@@ -1,10 +1,14 @@

+Sun May  2 02:48:04 CEST 2004 (tk)

+----------------------------------

+  * libclamav: support files compressed with compress.exe (test/test1.msc)

+

 Sat May  1 21:29:29 CEST 2004 (tk)

 ----------------------------------

   * clamd: stream scanner:

 	+ scan exactly up to StreamMaxLength (patch by Joe Maimon

 	  <jmaimon*ttec.com>)

 	+ fix description leak on ReadTimeout (patch by Maxim Dounin

-	  <mdounin@rambler-co.ru>)

+	  <mdounin*rambler-co.ru>)

   * contrib/trashscan: v. 0.12 (Trashware <trashware*gmx.de>)

   * libclamav: in block-encrypted mode scan a raw encrypted archive before

 	       marking it as encrypted (requested by Andy Fiddaman

@@ -32,7 +36,7 @@ Wed Apr 28 15:29:29 BST 2004 (njh)

 			Send 554 after DATA received, not 550

 			Don't send rejection notices to rejection notices, we

 				just end up playing ping-pong (patch by "Andrey

-				J.Melnikoff (TEMHOTA)" <temnota@kmv.ru>

+				J.Melnikoff (TEMHOTA)" <temnota*kmv.ru>

 			If CL_DEBUG is defined, don't redirect stdout/stderr

 			Don't attempt to return an old signature if no

 				filename has been given. There has never been

@@ -79,6 +79,8 @@ libclamav_la_SOURCES = \

 	ole2_extract.h \

 	vba_extract.c \

 	vba_extract.h \

-	cltypes.h

+	cltypes.h \

+	msexpand.c \

+	msexpand.h

 lib_LTLIBRARIES = libclamav.la

@@ -179,7 +179,9 @@ libclamav_la_SOURCES = \

 	ole2_extract.h \

 	vba_extract.c \

 	vba_extract.h \

-	cltypes.h

+	cltypes.h \

+	msexpand.c \

+	msexpand.h

 lib_LTLIBRARIES = libclamav.la

@@ -194,7 +196,7 @@ am_libclamav_la_OBJECTS = matcher.lo md5.lo others.lo readdb.lo cvd.lo \

 	dsig.lo str.lo scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo \

 	zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo \

 	strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo \

-	table.lo text.lo ole2_extract.lo vba_extract.lo

+	table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 DEFS = @DEFS@

@@ -207,7 +209,7 @@ am__depfiles_maybe = depfiles

 @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/blob.Plo ./$(DEPDIR)/cvd.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/dsig.Plo ./$(DEPDIR)/matcher.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/mbox.Plo ./$(DEPDIR)/md5.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/message.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/message.Plo ./$(DEPDIR)/msexpand.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/ole2_extract.Plo ./$(DEPDIR)/others.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/readdb.Plo ./$(DEPDIR)/scanners.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/snprintf.Plo ./$(DEPDIR)/str.Plo \

@@ -288,6 +290,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mbox.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msexpand.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ole2_extract.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/others.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/readdb.Plo@am__quote@

@@ -47,6 +47,7 @@ extern "C"

 #define CL_EGZIP	103 /* gzip handler error */

 #define CL_EBZIP	104 /* bzip2 handler error */

 #define CL_EOLE2	105 /* OLE2 handler error */

+#define CL_EMSCOMP	106 /* compress.exe handler error */

 #define CL_EACCES	200 /* access denied */

 #define CL_ENULLARG	300 /* null argument error */

new file mode 100644

@@ -0,0 +1,158 @@

+/*

+ *  msexpand: Microsoft "compress.exe/expand.exe" compatible decompressor

+ *

+ *  Copyright (c) 2000 Martin Hinner <mhi@penguin.cz>

+ *  Algorithm & data structures by M. Winterhoff <100326.2776@compuserve.com>

+ *

+ *  Corrected and adapted to ClamAV by Tomasz Kojm <tkojm@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2, or (at your option)

+ *  any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+ */

+

+#include <stdio.h>

+#include <stdlib.h>

+#include <unistd.h>

+#include <string.h>

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+#include "cltypes.h"

+#include "others.h"

+

+int cli_msexpand(FILE *in, FILE *out)

+{

+	int bits, ch, i, j, len, mask;

+	unsigned char *buffer;

+	uint32_t magic1, magic2, magic3, filesize;

+	uint16_t reserved;

+

+

+    if(fread(&magic1, sizeof(magic1), 1, in) != 1) {

+	return -1;

+    }

+

+#if WORDS_BIGENDIAN == 1

+    if(magic1 == 0x535A4444L)

+#else

+    if(magic1 == 0x44445A53L)

+#endif

+    {

+	if(fread(&magic2, sizeof(magic2), 1, in) != 1) {

+	    return -1;

+	}

+

+	if(fread(&reserved, sizeof(reserved), 1, in) != 1) {

+	    return -1;

+	}

+

+	if(fread(&filesize, sizeof(filesize), 1, in) != 1) {

+	    return -1;

+	}

+

+#if WORDS_BIGENDIAN == 1

+	if(magic2 != 0x88F02733L)

+#else

+	if(magic2 != 0x3327F088L)

+#endif

+	{

+	    cli_warnmsg("msexpand: Not a MS-compressed file\n");

+	    return -1;

+	}

+

+    } else

+#if WORDS_BIGENDIAN == 1

+    if(magic1 == 0x4B57414AL)

+#else

+    if(magic1 == 0x4A41574BL)

+#endif

+    {

+	if(fread(&magic2, sizeof(magic2), 1, in) != 1) {

+	    return -1;

+	}

+

+	if(fread(&magic3, sizeof(magic3), 1, in) != 1) {

+	    return -1;

