@@ -166,7 +166,7 @@ static inline int matcher_run(const struct cli_matcher *root,

     PERF_LOG_TRIES(acmode, 0, length);

     ret = cli_ac_scanbuff(buffer, length, virname, NULL, acres, root, mdata, offset, ftype, ftoffset, acmode, ctx);

     if (ret != CL_CLEAN) {

-	    if (ret == CL_VIRUS) {

+        if (ret == CL_VIRUS) {

             if (SCAN_ALL)

                 viruses_found = 1;

             else {

@@ -178,7 +178,7 @@ static inline int matcher_run(const struct cli_matcher *root,

             saved_ret = ret;

         else

             return ret;

-	}

+    }

     /* due to logical triggered, pcres cannot be evaluated until after full subsig matching */

     /* cannot save pcre execution state without possible evasion; must scan entire buffer */

@@ -721,7 +721,7 @@ static int intermediates_eval(cli_ctx *ctx, struct cli_ac_lsig *ac_lsig)

     for (i = icnt; i > 0; i--) {

         if (ac_lsig->tdb.intermediates[i] == CL_TYPE_ANY)

             continue;

-        if (ac_lsig->tdb.intermediates[i] != cli_get_container_type(ctx, j--))

+        if (ac_lsig->tdb.intermediates[i] != cli_get_container_intermediate(ctx, j--))

             return 0;

     }

     return 1;

@@ -741,7 +741,7 @@ static int lsig_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data

     if (rc != CL_SUCCESS)

         return rc;

     if (cli_ac_chklsig(exp, exp_end, acdata->lsigcnt[lsid], &evalcnt, &evalids, 0) == 1) {

-        if(ac_lsig->tdb.container && ac_lsig->tdb.container[0] != cli_get_container_type(ctx, -1))

+        if(ac_lsig->tdb.container && ac_lsig->tdb.container[0] != cli_get_container(ctx, -1))

             return CL_CLEAN;

         if(ac_lsig->tdb.intermediates && !intermediates_eval(ctx, ac_lsig))

             return CL_CLEAN;

@@ -1239,11 +1239,11 @@ int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer,

         int ret = CL_CLEAN;

     cli_dbgmsg("CDBNAME:%s:%llu:%s:%llu:%llu:%d:%u:%u:%p\n",

-	       cli_ftname(cli_get_container_type(ctx, -1)), (long long unsigned)fsizec, fname, (long long unsigned)fsizec, (long long unsigned)fsizer,

+	       cli_ftname(cli_get_container(ctx, -1)), (long long unsigned)fsizec, fname, (long long unsigned)fsizec, (long long unsigned)fsizer,

 	       encrypted, filepos, res1, res2);

     if (ctx->engine && ctx->engine->cb_meta)

-	if (ctx->engine->cb_meta(cli_ftname(cli_get_container_type(ctx, -1)), fsizec, fname, fsizer, encrypted, filepos, ctx->cb_ctx) == CL_VIRUS) {

+	if (ctx->engine->cb_meta(cli_ftname(cli_get_container(ctx, -1)), fsizec, fname, fsizer, encrypted, filepos, ctx->cb_ctx) == CL_VIRUS) {

 	    cli_dbgmsg("inner file blacklisted by callback: %s\n", fname);

 	    ret = cli_append_virus(ctx, "Detected.By.Callback");

@@ -1256,7 +1256,7 @@ int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer,

 	return CL_CLEAN;

     do {

-	if(cdb->ctype != CL_TYPE_ANY && cdb->ctype != cli_get_container_type(ctx, -1))

+	if(cdb->ctype != CL_TYPE_ANY && cdb->ctype != cli_get_container(ctx, -1))

 	    continue;

 	if(cdb->encrypted != 2 && cdb->encrypted != encrypted)

@@ -1163,12 +1163,28 @@ void cli_set_container(cli_ctx *ctx, cli_file_t type, size_t size)

 {

     ctx->containers[ctx->recursion].type = type;

     ctx->containers[ctx->recursion].size = size;

+    if (type >=  CL_TYPE_MSEXE && type != CL_TYPE_OTHER && type != CL_TYPE_IGNORED)

