@@ -1,5 +1,4 @@

 Tomasz Kojm <tkojm*clamav.net>

-home page : http://www.mat.uni.torun.pl/~tk/

 gpg key   : http://www.clamav.net/gpg/tkojm.gpg

 GPG fingerprint = 0DCA 5A08 407D 5288 279D  B434 5482 2DC8 985A 444B

 Project leader.

@@ -1,3 +1,32 @@

+Mon Jun 13 23:21:00 CEST 2005

+-----------------------------

+  V 0.86rc1

+  * Fixes backported from CVS:

+    - libclamav/cvd.c: fix potential directory traversal in cvd unpacker (a low

+      risk problem since all databases are digitally signed). Pointed out by

+      Florian Weimer <fw*deneb.enyo.de> (tk)

+    - libclamav/zziplib/zzip-file.c: add method id for AES encrypted archives

+      (thanks to David Majorel <dm*lagoon.nc>) (tk)

+    - clamscan/manager.c: better message on zip/rar unpacking error (tk)

+    - libclamav/mbox.c: Fix mishandling of fast track uuencoded files (njh)

+    - clamav-milter: Better error message if the white-list file can't be

+      opened (njh)

+    - clamav-milter: When loading a new database when not in external mode,

+      keep scanning with the old one rather than hold up incoming mails while

+      waiting for clamav-milter to become idle then reloading the database (njh)

+    - libclamav/others.c: print warnings and errors in single call to write

+      (thanks to Denis Vlasenko <vda*ilport.com.ua>) (tk)

+    - clamscan/others.c: enable REG_EXTENDED in match_regex (tk)

+    - libclamav/scanners.c: fix file descriptor leaks if cli_msexpand() returns

+      an error in cli_scanszdd, patch by Mark Pizzolato (tk)

+    - libclamav/scanners.c: fix file descriptor leak in error path (out of mem)

+      in cli_scangzip(), patch by Mark Pizzolato (tk)

+    - clamd/scanner.c: fix error path for a read timeout which logged messages

+      indicating that both a timeout and a poll error occurred (patch by Mark

+      Pizzolato <clamav-devel*subscriptions.pizzolato.net>) (tk)

+    - libclamav:  Extract TNEF files even when the filename isn't known,

+      problem reported by John Miller (contact*glideslopesoftware.co.uk) (njh)

+

 Mon May 16 23:22:55 CEST 2005

 -----------------------------

   V 0.85.1

@@ -170,7 +170,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@

 PACKAGE_VERSION = @PACKAGE_VERSION@

 PATH_SEPARATOR = @PATH_SEPARATOR@

 RANLIB = @RANLIB@

-SENDMAIL = @SENDMAIL@

 SET_MAKE = @SET_MAKE@

 SHELL = @SHELL@

 STRIP = @STRIP@

@@ -211,6 +210,7 @@ oldincludedir = @oldincludedir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 sbindir = @sbindir@

+sendmailprog = @sendmailprog@

 sharedstatedir = @sharedstatedir@

 sysconfdir = @sysconfdir@

 target = @target@

@@ -1,9 +1,10 @@

-0.85.1

+0.86rc1

+-------

-A problem where an email with more than one content-disposition type line,

-one or more of which was empty, could crash libclamav has been fixed. Other

-minor bugfixes have been made.

+This release candidate introduces a number of bugfixes and cleanups.

+Possible descriptor leaks in archive unpackers and mishandling of fast track

+uuencoded files have been fixed in libclamav. Database reloading in

+clamav-milter has been improved.

 --

 The ClamAV team (http://www.clamav.net/team.html)

@@ -2,6 +2,17 @@ Note: This README/NEWS file refers to the source tarball. Some things described

 here may not be available in binary packages.

 --

+0.86rc1

+-------

+

+This release candidate introduces a number of bugfixes and cleanups.

+Possible descriptor leaks in archive unpackers and mishandling of fast track

+uuencoded files have been fixed in libclamav. Database reloading in

+clamav-milter has been improved.

+

+--

+The ClamAV team (http://www.clamav.net/team.html)

+

 0.85.1

 ------

@@ -285,6 +285,18 @@

 /* scan buffer size */

 #undef SCANBUFF

+/* location of Sendmail binary */

+#undef SENDMAIL_BIN

+

+/* major version of Sendmail */

+#undef SENDMAIL_VERSION_A

+

+/* minor version of Sendmail */

+#undef SENDMAIL_VERSION_B

+

+/* subversion of Sendmail */

+#undef SENDMAIL_VERSION_C

+

 /* Define to 1 if the `setpgrp' function takes no argument. */

 #undef SETPGRP_VOID

@@ -68,7 +68,7 @@ recompiles above)

 Solaris 9 and FreeBSD5 have milter support in the supplied sendmail, but

 doesn't include libmilter so you can't develop milter applications on it.

