@@ -1,3 +1,7 @@

+Wed Jul 11 10:12:36 BST 2007 (trog)

+-----------------------------------

+  * libclamav: add ARJ and SFX-ARJ support

+

 Wed Jul 11 00:56:02 CEST 2007 (tk)

 ----------------------------------

   * 0.91 (released with JS and PST code removed)

@@ -128,6 +128,8 @@ libclamav_la_SOURCES = \

 	unrar/unrarcmd.c \

 	unrar/unrarfilter.h \

 	unrar/unrarppm.h \

+	unarj.c \

+	unarj.h \

 	nsis/LZMADecode.c \

 	nsis/LZMADecode.h \

 	nsis/bzlib.c \

@@ -86,8 +86,8 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher-ncore.lo \

 	packlibs.lo fsg.lo mew.lo upack.lo line.lo untar.lo unzip.lo \

 	special.lo binhex.lo is_tar.lo tnef.lo unrar15.lo unrarvm.lo \

 	unrar.lo unrarfilter.lo unrarppm.lo unrar20.lo unrarcmd.lo \

-	LZMADecode.lo bzlib.lo infblock.lo nulsft.lo pdf.lo spin.lo \

-	yc.lo elf.lo sis.lo uuencode.lo pst.lo phishcheck.lo \

+	unarj.lo LZMADecode.lo bzlib.lo infblock.lo nulsft.lo pdf.lo \

+	spin.lo yc.lo elf.lo sis.lo uuencode.lo pst.lo phishcheck.lo \

 	phish_domaincheck_db.lo phish_whitelist.lo regex_list.lo \

 	sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo \

 	lockdb.lo

@@ -149,7 +149,6 @@ F77 = @F77@

 FFLAGS = @FFLAGS@

 FRESHCLAM_LIBS = @FRESHCLAM_LIBS@

 GETENT = @GETENT@

-GREP = @GREP@

 HAVE_MILTER_FALSE = @HAVE_MILTER_FALSE@

 HAVE_MILTER_TRUE = @HAVE_MILTER_TRUE@

 INSTALL_DATA = @INSTALL_DATA@

@@ -183,9 +182,12 @@ STRIP = @STRIP@

 THREAD_LIBS = @THREAD_LIBS@

 TH_SAFE = @TH_SAFE@

 VERSION = @VERSION@

+ac_ct_AR = @ac_ct_AR@

 ac_ct_CC = @ac_ct_CC@

 ac_ct_CXX = @ac_ct_CXX@

 ac_ct_F77 = @ac_ct_F77@

+ac_ct_RANLIB = @ac_ct_RANLIB@

+ac_ct_STRIP = @ac_ct_STRIP@

 am__fastdepCC_FALSE = @am__fastdepCC_FALSE@

 am__fastdepCC_TRUE = @am__fastdepCC_TRUE@

 am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@

@@ -202,30 +204,23 @@ build_cpu = @build_cpu@

 build_os = @build_os@

 build_vendor = @build_vendor@

 datadir = @datadir@

-datarootdir = @datarootdir@

-docdir = @docdir@

-dvidir = @dvidir@

 exec_prefix = @exec_prefix@

 host = @host@

 host_alias = @host_alias@

 host_cpu = @host_cpu@

 host_os = @host_os@

 host_vendor = @host_vendor@

-htmldir = @htmldir@

 includedir = @includedir@

 infodir = @infodir@

 install_sh = @install_sh@

 libdir = @libdir@

 libexecdir = @libexecdir@

-localedir = @localedir@

 localstatedir = @localstatedir@

 mandir = @mandir@

 mkdir_p = @mkdir_p@

 oldincludedir = @oldincludedir@

-pdfdir = @pdfdir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

-psdir = @psdir@

 sbindir = @sbindir@

 sendmailprog = @sendmailprog@

 sharedstatedir = @sharedstatedir@

@@ -342,6 +337,8 @@ libclamav_la_SOURCES = \

 	unrar/unrarcmd.c \

 	unrar/unrarfilter.h \

 	unrar/unrarppm.h \

+	unarj.c \

+	unarj.h \

 	nsis/LZMADecode.c \

 	nsis/LZMADecode.h \

 	nsis/bzlib.c \

@@ -520,6 +517,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/table.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/text.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnef.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unarj.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unrar.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unrar15.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unrar20.Plo@am__quote@

@@ -62,6 +62,7 @@ extern "C"

