... | ... |
@@ -2679,6 +2679,132 @@ static int decodesigmod(const char *sigmod) |
2679 | 2679 |
return 0; |
2680 | 2680 |
} |
2681 | 2681 |
|
2682 |
+static int decodecdb(const char **tokens) |
|
2683 |
+{ |
|
2684 |
+ |
|
2685 |
+ char *pt = NULL; |
|
2686 |
+ int sz = 0; |
|
2687 |
+ char *range[2]; |
|
2688 |
+ |
|
2689 |
+ if (!tokens) |
|
2690 |
+ return -1; |
|
2691 |
+ |
|
2692 |
+ mprintf("VIRUS NAME: %s\n", tokens[0]); |
|
2693 |
+ mprintf("CONTAINER TYPE: %s\n", (strcmp(tokens[1], "*") ? tokens[1] : "ANY")); |
|
2694 |
+ mprintf("CONTAINER SIZE: "); |
|
2695 |
+ if (!cli_isnumber(tokens[2])) { |
|
2696 |
+ if (!strcmp(tokens[2], "*")) { |
|
2697 |
+ mprintf("ANY\n"); |
|
2698 |
+ |
|
2699 |
+ } else if (strchr(tokens[2], '-')) { |
|
2700 |
+ sz = cli_strtokenize(tokens[2], '-', 2 + 1, (const char **) range); |
|
2701 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) { |
|
2702 |
+ mprintf("!decodesig: Invalid container size range\n"); |
|
2703 |
+ return -1; |
|
2704 |
+ } |
|
2705 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]); |
|
2706 |
+ |
|
2707 |
+ } else { |
|
2708 |
+ mprintf("!decodesig: Invalid container size\n"); |
|
2709 |
+ return -1; |
|
2710 |
+ } |
|
2711 |
+ } else { |
|
2712 |
+ mprintf("%s\n", tokens[2]); |
|
2713 |
+ } |
|
2714 |
+ mprintf("FILENAME REGEX: %s\n", tokens[3]); |
|
2715 |
+ mprintf("COMPRESSED FILESIZE: "); |
|
2716 |
+ if (!cli_isnumber(tokens[4])) { |
|
2717 |
+ if (!strcmp(tokens[4], "*")) { |
|
2718 |
+ mprintf("ANY\n"); |
|
2719 |
+ |
|
2720 |
+ } else if (strchr(tokens[4], '-')) { |
|
2721 |
+ sz = cli_strtokenize(tokens[4], '-', 2 + 1, (const char **) range); |
|
2722 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) { |
|
2723 |
+ mprintf("!decodesig: Invalid container size range\n"); |
|
2724 |
+ return -1; |
|
2725 |
+ } |
|
2726 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]); |
|
2727 |
+ |
|
2728 |
+ } else { |
|
2729 |
+ mprintf("!decodesig: Invalid compressed filesize\n"); |
|
2730 |
+ return -1; |
|
2731 |
+ } |
|
2732 |
+ } else { |
|
2733 |
+ mprintf("%s\n", tokens[4]); |
|
2734 |
+ } |
|
2735 |
+ mprintf("UNCOMPRESSED FILESIZE: "); |
|
2736 |
+ if (!cli_isnumber(tokens[5])) { |
|
2737 |
+ if (!strcmp(tokens[5], "*")) { |
|
2738 |
+ mprintf("ANY\n"); |
|
2739 |
+ |
|
2740 |
+ } else if (strchr(tokens[5], '-')) { |
|
2741 |
+ sz = cli_strtokenize(tokens[5], '-', 2 + 1, (const char **) range); |
|
2742 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) { |
|
2743 |
+ mprintf("!decodesig: Invalid container size range\n"); |
|
2744 |
+ return -1; |
|
2745 |
+ } |
|
2746 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]); |
|
2747 |
+ |
|
2748 |
+ } else { |
|
2749 |