-Go to sendmail.org, download the lastest sendmail, cd to libmilter and

+Go to sendmail.org, download the latest sendmail, cd to libmilter and

 "make install" there.

 Needs -lresolv on Solaris

@@ -99,7 +99,12 @@ Installations for RedHat Linux and it's derivatives such as YellowDog:

 	define(`confINPUT_MAIL_FILTERS', `clamav')

 	Note that the INPUT_MAIL_FILTER line must come before the

-		confINPUT_MAIL_FILTERS line

+		confINPUT_MAIL_FILTERS line.

+

+	Don't worry that the file /var/run/clamav/clmilter.sock doesn't exist,

+		clamav-milter will create it for you. However you will need

+		to create the directory /var/run/clamav (usually owned

+		by user clamav, mode 700).

 	Check entry in /usr/local/etc/clamd.conf of the form:

 	LocalSocket /var/run/clamav/clamd.sock

@@ -183,7 +188,7 @@ You should have received a script to install into /etc/init.d as

 	/etc/init.d/clamav-milter start

 	/etc/init.d/sendmail restart

-2.6 General Instalation Issues

+2.6 General Installation Issues

 You may find INPUT_MAIL_FILTERS is not needed on your machine, however it

 is recommended by the Sendmail documentation and I recommend going along

@@ -210,7 +215,7 @@ or if clamd is on a different machine

 If you want clamav-milter to listen on TCP for communication with sendmail,

 for example if they are on different machines use inet:<port>.

 On machine A (running sendmail) you would have in sendmail.mc:

-	INPUT_MAIL_FILTER(`clamav', `S=inet:3311@machineb, F=, T=S:4m;R:4m')dnl

+	INPUT_MAIL_FILTER(`clamav', `S=inet:3311@machineb, F=T, T=S:4m;R:4m')dnl

 On machine B (running clamav-milter) you would start up clamav-milter thus:

 	clamav-milter inet:3311

@@ -221,8 +226,31 @@ You should always start clamd before clamav-milter.

 You may also think about the F= entry in sendmail.mc, since it tells sendmail

 what to do with emails if clamav-milter is not running. Setting F=T will tell

 the remote end to resend later (temporary failure), setting F=R will reject

-the email and setting F= will pass the email through, in this case you should

-warn your users that emails are not being scanned.

+the email (permanent failure) and setting F= will pass the email through as

+though clamav-milter were not installed, in this case you should warn your

+users that emails are not being scanned. We recommend setting F=T.

+

+You may wish to experiment with the T= entry which governs timeout options. You

+MUST set some type of timeout or a malicious client could cause a Denial of

+Service attack by keeping your clamav-milter threads alive. The types of

+timeout are C (time for clamav-milter to acknowledge to sendmail that it

+has accepted a new connection), S (timeout for sending information from sendmail

+to clamav-milter), R (timeout for sendmail reading a reply from clamav-milter

+when it has been sent some information) and E (timeout for clamav-milter to

+handle the end-of-message request, this needs to be high enough to scan the

+largest file that you will receive since it is at this stage that the file is

+scanned, but short enough to ensure that a DoS can't occur when lots of scans

+are requested). The important entries for clamav-milter are C and E (both

+default to 5 minutes).

+

+WARNING: When running on internal mode (--external is NOT used), clamav-milter

+will need to wait for all connections to stop before it can reload the database

+after running freshclam. It is therefore important that NO timeouts in

+sendmail.cf are set too high or worse still turned off, otherwise clamav-milter

+can wait a long time, perhaps indefinately, while waiting for the system to

+quieten down. The same goes for disabling StreamMaxLength, since receiving a

+very large email to be scanned may take a long time. We advise setting

+StreamMaxLength to 1M.

 Don't forget to rebuild sendmail.cf after modifying sendmail.mc. You will

 need to restart sendmail after rebuilding sendmail.cf and starting clamd and

@@ -231,7 +259,7 @@ clamav-milter.

 As with all software it is wise to ensure that clamav-milter has the least

 privileges it needs to run. So don't run it as root and don't store the sockets

 in a directory that can be written by everyone. For example ensure that /var/run

-is owned and writable only by root and add entries for 'User' and

+is owned and writeable only by root and add entries for 'User' and

 'FixStaleSocket' in clamd.conf.

 When using UNIX domain sockets via the LocalSocket option of clamd.conf,

@@ -247,6 +275,12 @@ able to call sendmail, for example on a Fedora Linux system:

 To test that your clamAV system is now intercepting viruses, visit

 http://www.testvirus.org

+If, under heavy strain on Linux, you see the message

+	thread_create() failed: 12, abort

+appearing in a log file, you will need to increase the number of threads on

+your system (/proc/sys/kernel/threads-max), or decrease the value of

+--max-children.

