@@ -1,3 +1,13 @@

+Sat Jul 26 17:11:46 CEST 2003

+-----------------------------

+  * libclamav: updated mbox code (Nigel)

+

+Thu Jul 24 13:29:39 CEST 2003

+-----------------------------

+  * libclamav: mbox: fixed detection of the Gibe virus (bug reported

+	       by Rene Bellora); support for log file names (problem

+	       reported by Tomasz Papszun)

+

 Sun Jul 20 23:43:38 CEST 2003

 -----------------------------

   * libclamav: mbox: improved scanning of uuencoded files and other

@@ -68,7 +68,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for

 dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created

 dnl (the prefix is a bit different, since we add an extra -target- and -host-)

 dnl 

-dnl @version: $Id: acinclude.m4,v 1.1 2003/07/29 15:40:20 nervoso Exp $

+dnl @version: $Id: acinclude.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $

 dnl @author Guido Draheim <guidod@gmx.de>                 STATUS: used often

 AC_DEFUN([AC_CREATE_TARGET_H],

@@ -4110,7 +4110,7 @@ dnl      AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers)

 dnl      AC_COMPILE_CHECK_SIZEOF(off_t, $headers)

 dnl

 dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu>

-dnl @version $Id: acinclude.m4,v 1.1 2003/07/29 15:40:20 nervoso Exp $

+dnl @version $Id: acinclude.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $

 dnl

 AC_DEFUN([AC_COMPILE_CHECK_SIZEOF],

 [changequote(<<, >>)dnl

@@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for

 dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created

 dnl (the prefix is a bit different, since we add an extra -target- and -host-)

 dnl 

-dnl @version: $Id: aclocal.m4,v 1.1 2003/07/29 15:37:09 nervoso Exp $

+dnl @version: $Id: aclocal.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $

 dnl @author Guido Draheim <guidod@gmx.de>                 STATUS: used often

 AC_DEFUN([AC_CREATE_TARGET_H],

@@ -4041,7 +4041,7 @@ dnl      AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers)

 dnl      AC_COMPILE_CHECK_SIZEOF(off_t, $headers)

 dnl

 dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu>

-dnl @version $Id: aclocal.m4,v 1.1 2003/07/29 15:37:09 nervoso Exp $

+dnl @version $Id: aclocal.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $

 dnl

 AC_DEFUN([AC_COMPILE_CHECK_SIZEOF],

 [changequote(<<, >>)dnl

@@ -62,6 +62,9 @@ void clamscan(struct optstruct *opt)

     if(optl(opt, "stdout")) mprintf_stdout = 1;

     else mprintf_stdout = 0;

+    if(optl(opt, "debug"))

+	cl_debug();

+

     if(optc(opt, 'V')) {

 	mprintf("clamscan / ClamAV version "VERSION"\n");

 	mexit(0);

@@ -168,11 +171,12 @@ void help(void)

     mprintf("\n");

     mprintf("		   Clam AntiVirus Scanner "VERSION"\n");

-    mprintf("		   (c) 2002 Tomasz Kojm <zolw@konarski.edu.pl>\n");

+    mprintf("	    (c) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>\n");

     mprintf("	  \n");

     mprintf("    --help		    -h		Show help\n");

     mprintf("    --version		    -V		Print version number and exit\n");

     mprintf("    --verbose		    -v		Be verbose\n");

+    mprintf("    --debug				Enable debug messages\n");

     mprintf("    --quiet				Be quiet, output only error messages\n");

     mprintf("    --stdout				Write to stdout instead of stderr\n");

     mprintf("					(this help is always written to stdout)\n");

@@ -47,6 +47,7 @@ int main(int argc, char **argv)

 	    {"help", 0, 0, 'h'},

 	    {"quiet", 0, 0, 0},

 	    {"verbose", 0, 0, 'v'},

+	    {"debug", 0, 0, 0},

 	    {"version", 0, 0, 'V'},

 	    {"tempdir", 1, 0, 0},

 	    {"database", 1, 0, 'd'},

@@ -1901,7 +1901,7 @@ fi

 # Define the identity of the package.

  PACKAGE=clamav

- VERSION=20030720

+ VERSION=cvs

 cat >>confdefs.h <<_ACEOF

@@ -19,7 +19,7 @@ AC_INIT(clamscan/clamscan.c)

 AC_CREATE_TARGET_H(target.h)

 AC_CANONICAL_SYSTEM

-AM_INIT_AUTOMAKE(clamav, 20030720)

+AM_INIT_AUTOMAKE(clamav, cvs)

 dnl AM_INIT_AUTOMAKE(clamav, `date +%Y%m%d`)

 LC_CURRENT=1

 LC_REVISION=3

@@ -1,3 +1,4 @@

+Trojan.Download-DK (Clam)=426f644852774f6938764e6a51754d6a51324c6a55324c6a63300d0a4c33356a59584a686232746c4c32747a6343356c6547554162584e6f5a5867755a58686c414752736241417541473176626742310d0a636d7741515142476157786c4146527641455276643235736232466b4146565354