+ mprintf("!decodesig: Invalid uncompressed filesize\n"); |
|
2750 |
+ return -1; |
|
2751 |
+ } |
|
2752 |
+ } else { |
|
2753 |
+ mprintf("%s\n", tokens[5]); |
|
2754 |
+ } |
|
2755 |
+ |
|
2756 |
+ mprintf("ENCRYPTION: "); |
|
2757 |
+ if (!cli_isnumber(tokens[6])) { |
|
2758 |
+ if (!strcmp(tokens[6], "*")) { |
|
2759 |
+ mprintf("IGNORED\n"); |
|
2760 |
+ } else { |
|
2761 |
+ mprintf("!decodesig: Invalid encryption flag\n"); |
|
2762 |
+ return -1; |
|
2763 |
+ } |
|
2764 |
+ } else { |
|
2765 |
+ mprintf("%s\n", (atoi(tokens[6]) ? "YES" : "NO")); |
|
2766 |
+ } |
|
2767 |
+ |
|
2768 |
+ mprintf("FILE POSITION: "); |
|
2769 |
+ if (!cli_isnumber(tokens[7])) { |
|
2770 |
+ if (!strcmp(tokens[7], "*")) { |
|
2771 |
+ mprintf("ANY\n"); |
|
2772 |
+ |
|
2773 |
+ } else if (strchr(tokens[7], '-')) { |
|
2774 |
+ sz = cli_strtokenize(tokens[7], '-', 2 + 1, (const char **) range); |
|
2775 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) { |
|
2776 |
+ mprintf("!decodesig: Invalid container size range\n"); |
|
2777 |
+ return -1; |
|
2778 |
+ } |
|
2779 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]); |
|
2780 |
+ |
|
2781 |
+ } else { |
|
2782 |
+ mprintf("!decodesig: Invalid file position\n"); |
|
2783 |
+ return -1; |
|
2784 |
+ } |
|
2785 |
+ } else { |
|
2786 |
+ mprintf("%s\n", tokens[7]); |
|
2787 |
+ } |
|
2788 |
+ |
|
2789 |
+ if (!strcmp(tokens[1], "CL_TYPE_ZIP") || !strcmp(tokens[1], "CL_TYPE_RAR")) { |
|
2790 |
+ if (!strcmp(tokens[8], "*")) { |
|
2791 |
+ mprintf("CRC SUM: ANY\n"); |
|
2792 |
+ } else { |
|
2793 |
+ |
|
2794 |
+ errno = 0; |
|
2795 |
+ sz = (int) strtol(tokens[8], NULL, 16); |
|
2796 |
+ if (!sz && errno) { |
|
2797 |
+ mprintf("!decodesig: Invalid cyclic redundancy check sum\n"); |
|
2798 |
+ return -1; |
|
2799 |
+ } else { |
|
2800 |
+ mprintf("CRC SUM: %d\n", sz); |
|
2801 |
+ } |
|
2802 |
+ } |
|
2803 |
+ } |
|
2804 |
+ |
|
2805 |
+ return 0; |
|
2806 |
+} |
|
2807 |
+ |
|
2682 | 2808 |
static int decodesig(char *sig, int fd) |
2683 | 2809 |
{ |
2684 | 2810 |
char *pt; |
... | ... |
@@ -2754,7 +2880,12 @@ static int decodesig(char *sig, int fd) |
2754 | 2754 |
} |
2755 | 2755 |
} |
2756 | 2756 |
} else if(strchr(sig, ':')) { /* ndb */ |
2757 |
- tokens_count = cli_strtokenize(sig, ':', 6 + 1, (const char **) tokens); |
|
2757 |
+ tokens_count = cli_strtokenize(sig, ':', 12 + 1, (const char **) tokens); |
|
2758 |
+ |
|
2759 |
+ if (tokens_count > 9 && tokens_count < 13) { /* cdb*/ |
|
2760 |
+ return decodecdb((const char **) tokens); |
|
2761 |
+ } |
|
2762 |
+ |
|
2758 | 2763 |
if(tokens_count < 4 || tokens_count > 6) { |
2759 | 2764 |
mprintf("!decodesig: Invalid or not supported signature format\n"); |
2760 | 2765 |
mprintf("TOKENS COUNT: %u\n", tokens_count); |