Browse code
libclamav: scan disasm data with type-8 sigs (bb#895)
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Fri Aug 1 00:07:30 CEST 2008 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav: scan disasm data with type-8 sigs (bb#895) |
|
| 4 |
+ |
|
| 1 | 5 |
Thu Jul 31 18:09:58 CEST 2008 (tk) |
| 2 | 6 |
---------------------------------- |
| 3 | 7 |
* libclamav: add support for loading specific PUA categories (bb#939) |
| ... | ... |
@@ -96,7 +96,7 @@ struct cli_mtarget {
|
| 96 | 96 |
uint8_t ac_only; |
| 97 | 97 |
}; |
| 98 | 98 |
|
| 99 |
-#define CLI_MTARGETS 8 |
|
| 99 |
+#define CLI_MTARGETS 9 |
|
| 100 | 100 |
static const struct cli_mtarget cli_mtargets[CLI_MTARGETS] = {
|
| 101 | 101 |
{ 0, "GENERIC", 0, 0 },
|
| 102 | 102 |
{ CL_TYPE_MSEXE, "PE", 1, 0 },
|
| ... | ... |
@@ -105,7 +105,8 @@ static const struct cli_mtarget cli_mtargets[CLI_MTARGETS] = {
|
| 105 | 105 |
{ CL_TYPE_MAIL, "MAIL", 4, 1 },
|
| 106 | 106 |
{ CL_TYPE_GRAPHICS, "GRAPHICS", 5, 1 },
|
| 107 | 107 |
{ CL_TYPE_ELF, "ELF", 6, 1 },
|
| 108 |
- { CL_TYPE_TEXT_ASCII, "ASCII", 7, 1 }
|
|
| 108 |
+ { CL_TYPE_TEXT_ASCII, "ASCII", 7, 1 },
|
|
| 109 |
+ { CL_TYPE_PE_DISASM, "DISASM", 8, 1 }
|
|
| 109 | 110 |
}; |
| 110 | 111 |
|
| 111 | 112 |
struct cli_target_info {
|
| ... | ... |
@@ -897,9 +897,15 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
| 897 | 897 |
|
| 898 | 898 |
CLI_UNPTEMP("DISASM",(exe_sections,0));
|
| 899 | 899 |
disasmbuf(epbuff, epsize, ndesc); |
| 900 |
+ lseek(ndesc, 0, SEEK_SET); |
|
| 901 |
+ ret = cli_scandesc(ndesc, ctx, CL_TYPE_PE_DISASM, 1, NULL, AC_SCAN_VIR); |
|
| 900 | 902 |
close(ndesc); |
| 901 | 903 |
CLI_TMPUNLK(); |
| 902 | 904 |
free(tempfile); |
| 905 |
+ if(ret == CL_VIRUS) {
|
|
| 906 |
+ free(exe_sections); |
|
| 907 |
+ return ret; |
|
| 908 |
+ } |
|
| 903 | 909 |
|
| 904 | 910 |
/* Attempt to detect some popular polymorphic viruses */ |
| 905 | 911 |
|