 Js.Exception.Gen (Clam)=73657454696d656f757428277b73657428293b7d272c31303030293b0a766172204d657373616765203d20224675636b20596f75223b

 JS.FortNight.M (Clam)=653d4a5363726970742e456e636f64653e23407e5e6d51454141413d3d5b4b6d3b732b0959525344624f2b5e78634a4021716f5d7a48322c

 JS/Fortnight.B.1 (Clam)=2c416b3959747b547e747f6b54744f27547e55492f2745345944776c264a68684154634532526b557f5920092b3d2646794740243973522131397d7f2a097820265a2a53776621556f317355665a622b4b2a4a477330214f4272716309427926212a4a7766543f7731773f395a62794b636466752b3275632b5d572c59587a

@@ -50,7 +51,7 @@ Trojan.IRC-Bot.gen (Clam)=494e5649444941aec1a17742*41844e534849454c4400*73094ce2

 Trojan.IRC-Sdbot (Clam)=773030742e616469676974616c2e6e6574ffff416e6b0b1a4432340023c5f1ee6debadadafc7d44e848dbdff8a4f4c45bf2e326b321e3e323ffb652b6c36006d736f66807eff057b6578658f034d6963726f1700a74096e5a97205a710db0bbf882525636f5f7065630820bff0b6fb2f632025730200400e686f205c660d0a3a735bf8b7

 Trojan.Bionet.313 (Clam)=8366cf9034d82e01109c82743e4fbc22eeff0942696f4e6574636667bf062cf802ce4ce19214da41b59f01bd300eb926f3a5a460933c305ecf8544cecab9fcefe2fb10002bba78d51c48c94cc1742026e5864c4dd149e16c6536782dbf85c4868d27a2245e250b4ebcff2524424e3230494424135e3c6826803537531c2046f0

 Trojan.Sub7-V21.srv (Clam)=615408086921f29001000c9434573bfdf60c0c2d7828ea06435569657902c0955ced10521992e61d30728414140430b5c354fa4964492e64e9f6181805e4f292153ea86f34708c706ab2d42e7e1efc17449496be487348279b008fe47248187ad606d07c65b35c2e687fe08c50e473b6592e9b8444743875

-Worm.Fakerr.a (Clam)=09000b48006b496c4c6552675561546520312e30332c2049206d416b6520546849732076497255732042654361557345204920644f6e27542068417645204e6f5468496e4720744f20644f2121

+Worm.Gruel.A (Clam)=09000b48006b496c4c6552675561546520312e30332c2049206d416b6520546849732076497255732042654361557345204920644f6e27542068417645204e6f5468496e4720744f20644f2121

 Trojan.Webber.A (Clam)=c3005589e551505356578b750c8365f8008365fc00eb4f31db89dfeb368b45fc01f88b55080fbe04020fbe143e39d075014389f183c8ff40803c010075f939c37510ff45f88b45103945f875058b45fceb2d4789f183c8ff40803c010075f939c772baff45fc8b450889c183c8ff40803c010075f93945fc72

 Troj/IGMPNuke (Clam)=2bc266dabdc059d785f030ed9b76751bb9bfc093edf2f10d751ec8240f751f496e6105fe75eceb398ac1045a1f10e91b9b7b200621ea318d4c130303abb9ed76c607d0803fccf7b8c788c2aced60075ed288f6d0ec87ffd77306f0be9bd97dfa9bdbe2d98e68adbfe14ed9ee9d84868a3e

 Troj/EliteWrap.103 (Clam)=636a010072199a380a00c40404006c6f61640000636a000072197d31960072197d318c007219ea6710009d190c009d1908009d1904009d190000a76204009800726a02000000522d9a004b49b1679a380e000c05080057696e4c6f6733320000636a020072199a380c00240506004c6f

@@ -152,3 +153,24 @@ Troj/FDoS-ICQRevenge (Clam)=01000904000078010000000000007f9036350000000000000100

 Troj/SendFake-A (Clam)=ff50e80603000083c40c8d8524feffff50e89bfbffff83c404908d8524feffff50683c134000e8c6fbffff83c4088d8524feffff50e89b02000083c40489c085c07518a1ac20400050e87702000083c4046a01e8a502000083c40468621340008d8524feffff50e8b102000083c40889c0898520fdffff83bd20fdffff0075178d8524feffff506865134000e85402000083c408eb03

 Troj/DDoS-Snoofer (Clam)=f0d38d45b05121d78d55d0edf003f1f5106aff006a408b0656ff9058122233219e21154cf4f20ca922bbeb0949121c0700a7f0fc2e047268474f580034262d3626fee02155b08d45c08d4de3d0523520bb27890410ff5290930da30aac0dbc0c28cc0ddc0320eee30ddb68f835116a0f562e08f6ff92640d19e81a10b4f026d52015b4bf232af0acdcf2b613f7f868e845f0578b07ff

