git-svn: trunk@3763
Tomasz Kojm authored on 2008/04/07 20:32:29... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Mon Apr 7 12:51:43 CEST 2008 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: scan for embedded PEs inside OLE2 files (bb#914) |
|
4 |
+ |
|
1 | 5 |
Mon Apr 7 11:15:49 CEST 2008 (tk) |
2 | 6 |
---------------------------------- |
3 | 7 |
* libclamav/chmunpack.c,cab.c: downgrade some error messages (bb#911, bb#798) |
... | ... |
@@ -689,7 +689,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
689 | 689 |
if((pt->type > type || pt->type >= CL_TYPE_SFX || pt->type == CL_TYPE_MSEXE) && (!pt->rtype || ftype == pt->rtype)) { |
690 | 690 |
cli_dbgmsg("Matched signature for file type %s\n", pt->virname); |
691 | 691 |
type = pt->type; |
692 |
- if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP) && type == CL_TYPE_MSEXE))) { |
|
692 |
+ if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP || ftype == CL_TYPE_MSOLE2) && type == CL_TYPE_MSEXE))) { |
|
693 | 693 |
/* FIXME: we don't know which offset of the first part is the correct one */ |
694 | 694 |
for(j = 1; j <= AC_DEFAULT_TRACKLEN && offmatrix[0][j] != -1; j++) { |
695 | 695 |
if(ac_addtype(ftoffset, type, offmatrix[pt->parts - 1][j], ctx)) { |
... | ... |
@@ -727,7 +727,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
727 | 727 |
if((pt->type > type || pt->type >= CL_TYPE_SFX || pt->type == CL_TYPE_MSEXE) && (!pt->rtype || ftype == pt->rtype)) { |
728 | 728 |
cli_dbgmsg("Matched signature for file type %s at %u\n", pt->virname, realoff); |
729 | 729 |
type = pt->type; |
730 |
- if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP) && type == CL_TYPE_MSEXE))) { |
|
730 |
+ if(ftoffset && (!*ftoffset || (*ftoffset)->cnt < MAX_EMBEDDED_OBJ || type == CL_TYPE_ZIPSFX) && ((ftype == CL_TYPE_MSEXE && type >= CL_TYPE_SFX) || ((ftype == CL_TYPE_MSEXE || ftype == CL_TYPE_ZIP || ftype == CL_TYPE_MSOLE2) && type == CL_TYPE_MSEXE))) { |
|
731 | 731 |
|
732 | 732 |
if(ac_addtype(ftoffset, type, realoff, ctx)) { |
733 | 733 |
if(info.exeinfo.section) |
... | ... |
@@ -1529,6 +1529,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg, |
1529 | 1529 |
case CL_TYPE_TEXT_ASCII: |
1530 | 1530 |
case CL_TYPE_MSEXE: |
1531 | 1531 |
case CL_TYPE_ZIP: |
1532 |
+ case CL_TYPE_MSOLE2: |
|
1532 | 1533 |
acmode |= AC_SCAN_FT; |
1533 | 1534 |
default: |
1534 | 1535 |
break; |
... | ... |
@@ -1553,7 +1554,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg, |
1553 | 1553 |
} |
1554 | 1554 |
*/ |
1555 | 1555 |
|
1556 |
- if(nret != CL_VIRUS && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP)) { |
|
1556 |
+ if(nret != CL_VIRUS && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP || type == CL_TYPE_MSOLE2)) { |
|
1557 | 1557 |
lastzip = lastrar = 0xdeadbeef; |
1558 | 1558 |
fpt = ftoffset; |
1559 | 1559 |
while(fpt) { |