← Back to branch summary

~ubuntu-branches/ubuntu/raring/clamav/raring

~ubuntu-branches/ubuntu/raring/clamav/raring

« back to all changes in this revision

Viewing changes to libclamav/pe.c

Committer: Bazaar Package Importer
Author(s): Stephen Gran
Date: 2008-09-05 17:25:34 UTC
mfrom: (0.35.1 lenny)
Revision ID: james.westby@ubuntu.com-20080905172534-yi3f8fkye1o7u1r3

http://bugs.debian.org/497662

http://bugs.debian.org/497773

http://bugs.debian.org/496276

http://bugs.debian.org/491760

* New upstream version (closes: #497662, #497773)
  - lots of new options for clamd.conf
  - fixes CVEs CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, and
    CVE-2008-1389
* No longer supports --unzip option, so typo is gone (closes: #496276)
* Translations:
  - sv (thanks Martin Bagge <brother@bsnet.se>) (closes: #491760)

files added:
clamdscan/clamd_fdscan.c

clamdscan/clamd_fdscan.h

contrib/cleanup-partial.pl

debian/libclamav5.docs

debian/libclamav5.install

docs/html/node55.html

docs/html/node56.html

libclamav/disasm.c

libclamav/disasm.h

libclamav/disasmpriv.h

libclamav/dlp.c

libclamav/dlp.h

libclamav/iana_cctld.h

libclamav/jsparse

libclamav/jsparse/future_reserved_words.list

libclamav/jsparse/generated

libclamav/jsparse/generated/keywords.h

libclamav/jsparse/generated/operators.h

libclamav/jsparse/js-norm.c

libclamav/jsparse/js-norm.h

libclamav/jsparse/keywords.list

libclamav/jsparse/lexglobal.h

libclamav/jsparse/operators.gperf

libclamav/jsparse/special_keywords.list

libclamav/jsparse/textbuf.h

libclamav/regex_suffix.c

libclamav/regex_suffix.h

libclamav/uniq.c

libclamav/uniq.h

libclamav/version.c

libclamav/version.h

m4/fdpassing.m4

m4/mmap_private.m4

m4/resolv.m4

test/.split/split.clam-aspack.exeaa

test/.split/split.clam-aspack.exeab

test/.split/split.clam-fsg.exeaa

test/.split/split.clam-fsg.exeab

test/.split/split.clam-mew.exeaa

test/.split/split.clam-mew.exeab

test/.split/split.clam-nsis.exeaa

test/.split/split.clam-nsis.exeab

test/.split/split.clam-pespin.exeaa

test/.split/split.clam-pespin.exeab

test/.split/split.clam-petite.exeaa

test/.split/split.clam-petite.exeab

test/.split/split.clam-upack.exeaa

test/.split/split.clam-upack.exeab

test/.split/split.clam-upx.exeaa

test/.split/split.clam-upx.exeab

test/.split/split.clam-wwpack.exeaa

test/.split/split.clam-wwpack.exeab

test/.split/split.clam.arjaa

test/.split/split.clam.arjab

test/.split/split.clam.chmaa

test/.split/split.clam.chmab

test/.split/split.clam.d64.zipaa

test/.split/split.clam.d64.zipab

test/.split/split.clam.ea05.exeaa

test/.split/split.clam.ea05.exeab

test/.split/split.clam.ea06.exeaa

test/.split/split.clam.ea06.exeab

test/.split/split.clam.exe.binhexaa

test/.split/split.clam.exe.binhexab

test/.split/split.clam.exe.mbox.base64aa

test/.split/split.clam.exe.mbox.base64ab

test/.split/split.clam.exe.mbox.uuaa

test/.split/split.clam.exe.mbox.uuab

test/.split/split.clam.exe.rtfaa

test/.split/split.clam.exe.rtfab

test/.split/split.clam.exe.szddaa

test/.split/split.clam.exe.szddab

test/.split/split.clam.impl.zipaa

test/.split/split.clam.impl.zipab

test/.split/split.clam.mailaa

test/.split/split.clam.mailab

test/.split/split.clam.ole.docaa

test/.split/split.clam.ole.docab

test/.split/split.clam.pdfaa

test/.split/split.clam.pdfab

test/.split/split.clam.pptaa

test/.split/split.clam.pptab

test/.split/split.clam.sisaa