 Troj/DDoS-Snoofer.b (Clam)=ec83ec0c684611400064a100000000506489250000000083ec2853568b7508578bc683e6fe8965f483e0018b0ec745f820104000568945fc897508ff51048b1633db68f8304000536a0f56895de8895de4895dd4ff92640300008b3d74a14000508d45e850ffd78d4dd45051ff15b4a1400083c41050ff15aca140008d55e45052ffd78bf868e8304000578b07ff

+Trojan.Yabinder (Clam)=14c962836612134420315598be5551f0897704b8a330cfaeff0f41a408f3c7ba476a40cc89470c51011e42b42b3949b48858fcf54e280e2c5737cdc7df4023c55d7b11536563686f204e6897f86f66660d0a857279057b6a3ce4370168c8a44f807e8ad442b574150cbdf6510305bf64059188193b4c4dd41247553481162c

+Pieck (Clam)=eb0e00fe000000000000000000000000be0c00fa2e89a40b082e8c940d088cc88ed0bc6018fb561e06b8ffffbb7203cd213d72

+Trojan.SMS-Bomber (Clam)=5f534d535f426f6d620000000000ffcc31002fc38be28b583ad411a5a900606737252fc48be28b583ad411a5a900606737252f3a4fad339966cf11b70c00aa0060

+W97M.Coldape.A (Clam)=4e69636b2022546865204c6f7665204d6f6e6b657922205669727573205061636b61676520627920414c542d463420616e6420414c542d46313120666f722074686520416c7465726e6174697665205669727573204d61666961ce00000000000000a40001001e00ca00ae00020027a5ce00ae000400446f6e65ae000000ae004100484b45595f43555252454e545f555345525c536f6674776172655c564220616e64205642412050726f6772616d2053657474696e67735c4f66666963655c382e3000ae00070041564d2d5642530020

+Worm.Lovgate.B (Clam)=0e70bad803bf2c5ca6ea5bcd856cd39fec1d480a7a1bcead158efee92dd12a10c3b72e9d6249a633c804737d2f31ee75ccfc42f46cfbf1028316799a00a98c07a38f916f21caca64eb1bf1abcda9e8649e3b632c56862fa65364522afc8aed05a1f0508026e1ed18119787f699ccce95eaeba3dc0bbb8bb0d3c91d8aba1945

+Trojan.BombXP.2.0.0.0rev0.1c (Clam)=736d73626f6d620000000000ffcc3100056f95bbe7724adf4babd30f9f2868e854aa1b68b1730da449b4aedaf375a9409c3a4fad339966cf11b70c00aa0060d3

+Trojan.Qwak (Clam)=207061737377292e2e2e00496e76616c6964204469616c6563742e2e2e00004e6f207265706c792066726f6d206469616c65637420726571756573742e2e2e0000000053656e64696e67206469616c656374206e65676f74696174652e2e2e0000000043616c6c6564206e616d65206e6f7420666f756e64202857726f6e67

+Joke.Boredom.A (Clam)=065557696e646f777320686173206465746563746564207468617420796f75206d6179207375666665722066726f6d20686176696e67206120736d616c6c2070656e69732e20204973207468697320636f72726563743f08576f72645772617009000007

+Trojan.Prosiak.E (Clam)=24c3546561a5391094a86134f15369cf2ba872341005d6c5fa3c444c14696d6534e359f73e256f77696842d0759924090c46ffd068732369616041717561ade02744d8a9100b0c53e7210492b442130a

+Trojan.Prosiak.G (Clam)=48c64a57e1aa3001da8ff812feff81db6d61696c2e6c75626c696e2e706cef39a26ac2b77ad90192

+Worm.Romeo (Clam)=c7ad193b3990f4a8100cd6f1c6e5895c895b6f1beb3acf4308d22dd4d1137e5ae32c373ce7edc1e07c0d250c1c843217a15c358381bd1d052d1709dbecb30a607e

+Worm.MyLife.B (Clam)=01cfffffef216e740d0a526550726f6a65637431000d0a466f722069ff433664cbcc314338440f3a0fc0feff4fad339966cf11b70c00aa0060d393e4b104bfdbde6c0382000500666c6d74010300636172e4b6fbdb00199042002204233e1c6c74a536046e3956f8020020043ae8022607

+Trojan.Dropper.B (Clam)=4d494d452d56657273696f6e3a20312e300d436f6e74656e742d4c6f636174696f6e3a46696c653a2f2f666f6f2e6578650d436f6e74656e742d5472616e736665722d456e636f64696e673a2062696e6172790d0d4d5a90000300000004000000ffff00

+Exploit.ObjCodebase.Calc (Clam)=0909093c6f626a6563742077696474683d30206865696768743d302069643d226f46696c652220636c61737369643d22636c7369643a31313131313131312d313131312d313131312d313131312d3131313131313131313131312220636f6465626173653d22633a2f77696e6e742f73797374656d33322f63616c632e657865223e3c2f6f626a6563743e

+Exploit.ObjCodebase.Calc.Mail (Clam)=636f6465626173653d334422633a2f77696e6e742f73797374656d33322f63616c632e657865223e3c2f6f626a6563743e

