... | ... |
@@ -619,6 +619,7 @@ fileblobScan(const fileblob *fb) |
619 | 619 |
{ |
620 | 620 |
int rc; |
621 | 621 |
STATBUF sb; |
622 |
+ int virus_found = 0; |
|
622 | 623 |
|
623 | 624 |
if(fb->isInfected) |
624 | 625 |
return CL_VIRUS; |
... | ... |
@@ -636,11 +637,14 @@ fileblobScan(const fileblob *fb) |
636 | 636 |
fflush(fb->fp); |
637 | 637 |
lseek(fb->fd, 0, SEEK_SET); |
638 | 638 |
FSTAT(fb->fd, &sb); |
639 |
- if(cli_matchmeta(fb->ctx, fb->b.name, sb.st_size, sb.st_size, 0, 0, 0, NULL) == CL_VIRUS) |
|
640 |
- return CL_VIRUS; |
|
639 |
+ if(cli_matchmeta(fb->ctx, fb->b.name, sb.st_size, sb.st_size, 0, 0, 0, NULL) == CL_VIRUS) { |
|
640 |
+ if (!(fb->ctx->options & CL_SCAN_ALLMATCHES)) |
|
641 |
+ return CL_VIRUS; |
|
642 |
+ virus_found = 1; |
|
643 |
+ } |
|
641 | 644 |
|
642 | 645 |
rc = cli_magic_scandesc(fb->fd, fb->ctx); |
643 |
- if(rc == CL_VIRUS) { |
|
646 |
+ if(rc == CL_VIRUS || virus_found != 0) { |
|
644 | 647 |
cli_dbgmsg("%s is infected\n", fb->fullname); |
645 | 648 |
return CL_VIRUS; |
646 | 649 |
} |
... | ... |
@@ -102,14 +102,17 @@ int cli_scancpio_old(cli_ctx *ctx) |
102 | 102 |
char name[513]; |
103 | 103 |
unsigned int file = 0, trailer = 0; |
104 | 104 |
uint32_t filesize, namesize, hdr_namesize; |
105 |
- int ret, conv; |
|
105 |
+ int ret = CL_CLEAN, conv; |
|
106 | 106 |
off_t pos = 0; |
107 |
+ int virus_found = 0; |
|
107 | 108 |
|
108 | 109 |
|
109 | 110 |
while(fmap_readn(*ctx->fmap, &hdr_old, pos, sizeof(hdr_old)) == sizeof(hdr_old)) { |
110 | 111 |
pos += sizeof(hdr_old); |
111 |
- if(!hdr_old.magic && trailer) |
|
112 |
- return CL_SUCCESS; |
|
112 |
+ if(!hdr_old.magic && trailer) { |
|
113 |
+ ret = CL_SUCCESS; |
|
114 |
+ goto leave; |
|
115 |
+ } |
|
113 | 116 |
|
114 | 117 |
if(hdr_old.magic == 070707) { |
115 | 118 |
conv = 0; |
... | ... |
@@ -117,7 +120,8 @@ int cli_scancpio_old(cli_ctx *ctx) |
117 | 117 |
conv = 1; |
118 | 118 |
} else { |
119 | 119 |
cli_dbgmsg("cli_scancpio_old: Invalid magic number\n"); |
120 |
- return CL_EFORMAT; |
|
120 |
+ ret = CL_EFORMAT; |
|
121 |
+ goto leave; |
|
121 | 122 |
} |
122 | 123 |
|
123 | 124 |
cli_dbgmsg("CPIO: -- File %u --\n", ++file); |
... | ... |
@@ -148,8 +152,11 @@ int cli_scancpio_old(cli_ctx *ctx) |
148 | 148 |
if(!filesize) |
149 | 149 |
continue; |
150 | 150 |
|
151 |
- if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) |
|
152 |
- return CL_VIRUS; |
|
151 |
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) { |
|
152 |
+ if (!SCAN_ALL) |
|
153 |
+ return CL_VIRUS; |
|
154 |
+ virus_found = 1; |
|
155 |
+ } |
|
153 | 156 |
|
154 | 157 |
|
155 | 158 |
if((EC16(hdr_old.mode, conv) & 0170000) != 0100000) { |
