@@ -1,3 +1,9 @@

+Wed Feb 15 01:39:12 CET 2006 (tk)

+---------------------------------

+  * libclamav: simplify internal function declarations by passing a context

+	       structure. Patch by Andrey J. Melnikoff (TEMHOTA)

+	       <temnota*kmv.ru>

+

 Thu Feb  9 21:42:22 GMT 2006 (njh)

 ----------------------------------

   * clamav-milter:	Improved handling of messages with no body

@@ -34,8 +34,6 @@

 #include "clamav.h"

 #include "execs.h"

-#define DETECT_BROKEN		    (options & CL_SCAN_BLOCKBROKEN)

-

 static short need_conversion = 0;

 static inline uint16_t EC16(uint16_t v)

@@ -54,7 +52,7 @@ static inline uint32_t EC32(uint32_t v)

 	return ((v >> 24) | ((v & 0x00FF0000) >> 8) | ((v & 0x0000FF00) << 8) | (v << 24));

 }

-int cli_scanelf(int desc, const char **virname, long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec)

+int cli_scanelf(int desc, cli_ctx *ctx)

 {

 	struct elf_file_hdr32 file_hdr;

 	struct elf_section_hdr32 *section_hdr;

@@ -172,8 +170,8 @@ int cli_scanelf(int desc, const char **virname, long int *scanned, const struct

     if(shnum > 256) {

 	cli_dbgmsg("ELF: Suspicious number of sections\n");

         if(DETECT_BROKEN) {

-	    if(virname)

-            *virname = "Broken.Executable";

+	    if(ctx->virname)

+		*ctx->virname = "Broken.Executable";

             return CL_VIRUS;

         }

 	return CL_EFORMAT;

@@ -183,8 +181,8 @@ int cli_scanelf(int desc, const char **virname, long int *scanned, const struct

     if(shentsize != sizeof(struct elf_section_hdr32)) {

 	cli_dbgmsg("ELF: shentsize != sizeof(struct elf_section_hdr32)\n");

         if(DETECT_BROKEN) {

-	    if(virname)

-            *virname = "Broken.Executable";

+	    if(ctx->virname)

+		*ctx->virname = "Broken.Executable";

             return CL_VIRUS;

         }

 	return CL_EFORMAT;

@@ -195,8 +193,8 @@ int cli_scanelf(int desc, const char **virname, long int *scanned, const struct

     if(lseek(desc, shoff, SEEK_SET) != shoff) {

 	/* Possibly broken end of file */

         if(DETECT_BROKEN) {

-	    if(virname)

-            *virname = "Broken.Executable";

+	    if(ctx->virname)

+		*ctx->virname = "Broken.Executable";

             return CL_VIRUS;

         }

 	return CL_CLEAN;

@@ -217,8 +215,8 @@ int cli_scanelf(int desc, const char **virname, long int *scanned, const struct

             cli_dbgmsg("ELF: Possibly broken ELF file\n");

             free(section_hdr);

             if(DETECT_BROKEN) {

-                if(virname)

-                    *virname = "Broken.Executable";

+                if(ctx->virname)

+                    *ctx->virname = "Broken.Executable";

                 return CL_VIRUS;

             }

             return CL_CLEAN;

@@ -25,6 +25,7 @@

 #include "cltypes.h"

 #include "clamav.h"

 #include "execs.h"

+#include "others.h"

 struct elf_file_hdr32 {

     unsigned char e_ident[16];

@@ -56,7 +57,7 @@ struct elf_section_hdr32 {

     uint32_t sh_entsize;

 };

-int cli_scanelf(int desc, const char **virname, long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec);

+int cli_scanelf(int desc, cli_ctx *ctx);

 int cli_elfheader(int desc, struct cli_exe_info *elfinfo);

@@ -274,25 +274,25 @@ int cli_validatesig(unsigned short target, unsigned short ftype, const char *off

     return 1;

 }

-int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned short otfrec, unsigned short ftype, struct cli_matched_type **ftoffset)

+int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, unsigned short ftype, struct cli_matched_type **ftoffset)

