Browse code
Add another Office2003 VBA signature.
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@537 77e5149b-7576-45b1-b177-96237e5ba77b
Trog authored on 2004/05/05 19:32:03Showing 2 changed files
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Wed May 5 11:32:22 BST 2004 (trog) |
|
| 2 |
+----------------------------------- |
|
| 3 |
+ * libclamav/vba_extract.c: Add another Office2003 VBA signature. |
|
| 4 |
+ |
|
| 1 | 5 |
Wed May 5 10:39:58 BST 2004 (njh) |
| 2 | 6 |
---------------------------------- |
| 3 | 7 |
* libclamav/text.c: Removed the functionality of textClean, it isn't needed |
| ... | ... |
@@ -88,7 +88,7 @@ typedef struct byte_array_tag {
|
| 88 | 88 |
unsigned char *data; |
| 89 | 89 |
} byte_array_t; |
| 90 | 90 |
|
| 91 |
-#define NUM_VBA_VERSIONS 12 |
|
| 91 |
+#define NUM_VBA_VERSIONS 13 |
|
| 92 | 92 |
vba_version_t vba_version[] = {
|
| 93 | 93 |
{ { 0x5e, 0x00, 0x00, 0x01 }, "Office 97", 5, FALSE},
|
| 94 | 94 |
{ { 0x5f, 0x00, 0x00, 0x01 }, "Office 97 SR1", 5, FALSE },
|
| ... | ... |
@@ -98,6 +98,7 @@ vba_version_t vba_version[] = {
|
| 98 | 98 |
{ { 0x6f, 0x00, 0x00, 0x01 }, "Office 2000", 6, FALSE },
|
| 99 | 99 |
{ { 0x70, 0x00, 0x00, 0x01 }, "Office XP beta 1/2", 6, FALSE },
|
| 100 | 100 |
{ { 0x73, 0x00, 0x00, 0x01 }, "Office XP", 6, FALSE },
|
| 101 |
+ { { 0x76, 0x00, 0x00, 0x01 }, "Office 2003", 6, FALSE },
|
|
| 101 | 102 |
{ { 0x79, 0x00, 0x00, 0x01 }, "Office 2003", 6, FALSE },
|
| 102 | 103 |
{ { 0x60, 0x00, 0x00, 0x0e }, "MacOffice 98", 5, TRUE },
|
| 103 | 104 |
{ { 0x62, 0x00, 0x00, 0x0e }, "MacOffice 2001", 5, TRUE },
|
| ... | ... |
@@ -714,42 +715,42 @@ static void wm_print_fib(mso_fib_t *fib) |
| 714 | 714 |
static int wm_read_fib(int fd, mso_fib_t *fib) |
| 715 | 715 |
{
|
| 716 | 716 |
if (cli_readn(fd, &fib->magic, 2) != 2) {
|
| 717 |
- printf("read wm_fib failed\n");
|
|
| 717 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 718 | 718 |
return FALSE; |
| 719 | 719 |
} |
| 720 | 720 |
if (cli_readn(fd, &fib->version, 2) != 2) {
|
| 721 |
- printf("read wm_fib failed\n");
|
|
| 721 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 722 | 722 |
return FALSE; |
| 723 | 723 |
} |
| 724 | 724 |
if (cli_readn(fd, &fib->product, 2) != 2) {
|
| 725 |
- printf("read wm_fib failed\n");
|
|
| 725 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 726 | 726 |
return FALSE; |
| 727 | 727 |
} |
| 728 | 728 |
if (cli_readn(fd, &fib->lid, 2) != 2) {
|
| 729 |
- printf("read wm_fib failed\n");
|
|
| 729 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 730 | 730 |
return FALSE; |
| 731 | 731 |
} |
| 732 | 732 |
if (cli_readn(fd, &fib->next, 2) != 2) {
|
| 733 |
- printf("read wm_fib failed\n");
|
|
| 733 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 734 | 734 |