... | ... |
@@ -157,11 +164,14 @@ int cli_scancpio_old(cli_ctx *ctx) |
157 | 157 |
} else { |
158 | 158 |
ret = cli_checklimits("cli_scancpio_old", ctx, filesize, 0, 0); |
159 | 159 |
if(ret == CL_EMAXFILES) { |
160 |
- return ret; |
|
160 |
+ goto leave; |
|
161 | 161 |
} else if(ret == CL_SUCCESS) { |
162 | 162 |
ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); |
163 |
- if(ret == CL_VIRUS) |
|
164 |
- return ret; |
|
163 |
+ if(ret == CL_VIRUS) { |
|
164 |
+ if (!SCAN_ALL) |
|
165 |
+ return ret; |
|
166 |
+ virus_found = 1; |
|
167 |
+ } |
|
165 | 168 |
} |
166 | 169 |
} |
167 | 170 |
if(filesize % 2) |
... | ... |
@@ -170,7 +180,10 @@ int cli_scancpio_old(cli_ctx *ctx) |
170 | 170 |
pos += filesize; |
171 | 171 |
} |
172 | 172 |
|
173 |
- return CL_CLEAN; |
|
173 |
+ leave: |
|
174 |
+ if (virus_found != 0) |
|
175 |
+ return CL_VIRUS; |
|
176 |
+ return ret; |
|
174 | 177 |
} |
175 | 178 |
|
176 | 179 |
int cli_scancpio_odc(cli_ctx *ctx) |
... | ... |
@@ -179,18 +192,20 @@ int cli_scancpio_odc(cli_ctx *ctx) |
179 | 179 |
char name[513], buff[12]; |
180 | 180 |
unsigned int file = 0, trailer = 0; |
181 | 181 |
uint32_t filesize, namesize, hdr_namesize; |
182 |
- int ret; |
|
182 |
+ int ret = CL_CLEAN; |
|
183 | 183 |
off_t pos = 0; |
184 |
+ int virus_found = 0; |
|
184 | 185 |
|
185 | 186 |
|
186 | 187 |
while(fmap_readn(*ctx->fmap, &hdr_odc, pos, sizeof(hdr_odc)) == sizeof(hdr_odc)) { |
187 | 188 |
pos += sizeof(hdr_odc); |
188 | 189 |
if(!hdr_odc.magic[0] && trailer) |
189 |
- return CL_SUCCESS; |
|
190 |
+ goto leave; |
|
190 | 191 |
|
191 | 192 |
if(strncmp(hdr_odc.magic, "070707", 6)) { |
192 | 193 |
cli_dbgmsg("cli_scancpio_odc: Invalid magic string\n"); |
193 |
- return CL_EFORMAT; |
|
194 |
+ ret = CL_EFORMAT; |
|
195 |
+ goto leave; |
|
194 | 196 |
} |
195 | 197 |
|
196 | 198 |
cli_dbgmsg("CPIO: -- File %u --\n", ++file); |
... | ... |
@@ -199,13 +214,15 @@ int cli_scancpio_odc(cli_ctx *ctx) |
199 | 199 |
buff[6] = 0; |
200 | 200 |
if(sscanf(buff, "%o", &hdr_namesize) != 1) { |
201 | 201 |
cli_dbgmsg("cli_scancpio_odc: Can't convert name size\n"); |
202 |
- return CL_EFORMAT; |
|
202 |
+ ret = CL_EFORMAT; |
|
203 |
+ goto leave; |
|
203 | 204 |
} |
204 | 205 |
if(hdr_namesize) { |
205 | 206 |
namesize = MIN(sizeof(name), hdr_namesize); |
206 | 207 |
if ((uint32_t)fmap_readn(*ctx->fmap, &name, pos, namesize) != namesize) { |
207 | 208 |
cli_dbgmsg("cli_scancpio_odc: Can't read file name\n"); |
208 |
- return CL_EFORMAT; |
|
209 |
+ ret = CL_EFORMAT; |
|
210 |
+ goto leave; |
|
209 | 211 |
} |
210 | 212 |
pos += namesize; |
211 | 213 |
name[namesize - 1] = 0; |
... | ... |