test/.split/split.clam.sisab

test/.split/split.clam.tar.gzaa

test/.split/split.clam.tar.gzab

test/.split/split.clam.tnefaa

test/.split/split.clam.tnefab

unit_tests

unit_tests/.split

unit_tests/.split/split.clam-phish-exeaa

unit_tests/.split/split.clam-phish-exeab

unit_tests/Makefile.am

unit_tests/Makefile.in

unit_tests/check_clamav.c

unit_tests/check_clamd.sh

unit_tests/check_clamscan.sh

unit_tests/check_disasm.c

unit_tests/check_freshclam.sh

unit_tests/check_jsnorm.c

unit_tests/check_matchers.c

unit_tests/check_regex.c

unit_tests/check_sigtool.sh

unit_tests/check_str.c

unit_tests/check_uniq.c

unit_tests/checks.h

unit_tests/input

unit_tests/input/COPYING

unit_tests/input/daily.ftm

unit_tests/input/daily.pdb

unit_tests/input/daily.pdb2

unit_tests/input/daily.wdb

unit_tests/input/disasmref.bin

unit_tests/test-clamd.conf

unit_tests/test-freshclam.conf

unit_tests/valgrind.supp

unit_tests/valgrind_tests.sh

unit_tests/virusaction-test.sh

files removed:
clamscan/treewalk.c

clamscan/treewalk.h

debian/libclamav4.docs

debian/libclamav4.install

debian/patches

debian/patches/00list

debian/patches/02_milter_sendmail_version_patch

debian/patches/03_etc_files_patch

debian/patches/19_freshclam-manpage-info.dpatch

debian/patches/24_nullmailer_ftbfs.dpatch

debian/patches/25_skip_sendmail.cf.dpatch

mkinstalldirs

files modified:
ChangeLog

Makefile.am

Makefile.in

NEWS

README

aclocal.m4

clamav-config.h.in

clamav-milter/Makefile.am

clamav-milter/Makefile.in

clamav-milter/clamav-milter.c

clamconf/Makefile.am

clamconf/Makefile.in

clamconf/clamconf.c

clamd/Makefile.am

clamd/Makefile.in

clamd/clamd.c

clamd/others.c

clamd/scanner.c

clamd/scanner.h

clamd/server-th.c

clamd/session.c

clamd/session.h

clamd/tcpserver.c

clamd/thrmgr.c

clamdscan/Makefile.am

clamdscan/Makefile.in

clamdscan/clamdscan.c

clamdscan/client.c

clamscan/Makefile.am

clamscan/Makefile.in

clamscan/clamscan.c

clamscan/clamscan_opt.h

clamscan/manager.c

clamscan/manager.h

clamscan/others.c

clamscan/others.h

config/ltmain.sh

configure

configure.in

database/Makefile.am

database/Makefile.in

database/daily.cvd

debian/changelog

debian/clamav-base.postinst.in

debian/clamav-config.1

debian/clamav-milter.default

debian/clamav.links

debian/common_functions

debian/control

debian/libclamav-dev.links

debian/po/sv.po

debian/rules

docs/Makefile.in

docs/clamdoc.pdf

docs/clamdoc.tex

docs/html/clamdoc.html

docs/html/footnode.html

docs/html/index.html

docs/html/node1.html

docs/html/node10.html

docs/html/node11.html

docs/html/node12.html

docs/html/node13.html

docs/html/node14.html

docs/html/node15.html

docs/html/node16.html

docs/html/node17.html

docs/html/node18.html

docs/html/node19.html

docs/html/node2.html

docs/html/node20.html

docs/html/node21.html

docs/html/node22.html

docs/html/node23.html

docs/html/node24.html

docs/html/node25.html

docs/html/node26.html

docs/html/node27.html

docs/html/node28.html

docs/html/node29.html

docs/html/node3.html

docs/html/node30.html

docs/html/node31.html

docs/html/node32.html

docs/html/node33.html

docs/html/node34.html

docs/html/node35.html

docs/html/node36.html

docs/html/node37.html

docs/html/node38.html

docs/html/node39.html

docs/html/node4.html

docs/html/node40.html

docs/html/node41.html

docs/html/node42.html

docs/html/node43.html

docs/html/node44.html

