@@ -1,3 +1,7 @@

+Wed Jul  8 14:59:14 CEST 2009 (tk)

+----------------------------------

+ * libclamav: initial support for Mach-O executables (part of bb#1592)

+

 Mon Jul  6 16:56:06 CEST 2009 (tk)

 ----------------------------------

  * test: add cpio test files

@@ -292,7 +292,9 @@ libclamav_la_SOURCES = \

 	bytecode_priv.h\

 	clambc.h \

 	cpio.c \

-	cpio.h

+	cpio.h \

+	macho.c \

+	macho.h

 if !LINK_TOMMATH

 libclamav_la_SOURCES += bignum.c \

@@ -122,7 +122,7 @@ am__libclamav_la_SOURCES_DIST = clamav.h matcher-ac.c matcher-ac.h \

 	jsparse/lexglobal.h jsparse/textbuf.h uniq.c uniq.h version.c \

 	version.h mpool.c mpool.h default.h sha256.c sha256.h bignum.h \

 	bytecode.c bytecode.h bytecode_vm.c bytecode_priv.h clambc.h \

-	cpio.c cpio.h bignum.c bignum_class.h

+	cpio.c cpio.h macho.c macho.h bignum.c bignum_class.h

 @LINK_TOMMATH_FALSE@am__objects_1 = libclamav_la-bignum.lo

 am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \

 	libclamav_la-matcher-bm.lo libclamav_la-matcher.lo \

@@ -161,7 +161,7 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \

 	libclamav_la-version.lo libclamav_la-mpool.lo \

 	libclamav_la-sha256.lo libclamav_la-bytecode.lo \

 	libclamav_la-bytecode_vm.lo libclamav_la-cpio.lo \

-	$(am__objects_1)

+	libclamav_la-macho.lo $(am__objects_1)

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 libclamav_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \

 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libclamav_la_CFLAGS) \

@@ -532,7 +532,8 @@ libclamav_la_SOURCES = clamav.h matcher-ac.c matcher-ac.h matcher-bm.c \

 	jsparse/js-norm.h jsparse/lexglobal.h jsparse/textbuf.h uniq.c \

 	uniq.h version.c version.h mpool.c mpool.h default.h sha256.c \

 	sha256.h bignum.h bytecode.c bytecode.h bytecode_vm.c \

-	bytecode_priv.h clambc.h cpio.c cpio.h $(am__append_7)

+	bytecode_priv.h clambc.h cpio.c cpio.h macho.c macho.h \

+	$(am__append_7)

 noinst_LTLIBRARIES = libclamav_internal_utils.la libclamav_internal_utils_nothreads.la

 COMMON_CLEANFILES = version.h version.h.tmp *.gcda *.gcno lzma/*.gcda lzma/*.gcno

 @MAINTAINER_MODE_TRUE@BUILT_SOURCES = jsparse/generated/operators.h jsparse/generated/keywords.h jsparse-keywords.gperf

@@ -671,6 +672,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-js-norm.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-line.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-lzma_iface.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-macho.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-matcher-ac.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-matcher-bm.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-matcher.Plo@am__quote@

@@ -1266,6 +1268,13 @@ libclamav_la-cpio.lo: cpio.c

 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

 @am__fastdepCC_FALSE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-cpio.lo `test -f 'cpio.c' || echo '$(srcdir)/'`cpio.c

+libclamav_la-macho.lo: macho.c

+@am__fastdepCC_TRUE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-macho.lo -MD -MP -MF $(DEPDIR)/libclamav_la-macho.Tpo -c -o libclamav_la-macho.lo `test -f 'macho.c' || echo '$(srcdir)/'`macho.c

+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/libclamav_la-macho.Tpo $(DEPDIR)/libclamav_la-macho.Plo

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='macho.c' object='libclamav_la-macho.lo' libtool=yes @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-macho.lo `test -f 'macho.c' || echo '$(srcdir)/'`macho.c

+

 libclamav_la-bignum.lo: bignum.c

 @am__fastdepCC_TRUE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-bignum.lo -MD -MP -MF $(DEPDIR)/libclamav_la-bignum.Tpo -c -o libclamav_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c

 @am__fastdepCC_TRUE@	mv -f $(DEPDIR)/libclamav_la-bignum.Tpo $(DEPDIR)/libclamav_la-bignum.Plo

@@ -73,6 +73,8 @@ static struct dconf_module modules[] = {

     { "ELF",	    NULL,	    0x1,		    1 },

+    { "MACHO",	    NULL,	    0x1,		    1 },

+

     { "ARCHIVE",    "RAR",	    ARCH_CONF_RAR,	    1 },

     { "ARCHIVE",    "ZIP",	    ARCH_CONF_ZIP,	    1 },

     { "ARCHIVE",    "GZIP",	    ARCH_CONF_GZ,	    1 },

@@ -135,6 +137,10 @@ struct cli_dconf *cli_dconf_init(void)

 	    if(modules[i].state)

 		dconf->elf |= modules[i].bflag;

