git-svn: trunk@1822
Nigel Horne authored on 2006/01/22 03:37:48... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Sat Jan 21 18:35:34 GMT 2006 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: Scan uuencoded files. Helps to catch doubly encoded |
|
4 |
+ emails such as Worm.VB-8 |
|
5 |
+ |
|
1 | 6 |
Tue Jan 17 17:31:06 GMT 2006 (njh) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav/uuencode.[ch]: Created, but not yet called |
... | ... |
@@ -27,18 +32,18 @@ Sat Jan 7 04:27:05 CET 2006 (tk) |
27 | 27 |
Mon Jan 2 18:02:20 GMT 2006 (njh) |
28 | 28 |
---------------------------------- |
29 | 29 |
* libclamav/mbox.c: Bug fix to the patch of 28/12 for versions of curl |
30 |
- that don't support curl_easy_strerror() |
|
30 |
+ that don't support curl_easy_strerror() |
|
31 | 31 |
|
32 | 32 |
Mon Jan 2 17:38:35 GMT 2006 (njh) |
33 | 33 |
---------------------------------- |
34 | 34 |
* libclamav/mbox.c: NEW_WORLD code (not enabled by default) now finds all |
35 |
- malware in my database and is now ready for |
|
35 |
+ malware in my database and is now ready for |
|
36 | 36 |
testing |
37 | 37 |
|
38 | 38 |
Wed Dec 28 13:49:46 GMT 2005 (njh) |
39 | 39 |
---------------------------------- |
40 | 40 |
* libclamav/mbox.c: Added patches by Gianluigi Tiesi <sherpya*netfarm.it> |
41 |
- Improve CURL support on Windows |
|
41 |
+ Improve CURL support on Windows |
|
42 | 42 |
Improve CURL error message for systems without |
43 | 43 |
CURL_ERRORBUFFER |
44 | 44 |
|
... | ... |
@@ -86,7 +86,7 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher.lo \ |
86 | 86 |
chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo \ |
87 | 87 |
special.lo binhex.lo is_tar.lo tnef.lo unrar15.lo unrarvm.lo \ |
88 | 88 |
unrar.lo unrarfilter.lo unrarppm.lo unrar20.lo unrarcmd.lo \ |
89 |
- pdf.lo spin.lo yc.lo elf.lo sis.lo |
|
89 |
+ pdf.lo spin.lo yc.lo elf.lo sis.lo uuencode.lo |
|
90 | 90 |
libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS) |
91 | 91 |
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) |
92 | 92 |
depcomp = $(SHELL) $(top_srcdir)/depcomp |
... | ... |
@@ -341,7 +341,9 @@ libclamav_la_SOURCES = \ |
341 | 341 |
elf.h \ |
342 | 342 |
execs.h \ |
343 | 343 |
sis.c \ |
344 |
- sis.h |
|
344 |
+ sis.h \ |
|
345 |
+ uuencode.c \ |
|
346 |
+ uuencode.h |
|
345 | 347 |
|
346 | 348 |
lib_LTLIBRARIES = libclamav.la |
347 | 349 |
all: all-am |
... | ... |
@@ -464,6 +466,7 @@ distclean-compile: |
464 | 464 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/untar.Plo@am__quote@ |
465 | 465 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upx.Plo@am__quote@ |
466 | 466 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vba_extract.Plo@am__quote@ |
467 |
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uuencode.Plo@am__quote@ |
|
467 | 468 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yc.Plo@am__quote@ |
468 | 469 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/zzip-dir.Plo@am__quote@ |
469 | 470 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/zzip-err.Plo@am__quote@ |
... | ... |
@@ -98,6 +98,8 @@ static const struct cli_magic_s cli_magic[] = { |
98 | 98 |
{0, "Hi. This is the qmail-send", 26, "Qmail bounce", CL_TYPE_MAIL}, |
99 | 99 |