return FALSE; |
| 735 | 735 |
} |
| 736 | 736 |
if (cli_readn(fd, &fib->status, 2) != 2) {
|
| 737 |
- printf("read wm_fib failed\n");
|
|
| 737 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 738 | 738 |
return FALSE; |
| 739 | 739 |
} |
| 740 | 740 |
|
| 741 | 741 |
/* don't need the information is this block, so seek forward */ |
| 742 | 742 |
if (lseek(fd, 0x118, SEEK_SET) != 0x118) {
|
| 743 |
- printf("lseek wm_fib failed\n");
|
|
| 743 |
+ cli_dbgmsg("lseek wm_fib failed\n");
|
|
| 744 | 744 |
return FALSE; |
| 745 | 745 |
} |
| 746 | 746 |
|
| 747 | 747 |
if (cli_readn(fd, &fib->macro_offset, 4) != 4) {
|
| 748 |
- printf("read wm_fib failed\n");
|
|
| 748 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 749 | 749 |
return FALSE; |
| 750 | 750 |
} |
| 751 | 751 |
if (cli_readn(fd, &fib->macro_len, 4) != 4) {
|
| 752 |
- printf("read wm_fib failed\n");
|
|
| 752 |
+ cli_dbgmsg("read wm_fib failed\n");
|
|
| 753 | 753 |
return FALSE; |
| 754 | 754 |
} |
| 755 | 755 |
fib->magic = vba_endian_convert_16(fib->magic, FALSE); |
| ... | ... |
@@ -767,39 +768,39 @@ static int wm_read_fib(int fd, mso_fib_t *fib) |
| 767 | 767 |
static int wm_read_macro_entry(int fd, macro_entry_t *macro_entry) |
| 768 | 768 |
{
|
| 769 | 769 |
if (cli_readn(fd, ¯o_entry->version, 1) != 1) {
|
| 770 |
- printf("read macro_entry failed\n");
|
|
| 770 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 771 | 771 |
return FALSE; |
| 772 | 772 |
} |
| 773 | 773 |
if (cli_readn(fd, ¯o_entry->key, 1) != 1) {
|
| 774 |
- printf("read macro_entry failed\n");
|
|
| 774 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 775 | 775 |
return FALSE; |
| 776 | 776 |
} |
| 777 | 777 |
if (cli_readn(fd, ¯o_entry->intname_i, 2) != 2) {
|
| 778 |
- printf("read macro_entry failed\n");
|
|
| 778 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 779 | 779 |
return FALSE; |
| 780 | 780 |
} |
| 781 | 781 |
if (cli_readn(fd, ¯o_entry->extname_i, 2) != 2) {
|
| 782 |
- printf("read macro_entry failed\n");
|
|
| 782 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 783 | 783 |
return FALSE; |
| 784 | 784 |
} |
| 785 | 785 |
if (cli_readn(fd, ¯o_entry->xname_i, 2) != 2) {
|
| 786 |
- printf("read macro_entry failed\n");
|
|
| 786 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 787 | 787 |
return FALSE; |
| 788 | 788 |
} |
| 789 | 789 |
if (cli_readn(fd, ¯o_entry->unknown, 4) != 4) {
|
| 790 |
- printf("read macro_entry failed\n");
|
|
| 790 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 791 | 791 |
return FALSE; |
| 792 | 792 |
} |
| 793 | 793 |
if (cli_readn(fd, ¯o_entry->len, 4) != 4) {
|
| 794 |
- printf("read macro_entry failed\n");
|
|
| 794 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 795 | 795 |
return FALSE; |
