git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@665 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/07/11 23:50:25... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Sun Jul 11 16:39:42 CEST 2004 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: scanners: scan raw executables before trying to unpack them |
|
4 |
+ (requested by Christoph Cordes and Tomasz Papszun) |
|
5 |
+ |
|
1 | 6 |
Fri Jul 9 04:14:37 CEST 2004 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav: pe: detect skewed UPX1 (patch by aCaB) |
... | ... |
@@ -1056,11 +1056,6 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
1056 | 1056 |
type == CL_MAILFILE ? (*mrec)++ : (*arec)++; |
1057 | 1057 |
|
1058 | 1058 |
switch(type) { |
1059 |
- case CL_DOSEXE: |
|
1060 |
- if(SCAN_PE) |
|
1061 |
- ret = cli_scanpe(desc, virname, scanned, root, limits, options, arec, mrec); |
|
1062 |
- break; |
|
1063 |
- |
|
1064 | 1059 |
case CL_RARFILE: |
1065 | 1060 |
if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse) |
1066 | 1061 |
ret = cli_scanrar(desc, virname, scanned, root, limits, options, arec, mrec); |
... | ... |
@@ -1118,11 +1113,12 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
1118 | 1118 |
type == CL_MAILFILE ? (*mrec)-- : (*arec)--; |
1119 | 1119 |
|
1120 | 1120 |
if(type != CL_DATAFILE && ret != CL_VIRUS) { /* scan the raw file */ |
1121 |
- lseek(desc, 0, SEEK_SET); |
|
1121 |
+ int typerec; |
|
1122 | 1122 |
|
1123 |
- type == CL_UNKNOWN_TYPE ? (type = 1) : (type = 0); |
|
1123 |
+ type == CL_UNKNOWN_TYPE ? (typerec = 1) : (typerec = 0); |
|
1124 |
+ lseek(desc, 0, SEEK_SET); |
|
1124 | 1125 |
|
1125 |
- if((nret = cli_scandesc(desc, virname, scanned, root, type)) == CL_VIRUS) { |
|
1126 |
+ if((nret = cli_scandesc(desc, virname, scanned, root, typerec)) == CL_VIRUS) { |
|
1126 | 1127 |
cli_dbgmsg("%s virus found in descriptor %d.\n", *virname, desc); |
1127 | 1128 |
return CL_VIRUS; |
1128 | 1129 |
|
... | ... |
@@ -1145,6 +1141,20 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, |
1145 | 1145 |
} |
1146 | 1146 |
} |
1147 | 1147 |
|
1148 |
+ (*arec)++; |
|
1149 |
+ lseek(desc, 0, SEEK_SET); |
|
1150 |
+ switch(type) { |
|
1151 |
+ /* Due to performance reasons all executables were first scanned |
|
1152 |
+ * in raw mode. Now we will try to unpack them |
|
1153 |
+ */ |
|
1154 |
+ case CL_DOSEXE: |
|
1155 |
+ if(SCAN_PE) |
|
1156 |
+ ret = cli_scanpe(desc, virname, scanned, root, limits, options, arec, mrec); |
|
1157 |
+ break; |
|
1158 |
+ } |
|
1159 |
+ (*arec)--; |
|
1160 |
+ |
|
1161 |
+ |
|
1148 | 1162 |
return ret; |
1149 | 1163 |
} |
1150 | 1164 |
|
... | ... |
@@ -1160,8 +1170,6 @@ static int cli_scanfile(const char *filename, const char **virname, unsigned lon |
1160 | 1160 |
int fd, ret; |
1161 | 1161 |
|
1162 | 1162 |
|
1163 |
- cli_dbgmsg("Scanning %s\n", filename); |
|
1164 |
- |
|
1165 | 1163 |
/* internal version of cl_scanfile with arec/mrec preserved */ |
1166 | 1164 |
if((fd = open(filename, O_RDONLY)) == -1) |
1167 | 1165 |
return CL_EOPEN; |
... | ... |
@@ -1177,8 +1185,6 @@ int cl_scanfile(const char *filename, const char **virname, unsigned long int *s |
1177 | 1177 |
int fd, ret; |
1178 | 1178 |
|
1179 | 1179 |
|
1180 |
- cli_dbgmsg("Scanning %s\n", filename); |
|
1181 |
- |
|
1182 | 1180 |
if((fd = open(filename, O_RDONLY)) == -1) |
1183 | 1181 |
return CL_EOPEN; |
1184 | 1182 |
|