+

 3. CHANGE HISTORY

 Changes

@@ -692,7 +726,7 @@ Changes

 0.81	19/1/05:	Up issued

 0.81a	22/1/05:	If forwarding to a quarantine user fails log as LOG_ERR

 				not LOG_DEBUG

-			Try to santity check that the input socket name is the

+			Try to sanity check that the input socket name is the

 				same as the same given to sendmail

 			Redirect stdout and stderr to LogFile, if that is set

 			--quarantine didn't redirect to the given email address

@@ -767,6 +801,27 @@ Changes

 				dont-wait isn't set

 0.84g	9/5/05:		Print an error in the log if a segfault is received

 0.85	11/5/05:	Up-issue

+0.85a	12/5/05:	Open /dev/console before dropping privilege, reported

+				by David Crow <crow@orangeblood.org>

+0.85b	19/5/05:	Warn if TCPAddr doesn't allow connection from us

+			Warn if notification email fails

+			Enable some sendmail debug if LogVerbose is set

+			Added sanity checks that the socket can be created

+0.85c	24/5/05:	Use the program name from argv[0], based on an

+				idea by Joe Maimon <jmaimon@ttec.com>

+			When dying use LOG_CRIT rather than LOG_ERR

+0.85d	25/5/05:	When not in external mode, TEMPFAIL when loading a new

+				database, even when --dont-wait isn't given

+0.85e	27/5/05:	When loading a new database when not in external mode,

+				keep scanning with the old one rather than

+				hold up incoming mails while waiting for

+				clamav-milter to become idle then reloading the

+				database

+Backported from CVS:	When checking if an email address is in the white-list,

+				check if it is the quarantine email address

+				before checking against the white-list file

+			When starting, check that the white-list file can be

+				opened

 4. INTERNATIONALISATION

@@ -1,5 +1,5 @@

 #

-#  Copyright (C) 2003 - 2004 Tomasz Kojm <tkojm@clamav.net>

+#  Copyright (C) 2003 - 2005 Tomasz Kojm <tkojm@clamav.net>

 #

 #  This program is free software; you can redistribute it and/or modify

 #  it under the terms of the GNU General Public License as published by

@@ -37,7 +37,6 @@ man_MANS = $(top_srcdir)/docs/man/clamav-milter.8

 endif

 endif

-AM_CFLAGS = -DSENDMAIL_BIN=\"$(SENDMAIL)\"

 LIBS = $(top_builddir)/libclamav/libclamav.la @CLAMAV_MILTER_LIBS@

 INCLUDES = -I$(top_srcdir)/clamd -I$(top_srcdir)/libclamav -I$(top_srcdir)/shared

 EXTRA_DIST = clamav-milter.c INSTALL

@@ -15,7 +15,7 @@

 @SET_MAKE@

 #

-#  Copyright (C) 2003 - 2004 Tomasz Kojm <tkojm@clamav.net>

+#  Copyright (C) 2003 - 2005 Tomasz Kojm <tkojm@clamav.net>

 #

 #  This program is free software; you can redistribute it and/or modify

 #  it under the terms of the GNU General Public License as published by

@@ -163,7 +163,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@

 PACKAGE_VERSION = @PACKAGE_VERSION@

 PATH_SEPARATOR = @PATH_SEPARATOR@

 RANLIB = @RANLIB@

-SENDMAIL = @SENDMAIL@

 SET_MAKE = @SET_MAKE@

 SHELL = @SHELL@

 STRIP = @STRIP@

@@ -204,6 +203,7 @@ oldincludedir = @oldincludedir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 sbindir = @sbindir@

+sendmailprog = @sendmailprog@

 sharedstatedir = @sharedstatedir@

 sysconfdir = @sysconfdir@

 target = @target@

@@ -223,7 +223,6 @@ target_vendor = @target_vendor@

 @BUILD_CLAMD_TRUE@@HAVE_MILTER_TRUE@    clamav-milter.c

 @BUILD_CLAMD_TRUE@@HAVE_MILTER_TRUE@man_MANS = $(top_srcdir)/docs/man/clamav-milter.8

-AM_CFLAGS = -DSENDMAIL_BIN=\"$(SENDMAIL)\"

 INCLUDES = -I$(top_srcdir)/clamd -I$(top_srcdir)/libclamav -I$(top_srcdir)/shared

