On Tue, Sep 20, 2005 at 11:23:16AM -0500, Damian Menscher wrote: > project. (Which means the rest of us can use your patch even before the > developers add it to the main tree, or suggest changes before the > developers waste their time on it.)
Fair enough; v1 is attached. It's the first time I've dealt with the clamav code, so I'm expecting there to be changes. (Or for one of the developers to implement it properly, which if you know the code well probably wouldn't take long ;-) The clamd.conf setting is "ArchiveBlockBad" The clamscan flag is --block-badarchive I think it should still apply cleanly against CVS... Cheers, -- Paul
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/clamav-milter/clamav-milter.c
clamav-devel-badzip/clamav-milter/clamav-milter.c
--- clamav-devel/clamav-milter/clamav-milter.c 2005-08-24 20:02:11.000000000
+0100
+++ clamav-devel-badzip/clamav-milter/clamav-milter.c 2005-08-30
01:17:02.000000000 +0100
@@ -1448,6 +1448,8 @@
options |= CL_SCAN_BLOCKENCRYPTED;
if(cfgopt(copt, "ArchiveBlockMax")->enabled)
options |= CL_SCAN_BLOCKMAX;
+ if(cfgopt(copt, "ArchiveBlockBad")->enabled)
+ options |= CL_SCAN_BLOCKBADARCHIVE;
if(cfgopt(copt, "ScanPE")->enabled)
options |= CL_SCAN_PE;
if(cfgopt(copt, "DetectBrokenExecutables")->enabled)
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/clamd/server-th.c
clamav-devel-badzip/clamd/server-th.c
--- clamav-devel/clamd/server-th.c 2005-06-23 15:00:07.000000000 +0100
+++ clamav-devel-badzip/clamd/server-th.c 2005-09-01 22:19:13.000000000
+0100
@@ -300,6 +300,11 @@
} else {
limits.archivememlim = 0;
}
+
+ if(cfgopt(copt, "DetectBrokenExecutables")->enabled) {
+ logg("Detection of broken executables enabled.\n");
+ options |= CL_SCAN_BLOCKBROKEN;
+ }
}
if(cfgopt(copt, "ScanArchive")->enabled) {
@@ -316,6 +321,11 @@
options |= CL_SCAN_BLOCKMAX;
}
+ if (cfgopt(copt, "ArchiveBlockBad")->enabled) {
+ logg("Archive: Blocking corrupted archives.\n");
+ options |= CL_SCAN_BLOCKBADARCHIVE;
+ }
+
} else {
logg("Archive support disabled.\n");
}
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/clamscan/clamscan.c
clamav-devel-badzip/clamscan/clamscan.c
--- clamav-devel/clamscan/clamscan.c 2005-07-24 23:27:13.000000000 +0100
+++ clamav-devel-badzip/clamscan/clamscan.c 2005-09-01 22:33:02.000000000
+0100
@@ -233,6 +233,7 @@
mprintf(" --detect-broken Try to detect broken
executable files\n");
mprintf(" --block-encrypted Block encrypted
archives\n");
mprintf(" --block-max Block archives that
exceed limits\n");
+ mprintf(" --block-badarchive Block archives which are
corrupted\n");
#ifdef WITH_CURL
mprintf(" --mail-follow-urls Download and scan
URLs\n");
#endif
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/clamscan/manager.c
clamav-devel-badzip/clamscan/manager.c
--- clamav-devel/clamscan/manager.c 2005-07-24 23:27:13.000000000 +0100
+++ clamav-devel-badzip/clamscan/manager.c 2005-09-01 22:20:24.000000000
+0100
@@ -175,6 +175,9 @@
if(optl(opt, "block-max"))
options |= CL_SCAN_BLOCKMAX;
+ if(optl(opt, "block-badarchive"))
+ options |= CL_SCAN_BLOCKBADARCHIVE;
+
if(optl(opt, "no-pe"))
options &= ~CL_SCAN_PE;
else
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/clamscan/options.c
clamav-devel-badzip/clamscan/options.c
--- clamav-devel/clamscan/options.c 2005-06-07 02:40:08.000000000 +0100
+++ clamav-devel-badzip/clamscan/options.c 2005-09-01 22:19:50.000000000
+0100
@@ -98,6 +98,7 @@
{"detect-broken", 0, 0, 0},
{"block-encrypted", 0, 0, 0},
{"block-max", 0, 0, 0},
+ {"block-badarchive", 0, 0, 0},
{"no-pe", 0, 0, 0},
{"no-ole2", 0, 0, 0},
{"no-html", 0, 0, 0},
@@ -176,6 +177,7 @@
}
}
+
ret = clamscan(opt);
free_opt(opt);
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/docs/clamdoc.tex
clamav-devel-badzip/docs/clamdoc.tex
--- clamav-devel/docs/clamdoc.tex 2005-06-18 00:34:33.000000000 +0100
+++ clamav-devel-badzip/docs/clamdoc.tex 2005-09-01 22:35:39.000000000
+0100
@@ -881,6 +881,9 @@
\item \textbf{CL\_SCAN\_BLOCKENCRYPTED}\\
With this flag the library marks encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR).
