Browse code
try to detect zip archives with modified information in local header
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1105 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/11/18 19:05:58Showing 5 changed files
- ChangeLog
- libclamav/scanners.c
- libclamav/zziplib/zzip-dir.c
- libclamav/zziplib/zzip-zip.c
- libclamav/zziplib/zziplib.h
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Thu Nov 18 11:03:14 CET 2004 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav: try to detect (and mark as Suspected.Zip) zip archives with |
|
| 4 |
+ modified information in local header |
|
| 5 |
+ |
|
| 1 | 6 |
Thu Nov 18 00:05:37 CET 2004 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* libclamav/pe.c: recognize more subsystem/machine types |
| ... | ... |
@@ -321,19 +321,21 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
| 321 | 321 |
|
| 322 | 322 |
cli_dbgmsg("Zip: %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );
|
| 323 | 323 |
|
| 324 |
- /* |
|
| 325 | 324 |
if(!zdirent.st_size) {
|
| 326 | 325 |
files++; |
| 326 |
+ if(zdirent.d_crc32) {
|
|
| 327 |
+ cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n");
|
|
| 328 |
+ *virname = "Suspected.Zip"; |
|
| 329 |
+ ret = CL_VIRUS; |
|
| 330 |
+ break; |
|
| 331 |
+ } |
|
| 327 | 332 |
continue; |
| 328 | 333 |
} |
| 329 |
- */ |
|
| 330 | 334 |
|
| 331 | 335 |
/* work-around for problematic zips (zziplib crashes with them) */ |
| 332 | 336 |
if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {
|
| 333 | 337 |
files++; |
| 334 | 338 |
cli_dbgmsg("Zip: Malformed archive detected.\n");
|
| 335 |
- /* ret = CL_EMALFZIP; */ |
|
| 336 |
- /* report it as a virus */ |
|
| 337 | 339 |
*virname = "Suspected.Zip"; |
| 338 | 340 |
ret = CL_VIRUS; |
| 339 | 341 |
break; |
| ... | ... |
@@ -1,3 +1,4 @@ |
| 1 |
+#include <stdio.h> |
|
| 1 | 2 |
/* |
| 2 | 3 |
* Author: |
| 3 | 4 |
* Guido Draheim <guidod@gmx.de> |
| ... | ... |
@@ -145,6 +146,8 @@ zzip_readdir(ZZIP_DIR * dir) |
| 145 | 145 |
|
| 146 | 146 |
dir->dirent.d_flags = dir->hdr->d_flags; |
| 147 | 147 |
|
| 148 |
+ dir->dirent.d_crc32 = (int) dir->hdr->d_crc32; |
|
| 149 |
+ |
|
| 148 | 150 |
if (! dir->hdr->d_reclen) dir->hdr = 0; |
| 149 | 151 |
else dir->hdr = (struct zzip_dir_hdr *) |
| 150 | 152 |
((char *)dir->hdr + dir->hdr->d_reclen); |
| ... | ... |
@@ -730,6 +730,7 @@ zzip_dir_read(ZZIP_DIR * dir, ZZIP_DIRENT * d ) |
| 730 | 730 |
d->st_size = dir->hdr->d_usize; |
| 731 | 731 |
d->d_name = dir->hdr->d_name; |
| 732 | 732 |
d->d_flags = dir->hdr->d_flags; |
| 733 |
+ d->d_crc32 = (int) dir->hdr->d_crc32; |
|
| 733 | 734 |
|
| 734 | 735 |
if (! dir->hdr->d_reclen) |
| 735 | 736 |
{ dir->hdr = 0; }
|