1. clamav-devel
  2. Commit d8a5c6160cc35a57a035bd6f3604be4777476a60
Browse code

add support for self-extracting MS Cabinet archives

git-svn: trunk@2471

Tomasz Kojm authored on 2006/11/02 03:02:04
Showing 4 changed files
clamav-devel/ChangeLog
History View file @ d8a5c61
... ... 
@@ -1,3 +1,8 @@
1 
+Wed Nov  1 18:59:48 CET 2006 (tk)
2 
+---------------------------------
3 
+  * libclamav: add support for self-extracting MS Cabinet archives
4 
+	       Thanks to Christoph for a nice bunch of test files.
5 
+
1 6 
 Wed Nov  1 17:03:54 CET 2006 (tk)
2 7 
 ---------------------------------
3 8 
   * libclamav: minor clamav.h (and related) cleanup
clamav-devel/libclamav/filetypes.c
History View file @ d8a5c61
... ... 
@@ -180,6 +180,7 @@ static const struct cli_smagic_s cli_smagic[] = {
180 180
181 181 
     {"526172211a0700", "RAR-SFX", CL_TYPE_RARSFX},
182 182 
     {"504b0304", "ZIP-SFX", CL_TYPE_ZIPSFX},
183 
+    {"4d534346", "CAB-SFX", CL_TYPE_CABSFX},
183 184
184 185 
     {NULL,  NULL,   CL_TYPE_UNKNOWN_DATA}
185 186 
 };
clamav-devel/libclamav/filetypes.h
History View file @ d8a5c61
... ... 
@@ -60,7 +60,8 @@ typedef enum {
60 60 
     CL_TYPE_MAIL,  /* magic + on the fly */
61 61 
     CL_TYPE_SFX, /* foo SFX marker */
62 62 
     CL_TYPE_ZIPSFX, /* on the fly */
63 
-    CL_TYPE_RARSFX /* on the fly */
63 
+    CL_TYPE_RARSFX, /* on the fly */
64 
+    CL_TYPE_CABSFX
64 65
65 66 
 } cli_file_t;
66 67
clamav-devel/libclamav/scanners.c
History View file @ d8a5c61
... ... 
@@ -792,7 +792,7 @@ static int cli_scanszdd(int desc, cli_ctx *ctx)
792 792 
     return ret;
793 793 
 }
794 794
795 
-static int cli_scanmscab(int desc, cli_ctx *ctx)
795 
+static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset)
796 796 
 {
797 797 
 	struct mscab_decompressor *cabd = NULL;
798 798 
 	struct mscabd_cabinet *base, *cab;
... ... 
@@ -808,6 +808,9 @@ static int cli_scanmscab(int desc, cli_ctx *ctx)
808 808 
 	return CL_EMSCAB;
809 809 
     }
810 810
811 
+    if(sfx_offset)
812 
+	lseek(desc, sfx_offset, SEEK_SET);
813 
+
811 814 
     if((base = cabd->dsearch(cabd, dup(desc))) == NULL) {
812 815 
 	cli_dbgmsg("MSCAB: I/O error or no valid cabinets found\n");
813 816 
 	mspack_destroy_cab_decompressor(cabd);
... ... 
@@ -1626,6 +1629,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type)
1626 1626
1627 1627 
 	    case CL_TYPE_RARSFX:
1628 1628 
 	    case CL_TYPE_ZIPSFX:
1629 
+	    case CL_TYPE_CABSFX:
1629 1630 
 		if(type == CL_TYPE_MSEXE) {
1630 1631 
 		    if(SCAN_ARCHIVE) {
1631 1632 
 			lastzip = lastrar = 0xdeadbeef;
... ... 
@@ -1639,7 +1643,12 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type)
1639 1639 
 				cli_dbgmsg("ZIP-SFX signature found at %d\n", fpt->offset);
1640 1640 
 				if((nret = cli_scanzip(desc, ctx, fpt->offset, &lastzip)) == CL_VIRUS)
1641 1641 
 				    break;
1642 
+			    } else if(fpt->type == CL_TYPE_CABSFX) {
1643 
+				cli_dbgmsg("CAB-SFX signature found at %d\n", fpt->offset);
1644 
+				if((nret = cli_scanmscab(desc, ctx, fpt->offset)) == CL_VIRUS)
1645 
+				    break;
1642 1646 
 			    }
1647 
+
1643 1648 
 			    fpt = fpt->next;
1644 1649 
 			}
1645 1650 
 		    }
... ... 
@@ -1753,7 +1762,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
1753 1753
1754 1754 
 	case CL_TYPE_MSCAB:
1755 1755 
 	    if(SCAN_ARCHIVE)
1756 
-		ret = cli_scanmscab(desc, ctx);
1756 
+		ret = cli_scanmscab(desc, ctx, 0);
1757 1757 
 	    break;
1758 1758
1759 1759 
 	case CL_TYPE_HTML: