@@ -1,9 +1,13 @@

+Thu May 27 22:11:08 CEST 2004 (tk)

+----------------------------------

+  * contrib: update init script for SuSE (Martin Fuxa <yeti*email.cz>)

+

 Thu May 27 18:01:28 BST 2004 (njh)

 ----------------------------------

   * docs/man/clamav-milter.8:	Clarify usage of when to use template files

   * libclamav/message.c:	Fixed bug where a truncated BinHex file could

 	crash the scanner (bug found by Stefan Kaltenbrunner

-		<mm-mailinglist@madness.at>)

+		<mm-mailinglist*madness.at>)

 Thu May 27 16:38:14 BST 2004 (trog)

 -----------------------------------

@@ -20,7 +24,8 @@ Tue May 25 22:30:33 CEST 2004 (tk)

   * libclamav: + report oversized archives (just like clamav-0.6x did)

 	       + do not trigger off file type recognizer in raw mode

 	         (fixes stdin scanning in clamscan - Debian Bug #250806)

-  * clamd: harden read() in command parser

+  * clamd: harden read() in command parser (thanks to Theo Schlossnagle

+	   <jesus*omniti.com>)

   * Makefiles: + fix *.cvd and *.conf installation in VPATHed directory

 	         (patch by Eugene Crosser <crosser*rol.ru>)

 	       + disable pthread code in shared files if needed

@@ -88,7 +88,7 @@ int command(int desc, const struct cl_node *root, const struct cl_limits *limits

     if(bread <= 0) {

 	logg("!Command parser: read() failed.\n");

 	/* at least try to display this error message */

-	mdprintf(desc, "ERROR: Command parser: read() failed.\n");

+	/* mdprintf(desc, "ERROR: Command parser: read() failed.\n"); */

 	return -1;

     }

@@ -1,5 +1,5 @@

 #! /bin/sh

-# v1.1 03-2004, martin fuxa, yeti@email.cz

+# v1.2 05-2004, martin fuxa, yeti@email.cz

 #

 ### BEGIN INIT INFO

 # Provides:       clamd

@@ -9,6 +9,9 @@

 # Default-Stop:   0 1 2 6

 # Description:    Control clamav daemon.

 ### END INIT INFO

+#

+### HISTORY

+# 2004-05-27 ADD - FreshClam code

 # Variables

 PID="/var/run/clamd.pid"

@@ -16,32 +19,58 @@ SBIN="/usr/local/sbin/clamd"

 CONF="/etc/clamav.conf"

 WHAT="Clam AntiVirus"

+# START_FRESHCLAM value: 1=true, 0 false

+START_FRESHCLAM=1

+FRESHCLAM_SBIN="/usr/local/bin/freshclam"

+FRESHCLAM_CONF="/etc/freshclam.conf"

+FRESHCLAM_WHAT="FreshClam"

+

 # Source SuSE config

 . /etc/rc.status

 test -x $SBIN || exit 5

 test -e $CONF || exit 5

+if [ $START_FRESHCLAM = 1 ]

+then

+    test -x $FRESHCLAM_SBIN || exit 5

+    test -e $FRESHCLAM_CONF || exit 5

+fi

+

 # First reset status of this service

 rc_reset

 # Process request

 case "$1" in

     start)

+        if [ $START_FRESHCLAM = 1 ]

+        then

+            echo -n "Starting ${FRESHCLAM_WHAT} ${FRESHCLAM_CONF}"

+            startproc $FRESHCLAM_SBIN --daemon --config-file=${FRESHCLAM_CONF}

+            rc_status -v

+        fi

         echo -n "Starting ${WHAT} ${CONF} "

         ## Start daemon with startproc(8). If this fails

         ## the echo return value is set appropriate.

         startproc $SBIN $CONF

         # Remember status and be verbose

         rc_status -v

+        ## start freshclam

+        

     ;;

     stop)

-        echo -n "Shutting down ${WHAT} "

+        echo -n "Shutting down ${WHAT}"

         ## Stop daemon with killproc(8) and if this fails

         ## set echo the echo return value.

         killproc -TERM $SBIN

         # Remember status and be verbose

         rc_status -v

+        if [ $START_FRESHCLAM = 1 ]

