@@ -1,3 +1,8 @@

+Wed Jun 20 17:56:00 EEST 2007 (edwin)

+------------------------------------

+  * libclamav/phishcheck.c,scanners.c: let .*db signatures take precedence

+  over Phishing.Email.* signatures (patch approved by TK)

+

 Tue Jun 19 16:41:40 CEST 2007 (tk)

 ----------------------------------

   * libclamav: DCONF support for ASPACK

@@ -81,6 +81,7 @@ typedef struct {

     unsigned int options;

     unsigned int arec;

     unsigned int mrec;

+    unsigned int found_possibly_unwanted;

     struct cli_dconf *dconf;

 } cli_ctx;

@@ -746,6 +746,12 @@ cleanupURL(struct string *URL, int isReal)

 /* -------end runtime disable---------*/

+static int found_possibly_unwanted(cli_ctx* ctx)

+{

+	ctx->found_possibly_unwanted = 1;

+	cli_dbgmsg("Phishcheck: found Possibly Unwanted: %s\n",*ctx->virname);

+	return CL_CLEAN;

+}

 int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs)

 {

@@ -818,24 +824,24 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs)

 /*						break;*/

 					case CL_PHISH_HEX_URL:

 						*ctx->virname="Phishing.Email.HexURL";

-						return CL_VIRUS;

+						return found_possibly_unwanted(ctx);

 /*						break;*/

 					case CL_PHISH_NUMERIC_IP:

 						*ctx->virname="Phishing.Email.Cloaked.NumericIP";

-						return CL_VIRUS;

+						return found_possibly_unwanted(ctx);

 					case CL_PHISH_CLOAKED_NULL:

 						*ctx->virname="Phishing.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/

-						return CL_VIRUS;

+						return found_possibly_unwanted(ctx);

 					case CL_PHISH_SSL_SPOOF:

 						*ctx->virname="Phishing.Email.SSL-Spoof";

-						return CL_VIRUS;

+						return found_possibly_unwanted(ctx);

 					case CL_PHISH_CLOAKED_UIU:

 						*ctx->virname="Phishing.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/

-						return CL_VIRUS;

+						return found_possibly_unwanted(ctx);

 					case CL_PHISH_NOMATCH:

 					default:

 						*ctx->virname="Phishing.Email";

-						return CL_VIRUS;

+						return found_possibly_unwanted(ctx);

 				}

 		}

 		else

@@ -2122,6 +2122,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

 int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options)

 {

     cli_ctx ctx;

+    int rc;

     memset(&ctx, '\0', sizeof(cli_ctx));

     ctx.engine = engine;

@@ -2129,9 +2130,13 @@ int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, cons

     ctx.limits = limits;

     ctx.scanned = scanned;

     ctx.options = options;

+    ctx.found_possibly_unwanted = 0;

     ctx.dconf = (struct cli_dconf *) engine->dconf;

-    return cli_magic_scandesc(desc, &ctx);

+    rc = cli_magic_scandesc(desc, &ctx);

+    if(rc == CL_CLEAN && ctx.found_possibly_unwanted)

+    	rc = CL_VIRUS;

+    return rc;

 }

 static int cli_scanfile(const char *filename, cli_ctx *ctx)