commit d5bf9ae: [Minor] Lua_magic: Minor changes
Vsevolod Stakhov
vsevolod at highsecure.ru
Mon Jan 4 16:14:06 UTC 2021
Author: Vsevolod Stakhov
Date: 2021-01-04 16:10:02 +0000
URL: https://github.com/rspamd/rspamd/commit/d5bf9ae28d5d1a06c04da4af303fa8edb2b1f098 (HEAD -> master)
[Minor] Lua_magic: Minor changes
---
lualib/lua_magic/heuristics.lua | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lualib/lua_magic/heuristics.lua b/lualib/lua_magic/heuristics.lua
index fb0a4b7c2..15d8527fd 100644
--- a/lualib/lua_magic/heuristics.lua
+++ b/lualib/lua_magic/heuristics.lua
@@ -476,17 +476,20 @@ exports.pe_part_heuristic = function(input, log_obj, pos, part)
return
end
+ -- pe header should start at the offset that is placed in msdos header at position 60..64
local pe_ptr_bin = input:sub(60, 64)
if #pe_ptr_bin ~= 4 then
return
end
- local pe_ptr = rspamd_util.unpack("<H", pe_ptr_bin)
+ -- it is an LE 32 bit integer
+ local pe_ptr = rspamd_util.unpack("<I4", pe_ptr_bin)
+ -- if pe header magic matches the offset, it is definitely a PE file
if pe_ptr ~= pos then
return
end
- return 'exe',15
+ return 'exe',30
end
return exports
More information about the Commits
mailing list