+Trojan.Prorat.10.B (Clam)=3a767a2d546f5804124a8071e6f4839dfdd5218f5e15e6e55ee0b6ded352a97f8e40ca19565ca844410a44661fcea88df445f9e561acb83b60a20754d3c536d5478b0575aa0d51d901cb111eb3b4644fabf8ef406fbb15c5738f1ff71635acb07d2fb1e8d9df1650e7dee835606dd80ba47f96b9e3e8eaef7c3038ae203d4205f11423bb5a4740

+Trojan.Dropper.C (Clam)=3c5343524950540866756e6374a76effffdffa206d616c77ab652829

+Trojan.Delf.BZ (Clam)=14e97b00f7ffb8807b4900e82d09f7ffe8c803f7ffa1d06549008b00e804a4fbff833d7c7b490000740ba17c7b490050e8f03bf7ff33c05a595964891068b1324900c3e9ed02f7ffebf85f5e5be81307f7ff00000069736e736572766572000000ffffffff16000000687474703a2f2f7777772e697370796e6f772e636f6d

+Troj/SunOS.RootKit #2 (Clam)=6e222c206765747569642829293b0d0a7d0d0a5f454f465f0d0a6363202d6f20757372207573722e630d0a63686d6f6420373030207573720d0a4946533d222f220d0a6578706f7274204946530d0a2f7573722f6f70656e77696e2f62696e2f66662e636f7265203020302030203020300d0a2366666320302030206664302f66643020310d0a726d202d6620757372207573722e63

+V2PX.1200 (Clam)=e701b9fa326f385b389954b810d76f2198da1a7867124f387b18b9749801bb84326f387b18b974782b5bb17859d380e0580f9579d116a0b16ec28c07813b38b3eeb9faa838f5196a0a251b186d15a01a5aa11818a21818f5194b3bd1e2386bb3f069153b38b1bccc58d999f95cd3a6d9b7e95ad155ec7475998b6931ee48504eb833fe489d47b89d119c11de7011

+V2P6.1993 (Clam)=303635a13de5b23e58ee096990e5308e40e469405e296fe428b9884fde4e884e3635a13e3fde65884e856e8a4e856e64ae1a61e48ede4ed7666ebe821d6c884e8c963736adf286b491703ed66e6e3e71e5288243d46e94cd626ee5288243fc6ecd6a6e6036cd686ecd606e953671f3adf2703ed66e6e3e71e528b294cd626ee528b6cd6a6ee528b4cd686ee528b0cd606e953671f3ad

@@ -31,7 +31,7 @@

         <p class="COPYRIGHT">Copyright &copy; 2002 by Paul Hoadley and

         Eric Parsonage</p>

-        <p class="PUBDATE">$Date: 2003/07/29 15:42:40 $<br>

+        <p class="PUBDATE">$Date: 2003/08/02 22:37:52 $<br>

         </p>

         <div>

@@ -57,10 +57,9 @@ int downloadmanager(const struct optstruct *opt, const char *hostname)

     mprintf("Checking for a new database - started at %s", ctime(&currtime));

-

-    /* first thing we want, is a local file md5 checksum */

+    /* first thing we want is a local file md5 checksum */

     if(fileinfo(DB1NAME, 1) == -1) {

-	/* there is no database, so we just download new one */

+	/* there is no database, so we just download a new one */

 	nodb = 1; 

 	mprintf(DB1NAME" not found in the data directory.\n");

     } else {

@@ -70,9 +69,7 @@ int downloadmanager(const struct optstruct *opt, const char *hostname)

 	}

     }

-    /* second database */

     if(fileinfo(DB2NAME, 1) == -1) {

-	/* there is no database, so we just download new one */

 	nodb2 = 1; 

 	mprintf(DB2NAME" not found in the data directory.\n");

     } else {

@@ -82,10 +79,6 @@ int downloadmanager(const struct optstruct *opt, const char *hostname)

 	}

     }

-    /*

-     * Ok, we have local file md5 checksum, now we download md5sum of current

-     * database from Internet.

-     */

     if(optl(opt, "proxy-user")) {

 	user = getargl(opt, "proxy-user");

@@ -75,7 +75,7 @@ struct cl_node {

     struct patt *list;

     struct cl_node *trans[CL_NUM_CHILDS], *fail;

-    /* FIXME: these variables are only used in the root node */

+    /* FIXME: these variables are only used in a root node */

     unsigned int maxpatlen, partsigs;

     unsigned int nodes;

     struct cl_node **nodetable;

@@ -106,11 +106,13 @@ extern int cl_loaddb(const char *filename, struct cl_node **root, int *virnum);

 extern int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum);

 extern char *cl_retdbdir(void);

-/* datadir stat functions */

+/* data dir stat functions */

 extern int cl_statinidir(const char *dirname, struct cl_stat *dbstat);

 extern int cl_statchkdir(const struct cl_stat *dbstat);

 extern int cl_statfree(struct cl_stat *dbstat);

+/* enable debug information */

+extern void cl_debug(void);

 /* build a trie */

 extern void cl_buildtrie(struct cl_node *root);