+        ctx->containers[ctx->recursion].flag = CONTAINER_FLAG_VALID;

+    else

+        ctx->containers[ctx->recursion].flag = 0;

 }

-cli_file_t cli_get_container_type(cli_ctx *ctx, int index)

+cli_file_t cli_get_container(cli_ctx *ctx, int index)

 {

     if (index < 0)

 	index = ctx->recursion + index + 1;

+    while (index >= 0 && index <= ctx->recursion) {

+        if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)

+            return ctx->containers[index].type;

+        index--;

+    }

+    return CL_TYPE_ANY;

+}

+

+cli_file_t cli_get_container_intermediate(cli_ctx *ctx, int index)

+{

+   if (index < 0)

+	index = ctx->recursion + index + 1;

     if (index >= 0 && index <= ctx->recursion)

 	return ctx->containers[index].type;

     return CL_TYPE_ANY;

@@ -1178,8 +1194,11 @@ size_t cli_get_container_size(cli_ctx *ctx, int index)

 {

     if (index < 0)

 	index = ctx->recursion + index + 1;

-    if (index >= 0 && index <= ctx->recursion)

-	return ctx->containers[index].size;

+    while (index >= 0 && index <= ctx->recursion) {

+        if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)

+            return ctx->containers[index].size;

+        index--;

+    }

     return 0;

 }

@@ -129,7 +129,9 @@ typedef struct bitset_tag

 typedef struct cli_ctx_container_tag {

     cli_file_t type;

     size_t size;

+    unsigned char flag;

 } cli_ctx_container;

+#define CONTAINER_FLAG_VALID 0x01

 /* internal clamav context */

 typedef struct cli_ctx_tag {

@@ -607,8 +609,9 @@ const char *cli_get_last_virus_str(const cli_ctx *ctx);

 void cli_virus_found_cb(cli_ctx *ctx);

 void cli_set_container(cli_ctx *ctx, cli_file_t type, size_t size);

-cli_file_t cli_get_container_type(cli_ctx *ctx, int index);

+cli_file_t cli_get_container(cli_ctx *ctx, int index);

 size_t cli_get_container_size(cli_ctx *ctx, int index);

+cli_file_t cli_get_container_intermediate(cli_ctx *ctx, int index);

 /* used by: spin, yc (C) aCaB */

 #define __SHIFTBITS(a) (sizeof(a)<<3)

@@ -2366,7 +2366,7 @@ static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_

 	if(nret != CL_VIRUS) switch(ret) {

 	    case CL_TYPE_HTML:

 		/* bb#11196 - autoit script file misclassified as HTML */

-		if (cli_get_container_type(ctx, -2) == CL_TYPE_AUTOIT) {

+		if (cli_get_container_intermediate(ctx, -2) == CL_TYPE_AUTOIT) {

 		    ret = CL_TYPE_TEXT_ASCII;

 		} else if (SCAN_HTML && (type == CL_TYPE_TEXT_ASCII || type == CL_TYPE_GRAPHICS) &&

                     (DCONF_DOC & DOC_CONF_HTML)) {

@@ -3146,7 +3146,7 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type)

 	    perf_nested_start(ctx, PERFT_SCRIPT, PERFT_SCAN);

 	    if((DCONF_DOC & DOC_CONF_SCRIPT) && dettype != CL_TYPE_HTML && (ret != CL_VIRUS || SCAN_ALL) && SCAN_HTML)

 	        ret = cli_scanscript(ctx);

-	    if(SCAN_MAIL && (DCONF_MAIL & MAIL_CONF_MBOX) && ret != CL_VIRUS && (cli_get_container_type(ctx, -1) == CL_TYPE_MAIL || dettype == CL_TYPE_MAIL)) {

+	    if(SCAN_MAIL && (DCONF_MAIL & MAIL_CONF_MBOX) && ret != CL_VIRUS && (cli_get_container(ctx, -1) == CL_TYPE_MAIL || dettype == CL_TYPE_MAIL)) {

 		ret = cli_fmap_scandesc(ctx, CL_TYPE_MAIL, 0, NULL, AC_SCAN_VIR, NULL, NULL);

 	    }

 	    perf_nested_stop(ctx, PERFT_SCRIPT, PERFT_SCAN);