 {

  	char *buffer, *buff, *endbl, *pt;

 	int bytes, buffsize, length, ret, *gpartcnt, *tpartcnt;

 	int type = CL_CLEAN, i, tid = 0;

 	unsigned int maxpatlen;

 	unsigned long int *gpartoff, *tpartoff, offset = 0;

-	MD5_CTX ctx;

+	MD5_CTX md5ctx;

 	unsigned char digest[16];

 	struct cli_md5_node *md5_node;

 	struct cli_matcher *groot, *troot = NULL;

-    if(!engine) {

+    if(!ctx->engine) {

 	cli_errmsg("cli_scandesc: engine == NULL\n");

 	return CL_ENULLARG;

     }

-    groot = engine->root[0]; /* generic signatures */

+    groot = ctx->engine->root[0]; /* generic signatures */

     if(ftype) {

 	for(i = 0; i < CL_TARGET_TABLE_SIZE; i++) {

@@ -302,7 +302,7 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 	    }

 	}

 	if(tid)

-	    troot = engine->root[tid];

+	    troot = ctx->engine->root[tid];

     }

     if(troot)

@@ -350,8 +350,8 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 	}

     }

-    if(engine->md5_hlist)

-	MD5_Init(&ctx);

+    if(ctx->engine->md5_hlist)

+	MD5_Init(&md5ctx);

     buff = buffer;

@@ -364,15 +364,15 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

     length = SCANBUFF;

     while((bytes = cli_readn(desc, buff, SCANBUFF)) > 0) {

-	if(scanned)

-	    *scanned += bytes / CL_COUNT_PRECISION;

+	if(ctx->scanned)

+	    *ctx->scanned += bytes / CL_COUNT_PRECISION;

 	if(bytes < SCANBUFF)

 	    length -= SCANBUFF - bytes;

 	if(troot) {

-	    if(troot->ac_only || (ret = cli_bm_scanbuff(pt, length, virname, troot, offset, ftype, desc)) != CL_VIRUS)

-		ret = cli_ac_scanbuff(pt, length, virname, troot, tpartcnt, otfrec, offset, tpartoff, ftype, desc, ftoffset);

+	    if(troot->ac_only || (ret = cli_bm_scanbuff(pt, length, ctx->virname, troot, offset, ftype, desc)) != CL_VIRUS)

+		ret = cli_ac_scanbuff(pt, length, ctx->virname, troot, tpartcnt, otfrec, offset, tpartoff, ftype, desc, ftoffset);

 	    if(ret == CL_VIRUS) {

 		free(buffer);

@@ -382,15 +382,15 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 		free(tpartoff);

 		lseek(desc, 0, SEEK_SET);

-		if(cli_checkfp(desc, engine))

+		if(cli_checkfp(desc, ctx->engine))

 		    return CL_CLEAN;

 		else

 		    return CL_VIRUS;

 	    }

 	}

-	if(groot->ac_only || (ret = cli_bm_scanbuff(pt, length, virname, groot, offset, ftype, desc)) != CL_VIRUS)

-	    ret = cli_ac_scanbuff(pt, length, virname, groot, gpartcnt, otfrec, offset, gpartoff, ftype, desc, ftoffset);

+	if(groot->ac_only || (ret = cli_bm_scanbuff(pt, length, ctx->virname, groot, offset, ftype, desc)) != CL_VIRUS)

+	    ret = cli_ac_scanbuff(pt, length, ctx->virname, groot, gpartcnt, otfrec, offset, gpartoff, ftype, desc, ftoffset);

 	if(ret == CL_VIRUS) {

 	    free(buffer);

@@ -401,7 +401,7 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 		free(tpartoff);

 	    }

 	    lseek(desc, 0, SEEK_SET);

-	    if(cli_checkfp(desc, engine))

+	    if(cli_checkfp(desc, ctx->engine))

 		return CL_CLEAN;

 	    else

 		return CL_VIRUS;

@@ -423,8 +423,8 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 	    }

 	}

-	if(engine->md5_hlist)

-	    MD5_Update(&ctx, buff, bytes);

+	if(ctx->engine->md5_hlist)

+	    MD5_Update(&md5ctx, buff, bytes);

     }

     free(buffer);

@@ -435,8 +435,8 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 	free(tpartoff);