| 796 | 796 |
} |
| 797 | 797 |
if (cli_readn(fd, ¯o_entry->state, 4) != 4) {
|
| 798 |
- printf("read macro_entry failed\n");
|
|
| 798 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 799 | 799 |
return FALSE; |
| 800 | 800 |
} |
| 801 | 801 |
if (cli_readn(fd, ¯o_entry->offset, 4) != 4) {
|
| 802 |
- printf("read macro_entry failed\n");
|
|
| 802 |
+ cli_dbgmsg("read macro_entry failed\n");
|
|
| 803 | 803 |
return FALSE; |
| 804 | 804 |
} |
| 805 | 805 |
return TRUE; |
| ... | ... |
@@ -815,7 +816,7 @@ static macro_info_t *wm_read_macro_info(int fd) |
| 815 | 815 |
return NULL; |
| 816 | 816 |
} |
| 817 | 817 |
if (cli_readn(fd, ¯o_info->count, 2) != 2) {
|
| 818 |
- printf("read macro_info failed\n");
|
|
| 818 |
+ cli_dbgmsg("read macro_info failed\n");
|
|
| 819 | 819 |
return NULL; |
| 820 | 820 |
} |
| 821 | 821 |
|
| ... | ... |
@@ -861,12 +862,12 @@ static int wm_read_oxo3(int fd) |
| 861 | 861 |
cli_dbgmsg("oxo3 records1: %d\n", count);
|
| 862 | 862 |
|
| 863 | 863 |
if (cli_readn(fd, &count, 1) != 1) {
|
| 864 |
- printf("read oxo3 record2 failed\n");
|
|
| 864 |
+ cli_dbgmsg("read oxo3 record2 failed\n");
|
|
| 865 | 865 |
return FALSE; |
| 866 | 866 |
} |
| 867 | 867 |
if (count == 0) {
|
| 868 | 868 |
if (cli_readn(fd, &count, 1) != 1) {
|
| 869 |
- printf("read oxo3 failed\n");
|
|
| 869 |
+ cli_dbgmsg("read oxo3 failed\n");
|
|
| 870 | 870 |
return FALSE; |
| 871 | 871 |
} |
| 872 | 872 |
if (count != 2) {
|
| ... | ... |
@@ -874,13 +875,13 @@ static int wm_read_oxo3(int fd) |
| 874 | 874 |
return TRUE; |
| 875 | 875 |
} |
| 876 | 876 |
if (cli_readn(fd, &count, 1) != 1) {
|
| 877 |
- printf("read oxo3 failed\n");
|
|
| 877 |
+ cli_dbgmsg("read oxo3 failed\n");
|
|
| 878 | 878 |
return FALSE; |
| 879 | 879 |
} |
| 880 | 880 |
} |
| 881 | 881 |
if (count > 0) {
|
| 882 | 882 |
if (lseek(fd, (count*4)+1, SEEK_CUR) == -1) {
|
| 883 |
- printf("lseek oxo3 failed\n");
|
|
| 883 |
+ cli_dbgmsg("lseek oxo3 failed\n");
|
|
| 884 | 884 |
return FALSE; |
| 885 | 885 |
} |
| 886 | 886 |
} |
| ... | ... |
@@ -900,11 +901,11 @@ static menu_info_t *wm_read_menu_info(int fd) |
| 900 | 900 |
} |
| 901 | 901 |
|
| 902 | 902 |
if (cli_readn(fd, &menu_info->count, 2) != 2) {
|
| 903 |
- printf("read menu_info failed\n");
|
|
| 903 |
+ cli_dbgmsg("read menu_info failed\n");
|
|
| 904 | 904 |
free(menu_info); |
| 905 | 905 |
return NULL; |
| 906 | 906 |
} |
| 907 |
- printf("menu_info count: %d\n", menu_info->count);
|
|
| 907 |
+ cli_dbgmsg("menu_info count: %d\n", menu_info->count);
|
|
| 908 | 908 |
|
| 909 | 909 |
menu_info->menu_entry = |
| 910 | 910 |
(menu_entry_t *) cli_malloc(sizeof(menu_entry_t) * menu_info->count); |
| ... | ... |
@@ -979,7 +980,7 @@ static macro_extnames_t *wm_read_macro_extnames(int fd) |
