@@ -867,6 +867,16 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

     val = cl_engine_get_num(engine, CL_ENGINE_MAX_PARTITIONS, NULL);

     logg("Limits: MaxPartitions limit set to %llu.\n", val);

+    if((opt = optget(opts, "MaxIconsPE"))->active) {

+        if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {

+            logg("!cli_engine_set_num(MaxIconsPE) failed: %s\n", cl_strerror(ret));

+            cl_engine_free(engine);

+            return 1;

+        }

+    }

+    val = cl_engine_get_num(engine, CL_ENGINE_MAX_ICONSPE, NULL);

+    logg("Limits: MaxIconsPE limit set to %llu.\n", val);

+

     if(optget(opts, "ScanArchive")->enabled) {

 	logg("Archive support enabled.\n");

 	options |= CL_SCAN_ARCHIVE;

@@ -278,6 +278,7 @@ void help(void)

     mprintf("    --max-scriptnormalize=#n             Maximum size of script file to normalize\n");

     mprintf("    --max-ziptypercg=#n                  Maximum size zip to type reanalyze\n");

     mprintf("    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned\n");

+    mprintf("    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned\n");

     mprintf("\n");

     mprintf("(*) Default scan settings\n");

     mprintf("(**) Certain files (e.g. documents, archives, etc.) may in turn contain other\n");

@@ -839,6 +839,14 @@ int scanmanager(const struct optstruct *opts)

 	}

     }

+    if((opt = optget(opts, "max-iconspe"))->active) {

+	if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_ICONSPE, opt->numarg))) {

+	    logg("!cli_engine_set_num(CL_ENGINE_MAX_ICONSPE) failed: %s\n", cl_strerror(ret));

+	    cl_engine_free(engine);

+	    return 2;

+	}

+    }

+

     /* set scan options */

     if(optget(opts, "allmatch")->enabled)

 	options |= CL_SCAN_ALLMATCHES;

@@ -586,6 +586,17 @@ Negative values are not allowed.

 WARNING: setting this limit too high may result in severe damage or impact performance.

 .br

 Default: 50

+.TP 

+\fBMaxIconsPE SIZE\fR

+This option sets the maximum number of icons within a PE to be scanned.

+.br

+PE files with more icons than this value will have up to the value number icons scanned.

+.br

+Negative values are not allowed.

+.br

+WARNING: setting this limit too high may result in severe damage or impact performance.

+.br

+Default: 100

 .TP

 \fBClamukoScanOnAccess (OBSOLETE)\fR

 \fBWARNING:\fR This option is no longer accepted. See \fBScanOnAccess\fR.

@@ -205,11 +205,14 @@ Maximum size of normalized HTML file to scan. You may pass the value in kilobyte

 \fB\-\-max\-scriptnormalize=#n\fR

 Maximum size of script file to normalize. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number (default: 5 MB, max: <4 GB).

 .TP

-\fB\-\-max-ziptypercg=#n\fR

+\fB\-\-max\-ziptypercg=#n\fR

 Maximum size zip to type reanalyze. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number (default: 1 MB, max: <4 GB).

 .TP

-\fB\-\-max-partitions=#n\fR

+\fB\-\-max\-partitions=#n\fR

 This option sets the maximum number of partitions of a raw disk image to be scanned. This must be a positive integer (default: 50).

+.TP

+\fB\-\-max\-iconspe=#n\fR

+This option sets the maximum number of icons within a PE to be scanned. This must be a positive integer (default: 100).

 .SH "EXAMPLES"

 .LP 

 .TP 

@@ -514,6 +514,13 @@ Example

 # Default: 50

 #MaxPartitions 128

+# This option sets the maximum number of icons within a PE to be scanned.

+# PE files with more icons than this value will have up to the value number icons scanned.

+# Negative values are not allowed.

+# WARNING: setting this limit too high may result in severe damage or impact performance.

+# Default: 100

+#MaxIconsPE 200

+

 ##

 ## On-access Scan Settings

 ##

@@ -207,7 +207,8 @@ enum cl_engine_field {

     CL_ENGINE_DISABLE_CACHE,        /* uint32_t */

     CL_ENGINE_DISABLE_PE_STATS,     /* uint32_t */

     CL_ENGINE_STATS_TIMEOUT,        /* uint32_t */

-    CL_ENGINE_MAX_PARTITIONS        /* uint32_t */

+    CL_ENGINE_MAX_PARTITIONS,       /* uint32_t */

+    CL_ENGINE_MAX_ICONSPE           /* uint32_t */

 };

 enum bytecode_security {

@@ -42,5 +42,8 @@

 #define CLI_DEFAULT_MAXHTMLNOTAGS       2097152

 #define CLI_DEFAULT_MAXSCRIPTNORMALIZE  5242880

 #define CLI_DEFAULT_MAXZIPTYPERCG       1048576

+#define CLI_DEFAULT_MAXICONSPE          100

+

+#define CLI_DEFAULT_MAXPARTITIONS       50

 #endif

@@ -417,8 +417,11 @@ struct cl_engine *cl_engine_new(void)

     new->cb_stats_get_size = clamav_stats_get_size;

     new->cb_stats_get_hostid = clamav_stats_get_hostid;

-    /* Setup raw dmg max settings */

-    new->maxpartitions = 50;

