@@ -1,3 +1,8 @@

+Sun Feb 27 02:26:42 CET 2005 (tk)

+---------------------------------

+  * libclamav: improve metadata scanner

+  * sigtool: add support for .zmd files

+

 Thu Feb 24 18:37:45 CET 2005 (tk)

 ---------------------------------

   * libclamav/scanners.c: fix NULL pointer dereference in metadata scanner

@@ -121,7 +121,7 @@ struct cli_md5_node {

 };

 struct cli_zip_node {

-    int compr, csize, size, encrypted, crc32;

+    int compr, csize, size, encrypted, crc32, fileno, maxdepth;

     char *filename, *virname;

     struct cli_zip_node *next;

 };

@@ -818,6 +818,34 @@ static int cli_loadzmd(FILE *fd, struct cl_node **root, unsigned int *signo)

 	    free(pt);

 	}

+	if(!(pt = cli_strtok(buffer, 7, ":"))) {

+	    free(new->filename);

+	    free(new->virname);

+	    free(new);

+	    ret = CL_EMALFDB;

+	    break;

+	} else {

+	    if(!strcmp(pt, "*"))

+		new->fileno = 0;

+	    else

+		new->fileno = atoi(pt);

+	    free(pt);

+	}

+

+	if(!(pt = cli_strtok(buffer, 8, ":"))) {

+	    free(new->filename);

+	    free(new->virname);

+	    free(new);

+	    ret = CL_EMALFDB;

+	    break;

+	} else {

+	    if(!strcmp(pt, "*"))

+		new->maxdepth = 0;

+	    else

+		new->maxdepth = atoi(pt);

+	    free(pt);

+	}

+

 	new->next = (*root)->zip_mlist;

 	(*root)->zip_mlist = new;

     }

@@ -923,6 +951,7 @@ int cl_loaddbdir(const char *dirname, struct cl_node **root, unsigned int *signo

 	     cli_strbcasestr(dent->d_name, ".db3")  ||

 	     cli_strbcasestr(dent->d_name, ".hdb")  ||

 	     cli_strbcasestr(dent->d_name, ".ndb")  ||

+	     cli_strbcasestr(dent->d_name, ".zmd")  ||

 	     cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbfile = (char *) cli_calloc(strlen(dent->d_name) + strlen(dirname) + 2, sizeof(char));

@@ -1000,6 +1029,7 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".db3")  || 

 	    cli_strbcasestr(dent->d_name, ".hdb")  || 

 	    cli_strbcasestr(dent->d_name, ".ndb")  || 

+	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbstat->no++;

@@ -1068,6 +1098,7 @@ int cl_statchkdir(const struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".db3")  || 

 	    cli_strbcasestr(dent->d_name, ".hdb")  || 

 	    cli_strbcasestr(dent->d_name, ".ndb")  || 

+	    cli_strbcasestr(dent->d_name, ".zmd")  || 

 	    cli_strbcasestr(dent->d_name, ".cvd"))) {

                 fname = cli_calloc(strlen(dbstat->dir) + strlen(dent->d_name) + 2, sizeof(char));

@@ -320,6 +320,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

     }

     while(zzip_dir_read(zdir, &zdirent)) {

+	files++;

 	if(!zdirent.d_name || !strlen(zdirent.d_name)) { /* Mimail fix */

 	    cli_dbgmsg("Zip: strlen(zdirent.d_name) == %d\n", strlen(zdirent.d_name));

@@ -333,7 +334,6 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

 	cli_dbgmsg("Zip: %s, crc32: 0x%x, encrypted: %d, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_crc32, encrypted, zdirent.d_csize, zdirent.st_size, zdirent.d_csize ? (zdirent.st_size / zdirent.d_csize) : 0, limits ? limits->maxratio : -1);

 	if(!zdirent.st_size) {

-	    files++;

 	    if(zdirent.d_crc32) {

 		cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n");

 		*virname = "Suspected.Zip";

@@ -361,7 +361,13 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

 	    if(mdata->compr >= 0 && mdata->compr != zdirent.d_compr)

 		continue;

-	    /* FIXME: add support for regex */

+	    if(mdata->fileno && mdata->fileno != files)

+		continue;

+

+	    if(mdata->maxdepth && *arec > mdata->maxdepth)

+		continue;

+

+	    /* TODO add support for regex */

 	    /*if(mdata->filename && !strstr(zdirent.d_name, mdata->filename))*/

 	    if(mdata->filename && strcmp(zdirent.d_name, mdata->filename))

 		continue;

@@ -388,7 +394,6 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

 	/* work-around for problematic zips (zziplib crashes with them) */

 	if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {

-	    files++;

 	    cli_dbgmsg("Zip: Malformed archive detected.\n");

