> I have been working on extracting VBA code from the MS Office document
component
> parts that the OLE2 unpacker I sent a couple of weeks ago generates.
>
> The code linked below should work on files from Office97 onwards, VBA 5
and 6. I
> have tested some Word and Excel files, and things look
On Thursday 22 Jan 2004 9:22 pm, Mark Edwards wrote:
> > I think it's server-th.c
>
> As far as I can tell, that file doesn't exist in the 0.65 source.
> What's the full path?
Ahah - you'll need the latest CVS source for that, should have
engaged my brain first then I'd have realised that.
-Nige
Quoting Tomasz Klim <[EMAIL PROTECTED]>:
>
> Trog, what do you think about rewriting these programs (at least
> ole2_extract.c) to not use global variables:
>
> int big_block_size, small_block_size;
> int sbat_start=-1;
>
> Think about what will happen, if an unpacked OLE2 part will be
> scanne
On Jan 23, 2004, at 12:21 AM, Nigel Horne wrote:
On Thursday 22 Jan 2004 9:22 pm, Mark Edwards wrote:
I think it's server-th.c
As far as I can tell, that file doesn't exist in the 0.65 source.
What's the full path?
Ahah - you'll need the latest CVS source for that, should have
engaged my brain fi
Quoting Tomasz Klim <[EMAIL PROTECTED]>:
>
> Trog, what do you think about rewriting these programs (at least
> ole2_extract.c) to not use global variables:
>
Done. In the same place as before:
http://www.uncon.org/files/ole2_extract.c
-trog
On Thu, 22 Jan 2004 21:31:26 + (GMT)
Trog <[EMAIL PROTECTED]> wrote:
> Hi Tomasz/all
>
> I have been working on extracting VBA code from the MS Office document
> component parts that the OLE2 unpacker I sent a couple of weeks ago
> generates.
Hello Trog,
I'm impressed. I just implemented yo
Quoting Tomasz Kojm <[EMAIL PROTECTED]>:
>
> I'm impressed. I just implemented your code in clamav and it seems to
> work very well (I've only found a few documents that cause a segfault
> and will try to debug the problem ASAP (and will send you them)).
>
> Great work !! Hope the community will
On Fri, 23 Jan 2004 06:41:01 GMT
Tomasz Klim <[EMAIL PROTECTED]> wrote:
> Think about what will happen, if an unpacked OLE2 part will be
> scanned and recursively unpacked as OLE2.
That's not possible - there are no nested OLE2 files.
But of course global variables should be eliminated.
> ---
On Thu, Jan 22, 2004 at 01:23:57PM -0500, Igor Brezac wrote:
>
> On Thu, 22 Jan 2004, Everton da Silva Marques wrote:
> >
> > I often see a very similar problem in clamav 0.65 under Solaris 7.
> > clamd writes the following to logs:
> >
> > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed.
> > T
Hi All
Please excuse me for posting the above problem occurring in a
windows partition.
Mine is a dual boot system. When the icons on WIn Desktop changing
all of a sudden, I booted into RH and ran clamscan (Okay, NAV did
not find anything wrong!) and sure enough
win/system/diactfrm.dll -Worm Hybri
Hi All
Please excuse me for posting the above problem occurring in a
windows partition.
Mine is a dual boot system. When the icons on WIn Desktop changing
all of a sudden, I booted into RH and ran clamscan (Okay, NAV did
not find anything wrong!) and sure enough
win/system/diactfrm.dll -Worm Hybri
Usually the best option is to simply delete, or archive (probably the
better choice) the infected file, then restore the original from the
source, Windows CAB or the application CD, that it came from.
HTH,
Shawn
On Fri, 23 Jan 2004 18:42:17 +0530 N S Srikanth <[EMAIL PROTECTED]>
exclaimed:
>
On Fri, 2004-01-23 at 05:28, Tomasz Kojm wrote:
> Great work !! Hope the community will help us with testing (just run the
> latest CVS clamscan on your office files).
Are you going to release 0.66 before implementing the OLE2 unpacker?
Your message on Jan07 indicated that 0.66 was almost out th
hi,
given the flurry of discussion re: clamav on OSX, i though i'd just offer as an fyi,
0.65 builds/runs flawlessly for me
on OSX 10.2.x & 10.3.x on a variety of stock & upgraded boxes.
i can't say i agree with the suggestion that the developers spend their time
supporting OSX 10.1.x -- which i
I second this also. I am doing email server upgrades at midnight tonight
and would love to be able to use 0.66.
> On Fri, 2004-01-23 at 05:28, Tomasz Kojm wrote:
>
> > Great work !! Hope the community will help us with testing (just run the
> > latest CVS clamscan on your office files).
>
> Are
15 matches
Mail list logo
