Browse code
bb11580 - make cli_matchmeta() respect allmatch.
Steven Morgan authored on 2016/06/09 05:25:34Showing 5 changed files
| ... | ... |
@@ -619,6 +619,7 @@ fileblobScan(const fileblob *fb) |
| 619 | 619 |
{
|
| 620 | 620 |
int rc; |
| 621 | 621 |
STATBUF sb; |
| 622 |
+ int virus_found = 0; |
|
| 622 | 623 |
|
| 623 | 624 |
if(fb->isInfected) |
| 624 | 625 |
return CL_VIRUS; |
| ... | ... |
@@ -636,11 +637,14 @@ fileblobScan(const fileblob *fb) |
| 636 | 636 |
fflush(fb->fp); |
| 637 | 637 |
lseek(fb->fd, 0, SEEK_SET); |
| 638 | 638 |
FSTAT(fb->fd, &sb); |
| 639 |
- if(cli_matchmeta(fb->ctx, fb->b.name, sb.st_size, sb.st_size, 0, 0, 0, NULL) == CL_VIRUS) |
|
| 640 |
- return CL_VIRUS; |
|
| 639 |
+ if(cli_matchmeta(fb->ctx, fb->b.name, sb.st_size, sb.st_size, 0, 0, 0, NULL) == CL_VIRUS) {
|
|
| 640 |
+ if (!(fb->ctx->options & CL_SCAN_ALLMATCHES)) |
|
| 641 |
+ return CL_VIRUS; |
|
| 642 |
+ virus_found = 1; |
|
| 643 |
+ } |
|
| 641 | 644 |
|
| 642 | 645 |
rc = cli_magic_scandesc(fb->fd, fb->ctx); |
| 643 |
- if(rc == CL_VIRUS) {
|
|
| 646 |
+ if(rc == CL_VIRUS || virus_found != 0) {
|
|
| 644 | 647 |
cli_dbgmsg("%s is infected\n", fb->fullname);
|
| 645 | 648 |
return CL_VIRUS; |
| 646 | 649 |
} |
| ... | ... |
@@ -102,14 +102,17 @@ int cli_scancpio_old(cli_ctx *ctx) |
| 102 | 102 |
char name[513]; |
| 103 | 103 |
unsigned int file = 0, trailer = 0; |
| 104 | 104 |
uint32_t filesize, namesize, hdr_namesize; |
| 105 |
- int ret, conv; |
|
| 105 |
+ int ret = CL_CLEAN, conv; |
|
| 106 | 106 |
off_t pos = 0; |
| 107 |
+ int virus_found = 0; |
|
| 107 | 108 |
|
| 108 | 109 |
|
| 109 | 110 |
while(fmap_readn(*ctx->fmap, &hdr_old, pos, sizeof(hdr_old)) == sizeof(hdr_old)) {
|
| 110 | 111 |
pos += sizeof(hdr_old); |
| 111 |
- if(!hdr_old.magic && trailer) |
|
| 112 |
- return CL_SUCCESS; |
|
| 112 |
+ if(!hdr_old.magic && trailer) {
|
|
| 113 |
+ ret = CL_SUCCESS; |
|
| 114 |
+ goto leave; |
|
| 115 |
+ } |
|
| 113 | 116 |
|
| 114 | 117 |
if(hdr_old.magic == 070707) {
|
| 115 | 118 |
conv = 0; |
| ... | ... |
@@ -117,7 +120,8 @@ int cli_scancpio_old(cli_ctx *ctx) |
| 117 | 117 |
conv = 1; |
| 118 | 118 |
} else {
|
| 119 | 119 |
cli_dbgmsg("cli_scancpio_old: Invalid magic number\n");
|
| 120 |
- return CL_EFORMAT; |
|
| 120 |
+ ret = CL_EFORMAT; |
|
| 121 |
+ goto leave; |
|
| 121 | 122 |
} |
| 122 | 123 |
|
| 123 | 124 |
cli_dbgmsg("CPIO: -- File %u --\n", ++file);
|
| ... | ... |
@@ -148,8 +152,11 @@ int cli_scancpio_old(cli_ctx *ctx) |
| 148 | 148 |
if(!filesize) |
| 149 | 149 |
continue; |
| 150 | 150 |
|
| 151 |
- if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) |
|
| 152 |
- return CL_VIRUS; |
|
| 151 |
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) {
|
|
| 152 |
+ if (!SCAN_ALL) |
|
| 153 |
+ return CL_VIRUS; |
|
| 154 |
+ virus_found = 1; |