+        then

+            echo -n "Shutting down ${FRESHCLAM_WHAT}"

+            killproc -TERM $FRESHCLAM_SBIN

+            rc_status -v

+        fi

     ;;

     restart)

         ## Stop the service and regardless of whether it was

@@ -55,6 +84,12 @@ case "$1" in

         echo -n "Checking for ${WHAT} "

         checkproc $SBIN

         rc_status -v

+        if [ $START_FRESHCLAM = 1 ]

+        then

+            echo -n "Checking for ${FRESHCLAM_WHAT} "

+            checkproc $FRESHCLAM_SBIN

+            rc_status -v

+        fi

     ;;

     *)

@@ -109,6 +109,58 @@ struct pe_image_section_hdr {

     uint32_t Characteristics;

 };

+int ddump(int desc, int offset, int size, const char *file)

+{

+	int pos, ndesc, bread, sum = 0;

+	char buff[FILEBUFF];

+

+

+    cli_dbgmsg("in ddump()\n");

+

+    if((pos = lseek(desc, 0, SEEK_CUR)) == -1) {

+	cli_dbgmsg("Invalid descriptor\n");

+	return -1;

+    }

+

+    if(lseek(desc, offset, SEEK_SET) == -1) {

+	cli_dbgmsg("lseek() failed\n");

+	lseek(desc, pos, SEEK_SET);

+	return -1;

+    }

+

+    if((ndesc = open(file, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU)) < 0) {

+	cli_dbgmsg("Can't create file %s\n", file);

+	lseek(desc, pos, SEEK_SET);

+	return -1;

+    }

+

+    while((bread = read(desc, buff, FILEBUFF)) > 0) {

+	if(sum + bread >= size) {

+	    if(write(ndesc, buff, size - sum) == -1) {

+		cli_dbgmsg("Can't write to file\n");

+		lseek(desc, pos, SEEK_SET);

+		close(ndesc);

+		unlink(file);

+		return -1;

+	    }

+	    break;

+	} else {

+	    if(write(ndesc, buff, bread) == -1) {

+		cli_dbgmsg("Can't write to file\n");

+		lseek(desc, pos, SEEK_SET);

+		close(ndesc);

+		unlink(file);

+		return -1;

+	    }

+	}

+	sum += bread;

+    }

+

+    close(ndesc);

+    lseek(desc, pos, SEEK_SET);

+    return 0;

+}

+

 int cli_scanpe(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev)

 {

 	uint16_t e_magic; /* DOS signature ("MZ") */

@@ -122,7 +174,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

     if(read(desc, &e_magic, sizeof(e_magic)) != sizeof(e_magic)) {

-	cli_dbgmsg("Can't read DOS signature.\n");

+	cli_dbgmsg("Can't read DOS signature\n");

 	return -1;

     }

@@ -134,7 +186,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

     lseek(desc, 58, SEEK_CUR); /* skip to the end of the DOS header */

     if(read(desc, &e_lfanew, sizeof(e_lfanew)) != sizeof(e_lfanew)) {

-	cli_dbgmsg("Can't read new header address.\n");

+	cli_dbgmsg("Can't read new header address\n");

 	return -1;

     }

@@ -152,38 +204,38 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

     }

     if(file_hdr.Magic != IMAGE_NT_SIGNATURE) {

-	cli_dbgmsg("Invalid PE signature\n");

+	cli_dbgmsg("Invalid PE signature (probably NE file)\n");

 	return -2;

     }

-    cli_dbgmsg("Machine type: ");

+    /* cli_dbgmsg("Machine type: "); */

     switch(file_hdr.Machine) {

 	case 0x14c:

-	    cli_dbgmsg("80386\n");

+	    cli_dbgmsg("Machine type: 80386\n");

 	    break;

 	case 0x014d:

-	    cli_dbgmsg("80486\n");

+	    cli_dbgmsg("Machine type: 80486\n");

 	    break;

 	case 0x014e:

-	    cli_dbgmsg("80586\n");

+	    cli_dbgmsg("Machine type: 80586\n");

 	    break;

 	case 0x162:

-	    cli_dbgmsg("R3000\n");

