@@ -154,6 +154,7 @@ static const char *ftypes_int[] = {

   "0:0:c771:CPIO OLD BINARY LE:CL_TYPE_ANY:CL_TYPE_CPIO_OLD:45",

   "0:0:435753:SWF (compressed):CL_TYPE_ANY:CL_TYPE_SWF:61",

   "0:0:465753:SWF (uncompressed):CL_TYPE_ANY:CL_TYPE_SWF:61",

+  "0:0:ffd9ffd8:JPEG (bad header):CL_TYPE_ANY:CL_TYPE_GRAPHICS:61",

   NULL

 };

@@ -53,10 +53,16 @@ int cli_parsejpeg(cli_ctx *ctx)

     cli_dbgmsg("in cli_parsejpeg()\n");

-    if(fmap_readn(map, buff, offset, 3) != 3 || memcmp(buff, "\xff\xd8\xff",3))

+    if(fmap_readn(map, buff, offset, 4) != 4)

+	return CL_SUCCESS; /* Ignore */

+

+    if(!memcmp(buff, "\xff\xd8\xff", 3))

+	offset = 2;

+    else if(!memcmp(buff, "\xff\xd9\xff\xd8", 4))

+	offset = 4;

+    else

 	return CL_SUCCESS; /* Not a JPEG file */

-    offset = 2;

     while(1) {

 	segment++;

 	prev_marker = 0;

@@ -90,6 +90,8 @@

 #include "fmap.h"

 #include "cache.h"

 #include "events.h"

+#include "swf.h"

+#include "jpeg.h"

 #ifdef HAVE_BZLIB_H

 #include <bzlib.h>

@@ -48,6 +48,7 @@

 #include "cltypes.h"

 #include "swf.h"

 #include "clamav.h"

+#include "scanners.h"

 #define EC16(v)	le16_to_host(v)

 #define EC32(v)	le32_to_host(v)

@@ -221,9 +222,9 @@ static const char *tagname(tag_id id)

     return NULL;

 }

-static int dumpscan(fmap_t *map, unsigned int offset, unsigned int size, const char *obj, cli_ctx *ctx)

+static int dumpscan(fmap_t *map, unsigned int offset, unsigned int size, const char *obj, int version, cli_ctx *ctx)

 {

-	int newfd, ret;

+	int newfd, ret = CL_CLEAN;

 	unsigned int bread, sum = 0;

 	char buff[FILEBUFF];

 	char *name;

@@ -238,21 +239,54 @@ static int dumpscan(fmap_t *map, unsigned int offset, unsigned int size, const c

     }

     while((bread = fmap_readn(map, buff, offset, sizeof(buff))) > 0) {

+	if(!sum && ctx->img_validate) {

+	    if(!memcmp(buff, "\xff\xd8", 2)) {

+		cli_dbgmsg("SWF: JPEG image data\n");

+	    } else if(!memcmp(buff, "\xff\xd9\xff\xd8", 4)) {

+		cli_dbgmsg("SWF: JPEG image data (erroneous header)\n");

+		if(version >= 8) {

+		    *ctx->virname = "Heuristics.SWF.SuspectImage.A";

+		    ret = CL_VIRUS;

+		}

+	    } else if(!memcmp(buff, "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a", 8)) {

+		cli_dbgmsg("SWF: PNG image data\n");

+		if(version < 8) {

+		    *ctx->virname = "Heuristics.SWF.SuspectImage.B";

+		    ret = CL_VIRUS;

+		}

+	    } else if(!memcmp(buff, "\x47\x49\x46\x38\x39\x61", 6)) {

+		cli_dbgmsg("SWF: GIF89a image data\n");

+		if(version < 8) {

+		    *ctx->virname = "Heuristics.SWF.SuspectImage.C";

+		    ret = CL_VIRUS;

+		}

+	    } else {

+		cli_warnmsg("SWF: Unknown image data\n");

+		*ctx->virname = "Heuristics.SWF.SuspectImage.C";

+		ret = CL_VIRUS;

+	    }

+	    if(ret == CL_VIRUS) {

+		close(newfd);

+		cli_unlink(name);

+		free(name);

+		return ret;

+	    }

+	}

 	if(sum + bread >= size) {

 	    if(cli_writen(newfd, buff, size - sum) == -1) {

 		cli_errmsg("dumpscan: Can't write to %s\n", name);

+		close(newfd);

 		cli_unlink(name);

 		free(name);

-		close(newfd);

 		return CL_EWRITE;

 	    }

 	    break;

 	} else {

 	    if(cli_writen(newfd, buff, bread) == -1) {

 		cli_errmsg("cli_dumpscan: Can't write to %s\n", name);

+		close(newfd);

 		cli_unlink(name);

 		free(name);

-		close(newfd);

 		return CL_EWRITE;

 	    }

 	}

@@ -273,7 +307,7 @@ static int dumpscan(fmap_t *map, unsigned int offset, unsigned int size, const c

     }

     free(name);

     if(ctx->img_validate && ret == CL_EPARSE) {

-	*ctx->virname = "Heuristics.SWF.SuspectImage";

+	*ctx->virname = "Heuristics.SWF.SuspectImage.D";

 	return CL_VIRUS;

     }

     return ret;

@@ -282,12 +316,11 @@ static int dumpscan(fmap_t *map, unsigned int offset, unsigned int size, const c

 int cli_scanswf(cli_ctx *ctx)

 {

 	struct swf_file_hdr file_hdr;

-	int compressed = 0;

 	fmap_t *map = *ctx->fmap;

 	unsigned int bitpos, bitbuf, getbits_n, nbits, getword_1, getword_2, getdword_1, getdword_2;

 	const char *pt;

 	char get_c;

-	unsigned int val, fps, foo, offset = 0, tag_hdr, tag_type, tag_len;

+	unsigned int val, foo, offset = 0, tag_hdr, tag_type, tag_len;

 	unsigned long int bits;

@@ -352,7 +385,7 @@ int cli_scanswf(cli_ctx *ctx)

 	    case TAG_METADATA:

 		if(tag_len) {

-		    if(dumpscan(map, offset, tag_len, "Metadata", ctx) == CL_VIRUS)

+		    if(dumpscan(map, offset, tag_len, "Metadata", file_hdr.version, ctx) == CL_VIRUS)

 			return CL_VIRUS;

 		}

 		offset += tag_len;

@@ -382,7 +415,7 @@ int cli_scanswf(cli_ctx *ctx)

 		GETDWORD(val); /* AlphaDataOffset */

 		if(val) {

 		    ctx->img_validate = 1;

-		    if(dumpscan(map, offset, val, "Image", ctx) == CL_VIRUS)

+		    if(dumpscan(map, offset, val, "Image", file_hdr.version, ctx) == CL_VIRUS)

 			return CL_VIRUS;

 		    ctx->img_validate = 0;

 		}

@@ -393,7 +426,7 @@ int cli_scanswf(cli_ctx *ctx)

 		GETWORD(foo); /* CharacterID */

 		GETDWORD(foo); /* Reserved */

 		if(tag_len > 6) {

-		    if(dumpscan(map, offset, tag_len - 6, "Binary", ctx) == CL_VIRUS)

+		    if(dumpscan(map, offset, tag_len - 6, "Binary", file_hdr.version, ctx) == CL_VIRUS)

 			return CL_VIRUS;

 		}

 		offset += tag_len - 6;