 EXTRA_DIST = clamav-milter.c INSTALL

 all: all-am

@@ -22,9 +22,9 @@

  *

  * For installation instructions see the file INSTALL that came with this file

  */

-static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.200 2005/05/12 07:31:09 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.208 2005/05/28 11:37:27 nigelhorne Exp $";

-#define	CM_VERSION	"0.85"

+#define	CM_VERSION	"0.86rc1"

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

@@ -105,7 +105,6 @@ int	deny_severity = LOG_NOTICE;

 #ifndef	CL_DEBUG

 static	const	char	*logFile;

-static	int	logTime;

 static	char	console[] = "/dev/console";

 #endif

@@ -149,7 +148,6 @@ typedef	unsigned int	in_addr_t;

  *	to get messages on the system console, see syslog.conf(5), also you

  *	can use wall(1) in the VirusEvent entry in clamd.conf

  * TODO: build with libclamav.so rather than libclamav.a

- * TODO: Warn if TCPAddr doesn't allow connection from us

  * TODO: Decide action (bounce, discard, reject etc.) based on the virus

  *	found. Those with faked addresses, such as SCO.A want discarding,

  *	others could be bounced properly.

@@ -158,6 +156,8 @@ typedef	unsigned int	in_addr_t;

  * TODO: Files can be scanned with "SCAN" not "STREAM" if clamd is on the same

  *	machine when talking via INET domain socket.

  * TODO: Load balancing, allow local machine to talk via UNIX domain socket.

+ * TODO: allow each line in the whitelist file to specify a quarantine email

+ *	address

  */

 struct header_node_t {

@@ -281,9 +281,11 @@ static	char	clamav_version[VERSION_LENGTH + 1];

 static	int	fflag = 0;	/* force a scan, whatever */

 static	int	oflag = 0;	/* scan messages from our machine? */

 static	int	lflag = 0;	/* scan messages from our site? */

+static	const	char	*progname;	/* our name - usually clamav-milter */

 /* Variables for --external */

 static	int	external = 0;	/* scan messages ourself or use clamd? */

+static	pthread_mutex_t	root_mutex = PTHREAD_MUTEX_INITIALIZER;

 static	struct	cl_node	*root = NULL;

 static	struct	cl_limits	limits;

 static	struct	cl_stat	dbstat;

@@ -370,9 +372,6 @@ static	pthread_mutex_t	n_children_mutex = PTHREAD_MUTEX_INITIALIZER;

 static	pthread_cond_t	n_children_cond = PTHREAD_COND_INITIALIZER;

 static	volatile	unsigned	int	n_children = 0;

 static	unsigned	int	max_children = 0;

-static	pthread_mutex_t	accept_mutex = PTHREAD_MUTEX_INITIALIZER;

-static	pthread_cond_t	accept_cond = PTHREAD_COND_INITIALIZER;

-static	volatile	int	accept_inputs;

 static	int	child_timeout = 0;	/* number of seconds to wait for

 					 * a child to die. Set to 0 to

 					 * wait forever

@@ -457,6 +456,9 @@ static	int	verifyIncomingSocketName(const char *sockName);

 static	int	isWhitelisted(const char *emailaddress);

 static	void	logger(const char *mess);

+short	logg_time, logg_lock, logok;

+int	logg_size;

+

 static void

 help(void)

 {

@@ -550,10 +552,16 @@ main(int argc, char **argv)

 		"ClamAV version %s, clamav-milter version %s",

 		VERSION, CM_VERSION);

+	progname = strrchr(argv[0], '/');

+	if(progname)

+		progname++;

+	else

+		progname = "clamav-milter";

+

 #ifdef	C_LINUX

 	setlocale(LC_ALL, "");

-	bindtextdomain("clamav-milter", DATADIR"/clamav-milter/locale");

-	textdomain("clamav-milter");

+	bindtextdomain(progname, DATADIR"/clamav-milter/locale");

+	textdomain(progname);

 #endif

 	for(;;) {

@@ -945,7 +953,7 @@ main(int argc, char **argv)

 				cli_dbgmsg(_("Running as user %s (UID %d, GID %d)\n"),

 					cpt->strarg, user->pw_uid, user->pw_gid);

 		} else

-			fprintf(stderr, _("%s: running as root is not recommended (check \"User\" in clamd.conf)\n"), argv[0]);

+			fprintf(stderr, _("%s: running as root is not recommended (check \"User\" in %s)\n"), argv[0], cfgfile);

 	} else if(iface) {

 		fprintf(stderr, _("%s: Only root can set an interface for --broadcast\n"), argv[0]);

 		return EX_USAGE;

@@ -1009,6 +1017,11 @@ main(int argc, char **argv)

 		return EX_CONFIG;

 	}

+	if(whitelistFile && (access(whitelistFile, R_OK) < 0)) {  

+	    perror(templatefile);	