@@ -17,7 +17,7 @@

  */

 #ifndef	CL_DEBUG

-#define	NDEBUG	/* map CLAMAV debug onto standard */

+/*#define	NDEBUG	/* map CLAMAV debug onto standard */

 #endif

 #ifdef CL_THREAD_SAFE

@@ -36,6 +36,7 @@

 #include <fcntl.h>

 #include <sys/stat.h>

 #include <sys/types.h>

+#include <sys/param.h>

 #include <clamav.h>

 #include "table.h"

@@ -72,7 +73,8 @@ static	size_t	strip(char *buf, int len);

 static	size_t	strstrip(char *s);

 static	bool	continuationMarker(const char *line);

 static	int	parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg);

-static	int	saveFile(const blob *b, const char *dir);

+static	bool	saveFile(const blob *b, const char *dir);

+static	bool	newMessageStart(const char *buf);

 /* Maximum number of attachements that we accept */

 #define	MAX_ATTACHMENTS	10

@@ -85,6 +87,8 @@ static	int	saveFile(const blob *b, const char *dir);

 #define	CONTENT_TRANSFER_ENCODING	2

 #define	CONTENT_DISPOSITION		3

+/*#define	VALIDATE_MBOX	/* validate the file is a UNIX mbox */

+

 /* Mime sub types */

 #define	PLAIN		1

 #define	ENRICHED	2

@@ -144,9 +148,8 @@ cl_mbox(const char *dir, int desc)

 	cli_dbgmsg("in mbox()\n");

-	if(initialiseTables(&rfc821Table, &subtypeTable) < 0) {

+	if(initialiseTables(&rfc821Table, &subtypeTable) < 0)

 		return -1;

-	}

 	m = messageCreate();

 	assert(m != NULL);

@@ -155,7 +158,7 @@ cl_mbox(const char *dir, int desc)

 	if((fd = fdopen(dup(desc), "rb")) == NULL) {

 		cli_errmsg("Can't open descriptor %d\n", desc);

-	    return -1;

+		return -1;

 	}

 	/*

@@ -166,18 +169,18 @@ cl_mbox(const char *dir, int desc)

 		char *strptr;

 #endif

 		/*cli_dbgmsg("read: %s", buffer);*/

+#ifdef	VALIDATE_MBOX

 		if(first)

 			/*

 			 * Check it is a mail box.

 			 * tm@softcom.dk: check for a single mail message

 			 */

-			if((strncmp(buffer, "From ", 5) != 0) &&

-			   (strncmp(buffer, "Return-Path: ", 13) != 0) &&

-			   (strncmp(buffer, "Received: ", 10) != 0)) {

+			if(!newMessageStart(buffer)) {

 				cli_errmsg("Not a valid mail message");

 				retcode = -1;

 				break;

 			}

+#endif

 		/*

 		 * Handle this where we're mid point through this stuff

@@ -198,7 +201,7 @@ cl_mbox(const char *dir, int desc)

 			for(ptr = strtok_r(buffer, ";\r\n", &strptr); ptr; ptr = strtok_r(NULL, ":\r\n", &strptr))

 				messageAddArgument(m, ptr);

-		} else if((!inHeader) && lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0)) {

+		} else if((!inHeader) && lastLineWasEmpty && newMessageStart(buffer)) {

 			/*

 			 * New message, save the previous message, if any

 			 */

@@ -234,7 +237,7 @@ cl_mbox(const char *dir, int desc)

 			} else {

 				const bool isLastLine = !continuationMarker(buffer);

 				const char *cmd = strtok_r(buffer, " \t", &strptr);

-				

+

 				if (cmd && *cmd) {

 					const char *arg = strtok_r(NULL, "\r\n", &strptr);

@@ -284,7 +287,6 @@ cl_mbox(const char *dir, int desc)

 	tableDestroy(rfc821Table);

 	tableDestroy(subtypeTable);

-

 	cli_dbgmsg("cli_mbox returning %d\n", retcode);

 	return retcode;

@@ -298,7 +300,7 @@ cl_mbox(const char *dir, int desc)

  * textIn is the plain text message being built up so far

  * blobsIn contains the array of attachments found so far

  *

- * Returns: 

+ * Returns:

  *	0 for fail

  *	1 for success, attachements saved

  *	2 for success, attachements not saved

@@ -308,7 +310,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 {

 	char *ptr;

 	message *messages[MAXALTERNATIVE];

-	int inhead, inMimeHead, i, rc;

+	int inhead, inMimeHead, i, rc, htmltextPart, multiparts = 0;

 	text *aText;

 	blob *blobList[MAX_ATTACHMENTS], **blobs;

 	const char *cptr;

@@ -325,9 +327,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 	blobs = blobsIn;

 	/* Anything left to be parsed? */

-	if(mainMessage) {

+	if(mainMessage && (messageGetBody(mainMessage) != NULL)) {

 		int numberOfAttachments = 0;

-		int plaintextPart, multiparts;

 		mime_type mimeType;

 		const char *mimeSubtype;

 		const text *t_line;

@@ -338,7 +339,6 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 		char *strptr;