 #define CL_EFORMAT	-124 /* bad format or broken file */

 #define CL_ESUPPORT	-125 /* not supported data format */

 #define CL_ELOCKDB	-126 /* can't lock DB directory */

+#define CL_EARJ         -127 /* ARJ handler error */

 /* NodalCore */

 #define CL_ENCINIT	-200 /* NodalCore initialization failed */

@@ -73,6 +73,7 @@ static struct dconf_module modules[] = {

     { "ARCHIVE",    "ZIP",	    ARCH_CONF_ZIP,	    1 },

     { "ARCHIVE",    "GZIP",	    ARCH_CONF_GZ,	    1 },

     { "ARCHIVE",    "BZIP",	    ARCH_CONF_BZ,	    1 },

+    { "ARCHIVE",    "ARJ",          ARCH_CONF_ARJ,          1 },

     { "ARCHIVE",    "SZDD",	    ARCH_CONF_SZDD,	    1 },

     { "ARCHIVE",    "CAB",	    ARCH_CONF_CAB,	    1 },

     { "ARCHIVE",    "CHM",	    ARCH_CONF_CHM,	    1 },

@@ -65,6 +65,7 @@ struct cli_dconf {

 #define ARCH_CONF_BINHEX    0x200

 #define ARCH_CONF_SIS	    0x400

 #define ARCH_CONF_NSIS	    0x800

+#define ARCH_CONF_ARJ       0x1000

 /* Document flags */

 #define DOC_CONF_HTML	    0x1

@@ -68,6 +68,7 @@ static const struct cli_magic_s cli_magic[] = {

     {0,	    "PK00PK\003\004",		8,  "ZIP",		CL_TYPE_ZIP},

     {0,	    "\037\213",			2,  "GZip",		CL_TYPE_GZ},

     {0,	    "BZh",			3,  "BZip",		CL_TYPE_BZ},

+    {0,	    "\x60\xea",			2,  "ARJ",		CL_TYPE_ARJ},

     {0,	    "SZDD",			4,  "compress.exe'd",	CL_TYPE_MSSZDD},

     {0,	    "MSCF",			4,  "MS CAB",		CL_TYPE_MSCAB},

     {0,	    "ITSF",			4,  "MS CHM",           CL_TYPE_MSCHM},

@@ -190,6 +191,9 @@ static const struct cli_smagic_s cli_smagic[] = {

     {"526172211a0700", "RAR-SFX", CL_TYPE_RARSFX},

     {"504b0304", "ZIP-SFX", CL_TYPE_ZIPSFX},

     {"4d534346", "CAB-SFX", CL_TYPE_CABSFX},

+    {"60ea{7}0002", "ARJ-SFX", CL_TYPE_ARJSFX},

+    {"60ea{7}0102", "ARJ-SFX", CL_TYPE_ARJSFX},

+    {"60ea{7}0202", "ARJ-SFX", CL_TYPE_ARJSFX},

     {"efbeadde4e756c6c736f6674496e7374", "NSIS", CL_TYPE_NULSFT},

     {"4d5a{180-300}50450000", "PE", CL_TYPE_MSEXE},

@@ -38,6 +38,7 @@ typedef enum {

     CL_TYPE_ZIP,

     CL_TYPE_BZ,

     CL_TYPE_RAR,

+    CL_TYPE_ARJ,

     CL_TYPE_MSSZDD,

     CL_TYPE_MSOLE2,

     CL_TYPE_MSCAB,

@@ -62,8 +63,8 @@ typedef enum {

     CL_TYPE_ZIPSFX, /* on the fly */

     CL_TYPE_RARSFX, /* on the fly */

     CL_TYPE_CABSFX,

+    CL_TYPE_ARJSFX,

     CL_TYPE_NULSFT /* on the fly */

-

 } cli_file_t;

 struct cli_matched_type {

@@ -211,6 +211,8 @@ const char *cl_strerror(int clerror)

 	    return "NodalCore accelerator Input/Output error";

 	case CL_ELOCKDB:

 	    return "Unable to lock database directory";

+	case CL_EARJ:

+	    return "ARJ module failure";

 	default:

 	    return "Unknown error code";

     }

@@ -85,6 +85,7 @@ extern short cli_leavetemps_flag;

 #include "mspack.h"

 #include "cab.h"

 #include "rtf.h"

+#include "unarj.h"

 #ifdef HAVE_ZLIB_H

 #include <zlib.h>

@@ -311,6 +312,116 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c

     return ret;

 }

+static int cli_unarj_checklimits(const cli_ctx *ctx, const arj_metadata_t *metadata, unsigned int files)

+{

+    if (ctx->limits) {

+	if (ctx->limits->maxfilesize && (metadata->orig_size > ctx->limits->maxfilesize)) {

+	    cli_dbgmsg("ARJ: %s: Size exceeded (%lu, max: %lu)\n", metadata->filename ? metadata->filename : "(none)",

+	    		(unsigned long int) metadata->orig_size, ctx->limits->maxfilesize);