@@ -222,29 +239,39 @@ int cli_scancpio_odc(cli_ctx *ctx) |
222 | 222 |
buff[11] = 0; |
223 | 223 |
if(sscanf(buff, "%o", &filesize) != 1) { |
224 | 224 |
cli_dbgmsg("cli_scancpio_odc: Can't convert file size\n"); |
225 |
- return CL_EFORMAT; |
|
225 |
+ ret = CL_EFORMAT; |
|
226 |
+ goto leave; |
|
226 | 227 |
} |
227 | 228 |
cli_dbgmsg("CPIO: Filesize: %u\n", filesize); |
228 | 229 |
if(!filesize) |
229 | 230 |
continue; |
230 | 231 |
|
231 |
- if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) |
|
232 |
- return CL_VIRUS; |
|
232 |
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) { |
|
233 |
+ if (!SCAN_ALL) |
|
234 |
+ return CL_VIRUS; |
|
235 |
+ virus_found = 1; |
|
236 |
+ } |
|
233 | 237 |
|
234 | 238 |
|
235 | 239 |
ret = cli_checklimits("cli_scancpio_odc", ctx, filesize, 0, 0); |
236 | 240 |
if(ret == CL_EMAXFILES) { |
237 |
- return ret; |
|
241 |
+ goto leave; |
|
238 | 242 |
} else if(ret == CL_SUCCESS) { |
239 | 243 |
ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); |
240 |
- if(ret == CL_VIRUS) |
|
241 |
- return ret; |
|
244 |
+ if(ret == CL_VIRUS) { |
|
245 |
+ if (!SCAN_ALL) |
|
246 |
+ return ret; |
|
247 |
+ virus_found = 1; |
|
248 |
+ } |
|
242 | 249 |
} |
243 | 250 |
|
244 | 251 |
pos += filesize; |
245 | 252 |
} |
246 | 253 |
|
247 |
- return CL_CLEAN; |
|
254 |
+ leave: |
|
255 |
+ if (virus_found != 0) |
|
256 |
+ return CL_VIRUS; |
|
257 |
+ return ret; |
|
248 | 258 |
} |
249 | 259 |
|
250 | 260 |
int cli_scancpio_newc(cli_ctx *ctx, int crc) |
... | ... |
@@ -253,19 +280,21 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
253 | 253 |
char name[513], buff[9]; |
254 | 254 |
unsigned int file = 0, trailer = 0; |
255 | 255 |
uint32_t filesize, namesize, hdr_namesize, pad; |
256 |
- int ret; |
|
256 |
+ int ret = CL_CLEAN; |
|
257 | 257 |
off_t pos = 0; |
258 |
+ int virus_found = 0; |
|
258 | 259 |
|
259 | 260 |
memset(name, 0, 513); |
260 | 261 |
|
261 | 262 |
while(fmap_readn(*ctx->fmap, &hdr_newc, pos, sizeof(hdr_newc)) == sizeof(hdr_newc)) { |
262 | 263 |
pos += sizeof(hdr_newc); |
263 | 264 |
if(!hdr_newc.magic[0] && trailer) |
264 |
- return CL_SUCCESS; |
|
265 |
+ goto leave; |
|
265 | 266 |
|
266 | 267 |
if((!crc && strncmp(hdr_newc.magic, "070701", 6)) || (crc && strncmp(hdr_newc.magic, "070702", 6))) { |
267 | 268 |
cli_dbgmsg("cli_scancpio_newc: Invalid magic string\n"); |
268 |
- return CL_EFORMAT; |
|
269 |
+ ret = CL_EFORMAT; |
|
270 |
+ goto leave; |
|
269 | 271 |
} |
270 | 272 |
|
271 | 273 |
cli_dbgmsg("CPIO: -- File %u --\n", ++file); |
... | ... |
@@ -274,13 +303,15 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
274 | 274 |
buff[8] = 0; |