| 979 | 979 |
if (size == -1) { /* Unicode flag */
|
| 980 | 980 |
is_unicode=1; |
| 981 | 981 |
if (cli_readn(fd, &size, 2) != 2) {
|
| 982 |
- printf("read macro_extnames failed\n");
|
|
| 982 |
+ cli_dbgmsg("read macro_extnames failed\n");
|
|
| 983 | 983 |
free(macro_extnames); |
| 984 | 984 |
return NULL; |
| 985 | 985 |
} |
| ... | ... |
@@ -1008,7 +1009,7 @@ static macro_extnames_t *wm_read_macro_extnames(int fd) |
| 1008 | 1008 |
macro_extname = ¯o_extnames->macro_extname[macro_extnames->count-1]; |
| 1009 | 1009 |
if (is_unicode) {
|
| 1010 | 1010 |
if (cli_readn(fd, ¯o_extname->length, 2) != 2) {
|
| 1011 |
- printf("read macro_extnames failed\n");
|
|
| 1011 |
+ cli_dbgmsg("read macro_extnames failed\n");
|
|
| 1012 | 1012 |
return NULL; |
| 1013 | 1013 |
} |
| 1014 | 1014 |
name_tmp = (char *) cli_malloc(macro_extname->length*2); |
| ... | ... |
@@ -1017,7 +1018,7 @@ static macro_extnames_t *wm_read_macro_extnames(int fd) |
| 1017 | 1017 |
} |
| 1018 | 1018 |
if (cli_readn(fd, name_tmp, macro_extname->length*2) != |
| 1019 | 1019 |
macro_extname->length*2) {
|
| 1020 |
- printf("read macro_extnames failed\n");
|
|
| 1020 |
+ cli_dbgmsg("read macro_extnames failed\n");
|
|
| 1021 | 1021 |
free(name_tmp); |
| 1022 | 1022 |
goto abort; |
| 1023 | 1023 |
} |
| ... | ... |
@@ -1026,7 +1027,7 @@ static macro_extnames_t *wm_read_macro_extnames(int fd) |
| 1026 | 1026 |
free(name_tmp); |
| 1027 | 1027 |
} else {
|
| 1028 | 1028 |
if (cli_readn(fd, &length_tmp, 1) != 1) {
|
| 1029 |
- printf("read macro_extnames failed\n");
|
|
| 1029 |
+ cli_dbgmsg("read macro_extnames failed\n");
|
|
| 1030 | 1030 |
goto abort; |
| 1031 | 1031 |
} |
| 1032 | 1032 |
macro_extname->length = (uint16_t) length_tmp; |
| ... | ... |
@@ -1037,13 +1038,13 @@ static macro_extnames_t *wm_read_macro_extnames(int fd) |
| 1037 | 1037 |
} |
| 1038 | 1038 |
if (cli_readn(fd, macro_extname->extname, macro_extname->length) != |
| 1039 | 1039 |
macro_extname->length) {
|
| 1040 |
- printf("read macro_extnames failed\n");
|
|
| 1040 |
+ cli_dbgmsg("read macro_extnames failed\n");
|
|
| 1041 | 1041 |
goto abort; |
| 1042 | 1042 |
} |
| 1043 | 1043 |
macro_extname->extname[macro_extname->length] = '\0'; |
| 1044 | 1044 |
} |
| 1045 | 1045 |
if (cli_readn(fd, ¯o_extname->numref, 2) != 2) {
|
| 1046 |
- printf("read macro_extnames failed\n");
|
|
| 1046 |
+ cli_dbgmsg("read macro_extnames failed\n");
|
|
| 1047 | 1047 |
return NULL; |
| 1048 | 1048 |
} |
| 1049 | 1049 |
cli_dbgmsg("ext name: %s\n", macro_extname->extname);
|
| ... | ... |
@@ -1088,7 +1089,7 @@ static macro_intnames_t *wm_read_macro_intnames(int fd) |
| 1088 | 1088 |
} |
| 1089 | 1089 |
|
| 1090 | 1090 |
if (cli_readn(fd, ¯o_intnames->count, 2) != 2) {
|
| 1091 |
- printf("read macro_intnames failed\n");
