git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1231 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2005/01/06 20:55:38... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Thu Jan 6 11:54:54 GMT 2005 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/mbox.c: Scan for bounces in non mime-encoded emails |
|
4 |
+ |
|
1 | 5 |
Wed Jan 5 21:55:49 GMT 2005 (njh) |
2 | 6 |
---------------------------------- |
3 | 7 |
* libclamav/message.c: Guess incorrect content-type, e.g. |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.206 2005/01/06 11:53:29 nigelhorne |
|
21 |
+ * Handle bounces in non mime encoded messages |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.205 2005/01/01 15:55:26 nigelhorne |
21 | 24 |
* Changes handling of unbalanced quotes in multipart headers |
22 | 25 |
* |
... | ... |
@@ -603,7 +606,7 @@ |
603 | 603 |
* Compilable under SCO; removed duplicate code with message.c |
604 | 604 |
* |
605 | 605 |
*/ |
606 |
-static char const rcsid[] = "$Id: mbox.c,v 1.205 2005/01/01 15:55:26 nigelhorne Exp $"; |
|
606 |
+static char const rcsid[] = "$Id: mbox.c,v 1.206 2005/01/06 11:53:29 nigelhorne Exp $"; |
|
607 | 607 |
|
608 | 608 |
#if HAVE_CONFIG_H |
609 | 609 |
#include "clamav-config.h" |
... | ... |
@@ -653,6 +656,7 @@ static char const rcsid[] = "$Id: mbox.c,v 1.205 2005/01/01 15:55:26 nigelhorne |
653 | 653 |
#include "others.h" |
654 | 654 |
#include "defaults.h" |
655 | 655 |
#include "str.h" |
656 |
+#include "filetypes.h" |
|
656 | 657 |
|
657 | 658 |
#ifdef CL_DEBUG |
658 | 659 |
#if __GLIBC__ == 2 && __GLIBC_MINOR__ >= 1 |
... | ... |
@@ -1871,6 +1875,7 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
1871 | 1871 |
|
1872 | 1872 |
switch(mimeType) { |
1873 | 1873 |
case NOMIME: |
1874 |
+ cli_dbgmsg("Not a mime encoded message\n"); |
|
1874 | 1875 |
aText = textAddMessage(aText, mainMessage); |
1875 | 1876 |
break; |
1876 | 1877 |
case TEXT: |
... | ... |
@@ -2570,7 +2575,7 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
2570 | 2570 |
cli_warnmsg("PGP encoded attachment not scanned\n"); |
2571 | 2571 |
rc = 2; |
2572 | 2572 |
} else |
2573 |
- cli_warnmsg("Unknown encryption protocol '%s' - report to bugs@clamav.net\n"); |
|
2573 |
+ cli_warnmsg("Unknown encryption protocol '%s' - if you believe this file contains a virus, report it to bugs@clamav.net\n"); |
|
2574 | 2574 |
free(protocol); |
2575 | 2575 |
} else |
2576 | 2576 |
cli_dbgmsg("Encryption method missing protocol name\n"); |
... | ... |
@@ -2652,7 +2657,7 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
2652 | 2652 |
/* TODO */ |
2653 | 2653 |
cli_warnmsg("Attempt to send Content-type message/external-body trapped"); |
2654 | 2654 |
else |
2655 |
- cli_warnmsg("Unsupported message format `%s' - please report to bugs@clamav.net\n", mimeSubtype); |
|
2655 |
+ cli_warnmsg("Unsupported message format `%s' - if you believe this file contains a virus, report it to bugs@clamav.net\n", mimeSubtype); |
|
2656 | 2656 |
|
2657 | 2657 |
|
2658 | 2658 |
if(mainMessage && (mainMessage != messageIn)) |
... | ... |
@@ -2690,16 +2695,62 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