{0, "\170\237\076\042", 4, "TNEF", CL_TYPE_TNEF}, |
100 | 100 |
|
101 |
+ {0, "begin ", 6, "UUencoded", CL_TYPE_UUENCODED}, |
|
102 |
+ |
|
101 | 103 |
/* Graphics (may contain exploits against MS systems) */ |
102 | 104 |
|
103 | 105 |
{0, "GIF", 3, "GIF", CL_TYPE_GRAPHICS}, |
... | ... |
@@ -15,7 +15,7 @@ |
15 | 15 |
* along with this program; if not, write to the Free Software |
16 | 16 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
17 | 17 |
*/ |
18 |
-static char const rcsid[] = "$Id: mbox.c,v 1.274 2006/01/11 09:49:03 nigelhorne Exp $"; |
|
18 |
+static char const rcsid[] = "$Id: mbox.c,v 1.275 2006/01/21 18:34:42 nigelhorne Exp $"; |
|
19 | 19 |
|
20 | 20 |
#if HAVE_CONFIG_H |
21 | 21 |
#include "clamav-config.h" |
... | ... |
@@ -66,6 +66,7 @@ static char const rcsid[] = "$Id: mbox.c,v 1.274 2006/01/11 09:49:03 nigelhorne |
66 | 66 |
#include "defaults.h" |
67 | 67 |
#include "str.h" |
68 | 68 |
#include "filetypes.h" |
69 |
+#include "uuencode.h" |
|
69 | 70 |
|
70 | 71 |
#ifdef CL_DEBUG |
71 | 72 |
#if __GLIBC__ == 2 && __GLIBC_MINOR__ >= 1 |
... | ... |
@@ -167,7 +168,7 @@ typedef enum { FALSE = 0, TRUE = 1 } bool; |
167 | 167 |
*/ |
168 | 168 |
#define PARTIAL_DIR |
169 | 169 |
|
170 |
-/*#define NEW_WORLD*/ |
|
170 |
+#define NEW_WORLD |
|
171 | 171 |
|
172 | 172 |
static int cli_parse_mbox(const char *dir, int desc, unsigned int options); |
173 | 173 |
static message *parseEmailFile(FILE *fin, const table_t *rfc821Table, const char *firstLine, const char *dir); |
... | ... |
@@ -188,7 +189,6 @@ static char *rfc822comments(const char *in, char *out); |
188 | 188 |
static int rfc1341(message *m, const char *dir); |
189 | 189 |
#endif |
190 | 190 |
static bool usefulHeader(int commandNumber, const char *cmd); |
191 |
-static int uufasttrack(message *m, const char *firstline, const char *dir, FILE *fin); |
|
192 | 191 |
static char *getline_from_mbox(char *buffer, size_t len, FILE *fin); |
193 | 192 |
|
194 | 193 |
static void checkURLs(message *m, const char *dir); |
... | ... |
@@ -1096,7 +1096,7 @@ cli_parse_mbox(const char *dir, int desc, unsigned int options) |
1096 | 1096 |
* Fast track visa to uudecode. |
1097 | 1097 |
* TODO: binhex, yenc |
1098 | 1098 |
*/ |
1099 |
- if(uufasttrack(m, buffer, dir, fd) < 0) |
|
1099 |
+ if(uudecodeFile(m, buffer, dir, fd) < 0) |
|
1100 | 1100 |
if(messageAddStr(m, buffer) < 0) |
1101 | 1101 |
break; |
1102 | 1102 |
} else |
... | ... |
@@ -1371,7 +1371,7 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
1371 | 1371 |
* Fast track visa to uudecode. |
1372 | 1372 |
* TODO: binhex, yenc |
1373 | 1373 |
*/ |
1374 |
- if(uufasttrack(ret, line, dir, fin) < 0) |
|
1374 |
+ if(uudecodeFile(ret, line, dir, fin) < 0) |
|
1375 | 1375 |
if(messageAddStr(ret, line) < 0) |
1376 | 1376 |
break; |
1377 | 1377 |
} else |
... | ... |
@@ -4075,59 +4075,6 @@ usefulHeader(int commandNumber, const char *cmd) |
4075 | 4075 |
} |
4076 | 4076 |
|
4077 | 4077 |
/* |
4078 |
- * Save the uuencoded part of the file as it is read in since there's no need |
|
4079 |
- * to include it in the parse tree. Saves memory and parse time. |
|
4080 |
- * Return < 0 for failure |
|
4081 |
- */ |
|
4082 |
-static int |
|
4083 |
