git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1311 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2005/02/06 00:50:18... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sat Feb 5 16:48:46 CET 2005 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav: activate RIFF code (patch by Trog) |
|
4 |
+ |
|
1 | 5 |
Sat Feb 5 16:17:41 CET 2005 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* libclamav/scanners.c: do not report Suspected.Zip on standard breaking zip |
... | ... |
@@ -108,12 +108,13 @@ static const struct cli_magic_s cli_magic[] = { |
108 | 108 |
{6, "JFIF", 4, "JPEG", CL_TYPE_GRAPHICS}, |
109 | 109 |
{6, "Exif", 4, "JPEG", CL_TYPE_GRAPHICS}, |
110 | 110 |
{0, "\x89PNG", 4, "PNG", CL_TYPE_GRAPHICS}, |
111 |
+ {0, "RIFF", 4, "RIFF", CL_TYPE_RIFF}, |
|
112 |
+ {0, "RIFX", 4, "RIFX", CL_TYPE_RIFF}, |
|
111 | 113 |
|
112 | 114 |
/* Ignored types */ |
113 | 115 |
|
114 | 116 |
{0, "\000\000\001\263", 4, "MPEG video stream", CL_TYPE_DATA}, |
115 | 117 |
{0, "\000\000\001\272", 4, "MPEG sys stream", CL_TYPE_DATA}, |
116 |
- {0, "RIFF", 4, "RIFF", CL_TYPE_DATA}, |
|
117 | 118 |
{0, "OggS", 4, "Ogg Stream", CL_TYPE_DATA}, |
118 | 119 |
{0, "ID3", 3, "MP3", CL_TYPE_DATA}, |
119 | 120 |
{0, "\377\373\220", 3, "MP3", CL_TYPE_DATA}, |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net> |
|
2 |
+ * Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net> |
|
3 | 3 |
* With enhancements from Thomas Lamy <Thomas.Lamy@in-online.net> |
4 | 4 |
* |
5 | 5 |
* This program is free software; you can redistribute it and/or modify |
... | ... |
@@ -39,6 +39,7 @@ typedef enum { |
39 | 39 |
CL_TYPE_MSCHM, |
40 | 40 |
CL_TYPE_SCRENC, |
41 | 41 |
CL_TYPE_GRAPHICS, |
42 |
+ CL_TYPE_RIFF, |
|
42 | 43 |
CL_TYPE_BINHEX, |
43 | 44 |
|
44 | 45 |
/* bigger numbers have higher priority (in o-t-f detection) */ |
... | ... |
@@ -1146,6 +1146,18 @@ static int cli_scanscrenc(int desc, const char **virname, long int *scanned, con |
1146 | 1146 |
return ret; |
1147 | 1147 |
} |
1148 | 1148 |
|
1149 |
+static int cli_scanriff(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec) |
|
1150 |
+{ |
|
1151 |
+ int ret = CL_CLEAN; |
|
1152 |
+ |
|
1153 |
+ if(cli_check_riff_exploit(desc) == 2) { |
|
1154 |
+ ret = CL_VIRUS; |
|
1155 |
+ *virname = "Exploit.W32.MS05-002"; |
|
1156 |
+ } |
|
1157 |
+ |
|
1158 |
+ return ret; |
|
1159 |
+} |
|
1160 |
+ |
|
1149 | 1161 |
static int cli_scanmail(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec) |
1150 | 1162 |
{ |
1151 | 1163 |
char *dir; |
... | ... |
@@ -1296,6 +1308,10 @@ int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const |
1296 | 1296 |
ret = cli_scanscrenc(desc, virname, scanned, root, limits, options, arec, mrec); |
1297 | 1297 |
break; |
1298 | 1298 |
|
1299 |
+ case CL_TYPE_RIFF: |
|
1300 |
+ ret = cli_scanriff(desc, virname, scanned, root, limits, options, arec, mrec); |
|
1301 |
+ break; |
|
1302 |
+ |
|
1299 | 1303 |
case CL_TYPE_DATA: |
1300 | 1304 |
/* it could be a false positive and a standard DOS .COM file */ |
1301 | 1305 |
{ |
... | ... |
@@ -16,15 +16,18 @@ |
16 | 16 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
17 | 17 |
*/ |
18 | 18 |
|
19 |
+#include "clamav-config.h" |
|
20 |
+ |
|
19 | 21 |
#include <sys/types.h> |
20 | 22 |
#include <sys/stat.h> |
21 | 23 |
#include <fcntl.h> |
22 | 24 |
#include <unistd.h> |
23 | 25 |
#include <netinet/in.h> |
26 |
+#include <string.h> |
|
24 | 27 |
|
25 |
-#include "clamav-config.h" |
|
26 | 28 |
#include "clamav.h" |
27 | 29 |
#include "others.h" |
30 |
+#include "cltypes.h" |
|
28 | 31 |
|
29 | 32 |
#define FALSE (0) |
30 | 33 |
#define TRUE (1) |