     }

-    if(engine->md5_hlist) {

-	MD5_Final(digest, &ctx);

+    if(ctx->engine->md5_hlist) {

+	MD5_Final(digest, &md5ctx);

 	if(cli_debug_flag) {

 		char md5str[33];

@@ -450,7 +450,7 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 	    md5str[32] = 0;

 	}

-	if((md5_node = cli_vermd5(digest, engine)) && !md5_node->fp) {

+	if((md5_node = cli_vermd5(digest, ctx->engine)) && !md5_node->fp) {

 		struct stat sb;

 	    if(fstat(desc, &sb))

@@ -459,8 +459,8 @@ int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, con

 	    if((unsigned int) sb.st_size != md5_node->size) {

 		cli_warnmsg("Detected false positive MD5 match. Please report.\n");

 	    } else {

-		if(virname)

-		    *virname = md5_node->virname;

+		if(ctx->virname)

+		    *ctx->virname = md5_node->virname;

 		return CL_VIRUS;

 	    }

@@ -21,10 +21,11 @@

 #include "clamav.h"

 #include "filetypes.h"

+#include "others.h"

 #define CL_TARGET_TABLE_SIZE 7

-int cli_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned short otfrec, unsigned short ftype, struct cli_matched_type **ftoffset);

+int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, unsigned short ftype, struct cli_matched_type **ftoffset);

 int cli_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_engine *engine, unsigned short ftype);

@@ -31,6 +31,28 @@

     (bb_size > 0 && sb_size >= 0 && sb_size <= bb_size	\

      && sb >= bb && sb + sb_size <= bb + bb_size && sb + sb_size >= bb)

+/* internal clamav context */

+typedef struct {

+    const char **virname;

+    unsigned long int *scanned;

+    const struct cli_matcher *root;

+    const struct cl_engine *engine;

+    const struct cl_limits *limits;

+    unsigned int options;

+    unsigned int arec;

+    unsigned int mrec;

+} cli_ctx;

+

+#define SCAN_ARCHIVE	    (ctx->options & CL_SCAN_ARCHIVE)

+#define SCAN_MAIL	    (ctx->options & CL_SCAN_MAIL)

+#define SCAN_OLE2	    (ctx->options & CL_SCAN_OLE2)

+#define SCAN_HTML	    (ctx->options & CL_SCAN_HTML)

+#define SCAN_PE		    (ctx->options & CL_SCAN_PE)

+#define SCAN_ALGO 	    (ctx->options & CL_SCAN_ALGO)

+#define DETECT_ENCRYPTED    (ctx->options & CL_SCAN_BLOCKENCRYPTED)

+#define BLOCKMAX	    (ctx->options & CL_SCAN_BLOCKMAX)

+#define DETECT_BROKEN	    (ctx->options & CL_SCAN_BLOCKBROKEN)

+

 typedef struct bitset_tag

 {

         unsigned char *bitset;

@@ -51,10 +51,6 @@

 #define PE32_SIGNATURE		    0x010b

 #define PE32P_SIGNATURE		    0x020b

-#define DETECT_BROKEN		    (options & CL_SCAN_BLOCKBROKEN)

-#define BLOCKMAX		    (options & CL_SCAN_BLOCKMAX)

-#define SCAN_ALGO		    (options & CL_SCAN_ALGO)

-

 #define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb"

 #define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9"

 #define UPX_NRV2E "\xeb\x52\x31\xc9\x83\xe8\x03\x72\x11\xc1\xe0\x08\x8a\x06\x46\x83\xf0\xff\x74\x75\xd1\xf8\x89\xc5"

@@ -152,7 +148,7 @@ static int cli_ddump(int desc, int offset, int size, const char *file)

 }

 */

-int cli_scanpe(int desc, const char **virname, long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec)

+int cli_scanpe(int desc, cli_ctx *ctx)

 {

 	uint16_t e_magic; /* DOS signature ("MZ") */

 	uint16_t nsections;

@@ -190,8 +186,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	cli_dbgmsg("Can't read new header address\n");

 	/* truncated header? */

 	if(DETECT_BROKEN) {

-	    if(virname)

-		*virname = "Broken.Executable";

+	    if(ctx->virname)

