git-svn: trunk@3155
Tomasz Kojm authored on 2007/07/17 00:58:54... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Mon Jul 16 17:04:50 CEST 2007 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/scanner.c: don't search for embedded PEs in zip files larger |
|
4 |
+ than 1 MB (bb#573) |
|
5 |
+ |
|
1 | 6 |
Mon Jul 16 10:08:26 BST 2007 (njh) |
2 | 7 |
---------------------------------- |
3 | 8 |
* clamav-milter: Fix memory leak when load balancing |
... | ... |
@@ -1858,16 +1858,16 @@ static int cli_scanembpe(int desc, cli_ctx *ctx) |
1858 | 1858 |
return CL_CLEAN; |
1859 | 1859 |
} |
1860 | 1860 |
|
1861 |
-static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type) |
|
1861 |
+static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg) |
|
1862 | 1862 |
{ |
1863 | 1863 |
int ret = CL_CLEAN, nret = CL_CLEAN; |
1864 |
- uint8_t ftrec, break_loop = 0; |
|
1864 |
+ uint8_t ftrec = 0, break_loop = 0; |
|
1865 | 1865 |
struct cli_matched_type *ftoffset = NULL, *fpt; |
1866 | 1866 |
uint32_t lastzip, lastrar; |
1867 | 1867 |
struct cli_exe_info peinfo; |
1868 | 1868 |
|
1869 | 1869 |
|
1870 |
- switch(type) { |
|
1870 |
+ if(typercg) switch(type) { |
|
1871 | 1871 |
case CL_TYPE_UNKNOWN_TEXT: |
1872 | 1872 |
case CL_TYPE_MSEXE: |
1873 | 1873 |
case CL_TYPE_ZIP: |
... | ... |
@@ -1907,7 +1907,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type) |
1907 | 1907 |
break; |
1908 | 1908 |
|
1909 | 1909 |
case CL_TYPE_ZIPSFX: |
1910 |
- if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_ZIP)) { |
|
1910 |
+ if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_ZIP) && fpt->offset) { |
|
1911 | 1911 |
cli_dbgmsg("ZIP-SFX signature found at %u\n", (unsigned int) fpt->offset); |
1912 | 1912 |
nret = cli_scanzip(desc, ctx, fpt->offset, &lastzip); |
1913 | 1913 |
} |
... | ... |
@@ -2003,6 +2003,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
2003 | 2003 |
int ret = CL_CLEAN; |
2004 | 2004 |
cli_file_t type; |
2005 | 2005 |
struct stat sb; |
2006 |
+ uint8_t typercg = 1; |
|
2006 | 2007 |
|
2007 | 2008 |
|
2008 | 2009 |
if(fstat(desc, &sb) == -1) { |
... | ... |
@@ -2049,7 +2050,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
2049 | 2049 |
lseek(desc, 0, SEEK_SET); |
2050 | 2050 |
|
2051 | 2051 |
if(type != CL_TYPE_DATA && ctx->engine->sdb) { |
2052 |
- if((ret = cli_scanraw(desc, ctx, type)) == CL_VIRUS) |
|
2052 |
+ if((ret = cli_scanraw(desc, ctx, type, 0)) == CL_VIRUS) |
|
2053 | 2053 |
return CL_VIRUS; |
2054 | 2054 |
lseek(desc, 0, SEEK_SET); |
2055 | 2055 |
} |
... | ... |
@@ -2211,8 +2212,15 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
2211 | 2211 |
|
2212 | 2212 |
type == CL_TYPE_MAIL ? ctx->mrec-- : ctx->arec--; |
2213 | 2213 |
|
2214 |
+ if(type == CL_TYPE_ZIP && SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ZIP)) { |
|
2215 |
+ if(sb.st_size > 1048576) { |
|
2216 |
+ cli_dbgmsg("cli_magic_scandesc: Not checking for embedded PEs (zip file > 1 MB)\n"); |
|
2217 |
+ typercg = 0; |
|
2218 |
+ } |
|
2219 |
+ } |
|
2220 |
+ |
|
2214 | 2221 |
if(type != CL_TYPE_DATA && ret != CL_VIRUS && !ctx->engine->sdb) { |
2215 |
- if(cli_scanraw(desc, ctx, type) == CL_VIRUS) |
|
2222 |
+ if(cli_scanraw(desc, ctx, type, typercg) == CL_VIRUS) |
|
2216 | 2223 |
return CL_VIRUS; |
2217 | 2224 |
} |
2218 | 2225 |
|