diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-01-04 16:10:02 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-01-04 16:10:02 +0000 |
| commit | d5bf9ae28d5d1a06c04da4af303fa8edb2b1f098 (patch) | |
| tree | 77bf2734ebbc6d3b81f912d58ee0f203db31f147 | |
| parent | 2b10e6967d1dcf6e6584a333f10b2dec5802b74e (diff) | |
| download | rspamd-d5bf9ae28d5d1a06c04da4af303fa8edb2b1f098.tar.gz rspamd-d5bf9ae28d5d1a06c04da4af303fa8edb2b1f098.zip | |
[Minor] Lua_magic: Minor changes
| -rw-r--r-- | lualib/lua_magic/heuristics.lua | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lualib/lua_magic/heuristics.lua b/lualib/lua_magic/heuristics.lua index fb0a4b7c2..15d8527fd 100644 --- a/lualib/lua_magic/heuristics.lua +++ b/lualib/lua_magic/heuristics.lua @@ -476,17 +476,20 @@ exports.pe_part_heuristic = function(input, log_obj, pos, part) return end + -- pe header should start at the offset that is placed in msdos header at position 60..64 local pe_ptr_bin = input:sub(60, 64) if #pe_ptr_bin ~= 4 then return end - local pe_ptr = rspamd_util.unpack("<H", pe_ptr_bin) + -- it is an LE 32 bit integer + local pe_ptr = rspamd_util.unpack("<I4", pe_ptr_bin) + -- if pe header magic matches the offset, it is definitely a PE file if pe_ptr ~= pos then return end - return 'exe',15 + return 'exe',30 end return exports |