Stephen Gran <[EMAIL PROTECTED]> writes:
> Can you try again but this time with ole2_extract.c:794 ?
Looks better -- I won't pretend to understand it, but at least there
is a lot of output :)
(gdb) run
Starting program: /usr/bin/clamscan temp/badmail
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 20027)]
Breakpoint 2 at 0x4004d342: file ole2_extract.c, line 794.
Pending breakpoint "ole2_extract.c:794" resolved
[Switching to Thread 16384 (LWP 20027)]
Breakpoint 2, cli_ole2_extract (fd=8,
dirname=0x40473000
"��\021ࡱ\032�\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0��\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0����\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
'�' <repeats 57 times>..., limits=0x40473000)
at ole2_extract.c:795
795 if (strncmp(hdr.magic, magic_id, 8) != 0) {
(gdb) bt full
#0 cli_ole2_extract (fd=8,
dirname=0x40473000
"��\021ࡱ\032�\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0��\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0����\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
'�' <repeats 57 times>..., limits=0x40473000)
at ole2_extract.c:795
hdr = {magic = "��\021ࡱ\032�", clsid = "\\0\\0\\0\\0\\0\\0\\0\\0",
minor_version = 12380, dll_version = 12380, byte_order = 12380,
log2_big_block_size = 12380, log2_small_block_size = 811348060, reserved = {
811348060, 53500990}, bat_count = -118692, prop_start = 103832585,
signature = 811348060, sbat_cutoff = 811348060, sbat_start = 811348060,
sbat_block_count = 811348060, xbat_start = 811348060,
xbat_count = 1543647324, bat_array = {1546673200, 811361328, 811348060,
811348060, 811348060, 1544564828, 2100321328, 811348060, 1543581788,
1546673200, -464, 1546673407, 1546673200, 811361584, 811348060,
1546673280, -13607888, -1 <repeats 92 times>}, sbat_root_start = -1,
m_area = 0x40473000
"��\021ࡱ\032�\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0��\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0����\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
'�' <repeats 57 times>..., m_length = 110737}
statbuf = {st_dev = 773, __pad1 = 0, st_ino = 15909, st_mode = 33152,
st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0,
st_size = 110737, st_blksize = 4096, st_blocks = 232, st_atim = {
tv_sec = 1113742520, tv_nsec = 0}, st_mtim = {tv_sec = 1113742520,
tv_nsec = 0}, st_ctim = {tv_sec = 1113742520, tv_nsec = 0}, __unused4 = 0,
__unused5 = 0}
file_count = 0
#1 0x4003bc0f in cli_scanole2 (desc=1078407168, virname=0xbffff518,
scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=1,
---Type <return> to continue, or q <return> to quit---
mrec=1) at scanners.c:1130
dir = 0x85ed110 "/tmp/clamav-ce12e9eb8e908cc2"
ret = 107
#2 0x4003c9fe in cli_magic_scandesc (desc=8, virname=0xbffff518,
scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=1,
mrec=1) at scanners.c:1442
ret = 0
nret = 107
type = CL_TYPE_MSOLE2
sb = {st_dev = 773, __pad1 = 0, st_ino = 15909, st_mode = 33152,
st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0,
st_size = 110737, st_blksize = 4096, st_blocks = 232, st_atim = {
tv_sec = 1113742520, tv_nsec = 0}, st_mtim = {tv_sec = 1113742520,
tv_nsec = 0}, st_ctim = {tv_sec = 1113742520, tv_nsec = 0}, __unused4 = 0,
__unused5 = 0}
#3 0x4003cdc0 in cli_scanfile (
filename=0x40473000
"��\021ࡱ\032�\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0��\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0����\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
'�' <repeats 57 times>..., virname=0x40473000,
scanned=0x40473000, root=0x40473000, limits=0x40473000,
options=1078407168, arec=1078407168, mrec=1078407168) at scanners.c:1563
fd = 8
ret = 140416003
#4 0x4003b06f in cli_scandir (