docs/html/node45.html

docs/html/node46.html

docs/html/node47.html

docs/html/node48.html

docs/html/node49.html

docs/html/node5.html

docs/html/node50.html

docs/html/node51.html

docs/html/node52.html

docs/html/node53.html

docs/html/node54.html

docs/html/node6.html

docs/html/node7.html

docs/html/node8.html

docs/html/node9.html

docs/man/clamav-milter.8.in

docs/man/clamd.conf.5.in

docs/man/clamdscan.1.in

docs/man/clamscan.1.in

docs/man/freshclam.1.in

etc/Makefile.in

etc/clamd.conf

freshclam/Makefile.am

freshclam/Makefile.in

freshclam/dns.c

freshclam/execute.c

freshclam/execute.h

freshclam/freshclam.c

freshclam/manager.c

freshclam/mirman.c

freshclam/mirman.h

freshclam/notify.c

libclamav/Makefile.am

libclamav/Makefile.in

libclamav/autoit.c

libclamav/blob.c

libclamav/blob.h

libclamav/chmunpack.c

libclamav/clamav.h

libclamav/cvd.c

libclamav/dconf.c

libclamav/dconf.h

libclamav/filetypes.c

libclamav/filetypes.h

libclamav/hashtab.c

libclamav/hashtab.h

libclamav/htmlnorm.c

libclamav/iana_tld.h

libclamav/libclamav.map

libclamav/lzma/Makefile.in

libclamav/lzma_iface.c

libclamav/lzma_iface.h

libclamav/matcher-ac.c

libclamav/matcher-ac.h

libclamav/matcher.c

libclamav/matcher.h

libclamav/mbox.c

libclamav/message.c

libclamav/message.h

libclamav/mspack.c

libclamav/nsis/nulsft.c

libclamav/ole2_extract.c

libclamav/ole2_extract.h

libclamav/others.c

libclamav/others.h

libclamav/pdf.c

libclamav/pe.c

libclamav/petite.c

libclamav/phish_domaincheck_db.c

libclamav/phish_whitelist.c

libclamav/phishcheck.c

libclamav/phishcheck.h

libclamav/readdb.c

libclamav/readdb.h

libclamav/regex/engine.c

libclamav/regex_list.c

libclamav/regex_list.h

libclamav/rtf.c

libclamav/scanners.c

libclamav/scanners.h

libclamav/sis.c

libclamav/str.c

libclamav/str.h

libclamav/tnef.c

libclamav/untar.c

libclamav/unzip.c

libclamav/unzip.h

libclamav/upack.c

libclamav/upx.c

libclamav/upx.h

libclamav/vba_extract.c

libclamav/vba_extract.h

libclamav/wwunpack.c

libclamunrar/Makefile.am

libclamunrar/Makefile.in

libclamunrar_iface/Makefile.am

libclamunrar_iface/Makefile.in

libclamunrar_iface/unrar_iface.c

libclamunrar_iface/unrar_iface.h

m4/acinclude.m4

shared/cfgparser.c

shared/misc.c

shared/misc.h

shared/network.c

shared/output.h

shared/tar.c

sigtool/Makefile.am

sigtool/Makefile.in

sigtool/sigtool.c

sigtool/vba.c

sigtool/vba.h

test/Makefile.am

test/Makefile.in

Show diffs side-by-side

added added

removed removed

55

55

#include "upack.h"

56

56

#include "matcher.h"

57

57

#include "matcher-bm.h"

58

#include "disasm.h"

58

59

59

60

#ifndef O_BINARY

60

61

#define O_BINARY 0

74

75

#define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb"

75

76

#define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9"

76

77

#define UPX_NRV2E "\xeb\x52\x31\xc9\x83\xe8\x03\x72\x11\xc1\xe0\x08\x8a\x06\x46\x83\xf0\xff\x74\x75\xd1\xf8\x89\xc5"

78

#define UPX_LZMA1 "\x56\x83\xc3\x04\x53\x50\xc7\x03\x03\x00\x02\x00\x90\x90\x90\x55\x57\x56\x53\x83"

79

#define UPX_LZMA2 "\x56\x83\xc3\x04\x53\x50\xc7\x03\x03\x00\x02\x00\x90\x90\x90\x90\x90\x55\x57\x56"

77

80

78

81

#define EC32(x) le32_to_host(x) /* Convert little endian to host */

79

82

#define EC16(x) le16_to_host(x)

99

102

return CL_EIO; \

100

103

}

101

104

102

#define CLI_TMPUNLK() if(!cli_leavetemps_flag) unlink(tempfile)