+	    cli_dbgmsg("Machine type: R3000\n");

 	    break;

 	case 0x166:

-	    cli_dbgmsg("R4000\n");

+	    cli_dbgmsg("Machine type: R4000\n");

 	    break;

 	case 0x168:

-	    cli_dbgmsg("R10000\n");

+	    cli_dbgmsg("Machine type: R10000\n");

 	    break;

 	case 0x184:

-	    cli_dbgmsg("DEC Alpha AXP\n");

+	    cli_dbgmsg("Machine type: DEC Alpha AXP\n");

 	    break;

 	case 0x1f0:

-	    cli_dbgmsg("PowerPC\n");

+	    cli_dbgmsg("Machine type: PowerPC\n");

 	    break;

 	default:

-	    cli_dbgmsg("Unknown\n");

+	    cli_warnmsg("Unknown machine type in PE header\n");

     }

     cli_dbgmsg("NumberOfSections: %d\n", file_hdr.NumberOfSections);

@@ -214,25 +266,24 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

     cli_dbgmsg("SizeOfImage: %d\n", optional_hdr.SizeOfImage);

     cli_dbgmsg("SizeOfHeaders: %d\n", optional_hdr.SizeOfHeaders);

-    cli_dbgmsg("Subsystem: ");

     switch(optional_hdr.Subsystem) {

 	case 1:

-	    cli_dbgmsg("Native (a driver ?)\n");

+	    cli_dbgmsg("Subsystem: Native (a driver ?)\n");

 	    break;

 	case 2:

-	    cli_dbgmsg("Win32 GUI\n");

+	    cli_dbgmsg("Subsystem: Win32 GUI\n");

 	    break;

 	case 3:

-	    cli_dbgmsg("Win32 console\n");

+	    cli_dbgmsg("Subsystem: Win32 console\n");

 	    break;

 	case 5:

-	    cli_dbgmsg("OS/2 console\n");

+	    cli_dbgmsg("Subsystem: OS/2 console\n");

 	    break;

 	case 7:

-	    cli_dbgmsg("POSIX console\n");

+	    cli_dbgmsg("Subsystem: POSIX console\n");

 	    break;

 	default:

-	    cli_dbgmsg("Unknown\n");

+	    cli_warnmsg("Unknown subsystem in PE header\n");

     }

     cli_dbgmsg("NumberOfRvaAndSizes: %d\n", optional_hdr.NumberOfRvaAndSizes);

@@ -253,15 +304,35 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	cli_dbgmsg("Section size: %d\n", section_hdr.SizeOfRawData);

 	cli_dbgmsg("PointerToRawData: 0x%x (%d)\n", section_hdr.PointerToRawData, section_hdr.PointerToRawData);

-	if(section_hdr.Characteristics & 0x20)

-	    cli_dbgmsg("Section contains executable code.\n");

+	if(section_hdr.Characteristics & 0x20) {

+	    cli_dbgmsg("Section contains executable code\n");

+

+	    if(section_hdr.VirtualSize < section_hdr.SizeOfRawData) {

+		cli_dbgmsg("Section contains free space\n");

+		/*

+		cli_dbgmsg("Dumping %d bytes\n", section_hdr.SizeOfRawData - section_hdr.VirtualSize);

+		ddump(desc, section_hdr.PointerToRawData + section_hdr.VirtualSize, section_hdr.SizeOfRawData - section_hdr.VirtualSize, cl_gentemp(NULL));

+		*/

+

+	    }

+	}

 	if(section_hdr.Characteristics & 0x20000000)

-	    cli_dbgmsg("Section's memory is executable.\n");

+	    cli_dbgmsg("Section's memory is executable\n");

+

+/*

+	if(!strcmp(sname, "_winzip_")) {

+	    int ptrd = section_hdr.PointerToRawData & ~(optional_hdr.FileAlignment - 1);

+

+	    cli_dbgmsg("WinZip section\n");

+	    ddump(desc, ptrd, section_hdr.SizeOfRawData, cl_gentemp(NULL));

+	}

+*/

+

     }

     if(fstat(desc, &sb) == -1) {

-	cli_dbgmsg("stat failed\n");

+	cli_dbgmsg("fstat failed\n");

 	return -1;

     }