git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@582 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/05/28 05:15:37... | ... |
@@ -1,9 +1,13 @@ |
1 |
+Thu May 27 22:11:08 CEST 2004 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * contrib: update init script for SuSE (Martin Fuxa <yeti*email.cz>) |
|
4 |
+ |
|
1 | 5 |
Thu May 27 18:01:28 BST 2004 (njh) |
2 | 6 |
---------------------------------- |
3 | 7 |
* docs/man/clamav-milter.8: Clarify usage of when to use template files |
4 | 8 |
* libclamav/message.c: Fixed bug where a truncated BinHex file could |
5 | 9 |
crash the scanner (bug found by Stefan Kaltenbrunner |
6 |
- <mm-mailinglist@madness.at>) |
|
10 |
+ <mm-mailinglist*madness.at>) |
|
7 | 11 |
|
8 | 12 |
Thu May 27 16:38:14 BST 2004 (trog) |
9 | 13 |
----------------------------------- |
... | ... |
@@ -20,7 +24,8 @@ Tue May 25 22:30:33 CEST 2004 (tk) |
20 | 20 |
* libclamav: + report oversized archives (just like clamav-0.6x did) |
21 | 21 |
+ do not trigger off file type recognizer in raw mode |
22 | 22 |
(fixes stdin scanning in clamscan - Debian Bug #250806) |
23 |
- * clamd: harden read() in command parser |
|
23 |
+ * clamd: harden read() in command parser (thanks to Theo Schlossnagle |
|
24 |
+ <jesus*omniti.com>) |
|
24 | 25 |
* Makefiles: + fix *.cvd and *.conf installation in VPATHed directory |
25 | 26 |
(patch by Eugene Crosser <crosser*rol.ru>) |
26 | 27 |
+ disable pthread code in shared files if needed |
... | ... |
@@ -88,7 +88,7 @@ int command(int desc, const struct cl_node *root, const struct cl_limits *limits |
88 | 88 |
if(bread <= 0) { |
89 | 89 |
logg("!Command parser: read() failed.\n"); |
90 | 90 |
/* at least try to display this error message */ |
91 |
- mdprintf(desc, "ERROR: Command parser: read() failed.\n"); |
|
91 |
+ /* mdprintf(desc, "ERROR: Command parser: read() failed.\n"); */ |
|
92 | 92 |
return -1; |
93 | 93 |
} |
94 | 94 |
|
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
#! /bin/sh |
2 |
-# v1.1 03-2004, martin fuxa, yeti@email.cz |
|
2 |
+# v1.2 05-2004, martin fuxa, yeti@email.cz |
|
3 | 3 |
# |
4 | 4 |
### BEGIN INIT INFO |
5 | 5 |
# Provides: clamd |
... | ... |
@@ -9,6 +9,9 @@ |
9 | 9 |
# Default-Stop: 0 1 2 6 |
10 | 10 |
# Description: Control clamav daemon. |
11 | 11 |
### END INIT INFO |
12 |
+# |
|
13 |
+### HISTORY |
|
14 |
+# 2004-05-27 ADD - FreshClam code |
|
12 | 15 |
|
13 | 16 |
# Variables |
14 | 17 |
PID="/var/run/clamd.pid" |
... | ... |
@@ -16,32 +19,58 @@ SBIN="/usr/local/sbin/clamd" |
16 | 16 |
CONF="/etc/clamav.conf" |
17 | 17 |
WHAT="Clam AntiVirus" |
18 | 18 |
|
19 |
+# START_FRESHCLAM value: 1=true, 0 false |
|
20 |
+START_FRESHCLAM=1 |
|
21 |
+FRESHCLAM_SBIN="/usr/local/bin/freshclam" |
|
22 |
+FRESHCLAM_CONF="/etc/freshclam.conf" |
|
23 |
+FRESHCLAM_WHAT="FreshClam" |
|
24 |
+ |
|
19 | 25 |
# Source SuSE config |
20 | 26 |
. /etc/rc.status |
21 | 27 |
|
22 | 28 |
test -x $SBIN || exit 5 |
23 | 29 |
test -e $CONF || exit 5 |
24 | 30 |
|
31 |
+if [ $START_FRESHCLAM = 1 ] |
|
32 |
+then |
|
33 |
+ test -x $FRESHCLAM_SBIN || exit 5 |
