Clam 2585 ole check encrypted 2 #1279
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ragusaa
force-pushed
the
CLAM-2585-OleCheckEncrypted_2
branch
2 times, most recently
from
138933d
to
98048a5
Compare
micahsnyder
requested changes
Jun 12, 2024
ragusaa
force-pushed
the
CLAM-2585-OleCheckEncrypted_2
branch
6 times, most recently
from
af238ee
to
74de119
Compare
Add keys to the metadata.json file that informs the user that a scanned ole2 file is encrypted. Information about the type of encryption is provided when the information is available.
Signed-off-by: Andy Ragusa <[email protected]>
Signed-off-by: Andy Ragusa <[email protected]>
Signed-off-by: Andy Ragusa <[email protected]>
Co-authored-by: Micah Snyder <[email protected]> Signed-off-by: Andy Ragusa <[email protected]>
Signed-off-by: Andy Ragusa <[email protected]>
ragusaa
force-pushed
the
CLAM-2585-OleCheckEncrypted_2
branch
from
74de119
to
8c89b60
Compare
micahsnyder
reviewed
Jun 26, 2024
libclamav/ole2_extract.c
Outdated
Comment on lines
619
to
639
| /* | ||
| * File Information Block Base. | ||
| * Naming is consistent with | ||
| * https://learn.microsoft.com/en-us/openspecs/office_file_formats/ms-doc/26fb6c06-4e5c-4778-ab4e-edbf26a545bb | ||
| * */ | ||
| typedef struct fib_base_type { | ||
| uint16_t wIdent __attribute__((packed)); | ||
| uint16_t nFib; | ||
| uint16_t unused; | ||
| uint16_t lid; | ||
| uint16_t pnNext; | ||
| uint16_t ABCDEFGHIJKLM; | ||
| uint16_t nFibBack; | ||
| uint32_t lKey; | ||
| uint8_t envr; | ||
| uint8_t NOPQRS; | ||
| uint16_t reserved3; | ||
| uint16_t reserved4; | ||
| uint32_t reserved5; | ||
| uint32_t reserved6; | ||
| } fib_base_t; |
There was a problem hiding this comment.
I think this struct should be packed with the three different ways.
ragusaa
force-pushed
the
CLAM-2585-OleCheckEncrypted_2
branch
from
d76ebf2
to
8c89b60
Compare
ragusaa
force-pushed
the
CLAM-2585-OleCheckEncrypted_2
branch
from
c91d9e9
to
97f5044
Compare
|
This PR is replaced with #1295 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.