
+ |
|
| 1161 |
+ |
|
| 1148 | 1162 |
return ret; |
| 1149 | 1163 |
} |
| 1150 | 1164 |
|
| ... | ... |
@@ -1160,8 +1170,6 @@ static int cli_scanfile(const char *filename, const char **virname, unsigned lon |
| 1160 | 1160 |
int fd, ret; |
| 1161 | 1161 |
|
| 1162 | 1162 |
|
| 1163 |
- cli_dbgmsg("Scanning %s\n", filename);
|
|
| 1164 |
- |
|
| 1165 | 1163 |
/* internal version of cl_scanfile with arec/mrec preserved */ |
| 1166 | 1164 |
if((fd = open(filename, O_RDONLY)) == -1) |
| 1167 | 1165 |
return CL_EOPEN; |
| ... | ... |
@@ -1177,8 +1185,6 @@ int cl_scanfile(const char *filename, const char **virname, unsigned long int *s |
| 1177 | 1177 |
int fd, ret; |
| 1178 | 1178 |
|
| 1179 | 1179 |
|
| 1180 |
- cli_dbgmsg("Scanning %s\n", filename);
|
|
| 1181 |
- |
|
| 1182 | 1180 |
if((fd = open(filename, O_RDONLY)) == -1) |
| 1183 | 1181 |
return CL_EOPEN; |
| 1184 | 1182 |
|