|
| 155 |
+ } |
|
| 153 | 156 |
|
| 154 | 157 |
|
| 155 | 158 |
if((EC16(hdr_old.mode, conv) & 0170000) != 0100000) {
|
| ... | ... |
@@ -157,11 +164,14 @@ int cli_scancpio_old(cli_ctx *ctx) |
| 157 | 157 |
} else {
|
| 158 | 158 |
ret = cli_checklimits("cli_scancpio_old", ctx, filesize, 0, 0);
|
| 159 | 159 |
if(ret == CL_EMAXFILES) {
|
| 160 |
- return ret; |
|
| 160 |
+ goto leave; |
|
| 161 | 161 |
} else if(ret == CL_SUCCESS) {
|
| 162 | 162 |
ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); |
| 163 |
- if(ret == CL_VIRUS) |
|
| 164 |
- return ret; |
|
| 163 |
+ if(ret == CL_VIRUS) {
|
|
| 164 |
+ if (!SCAN_ALL) |
|
| 165 |
+ return ret; |
|
| 166 |
+ virus_found = 1; |
|
| 167 |
+ } |
|
| 165 | 168 |
} |
| 166 | 169 |
} |
| 167 | 170 |
if(filesize % 2) |
| ... | ... |
@@ -170,7 +180,10 @@ int cli_scancpio_old(cli_ctx *ctx) |
| 170 | 170 |
pos += filesize; |
| 171 | 171 |
} |
| 172 | 172 |
|
| 173 |
- return CL_CLEAN; |
|
| 173 |
+ leave: |
|
| 174 |
+ if (virus_found != 0) |
|
| 175 |
+ return CL_VIRUS; |
|
| 176 |
+ return ret; |
|
| 174 | 177 |
} |
| 175 | 178 |
|
| 176 | 179 |
int cli_scancpio_odc(cli_ctx *ctx) |
| ... | ... |
@@ -179,18 +192,20 @@ int cli_scancpio_odc(cli_ctx *ctx) |
| 179 | 179 |
char name[513], buff[12]; |
| 180 | 180 |
unsigned int file = 0, trailer = 0; |
| 181 | 181 |
uint32_t filesize, namesize, hdr_namesize; |
| 182 |
- int ret; |
|
| 182 |
+ int ret = CL_CLEAN; |
|
| 183 | 183 |
off_t pos = 0; |
| 184 |
+ int virus_found = 0; |
|
| 184 | 185 |
|
| 185 | 186 |
|
| 186 | 187 |
while(fmap_readn(*ctx->fmap, &hdr_odc, pos, sizeof(hdr_odc)) == sizeof(hdr_odc)) {
|
| 187 | 188 |
pos += sizeof(hdr_odc); |
| 188 | 189 |
if(!hdr_odc.magic[0] && trailer) |
| 189 |
- return CL_SUCCESS; |
|
| 190 |
+ goto leave; |
|
| 190 | 191 |
|
| 191 | 192 |
if(strncmp(hdr_odc.magic, "070707", 6)) {
|
| 192 | 193 |
cli_dbgmsg("cli_scancpio_odc: Invalid magic string\n");
|
| 193 |
- return CL_EFORMAT; |
|
| 194 |
+ ret = CL_EFORMAT; |
|
| 195 |
+ goto leave; |
|
| 194 | 196 |
} |
| 195 | 197 |
|
| 196 | 198 |
cli_dbgmsg("CPIO: -- File %u --\n", ++file);
|
| ... | ... |
@@ -199,13 +214,15 @@ int cli_scancpio_odc(cli_ctx *ctx) |
| 199 | 199 |
buff[6] = 0; |
| 200 | 200 |
if(sscanf(buff, "%o", &hdr_namesize) != 1) {
|
| 201 | 201 |
cli_dbgmsg("cli_scancpio_odc: Can't convert name size\n");
|
| 202 |
- return CL_EFORMAT; |
|
| 202 |
+ ret = CL_EFORMAT; |
|
| 203 |
+ goto leave; |
|
| 203 | 204 |
} |
| 204 | 205 |
if(hdr_namesize) {
|
| 205 | 206 |
namesize = MIN(sizeof(name), hdr_namesize); |
| 206 | 207 |
if ((uint32_t)fmap_readn(*ctx->fmap, &name, pos, namesize) != namesize) {
|
| 207 | 208 |
cli_dbgmsg("cli_scancpio_odc: Can't read file name\n");
|
| 208 |
- return CL_EFORMAT; |
|
| 209 |
+ ret = CL_EFORMAT; |
|
| 210 |
+ goto leave; |
|
