...
|
...
|
@@ -1834,7 +1834,7 @@ int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, stru
|
1834
|
1834
|
|
1835
|
1835
|
/* need to be called here to catch any extracted but not yet scanned files
|
1836
|
1836
|
*/
|
1837
|
|
- if (ctx->outfd)
|
|
1837
|
+ if (ctx->outfd && (ret != CL_VIRUS || cctx->options & CL_SCAN_ALLMATCHES))
|
1838
|
1838
|
cli_bcapi_extract_new(ctx, -1);
|
1839
|
1839
|
}
|
1840
|
1840
|
if (bc->state == bc_jit || test_mode) {
|
...
|
...
|
@@ -1854,7 +1854,7 @@ int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, stru
|
1854
|
1854
|
|
1855
|
1855
|
/* need to be called here to catch any extracted but not yet scanned files
|
1856
|
1856
|
*/
|
1857
|
|
- if (ctx->outfd)
|
|
1857
|
+ if (ctx->outfd && (ret != CL_VIRUS || cctx->options & CL_SCAN_ALLMATCHES))
|
1858
|
1858
|
cli_bcapi_extract_new(ctx, -1);
|
1859
|
1859
|
}
|
1860
|
1860
|
cli_event_time_stop(g_sigevents, bc->sigtime_id);
|
...
|
...
|
@@ -2808,14 +2808,19 @@ int cli_bytecode_runlsig(cli_ctx *cctx, struct cli_target_info *tinfo,
|
2808
|
2808
|
return CL_SUCCESS;
|
2809
|
2809
|
}
|
2810
|
2810
|
if (ctx.virname) {
|
2811
|
|
- int rc;
|
2812
|
|
- cli_dbgmsg("Bytecode found virus: %s\n", ctx.virname);
|
2813
|
|
- if (!strncmp(ctx.virname, "BC.Heuristics", 13))
|
2814
|
|
- rc = cli_append_possibly_unwanted(cctx, ctx.virname);
|
2815
|
|
- else
|
2816
|
|
- rc = cli_append_virus(cctx, ctx.virname);
|
2817
|
|
- cli_bytecode_context_clear(&ctx);
|
2818
|
|
- return rc;
|
|
2811
|
+ if (cctx->num_viruses == 0) {
|
|
2812
|
+ int rc;
|
|
2813
|
+ cli_dbgmsg("Bytecode found virus: %s\n", ctx.virname);
|
|
2814
|
+ if (!strncmp(ctx.virname, "BC.Heuristics", 13))
|
|
2815
|
+ rc = cli_append_possibly_unwanted(cctx, ctx.virname);
|
|
2816
|
+ else
|
|
2817
|
+ rc = cli_append_virus(cctx, ctx.virname);
|
|
2818
|
+ cli_bytecode_context_clear(&ctx);
|
|
2819
|
+ return rc;
|
|
2820
|
+ }
|
|
2821
|
+ else {
|
|
2822
|
+ return CL_VIRUS;
|
|
2823
|
+ }
|
2819
|
2824
|
}
|
2820
|
2825
|
ret = cli_bytecode_context_getresult_int(&ctx);
|
2821
|
2826
|
cli_dbgmsg("Bytecode %u returned code: %u\n", bc->id, ret);
|