+ \item \textbf{CL\_SCAN\_BLOCKBADARCHIVE}\\
+ With this flag the library marks corrupted archives as viruses.
+ (Suspect.ZIP)
\item \textbf{CL\_SCAN\_BLOCKMAX}\\
Mark archives as viruses if \verb+maxfiles+, \verb+maxfilesize+,
or \verb+maxreclevel+ limit is reached.
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/libclamav/clamav.h
clamav-devel-badzip/libclamav/clamav.h
--- clamav-devel/libclamav/clamav.h 2005-06-02 19:07:36.000000000 +0100
+++ clamav-devel-badzip/libclamav/clamav.h 2005-08-30 01:16:14.000000000
+0100
@@ -74,6 +74,7 @@
#define CL_SCAN_BLOCKBROKEN 64
#define CL_SCAN_MAILURL 128
#define CL_SCAN_BLOCKMAX 256
+#define CL_SCAN_BLOCKBADARCHIVE 512
/* recommended options */
#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2
| CL_SCAN_HTML | CL_SCAN_PE)
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/libclamav/scanners.c
clamav-devel-badzip/libclamav/scanners.c
--- clamav-devel/libclamav/scanners.c 2005-08-30 00:53:49.000000000 +0100
+++ clamav-devel-badzip/libclamav/scanners.c 2005-08-30 01:20:37.000000000
+0100
@@ -98,6 +98,7 @@
#define SCAN_PE (options & CL_SCAN_PE)
#define DETECT_ENCRYPTED (options & CL_SCAN_BLOCKENCRYPTED)
#define BLOCKMAX (options & CL_SCAN_BLOCKMAX)
+#define DETECT_BADARCHIVE (options & CL_SCAN_BLOCKBADARCHIVE)
#define MAX_MAIL_RECURSION 15
@@ -459,7 +460,12 @@
if(!encrypted && size != zdirent.st_size) {
cli_dbgmsg("Zip: Incorrectly decompressed (%d != %d)\n", size,
zdirent.st_size);
- ret = CL_EZIP;
+ if(DETECT_BADARCHIVE) {
+ *virname = "Suspect.Zip";
+ ret = CL_VIRUS;
+ } else {
+ ret = CL_EZIP;
+ }
break;
}
diff -ur -x '*cscope*' -x '*.lo' -x '*.a' -x '*.o' -x '*/clamd' -x '*/clamscan'
-x '*/clamdscan' clamav-devel/shared/cfgparser.c
clamav-devel-badzip/shared/cfgparser.c
--- clamav-devel/shared/cfgparser.c 2005-08-03 03:59:29.000000000 +0100
+++ clamav-devel-badzip/shared/cfgparser.c 2005-09-01 22:21:28.000000000
+0100
@@ -67,6 +67,7 @@
{"ArchiveLimitMemoryUsage", OPT_BOOL, 0, NULL, 0},
{"ArchiveBlockEncrypted", OPT_BOOL, 0, NULL, 0},
{"ArchiveBlockMax", OPT_BOOL, 0, NULL, 0},
+ {"ArchiveBlockBad", OPT_BOOL, 0, NULL, 0},
{"DatabaseDirectory", OPT_STR, -1, DATADIR, 0}, /* clamd +
freshclam */
{"TCPAddr", OPT_STR, -1, NULL, 0},
{"TCPSocket", OPT_NUM, -1, NULL, 0},
signature.asc
Description: Digital signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
