1. clamav-devel
  2. Commit 9c3bcd84fbad5fd7d78277efeedca7fc4aa64f1c
Browse code

sigtool: --decode-sigs: handle .ldb sigs

Tomasz Kojm authored on 2009/11/27 03:43:32
Showing 3 changed files
ChangeLog
History View file @ 9c3bcd8
... ... 
@@ -1,3 +1,7 @@
1 
+Thu Nov 26 19:43:06 CET 2009 (tk)
2 
+---------------------------------
3 
+ * sigtool: --decode-sigs: handle .ldb sigs
4 
+
1 5 
 Thu Nov 26 16:06:30 CET 2009 (acab)
2 6 
 -----------------------------------
3 7 
  * libclamav/scanners.c: print inflateinit2 return code
libclamav/libclamav.map
History View file @ 9c3bcd8
... ... 
@@ -118,6 +118,7 @@ CLAMAV_PRIVATE {
118 118 
     cli_ac_scanbuff;
119 119 
     cli_ac_freedata;
120 120 
     cli_ac_free;
121 
+    cli_ac_chklsig;
121 122 
     cli_parse_add;
122 123 
     cli_bm_init;
123 124 
     cli_bm_scanbuff;
sigtool/sigtool.c
History View file @ 9c3bcd8
... ... 
@@ -1835,12 +1835,43 @@ static int decodehex(const char *hexsig)
1835 1835 
 static int decodesig(char *sig)
1836 1836 
 {
1837 1837 
 	char *pt;
1838 
-	const char *tokens[7];
1839 
-	int tokens_count;
1838 
+	const char *tokens[68];
1839 
+	int tokens_count, subsigs, i;
1840 1840
1841 1841 
     if(strchr(sig, ';')) { /* lsig */
1842 
-	mprintf("decodesig: Not supported signature format (yet)\n");
1843 
-	return -1;
1842 
+        tokens_count = cli_strtokenize(sig, ';', 67 + 1, (const char **) tokens);
1843 
+	if(tokens_count < 4) {
1844 
+	    mprintf("!decodesig: Invalid or not supported signature format\n");
1845 
+	    return -1;
1846 
+	}
1847 
+	mprintf("VIRUS NAME: %s\n", tokens[0]);
1848 
+	mprintf("TDB: %s\n", tokens[1]);
1849 
+	mprintf("LOGICAL EXPRESSION: %s\n", tokens[2]);
1850 
+	subsigs = cli_ac_chklsig(tokens[2], tokens[2] + strlen(tokens[2]), NULL, NULL, NULL, 1);
1851 
+	if(subsigs == -1) {
1852 
+	    mprintf("!decodesig: Broken logical expression\n");
1853 
+	    return -1;
1854 
+	}
1855 
+	subsigs++;
1856 
+	if(subsigs > 64) {
1857 
+	    mprintf("!decodesig: Too many subsignatures\n");
1858 
+	    return -1;
1859 
+	}
1860 
+	if(subsigs != tokens_count - 3) {
1861 
+	    mprintf("!decodesig: The number of subsignatures (==%u) doesn't match the IDs in the logical expression (==%u)\n", tokens_count - 3, subsigs);
1862 
+	    return -1;
1863 
+	}
1864 
+	for(i = 0; i < subsigs; i++) {
1865 
+	    mprintf(" * SUBSIG ID %d\n", i);
1866 
+	    if((pt = strchr(tokens[3 + i], ':'))) {
1867 
+		*pt++ = 0;
1868 
+		mprintf(" +-> OFFSET: %s\n", pt);
1869 
+	    } else {
1870 
+		mprintf(" +-> OFFSET: ANY\n");
1871 
+	    }
1872 
+	    mprintf(" +-> DECODED SUBSIGNATURE:\n");
1873 
+	    decodehex(tokens[3 + i]);
1874 
+	}
1844 1875 
     } else if(strchr(sig, ':')) { /* ndb */
1845 1876 
 	tokens_count = cli_strtokenize(sig, ':', 6 + 1, tokens);
1846 1877 
 	if(tokens_count < 4 || tokens_count > 6) {