@@ -1,3 +1,7 @@

+Sat Feb  5 16:48:46 CET 2005 (tk)

+---------------------------------

+  * libclamav: activate RIFF code (patch by Trog)

+

 Sat Feb  5 16:17:41 CET 2005 (tk)

 ---------------------------------

   * libclamav/scanners.c: do not report Suspected.Zip on standard breaking zip

@@ -108,12 +108,13 @@ static const struct cli_magic_s cli_magic[] = {

     {6,  "JFIF",			 4, "JPEG",         CL_TYPE_GRAPHICS},

     {6,  "Exif",			 4, "JPEG",         CL_TYPE_GRAPHICS},

     {0,  "\x89PNG",			 4, "PNG",          CL_TYPE_GRAPHICS},

+    {0,  "RIFF",                         4, "RIFF",         CL_TYPE_RIFF},

+    {0,  "RIFX",                         4, "RIFX",         CL_TYPE_RIFF},

     /* Ignored types */

     {0,  "\000\000\001\263",             4, "MPEG video stream",  CL_TYPE_DATA},

     {0,  "\000\000\001\272",             4, "MPEG sys stream",    CL_TYPE_DATA},

-    {0,  "RIFF",                         4, "RIFF",		  CL_TYPE_DATA},

     {0,  "OggS",                         4, "Ogg Stream",         CL_TYPE_DATA},

     {0,  "ID3",				 3, "MP3",		  CL_TYPE_DATA},

     {0,  "\377\373\220",		 3, "MP3",		  CL_TYPE_DATA},

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net>

+ *  Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net>

  *  With enhancements from Thomas Lamy <Thomas.Lamy@in-online.net>

  *

  *  This program is free software; you can redistribute it and/or modify

@@ -39,6 +39,7 @@ typedef enum {

     CL_TYPE_MSCHM,

     CL_TYPE_SCRENC,

     CL_TYPE_GRAPHICS,

+    CL_TYPE_RIFF,

     CL_TYPE_BINHEX,

     /* bigger numbers have higher priority (in o-t-f detection) */

@@ -1146,6 +1146,18 @@ static int cli_scanscrenc(int desc, const char **virname, long int *scanned, con

     return ret;

 }

+static int cli_scanriff(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec)

+{

+	int ret = CL_CLEAN;

+

+    if(cli_check_riff_exploit(desc) == 2) {

+	ret = CL_VIRUS;

+	*virname = "Exploit.W32.MS05-002";

+    }

+

+    return ret;

+}

+

 static int cli_scanmail(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec)

 {

 	char *dir;

@@ -1296,6 +1308,10 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const

 	    ret = cli_scanscrenc(desc, virname, scanned, root, limits, options, arec, mrec);

 	    break;

+	case CL_TYPE_RIFF:

+	    ret = cli_scanriff(desc, virname, scanned, root, limits, options, arec, mrec);

+	    break;

+

 	case CL_TYPE_DATA:

 	    /* it could be a false positive and a standard DOS .COM file */

 	    {

@@ -16,15 +16,18 @@

  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  */

+#include "clamav-config.h"

+

 #include <sys/types.h>

 #include <sys/stat.h>

 #include <fcntl.h>

 #include <unistd.h>

 #include <netinet/in.h>

+#include <string.h>

-#include "clamav-config.h"

 #include "clamav.h"

 #include "others.h"

+#include "cltypes.h"

 #define FALSE (0)

 #define TRUE (1)

@@ -21,5 +21,6 @@

 int cli_check_mydoom_log(int desc, const char **virname);

 int cli_check_jpeg_exploit(int fd);

+int cli_check_riff_exploit(int fd);

 #endif