+	    if (BLOCKMAX) {

+		*ctx->virname = "ARJ.ExceededFileSize";

+		return CL_VIRUS;

+	    }

+	    return CL_EMAXSIZE;

+	}

+	

+	if (ctx->limits->maxratio && metadata->orig_size && metadata->comp_size) {

+	    if (metadata->orig_size / metadata->comp_size >= ctx->limits->maxratio) {

+		cli_dbgmsg("ARJ: Max ratio reached (%u, max: %u)\n", (unsigned int) (metadata->orig_size / metadata->comp_size), ctx->limits->maxratio);

+		if (ctx->limits->maxfilesize && (metadata->orig_size <= ctx->limits->maxfilesize)) {

+		    cli_dbgmsg("ARJ: Ignoring ratio limit (file size doesn't hit limits)\n");

+		} else {

+		    if(BLOCKMAX) {

+		    	*ctx->virname = "Oversized.ARJ";

+			return CL_VIRUS;

+		    }

+		}

+	    }

+	}

+	

+	if(ctx->limits->maxfiles && (files > ctx->limits->maxfiles)) {

+	    cli_dbgmsg("ARJ: Files limit reached (max: %u)\n", ctx->limits->maxfiles);

+	    if (BLOCKMAX) {

+	    	*ctx->virname = "ARJ.ExceededFilesLimit";

+		return CL_VIRUS;

+	    }

+	    return CL_EMAXFILES;

+	}

+    }

+    

+    return CL_SUCCESS;

+}

+

+static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check)

+{

+	int ret = CL_CLEAN, rc;

+	arj_metadata_t metadata;

+	char *dir;

+	unsigned int file_count = 1;

+

+    cli_dbgmsg("in cli_scanarj()\n");

+

+     /* generate the temporary directory */

+    dir = cli_gentemp(NULL);

+    if(mkdir(dir, 0700)) {

+	cli_dbgmsg("RAR: Can't create temporary directory %s\n", dir);

+	free(dir);

+	return CL_ETMPDIR;

+    }

+

+    if(sfx_offset)

+	lseek(desc, sfx_offset, SEEK_SET);

+

+    ret = cli_unarj_open(desc, dir);

+    if (ret != CL_SUCCESS) {

+	if(!cli_leavetemps_flag)

+	    cli_rmdirs(dir);

+	free(dir);

+	cli_dbgmsg("ARJ: Error: %s\n", cl_strerror(ret));

+	return ret;

+    }

+    

+   metadata.filename = NULL;

+

+   do {

+	ret = cli_unarj_prepare_file(desc, dir, &metadata);

+	if (ret != CL_SUCCESS) {

+	   break;

+	}

+	ret = cli_unarj_checklimits(ctx, &metadata, file_count);

+	if (ret == CL_VIRUS) {

+		break;

+	}

+	ret = cli_unarj_extract_file(desc, dir, &metadata);

+	if (metadata.ofd >= 0) {

+	    lseek(metadata.ofd, 0, SEEK_SET);

+	    rc = cli_magic_scandesc(metadata.ofd, ctx);

+	    close(metadata.ofd);

+	    if (rc == CL_VIRUS) {

+		cli_dbgmsg("ARJ: infected with %s\n",*ctx->virname);

+		ret = CL_VIRUS;

+		break;

+	    }

+	}

+	if (metadata.filename) {

+		free(metadata.filename);

+		metadata.filename = NULL;

+	}

+

+    } while(ret == CL_SUCCESS);

+    

+    if(!cli_leavetemps_flag)

+	cli_rmdirs(dir);

+

+    free(dir);

+    if (metadata.filename) {

+	free(metadata.filename);

+    }

+

+    cli_dbgmsg("ARJ: Exit code: %d\n", ret);

+

+    return ret;

+}

 #ifdef HAVE_ZLIB_H

 static int cli_scanzip(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check)

 {

@@ -1808,6 +1919,12 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type)

 			    nret = cli_scanmscab(desc, ctx, fpt->offset);

 			}

 			break;

+		    case CL_TYPE_ARJSFX:

+			if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_ARJ)) {

+			    cli_dbgmsg("ARJ-SFX signature found at %u\n", (unsigned int) fpt->offset);

+			    nret = cli_scanarj(desc, ctx, fpt->offset, &lastrar);

+			}

+			break;

 		    case CL_TYPE_NULSFT:

 		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_NSIS) && fpt->offset > 4) {

@@ -1961,6 +2078,10 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

 		ret = cli_scanbzip(desc, ctx);

 #endif

 	    break;

+	case CL_TYPE_ARJ:

+	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ARJ))

+		ret = cli_scanarj(desc, ctx, 0, NULL);

+	    break;

         case CL_TYPE_NULSFT:

 	    if(SCAN_ARCHIVE)