+	}

+

+	if(fread(&reserved, sizeof(reserved), 1, in) != 1) {

+	    return -1;

+	}

+

+#if WORDS_BIGENDIAN == 1

+	if(magic2 != 0x88F027D1L || magic3 != 0x03001200L)

+#else

+	if(magic2 != 0xD127F088L || magic3 != 0x00120003L)

+#endif

+	{

+	    cli_warnmsg("msexpand: Not a MS-compressed file\n");

+	    return -1;

+	}

+

+	cli_warnmsg("msexpand: unsupported version 6.22\n");

+	return -1;

+

+    } else {

+	cli_warnmsg("msexpand: Not a MS-compressed file\n");

+	return -1;

+    }

+

+    if((buffer = (unsigned char *) cli_calloc(4096, sizeof(char))) == NULL) {

+	cli_errmsg("msexpand: Can't allocate memory\n");

+	return -1;

+    }

+

+    i = 4096 - 16;

+

+    while (1) {

+	if((bits = fgetc(in)) == EOF)

+	    break;

+

+	for(mask = 0x01; mask & 0xFF; mask <<= 1) {

+	    if(!(bits & mask)) {

+		if((j = fgetc(in)) == EOF)

+		    break;

+		len = fgetc(in);

+		j += (len & 0xF0) << 4;

+		len = (len & 15) + 3;

+		while(len--) {

+		    buffer[i] = buffer[j];

+		    if(fwrite(&buffer[i], sizeof(unsigned char), 1, out) != 1) {

+			free(buffer);

+			return -1;

+		    }

+		    j++;

+		    j %= 4096;

+		    i++;

+		    i %= 4096;

+		}

+	    } else {

+		if((ch = fgetc(in)) == EOF)

+		    break;

+

+		buffer[i] = ch;

+		if(fwrite(&buffer[i], sizeof(unsigned char), 1, out) != 1) {

+		    free(buffer);

+		    return -1;

+		}

+		i++;

+		i %= 4096;

+	    }

+	}

+    }

+

+    free(buffer);

+    return 0;

+}

new file mode 100644

@@ -0,0 +1,26 @@

+/*

+ *  Copyright (C) 2004 Tomasz Kojm <tkojm@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+ */

+

+#ifndef __MSEXPAND_H

+#define __MSEXPAND_H

+

+#include <stdio.h>

+

+int cli_msexpand(FILE *in, FILE *out);

+

+#endif

@@ -120,6 +120,8 @@ const char *cl_strerror(int clerror)

 	    return "Malformed Zip detected.";

 	case CL_EGZIP:

 	    return "GZip module failure.";

+	case CL_EMSCOMP:

+	    return "MSExpand module failure.";

 	case CL_EOLE2:

 	    return "OLE2 module failure.";

 	case CL_ETMPFILE:

@@ -42,6 +42,7 @@ int cli_scanrar_inuse = 0;

 #include "unrarlib.h"

 #include "ole2_extract.h"

 #include "vba_extract.h"

+#include "msexpand.h"

 #include "scanners.h"

 #ifdef HAVE_ZLIB_H

@@ -76,6 +77,7 @@ static const struct cli_magic_s cli_magic[] = {

     {0,  "PK\003\004",			4,  "ZIP",		  CL_ZIPFILE},

     {0,  "\037\213",			2,  "GZip",		  CL_GZFILE},

     {0,  "BZh",				3,  "BZip",		  CL_BZFILE},

+    {0,  "SZDD",			4,  "compress.exe'd",	  CL_MSCFILE},

     /* Mail */

@@ -659,6 +661,48 @@ static int cli_scanbzip(int desc, const char **virname, long int *scanned, const

 }

 #endif

+static int cli_scanmscomp(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev)

+{

+	int fd, ret = CL_CLEAN;

+	FILE *tmp = NULL, *in;

+

+    cli_dbgmsg("in cli_scanmscomp()\n");

+

+    if((in = fdopen(dup(desc), "rb")) == NULL) {

+	cli_dbgmsg("Can't fdopen() descriptor %d.\n", desc);

+	return CL_EMSCOMP;

+    }

+

+    if((tmp = tmpfile()) == NULL) {

+	cli_dbgmsg("Can't generate tmpfile().\n");

+	fclose(in);

+	return CL_ETMPFILE;

+    }

+

+    if(cli_msexpand(in, tmp) == -1) {

+	cli_dbgmsg("msexpand failed.\n");

+	return CL_EMSCOMP;

+    }

+

+    fclose(in);

+    if(fflush(tmp)) {

+	cli_dbgmsg("fflush() failed\n");

+	fclose(tmp);

+	return CL_EFSYNC;

+    }

+

+    fd = fileno(tmp);

+    lseek(fd, 0, SEEK_SET);

+    if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, reclev)) == CL_VIRUS) {

+	cli_dbgmsg("MSCompress -> Found %s virus.\n", *virname);

+	fclose(tmp);

+	return CL_VIRUS;

+    }

+

+    fclose(tmp);

+    return ret;

+}

+

 static int cli_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev)

 {

 	DIR *dd;

@@ -927,6 +971,11 @@ static int cli_magic_scandesc(int desc, const char **virname, long int *scanned,

 #endif

 	    break;

+	case CL_MSCFILE:

+	    if(SCAN_ARCHIVE)

+		ret = cli_scanmscomp(desc, virname, scanned, root, limits, options, reclev);

+	    break;

+

 	case CL_MAILFILE:

 	    if(SCAN_MAIL)

 		ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);

@@ -28,6 +28,7 @@ typedef enum {

     CL_ZIPFILE,

     CL_BZFILE,

     CL_RARFILE,

+    CL_MSCFILE,

     CL_OLE2FILE

 } cli_file_t;

new file mode 100644

Binary files /dev/null and b/test/test1.msc differ