@@ -1,3 +1,7 @@

+Tue Jan 30 20:16:39 CET 2007 (tk)

+---------------------------------

+  * libclamav: add mew and upack into dconf

+

 Tue Jan 30 16:31:37 CET 2007 (tk)

 ---------------------------------

   * libclamav/unrar/unrar.c: properly handle metadata for large files

@@ -61,8 +61,12 @@ static struct dconf_module modules[] = {

 #ifdef CL_EXPERIMENTAL

     /* enable by default in experimental mode */

     { "PE",	    "NSPACK",	    PE_CONF_NSPACK,	    1 },

+    { "PE",	    "MEW",	    PE_CONF_MEW,	    1 },

+    { "PE",	    "UPACK",	    PE_CONF_UPACK,	    1 },

 #else

     { "PE",	    "NSPACK",	    PE_CONF_NSPACK,	    0 },

+    { "PE",	    "MEW",	    PE_CONF_MEW,	    0 },

+    { "PE",	    "UPACK",	    PE_CONF_UPACK,	    0 },

 #endif

     { "ELF",	    NULL,	    0x1,		    1 },

@@ -47,6 +47,8 @@ struct cli_dconf {

 #define PE_CONF_YC	    0x400

 #define PE_CONF_WWPACK	    0x800

 #define PE_CONF_NSPACK	    0x1000

+#define PE_CONF_MEW	    0x2000

+#define PE_CONF_UPACK	    0x4000

 /* Archive flags */

 #define ARCH_CONF_RAR	    0x1

@@ -30,7 +30,6 @@

 #include "clamav-config.h"

 #endif

-#ifdef CL_EXPERIMENTAL

 #include <stdio.h>

 #include <stdlib.h>

 #include <sys/types.h>

@@ -874,5 +873,3 @@ int unmew11(int sectnum, char *src, int off, int ssize, int dsize, uint32_t base

 	return 1;

 }

-

-#endif /* CL_EXPERIMENTAL */

@@ -24,20 +24,18 @@

 #include "clamav-config.h"

 #endif

-#ifdef CL_EXPERIMENTAL

+#include "cltypes.h"

+

 struct lzmastate {

 	char *p0;

 	uint32_t p1, p2;

 };

-//int mew_lzma(struct pe_image_section_hdr *, char *, char *, uint32_t, uint32_t, uint32_t);

 int mew_lzma(char *, char *, uint32_t, uint32_t, uint32_t);

 uint32_t lzma_upack_esi_00(struct lzmastate *, char *, char *, uint32_t);

 uint32_t lzma_upack_esi_50(struct lzmastate *, uint32_t, uint32_t, char **, char *, uint32_t *, char *, uint32_t);

 uint32_t lzma_upack_esi_54(struct lzmastate *, uint32_t, uint32_t *, char **, uint32_t *, char *, uint32_t);

-//int unmew11(struct pe_image_section_hdr *, int, char *, int, int, int, uint32_t, uint32_t, int, char **, char **, int);

 int unmew11(int, char *, int, int, int, uint32_t, uint32_t, int, char **, char **, int);

-#endif

 #endif

@@ -49,10 +49,8 @@

 #include "str.h"

 #include "execs.h"

 #include "md5.h"

-#ifdef CL_EXPERIMENTAL

 #include "mew.h"

 #include "upack.h"

-#endif

 #ifndef	O_BINARY

 #define	O_BINARY	0

@@ -484,7 +482,9 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    lseek(desc, (EC16(file_hdr.SizeOfOptionalHeader)-sizeof(struct pe_image_optional_hdr32)), SEEK_CUR);

 	}

-	upack = (EC16(file_hdr.SizeOfOptionalHeader)==0x148);

+	if(DCONF & PE_CONF_UPACK)

+	    upack = (EC16(file_hdr.SizeOfOptionalHeader)==0x148);

+

 	vep = EC32(optional_hdr32.AddressOfEntryPoint);

 	cli_dbgmsg("File format: PE\n");

@@ -1080,7 +1080,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     /* try to find the first section with physical size == 0 */

     found = 0;

-    if(DCONF & (PE_CONF_UPX | PE_CONF_FSG)) {

+    if(DCONF & (PE_CONF_UPX | PE_CONF_FSG | PE_CONF_MEW)) {

 	for(i = 0; i < (unsigned int) nsections - 1; i++) {

 	    if(!section_hdr[i].SizeOfRawData && section_hdr[i].VirtualSize && section_hdr[i + 1].SizeOfRawData && section_hdr[i + 1].VirtualSize) {

 		found = 1;

@@ -1090,10 +1090,8 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	}

     }

-

     /* MEW support */

-#ifdef CL_EXPERIMENTAL

-    if (found) {

+    if (found && (DCONF & PE_CONF_MEW)) {

 	uint32_t fileoffset;

 	/* Check EP for MEW */

 	if(lseek(desc, ep, SEEK_SET) == -1) {

@@ -1253,11 +1251,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	} while (0);

     }

-

     if(found || upack) {

-#else

-    if(found) {

-#endif

 	/* Check EP for UPX vs. FSG vs. Upack */

 	if(lseek(desc, ep, SEEK_SET) == -1) {

 	    cli_dbgmsg("UPX/FSG: lseek() failed\n");

@@ -1274,7 +1268,6 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    return CL_CLEAN;

 	}

-#ifdef CL_EXPERIMENTAL

 	/* Upack 0.39 produces 2 types of executables

 	 * 3 sections:           | 2 sections (one empty, I don't chech found if !upack, since it's in OR above):

 	 *   mov esi, value      |   pusha

@@ -1424,7 +1417,6 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 		}

 	}

 skip_upack_and_go_to_next_unpacker:

-#endif

 	if((DCONF & PE_CONF_FSG) && buff[0] == '\x87' && buff[1] == '\x25') {

@@ -27,7 +27,6 @@

 #include "clamav-config.h"

 #endif

-#ifdef CL_EXPERIMENTAL

 #include <stdio.h>

 #include <stdlib.h>

 #include <sys/types.h>

@@ -39,6 +38,7 @@

 #include "pe.h"

 #include "rebuildpe.h"

 #include "others.h"

+#include "upack.h"

 #include "mew.h"

 #define EC32(x) le32_to_host(x) /* Convert little endian to host */

@@ -672,5 +672,3 @@ int unupack399(char *bs, uint32_t bl, uint32_t init_eax, char *init_ebx, uint32_

 	return 1;

 }

-

-#endif

@@ -24,8 +24,8 @@

 #include "clamav-config.h"

 #endif

-#ifdef CL_EXPERIMENTAL

+#include "cltypes.h"

+

 int unupack(int, char *, uint32_t, char *, uint32_t, uint32_t, uint32_t, uint32_t, int);

 #endif

-#endif