+	} else if(!strcmp(modules[i].mname, "MACHO")) {

+	    if(modules[i].state)

+		dconf->macho |= modules[i].bflag;

+

 	} else if(!strcmp(modules[i].mname, "ARCHIVE")) {

 	    if(modules[i].state)

 		dconf->archive |= modules[i].bflag;

@@ -161,8 +167,8 @@ struct cli_dconf *cli_dconf_init(void)

 void cli_dconf_print(struct cli_dconf *dconf)

 {

-	uint8_t pe = 0, elf = 0, arch = 0, doc = 0, mail = 0, other = 0, phishing=0;

-	unsigned int i;

+	unsigned int pe = 0, elf = 0, macho = 0, arch = 0, doc = 0, mail = 0;

+	unsigned int other = 0, phishing = 0, i;

     cli_dbgmsg("Dynamic engine configuration settings:\n");

@@ -185,6 +191,12 @@ void cli_dconf_print(struct cli_dconf *dconf)

 		elf = 1;

 	    }

+	} else if(!strcmp(modules[i].mname, "MACHO")) {

+	    if(!macho) {

+		cli_dbgmsg("Module MACHO: %s\n", dconf->elf ? "On" : "Off");

+		macho = 1;

+	    }

+

 	} else if(!strcmp(modules[i].mname, "ARCHIVE")) {

 	    if(!arch) {

 		cli_dbgmsg("Module ARCHIVE: %s\n", dconf->archive ? "On" : "Off");

@@ -303,6 +315,15 @@ int cli_dconf_load(FILE *fs, struct cl_engine *engine, unsigned int options, str

 	    }

 	}

+	if(!strncmp(buffer, "MACHO:", 4) && chkflevel(buffer, 2)) {

+	    if(sscanf(buffer + 4, "0x%x", &val) == 1) {

+		engine->dconf->macho = val;

+	    } else {

+		ret = CL_EMALFDB;

+		break;

+	    }

+	}

+

 	if(!strncmp(buffer, "ARCHIVE:", 8) && chkflevel(buffer, 2)) {

 	    if(sscanf(buffer + 8, "0x%x", &val) == 1) {

 		engine->dconf->archive = val;

@@ -33,6 +33,7 @@

 struct cli_dconf {

     uint32_t pe;

     uint32_t elf;

+    uint32_t macho;

     uint32_t archive;

     uint32_t doc;

     uint32_t mail;

@@ -56,6 +56,7 @@ static const struct ftmap_s {

     { "CL_TYPE_ANY",		0			}, /* for ft-sigs */

     { "CL_TYPE_MSEXE",		CL_TYPE_MSEXE		},

     { "CL_TYPE_ELF",		CL_TYPE_ELF		},

+    { "CL_TYPE_MACHO",		CL_TYPE_MACHO		},

     { "CL_TYPE_POSIX_TAR",	CL_TYPE_POSIX_TAR	},

     { "CL_TYPE_OLD_TAR",	CL_TYPE_OLD_TAR		},

     { "CL_TYPE_CPIO_OLD",	CL_TYPE_CPIO_OLD	},

@@ -41,6 +41,7 @@ typedef enum {

     CL_TYPE_MSEXE,

     CL_TYPE_PE_DISASM,

     CL_TYPE_ELF,

+    CL_TYPE_MACHO,

     CL_TYPE_POSIX_TAR,

     CL_TYPE_OLD_TAR,

     CL_TYPE_CPIO_OLD,

@@ -45,7 +45,7 @@

  * in re-enabling affected modules.

  */

-#define CL_FLEVEL 44

+#define CL_FLEVEL 45

 #define CL_FLEVEL_DCONF	CL_FLEVEL

 extern uint8_t cli_debug_flag;

@@ -93,6 +93,7 @@

 #include "dlp.h"

 #include "default.h"

 #include "cpio.h"

+#include "macho.h"

 #ifdef HAVE_BZLIB_H

 #include <bzlib.h>

@@ -2084,6 +2085,11 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

 		ret = cli_scanelf(desc, ctx);

 	    break;

+	case CL_TYPE_MACHO:

+	    if(ctx->dconf->macho)

+		ret = cli_scanmacho(desc, ctx);

+	    break;

+

 	case CL_TYPE_SIS:

 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_SIS))

 		ret = cli_scansis(desc, ctx);