@@ -72,7 +72,7 @@ int hm_addhash(struct cli_matcher *root, const char *hash, uint32_t size, const

     item = cli_htu32_find(ht, size);

     if(!item) {

 	struct cli_htu32_element htitem;

-	szh = mpool_calloc(root->mempool, 1, sizeof(szh));

+	szh = mpool_calloc(root->mempool, 1, sizeof(*szh));

 	if(!szh) {

 	    cli_errmsg("hm_addhash: failed to allocate size hash\n");

 	    return CL_EMEM;

@@ -144,7 +144,7 @@ void hm_sort(struct cli_sz_hash *szh, size_t l, size_t r, unsigned int keylen) {

     memcpy(piv, &szh->hash_array[keylen * l], keylen);

     while(l1 < r1) {

-	if(cli_hm_cmp(&szh->hash_array[keylen * l1], piv, keylen) > 0) {

+	if(hm_cmp(&szh->hash_array[keylen * l1], piv, keylen) > 0) {

 	    r1--;

 	    memcpy(tmph, &szh->hash_array[keylen * l1], keylen);

 	    tmpv = szh->virusnames[l1];

@@ -200,6 +200,13 @@ void hm_flush(struct cli_matcher *root) {

 }

+int cli_hm_have_size(const struct cli_matcher *root, enum CLI_HASH_TYPE type, uint32_t size) {

+    if(!size || size == 0xffffffff || !root || !root->hm.htinint[type] || !cli_htu32_find(&root->hm.sizehashes[type], size))

+	return 0;

+

+    return 1;

+}

+

 int cli_hm_scan(const unsigned char *digest, uint32_t size, const char **virname, const struct cli_matcher *root, enum CLI_HASH_TYPE type) {

     const struct cli_htu32_element *item;

     unsigned int keylen;

@@ -53,5 +53,7 @@ struct cli_hash_patt {

 int hm_addhash(struct cli_matcher *root, const char *hash, uint32_t size, const char *virusname);

 void hm_flush(struct cli_matcher *root);

+int cli_hm_scan(const unsigned char *digest, uint32_t size, const char **virname, const struct cli_matcher *root, enum CLI_HASH_TYPE type);

+int cli_hm_have_size(const struct cli_matcher *root, enum CLI_HASH_TYPE type, uint32_t size);

 #endif

@@ -387,6 +387,12 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)

 	cli_dbgmsg("cli_checkfp(): Found false positive detection (fp sig: %s)\n", virname);

 	return CL_CLEAN;

     }

+

+    if(ctx->engine->hm_fp && cli_hm_scan(digest, size, &virname, ctx->engine->hm_fp, CLI_HASH_MD5) == CL_VIRUS) {

+	cli_dbgmsg("cli_checkfp(): Found false positive detection (fp sig: %s)\n", virname);

+	return CL_CLEAN;

+    }

+

     for(i = 0; i < 16; i++)

 	sprintf(md5 + i * 2, "%02x", digest[i]);

     md5[32] = 0;

@@ -698,12 +704,14 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

 	offset += bytes - maxpatlen;

     }

-    if(!ftonly && ctx->engine->md5_hdb) {

+    if(!ftonly && (ctx->engine->md5_hdb || ctx->engine->hm_hdb)) {

 	if(!refhash) {

 	    cli_md5_final(digest, &md5ctx);

 	    refhash = digest;

 	}

-	if(cli_md5m_scan(refhash, map->len, ctx->virname, ctx->engine->md5_hdb) == CL_VIRUS && cli_md5m_scan(refhash, map->len, NULL, ctx->engine->md5_fp) != CL_VIRUS)

+	if(ctx->engine->md5_hdb && cli_md5m_scan(refhash, map->len, ctx->virname, ctx->engine->md5_hdb) == CL_VIRUS && cli_md5m_scan(refhash, map->len, NULL, ctx->engine->md5_fp) != CL_VIRUS)

+	    ret = CL_VIRUS;