 	    *virname = "Suspected.Zip";

 	    ret = CL_VIRUS;

@@ -402,7 +407,6 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

         }

 	if(DETECT_ENCRYPTED && encrypted) {

-	    files++;

 	    cli_dbgmsg("Zip: Encrypted files found in archive.\n");

 	    lseek(desc, 0, SEEK_SET);

 	    ret = cli_scandesc(desc, virname, scanned, root, 0, 0);

@@ -418,7 +422,6 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

 	if(limits) {

 	    if(limits->maxfilesize && (zdirent.st_size > limits->maxfilesize)) {

 		cli_dbgmsg("Zip: %s: Size exceeded (%d, max: %ld)\n", zdirent.d_name, zdirent.st_size, limits->maxfilesize);

-		files++;

 		/* ret = CL_EMAXSIZE; */

 		if(BLOCKMAX) {

 		    *virname = "Zip.ExceededFileSize";

@@ -494,7 +497,6 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

 	    fclose(tmp);

 	    tmp = NULL;

 	}

-	files++;

     }

     zzip_dir_close(zdir);

@@ -219,11 +219,14 @@ int countlines(const char *filename)

 	char buff[65536];

 	int lines = 0;

+

     if((fd = fopen(filename, "r")) == NULL)

 	return 0;

-    while(fgets(buff, sizeof(buff), fd))

+    while(fgets(buff, sizeof(buff), fd)) {

+	if(buff[0] == '#') continue;

 	lines++;

+    }

     fclose(fd);

     return lines;

@@ -248,7 +251,7 @@ int build(struct optstruct *opt)

 	exit(1);

     }

-    if(stat("main.db", &foo) == -1 && stat("daily.db", &foo) == -1 && stat("main.hdb", &foo) == -1 && stat("daily.hdb", &foo) == -1 && stat("main.ndb", &foo) == -1 && stat("daily.ndb", &foo) == -1) {

+    if(stat("main.db", &foo) == -1 && stat("daily.db", &foo) == -1 && stat("main.hdb", &foo) == -1 && stat("daily.hdb", &foo) == -1 && stat("main.ndb", &foo) == -1 && stat("daily.ndb", &foo) == -1 && stat("main.zmd", &foo) == -1 && stat("daily.zmd", &foo) == -1) {

 	mprintf("Virus database not found in current working directory.\n");

 	exit(1);

     }

@@ -268,7 +271,7 @@ int build(struct optstruct *opt)

 	mprintf("WARNING: There are no signatures in the database(s).\n");

     } else {

 	mprintf("Signatures: %d\n", no);

-	realno = countlines("main.db") + countlines("daily.db") + countlines("main.hdb") + countlines("daily.hdb") + countlines("main.ndb") + countlines("daily.ndb");

+	realno = countlines("main.db") + countlines("daily.db") + countlines("main.hdb") + countlines("daily.hdb") + countlines("main.ndb") + countlines("daily.ndb") + countlines("main.zmd") + countlines("daily.zmd");

 	if(realno != no) {

 	    mprintf("!Signatures in database: %d. Loaded: %d.\n", realno, no);

 	    mprintf("Please check the current directory and remove unnecessary databases\n");

@@ -285,7 +288,7 @@ int build(struct optstruct *opt)

 	    exit(1);

 	case 0:

 	    {

-		char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db", "daily.db", "Notes", "viruses.db3", "main.hdb", "daily.hdb", "main.ndb", "daily.ndb", NULL };

+		char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db", "daily.db", "Notes", "viruses.db3", "main.hdb", "daily.hdb", "main.ndb", "daily.ndb", "main.zmd", "daily.zmd", NULL };

 		args[2] = tarfile;

 		execv("/bin/tar", args);

 		mprintf("!Can't execute tar\n");

@@ -702,7 +705,7 @@ int listdb(const char *filename)

 	    free(start);

 	}

-    } else if(cli_strbcasestr(filename, ".ndb")) {

+    } else if(cli_strbcasestr(filename, ".ndb") || cli_strbcasestr(filename, ".zmd")) {

 	while(fgets(buffer, FILEBUFF, fd)) {

 	    line++;

@@ -751,6 +754,7 @@ int listdir(const char *dirname)

 	     cli_strbcasestr(dent->d_name, ".db2") ||

 	     cli_strbcasestr(dent->d_name, ".hdb") ||

 	     cli_strbcasestr(dent->d_name, ".ndb") ||

+	     cli_strbcasestr(dent->d_name, ".zmd") ||

 	     cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbfile = (char *) mcalloc(strlen(dent->d_name) + strlen(dirname) + 2, sizeof(char));