Browse code
libclamav/scanners.c: use lsigs when scanning vba data (bb#3922)
Tomasz Kojm authored on 2011/11/18 23:25:53Showing 2 changed files
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Fri Nov 18 15:23:50 CET 2011 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922) |
|
| 4 |
+ |
|
| 1 | 5 |
Fri Nov 18 15:48:59 EET 2011 (edwin) |
| 2 | 6 |
----------------------------------- |
| 3 | 7 |
* libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894). |
| ... | ... |
@@ -766,6 +766,37 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset) |
| 766 | 766 |
return ret; |
| 767 | 767 |
} |
| 768 | 768 |
|
| 769 |
+static int vba_scandata(const unsigned char *data, unsigned int len, cli_ctx *ctx) |
|
| 770 |
+{
|
|
| 771 |
+ struct cli_matcher *groot = ctx->engine->root[0]; |
|
| 772 |
+ struct cli_matcher *troot = ctx->engine->root[2]; |
|
| 773 |
+ struct cli_ac_data gmdata, tmdata; |
|
| 774 |
+ struct cli_ac_data *mdata[2]; |
|
| 775 |
+ int ret; |
|
| 776 |
+ |
|
| 777 |
+ if((ret = cli_ac_initdata(&tmdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) |
|
| 778 |
+ return ret; |
|
| 779 |
+ |
|
| 780 |
+ if((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
|
|
| 781 |
+ cli_ac_freedata(&tmdata); |
|
| 782 |
+ return ret; |
|
| 783 |
+ } |
|
| 784 |
+ mdata[0] = &tmdata; |
|
| 785 |
+ mdata[1] = &gmdata; |
|
| 786 |
+ |
|
| 787 |
+ ret = cli_scanbuff(data, len, 0, ctx, CL_TYPE_MSOLE2, mdata); |
|
| 788 |
+ |
|
| 789 |
+ if(ret != CL_VIRUS) {
|
|
| 790 |
+ ret = cli_lsig_eval(ctx, troot, &tmdata, NULL, NULL); |
|
| 791 |
+ if(ret != CL_VIRUS) |
|
| 792 |
+ ret = cli_lsig_eval(ctx, groot, &gmdata, NULL, NULL); |
|
| 793 |
+ } |
|
| 794 |
+ cli_ac_freedata(&tmdata); |
|
| 795 |
+ cli_ac_freedata(&gmdata); |
|
| 796 |
+ |
|
| 797 |
+ return ret; |
|
| 798 |
+} |
|
| 799 |
+ |
|
| 769 | 800 |
static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
| 770 | 801 |
{
|
| 771 | 802 |
int ret = CL_CLEAN, i, j, fd, data_len, hasmacros = 0; |
| ... | ... |
@@ -806,7 +837,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
| 806 | 806 |
/* cli_dbgmsg("Project content:\n%s", data); */
|
| 807 | 807 |
if(ctx->scanned) |
| 808 | 808 |
*ctx->scanned += data_len / CL_COUNT_PRECISION; |
| 809 |
- if(cli_scanbuff(data, data_len, 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) {
|
|
| 809 |
+ if(vba_scandata(data, data_len, ctx) == CL_VIRUS) {
|
|
| 810 | 810 |
free(data); |
| 811 | 811 |
ret = CL_VIRUS; |
| 812 | 812 |
break; |
| ... | ... |
@@ -865,7 +896,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
| 865 | 865 |
cli_dbgmsg("Project content:\n%s", data);
|
| 866 | 866 |
if(ctx->scanned) |
| 867 | 867 |
*ctx->scanned += vba_project->length[i] / CL_COUNT_PRECISION; |
| 868 |
- if(cli_scanbuff(data, vba_project->length[i], 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) {
|
|
| 868 |
+ if(vba_scandata(data, vba_project->length[i], ctx) == CL_VIRUS) {
|
|
| 869 | 869 |
free(data); |
| 870 | 870 |
ret = CL_VIRUS; |
| 871 | 871 |
break; |