+		*ctx->virname = "Broken.Executable";

 	    return CL_VIRUS;

 	}

 	return CL_CLEAN;

@@ -325,8 +321,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

     nsections = EC16(file_hdr.NumberOfSections);

     if(nsections < 1) {

 	if(DETECT_BROKEN) {

-	    if(virname)

-		*virname = "Broken.Executable";

+	    if(ctx->virname)

+		*ctx->virname = "Broken.Executable";

 	    return CL_VIRUS;

 	}

 	cli_warnmsg("PE file contains no sections\n");

@@ -346,8 +342,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	} else {

 	    cli_dbgmsg("Incorrect value of SizeOfOptionalHeader\n");

 	    if(DETECT_BROKEN) {

-		if(virname)

-		    *virname = "Broken.Executable";

+		if(ctx->virname)

+		    *ctx->virname = "Broken.Executable";

 		return CL_VIRUS;

 	    }

 	    return CL_CLEAN;

@@ -359,8 +355,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	if(read(desc, &optional_hdr32, sizeof(struct pe_image_optional_hdr32)) != sizeof(struct pe_image_optional_hdr32)) {

 	    cli_dbgmsg("Can't optional file header\n");

 	    if(DETECT_BROKEN) {

-		if(virname)

-		    *virname = "Broken.Executable";

+		if(ctx->virname)

+		    *ctx->virname = "Broken.Executable";

 		return CL_VIRUS;

 	    }

 	    return CL_CLEAN;

@@ -369,8 +365,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	if(EC16(optional_hdr32.Magic) != PE32_SIGNATURE) {

 	    cli_warnmsg("Incorrect magic number in optional header\n");

 	    if(DETECT_BROKEN) {

-		if(virname)

-		    *virname = "Broken.Executable";

+		if(ctx->virname)

+		    *ctx->virname = "Broken.Executable";

 		return CL_VIRUS;

 	    }

 	}

@@ -396,8 +392,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	if(read(desc, &optional_hdr64, sizeof(struct pe_image_optional_hdr64)) != sizeof(struct pe_image_optional_hdr64)) {

 	    cli_dbgmsg("Can't optional file header\n");

 	    if(DETECT_BROKEN) {

-		if(virname)

-		    *virname = "Broken.Executable";

+		if(ctx->virname)

+		    *ctx->virname = "Broken.Executable";

 		return CL_VIRUS;

 	    }

 	    return CL_CLEAN;

@@ -406,8 +402,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	if(EC16(optional_hdr64.Magic) != PE32P_SIGNATURE) {

 	    cli_warnmsg("Incorrect magic number in optional header\n");

 	    if(DETECT_BROKEN) {

-		if(virname)

-		    *virname = "Broken.Executable";

+		if(ctx->virname)

+		    *ctx->virname = "Broken.Executable";

 		return CL_VIRUS;

 	    }

 	}

@@ -490,8 +486,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    cli_dbgmsg("Possibly broken PE file\n");

 	    free(section_hdr);

 	    if(DETECT_BROKEN) {

-		if(virname)

-		    *virname = "Broken.Executable";

+		if(ctx->virname)

+		    *ctx->virname = "Broken.Executable";

 		return CL_VIRUS;

 	    }

 	    return CL_CLEAN;

@@ -530,8 +526,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	if(!CLI_ISCONTAINED2(0, (uint32_t) fsize, EC32(section_hdr[i].PointerToRawData), EC32(section_hdr[i].SizeOfRawData)) || EC32(section_hdr[i].PointerToRawData) > fsize) {

 	    cli_dbgmsg("Possibly broken PE file - Section %d out of file (Offset@ %d, Rsize %d, Total filesize %d)\n", i, EC32(section_hdr[i].PointerToRawData), EC32(section_hdr[i].SizeOfRawData), fsize);

 	    if(DETECT_BROKEN) {

-		if(virname)

-		    *virname = "Broken.Executable";

+		if(ctx->virname)

+		    *ctx->virname = "Broken.Executable";

 		free(section_hdr);

 		return CL_VIRUS;

 	    }

@@ -560,8 +556,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	cli_dbgmsg("Possibly broken PE file\n");

 	free(section_hdr);

 	if(DETECT_BROKEN) {

-	    if(virname)