+	    return EX_CONFIG;	

+	}

+

 	/*

 	 * patch from "Richard G. Roberto" <rgr@dedlegend.com>

 	 * If the --max-children flag isn't set, see if MaxThreads

@@ -1041,8 +1054,7 @@ main(int argc, char **argv)

 		if(cfgopt(copt, "LogVerbose")) {

 			logVerbose = 1;

-#if	0

-			/* Only supported by Sendmail >= V8.13 */

+#if	((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) && (SENDMAIL_VERSION_B >= 13)))

 			smfi_setdbg(6);

 #endif

 		}

@@ -1054,7 +1066,7 @@ main(int argc, char **argv)

 					argv[0], cpt->strarg);

 				return EX_CONFIG;

 			}

-		openlog("clamav-milter", LOG_CONS|LOG_PID, fac);

+		openlog(progname, LOG_CONS|LOG_PID, fac);

 	} else {

 		if(qflag)

 			fprintf(stderr, _("%s: (-q && !LogSyslog): warning - all interception message methods are off\n"),

@@ -1230,6 +1242,11 @@ main(int argc, char **argv)

 			else {

 				cli_warnmsg(_("Can't talk to clamd server %s on port %d\n"),

 					hostname, tcpSocket);

+				if(serverIPs[i] == (int)inet_addr("127.0.0.1")) {

+					if(cfgopt(copt, "TCPAddr") != NULL)

+						cli_warnmsg(_("Check the value for TCPAddr in %s\n"), cfgfile);

+				} else

+					cli_warnmsg(_("Check the value for TCPAddr in clamd.conf on %s\n"), hostname);

 			}

 #endif

@@ -1357,8 +1374,18 @@ main(int argc, char **argv)

 				return EX_CONFIG;

 			}

 			if(open(logFile, O_WRONLY|O_APPEND) < 0) {

-				perror(logFile);

-				return EX_CANTCREAT;

+				if(errno == ENOENT) {

+					/*

+					 * There is low risk race condition here

+					 */

+					if(open(logFile, O_WRONLY|O_CREAT, 0644) < 0) {

+						perror(logFile);

+						return EX_CANTCREAT;

+					}

+				} else {

+					perror(logFile);

+					return EX_CANTCREAT;

+				}

 			}

 		} else {

 			logFile = console;

@@ -1373,10 +1400,20 @@ main(int argc, char **argv)

 		if(consolefd >= 0)

 			close(consolefd);

-		if(cfgopt(copt, "LogTime"))

-			logTime++;

 #endif	/*!CL_DEBUG*/

+		if(cfgopt(copt, "LogTime"))

+			logg_time = 1;

+		if(cfgopt(copt, "LogFileUnlock"))

+			logg_lock = 0;

+		if(cfgopt(copt, "LogClean"))

+			logok = 1;

+		if((cpt = cfgopt(copt, "LogFileMaxSize")))

+			logg_size = cpt->numarg;

+		else

+			logg_size = CL_DEFAULT_LOGSIZE;

+

+

 #ifdef HAVE_SETPGRP

 #ifdef SETPGRP_VOID

 		setpgrp();

@@ -1449,7 +1486,6 @@ main(int argc, char **argv)

 				limits.archivememlim = 0;

 		}

 	}

-	accept_inputs = 1;

 #ifdef	SESSION

 	/* FIXME: add localSocket support to watchdog */

@@ -1537,10 +1573,9 @@ main(int argc, char **argv)

 		return EX_UNAVAILABLE;

 	}

-#if	0

-	/* Only supported by Sendmail >= V8.13 */

+#if	((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) && (SENDMAIL_VERSION_B >= 13)))

 	if(smfi_opensocket(1) == MI_FAILURE) {

-		cli_errmsg("can't open/create %s\n", port);

+		cli_errmsg("Can't open/create %s\n", port);

 		return EX_CONFIG;

 	}

 #endif

@@ -1954,34 +1989,10 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)

 	char ip[INET_ADDRSTRLEN];	/* IPv4 only */

 #endif

 	const char *remoteIP;

-	int accepting;

 	if(quitting)

 		return cl_error;

-	pthread_mutex_lock(&accept_mutex);

-	accepting = accept_inputs;

-	pthread_mutex_unlock(&accept_mutex);

-	if(!accepting) {

-#if	1

-		cli_warnmsg("Not accepting inputs at the moment\n");

-		/*

-		 * We must refuse here even if dont_wait isn't set, since

-		 * it could take some time, and sendmail could time us out

-		 * and refuse to have anything more to do with us until

-		 * the program is restarted

-		 */

-		if(dont_wait)

-			return SMFIS_TEMPFAIL;