| 209 | 211 |
} |
| 210 | 212 |
pos += namesize; |
| 211 | 213 |
name[namesize - 1] = 0; |
| ... | ... |
@@ -222,29 +239,39 @@ int cli_scancpio_odc(cli_ctx *ctx) |
| 222 | 222 |
buff[11] = 0; |
| 223 | 223 |
if(sscanf(buff, "%o", &filesize) != 1) {
|
| 224 | 224 |
cli_dbgmsg("cli_scancpio_odc: Can't convert file size\n");
|
| 225 |
- return CL_EFORMAT; |
|
| 225 |
+ ret = CL_EFORMAT; |
|
| 226 |
+ goto leave; |
|
| 226 | 227 |
} |
| 227 | 228 |
cli_dbgmsg("CPIO: Filesize: %u\n", filesize);
|
| 228 | 229 |
if(!filesize) |
| 229 | 230 |
continue; |
| 230 | 231 |
|
| 231 |
- if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) |
|
| 232 |
- return CL_VIRUS; |
|
| 232 |
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) {
|
|
| 233 |
+ if (!SCAN_ALL) |
|
| 234 |
+ return CL_VIRUS; |
|
| 235 |
+ virus_found = 1; |
|
| 236 |
+ } |
|
| 233 | 237 |
|
| 234 | 238 |
|
| 235 | 239 |
ret = cli_checklimits("cli_scancpio_odc", ctx, filesize, 0, 0);
|
| 236 | 240 |
if(ret == CL_EMAXFILES) {
|
| 237 |
- return ret; |
|
| 241 |
+ goto leave; |
|
| 238 | 242 |
} else if(ret == CL_SUCCESS) {
|
| 239 | 243 |
ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); |
| 240 |
- if(ret == CL_VIRUS) |
|
| 241 |
- return ret; |
|
| 244 |
+ if(ret == CL_VIRUS) {
|
|
| 245 |
+ if (!SCAN_ALL) |
|
| 246 |
+ return ret; |
|
| 247 |
+ virus_found = 1; |
|
| 248 |
+ } |
|
| 242 | 249 |
} |
| 243 | 250 |
|
| 244 | 251 |
pos += filesize; |
| 245 | 252 |
} |
| 246 | 253 |
|
| 247 |
- return CL_CLEAN; |
|
| 254 |
+ leave: |
|
| 255 |
+ if (virus_found != 0) |
|
| 256 |
+ return CL_VIRUS; |
|
| 257 |
+ return ret; |
|
| 248 | 258 |
} |
| 249 | 259 |
|
| 250 | 260 |
int cli_scancpio_newc(cli_ctx *ctx, int crc) |
| ... | ... |
@@ -253,19 +280,21 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
| 253 | 253 |
char name[513], buff[9]; |
| 254 | 254 |
unsigned int file = 0, trailer = 0; |
| 255 | 255 |
uint32_t filesize, namesize, hdr_namesize, pad; |
| 256 |
- int ret; |
|
| 256 |
+ int ret = CL_CLEAN; |
|
| 257 | 257 |
off_t pos = 0; |
| 258 |
+ int virus_found = 0; |
|
| 258 | 259 |
|
| 259 | 260 |
memset(name, 0, 513); |
| 260 | 261 |
|
| 261 | 262 |
while(fmap_readn(*ctx->fmap, &hdr_newc, pos, sizeof(hdr_newc)) == sizeof(hdr_newc)) {
|
| 262 | 263 |
pos += sizeof(hdr_newc); |
| 263 | 264 |
if(!hdr_newc.magic[0] && trailer) |
| 264 |
- return CL_SUCCESS; |
|
| 265 |
+ goto leave; |
|
| 265 | 266 |
|
| 266 | 267 |
if((!crc && strncmp(hdr_newc.magic, "070701", 6)) || (crc && strncmp(hdr_newc.magic, "070702", 6))) {
|
| 267 | 268 |
cli_dbgmsg("cli_scancpio_newc: Invalid magic string\n");
|
| 268 |
- return CL_EFORMAT; |
|
| 269 |
+ ret = CL_EFORMAT; |
|
| 270 |
+ goto leave; |
|
| 269 | 271 |
} |
| 270 | 272 |
|
| 271 | 273 |
cli_dbgmsg("CPIO: -- File %u --\n", ++file);
|
| ... | ... |