 #endif

-		assert(messageGetBody(mainMessage) != NULL);

 		mimeType = messageGetMimeType(mainMessage);

 		mimeSubtype = messageGetMimeSubtype(mainMessage);

@@ -366,7 +366,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 			if(boundary == NULL) {

 				cli_warnmsg("Multipart MIME message contains no boundaries\n");

-				return 2;       /* Broken e-mail message */

+				return 2;	/* Broken e-mail message */

 			}

@@ -494,10 +494,10 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 				aMessage = NULL;

 				assert(multiparts > 0);

-				plaintextPart = getTextPart(messages, multiparts);

+				htmltextPart = getTextPart(messages, multiparts);

-				if(plaintextPart >= 0)

-					aText = textAddMessage(aText, messages[plaintextPart]);

+				if(htmltextPart >= 0)

+					aText = textAddMessage(aText, messages[htmltextPart]);

 				else

 					/*

 					 * There isn't a text bit. If there's a

@@ -507,11 +507,11 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 					for(i = 0; i < multiparts; i++)

 						if(messageGetMimeType(messages[i]) == MULTIPART) {

 							aMessage = messages[i];

-							plaintextPart = i;

+							htmltextPart = i;

 							break;

 						}

-				assert(plaintextPart != -1);

+				assert(htmltextPart != -1);

 				rc = insert(aMessage, blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);

 				blobArrayDestroy(blobs, nBlobs);

@@ -536,12 +536,12 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 			case ALTERNATIVE:

 				cli_dbgmsg("Multipart alternative handler\n");

-				plaintextPart = getTextPart(messages, multiparts);

+				htmltextPart = getTextPart(messages, multiparts);

-				if(plaintextPart == -1)

-					plaintextPart = 0;

+				if(htmltextPart == -1)

+					htmltextPart = 0;

-				aMessage = messages[plaintextPart];

+				aMessage = messages[htmltextPart];

 				aText = textAddMessage(aText, aMessage);

 				rc = insert(NULL, blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);

@@ -592,6 +592,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 					assert(aMessage != NULL);

 					dtype = messageGetDispositionType(aMessage);

+					cptr = messageGetMimeSubtype(aMessage);

 #ifdef	CL_DEBUG

 					cli_dbgmsg("Mixed message part %d is of type %d\n",

@@ -600,13 +601,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 					switch(messageGetMimeType(aMessage)) {

 					case APPLICATION:

-						/*

-						 * We don't care about the application

-						 * subtype, since we don't spawn

-						 * anything off

-						 */

 						if((strcasecmp(dtype, "attachment") == 0) ||

-						   (strcasecmp(dtype, "octet-stream")))

+						   (strcasecmp(cptr, "x-msdownload") == 0) ||

+						   (strcasecmp(dtype, "octet-stream") == 0))

 							addAttachment = TRUE;

 						else {

 							cli_dbgmsg("Discarded application not sent as attachment\n");

@@ -660,7 +657,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 						 *

 						 */

 						cli_dbgmsg("Found multipart inside multipart\n");

-						rc = insert(NULL, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);

+						/*rc = insert(NULL, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);*/

+						rc = insert(aMessage, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);

 						mainMessage = aMessage;

 						continue;

@@ -710,7 +708,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 				 * the list we've just built up

 				 */

 				for(i = 0; i < nBlobs; i++) {

+#ifdef	CL_DEBUG

 					assert(blobs[i]->magic == BLOB);

+#endif

 					blobList[numberOfAttachments++] = blobs[i];

 				}

@@ -727,11 +727,11 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 				 * message and we need to dig out the plain

 				 * text part of that alternative

 				 */

-				plaintextPart = getTextPart(messages, multiparts);

-				if(plaintextPart == -1)

-					plaintextPart = 0;

+				htmltextPart = getTextPart(messages, multiparts);

+				if(htmltextPart == -1)

+					htmltextPart = 0;

-				rc = insert(messages[plaintextPart], blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);

+				rc = insert(messages[htmltextPart], blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);

 				blobArrayDestroy(blobs, nBlobs);

 				break;

 			default:

@@ -775,6 +775,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 				bool inHeader = TRUE;

 				bool inMimeHeader = FALSE;

 				message *m;

+

+				assert(t != NULL);

+

 				m = messageCreate();

 				assert(m != NULL);

@@ -822,7 +825,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 						else {

 							const bool isLastLine = !continuationMarker(buffer);

 							const char *cmd = strtok_r(buffer, " \t", &strptr);

-							

+

 							if (cmd && *cmd) {

 								const char *arg = strtok_r(NULL, "\r\n", &strptr);

@@ -870,7 +873,10 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 			return 0;

 		case APPLICATION:

-			if(strcasecmp(messageGetMimeSubtype(mainMessage), "octet-stream") == 0) {

+			cptr = messageGetMimeSubtype(mainMessage);