-		*virname = "Broken.Executable";

+	    if(ctx->virname)

+		*ctx->virname = "Broken.Executable";

 	    return CL_VIRUS;

 	}

 	return CL_CLEAN;

@@ -581,7 +577,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 		pt += 15;

 		if(((dw1 = cli_readint32(pt)) ^ (dw2 = cli_readint32(pt + 4))) == 0x505a4f && ((dw1 = cli_readint32(pt + 8)) ^ (dw2 = cli_readint32(pt + 12))) == 0xffffb && ((dw1 = cli_readint32(pt + 16)) ^ (dw2 = cli_readint32(pt + 20))) == 0xb8) {

-		    *virname = "W32.Parite.B";

+		    *ctx->virname = "W32.Parite.B";

 		    free(section_hdr);

 		    return CL_VIRUS;

 		}

@@ -602,7 +598,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    lseek(desc, EC32(section_hdr[nsections - 1].PointerToRawData) + rsize - bw, SEEK_SET);

 	    if(read(desc, buff, 4096) == 4096) {

 		if(cli_memstr(buff, 4091, "\xe8\x2c\x61\x00\x00", 5)) {

-		    *virname = "W32.Magistr.A";

+		    *ctx->virname = "W32.Magistr.A";

 		    free(section_hdr);

 		    return CL_VIRUS;

 		} 

@@ -614,7 +610,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    lseek(desc, EC32(section_hdr[nsections - 1].PointerToRawData) + rsize - bw, SEEK_SET);

 	    if(read(desc, buff, 4096) == 4096) {

 		if(cli_memstr(buff, 4091, "\xe8\x04\x72\x00\x00", 5)) {

-		    *virname = "W32.Magistr.B";

+		    *ctx->virname = "W32.Magistr.B";

 		    free(section_hdr);

 		    return CL_VIRUS;

 		} 

@@ -671,11 +667,11 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    while(found) {

 		    uint32_t newesi, newedi, newebx, newedx;

-		if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

-		    cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);

+		if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {

+		    cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize);

 		    free(section_hdr);

 		    if(BLOCKMAX) {

-			*virname = "PE.FSG.ExceededFileSize";

+			*ctx->virname = "PE.FSG.ExceededFileSize";

 			return CL_VIRUS;

 		    } else {

 			return CL_CLEAN;

@@ -777,7 +773,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 			lseek(ndesc, 0, SEEK_SET);

 			cli_dbgmsg("***** Scanning rebuilt PE file *****\n");

-			if(cli_magic_scandesc(ndesc, virname, scanned, engine, limits, options, arec, mrec) == CL_VIRUS) {

+			if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) {

 			    free(section_hdr);

 			    close(ndesc);

 			    if(!cli_leavetemps_flag)

@@ -830,11 +826,11 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 		    struct SECTION *sections;

-		if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

-		    cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);

+		if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {

+		    cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, ctx->limits->maxfilesize);

 		    free(section_hdr);

 		    if(BLOCKMAX) {

-			*virname = "PE.FSG.ExceededFileSize";

+			*ctx->virname = "PE.FSG.ExceededFileSize";

 			return CL_VIRUS;

 		    } else {

 			return CL_CLEAN;

@@ -855,11 +851,11 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 		lseek(desc, gp, SEEK_SET);

 		gp = EC32(section_hdr[i + 1].PointerToRawData) - gp;

-		if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) {

-		    cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize);

+		if(ctx->limits && ctx->limits->maxfilesize && (unsigned int) gp > ctx->limits->maxfilesize) {

+		    cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, ctx->limits->maxfilesize);

 		    free(section_hdr);

 		    if(BLOCKMAX) {

-			*virname = "PE.FSG.ExceededFileSize";

+			*ctx->virname = "PE.FSG.ExceededFileSize";

 			return CL_VIRUS;

 		    } else {

 			return CL_CLEAN;

@@ -979,7 +975,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 			lseek(ndesc, 0, SEEK_SET);

 			cli_dbgmsg("***** Scanning rebuilt PE file *****\n");

-			if(cli_magic_scandesc(ndesc, virname, scanned, engine, limits, options, arec, mrec) == CL_VIRUS) {