2690 | 2690 |
} |
2691 | 2691 |
|
2692 | 2692 |
if(aText && (textIn == NULL)) { |
2693 |
- cli_dbgmsg("Non mime part not scanned - if you believe this file contains a virus report to bugs@clamav.net\n"); |
|
2694 |
- /*if((fb = fileblobCreate()) != NULL) { |
|
2695 |
- cli_dbgmsg("Save non mime part\n"); |
|
2696 |
- fileblobSetFilename(fb, dir, "textpart"); |
|
2697 |
- fileblobAddData(fb, "Received: by clamd (textpart)\n", 30); |
|
2693 |
+ /* Look for a bounce in the text (non mime encoded) portion */ |
|
2694 |
+ const text *t; |
|
2698 | 2695 |
|
2699 |
- fb = textToFileblob(aText, fb); |
|
2696 |
+ for(t = aText; t; t = t->t_next) { |
|
2697 |
+ const line_t *l = t->t_line; |
|
2698 |
+ const text *lookahead; |
|
2699 |
+ const char *s; |
|
2700 | 2700 |
|
2701 |
- fileblobDestroy(fb); |
|
2702 |
- }*/ |
|
2701 |
+ if(l == NULL) |
|
2702 |
+ continue; |
|
2703 |
+ |
|
2704 |
+ s = lineGetData(l); |
|
2705 |
+ |
|
2706 |
+ if(cli_filetype(s, strlen(s)) != CL_TYPE_MAIL) |
|
2707 |
+ continue; |
|
2708 |
+ |
|
2709 |
+ /* |
|
2710 |
+ * We've found what looks like the start of a bounce |
|
2711 |
+ * message. Only bother saving if it really is a bounce |
|
2712 |
+ * message, this helps to speed up scanning of ping-pong |
|
2713 |
+ * messages that have lots of bounces within bounces in |
|
2714 |
+ * them |
|
2715 |
+ */ |
|
2716 |
+ for(lookahead = t->t_next; lookahead; lookahead = lookahead->t_next) { |
|
2717 |
+ l = lookahead->t_line; |
|
2718 |
+ |
|
2719 |
+ if(l == NULL) |
|
2720 |
+ break; |
|
2721 |
+ s = lineGetData(l); |
|
2722 |
+ if(strncasecmp(s, "Content-Type:", 13) == 0) |
|
2723 |
+ /* |
|
2724 |
+ * Don't bother with plain/text or |
|
2725 |
+ * plain/html |
|
2726 |
+ */ |
|
2727 |
+ if(strstr(s, "text/") == NULL) |
|
2728 |
+ break; |
|
2729 |
+ } |
|
2730 |
+ |
|
2731 |
+ if(lookahead && (lookahead->t_line == NULL)) { |
|
2732 |
+ cli_dbgmsg("Non mime part bounce message is not mime encoded, so it will not be scanned\n"); |
|
2733 |
+ t = lookahead; |
|
2734 |
+ /* look for next bounce message */ |
|
2735 |
+ continue; |
|
2736 |
+ } |
|
2737 |
+ |
|
2738 |
+ if((fb = fileblobCreate()) != NULL) { |
|
2739 |
+ cli_dbgmsg("Save non mime part bounce message\n"); |
|
2740 |
+ fileblobSetFilename(fb, dir, "bounce"); |
|
2741 |
+ fileblobAddData(fb, (unsigned char *)"Received: by clamd (bounce)\n", 26); |
|
2742 |
+ |
|
2743 |
+ fb = textToFileblob(t, fb); |
|
2744 |
+ |
|
2745 |
+ fileblobDestroy(fb); |
|
2746 |
+ } |
|
2747 |
+ break; |
|
2748 |
+ } |
|
2703 | 2749 |
textDestroy(aText); |
2704 | 2750 |
aText = NULL; |
2705 | 2751 |
} |
... | ... |
@@ -3417,7 +3468,7 @@ rfc2047(const char *in) |
3417 | 3417 |
encoding = tolower(encoding); |
3418 | 3418 |
|
3419 | 3419 |
if((encoding != 'q') && (encoding != 'b')) { |
3420 |
- cli_warnmsg("Unsupported RFC2047 encoding type '%c' - report to bugs@clamav.net\n", encoding); |
|
3420 |
+ cli_warnmsg("Unsupported RFC2047 encoding type '%c' - if you believe this file contains a virus, report it to bugs@clamav.net\n", encoding); |
|
3421 | 3421 |
free(out); |
3422 | 3422 |
out = NULL; |
3423 | 3423 |
break; |