275 | 275 |
if(sscanf(buff, "%x", &hdr_namesize) != 1) { |
276 | 276 |
cli_dbgmsg("cli_scancpio_newc: Can't convert name size\n"); |
277 |
- return CL_EFORMAT; |
|
277 |
+ ret = CL_EFORMAT; |
|
278 |
+ goto leave; |
|
278 | 279 |
} |
279 | 280 |
if(hdr_namesize) { |
280 | 281 |
namesize = MIN(sizeof(name), hdr_namesize); |
281 | 282 |
if ((uint32_t)fmap_readn(*ctx->fmap, &name, pos, namesize) != namesize) { |
282 | 283 |
cli_dbgmsg("cli_scancpio_newc: Can't read file name\n"); |
283 |
- return CL_EFORMAT; |
|
284 |
+ ret = CL_EFORMAT; |
|
285 |
+ goto leave; |
|
284 | 286 |
} |
285 | 287 |
pos += namesize; |
286 | 288 |
name[namesize - 1] = 0; |
... | ... |
@@ -302,23 +333,29 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
302 | 302 |
buff[8] = 0; |
303 | 303 |
if(sscanf(buff, "%x", &filesize) != 1) { |
304 | 304 |
cli_dbgmsg("cli_scancpio_newc: Can't convert file size\n"); |
305 |
- return CL_EFORMAT; |
|
305 |
+ ret = CL_EFORMAT; |
|
306 |
+ goto leave; |
|
306 | 307 |
} |
307 | 308 |
cli_dbgmsg("CPIO: Filesize: %u\n", filesize); |
308 | 309 |
if(!filesize) |
309 | 310 |
continue; |
310 | 311 |
|
311 |
- if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) |
|
312 |
- return CL_VIRUS; |
|
313 |
- |
|
312 |
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) { |
|
313 |
+ if (!SCAN_ALL) |
|
314 |
+ return CL_VIRUS; |
|
315 |
+ virus_found = 1; |
|
316 |
+ } |
|
314 | 317 |
|
315 | 318 |
ret = cli_checklimits("cli_scancpio_newc", ctx, filesize, 0, 0); |
316 | 319 |
if(ret == CL_EMAXFILES) { |
317 |
- return ret; |
|
320 |
+ goto leave; |
|
318 | 321 |
} else if(ret == CL_SUCCESS) { |
319 | 322 |
ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); |
320 |
- if(ret == CL_VIRUS) |
|
321 |
- return ret; |
|
323 |
+ if(ret == CL_VIRUS) { |
|
324 |
+ if (!SCAN_ALL) |
|
325 |
+ return ret; |
|
326 |
+ virus_found = 1; |
|
327 |
+ } |
|
322 | 328 |
} |
323 | 329 |
|
324 | 330 |
if((pad = filesize % 4)) |
... | ... |
@@ -327,5 +364,8 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) |
327 | 327 |
pos += filesize; |
328 | 328 |
} |
329 | 329 |
|
330 |
- return CL_CLEAN; |
|
330 |
+ leave: |
|
331 |
+ if (virus_found != 0) |
|
332 |
+ return CL_VIRUS; |
|
333 |
+ return ret; |
|
331 | 334 |
} |
... | ... |
@@ -350,6 +350,7 @@ int cli_scanishield(cli_ctx *ctx, off_t off, size_t sz) { |
350 | 350 |
struct IS_CABSTUFF c = { NULL, -1, 0, 0 }; |
351 | 351 |
fmap_t *map = *ctx->fmap; |
352 | 352 |
unsigned fc = 0; |
353 |
+ int virus_found = 0; |
|
353 | 354 |
|
354 | 355 |
while(ret == CL_CLEAN) { |
355 | 356 |
fname = fmap_need_offstr(map, coff, 2048); |
... | ... |