-		pthread_mutex_lock(&accept_mutex);

-		while(!accept_inputs)

-			pthread_cond_wait(&accept_cond, &accept_mutex);

-		pthread_mutex_unlock(&accept_mutex);

-		cli_warnmsg("Accepting inputs again\n");

-#endif

-		/*return SMFIS_TEMPFAIL;*/

-	}

-

 	if(ctx == NULL) {

 		if(use_syslog)

 			syslog(LOG_ERR, _("clamfi_connect: ctx is null"));

@@ -2087,7 +2098,7 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)

 		 * hosts_access(3)

 		 */

 		pthread_mutex_lock(&wrap_mutex);

-		if(!hosts_ctl("clamav-milter", hostent.h_name, ip, STRING_UNKNOWN)) {

+		if(!hosts_ctl(progname, hostent.h_name, ip, STRING_UNKNOWN)) {

 			pthread_mutex_unlock(&wrap_mutex);

 			if(use_syslog)

 				syslog(LOG_WARNING, _("Access Denied for %s[%s]"), hostent.h_name, ip);

@@ -2567,12 +2578,21 @@ clamfi_eom(SMFICTX *ctx)

 	if(!external) {

 		const char *virname;

 		unsigned long int scanned = 0L;

+		struct cl_node *scanning_root;

 		/*

 		 * TODO: consider using cl_scandesc and not using a temporary

 		 *	file from the mail being read in

 		 */

-		switch(cl_scanfile(privdata->filename, &virname, &scanned, root, &limits, options)) {

+		pthread_mutex_lock(&root_mutex);

+		scanning_root = cl_dup(root);

+		pthread_mutex_unlock(&root_mutex);

+		if(scanning_root == NULL) {

+			cli_errmsg("scanning_root == NULL\n");

+			clamfi_cleanup(ctx);

+			return cl_error;

+		}

+		switch(cl_scanfile(privdata->filename, &virname, &scanned, scanning_root, &limits, options)) {

 			case CL_CLEAN:

 				strcpy(mess, "OK");

 				break;

@@ -2585,6 +2605,7 @@ clamfi_eom(SMFICTX *ctx)

 				logger(mess);

 				break;

 		}

+		cl_free(scanning_root);

 #ifdef	SESSION

 		session = NULL;

@@ -2986,7 +3007,9 @@ clamfi_eom(SMFICTX *ctx)

 				}

 				cli_dbgmsg("Waiting for %s to finish\n", cmd);

-				pclose(sendmail);

+				if(pclose(sendmail) != 0)

+					if(use_syslog)

+						syslog(LOG_ERR, "%s: Failed to notify clamAV interception - see dead.letter", sendmailId);

 			} else if(use_syslog)

 				syslog(LOG_WARNING, _("Can't execute '%s' to send virus notice"), cmd);

 		}

@@ -3275,7 +3298,7 @@ clamfi_free(struct privdata *privdata)

 		 */

 		if(n_children > 0)

 			if(--n_children == 0) {

-				cli_dbgmsg("clamav-milter is idle\n");

+				cli_dbgmsg("%s is idle\n", progname);

 				if(pthread_cond_broadcast(&watchdog_cond) < 0)

 					perror("pthread_cond_broadcast");

 			}

@@ -4387,69 +4410,29 @@ watchdog(void *a)

 		pthread_mutex_unlock(&watchdog_mutex);

 		if(!external) {

-			int dbstatus = cl_statchkdir(&dbstat);

-

 			/*

-			 * Re-load the database if the server's not busy.

-			 * TODO: If a reload is needed go into a mode when

-			 *	new scans aren't accepted, to force the number

-			 *	of children to 0 so that we can reload,

-			 *	otherwise a reload may not occur on overloaded

-			 *	servers

+			 * Re-load the database if needed

 			 */

-			pthread_mutex_lock(&n_children_mutex);

-			if((n_children == 0) && (dbstatus == 1)) {

-				pthread_mutex_lock(&accept_mutex);

-				accept_inputs = 0;

-				pthread_mutex_unlock(&accept_mutex);

-				cli_dbgmsg("Database has changed\n");

-				cl_statfree(&dbstat);

-				/* check for race condition */

-				while(n_children > 0)

-					pthread_cond_wait(&n_children_cond, &n_children_mutex);

-				if(use_syslog)

-					syslog(LOG_WARNING, _("Loading new database"));

-				if(loadDatabase() != 0) {

-					pthread_mutex_unlock(&n_children_mutex);

-					smfi_stop();

-					return NULL;

-				}

-				pthread_mutex_lock(&accept_mutex);

-				accept_inputs = 1;

-				pthread_cond_broadcast(&accept_cond);