+

+			if((strcasecmp(cptr, "octet-stream") == 0) ||

+			   (strcasecmp(cptr, "x-msdownload") == 0)) {

 				blob *aBlob = messageToBlob(mainMessage);

 				if(aBlob) {

@@ -899,27 +905,67 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha

 		}

 	}

-

 #ifdef	CL_DEBUG

 	cli_dbgmsg("%d attachments found\n", nBlobs);

 #endif

-	if(nBlobs == 0 && mainMessage) {

+	if(nBlobs == 0) {

+		blob *b;

+

 		/*

-		 * No attachments, but it may still contain a uu-encoded file

+		 * No attachements - look for a text that we can save to scan

 		 */

-		blob *b;

-		messageSetEncoding(mainMessage,	"x-uuencode");

+#ifdef	CL_DEBUG

+		cli_dbgmsg("%d multiparts found\n", multiparts);

+#endif

+		htmltextPart = getTextPart(messages, multiparts);

+

+		if(htmltextPart > 0) {

+			b = messageToBlob(messages[htmltextPart]);

-		if((b = messageToBlob(mainMessage)) != NULL) {

-			if((cptr = blobGetFilename(b)) != NULL) {

-				cli_dbgmsg("Found uuencoded message %s\n", cptr);

+			assert(b != NULL);

+

+#ifdef	CL_DEBUG

+			cli_dbgmsg("Found HTML part in %d, encoded with scheme %d\n",

+				htmltextPart, messageGetEncoding(messages[htmltextPart]));

+#endif

+

+			(void)saveFile(b, dir);

-				(void)saveFile(b, dir);

-			}

 			blobDestroy(b);

 		}

+

+		if(mainMessage) {

+			/*

+			 * Look for uu-encoded main file

+			 */

+			const text *t_line;

+

+			for(t_line = messageGetBody(mainMessage); t_line; t_line = t_line->t_next) {

+				const char *line = t_line->t_text;

+

+				if((strncasecmp(line, "begin ", 6) == 0) &&

+				   (isdigit(line[6])) &&

+				   (isdigit(line[7])) &&

+				   (isdigit(line[8])) &&

+				   (line[9] == ' '))

+					break;

+			}

+

+			if(t_line != NULL) {

+				messageSetEncoding(mainMessage,	"x-uuencode");

+

+				if((b = messageToBlob(mainMessage)) != NULL) {

+					if((cptr = blobGetFilename(b)) != NULL) {

+						cli_dbgmsg("Found uuencoded message %s\n", cptr);

+

+						(void)saveFile(b, dir);

+					}

+					blobDestroy(b);

+				}

+			}

+		}

 	} else {

 		short attachmentNumber;

@@ -1028,13 +1074,10 @@ initialiseTables(table_t **rfc821Table, table_t **subtypeTable)

 }

 /*

- * If there's a plain text version use that, otherwise

+ * If there's a HTML text version use that, otherwise

  * use the first text part, otherwise just use the

- * first one around

- *

- * Alternatively we could hunt out any HTML

- * version and save that, if the displaying client

- * can cope with HTML.

+ * first one around. HTML text is most likely to include

+ * a scripting worm

  *

  * If we can't find one, return -1

  */

@@ -1046,7 +1089,7 @@ getTextPart(message *const messages[], size_t size)

 	for(i = 0; i < size; i++) {

 		assert(messages[i] != NULL);

 		if((messageGetMimeType(messages[i]) == TEXT) &&

-		   (strcasecmp(messageGetMimeSubtype(messages[i]), "plain") == 0))

+		   (strcasecmp(messageGetMimeSubtype(messages[i]), "html") == 0))

 			return (int)i;

 	}

 	for(i = 0; i < size; i++)

@@ -1210,20 +1253,24 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c

 	return type;

 }

-static int

+static bool

 saveFile(const blob *b, const char *dir)

 {

 	unsigned long nbytes = blobGetDataSize(b);

-	const char *cptr;

-	char *filename = NULL;

-	size_t dirLen = strlen(dir);

 	int fd;

-	const char *suffix;

+	const char *cptr, *suffix;

+#ifdef	NAME_MAX	/* e.g. Linux */

+	char filename[NAME_MAX + 1];

+#else

+#ifdef	MAXNAMELEN	/* e.g. Solaris */

+	char filename[MAXNAMELEN + 1];

+#endif

+#endif

 	assert(dir != NULL);

 	if(nbytes == 0)

-		return 1;

+		return TRUE;

 	cptr = blobGetFilename(b);

@@ -1243,9 +1290,11 @@ saveFile(const blob *b, const char *dir)

 	}

 	cli_dbgmsg("Saving attachment in %s/%s\n", dir, cptr);

-	/* tk: use dynamic allocation */

-	filename = cli_malloc(dirLen + strlen(cptr) + strlen(suffix) + 8);

-	sprintf(filename, "%s/%sXXXXXX", dir, cptr);

+	/*

+	 * Allow for very long filenames. We have to truncate them to fit

+	 */

+	snprintf(filename, sizeof(filename) - 7, "%s/%s", dir, cptr);

+	strcat(filename, "XXXXXX");

