@@ -1,3 +1,8 @@

+Sat Jan 21 18:35:34 GMT 2006 (njh)

+----------------------------------

+  * libclamav:		Scan uuencoded files. Helps to catch doubly encoded

+				emails such as Worm.VB-8

+

 Tue Jan 17 17:31:06 GMT 2006 (njh)

 ----------------------------------

   * libclamav/uuencode.[ch]:	Created, but not yet called

@@ -27,18 +32,18 @@ Sat Jan  7 04:27:05 CET 2006 (tk)

 Mon Jan  2 18:02:20 GMT 2006 (njh)

 ----------------------------------

   * libclamav/mbox.c:	Bug fix to the patch of 28/12 for versions of curl

-  				that don't support curl_easy_strerror()

+				that don't support curl_easy_strerror()

 Mon Jan  2 17:38:35 GMT 2006 (njh)

 ----------------------------------

   * libclamav/mbox.c:	NEW_WORLD code (not enabled by default) now finds all

-  				malware in my database and is now ready for

+				malware in my database and is now ready for

 				testing

 Wed Dec 28 13:49:46 GMT 2005 (njh)

 ----------------------------------

   * libclamav/mbox.c:	Added patches by Gianluigi Tiesi <sherpya*netfarm.it>

-  				Improve CURL support on Windows

+				Improve CURL support on Windows

 				Improve CURL error message for systems without

 					CURL_ERRORBUFFER

@@ -147,7 +147,8 @@ libclamav_la_SOURCES = \

 	elf.h \

 	execs.h \

 	sis.c \

-	sis.h

-

+	sis.h \

+	uuencode.c \

+	uuencode.h

 lib_LTLIBRARIES = libclamav.la

@@ -86,7 +86,7 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher.lo \

 	chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo \

 	special.lo binhex.lo is_tar.lo tnef.lo unrar15.lo unrarvm.lo \

 	unrar.lo unrarfilter.lo unrarppm.lo unrar20.lo unrarcmd.lo \

-	pdf.lo spin.lo yc.lo elf.lo sis.lo

+	pdf.lo spin.lo yc.lo elf.lo sis.lo uuencode.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

 depcomp = $(SHELL) $(top_srcdir)/depcomp

@@ -341,7 +341,9 @@ libclamav_la_SOURCES = \

 	elf.h \

 	execs.h \

 	sis.c \

-	sis.h

+	sis.h \

+	uuencode.c \

+	uuencode.h

 lib_LTLIBRARIES = libclamav.la

 all: all-am

@@ -464,6 +466,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/untar.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upx.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vba_extract.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uuencode.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yc.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/zzip-dir.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/zzip-err.Plo@am__quote@

@@ -98,6 +98,8 @@ static const struct cli_magic_s cli_magic[] = {

     {0,  "Hi. This is the qmail-send",  26, "Qmail bounce",	  CL_TYPE_MAIL},

     {0,  "\170\237\076\042",		 4, "TNEF",               CL_TYPE_TNEF},

+    {0,  "begin ",			6,  "UUencoded",	  CL_TYPE_UUENCODED},

+

     /* Graphics (may contain exploits against MS systems) */

     {0,  "GIF",				 3, "GIF",	    CL_TYPE_GRAPHICS},

@@ -47,6 +47,7 @@ typedef enum {

     CL_TYPE_TNEF,

     CL_TYPE_CRYPTFF,

     CL_TYPE_PDF,

+    CL_TYPE_UUENCODED,

     /* bigger numbers have higher priority (in o-t-f detection) */

     CL_TYPE_HTML, /* on the fly */

@@ -15,7 +15,7 @@

  *  along with this program; if not, write to the Free Software

  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  */

-static	char	const	rcsid[] = "$Id: mbox.c,v 1.274 2006/01/11 09:49:03 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: mbox.c,v 1.275 2006/01/21 18:34:42 nigelhorne Exp $";

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

@@ -66,6 +66,7 @@ static	char	const	rcsid[] = "$Id: mbox.c,v 1.274 2006/01/11 09:49:03 nigelhorne

 #include "defaults.h"

 #include "str.h"

 #include "filetypes.h"

+#include "uuencode.h"

 #ifdef	CL_DEBUG

 #if __GLIBC__ == 2 && __GLIBC_MINOR__ >= 1

@@ -167,7 +168,7 @@ typedef enum	{ FALSE = 0, TRUE = 1 } bool;

  */

 #define	PARTIAL_DIR

-/*#define	NEW_WORLD*/

+#define	NEW_WORLD

 static	int	cli_parse_mbox(const char *dir, int desc, unsigned int options);

 static	message	*parseEmailFile(FILE *fin, const table_t *rfc821Table, const char *firstLine, const char *dir);