|
34 |
+ test -e $FRESHCLAM_CONF || exit 5 |
|
35 |
+fi |
|
36 |
+ |
|
25 | 37 |
# First reset status of this service |
26 | 38 |
rc_reset |
27 | 39 |
|
28 | 40 |
# Process request |
29 | 41 |
case "$1" in |
30 | 42 |
start) |
43 |
+ if [ $START_FRESHCLAM = 1 ] |
|
44 |
+ then |
|
45 |
+ echo -n "Starting ${FRESHCLAM_WHAT} ${FRESHCLAM_CONF}" |
|
46 |
+ startproc $FRESHCLAM_SBIN --daemon --config-file=${FRESHCLAM_CONF} |
|
47 |
+ rc_status -v |
|
48 |
+ fi |
|
31 | 49 |
echo -n "Starting ${WHAT} ${CONF} " |
32 | 50 |
## Start daemon with startproc(8). If this fails |
33 | 51 |
## the echo return value is set appropriate. |
34 | 52 |
startproc $SBIN $CONF |
35 | 53 |
# Remember status and be verbose |
36 | 54 |
rc_status -v |
55 |
+ ## start freshclam |
|
56 |
+ |
|
37 | 57 |
;; |
38 | 58 |
stop) |
39 |
- echo -n "Shutting down ${WHAT} " |
|
59 |
+ echo -n "Shutting down ${WHAT}" |
|
40 | 60 |
## Stop daemon with killproc(8) and if this fails |
41 | 61 |
## set echo the echo return value. |
42 | 62 |
killproc -TERM $SBIN |
43 | 63 |
# Remember status and be verbose |
44 | 64 |
rc_status -v |
65 |
+ if [ $START_FRESHCLAM = 1 ] |
|
66 |
+ then |
|
67 |
+ echo -n "Shutting down ${FRESHCLAM_WHAT}" |
|
68 |
+ killproc -TERM $FRESHCLAM_SBIN |
|
69 |
+ rc_status -v |
|
70 |
+ fi |
|
45 | 71 |
;; |
46 | 72 |
restart) |
47 | 73 |
## Stop the service and regardless of whether it was |
... | ... |
@@ -55,6 +84,12 @@ case "$1" in |
55 | 55 |
echo -n "Checking for ${WHAT} " |
56 | 56 |
checkproc $SBIN |
57 | 57 |
rc_status -v |
58 |
+ if [ $START_FRESHCLAM = 1 ] |
|
59 |
+ then |
|
60 |
+ echo -n "Checking for ${FRESHCLAM_WHAT} " |
|
61 |
+ checkproc $FRESHCLAM_SBIN |
|
62 |
+ rc_status -v |
|
63 |
+ fi |
|
58 | 64 |
;; |
59 | 65 |
|
60 | 66 |
*) |
... | ... |
@@ -109,6 +109,58 @@ struct pe_image_section_hdr { |
109 | 109 |
uint32_t Characteristics; |
110 | 110 |
}; |
111 | 111 |
|
112 |
+int ddump(int desc, int offset, int size, const char *file) |
|
113 |
+{ |
|
114 |
+ int pos, ndesc, bread, sum = 0; |
|
115 |
+ char buff[FILEBUFF]; |
|
116 |
+ |
|
117 |
+ |
|
118 |
+ cli_dbgmsg("in ddump()\n"); |
|
119 |
+ |
|
120 |
+ if((pos = lseek(desc, 0, SEEK_CUR)) == -1) { |
|
121 |
+ cli_dbgmsg("Invalid descriptor\n"); |
|
122 |
+ return -1; |
|
123 |
+ } |
|
124 |
+ |
|
125 |
+ if(lseek(desc, offset, SEEK_SET) == -1) { |
|
126 |
+ cli_dbgmsg("lseek() failed\n"); |
|
127 |
+ lseek(desc, pos, SEEK_SET); |
|
128 |
+ return -1; |
|
129 |
+ } |
|
130 |
+ |
|
131 |
+ if((ndesc = open(file, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU)) < 0) { |
|
132 |
+ cli_dbgmsg("Can't create file %s\n", file); |
|
133 |
+ lseek(desc, pos, SEEK_SET); |
|
134 |
+ return -1; |
|
135 |
+ } |
|
136 |
+ |
|
137 |
+ while((bread = read(desc, buff, FILEBUFF)) > 0) { |
|
138 |
+ if(sum + bread >= size) { |
|
139 |
+ if(write(ndesc, buff, size - sum) == -1) { |
|
140 |
+ cli_dbgmsg("Can't write to file\n"); |
|
141 |
+ lseek(desc, pos, SEEK_SET); |
|
142 |
+ close(ndesc); |
|
143 |
+ unlink(file); |
|
144 |
+ return -1; |
|
145 |
+ } |
|
146 |
+ break; |
