Browse code
scan for embedded PEs inside OLE2 files (bb#914)
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Mon Apr 7 12:51:43 CEST 2008 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav: scan for embedded PEs inside OLE2 files (bb#914) |
|
| 4 |
+ |
|
| 1 | 5 |
Mon Apr 7 11:15:49 CEST 2008 (tk) |
| 2 | 6 |
---------------------------------- |
| 3 | 7 |
* libclamav/chmunpack.c,cab.c: downgrade some error messages (bb#911, bb#798) |
| ... | ... |
@@ -689,7 +689,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
| 689 | 689 |
if((pt->type > type || pt->type >= CL_TYPE_SFX || pt->type == CL_TYPE_MSEXE) && (!pt->rtype || ftype == pt->rtype)) {
|
| 690 | 690 |
cli_dbgmsg("Matched signature for file type %s\n", pt->virname);
|
| 691 | 691 |
type = pt->type; |
| 692 |
- if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP) && type == CL_TYPE_MSEXE))) {
|
|
| 692 |
+ if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP || ftype == CL_TYPE_MSOLE2) && type == CL_TYPE_MSEXE))) {
|
|
| 693 | 693 |
/* FIXME: we don't know which offset of the first part is the correct one */ |
| 694 | 694 |
for(j = 1; j <= AC_DEFAULT_TRACKLEN && offmatrix[0][j] != -1; j++) {
|
| 695 | 695 |
if(ac_addtype(ftoffset, type, offmatrix[pt->parts - 1][j], ctx)) {
|
| ... | ... |
@@ -727,7 +727,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
| 727 | 727 |
if((pt->type > type || pt->type >= CL_TYPE_SFX || pt->type == CL_TYPE_MSEXE) && (!pt->rtype || ftype == pt->rtype)) {
|
| 728 | 728 |
cli_dbgmsg("Matched signature for file type %s at %u\n", pt->virname, realoff);
|
| 729 | 729 |
type = pt->type; |
| 730 |
- if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP) && type == CL_TYPE_MSEXE))) {
|
|
| 730 |
+ if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP || ftype == CL_TYPE_MSOLE2) && type == CL_TYPE_MSEXE))) {
|
|
| 731 | 731 |
|
| 732 | 732 |
if(ac_addtype(ftoffset, type, realoff, ctx)) {
|
| 733 | 733 |
if(info.exeinfo.section) |
| ... | ... |
@@ -1529,6 +1529,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg, |
| 1529 | 1529 |
case CL_TYPE_TEXT_ASCII: |
| 1530 | 1530 |
case CL_TYPE_MSEXE: |
| 1531 | 1531 |
case CL_TYPE_ZIP: |
| 1532 |
+ case CL_TYPE_MSOLE2: |
|
| 1532 | 1533 |
acmode |= AC_SCAN_FT; |
| 1533 | 1534 |
default: |
| 1534 | 1535 |
break; |
| ... | ... |
@@ -1553,7 +1554,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg, |
| 1553 | 1553 |
} |
| 1554 | 1554 |
*/ |
| 1555 | 1555 |
|
| 1556 |
- if(nret != CL_VIRUS && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP)) {
|
|
| 1556 |
+ if(nret != CL_VIRUS && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP || type == CL_TYPE_MSOLE2)) {
|
|
| 1557 | 1557 |
lastzip = lastrar = 0xdeadbeef; |
| 1558 | 1558 |
fpt = ftoffset; |
| 1559 | 1559 |
while(fpt) {
|