dirname=0x85ed0a0 "/tmp/clamav-b86c5d8d92716baf", virname=0xbffff518,
scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=0,
mrec=1) at scanners.c:875
dd = (DIR *) 0x85e93a8
---Type <return> to continue, or q <return> to quit---
dent = (struct dirent *) 0x40473000
statbuf = {st_dev = 773, __pad1 = 0, st_ino = 15909, st_mode = 33152,
st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0,
st_size = 110737, st_blksize = 4096, st_blocks = 232, st_atim = {
tv_sec = 1113742520, tv_nsec = 0}, st_mtim = {tv_sec = 1113742520,
tv_nsec = 0}, st_ctim = {tv_sec = 1113742520, tv_nsec = 0}, __unused4 = 0,
__unused5 = 0}
fname = 0x85ed0c8 "/tmp/clamav-b86c5d8d92716baf/Protokoll
irgendwas.doc5XfhZh"
#5 0x4003c379 in cli_scanmail (desc=1078407168, virname=0x40473000,
scanned=0x40473000, root=0x40473000, limits=0x40473000, options=107,
arec=0, mrec=1) at scanners.c:1330
dir = 0x85ed0a0 "/tmp/clamav-b86c5d8d92716baf"
ret = 0
#6 0x4003cbd2 in cli_magic_scandesc (desc=6, virname=0xbffff518,
scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=0,
mrec=1) at scanners.c:1427
ret = 0
nret = 107
type = CL_TYPE_MAIL
sb = {st_dev = 776, __pad1 = 0, st_ino = 495115, st_mode = 33188,
st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0,
st_size = 154737, st_blksize = 4096, st_blocks = 312, st_atim = {
tv_sec = 1113726621, tv_nsec = 0}, st_mtim = {tv_sec = 1113726465,
tv_nsec = 0}, st_ctim = {tv_sec = 1113726465, tv_nsec = 0}, __unused4 = 0,
__unused5 = 0}
#7 0x4003cd3e in cl_scandesc (desc=1078407168, virname=0x40473000,
scanned=0x40473000, root=0x40473000, limits=0x40473000, options=1078407168)
at scanners.c:1551
---Type <return> to continue, or q <return> to quit---
No locals.
#8 0x0804df32 in checkfile (filename=0x85ed088 "temp/badmail",
root=0x40473000, limits=0x40473000, options=1078407168) at manager.c:763
fd = 6
ret = 0
virname = 0x1 <Address 0x1 out of bounds>
#9 0x0804ceba in scanfile (filename=0x85ed088 "temp/badmail", root=0x8052970,
user=0x0, opt=0x8052798, limits=0x85e7a68, options=107) at manager.c:432
ret = 134551212
optnode = (struct optnode *) 0x804bd67
argument = 0x40473000
"��\021ࡱ\032�\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0��\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0����\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
'�' <repeats 57 times>...
sb = {st_dev = 776, __pad1 = 0, st_ino = 495115, st_mode = 33188,
st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0,
st_size = 154737, st_blksize = 4096, st_blocks = 312, st_atim = {
tv_sec = 1113726621, tv_nsec = 0}, st_mtim = {tv_sec = 1113726465,
tv_nsec = 0}, st_ctim = {tv_sec = 1113726465, tv_nsec = 0}, __unused4 = 0,
__unused5 = 0}
#10 0x0804c5d0 in scanmanager (opt=0x8052798) at manager.c:259
slash = 140431496
thefilename = 0x85ed088 "temp/badmail"
ret = 33188
compression = 0
fmodeint = 33188
options = 107
i = 1078407168
x = 0
---Type <return> to continue, or q <return> to quit---
trie = (struct cl_node *) 0x8052970
limits = (struct cl_limits *) 0x85e7a68
user = (struct passwd *) 0x0
sb = {st_dev = 2, __pad1 = 0, st_ino = 1, st_mode = 16749,
st_nlink = 120, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0,
st_size = 0, st_blksize = 1024, st_blocks = 0, st_atim = {
tv_sec = 1113723044, tv_nsec = 0}, st_mtim = {tv_sec = 1113723044,
tv_nsec = 0}, st_ctim = {tv_sec = 1113723044, tv_nsec = 0}, __unused4 = 0,
__unused5 = 0}
fullpath = 0x85ed088 "temp/badmail"
cwd = "[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@��\006\000`c,@[EMAIL PROTECTED]@[EMAIL PROTECTED],@[EMAIL
PROTECTED]@[EMAIL PROTECTED],@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED],@`D,@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@�\232�\a8�%@"...