-uufasttrack(message *m, const char *firstline, const char *dir, FILE *fin) |
|
4084 |
-{ |
|
4085 |
- fileblob *fb; |
|
4086 |
- char buffer[RFC2821LENGTH + 1]; |
|
4087 |
- char *filename = cli_strtok(firstline, 2, " "); |
|
4088 |
- |
|
4089 |
- if(filename == NULL) |
|
4090 |
- return -1; |
|
4091 |
- |
|
4092 |
- fb = fileblobCreate(); |
|
4093 |
- if(fb == NULL) { |
|
4094 |
- free(filename); |
|
4095 |
- return -1; |
|
4096 |
- } |
|
4097 |
- |
|
4098 |
- fileblobSetFilename(fb, dir, filename); |
|
4099 |
- cli_dbgmsg("Fast track uudecode %s\n", filename); |
|
4100 |
- free(filename); |
|
4101 |
- |
|
4102 |
- while(fgets(buffer, sizeof(buffer) - 1, fin) != NULL) { |
|
4103 |
- unsigned char data[1024]; |
|
4104 |
- const unsigned char *uptr; |
|
4105 |
- size_t len; |
|
4106 |
- |
|
4107 |
- cli_chomp(buffer); |
|
4108 |
- if(strcasecmp(buffer, "end") == 0) |
|
4109 |
- break; |
|
4110 |
- if(buffer[0] == '\0') |
|
4111 |
- break; |
|
4112 |
- |
|
4113 |
- uptr = decodeLine(m, UUENCODE, buffer, data, sizeof(data)); |
|
4114 |
- if(uptr == NULL) |
|
4115 |
- break; |
|
4116 |
- |
|
4117 |
- len = (size_t)(uptr - data); |
|
4118 |
- if((len > 62) || (len == 0)) |
|
4119 |
- break; |
|
4120 |
- |
|
4121 |
- if(fileblobAddData(fb, data, len) < 0) |
|
4122 |
- break; |
|
4123 |
- } |
|
4124 |
- |
|
4125 |
- fileblobDestroy(fb); |
|
4126 |
- |
|
4127 |
- return 1; |
|
4128 |
-} |
|
4129 |
- |
|
4130 |
-/* |
|
4131 | 4078 |
* Like fgets but cope with end of line by "\n", "\r\n", "\n\r", "\r" |
4132 | 4079 |
*/ |
4133 | 4080 |
static char * |
... | ... |
@@ -1438,6 +1438,30 @@ static int cli_scantnef(int desc, const char **virname, unsigned long int *scann |
1438 | 1438 |
return ret; |
1439 | 1439 |
} |
1440 | 1440 |
|
1441 |
+static int |
|
1442 |
+cli_scanuuencoded(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec) |
|
1443 |
+{ |
|
1444 |
+ int ret; |
|
1445 |
+ char *dir = cli_gentemp(NULL); |
|
1446 |
+ |
|
1447 |
+ if(mkdir(dir, 0700)) { |
|
1448 |
+ cli_dbgmsg("Can't create temporary directory for uuencoded file %s\n", dir); |
|
1449 |
+ free(dir); |
|
1450 |
+ return CL_ETMPDIR; |
|
1451 |
+ } |
|
1452 |
+ |
|
1453 |
+ ret = cli_uuencode(dir, desc); |
|
1454 |
+ |
|
1455 |
+ if(ret == CL_CLEAN) |
|
1456 |
+ ret = cli_scandir(dir, virname, scanned, engine, limits, options, arec, mrec); |
|
1457 |
+ |
|
1458 |
+ if(!cli_leavetemps_flag) |
|
1459 |
+ cli_rmdirs(dir); |
|
1460 |
+ |
|
1461 |
+ free(dir); |
|
1462 |
+ return ret; |
|
1463 |
+} |
|
1464 |
+ |
|
1441 | 1465 |
static int cli_scanmail(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec) |
1442 | 1466 |
{ |
1443 | 1467 |
char *dir; |
... | ... |
@@ -1569,6 +1593,10 @@ int cli_magic_scandesc(int desc, const char **virname, unsigned long int *scanne |
1569 | 1569 |
ret = cli_scantnef(desc, virname, scanned, engine, limits, options, arec, mrec); |
1570 | 1570 |
break; |
1571 | 1571 |
|
1572 |
+ case CL_TYPE_UUENCODED: |
|
1573 |
+ ret = cli_scanuuencoded(desc, virname, scanned, engine, limits, options, arec, mrec); |
|
1574 |
+ break; |
|
1575 |
+ |
|
1572 | 1576 |
case CL_TYPE_MSCHM: |
1573 | 1577 |
if(SCAN_ARCHIVE) |
1574 | 1578 |
ret = cli_scanmschm(desc, virname, scanned, engine, limits, options, arec, mrec); |