+			if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) {

 			    free(section_hdr);

 			    close(ndesc);

 			    if(!cli_leavetemps_flag)

@@ -1052,11 +1048,11 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 		    break;

 		}

-		if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

-		    cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);

+		if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {

+		    cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, ctx->limits->maxfilesize);

 		    free(section_hdr);

 		    if(BLOCKMAX) {

-			*virname = "PE.FSG.ExceededFileSize";

+			*ctx->virname = "PE.FSG.ExceededFileSize";

 			return CL_VIRUS;

 		    } else {

 			return CL_CLEAN;

@@ -1077,11 +1073,11 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 		lseek(desc, gp, SEEK_SET);

 		gp = EC32(section_hdr[i + 1].PointerToRawData) - gp;

-		if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) {

-		    cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize);

+		if(ctx->limits && ctx->limits->maxfilesize && (unsigned int) gp > ctx->limits->maxfilesize) {

+		    cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, ctx->limits->maxfilesize);

 		    free(section_hdr);

 		    if(BLOCKMAX) {

-			*virname = "PE.FSG.ExceededFileSize";

+			*ctx->virname = "PE.FSG.ExceededFileSize";

 			return CL_VIRUS;

 		    } else {

 			return CL_CLEAN;

@@ -1184,7 +1180,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 			lseek(ndesc, 0, SEEK_SET);

 			cli_dbgmsg("***** Scanning rebuilt PE file *****\n");

-			if(cli_magic_scandesc(ndesc, virname, scanned, engine, limits, options, arec, mrec) == CL_VIRUS) {

+			if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) {

 			    free(section_hdr);

 			    close(ndesc);

 			    if(!cli_leavetemps_flag)

@@ -1244,11 +1240,11 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    ssize = EC32(section_hdr[i + 1].SizeOfRawData);

 	    dsize = EC32(section_hdr[i].VirtualSize) + EC32(section_hdr[i + 1].VirtualSize);

-	    if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

-		cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);

+	    if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {

+		cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize);

 		free(section_hdr);

 		if(BLOCKMAX) {

-		    *virname = "PE.UPX.ExceededFileSize";

+		    *ctx->virname = "PE.UPX.ExceededFileSize";

 		    return CL_VIRUS;

 		} else {

 		    return CL_CLEAN;

@@ -1398,7 +1394,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 		cli_dbgmsg("UPX/FSG: Decompressed data saved in %s\n", tempfile);

 	    cli_dbgmsg("***** Scanning decompressed file *****\n");

-	    if((ret = cli_magic_scandesc(ndesc, virname, scanned, engine, limits, options, arec, mrec)) == CL_VIRUS) {

+	    if((ret = cli_magic_scandesc(ndesc, ctx)) == CL_VIRUS) {

 		close(ndesc);

 		if(!cli_leavetemps_flag)

 		    unlink(tempfile);

@@ -1440,11 +1436,11 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	} else {

 	    dsize = max - min;

-	    if(limits && limits->maxfilesize && dsize > limits->maxfilesize) {

-		cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, limits->maxfilesize);

+	    if(ctx->limits && ctx->limits->maxfilesize && dsize > ctx->limits->maxfilesize) {

+		cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, ctx->limits->maxfilesize);

 		free(section_hdr);

 		if(BLOCKMAX) {

-		    *virname = "PE.Petite.ExceededFileSize";

+		    *ctx->virname = "PE.Petite.ExceededFileSize";

 		    return CL_VIRUS;

 		} else {

 		    return CL_CLEAN;

@@ -1503,7 +1499,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    fsync(ndesc);

 	    lseek(ndesc, 0, SEEK_SET);

-	    if(cli_magic_scandesc(ndesc, virname, scanned, engine, limits, options, arec, mrec) == CL_VIRUS) {

+	    if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) {

 		free(section_hdr);

 		close(ndesc);

 		if(!cli_leavetemps_flag) {

@@ -1565,7 +1561,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    fsync(ndesc);

 	    lseek(ndesc, 0, SEEK_SET);

-	    if(cli_magic_scandesc(ndesc, virname, scanned, engine, limits, options, arec, mrec) == CL_VIRUS) {