105

#define CLI_TMPUNLK() if(!cli_leavetemps_flag) { \

106

if (cli_unlink(tempfile)) { \

107

free(tempfile); \

108

return CL_EIO; \

109

} \

110

}

103

111

104

112

#define FSGCASE(NAME,FREESEC) \

105

113

case 0: /* Unpacked and NOT rebuilt */ \

106

114

cli_dbgmsg(NAME": Successfully decompressed\n"); \

107

115

close(ndesc); \

108

unlink(tempfile); \

116

if (cli_unlink(tempfile)) { \

117

free(exe_sections); \

118

free(tempfile); \

119

FREESEC; \

120

return CL_EIO; \

121

} \

109

122

free(tempfile); \

110

123

FREESEC; \

111

124

found = 0; \

116

129

case 2: \

117

130

free(spinned); \

118

131

close(ndesc); \

119

unlink(tempfile); \

132

if (cli_unlink(tempfile)) { \

133

free(exe_sections); \

134

free(tempfile); \

135

return CL_EIO; \

136

} \

120

137

cli_dbgmsg("PESpin: Size exceeded\n"); \

121

138

free(tempfile); \

122

139

break; \

130

147

cli_dbgmsg(NAME": Unpacked and rebuilt executable\n"); \

131

148

cli_multifree FREEME; \

132

149

free(exe_sections); \

133

fsync(ndesc); \

134

150

lseek(ndesc, 0, SEEK_SET); \

135

151

cli_dbgmsg("***** Scanning rebuilt PE file *****\n"); \

136

152

if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) { \

149

165

default: \

150

166

cli_dbgmsg(NAME": Unpacking failed\n"); \

151

167

close(ndesc); \

152

unlink(tempfile); \

168

if (cli_unlink(tempfile)) { \

169

free(exe_sections); \

170

free(tempfile); \

171

cli_multifree FREEME; \

172

return CL_EIO; \

173

} \

153

174

cli_multifree FREEME; \

154

175

free(tempfile); \

155

176

}

236

257

cli_dbgmsg("Can't write to file\n");

237

258

lseek(desc, pos, SEEK_SET);

238

259

close(ndesc);

239

unlink(file);

260

cli_unlink(file);

240

261

return -1;

241

262

}

242

263

break;

245

266

cli_dbgmsg("Can't write to file\n");

246

267

lseek(desc, pos, SEEK_SET);

247

268

close(ndesc);

248

unlink(file);

269

cli_unlink(file);

249

270

return -1;

250

271

}

251

272

}

874

895

lseek(desc, ep, SEEK_SET);

875

896

epsize = cli_readn(desc, epbuff, 4096);

876

897

898

CLI_UNPTEMP("DISASM",(exe_sections,0));

899

disasmbuf(epbuff, epsize, ndesc);

900

lseek(ndesc, 0, SEEK_SET);

901

ret = cli_scandesc(ndesc, ctx, CL_TYPE_PE_DISASM, 1, NULL, AC_SCAN_VIR);

902

close(ndesc);

903

CLI_TMPUNLK();

904

free(tempfile);

905

if(ret == CL_VIRUS) {

906

free(exe_sections);

907

return ret;

908

}

909

877

910

/* Attempt to detect some popular polymorphic viruses */

878

911

879

912

/* W32.Parite.B */

1712

1745

}

1713

1746

}

1714

1747

1748

if(cli_memstr(UPX_LZMA2, 20, epbuff + 0x2f, 20)) {

1749

uint32_t strictdsize=cli_readint32(epbuff+0x21);

1750

if(strictdsize<=dsize)

1751

upx_success = upx_inflatelzma(src, ssize, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;

1752

} else if (cli_memstr(UPX_LZMA1, 20, epbuff + 0x39, 20)) {

1753

uint32_t strictdsize=cli_readint32(epbuff+0x2b);

1754

if(strictdsize<=dsize)

1755

upx_success = upx_inflatelzma(src, ssize, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;

1756

}

1757

1715

1758

if(!upx_success) {

1716

1759

cli_dbgmsg("UPX: All decompressors failed\n");

1717

1760

free(src);

1734

1777

}

1735

1778

1736

1779

free(dest);

1737

fsync(ndesc);

1738

1780

lseek(ndesc, 0, SEEK_SET);

1739

1781

1740

1782

if(cli_leavetemps_flag)

Older »