|
|
| 1091 |
+ cli_dbgmsg("read macro_intnames failed\n");
|
|
| 1092 | 1092 |
return NULL; |
| 1093 | 1093 |
} |
| 1094 | 1094 |
cli_dbgmsg("int names count: %d\n", macro_intnames->count);
|
| ... | ... |
@@ -1102,12 +1103,12 @@ static macro_intnames_t *wm_read_macro_intnames(int fd) |
| 1102 | 1102 |
for (i=0 ; i < macro_intnames->count ; i++) {
|
| 1103 | 1103 |
macro_intname = ¯o_intnames->macro_intname[i]; |
| 1104 | 1104 |
if (cli_readn(fd, ¯o_intname->id, 2) != 2) {
|
| 1105 |
- printf("read macro_intnames failed\n");
|
|
| 1105 |
+ cli_dbgmsg("read macro_intnames failed\n");
|
|
| 1106 | 1106 |
macro_intnames->count = i; |
| 1107 | 1107 |
goto abort; |
| 1108 | 1108 |
} |
| 1109 | 1109 |
if (cli_readn(fd, ¯o_intname->length, 1) != 1) {
|
| 1110 |
- printf("read macro_intnames failed\n");
|
|
| 1110 |
+ cli_dbgmsg("read macro_intnames failed\n");
|
|
| 1111 | 1111 |
macro_intnames->count = i; |
| 1112 | 1112 |
goto abort;; |
| 1113 | 1113 |
} |
| ... | ... |
@@ -1117,17 +1118,17 @@ static macro_intnames_t *wm_read_macro_intnames(int fd) |
| 1117 | 1117 |
goto abort; |
| 1118 | 1118 |
} |
| 1119 | 1119 |
if (cli_readn(fd, macro_intname->intname, macro_intname->length) != macro_intname->length) {
|
| 1120 |
- printf("read macro_intnames failed\n");
|
|
| 1120 |
+ cli_dbgmsg("read macro_intnames failed\n");
|
|
| 1121 | 1121 |
macro_intnames->count = i+1; |
| 1122 | 1122 |
goto abort; |
| 1123 | 1123 |
} |
| 1124 | 1124 |
macro_intname->intname[macro_intname->length] = '\0'; |
| 1125 | 1125 |
if (cli_readn(fd, &junk, 1) != 1) {
|
| 1126 |
- printf("read macro_intnames failed\n");
|
|
| 1126 |
+ cli_dbgmsg("read macro_intnames failed\n");
|
|
| 1127 | 1127 |
macro_intnames->count = i+1; |
| 1128 | 1128 |
goto abort; |
| 1129 | 1129 |
} |
| 1130 |
- printf ("int name: %s\n", macro_intname->intname);
|
|
| 1130 |
+ cli_dbgmsg("int name: %s\n", macro_intname->intname);
|
|
| 1131 | 1131 |
} |
| 1132 | 1132 |
return macro_intnames; |
| 1133 | 1133 |
abort: |
| ... | ... |
@@ -1188,14 +1189,14 @@ vba_project_t *wm_dir_read(const char *dir) |
| 1188 | 1188 |
end_offset = fib.macro_offset + fib.macro_len; |
| 1189 | 1189 |
|
| 1190 | 1190 |
if (cli_readn(fd, &start_id, 1) != 1) {
|
| 1191 |
- printf("read start_id failed\n");
|
|
| 1191 |
+ cli_dbgmsg("read start_id failed\n");
|
|
| 1192 | 1192 |
return NULL; |
| 1193 | 1193 |
} |
| 1194 | 1194 |
cli_dbgmsg("start_id: %d\n", start_id);
|
| 1195 | 1195 |
|
| 1196 | 1196 |
while ((lseek(fd, 0, SEEK_CUR) < end_offset) && !done) {
|
| 1197 | 1197 |
if (cli_readn(fd, &info_id, 1) != 1) {
|
| 1198 |
- printf("read macro_info failed\n");
|
|
| 1198 |
+ cli_dbgmsg("read macro_info failed\n");
|
|
| 1199 | 1199 |
return NULL; |
| 1200 | 1200 |
} |
| 1201 | 1201 |
switch (info_id) {
|