@@ -274,13 +303,15 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
| 274 | 274 |
buff[8] = 0; |
| 275 | 275 |
if(sscanf(buff, "%x", &hdr_namesize) != 1) {
|
| 276 | 276 |
cli_dbgmsg("cli_scancpio_newc: Can't convert name size\n");
|
| 277 |
- return CL_EFORMAT; |
|
| 277 |
+ ret = CL_EFORMAT; |
|
| 278 |
+ goto leave; |
|
| 278 | 279 |
} |
| 279 | 280 |
if(hdr_namesize) {
|
| 280 | 281 |
namesize = MIN(sizeof(name), hdr_namesize); |
| 281 | 282 |
if ((uint32_t)fmap_readn(*ctx->fmap, &name, pos, namesize) != namesize) {
|
| 282 | 283 |
cli_dbgmsg("cli_scancpio_newc: Can't read file name\n");
|
| 283 |
- return CL_EFORMAT; |
|
| 284 |
+ ret = CL_EFORMAT; |
|
| 285 |
+ goto leave; |
|
| 284 | 286 |
} |
| 285 | 287 |
pos += namesize; |
| 286 | 288 |
name[namesize - 1] = 0; |
| ... | ... |
@@ -302,23 +333,29 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
| 302 | 302 |
buff[8] = 0; |
| 303 | 303 |
if(sscanf(buff, "%x", &filesize) != 1) {
|
| 304 | 304 |
cli_dbgmsg("cli_scancpio_newc: Can't convert file size\n");
|
| 305 |
- return CL_EFORMAT; |
|
| 305 |
+ ret = CL_EFORMAT; |
|
| 306 |
+ goto leave; |
|
| 306 | 307 |
} |
| 307 | 308 |
cli_dbgmsg("CPIO: Filesize: %u\n", filesize);
|
| 308 | 309 |
if(!filesize) |
| 309 | 310 |
continue; |
| 310 | 311 |
|
| 311 |
- if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) |
|
| 312 |
- return CL_VIRUS; |
|
| 313 |
- |
|
| 312 |
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) {
|
|
| 313 |
+ if (!SCAN_ALL) |
|
| 314 |
+ return CL_VIRUS; |
|
| 315 |
+ virus_found = 1; |
|
| 316 |
+ } |
|
| 314 | 317 |
|
| 315 | 318 |
ret = cli_checklimits("cli_scancpio_newc", ctx, filesize, 0, 0);
|
| 316 | 319 |
if(ret == CL_EMAXFILES) {
|
| 317 |
- return ret; |
|
| 320 |
+ goto leave; |
|
| 318 | 321 |
} else if(ret == CL_SUCCESS) {
|
| 319 | 322 |
ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); |
| 320 |
- if(ret == CL_VIRUS) |
|
| 321 |
- return ret; |
|
| 323 |
+ if(ret == CL_VIRUS) {
|
|
| 324 |
+ if (!SCAN_ALL) |
|
| 325 |
+ return ret; |
|
| 326 |
+ virus_found = 1; |
|
| 327 |
+ } |
|
| 322 | 328 |
} |
| 323 | 329 |
|
| 324 | 330 |
if((pad = filesize % 4)) |
| ... | ... |
@@ -327,5 +364,8 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
| 327 | 327 |
pos += filesize; |
| 328 | 328 |
} |
| 329 | 329 |
|
| 330 |
- return CL_CLEAN; |
|
| 330 |
+ leave: |
|
| 331 |
+ if (virus_found != 0) |
|
| 332 |
+ return CL_VIRUS; |
|
| 333 |
+ return ret; |
|
| 331 | 334 |
} |
| ... | ... |
@@ -350,6 +350,7 @@ int cli_scanishield(cli_ctx *ctx, off_t off, size_t sz) {
|
| 350 | 350 |
struct IS_CABSTUFF c = { NULL, -1, 0, 0 };
|
| 351 | 351 |
fmap_t *map = *ctx->fmap; |
| 352 | 352 |
unsigned fc = 0; |
| 353 |
+ int virus_found = 0; |
|
| 353 | 354 |
|
| 354 | 355 |
while(ret == CL_CLEAN) {
|
| 355 | 356 |