@@ -379,8 +380,12 @@ int cli_scanishield(cli_ctx *ctx, off_t off, size_t sz) { |
379 | 379 |
|
380 | 380 |
cli_dbgmsg("ishield: @%lx found file %s (%s) - version %s - size %lu\n", (unsigned long int) coff, fname, path, version, (unsigned long int) fsize); |
381 | 381 |
if(cli_matchmeta(ctx, fname, fsize, fsize, 0, fc++, 0, NULL) == CL_VIRUS) { |
382 |
- ret = CL_VIRUS; |
|
383 |
- break; |
|
382 |
+ if (!SCAN_ALL) { |
|
383 |
+ ret = CL_VIRUS; |
|
384 |
+ break; |
|
385 |
+ } |
|
386 |
+ ret = CL_CLEAN; |
|
387 |
+ virus_found = 1; |
|
384 | 388 |
} |
385 | 389 |
sz -= (data - fname) + fsize; |
386 | 390 |
|
... | ... |
@@ -436,6 +441,9 @@ int cli_scanishield(cli_ctx *ctx, off_t off, size_t sz) { |
436 | 436 |
} else if( ret == CL_BREAK ) ret = CL_CLEAN; |
437 | 437 |
} |
438 | 438 |
if(c.cabs) free(c.cabs); |
439 |
+ |
|
440 |
+ if (virus_found != 0) |
|
441 |
+ return CL_VIRUS; |
|
439 | 442 |
return ret; |
440 | 443 |
} |
441 | 444 |
|
... | ... |
@@ -205,6 +205,7 @@ static int cli_scandir(const char *dirname, cli_ctx *ctx) |
205 | 205 |
static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx *ctx, unsigned int files, uint32_t* sfx_check) |
206 | 206 |
{ |
207 | 207 |
int ret = CL_SUCCESS; |
208 |
+ int virus_found = 0; |
|
208 | 209 |
|
209 | 210 |
if(files == 1 && sfx_check) { |
210 | 211 |
if(*sfx_check == metadata->crc) |
... | ... |
@@ -218,8 +219,11 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx |
218 | 218 |
(unsigned int) metadata->unpack_size, metadata->method, |
219 | 219 |
metadata->pack_size ? (unsigned int) (metadata->unpack_size / metadata->pack_size) : 0); |
220 | 220 |
|
221 |
- if(cli_matchmeta(ctx, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS) |
|
222 |
- return CL_VIRUS; |
|
221 |
+ if(cli_matchmeta(ctx, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS) { |
|
222 |
+ if (!SCAN_ALL) |
|
223 |
+ return CL_VIRUS; |
|
224 |
+ virus_found = 1; |
|
225 |
+ } |
|
223 | 226 |
|
224 | 227 |
if(DETECT_ENCRYPTED && metadata->encrypted) { |
225 | 228 |
cli_dbgmsg("RAR: Encrypted files found in archive.\n"); |
... | ... |
@@ -230,6 +234,8 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx |
230 | 230 |
} |
231 | 231 |
} |
232 | 232 |
|
233 |
+ if (virus_found != 0) |
|
234 |
+ return CL_VIRUS; |
|
233 | 235 |
return ret; |
234 | 236 |
} |
235 | 237 |
|
... | ... |
@@ -375,6 +381,7 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
375 | 375 |
int ret = CL_CLEAN, rc, file = 0; |
376 | 376 |
arj_metadata_t metadata; |
377 | 377 |
char *dir; |
378 |
+ int virus_found = 0; |
|
378 | 379 |
|
379 | 380 |
UNUSEDPARAM(sfx_check); |
380 | 381 |
|
... | ... |
@@ -410,10 +417,14 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