 	/*

 	 * TODO: add a HAS_MKSTEMP property

@@ -1259,8 +1308,7 @@ saveFile(const blob *b, const char *dir)

 	if(fd < 0) {

 		cli_errmsg("%s: %s\n", filename, strerror(errno));

-		free(filename);

-		return 0;

+		return FALSE;

 	}

 	/*

@@ -1279,7 +1327,32 @@ saveFile(const blob *b, const char *dir)

 	cli_dbgmsg("Attachment saved as %s (%ul bytes long)\n",

 		filename, nbytes);

-	free(filename);

+	return TRUE;

+}

-	return 1;

+static bool

+newMessageStart(const char *buf)

+{

+	if(strncmp(buf, "From ", 5) == 0)

+		return TRUE;

+

+	/*

+	 * Do NOT enable this code, it gets confused by RFC822 messages

+	 * enapsulated in other messages e.g.

+	 *

+	 * ....

+	 * --NAB47372.960554223/xxx

+	 * Content-Type: message/rfc822

+	 *

+	 * Return-Path: MAILER-DAEMON

+	 * ....

+	 */

+#if	0

+	if(strncmp(buf, "Return-Path: ", 13) == 0)

+		return TRUE;

+	if(strncmp(buf, "Received: ", 10) == 0)

+		return TRUE;

+#endif

+

+	return FALSE;

 }

@@ -43,6 +43,8 @@

 pthread_mutex_t cli_rand_mutex = PTHREAD_MUTEX_INITIALIZER;

 #endif

+int cli_debug_flag = 0;

+

 void cli_warnmsg(const char *str, ...)

 {

 	va_list args;

@@ -65,16 +67,21 @@ void cli_errmsg(const char *str, ...)

 void cli_dbgmsg(const char *str, ...)

 {

-#ifdef CL_DEBUG

 	va_list args;

-    va_start(args, str);

-    fprintf(stderr, "LibClamAV debug: ");

-    vfprintf(stderr, str, args);

-    va_end(args);

-#else

-    return;

-#endif

+    if(cli_debug_flag) {

+	va_start(args, str);

+	fprintf(stderr, "LibClamAV debug: ");

+	vfprintf(stderr, str, args);

+	va_end(args);

+    } else

+	return;

+

+}

+

+void cl_debug(void)

+{

+    cli_debug_flag = 1;

 }

 char *cl_perror(int clerror)

@@ -50,12 +50,12 @@ int cli_scanrar_inuse = 0;

 #define SCAN_ARCHIVE	(options & CL_ARCHIVE)

 #define SCAN_MAIL	(options & CL_MAIL)

-#define MAGIC_BUFFER_SIZE 6

+#define MAGIC_BUFFER_SIZE 10

 #define RAR_MAGIC_STR "Rar!"

 #define ZIP_MAGIC_STR "PK\003\004"

 #define GZIP_MAGIC_STR "\037\213"

 #define MAIL_MAGIC_STR "From "

-/*#define RAWMAIL_MAGIC_STR "Received: "*/

+#define RAWMAIL_MAGIC_STR "Received: "

 #define BZIP_MAGIC_STR "BZh"

@@ -637,12 +637,10 @@ int cli_magic_scandesc(int desc, char **virname, long int *scanned, const struct

 	    cli_dbgmsg("Recognized mail file.\n");

 	    ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);

 	}

-	/*

 	else if(!strncmp(magic, RAWMAIL_MAGIC_STR, strlen(RAWMAIL_MAGIC_STR))) {

 	    cli_dbgmsg("Recognized raw mail file.\n");

 	    ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);

 	}

-	*/

 	lseek(desc, 0, SEEK_SET);

     }

@@ -139,9 +139,10 @@ textAdd(text *t_head, const text *t)

 	if(t_head == NULL)

 		return textCopy(t);

-	ret = t_head;

+	if(t == NULL)

+		return t_head;

-	assert(t != NULL);

+	ret = t_head;

 	while(t_head->t_next)

 		t_head = t_head->t_next;

@@ -170,6 +171,8 @@ textAdd(text *t_head, const text *t)

 text *

 textAddMessage(text *aText, const message *aMessage)

 {

+	assert(aMessage != NULL);

+

 	if(messageGetEncoding(aMessage) == NOENCODING)

 		return textAdd(aText, messageGetBody(aMessage));

 	else {

@@ -4,7 +4,7 @@

 # Created: 1993-05-16

 # Public domain

-# $Id: mkinstalldirs,v 1.1 2003/07/29 15:39:41 nervoso Exp $

+# $Id: mkinstalldirs,v 1.2 2003/08/02 22:37:52 kojm Exp $

 errstatus=0

 dirmode=""

@@ -369,7 +369,7 @@ void help(void)

 {

     mprintf("\n");

     mprintf("		   Clam AntiVirus: Signature Tool (sigtool)  "VERSION"\n");

-    mprintf("		   (c) 2002 Tomasz Kojm <zolw@konarski.edu.pl>\n");

+    mprintf("	       (c) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>\n");

     mprintf("\n");

     mprintf("   --help		    -h		show help\n");

     mprintf("   --version		    -V		print version number and exit\n");