@@ -188,7 +189,6 @@ static	char	*rfc822comments(const char *in, char *out);

 static	int	rfc1341(message *m, const char *dir);

 #endif

 static	bool	usefulHeader(int commandNumber, const char *cmd);

-static	int	uufasttrack(message *m, const char *firstline, const char *dir, FILE *fin);

 static	char	*getline_from_mbox(char *buffer, size_t len, FILE *fin);

 static	void	checkURLs(message *m, const char *dir);

@@ -1096,7 +1096,7 @@ cli_parse_mbox(const char *dir, int desc, unsigned int options)

 				 * Fast track visa to uudecode.

 				 * TODO: binhex, yenc

 				 */

-				if(uufasttrack(m, buffer, dir, fd) < 0)

+				if(uudecodeFile(m, buffer, dir, fd) < 0)

 					if(messageAddStr(m, buffer) < 0)

 						break;

 			} else

@@ -1371,7 +1371,7 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch

 			 * Fast track visa to uudecode.

 			 * TODO: binhex, yenc

 			 */

-			if(uufasttrack(ret, line, dir, fin) < 0)

+			if(uudecodeFile(ret, line, dir, fin) < 0)

 				if(messageAddStr(ret, line) < 0)

 					break;

 		} else

@@ -4075,59 +4075,6 @@ usefulHeader(int commandNumber, const char *cmd)

 }

 /*

- * Save the uuencoded part of the file as it is read in since there's no need

- * to include it in the parse tree. Saves memory and parse time.

- * Return < 0 for failure

- */

-static int

-uufasttrack(message *m, const char *firstline, const char *dir, FILE *fin)

-{

-	fileblob *fb;

-	char buffer[RFC2821LENGTH + 1];

-	char *filename = cli_strtok(firstline, 2, " ");

-

-	if(filename == NULL)

-		return -1;

-

-	fb = fileblobCreate();

-	if(fb == NULL) {

-		free(filename);

-		return -1;

-	}

-

-	fileblobSetFilename(fb, dir, filename);

-	cli_dbgmsg("Fast track uudecode %s\n", filename);

-	free(filename);

-

-	while(fgets(buffer, sizeof(buffer) - 1, fin) != NULL) {

-		unsigned char data[1024];

-		const unsigned char *uptr;

-		size_t len;

-

-		cli_chomp(buffer);

-		if(strcasecmp(buffer, "end") == 0)

-			break;

-		if(buffer[0] == '\0')

-			break;

-

-		uptr = decodeLine(m, UUENCODE, buffer, data, sizeof(data));

-		if(uptr == NULL)

-			break;

-

-		len = (size_t)(uptr - data);

-		if((len > 62) || (len == 0))

-			break;

-

-		if(fileblobAddData(fb, data, len) < 0)

-			break;

-	}

-

-	fileblobDestroy(fb);

-

-	return 1;

-}

-

-/*

  * Like fgets but cope with end of line by "\n", "\r\n", "\n\r", "\r"

  */

 static char *

@@ -1438,6 +1438,30 @@ static int cli_scantnef(int desc, const char **virname, unsigned long int *scann

     return ret;

 }

+static int

+cli_scanuuencoded(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec)

+{

+	int ret;

+	char *dir = cli_gentemp(NULL);

+

+    if(mkdir(dir, 0700)) {

+	cli_dbgmsg("Can't create temporary directory for uuencoded file %s\n", dir);

+	free(dir);

+	return CL_ETMPDIR;

+    }

+

+    ret = cli_uuencode(dir, desc);

+

+    if(ret == CL_CLEAN)

+	ret = cli_scandir(dir, virname, scanned, engine, limits, options, arec, mrec);

+

+    if(!cli_leavetemps_flag)

+	cli_rmdirs(dir);

+

+    free(dir);

+    return ret;

+}

+

 static int cli_scanmail(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec)

 {

 	char *dir;

@@ -1569,6 +1593,10 @@ int cli_magic_scandesc(int desc, const char **virname, unsigned long int *scanne

 		ret = cli_scantnef(desc, virname, scanned, engine, limits, options, arec, mrec);

 	    break;

+	case CL_TYPE_UUENCODED:

+		ret = cli_scanuuencoded(desc, virname, scanned, engine, limits, options, arec, mrec);

+	    break;

+

 	case CL_TYPE_MSCHM:

 	    if(SCAN_ARCHIVE)

 		ret = cli_scanmschm(desc, virname, scanned, engine, limits, options, arec, mrec);