Browse code
detect encrypted rar archives
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@395 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/03/12 05:48:01Showing 6 changed files
- ChangeLog
- libclamav/clamav.h
- libclamav/matcher.c
- libclamav/scanners.c
- libclamav/unrarlib.c
- libclamav/unrarlib.h
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Thu Mar 11 21:50:32 CET 2004 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav: rar: added support for encrypted archive (Encrypted.RAR) |
|
| 4 |
+ detection |
|
| 5 |
+ |
|
| 1 | 6 |
Thu Mar 11 00:16:11 CET 2004 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* libclamav: rar support: due to a bug only first file in archive was |
| ... | ... |
@@ -114,7 +114,7 @@ struct cl_cvd {
|
| 114 | 114 |
}; |
| 115 | 115 |
|
| 116 | 116 |
/* file scanning */ |
| 117 |
-extern int cl_scanbuff(const char *buffer, unsigned int length, char **virname, const struct cl_node *root); |
|
| 117 |
+extern int cl_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root); |
|
| 118 | 118 |
|
| 119 | 119 |
extern int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options); |
| 120 | 120 |
|
| ... | ... |
@@ -193,7 +193,7 @@ void cl_freetrie(struct cl_node *root) |
| 193 | 193 |
free(root); |
| 194 | 194 |
} |
| 195 | 195 |
|
| 196 |
-int cl_scanbuff(const char *buffer, unsigned int length, char **virname, const struct cl_node *root) |
|
| 196 |
+int cl_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root) |
|
| 197 | 197 |
{
|
| 198 | 198 |
struct cl_node *current; |
| 199 | 199 |
struct cli_patt *pt; |
| ... | ... |
@@ -199,6 +199,13 @@ static int cli_scanrar(int desc, const char **virname, long int *scanned, const |
| 199 | 199 |
rarlist_head = rarlist; |
| 200 | 200 |
|
| 201 | 201 |
while(rarlist) {
|
| 202 |
+ if(DETECT_ENCRYPTED && (rarlist->item.Flags & 4)) {
|
|
| 203 |
+ files++; |
|
| 204 |
+ cli_dbgmsg("Rar -> Encrypted files found in archive.\n");
|
|
| 205 |
+ *virname = "Encrypted.RAR"; |
|
| 206 |
+ ret = CL_VIRUS; |
|
| 207 |
+ break; |
|
| 208 |
+ } |
|
| 202 | 209 |
|
| 203 | 210 |
if(limits) {
|
| 204 | 211 |
if(limits->maxfilesize && (rarlist->item.UnpSize > limits->maxfilesize)) {
|
| ... | ... |
@@ -1,5 +1,5 @@ |
| 1 | 1 |
/* It contains some changes needed for libclamav and isn't compatible with |
| 2 |
- * original version, --tk |
|
| 2 |
+ * the original version, --tk |
|
| 3 | 3 |
*/ |
| 4 | 4 |
/* *************************************************************************** |
| 5 | 5 |
** |
| ... | ... |
@@ -566,6 +566,7 @@ int urarlib_list(int desc, ArchiveList_struct *list) |
| 566 | 566 |
tmp_List->item.UnpVer = NewLhd.UnpVer; |
| 567 | 567 |
tmp_List->item.Method = NewLhd.Method; |
| 568 | 568 |
tmp_List->item.FileAttr = NewLhd.FileAttr; |
| 569 |
+ tmp_List->item.Flags = NewLhd.Flags; |
|
| 569 | 570 |
|
| 570 | 571 |
NoOfFilesInArchive++; /* count files */ |
| 571 | 572 |
|