git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1105 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/11/18 19:05:58... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Thu Nov 18 11:03:14 CET 2004 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav: try to detect (and mark as Suspected.Zip) zip archives with |
|
4 |
+ modified information in local header |
|
5 |
+ |
|
1 | 6 |
Thu Nov 18 00:05:37 CET 2004 (tk) |
2 | 7 |
--------------------------------- |
3 | 8 |
* libclamav/pe.c: recognize more subsystem/machine types |
... | ... |
@@ -321,19 +321,21 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
321 | 321 |
|
322 | 322 |
cli_dbgmsg("Zip: %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 ); |
323 | 323 |
|
324 |
- /* |
|
325 | 324 |
if(!zdirent.st_size) { |
326 | 325 |
files++; |
326 |
+ if(zdirent.d_crc32) { |
|
327 |
+ cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n"); |
|
328 |
+ *virname = "Suspected.Zip"; |
|
329 |
+ ret = CL_VIRUS; |
|
330 |
+ break; |
|
331 |
+ } |
|
327 | 332 |
continue; |
328 | 333 |
} |
329 |
- */ |
|
330 | 334 |
|
331 | 335 |
/* work-around for problematic zips (zziplib crashes with them) */ |
332 | 336 |
if(zdirent.d_csize <= 0 || zdirent.st_size < 0) { |
333 | 337 |
files++; |
334 | 338 |
cli_dbgmsg("Zip: Malformed archive detected.\n"); |
335 |
- /* ret = CL_EMALFZIP; */ |
|
336 |
- /* report it as a virus */ |
|
337 | 339 |
*virname = "Suspected.Zip"; |
338 | 340 |
ret = CL_VIRUS; |
339 | 341 |
break; |
... | ... |
@@ -1,3 +1,4 @@ |
1 |
+#include <stdio.h> |
|
1 | 2 |
/* |
2 | 3 |
* Author: |
3 | 4 |
* Guido Draheim <guidod@gmx.de> |
... | ... |
@@ -145,6 +146,8 @@ zzip_readdir(ZZIP_DIR * dir) |
145 | 145 |
|
146 | 146 |
dir->dirent.d_flags = dir->hdr->d_flags; |
147 | 147 |
|
148 |
+ dir->dirent.d_crc32 = (int) dir->hdr->d_crc32; |
|
149 |
+ |
|
148 | 150 |
if (! dir->hdr->d_reclen) dir->hdr = 0; |
149 | 151 |
else dir->hdr = (struct zzip_dir_hdr *) |
150 | 152 |
((char *)dir->hdr + dir->hdr->d_reclen); |
... | ... |
@@ -730,6 +730,7 @@ zzip_dir_read(ZZIP_DIR * dir, ZZIP_DIRENT * d ) |
730 | 730 |
d->st_size = dir->hdr->d_usize; |
731 | 731 |
d->d_name = dir->hdr->d_name; |
732 | 732 |
d->d_flags = dir->hdr->d_flags; |
733 |
+ d->d_crc32 = (int) dir->hdr->d_crc32; |
|
733 | 734 |
|
734 | 735 |
if (! dir->hdr->d_reclen) |
735 | 736 |
{ dir->hdr = 0; } |