Add vba macro support for oxml files to sigtool

Author: ragusaa

common/optparser.c

@@ -118,7 +118,7 @@ const struct clam_option __clam_options[] = {
     {NULL, "verbose", 'v', CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN | OPT_SIGTOOL | OPT_CLAMONACC, "", ""},
     {NULL, "dumpcerts", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Dump authenticode certificate chain.", ""},
     {NULL, "quiet", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN | OPT_SIGTOOL | OPT_CLAMONACC, "", ""},
-    {NULL, "leave-temps", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "", ""},
+    {NULL, "leave-temps", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN | OPT_SIGTOOL, "", ""},
     {NULL, "no-warnings", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "", ""},
     {NULL, "show-progress", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "", ""},
     {NULL, "stdout", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_CLAMDSCAN | OPT_SIGTOOL | OPT_CLAMONACC, "", ""},

libclamav/clamav.h

@@ -814,6 +814,28 @@ typedef int (*clcb_file_props)(const char *j_propstr, int rc, void *cbdata);
  */
 extern void cl_engine_set_clcb_file_props(struct cl_engine *engine, clcb_file_props callback);
 
+/**
+ * @brief VBA macro callback function.
+ *
+ * Invoked after vba is extracted from the module, but before it is normalized.
+ * This is only invoked if libclamav was built with json support.
+ *
+ * @param vba       The vba macro information.
+ * @param vba_len   The length of vba.
+ * @param cbdata    Opaque application provided data.
+ */
+typedef int (*clcb_vba)(const unsigned char *const vba, const size_t vba_len, void *cbdata);
+
+/**
+ * @brief Set a custom VBA macro callback function.
+ *
+ * Caution: changing options for an engine that is in-use is not thread-safe!
+ *
+ * @param engine    The initialized scanning engine.
+ * @param callback  The callback function pointer.
+ */
+extern void cl_engine_set_clcb_vba(struct cl_engine *engine, clcb_vba callback);
+
 /* ----------------------------------------------------------------------------
  * Statistics/telemetry gathering callbacks.
  *

libclamav/libclamav.map

@@ -14,6 +14,7 @@ CLAMAV_PUBLIC {
     cl_engine_set_clcb_hash;
     cl_engine_set_clcb_meta;
     cl_engine_set_clcb_file_props;
+    cl_engine_set_vba_callback;
     cl_set_clcb_msg;
     cl_engine_set_clcb_file_inspection;
     cl_engine_set_clcb_pre_scan;

libclamav/others.c

@@ -1927,6 +1927,11 @@ void cl_engine_set_clcb_file_props(struct cl_engine *engine, clcb_file_props cal
     engine->cb_file_props = callback;
 }
 
+void cl_engine_set_clcb_vba(struct cl_engine *engine, clcb_vba callback)
+{
+    engine->cb_vba = callback;
+}
+
 uint8_t cli_get_debug_flag()
 {
     return cli_debug_flag;

libclamav/others.h

@@ -416,6 +416,7 @@ struct cl_engine {
     void *cb_sigload_ctx;
     clcb_hash cb_hash;
     clcb_meta cb_meta;
+    clcb_vba cb_vba;
     clcb_file_props cb_file_props;
     clcb_progress cb_sigload_progress;
     void *cb_sigload_progress_ctx;

libclamav/vba_extract.c

@@ -1255,6 +1255,10 @@ cl_error_t cli_vba_readdir_new(cli_ctx *ctx, const char *dir, struct uniq *U, co
 
                     close(module_fd);
 
+                    if (NULL != ctx->engine->cb_vba) {
+                        ctx->engine->cb_vba(module_data, module_data_size, ctx->cb_ctx);
+                    }
+
                     if (CL_SUCCESS == cli_codepage_to_utf8((char *)module_data, module_data_size, codepage, (char **)&module_data_utf8, &module_data_utf8_size)) {
                         module_data_utf8_size = vba_normalize(module_data_utf8, module_data_utf8_size);