+	if(ctx->engine->hm_hdb && cli_hm_scan(refhash, map->len, ctx->virname, ctx->engine->hm_hdb, CLI_HASH_MD5) == CL_VIRUS && cli_hm_scan(refhash, map->len, NULL, ctx->engine->hm_fp, CLI_HASH_MD5) != CL_VIRUS)

 	    ret = CL_VIRUS;

     }

@@ -1002,11 +1002,9 @@ int cli_scanpe(cli_ctx *ctx)

 	    /* check MD5 section sigs */

 	    md5_sect = ctx->engine->md5_mdb;

 	    if((DCONF & PE_CONF_MD5SECT) && md5_sect) {

-		found = 0;

 		for(j = 0; j < md5_sect->soff_len && md5_sect->soff[j] <= exe_sections[i].rsz; j++) {

 		    if(md5_sect->soff[j] == exe_sections[i].rsz) {

 			unsigned char md5_dig[16];

-			const struct cli_md5m_patt *patt;

 			if(cli_md5sect(map, &exe_sections[i], md5_dig) && cli_md5m_scan(md5_dig, exe_sections[i].rsz, ctx->virname, ctx->engine->md5_mdb) == CL_VIRUS) {

 			    if(cli_md5m_scan(md5_dig, fsize, NULL, ctx->engine->md5_fp) != CL_VIRUS) {

 				free(section_hdr);

@@ -1018,6 +1016,21 @@ int cli_scanpe(cli_ctx *ctx)

 		    }

 		}

 	    }

+

+	    md5_sect = ctx->engine->hm_mdb;

+	    if((DCONF & PE_CONF_MD5SECT) && md5_sect) {

+		unsigned char md5_dig[16];

+		if(cli_hm_have_size(md5_sect, CLI_HASH_MD5, exe_sections[i].rsz) && 

+		   cli_md5sect(map, &exe_sections[i], md5_dig) &&

+		   cli_hm_scan(md5_dig, exe_sections[i].rsz, ctx->virname, md5_sect, CLI_HASH_MD5) == CL_VIRUS) {

+		    if(cli_hm_scan(md5_dig, fsize, NULL, ctx->engine->hm_fp, CLI_HASH_MD5) != CL_VIRUS) {

+			free(section_hdr);

+			free(exe_sections);

+			return CL_VIRUS;

+		    }

+		}

+	    }

+

 	}

 	if (exe_sections[i].urva>>31 || exe_sections[i].uvsz>>31 || (exe_sections[i].rsz && exe_sections[i].uraw>>31) || exe_sections[i].ursz>>31) {

@@ -2092,15 +2092,29 @@ static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	    break;

 	}

-	if(mode == MD5_HDB)	

+	if(mode == MD5_HDB)

 	    db = engine->hm_hdb;

 	else if(mode == MD5_MDB)

 	    db = engine->hm_mdb;

 	else

 	    db = engine->hm_fp;

+	if(!db) {

+	    if(!(db = mpool_calloc(engine->mempool, 1, sizeof(*db)))) {

+		ret = CL_EMEM;

+		break;

+	    }

+	    db->mempool = engine->mempool;

+	    if(mode == MD5_HDB)

+		engine->hm_hdb = db;

+	    else if(mode == MD5_MDB)

+		engine->hm_mdb = db;

+	    else

+		engine->hm_fp = db;

+	}

+

 	if((ret = hm_addhash(db, tokens[md5_field], size, virname))) {

-	    cli_errmsg("cli_loadmd5: Malformed MD5 string at line %u\n", line);

+	    cli_errmsg("cli_loadhash: Malformed MD5 string at line %u\n", line);

 	    mpool_free(engine->mempool, (void *)virname);

 	    break;

 	}

@@ -2111,12 +2125,12 @@ static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	free(buffer_cpy);

     if(!line) {

-	cli_errmsg("cli_loadmd5: Empty database file\n");

+	cli_errmsg("cli_loadhash: Empty database file\n");

 	return CL_EMALFDB;

     }

     if(ret) {

-	cli_errmsg("cli_loadmd5: Problem parsing database at line %u\n", line);

+	cli_errmsg("cli_loadhash: Problem parsing database at line %u\n", line);

 	return ret;

     }