...
|
...
|
@@ -755,8 +755,14 @@ static int yara_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data
|
755
|
755
|
struct cli_ac_lsig *ac_lsig = root->ac_lsigtable[lsid];
|
756
|
756
|
uint8_t * code_start = ac_lsig->u.code_start;
|
757
|
757
|
int rc = 0;
|
758
|
|
- YR_SCAN_CONTEXT context = {0}; //FIXME (populate from ldb)
|
759
|
|
-
|
|
758
|
+ YR_SCAN_CONTEXT context = {0};
|
|
759
|
+
|
|
760
|
+ if (target_info != NULL) {
|
|
761
|
+ context.file_size = target_info->fsize;
|
|
762
|
+ if (target_info->status == 1)
|
|
763
|
+ context.entry_point = target_info->exeinfo.ep;
|
|
764
|
+ }
|
|
765
|
+
|
760
|
766
|
rc = yr_execute_code(ac_lsig, acdata, &context, 0, 0);
|
761
|
767
|
|
762
|
768
|
if (rc == CL_VIRUS)
|