-				pthread_mutex_unlock(&accept_mutex);

-			} else if(dbstatus == 0)

-				cli_dbgmsg("Database has not changed\n");

-			else if(dbstatus == 1) {

-				cli_warnmsg("Not reloading database until idle - waiting for %d children\n", n_children);

-				pthread_mutex_lock(&accept_mutex);

-				accept_inputs = 0;

-				pthread_mutex_unlock(&accept_mutex);

-

-				while(n_children > 0) {

-					pthread_cond_wait(&n_children_cond, &n_children_mutex);

-					cli_warnmsg("Waiting for %d children until databae reload\n", n_children);

-				}

-

-				cl_statfree(&dbstat);

-				if(use_syslog)

-					syslog(LOG_WARNING, _("Loading new database"));

-				if(loadDatabase() != 0) {

-					pthread_mutex_unlock(&n_children_mutex);

+			switch(cl_statchkdir(&dbstat)) {

+				case 1:

+					cli_dbgmsg("Database has changed\n");

+					cl_statfree(&dbstat);

+					if(use_syslog)

+						syslog(LOG_WARNING, _("Loading new database"));

+					if(loadDatabase() != 0) {

+						smfi_stop();

+						cli_errmsg("Failed to load updated database\n");

+						return NULL;

+					}

+					break;

+				case 0:

+					cli_dbgmsg("Database has not changed\n");

+					break;

+				default:

 					smfi_stop();

+					cli_errmsg("Database error - %s is stopping\n", progname);

 					return NULL;

-				}

-				pthread_mutex_lock(&accept_mutex);

-				accept_inputs = 1;

-				pthread_cond_broadcast(&accept_cond);

-				pthread_mutex_unlock(&accept_mutex);

-			} else {

-				smfi_stop();

-				cli_errmsg("Database error - clamav-milter is stopping\n");

-				pthread_mutex_unlock(&n_children_mutex);

-				return NULL;

 			}

-			pthread_mutex_unlock(&n_children_mutex);

 			continue;

 		}

 		i = 0;

@@ -4556,7 +4539,6 @@ watchdog(void *a)

 	while(!quitting) {

 		struct timespec ts;

 		struct timeval tp;

-		int dbstatus;

 		gettimeofday(&tp, NULL);

@@ -4580,67 +4562,29 @@ watchdog(void *a)

 		pthread_mutex_unlock(&watchdog_mutex);

 		/*

-		 * Re-load the database if the server's not busy.

-		 * TODO: If a reload is needed go into a mode when

-		 *	new scans aren't accepted, to force the number

-		 *	of children to 0 so that we can reload,

-		 *	otherwise a reload may not occur on overloaded

-		 *	servers

+		 * Re-load the database.

 		 */

-		dbstatus = cl_statchkdir(&dbstat);

-		pthread_mutex_lock(&n_children_mutex);

-		if((n_children == 0) && (dbstatus == 1)) {

-			pthread_mutex_lock(&accept_mutex);

-			accept_inputs = 0;

-			pthread_mutex_unlock(&accept_mutex);

-			cli_dbgmsg("Database has changed\n");

-			cl_statfree(&dbstat);

-			/* check for race condition */

-			while(n_children > 0)

-				pthread_cond_wait(&n_children_cond, &n_children_mutex);

-			if(use_syslog)

-				syslog(LOG_WARNING, _("Loading new database"));

-			if(loadDatabase() != 0) {

-				pthread_mutex_unlock(&n_children_mutex);

-				smfi_stop();

-				return NULL;

-			}

-			pthread_mutex_lock(&accept_mutex);

-			accept_inputs = 1;

-			pthread_cond_broadcast(&accept_cond);

-			pthread_mutex_unlock(&accept_mutex);

-		} else if(dbstatus == 0)

-			cli_dbgmsg("Database has not changed\n");

-		else if(dbstatus == 1) {

-			cli_warnmsg("Not reloading database until idle - waiting for %d children\n", n_children);

-			pthread_mutex_lock(&accept_mutex);

-			accept_inputs = 0;

-			pthread_mutex_unlock(&accept_mutex);

-

-			while(n_children > 0) {

-				pthread_cond_wait(&n_children_cond, &n_children_mutex);

-				cli_warnmsg("Waiting for %d children until databae reload\n", n_children);

-			}

-			cl_statfree(&dbstat);

-			if(use_syslog)

-				syslog(LOG_WARNING, _("Loading new database"));

-			if(loadDatabase() != 0) {

-				pthread_mutex_unlock(&n_children_mutex);

+		switch(cl_statchkdir(&dbstat)) {

+			case 1:

+				cli_dbgmsg("Database has changed\n");

+				cl_statfree(&dbstat);