fname = fmap_need_offstr(map, coff, 2048); |
| ... | ... |
@@ -379,8 +380,12 @@ int cli_scanishield(cli_ctx *ctx, off_t off, size_t sz) {
|
| 379 | 379 |
|
| 380 | 380 |
cli_dbgmsg("ishield: @%lx found file %s (%s) - version %s - size %lu\n", (unsigned long int) coff, fname, path, version, (unsigned long int) fsize);
|
| 381 | 381 |
if(cli_matchmeta(ctx, fname, fsize, fsize, 0, fc++, 0, NULL) == CL_VIRUS) {
|
| 382 |
- ret = CL_VIRUS; |
|
| 383 |
- break; |
|
| 382 |
+ if (!SCAN_ALL) {
|
|
| 383 |
+ ret = CL_VIRUS; |
|
| 384 |
+ break; |
|
| 385 |
+ } |
|
| 386 |
+ ret = CL_CLEAN; |
|
| 387 |
+ virus_found = 1; |
|
| 384 | 388 |
} |
| 385 | 389 |
sz -= (data - fname) + fsize; |
| 386 | 390 |
|
| ... | ... |
@@ -436,6 +441,9 @@ int cli_scanishield(cli_ctx *ctx, off_t off, size_t sz) {
|
| 436 | 436 |
} else if( ret == CL_BREAK ) ret = CL_CLEAN; |
| 437 | 437 |
} |
| 438 | 438 |
if(c.cabs) free(c.cabs); |
| 439 |
+ |
|
| 440 |
+ if (virus_found != 0) |
|
| 441 |
+ return CL_VIRUS; |
|
| 439 | 442 |
return ret; |
| 440 | 443 |
} |
| 441 | 444 |
|
| ... | ... |
@@ -205,6 +205,7 @@ static int cli_scandir(const char *dirname, cli_ctx *ctx) |
| 205 | 205 |
static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx *ctx, unsigned int files, uint32_t* sfx_check) |
| 206 | 206 |
{
|
| 207 | 207 |
int ret = CL_SUCCESS; |
| 208 |
+ int virus_found = 0; |
|
| 208 | 209 |
|
| 209 | 210 |
if(files == 1 && sfx_check) {
|
| 210 | 211 |
if(*sfx_check == metadata->crc) |
| ... | ... |
@@ -218,8 +219,11 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx |
| 218 | 218 |
(unsigned int) metadata->unpack_size, metadata->method, |
| 219 | 219 |
metadata->pack_size ? (unsigned int) (metadata->unpack_size / metadata->pack_size) : 0); |
| 220 | 220 |
|
| 221 |
- if(cli_matchmeta(ctx, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS) |
|
| 222 |
- return CL_VIRUS; |
|
| 221 |
+ if(cli_matchmeta(ctx, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS) {
|
|
| 222 |
+ if (!SCAN_ALL) |
|
| 223 |
+ return CL_VIRUS; |
|
| 224 |
+ virus_found = 1; |
|
| 225 |
+ } |
|
| 223 | 226 |
|
| 224 | 227 |
if(DETECT_ENCRYPTED && metadata->encrypted) {
|
| 225 | 228 |
cli_dbgmsg("RAR: Encrypted files found in archive.\n");
|
| ... | ... |
@@ -230,6 +234,8 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx |
| 230 | 230 |
} |
| 231 | 231 |
} |
| 232 | 232 |
|
| 233 |
+ if (virus_found != 0) |
|
| 234 |
+ return CL_VIRUS; |
|
| 233 | 235 |
return ret; |
| 234 | 236 |
} |
| 235 | 237 |
|
| ... | ... |
@@ -375,6 +381,7 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
| 375 | 375 |
int ret = CL_CLEAN, rc, file = 0; |
| 376 | 376 |
arj_metadata_t metadata; |
| 377 | 377 |
char *dir; |
| 378 |
+ int virus_found = 0; |
|
| 378 | 379 |
|
| 379 | 380 |
UNUSEDPARAM(sfx_check); |
| 380 | 381 |
|
| ... | ... |
