[Clamav-users] clamav-0.90.1 issues

Fri, 20 Apr 2007 11:39:02 -0700 

Folks,

I have about 16 viruses that are not being caught by the 0.90.1 version as
opposed to 0.88.5. I think the problem looks to be in the cli_ac_scanbuff
function.

In 0.88.5 version they are caught within the:

                    if(pt->sigid) { /* it's a partial signature */
                        if(partcnt[pt->sigid] + 1 == pt->partno) {
                            dist = 1;
                            if(pt->maxdist)
                                if(offset + i - partoff[pt->sigid] >
pt->maxdist)
                                    dist = 0;

                            if(dist && pt->mindist)
                                if(offset + i - partoff[pt->sigid] <
pt->mindist)
                                    dist = 0;

                            if(dist) {
                                partoff[pt->sigid] = offset + i +
pt->length;

                                if(++partcnt[pt->sigid] == pt->parts) { /*
the last one */
                                    if(pt->type) {
                                        if(otfrec) {
                                            if(pt->type > type) {
                                                cli_dbgmsg("Matched
signature for file type: %s\n", pt->virname);
                                                type = pt->type;
                                            }
                                        }
                                    } else { /*****************RETURNS virus
here*********************/
                                        if(virname)
                                            *virname = pt->virname;

                                        return CL_VIRUS;
                                    }
                                }
                            }
                        }

                    } else { /* old type signature */

However in the 0.90.1 it does not enter the corresponding code portion.


So the output for 0.88.5 looks like this:

Scanning through Win32.Alcaul.i
Found virus: W32.Kruls.Gen
Scanning through Win32.Alcaul.j
Found virus: W32.Kruls.Gen
Scanning through Win32.Bolzano.3100
Found virus: W32.Bolzano.Gen
Scanning through Win32.Bolzano.3148
Found virus: W32.Bolzano.Gen
Scanning through Win32.Bolzano.3164
Found virus: W32.Bolzano.Gen
Scanning through Win32.Bolzano.3192
Found virus: W32.Bolzano.Gen
Scanning through Win32.Champ
Found virus: W32.Champagne.Gen
Scanning through Win32.Champ.5536
Found virus: W32.Champagne.Gen
Scanning through Win32.Champ.5714
Found virus: W32.Champagne.Gen
Scanning through Win32.Champ.5722
Found virus: W32.Champagne.Gen
Scanning through Win32.Opdoc.1248
Found virus: W32.Opdoc.Gen
Scanning through Win32.Small.1700
Found virus: W32.Small.1700
Scanning through Win32.Wide.b
Found virus: W32.Wide.Gen

and for the 0.90.1 all are returned as Clean.

Also on another note I had to add the following to cli_ac_scanbuff in
0.90.1to avoid segmentation faults happening while scanning some
viruses:

        if(current == NULL)
          continue;

        current = current->trans[buffer[i] & 0xff];

        if(current == NULL)
          continue;

        if(current->islast) {
            position = i - ac_depth + 1;


Any help in pointing me to the right direction will be appreciated. I can
provide the viruses if need be.

Thanks
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to