+				if(use_syslog)

+					syslog(LOG_WARNING, _("Loading new database"));

+				if(loadDatabase() != 0) {

+					smfi_stop();

+					cli_errmsg("Failed to load updated database\n");

+					return NULL;

+				}

+				break;

+			case 0:

+				cli_dbgmsg("Database has not changed\n");

+				break;

+			default:

 				smfi_stop();

+				cli_errmsg("Database error - %s is stopping\n", progname);

 				return NULL;

-			}

-			pthread_mutex_lock(&accept_mutex);

-			accept_inputs = 1;

-			if(pthread_cond_broadcast(&accept_cond) < 0)

-				perror("pthread_cond_broadcast");

-			pthread_mutex_unlock(&accept_mutex);

-		} else {

-			smfi_stop();

-			cli_errmsg("Database error - clamav-milter is stopping\n");

-			pthread_mutex_unlock(&n_children_mutex);

-			return NULL;

 		}

-		pthread_mutex_unlock(&n_children_mutex);

+		continue;

 	}

 	cli_dbgmsg("watchdog quits\n");

 	return NULL;

@@ -4736,10 +4680,6 @@ quit(void)

 	quitting++;

-	pthread_mutex_lock(&accept_mutex);

-	accept_inputs = 0;

-	pthread_mutex_unlock(&accept_mutex);

-

 #ifdef	SESSION

 	pthread_mutex_lock(&version_mutex);

 #endif

@@ -4750,10 +4690,12 @@ quit(void)

 #endif

 	if(!external) {

+		pthread_mutex_lock(&root_mutex);

 		if(root) {

 			cl_free(root);

 			root = NULL;

 		}

+		pthread_mutex_unlock(&root_mutex);

 	} else {

 #ifdef	SESSION

 		int i = 0;

@@ -4819,8 +4761,7 @@ broadcast(const char *mess)

 }

 /*

- * Load a new database into the internal scanner - it is up to the caller to

- * ensure that no threads are currently scanning

+ * Load a new database into the internal scanner

  */

 static int

 loadDatabase(void)

@@ -4832,11 +4773,16 @@ loadDatabase(void)

 	char *daily, *ptr;

 	struct cl_cvd *d;

 	const struct cfgstruct *cpt;

+	struct cl_node *newroot, *oldroot;

 	static const char *dbdir;

 	assert(!external);

 	if(dbdir == NULL) {

+		/*

+		 * First time through, find out in which directory the signature

+		 * databases are

+		 */

 		if((cpt = cfgopt(copt, "DatabaseDirectory")) || (cpt = cfgopt(copt, "DataDirectory")))

 			dbdir = cpt->strarg;

 		else

@@ -4886,30 +4832,30 @@ loadDatabase(void)

 	if((ptr = strchr(clamav_version, '\n')) != NULL)

 		*ptr = '\0';

-	if(root) {

-		cl_free(root);

-		root = NULL;

-	}

 	signatures = 0;

-	ret = cl_loaddbdir(dbdir, &root, &signatures);

+	newroot = NULL;

+	ret = cl_loaddbdir(dbdir, &newroot, &signatures);

 	if(ret != 0) {

 		cli_errmsg("%s\n", cl_strerror(ret));

 		return -1;

 	}

-	if(root == NULL) {

+	if(newroot == NULL) {

 		cli_errmsg("Can't initialize the virus database.\n");

 		return -1;

 	}

-	ret = cl_build(root);

+	ret = cl_build(newroot);

 	if(ret != 0) {

 		cli_errmsg("Database initialization error: %s\n", cl_strerror(ret));

+		cl_free(newroot);

 		return -1;

 	}

-	cli_dbgmsg("Database updated\n");

-	if(use_syslog) {

-		syslog(LOG_INFO, _("ClamAV: Protecting against %u viruses"), signatures);

+	pthread_mutex_lock(&root_mutex);

+	oldroot = root;

+	root = newroot;

+	pthread_mutex_unlock(&root_mutex);

+	if(use_syslog) {

 #ifdef	SESSION

 		pthread_mutex_lock(&version_mutex);

 #endif

@@ -4917,7 +4863,13 @@ loadDatabase(void)

 #ifdef	SESSION

 		pthread_mutex_unlock(&version_mutex);

 #endif

+		syslog(LOG_INFO, _("ClamAV: Protecting against %u viruses"), signatures);

 	}

+	if(oldroot) {

+		cli_dbgmsg("Database updated\n");

+		cl_free(oldroot);

+	} else

+		cli_dbgmsg("Database loaded\n");

 	return cl_statinidir(dbdir, &dbstat);

 }

@@ -4932,7 +4884,7 @@ sigsegv(int sig)