@@ -410,10 +417,14 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
| 410 | 410 |
} |
| 411 | 411 |
file++; |
| 412 | 412 |
if(cli_matchmeta(ctx, metadata.filename, metadata.comp_size, metadata.orig_size, metadata.encrypted, file, 0, NULL) == CL_VIRUS) {
|
| 413 |
- cli_rmdirs(dir); |
|
| 414 |
- free(dir); |
|
| 415 |
- return CL_VIRUS; |
|
| 416 |
- } |
|
| 413 |
+ if (!SCAN_ALL) {
|
|
| 414 |
+ cli_rmdirs(dir); |
|
| 415 |
+ free(dir); |
|
| 416 |
+ return CL_VIRUS; |
|
| 417 |
+ } |
|
| 418 |
+ virus_found = 1; |
|
| 419 |
+ ret = CL_SUCCESS; |
|
| 420 |
+ } |
|
| 417 | 421 |
|
| 418 | 422 |
if ((ret = cli_checklimits("ARJ", ctx, metadata.orig_size, metadata.comp_size, 0))!=CL_CLEAN) {
|
| 419 | 423 |
ret = CL_SUCCESS; |
| ... | ... |
@@ -433,12 +444,16 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
| 433 | 433 |
close(metadata.ofd); |
| 434 | 434 |
if (rc == CL_VIRUS) {
|
| 435 | 435 |
cli_dbgmsg("ARJ: infected with %s\n", cli_get_last_virus(ctx));
|
| 436 |
- ret = CL_VIRUS; |
|
| 437 |
- if (metadata.filename) {
|
|
| 438 |
- free(metadata.filename); |
|
| 439 |
- metadata.filename = NULL; |
|
| 440 |
- } |
|
| 441 |
- break; |
|
| 436 |
+ if (!SCAN_ALL) {
|
|
| 437 |
+ ret = CL_VIRUS; |
|
| 438 |
+ if (metadata.filename) {
|
|
| 439 |
+ free(metadata.filename); |
|
| 440 |
+ metadata.filename = NULL; |
|
| 441 |
+ } |
|
| 442 |
+ break; |
|
| 443 |
+ } |
|
| 444 |
+ virus_found = 1; |
|
| 445 |
+ ret = CL_SUCCESS; |
|
| 442 | 446 |
} |
| 443 | 447 |
} |
| 444 | 448 |
if (metadata.filename) {
|
| ... | ... |
@@ -456,6 +471,8 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
| 456 | 456 |
free(metadata.filename); |
| 457 | 457 |
} |
| 458 | 458 |
|
| 459 |
+ if (virus_found != 0) |
|
| 460 |
+ ret = CL_VIRUS; |
|
| 459 | 461 |
cli_dbgmsg("ARJ: Exit code: %d\n", ret);
|
| 460 | 462 |
if (ret == CL_BREAK) |
| 461 | 463 |
ret = CL_CLEAN; |
| ... | ... |
@@ -1484,7 +1501,7 @@ static int cli_scanscript(cli_ctx *ctx) |
| 1484 | 1484 |
cli_ac_freedata(&tmdata); |
| 1485 | 1485 |
cli_ac_freedata(&gmdata); |
| 1486 | 1486 |
|
| 1487 |
- if (SCAN_ALL && viruses_found) |
|
| 1487 |
+ if (viruses_found) |
|
| 1488 | 1488 |
return CL_VIRUS; |
| 1489 | 1489 |
|
| 1490 | 1490 |
return ret; |
| ... | ... |
@@ -1688,7 +1705,7 @@ static int cli_scanmschm(cli_ctx *ctx) |
| 1688 | 1688 |
if (ret == CL_BREAK) |
| 1689 | 1689 |
ret = CL_CLEAN; |
| 1690 | 1690 |
|
| 1691 |
- if (SCAN_ALL && viruses_found) |
|
| 1691 |
+ if (viruses_found) |
|
| 1692 | 1692 |
return CL_VIRUS; |
| 1693 | 1693 |
return ret; |
| 1694 | 1694 |
} |
| ... | ... |
@@ -1918,7 +1935,7 @@ static int cli_scanmail(cli_ctx *ctx) |
| 1918 | 1918 |
cli_rmdirs(dir); |
| 1919 | 1919 |
|
| 1920 | 1920 |
free(dir); |
| 1921 |
- if (SCAN_ALL && viruses_found) |
|
| 1921 |
+ if (viruses_found) |
|