|
147 |
+ } else { |
|
148 |
+ if(write(ndesc, buff, bread) == -1) { |
|
149 |
+ cli_dbgmsg("Can't write to file\n"); |
|
150 |
+ lseek(desc, pos, SEEK_SET); |
|
151 |
+ close(ndesc); |
|
152 |
+ unlink(file); |
|
153 |
+ return -1; |
|
154 |
+ } |
|
155 |
+ } |
|
156 |
+ sum += bread; |
|
157 |
+ } |
|
158 |
+ |
|
159 |
+ close(ndesc); |
|
160 |
+ lseek(desc, pos, SEEK_SET); |
|
161 |
+ return 0; |
|
162 |
+} |
|
163 |
+ |
|
112 | 164 |
int cli_scanpe(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev) |
113 | 165 |
{ |
114 | 166 |
uint16_t e_magic; /* DOS signature ("MZ") */ |
... | ... |
@@ -122,7 +174,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
122 | 122 |
|
123 | 123 |
|
124 | 124 |
if(read(desc, &e_magic, sizeof(e_magic)) != sizeof(e_magic)) { |
125 |
- cli_dbgmsg("Can't read DOS signature.\n"); |
|
125 |
+ cli_dbgmsg("Can't read DOS signature\n"); |
|
126 | 126 |
return -1; |
127 | 127 |
} |
128 | 128 |
|
... | ... |
@@ -134,7 +186,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
134 | 134 |
lseek(desc, 58, SEEK_CUR); /* skip to the end of the DOS header */ |
135 | 135 |
|
136 | 136 |
if(read(desc, &e_lfanew, sizeof(e_lfanew)) != sizeof(e_lfanew)) { |
137 |
- cli_dbgmsg("Can't read new header address.\n"); |
|
137 |
+ cli_dbgmsg("Can't read new header address\n"); |
|
138 | 138 |
return -1; |
139 | 139 |
} |
140 | 140 |
|
... | ... |
@@ -152,38 +204,38 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
152 | 152 |
} |
153 | 153 |
|
154 | 154 |
if(file_hdr.Magic != IMAGE_NT_SIGNATURE) { |
155 |
- cli_dbgmsg("Invalid PE signature\n"); |
|
155 |
+ cli_dbgmsg("Invalid PE signature (probably NE file)\n"); |
|
156 | 156 |
return -2; |
157 | 157 |
} |
158 | 158 |
|
159 |
- cli_dbgmsg("Machine type: "); |
|
159 |
+ /* cli_dbgmsg("Machine type: "); */ |
|
160 | 160 |
switch(file_hdr.Machine) { |
161 | 161 |
case 0x14c: |
162 |
- cli_dbgmsg("80386\n"); |
|
162 |
+ cli_dbgmsg("Machine type: 80386\n"); |
|
163 | 163 |
break; |
164 | 164 |
case 0x014d: |
165 |
- cli_dbgmsg("80486\n"); |
|
165 |
+ cli_dbgmsg("Machine type: 80486\n"); |
|
166 | 166 |
break; |
167 | 167 |
case 0x014e: |
168 |
- cli_dbgmsg("80586\n"); |
|
168 |
+ cli_dbgmsg("Machine type: 80586\n"); |
|
169 | 169 |
break; |
170 | 170 |
case 0x162: |
171 |
- cli_dbgmsg("R3000\n"); |
|
171 |
+ cli_dbgmsg("Machine type: R3000\n"); |
|
172 | 172 |
break; |
173 | 173 |
case 0x166: |
174 |
- cli_dbgmsg("R4000\n"); |
|
174 |
+ cli_dbgmsg("Machine type: R4000\n"); |
|
175 | 175 |
break; |
176 | 176 |
case 0x168: |
177 |
- cli_dbgmsg("R10000\n"); |
|
177 |
+ cli_dbgmsg("Machine type: R10000\n"); |
|
178 | 178 |
break; |
179 | 179 |
case 0x184: |
180 |
- cli_dbgmsg("DEC Alpha AXP\n"); |
|
180 |
+ cli_dbgmsg("Machine type: DEC Alpha AXP\n"); |
|
181 | 181 |
break; |
182 | 182 |
case 0x1f0: |
183 |
- cli_dbgmsg("PowerPC\n"); |
|
183 |
+ cli_dbgmsg("Machine type: PowerPC\n"); |
|
184 | 184 |
break; |
185 | 185 |
default: |
186 |
- cli_dbgmsg("Unknown\n"); |
|
186 |
+ cli_warnmsg("Unknown machine type in PE header\n"); |
|
187 | 187 |
} |
188 | 188 |