+    /* Setup raw disk image max settings */

+    new->maxpartitions = CLI_DEFAULT_MAXPARTITIONS;

+

+    /* Engine max settings */

+    new->maxiconspe = CLI_DEFAULT_MAXICONSPE;

     cli_dbgmsg("Initialized %s engine\n", cl_retver());

     return new;

@@ -562,6 +565,9 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long

 	case CL_ENGINE_MAX_PARTITIONS:

 	    engine->maxpartitions = (uint32_t)num;

 	    break;

+	case CL_ENGINE_MAX_ICONSPE:

+	   engine->maxiconspe = (uint32_t)num;

+	   break;

 	default:

 	    cli_errmsg("cl_engine_set_num: Incorrect field number\n");

 	    return CL_EARG;

@@ -633,6 +639,8 @@ long long cl_engine_get_num(const struct cl_engine *engine, enum cl_engine_field

 	    return ((cli_intel_t *)(engine->stats_data))->timeout;

 	case CL_ENGINE_MAX_PARTITIONS:

 	    return engine->maxpartitions;

+	case CL_ENGINE_MAX_ICONSPE:

+	    return engine->maxiconspe;

 	default:

 	    cli_errmsg("cl_engine_get: Incorrect field number\n");

 	    if(err)

@@ -741,6 +749,8 @@ struct cl_settings *cl_engine_settings_copy(const struct cl_engine *engine)

     settings->maxpartitions = engine->maxpartitions;

+    settings->maxiconspe = engine->maxiconspe;

+

     return settings;

 }

@@ -813,6 +823,8 @@ int cl_engine_settings_apply(struct cl_engine *engine, const struct cl_settings

     engine->maxpartitions = settings->maxpartitions;

+    engine->maxiconspe = settings->maxiconspe;

+

     return CL_SUCCESS;

 }

@@ -329,8 +329,11 @@ struct cl_engine {

     clcb_stats_get_size cb_stats_get_size;

     clcb_stats_get_hostid cb_stats_get_hostid;

-    /* Raw dmg max settings */

+    /* Raw disk image max settings */

     uint32_t maxpartitions;

+

+    /* Engine max settings */

+    uint32_t maxiconspe; /* max number of icons to scan for PE */

 };

 struct cl_settings {

@@ -383,8 +386,11 @@ struct cl_settings {

     clcb_stats_get_size cb_stats_get_size;

     clcb_stats_get_hostid cb_stats_get_hostid;

-    /* Raw dmg max settings */

-    uint32_t maxpartitions;

+    /* Raw disk image max settings */

+    uint32_t maxpartitions; /* max number of partitions to scan in a disk image */

+

+    /* Engine max settings */

+    uint32_t maxiconspe; /* max number of icons to scan for PE */

 };

 extern int (*cli_unrar_open)(int fd, const char *dirname, unrar_state_t *state);

@@ -32,8 +32,6 @@

 #include "pe_icons.h"

 #include "others.h"

-#define PE_MAXICONS 1000

-

 #define READ32(x) cli_readint32(&(x))

 #define READ16(x) cli_readint16(&(x))

 #define USE_FLOATS

@@ -115,7 +113,7 @@ int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct c

     icon_env.nsections = nsections;

     icon_env.hdr_size = hdr_size;

-    icon_env.max_icons = PE_MAXICONS;

+    icon_env.max_icons = ctx->engine->maxiconspe;

     /* icon group scan callback --> groupicon_scan_cb() */

     findres(14, 0xffffffff, resdir_rva, map, exe_sections, nsections, hdr_size, groupicon_scan_cb, &icon_env);

@@ -124,7 +122,7 @@ int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct c

     if (icon_env.result == CL_EMAXSIZE) {

 	cli_dbgmsg("cli_scanicon: max icon count reached\n");

     }

-    cli_dbgmsg("cli_scanicon: scanned a total of %u icons across %u icon groups\n", icon_env.icnt, icon_env.gcnt);

+    cli_dbgmsg("cli_scanicon: scanned a total of %u[%u actual] icons across %u groups\n", icon_env.icnt, icon_env.hcnt, icon_env.gcnt);

     /* ignore all error returns (previous behavior) */

     if (icon_env.result == CL_VIRUS) {

@@ -375,7 +375,9 @@ const struct clam_option __clam_options[] = {

     { "MaxZipTypeRcg", "max-ziptypercg", 0, TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXZIPTYPERCG, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a ZIP file to reanalyze type recognition.\nZIP files larger than this value will skip the step to potentially reanalyze as PE.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "1M" },

-    { "MaxPartitions", "max-partitions", 0, TYPE_NUMBER, MATCH_NUMBER, 50, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of partitions of a raw disk image to be scanned.\nRaw disk images with more partitions than this value will have up to the value number partitions scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "128" },

+    { "MaxPartitions", "max-partitions", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXPARTITIONS, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of partitions of a raw disk image to be scanned.\nRaw disk images with more partitions than this value will have up to the value number partitions scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "128" },

+

+    { "MaxIconsPE", "max-iconspe", 0, TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXICONSPE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of icons within a PE to be scanned.\nPE files with more icons than this value will have up to the value number icons scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "100" },

     /* OnAccess settings */

     { "ScanOnAccess", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "This option enables on-access scanning (Linux only)", "no" },