[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:12:41 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 0f7ba61742388211ca529e4260eb01c3b9426b39
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Mon Dec 14 17:16:46 2009 +0100
libclamav: integrate ldb sigs with icon matcher
diff --git a/ChangeLog b/ChangeLog
index d041e39..4fbac03 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Dec 14 17:16:07 CET 2009 (tk)
+---------------------------------
+ * libclamav: integrate ldb sigs with icon matcher
+
Mon Dec 14 15:04:45 CET 2009 (tk)
---------------------------------
* sigtool: fix some messages (bb#1777)
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index b009779..3126107 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -46,6 +46,7 @@
#include "default.h"
#include "macho.h"
#include "fmap.h"
+#include "pe_icons.h"
int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata)
{
@@ -322,6 +323,16 @@ int cli_checkfp(int fd, cli_ctx *ctx)
return 0;
}
+static int matchicon(cli_ctx *ctx, const char *grp1, const char *grp2)
+{
+ icon_groupset iconset;
+
+ cli_icongroupset_init(&iconset);
+ cli_icongroupset_add(grp1 ? grp1 : "*", &iconset, 0, ctx);
+ cli_icongroupset_add(grp2 ? grp2 : "*", &iconset, 1, ctx);
+ return cli_match_icon(&iconset, ctx);
+}
+
int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode)
{
int ret = CL_EMEM;
@@ -454,6 +465,14 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
evalcnt = 0;
evalids = 0;
if(cli_ac_chklsig(troot->ac_lsigtable[i]->logic, troot->ac_lsigtable[i]->logic + strlen(troot->ac_lsigtable[i]->logic), tdata.lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
+ if(troot->ac_lsigtable[i]->tdb.icongrp1 || troot->ac_lsigtable[i]->tdb.icongrp2) {
+ if(matchicon(ctx, troot->ac_lsigtable[i]->tdb.icongrp1, troot->ac_lsigtable[i]->tdb.icongrp2) == CL_VIRUS) {
+ ret = CL_VIRUS;
+ break;
+ } else {
+ continue;
+ }
+ }
if (!troot->ac_lsigtable[i]->bc) {
if(ctx->virname)
*ctx->virname = troot->ac_lsigtable[i]->virname;
diff --git a/libclamav/matcher.h b/libclamav/matcher.h
index ce7cf08..e95ff56 100644
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@ -54,8 +54,11 @@ struct cli_lsig_tdb {
const uint32_t *target;
const uint32_t *engine, *nos, *ep;
+ /*
const uint32_t *sectoff, *sectrva, *sectvsz, *sectraw, *sectrsz,
*secturva, *sectuvsz, *secturaw, *sectursz;
+ */
+ const char *icongrp1, *icongrp2;
#ifdef USE_MPOOL
mpool_t *mempool;
#endif
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 13ca45e..9251335 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -923,9 +923,13 @@ struct lsig_attrib {
static int lsigattribs(char *attribs, struct cli_lsig_tdb *tdb)
{
struct lsig_attrib attrtab[] = {
-#define ATTRIB_TOKENS 2
+#define ATTRIB_TOKENS 4
{ "Target", CLI_TDB_UINT, (void **) &tdb->target },
{ "Engine", CLI_TDB_RANGE, (void **) &tdb->engine },
+
+ { "IconGroup1", CLI_TDB_STR, (void **) &tdb->icongrp1 },
+ { "IconGroup2", CLI_TDB_STR, (void **) &tdb->icongrp2 },
+
/*
{ "NoS", CLI_TDB_RANGE, (void **) &tdb->nos },
{ "EP", CLI_TDB_RANGE, (void **) &tdb->ep },
@@ -1151,6 +1155,12 @@ static int load_oneldb(char *buffer, int chkpua, int chkign, struct cl_engine *e
return CL_SUCCESS;
}
+ if((tdb.icongrp1 || tdb.icongrp2) && tdb.target[0] != 1) {
+ cli_errmsg("cli_loadldb: IconGroup is only supported in PE (target 1) signatures\n");
+ FREE_TDB(tdb);
+ return CL_EMALFDB;
+ }
+
root = engine->root[tdb.target[0]];
lsig = (struct cli_ac_lsig *) mpool_calloc(engine->mempool, 1, sizeof(struct cli_ac_lsig));
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list