mirror/clamav
1
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2026-02-07 05:22:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

ISHIELD support:

Browse Source 
- preliminary ishield-msi ftype sport
This commit is contained in:
aCaB
2009-07-13 01:02:13 +02:00
parent 0e8b930665
commit cadaa7032f
4 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libclamav/filetypes.c
View File

@@ -93,6 +93,7 @@ static const struct ftmap_s {
{ "CL_TYPE_ARJSFX", CL_TYPE_ARJSFX },
{ "CL_TYPE_NULSFT", CL_TYPE_NULSFT },
{ "CL_TYPE_AUTOIT", CL_TYPE_AUTOIT },
{ "CL_TYPE_ISHIELD_MSI", CL_TYPE_ISHIELD_MSI },
{ NULL, CL_TYPE_IGNORED }
};

1
libclamav/filetypes.h
View File

@@ -80,6 +80,7 @@ typedef enum {
CL_TYPE_ARJSFX,
CL_TYPE_NULSFT, /* on the fly */
CL_TYPE_AUTOIT,
CL_TYPE_ISHIELD_MSI,
CL_TYPE_IGNORED /* please don't add anything below */
} cli_file_t;

1
libclamav/filetypes_int.h
View File

@@ -148,6 +148,7 @@ static const char *ftypes_int[] = {
"0:0:cffaedfe:Mach-O LE 64-bit:CL_TYPE_ANY:CL_TYPE_MACHO:45",
"0:0:feedface:Mach-O BE:CL_TYPE_ANY:CL_TYPE_MACHO:45",
"0:0:feedfacf:Mach-O BE 64-bit:CL_TYPE_ANY:CL_TYPE_MACHO:45",
"1:*:496e7374616c6c536869656c6400{292}06000000:ISHIELD-MSI:CL_TYPE_ANY:CL_TYPE_ISHIELD_MSI:45",
NULL
};

14
libclamav/scanners.c
View File

@@ -104,6 +104,8 @@
#include <stddef.h>
#endif
static int cli_scanishield_msi(int desc, cli_ctx *ctx, off_t off) { cli_dbgmsg("in ishield-msi\n"); return CL_CLEAN; }
static int cli_scanfile(const char *filename, cli_ctx *ctx);
static int cli_scandir(const char *dirname, cli_ctx *ctx, cli_file_t container)
@@ -1792,6 +1794,13 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,
}
break;
case CL_TYPE_ISHIELD_MSI:
if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE /* FIXMEISHIELD && (DCONF_ARCH & ARCH_CONF_ISHIELD)*/) {
cli_dbgmsg("ISHIELD-MSI signature found at %u\n", (unsigned int) fpt->offset);
nret = cli_scanishield_msi(desc, ctx, fpt->offset + 14);
}
break;
case CL_TYPE_PDF:
if(type != CL_TYPE_PDF && SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF)) {
cli_dbgmsg("PDF signature found at %u\n", (unsigned int) fpt->offset);
@@ -1965,6 +1974,11 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
ret = cli_scanautoit(desc, ctx, 23);
break;
case CL_TYPE_ISHIELD_MSI:
if(SCAN_ARCHIVE /* FIXMEISHIELD && (DCONF_ARCH & ARCH_CONF_ISHIELD)*/)
ret = cli_scanishield_msi(desc, ctx, 14);
break;
case CL_TYPE_MSSZDD:
if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_SZDD))
ret = cli_scanszdd(desc, ctx);