+	    if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) {

 		free(section_hdr);

 		close(ndesc);

 		if(!cli_leavetemps_flag) {

@@ -1631,7 +1627,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

 	    fsync(ndesc);

 	    lseek(ndesc, 0, SEEK_SET);

-	    if(cli_magic_scandesc(ndesc, virname, scanned, engine, limits, options, arec, mrec) == CL_VIRUS) {

+	    if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) {

 	      free(section_hdr);

 	      close(ndesc);

 	      if(!cli_leavetemps_flag) {

@@ -24,6 +24,7 @@

 #include "clamav.h"

 #include "execs.h"

+#include "others.h"

 struct pe_image_file_hdr {

     uint32_t Magic;

@@ -127,7 +128,7 @@ struct pe_image_section_hdr {

     uint32_t Characteristics;

 };

-int cli_scanpe(int desc, const char **virname, long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec);

+int cli_scanpe(int desc, cli_ctx *ctx);

 int cli_peheader(int desc, struct cli_exe_info *peinfo);

@@ -92,19 +92,9 @@ extern int cli_mbox(const char *dir, int desc, unsigned int options); /* FIXME *

 # endif

 #endif

-#define SCAN_ARCHIVE	    (options & CL_SCAN_ARCHIVE)

-#define SCAN_MAIL	    (options & CL_SCAN_MAIL)

-#define SCAN_OLE2	    (options & CL_SCAN_OLE2)

-#define SCAN_HTML	    (options & CL_SCAN_HTML)

-#define SCAN_PE		    (options & CL_SCAN_PE)

-#define SCAN_ALGO 	    (options & CL_SCAN_ALGO)

-#define DETECT_ENCRYPTED    (options & CL_SCAN_BLOCKENCRYPTED)

-#define BLOCKMAX	    (options & CL_SCAN_BLOCKMAX)

-

 #define MAX_MAIL_RECURSION  15

-static int cli_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec);

-

+static int cli_scanfile(const char *filename, cli_ctx *ctx);

 /*

 #ifdef CL_THREAD_SAFE

@@ -116,7 +106,7 @@ static void cli_unlock_mutex(void *mtx)

 #endif

 */

-static int cli_scanrar(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec, unsigned long int offset)

+static int cli_scanrar(int desc, cli_ctx *ctx, unsigned long int offset)

 {

 	int fd, ret = CL_CLEAN;

 	unsigned int files = 0;

@@ -136,9 +126,9 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

     }

     lseek(desc, offset, SEEK_SET);

-    metadata = metadata_tmp = cli_unrar(desc, dir, limits);

+    metadata = metadata_tmp = cli_unrar(desc, dir, ctx->limits);

-    if(cli_scandir(dir, virname, scanned, engine, limits, options, arec, mrec) == CL_VIRUS) {

+    if(cli_scandir(dir, ctx) == CL_VIRUS) {

 	    ret = CL_VIRUS;

     } else while(metadata) {

@@ -147,10 +137,10 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

 	cli_dbgmsg("RAR: %s, crc32: 0x%x, encrypted: %d, compressed: %u, normal: %u, method: %d, ratio: %d (max: %d)\n",

 		metadata->filename, metadata->crc, metadata->encrypted, metadata->pack_size,

 		metadata->unpack_size, metadata->method,

-		metadata->pack_size ? ((unsigned int) metadata->unpack_size / (unsigned int) metadata->pack_size) : 0, limits ? limits->maxratio : 0);

+		metadata->pack_size ? ((unsigned int) metadata->unpack_size / (unsigned int) metadata->pack_size) : 0, ctx->limits ? ctx->limits->maxratio : 0);

 	/* Scan metadata */

-	mdata = engine->rar_mlist;

+	mdata = ctx->engine->rar_mlist;

 	if(mdata) do {

 	    if(mdata->encrypted != metadata->encrypted)

 		continue;

@@ -170,7 +160,7 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

 	    if(mdata->fileno && mdata->fileno != files)

 		continue;

-	    if(mdata->maxdepth && arec > mdata->maxdepth)

+	    if(mdata->maxdepth && ctx->arec > mdata->maxdepth)

 		continue;