#11 0x0804b048 in clamscan (opt=0x8052798) at clamscan.c:148
ds = 0
dms = 134555560
ret = 0
mb = 0
t1 = {tv_sec = 1113742518, tv_usec = 843735}
t2 = {tv_sec = 268, tv_usec = -1073742908}
tz = {tz_minuteswest = -120, tz_dsttime = 0}
starttime = 1113742518
#12 0x0804b888 in main (argc=2, argv=0xbffffbc4) at options.c:177
ret = -1073742614
opt_index = 0
i = 2
len = -1073742614
---Type <return> to continue, or q <return> to quit---
opt = (struct optstruct *) 0x8052798
long_options = {{name = 0x80512f8 "help", has_arg = 0, flag = 0x0,
val = 104}, {name = 0x804ff38 "quiet", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x804ff3e "stdout", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x8051349 "verbose", has_arg = 0, flag = 0x0, val = 118}, {
name = 0x804ff45 "debug", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80512fd "version", has_arg = 0, flag = 0x0, val = 86}, {
name = 0x804ff50 "tempdir", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x804ff58 "leave-temps", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x805130c "config-file", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x8051318 "database", has_arg = 1, flag = 0x0, val = 100}, {
name = 0x8051321 "whole-file", has_arg = 0, flag = 0x0, val = 119}, {
name = 0x805132c "force", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x8051332 "recursive", has_arg = 0, flag = 0x0, val = 114}, {
name = 0x804ff4b "bell", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x804ff98 "disable-summary", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x804ffa8 "no-summary", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x805133c "infected", has_arg = 0, flag = 0x0, val = 105}, {
name = 0x804f60d "log", has_arg = 1, flag = 0x0, val = 108}, {
name = 0x8051345 "log-verbose", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x8051351 "threads", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x8051359 "one-virus", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x8051307 "move", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x8051305 "remove", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x8051363 "exclude", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x805136b "exclude-dir", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x8051377 "include", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x805137f "include-dir", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x804ff6e "max-files", has_arg = 1, flag = 0x0, val = 0}, {
---Type <return> to continue, or q <return> to quit---
name = 0x804ff64 "max-space", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x805138b "max-ratio", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x804ff78 "max-recursion", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x8051395 "max-dir-recursion", has_arg = 1, flag = 0x0, val = 0}, {
name = 0x80513a7 "disable-archive", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80513b7 "no-archive", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80513c2 "detect-broken", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80513d0 "block-encrypted", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80513e0 "block-max", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80513ea "no-pe", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80513f0 "no-ole2", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x80513f8 "no-html", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x8051400 "mbox", has_arg = 0, flag = 0x0, val = 109}, {
name = 0x8051405 "no-mail", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x805140d "mail-follow-urls", has_arg = 0, flag = 0x0, val = 0}, {
name = 0x805141e "unzip", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x8051424 "unrar", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x805142a "unace", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x8051430 "unarj", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x805169e "arj", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x80516a3 "zoo", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x8051436 "unzoo", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x805143c "lha", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x80516a8 "jar", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x80516b2 "tar", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x80516c4 "tgz", has_arg = 2, flag = 0x0, val = 0}, {
name = 0x80516b7 "deb", has_arg = 2, flag = 0x0, val = 0}, {name = 0x0,
has_arg = 0, flag = 0x0, val = 0}}
(gdb)
Michael Below