410 | 410 |
} |
411 | 411 |
file++; |
412 | 412 |
if(cli_matchmeta(ctx, metadata.filename, metadata.comp_size, metadata.orig_size, metadata.encrypted, file, 0, NULL) == CL_VIRUS) { |
413 |
- cli_rmdirs(dir); |
|
414 |
- free(dir); |
|
415 |
- return CL_VIRUS; |
|
416 |
- } |
|
413 |
+ if (!SCAN_ALL) { |
|
414 |
+ cli_rmdirs(dir); |
|
415 |
+ free(dir); |
|
416 |
+ return CL_VIRUS; |
|
417 |
+ } |
|
418 |
+ virus_found = 1; |
|
419 |
+ ret = CL_SUCCESS; |
|
420 |
+ } |
|
417 | 421 |
|
418 | 422 |
if ((ret = cli_checklimits("ARJ", ctx, metadata.orig_size, metadata.comp_size, 0))!=CL_CLEAN) { |
419 | 423 |
ret = CL_SUCCESS; |
... | ... |
@@ -433,12 +444,16 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
433 | 433 |
close(metadata.ofd); |
434 | 434 |
if (rc == CL_VIRUS) { |
435 | 435 |
cli_dbgmsg("ARJ: infected with %s\n", cli_get_last_virus(ctx)); |
436 |
- ret = CL_VIRUS; |
|
437 |
- if (metadata.filename) { |
|
438 |
- free(metadata.filename); |
|
439 |
- metadata.filename = NULL; |
|
440 |
- } |
|
441 |
- break; |
|
436 |
+ if (!SCAN_ALL) { |
|
437 |
+ ret = CL_VIRUS; |
|
438 |
+ if (metadata.filename) { |
|
439 |
+ free(metadata.filename); |
|
440 |
+ metadata.filename = NULL; |
|
441 |
+ } |
|
442 |
+ break; |
|
443 |
+ } |
|
444 |
+ virus_found = 1; |
|
445 |
+ ret = CL_SUCCESS; |
|
442 | 446 |
} |
443 | 447 |
} |
444 | 448 |
if (metadata.filename) { |
... | ... |
@@ -456,6 +471,8 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
456 | 456 |
free(metadata.filename); |
457 | 457 |
} |
458 | 458 |
|
459 |
+ if (virus_found != 0) |
|
460 |
+ ret = CL_VIRUS; |
|
459 | 461 |
cli_dbgmsg("ARJ: Exit code: %d\n", ret); |
460 | 462 |
if (ret == CL_BREAK) |
461 | 463 |
ret = CL_CLEAN; |
... | ... |
@@ -1484,7 +1501,7 @@ static int cli_scanscript(cli_ctx *ctx) |
1484 | 1484 |
cli_ac_freedata(&tmdata); |
1485 | 1485 |
cli_ac_freedata(&gmdata); |
1486 | 1486 |
|
1487 |
- if (SCAN_ALL && viruses_found) |
|
1487 |
+ if (viruses_found) |
|
1488 | 1488 |
return CL_VIRUS; |
1489 | 1489 |
|
1490 | 1490 |
return ret; |
... | ... |
@@ -1688,7 +1705,7 @@ static int cli_scanmschm(cli_ctx *ctx) |
1688 | 1688 |
if (ret == CL_BREAK) |
1689 | 1689 |
ret = CL_CLEAN; |
1690 | 1690 |
|
1691 |
- if (SCAN_ALL && viruses_found) |
|
1691 |
+ if (viruses_found) |
|
1692 | 1692 |
return CL_VIRUS; |
1693 | 1693 |
return ret; |
1694 | 1694 |
} |
... | ... |
@@ -1918,7 +1935,7 @@ static int cli_scanmail(cli_ctx *ctx) |
1918 | 1918 |
cli_rmdirs(dir); |
1919 | 1919 |
|
1920 | 1920 |
free(dir); |
1921 |
- if (SCAN_ALL && viruses_found) |
|
1921 |
+ if (viruses_found) |
|
1922 | 1922 |
return CL_VIRUS; |
