git-svn: trunk@1763
Tomasz Kojm authored on 2005/11/17 21:54:14... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Thu Nov 17 13:52:43 CET 2005 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav/pe.c: respect CL_SCAN_BLOCKMAX |
|
4 |
+ |
|
1 | 5 |
Wed Nov 16 18:47:31 CET 2005 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* libclamav/zziplib: improve handling of incorrectly created/handcrafted zip |
... | ... |
@@ -50,6 +50,7 @@ |
50 | 50 |
#define IMAGE_OPTIONAL_SIGNATURE 0x010b |
51 | 51 |
|
52 | 52 |
#define DETECT_BROKEN (options & CL_SCAN_BLOCKBROKEN) |
53 |
+#define BLOCKMAX (options & CL_SCAN_BLOCKMAX) |
|
53 | 54 |
|
54 | 55 |
#define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb" |
55 | 56 |
#define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9" |
... | ... |
@@ -599,7 +600,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
599 | 599 |
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { |
600 | 600 |
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize); |
601 | 601 |
free(section_hdr); |
602 |
- return CL_CLEAN; |
|
602 |
+ if(BLOCKMAX) { |
|
603 |
+ *virname = "PE.FSG.ExceededFileSize"; |
|
604 |
+ return CL_VIRUS; |
|
605 |
+ } else { |
|
606 |
+ return CL_CLEAN; |
|
607 |
+ } |
|
603 | 608 |
} |
604 | 609 |
|
605 | 610 |
if(ssize <= 0x19 || dsize <= ssize) { |
... | ... |
@@ -751,7 +757,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
751 | 751 |
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { |
752 | 752 |
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize); |
753 | 753 |
free(section_hdr); |
754 |
- return CL_CLEAN; |
|
754 |
+ if(BLOCKMAX) { |
|
755 |
+ *virname = "PE.FSG.ExceededFileSize"; |
|
756 |
+ return CL_VIRUS; |
|
757 |
+ } else { |
|
758 |
+ return CL_CLEAN; |
|
759 |
+ } |
|
755 | 760 |
} |
756 | 761 |
|
757 | 762 |
if(ssize <= 0x19 || dsize <= ssize) { |
... | ... |
@@ -771,7 +782,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
771 | 771 |
if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) { |
772 | 772 |
cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize); |
773 | 773 |
free(section_hdr); |
774 |
- return CL_CLEAN; |
|
774 |
+ if(BLOCKMAX) { |
|
775 |
+ *virname = "PE.FSG.ExceededFileSize"; |
|
776 |
+ return CL_VIRUS; |
|
777 |
+ } else { |
|
778 |
+ return CL_CLEAN; |
|
779 |
+ } |
|
775 | 780 |
} |
776 | 781 |
|
777 | 782 |
if((support = (char *) cli_malloc(gp)) == NULL) { |
... | ... |
@@ -961,7 +977,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
961 | 961 |
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { |
962 | 962 |
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize); |
963 | 963 |
free(section_hdr); |
964 |
- return CL_CLEAN; |
|
964 |
+ if(BLOCKMAX) { |
|
965 |
+ *virname = "PE.FSG.ExceededFileSize"; |
|
966 |
+ return CL_VIRUS; |
|
967 |
+ } else { |
|
968 |
+ return CL_CLEAN; |
|
969 |
+ } |
|
965 | 970 |
} |
966 | 971 |
|
967 | 972 |
if(ssize <= 0x19 || dsize <= ssize) { |
... | ... |
@@ -981,7 +1002,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
981 | 981 |
if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) { |
982 | 982 |
cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize); |
983 | 983 |
free(section_hdr); |
984 |
- return CL_CLEAN; |
|
984 |
+ if(BLOCKMAX) { |
|
985 |
+ *virname = "PE.FSG.ExceededFileSize"; |
|
986 |
+ return CL_VIRUS; |
|
987 |
+ } else { |
|
988 |
+ return CL_CLEAN; |
|
989 |
+ } |
|
985 | 990 |
} |
986 | 991 |
|
987 | 992 |
if((support = (char *) cli_malloc(gp)) == NULL) { |
... | ... |
@@ -1141,7 +1167,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
1141 | 1141 |
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { |
1142 | 1142 |
cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize); |
1143 | 1143 |
free(section_hdr); |
1144 |
- return CL_CLEAN; |
|
1144 |
+ if(BLOCKMAX) { |
|
1145 |
+ *virname = "PE.UPX.ExceededFileSize"; |
|
1146 |
+ return CL_VIRUS; |
|
1147 |
+ } else { |
|
1148 |
+ return CL_CLEAN; |
|
1149 |
+ } |
|
1145 | 1150 |
} |
1146 | 1151 |
|
1147 | 1152 |
if(ssize <= 0x19 || dsize <= ssize) { /* FIXME: What are reasonable values? */ |
... | ... |
@@ -1330,7 +1361,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
1330 | 1330 |
if(limits && limits->maxfilesize && dsize > limits->maxfilesize) { |
1331 | 1331 |
cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, limits->maxfilesize); |
1332 | 1332 |
free(section_hdr); |
1333 |
- return CL_CLEAN; |
|
1333 |
+ if(BLOCKMAX) { |
|
1334 |
+ *virname = "PE.Petite.ExceededFileSize"; |
|
1335 |
+ return CL_VIRUS; |
|
1336 |
+ } else { |
|
1337 |
+ return CL_CLEAN; |
|
1338 |
+ } |
|
1334 | 1339 |
} |
1335 | 1340 |
|
1336 | 1341 |
if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) { |