1. clamav-devel
  2. Commit e1e5af583fb288915a912eef0b8afbf6f366e369
Browse code

add broken.executable checks on alignments

git-svn: trunk@2483

aCaB authored on 2006/11/05 08:48:32
Showing 2 changed files
clamav-devel/ChangeLog
History View file @ e1e5af5
... ... 
@@ -1,3 +1,6 @@
1 
+Sun Nov  5 00:45:44 CET 2006 (acab)
2 
+  * libclamav/pe.c:	add broken.executable checks on alignments
3 
+
1 4 
 Sun Nov  5 00:20:02 CET 2006 (acab)
2 5 
   * libclamav/pe.c:     lseek fix for last commit
3 6
clamav-devel/libclamav/pe.c
History View file @ e1e5af5
... ... 
@@ -507,6 +507,20 @@ int cli_scanpe(int desc, cli_ctx *ctx)
507 507 
 	cli_dbgmsg("NumberOfRvaAndSizes: %d\n", EC32(optional_hdr64.NumberOfRvaAndSizes));
508 508 
     }
509 509
510 
+    if (DETECT_BROKEN && (!(pe_plus?EC32(optional_hdr64.SectionAlignment):EC32(optional_hdr32.SectionAlignment)) || (pe_plus?EC32(optional_hdr64.SectionAlignment):EC32(optional_hdr32.SectionAlignment))%0x1000)) {
511 
+      cli_dbgmsg("Bad virtual alignemnt\n");
512 
+      if(ctx->virname)
513 
+	*ctx->virname = "Broken.Executable";
514 
+      return CL_VIRUS;
515 
+    }
516 
+
517 
+    if (DETECT_BROKEN && (!(pe_plus?EC32(optional_hdr64.FileAlignment):EC32(optional_hdr32.FileAlignment)) || (pe_plus?EC32(optional_hdr64.FileAlignment):EC32(optional_hdr32.FileAlignment))%0x200)) {
518 
+      cli_dbgmsg("Bad file alignemnt\n");
519 
+      if(ctx->virname)
520 
+	*ctx->virname = "Broken.Executable";
521 
+      return CL_VIRUS;
522 
+    }
523 
+
510 524 
     switch(pe_plus ? EC16(optional_hdr64.Subsystem) : EC16(optional_hdr32.Subsystem)) {
511 525 
 	case 0:
512 526 
 	    cli_dbgmsg("Subsystem: Unknown\n");