1923 | 1923 |
return ret; |
1924 | 1924 |
} |
... | ... |
@@ -2000,7 +2017,7 @@ static int cli_scan_structured(cli_ctx *ctx) |
2000 | 2000 |
return CL_VIRUS; |
2001 | 2001 |
} |
2002 | 2002 |
|
2003 |
- if (SCAN_ALL && viruses_found) |
|
2003 |
+ if (viruses_found) |
|
2004 | 2004 |
return CL_VIRUS; |
2005 | 2005 |
return CL_CLEAN; |
2006 | 2006 |
} |
... | ... |
@@ -2595,6 +2612,8 @@ static int magic_scandesc_cleanup(cli_ctx *ctx, cli_file_t type, unsigned char * |
2595 | 2595 |
cache_add(hash, hashed_size, ctx); |
2596 | 2596 |
perf_stop(ctx, PERFT_CACHE); |
2597 | 2597 |
} |
2598 |
+ if (retcode == CL_VIRUS && SCAN_ALL) |
|
2599 |
+ return CL_CLEAN; |
|
2598 | 2600 |
return retcode; |
2599 | 2601 |
} |
2600 | 2602 |
|
... | ... |
@@ -504,6 +504,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
504 | 504 |
const uint8_t *lh, *zip; |
505 | 505 |
char name[256]; |
506 | 506 |
uint32_t csize, usize; |
507 |
+ int virus_found = 0; |
|
507 | 508 |
|
508 | 509 |
if(!(lh = fmap_need_off(map, loff, SIZEOF_LH))) { |
509 | 510 |
cli_dbgmsg("cli_unzip: lh - out of file\n"); |
... | ... |
@@ -540,8 +541,10 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
540 | 540 |
/* ZMDfmt virname:encrypted(0-1):filename(exact|*):usize(exact|*):csize(exact|*):crc32(exact|*):method(exact|*):fileno(exact|*):maxdepth(exact|*) */ |
541 | 541 |
|
542 | 542 |
if(cli_matchmeta(ctx, name, LH_csize, LH_usize, (LH_flags & F_ENCR)!=0, fc, LH_crc32, NULL) == CL_VIRUS) { |
543 |
- *ret = CL_VIRUS; |
|
544 |
- return 0; |
|
543 |
+ *ret = CL_VIRUS; |
|
544 |
+ if (!SCAN_ALL) |
|
545 |
+ return 0; |
|
546 |
+ virus_found = 1; |
|
545 | 547 |
} |
546 | 548 |
|
547 | 549 |
if(LH_flags & F_MSKED) { |
... | ... |
@@ -555,8 +558,11 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
555 | 555 |
cli_dbgmsg("cli_unzip: Encrypted files found in archive.\n"); |
556 | 556 |
cli_append_virus(ctx, "Heuristics.Encrypted.Zip"); |
557 | 557 |
*ret = CL_VIRUS; |
558 |
- fmap_unneed_off(map, loff, SIZEOF_LH); |
|
559 |
- return 0; |
|
558 |
+ if (!SCAN_ALL) { |
|
559 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
560 |
+ return 0; |
|
561 |
+ } |
|
562 |
+ virus_found = 1; |
|
560 | 563 |
} |
561 | 564 |
|
562 | 565 |
if(LH_flags & F_USEDD) { |
... | ... |
@@ -595,6 +601,9 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
595 | 595 |
zsize-=csize; |
596 | 596 |
} |
597 | 597 |
|
598 |
+ if (virus_found != 0) |
|
599 |
+ *ret = CL_VIRUS; |
|
600 |
+ |
|
598 | 601 |
fmap_unneed_off(map, loff, SIZEOF_LH); /* unneed now. block is guaranteed to exists till the next need */ |
599 | 602 |
if(LH_flags & F_USEDD) { |
600 | 603 |
if(zsize<12) { |