Browse code
libclamav/scanners.c: use lsigs when scanning vba data (bb#3922)
Tomasz Kojm authored on 2011/11/18 23:25:04Showing 2 changed files
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Fri Nov 18 15:23:50 CET 2011 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922) |
|
| 4 |
+ |
|
| 1 | 5 |
Fri Nov 18 15:48:59 EET 2011 (edwin) |
| 2 | 6 |
----------------------------------- |
| 3 | 7 |
* libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894). |
| ... | ... |
@@ -773,6 +773,37 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset) |
| 773 | 773 |
return ret; |
| 774 | 774 |
} |
| 775 | 775 |
|
| 776 |
+static int vba_scandata(const unsigned char *data, unsigned int len, cli_ctx *ctx) |
|
| 777 |
+{
|
|
| 778 |
+ struct cli_matcher *groot = ctx->engine->root[0]; |
|
| 779 |
+ struct cli_matcher *troot = ctx->engine->root[2]; |
|
| 780 |
+ struct cli_ac_data gmdata, tmdata; |
|
| 781 |
+ struct cli_ac_data *mdata[2]; |
|
| 782 |
+ int ret; |
|
| 783 |
+ |
|
| 784 |
+ if((ret = cli_ac_initdata(&tmdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) |
|
| 785 |
+ return ret; |
|
| 786 |
+ |
|
| 787 |
+ if((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
|
|
| 788 |
+ cli_ac_freedata(&tmdata); |
|
| 789 |
+ return ret; |
|
| 790 |
+ } |
|
| 791 |
+ mdata[0] = &tmdata; |
|
| 792 |
+ mdata[1] = &gmdata; |
|
| 793 |
+ |
|
| 794 |
+ ret = cli_scanbuff(data, len, 0, ctx, CL_TYPE_MSOLE2, mdata); |
|
| 795 |
+ |
|
| 796 |
+ if(ret != CL_VIRUS) {
|
|
| 797 |
+ ret = cli_lsig_eval(ctx, troot, &tmdata, NULL, NULL); |
|
| 798 |
+ if(ret != CL_VIRUS) |
|
| 799 |
+ ret = cli_lsig_eval(ctx, groot, &gmdata, NULL, NULL); |
|
| 800 |
+ } |
|
| 801 |
+ cli_ac_freedata(&tmdata); |
|
| 802 |
+ cli_ac_freedata(&gmdata); |
|
| 803 |
+ |
|
| 804 |
+ return ret; |
|
| 805 |
+} |
|
| 806 |
+ |
|
| 776 | 807 |
static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
| 777 | 808 |
{
|
| 778 | 809 |
int ret = CL_CLEAN, i, j, fd, data_len, hasmacros = 0; |
| ... | ... |
@@ -813,7 +844,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
| 813 | 813 |
/* cli_dbgmsg("Project content:\n%s", data); */
|
| 814 | 814 |
if(ctx->scanned) |
| 815 | 815 |
*ctx->scanned += data_len / CL_COUNT_PRECISION; |
| 816 |
- if(cli_scanbuff(data, data_len, 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) {
|
|
| 816 |
+ if(vba_scandata(data, data_len, ctx) == CL_VIRUS) {
|
|
| 817 | 817 |
free(data); |
| 818 | 818 |
ret = CL_VIRUS; |
| 819 | 819 |
break; |
| ... | ... |
@@ -872,7 +903,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
| 872 | 872 |
cli_dbgmsg("Project content:\n%s", data);
|
| 873 | 873 |
if(ctx->scanned) |
| 874 | 874 |
*ctx->scanned += vba_project->length[i] / CL_COUNT_PRECISION; |
| 875 |
- if(cli_scanbuff(data, vba_project->length[i], 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) {
|
|
| 875 |
+ if(vba_scandata(data, vba_project->length[i], ctx) == CL_VIRUS) {
|
|
| 876 | 876 |
free(data); |
| 877 | 877 |
ret = CL_VIRUS; |
| 878 | 878 |
break; |