| 1922 | 1922 |
return CL_VIRUS; |
| 1923 | 1923 |
return ret; |
| 1924 | 1924 |
} |
| ... | ... |
@@ -2000,7 +2017,7 @@ static int cli_scan_structured(cli_ctx *ctx) |
| 2000 | 2000 |
return CL_VIRUS; |
| 2001 | 2001 |
} |
| 2002 | 2002 |
|
| 2003 |
- if (SCAN_ALL && viruses_found) |
|
| 2003 |
+ if (viruses_found) |
|
| 2004 | 2004 |
return CL_VIRUS; |
| 2005 | 2005 |
return CL_CLEAN; |
| 2006 | 2006 |
} |
| ... | ... |
@@ -2595,6 +2612,8 @@ static int magic_scandesc_cleanup(cli_ctx *ctx, cli_file_t type, unsigned char * |
| 2595 | 2595 |
cache_add(hash, hashed_size, ctx); |
| 2596 | 2596 |
perf_stop(ctx, PERFT_CACHE); |
| 2597 | 2597 |
} |
| 2598 |
+ if (retcode == CL_VIRUS && SCAN_ALL) |
|
| 2599 |
+ return CL_CLEAN; |
|
| 2598 | 2600 |
return retcode; |
| 2599 | 2601 |
} |
| 2600 | 2602 |
|
| ... | ... |
@@ -504,6 +504,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
| 504 | 504 |
const uint8_t *lh, *zip; |
| 505 | 505 |
char name[256]; |
| 506 | 506 |
uint32_t csize, usize; |
| 507 |
+ int virus_found = 0; |
|
| 507 | 508 |
|
| 508 | 509 |
if(!(lh = fmap_need_off(map, loff, SIZEOF_LH))) {
|
| 509 | 510 |
cli_dbgmsg("cli_unzip: lh - out of file\n");
|
| ... | ... |
@@ -540,8 +541,10 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
| 540 | 540 |
/* ZMDfmt virname:encrypted(0-1):filename(exact|*):usize(exact|*):csize(exact|*):crc32(exact|*):method(exact|*):fileno(exact|*):maxdepth(exact|*) */ |
| 541 | 541 |
|
| 542 | 542 |
if(cli_matchmeta(ctx, name, LH_csize, LH_usize, (LH_flags & F_ENCR)!=0, fc, LH_crc32, NULL) == CL_VIRUS) {
|
| 543 |
- *ret = CL_VIRUS; |
|
| 544 |
- return 0; |
|
| 543 |
+ *ret = CL_VIRUS; |
|
| 544 |
+ if (!SCAN_ALL) |
|
| 545 |
+ return 0; |
|
| 546 |
+ virus_found = 1; |
|
| 545 | 547 |
} |
| 546 | 548 |
|
| 547 | 549 |
if(LH_flags & F_MSKED) {
|
| ... | ... |
@@ -555,8 +558,11 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
| 555 | 555 |
cli_dbgmsg("cli_unzip: Encrypted files found in archive.\n");
|
| 556 | 556 |
cli_append_virus(ctx, "Heuristics.Encrypted.Zip"); |
| 557 | 557 |
*ret = CL_VIRUS; |
| 558 |
- fmap_unneed_off(map, loff, SIZEOF_LH); |
|
| 559 |
- return 0; |
|
| 558 |
+ if (!SCAN_ALL) {
|
|
| 559 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
| 560 |
+ return 0; |
|
| 561 |
+ } |
|
| 562 |
+ virus_found = 1; |
|
| 560 | 563 |
} |
| 561 | 564 |
|
| 562 | 565 |
if(LH_flags & F_USEDD) {
|
| ... | ... |
@@ -595,6 +601,9 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
| 595 | 595 |
zsize-=csize; |
| 596 | 596 |
} |
| 597 | 597 |
|
| 598 |
+ if (virus_found != 0) |
|
| 599 |
+ *ret = CL_VIRUS; |
|
| 600 |
+ |
|
| 598 | 601 |
fmap_unneed_off(map, loff, SIZEOF_LH); /* unneed now. block is guaranteed to exists till the next need */ |
| 599 | 602 |
if(LH_flags & F_USEDD) {
|
| 600 | 603 |
if(zsize<12) {
|