|
189 | 189 |
cli_dbgmsg("NumberOfSections: %d\n", file_hdr.NumberOfSections); |
... | ... |
@@ -214,25 +266,24 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
214 | 214 |
cli_dbgmsg("SizeOfImage: %d\n", optional_hdr.SizeOfImage); |
215 | 215 |
cli_dbgmsg("SizeOfHeaders: %d\n", optional_hdr.SizeOfHeaders); |
216 | 216 |
|
217 |
- cli_dbgmsg("Subsystem: "); |
|
218 | 217 |
switch(optional_hdr.Subsystem) { |
219 | 218 |
case 1: |
220 |
- cli_dbgmsg("Native (a driver ?)\n"); |
|
219 |
+ cli_dbgmsg("Subsystem: Native (a driver ?)\n"); |
|
221 | 220 |
break; |
222 | 221 |
case 2: |
223 |
- cli_dbgmsg("Win32 GUI\n"); |
|
222 |
+ cli_dbgmsg("Subsystem: Win32 GUI\n"); |
|
224 | 223 |
break; |
225 | 224 |
case 3: |
226 |
- cli_dbgmsg("Win32 console\n"); |
|
225 |
+ cli_dbgmsg("Subsystem: Win32 console\n"); |
|
227 | 226 |
break; |
228 | 227 |
case 5: |
229 |
- cli_dbgmsg("OS/2 console\n"); |
|
228 |
+ cli_dbgmsg("Subsystem: OS/2 console\n"); |
|
230 | 229 |
break; |
231 | 230 |
case 7: |
232 |
- cli_dbgmsg("POSIX console\n"); |
|
231 |
+ cli_dbgmsg("Subsystem: POSIX console\n"); |
|
233 | 232 |
break; |
234 | 233 |
default: |
235 |
- cli_dbgmsg("Unknown\n"); |
|
234 |
+ cli_warnmsg("Unknown subsystem in PE header\n"); |
|
236 | 235 |
} |
237 | 236 |
|
238 | 237 |
cli_dbgmsg("NumberOfRvaAndSizes: %d\n", optional_hdr.NumberOfRvaAndSizes); |
... | ... |
@@ -253,15 +304,35 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
253 | 253 |
cli_dbgmsg("Section size: %d\n", section_hdr.SizeOfRawData); |
254 | 254 |
cli_dbgmsg("PointerToRawData: 0x%x (%d)\n", section_hdr.PointerToRawData, section_hdr.PointerToRawData); |
255 | 255 |
|
256 |
- if(section_hdr.Characteristics & 0x20) |
|
257 |
- cli_dbgmsg("Section contains executable code.\n"); |
|
256 |
+ if(section_hdr.Characteristics & 0x20) { |
|
257 |
+ cli_dbgmsg("Section contains executable code\n"); |
|
258 |
+ |
|
259 |
+ if(section_hdr.VirtualSize < section_hdr.SizeOfRawData) { |
|
260 |
+ cli_dbgmsg("Section contains free space\n"); |
|
261 |
+ /* |
|
262 |
+ cli_dbgmsg("Dumping %d bytes\n", section_hdr.SizeOfRawData - section_hdr.VirtualSize); |
|
263 |
+ ddump(desc, section_hdr.PointerToRawData + section_hdr.VirtualSize, section_hdr.SizeOfRawData - section_hdr.VirtualSize, cl_gentemp(NULL)); |
|
264 |
+ */ |
|
265 |
+ |
|
266 |
+ } |
|
267 |
+ } |
|
258 | 268 |
|
259 | 269 |
if(section_hdr.Characteristics & 0x20000000) |
260 |
- cli_dbgmsg("Section's memory is executable.\n"); |
|
270 |
+ cli_dbgmsg("Section's memory is executable\n"); |
|
271 |
+ |
|
272 |
+/* |
|
273 |
+ if(!strcmp(sname, "_winzip_")) { |
|
274 |
+ int ptrd = section_hdr.PointerToRawData & ~(optional_hdr.FileAlignment - 1); |
|
275 |
+ |
|
276 |
+ cli_dbgmsg("WinZip section\n"); |
|
277 |
+ ddump(desc, ptrd, section_hdr.SizeOfRawData, cl_gentemp(NULL)); |
|
278 |
+ } |
|
279 |
+*/ |
|
280 |
+ |
|
261 | 281 |
} |
262 | 282 |
|
263 | 283 |
if(fstat(desc, &sb) == -1) { |
264 |
- cli_dbgmsg("stat failed\n"); |
|
284 |
+ cli_dbgmsg("fstat failed\n"); |
|
265 | 285 |
return -1; |
266 | 286 |
} |
267 | 287 |
|