GitList

Browse code

ISHIELD support: - preliminary ishield-msi ftype sport

aCaB authored on 2009/07/13 08:02:13
Showing 4 changed files

libclamav/filetypes.c index aebca76..3005769 100644
libclamav/filetypes.h index 5a47f88..cd31d26 100644
libclamav/filetypes_int.h index f58b23b..6477dc6 100644
libclamav/scanners.c index 0222e52..736824f 100644

@@ -93,6 +93,7 @@ static const struct ftmap_s {
                          { "CL_TYPE_ARJSFX",		CL_TYPE_ARJSFX		},
                          { "CL_TYPE_NULSFT",		CL_TYPE_NULSFT		},
                          { "CL_TYPE_AUTOIT",		CL_TYPE_AUTOIT		},
                     +    { "CL_TYPE_ISHIELD_MSI",	CL_TYPE_ISHIELD_MSI	},
                          { NULL,			CL_TYPE_IGNORED		}
                      };

libclamav/filetypes.h

History View file @ cadaa70

@@ -80,6 +80,7 @@ typedef enum {
                          CL_TYPE_ARJSFX,
                          CL_TYPE_NULSFT, /* on the fly */
                          CL_TYPE_AUTOIT,
                     +    CL_TYPE_ISHIELD_MSI,
                          CL_TYPE_IGNORED /* please don't add anything below */
                      } cli_file_t;

libclamav/filetypes_int.h

History View file @ cadaa70

@@ -148,6 +148,7 @@ static const char *ftypes_int[] = {
                        "0:0:cffaedfe:Mach-O LE 64-bit:CL_TYPE_ANY:CL_TYPE_MACHO:45",
                        "0:0:feedface:Mach-O BE:CL_TYPE_ANY:CL_TYPE_MACHO:45",
                        "0:0:feedfacf:Mach-O BE 64-bit:CL_TYPE_ANY:CL_TYPE_MACHO:45",
                     +  "1:*:496e7374616c6c536869656c6400{292}06000000:ISHIELD-MSI:CL_TYPE_ANY:CL_TYPE_ISHIELD_MSI:45",
                        NULL
                      };

libclamav/scanners.c

History View file @ cadaa70

@@ -104,6 +104,8 @@
                      #include <stddef.h>
                      #endif
                     +static int cli_scanishield_msi(int desc, cli_ctx *ctx, off_t off) { cli_dbgmsg("in ishield-msi\n"); return CL_CLEAN; }
+                    +
                      static int cli_scanfile(const char *filename, cli_ctx *ctx);
                      static int cli_scandir(const char *dirname, cli_ctx *ctx, cli_file_t container)
@@ -1792,6 +1794,13 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,
+                     			}
                      			break;
                     +		    case CL_TYPE_ISHIELD_MSI:
                     +		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE /* FIXMEISHIELD && (DCONF_ARCH & ARCH_CONF_ISHIELD)*/) {
                     +			    cli_dbgmsg("ISHIELD-MSI signature found at %u\n", (unsigned int) fpt->offset);
                     +			    nret = cli_scanishield_msi(desc, ctx, fpt->offset + 14);
                     +			}
                     +			break;
+                    +
                      		    case CL_TYPE_PDF:
                      			if(type != CL_TYPE_PDF && SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF)) {
                      			    cli_dbgmsg("PDF signature found at %u\n", (unsigned int) fpt->offset);
@@ -1965,6 +1974,11 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
                      		ret = cli_scanautoit(desc, ctx, 23);
                      	    break;
                     +        case CL_TYPE_ISHIELD_MSI:
                     +	    if(SCAN_ARCHIVE /* FIXMEISHIELD && (DCONF_ARCH & ARCH_CONF_ISHIELD)*/)
                     +		ret = cli_scanishield_msi(desc, ctx, 14);
                     +	    break;
+                    +
                      	case CL_TYPE_MSSZDD:
                      	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_SZDD))
                      		ret = cli_scanszdd(desc, ctx);