Browse code
don't search for embedded PEs in zip files larger than 1 MB (bb#573)
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Mon Jul 16 17:04:50 CEST 2007 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav/scanner.c: don't search for embedded PEs in zip files larger |
|
| 4 |
+ than 1 MB (bb#573) |
|
| 5 |
+ |
|
| 1 | 6 |
Mon Jul 16 10:08:26 BST 2007 (njh) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* clamav-milter: Fix memory leak when load balancing |
| ... | ... |
@@ -1858,16 +1858,16 @@ static int cli_scanembpe(int desc, cli_ctx *ctx) |
| 1858 | 1858 |
return CL_CLEAN; |
| 1859 | 1859 |
} |
| 1860 | 1860 |
|
| 1861 |
-static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type) |
|
| 1861 |
+static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg) |
|
| 1862 | 1862 |
{
|
| 1863 | 1863 |
int ret = CL_CLEAN, nret = CL_CLEAN; |
| 1864 |
- uint8_t ftrec, break_loop = 0; |
|
| 1864 |
+ uint8_t ftrec = 0, break_loop = 0; |
|
| 1865 | 1865 |
struct cli_matched_type *ftoffset = NULL, *fpt; |
| 1866 | 1866 |
uint32_t lastzip, lastrar; |
| 1867 | 1867 |
struct cli_exe_info peinfo; |
| 1868 | 1868 |
|
| 1869 | 1869 |
|
| 1870 |
- switch(type) {
|
|
| 1870 |
+ if(typercg) switch(type) {
|
|
| 1871 | 1871 |
case CL_TYPE_UNKNOWN_TEXT: |
| 1872 | 1872 |
case CL_TYPE_MSEXE: |
| 1873 | 1873 |
case CL_TYPE_ZIP: |
| ... | ... |
@@ -1907,7 +1907,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type) |
| 1907 | 1907 |
break; |
| 1908 | 1908 |
|
| 1909 | 1909 |
case CL_TYPE_ZIPSFX: |
| 1910 |
- if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_ZIP)) {
|
|
| 1910 |
+ if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_ZIP) && fpt->offset) {
|
|
| 1911 | 1911 |
cli_dbgmsg("ZIP-SFX signature found at %u\n", (unsigned int) fpt->offset);
|
| 1912 | 1912 |
nret = cli_scanzip(desc, ctx, fpt->offset, &lastzip); |
| 1913 | 1913 |
} |
| ... | ... |
@@ -2003,6 +2003,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
| 2003 | 2003 |
int ret = CL_CLEAN; |
| 2004 | 2004 |
cli_file_t type; |
| 2005 | 2005 |
struct stat sb; |
| 2006 |
+ uint8_t typercg = 1; |
|
| 2006 | 2007 |
|
| 2007 | 2008 |
|
| 2008 | 2009 |
if(fstat(desc, &sb) == -1) {
|
| ... | ... |
@@ -2049,7 +2050,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
| 2049 | 2049 |
lseek(desc, 0, SEEK_SET); |
| 2050 | 2050 |
|
| 2051 | 2051 |
if(type != CL_TYPE_DATA && ctx->engine->sdb) {
|
| 2052 |
- if((ret = cli_scanraw(desc, ctx, type)) == CL_VIRUS) |
|
| 2052 |
+ if((ret = cli_scanraw(desc, ctx, type, 0)) == CL_VIRUS) |
|
| 2053 | 2053 |
return CL_VIRUS; |
| 2054 | 2054 |
lseek(desc, 0, SEEK_SET); |
| 2055 | 2055 |
} |
| ... | ... |
@@ -2211,8 +2212,15 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
| 2211 | 2211 |
|
| 2212 | 2212 |
type == CL_TYPE_MAIL ? ctx->mrec-- : ctx->arec--; |
| 2213 | 2213 |
|
| 2214 |
+ if(type == CL_TYPE_ZIP && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ZIP)) {
|
|
| 2215 |
+ if(sb.st_size > 1048576) {
|
|
| 2216 |
+ cli_dbgmsg("cli_magic_scandesc: Not checking for embedded PEs (zip file > 1 MB)\n");
|
|
| 2217 |
+ typercg = 0; |
|
| 2218 |
+ } |
|
| 2219 |
+ } |
|
| 2220 |
+ |
|
| 2214 | 2221 |
if(type != CL_TYPE_DATA && ret != CL_VIRUS && !ctx->engine->sdb) {
|
| 2215 |
- if(cli_scanraw(desc, ctx, type) == CL_VIRUS) |
|
| 2222 |
+ if(cli_scanraw(desc, ctx, type, typercg) == CL_VIRUS) |
|
| 2216 | 2223 |
return CL_VIRUS; |
| 2217 | 2224 |
} |
| 2218 | 2225 |
|