 	    /* TODO add support for regex */

@@ -183,7 +173,7 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

 	} while((mdata = mdata->next));

 	if(mdata) {

-	    *virname = mdata->virname;

+	    *ctx->virname = mdata->virname;

 	    ret = CL_VIRUS;

 	    break;

 	}

@@ -191,11 +181,11 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

 	if(DETECT_ENCRYPTED && metadata->encrypted) {

 	    cli_dbgmsg("RAR: Encrypted files found in archive.\n");

 	    lseek(desc, 0, SEEK_SET);

-	    ret = cli_scandesc(desc, virname, scanned, engine, 0, 0, NULL);

+	    ret = cli_scandesc(desc, ctx, 0, 0, NULL);

 	    if(ret < 0) {

 		break;

 	    } else if(ret != CL_VIRUS) {

-		*virname = "Encrypted.RAR";

+		*ctx->virname = "Encrypted.RAR";

 		ret = CL_VIRUS;

 	    }

 	    break;

@@ -209,22 +199,22 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

 	    continue;

 	}

 */

-	if(limits) {

-	    if(limits->maxratio && metadata->unpack_size && metadata->pack_size) {

-		if((unsigned int) metadata->unpack_size / (unsigned int) metadata->pack_size >= limits->maxratio) {

+	if(ctx->limits) {

+	    if(ctx->limits->maxratio && metadata->unpack_size && metadata->pack_size) {

+		if((unsigned int) metadata->unpack_size / (unsigned int) metadata->pack_size >= ctx->limits->maxratio) {

 		    cli_dbgmsg("RAR: Max ratio reached (normal: %u, compressed: %u, max: %ld)\n", metadata->unpack_size,

-		    		metadata->pack_size, limits->maxratio);

-		    *virname = "Oversized.RAR";

+		    		metadata->pack_size, ctx->limits->maxratio);

+		    *ctx->virname = "Oversized.RAR";

 		    ret = CL_VIRUS;

 		    break;

 		}

 	    }

-	    if(limits->maxfilesize && (metadata->unpack_size > (unsigned int) limits->maxfilesize)) {

+	    if(ctx->limits->maxfilesize && (metadata->unpack_size > (unsigned int) ctx->limits->maxfilesize)) {

 		cli_dbgmsg("RAR: %s: Size exceeded (%u, max: %lu)\n", metadata->filename,

-					metadata->unpack_size, limits->maxfilesize);

+					metadata->unpack_size, ctx->limits->maxfilesize);

 		if(BLOCKMAX) {

-		    *virname = "RAR.ExceededFileSize";

+		    *ctx->virname = "RAR.ExceededFileSize";

 		    ret = CL_VIRUS;

 		    break;

 		}

@@ -232,10 +222,10 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

 		continue;

 	    }

-	    if(limits->maxfiles && (files > limits->maxfiles)) {

-		cli_dbgmsg("RAR: Files limit reached (max: %d)\n", limits->maxfiles);

+	    if(ctx->limits->maxfiles && (files > ctx->limits->maxfiles)) {

+		cli_dbgmsg("RAR: Files limit reached (max: %d)\n", ctx->limits->maxfiles);

 		if(BLOCKMAX) {

-		    *virname = "RAR.ExceededFilesLimit";

+		    *ctx->virname = "RAR.ExceededFilesLimit";

 		    ret = CL_VIRUS;

 		    break;

 		}

@@ -263,7 +253,7 @@ static int cli_scanrar(int desc, const char **virname, unsigned long int *scanne

 }

 #ifdef HAVE_ZLIB_H

-static int cli_scanzip(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec, unsigned long int offset)

+static int cli_scanzip(int desc, cli_ctx *ctx, unsigned long int offset)

 {

 	ZZIP_DIR *zdir;

 	ZZIP_DIRENT zdirent;

@@ -303,7 +293,7 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	if(!zdirent.d_name || !strlen(zdirent.d_name)) { /* Mimail fix */

 	    cli_dbgmsg("Zip: strlen(zdirent.d_name) == %d\n", strlen(zdirent.d_name));

-	    *virname = "Suspect.Zip";

+	    *ctx->virname = "Suspect.Zip";

 	    ret = CL_VIRUS;

 	    break;

 	}

@@ -314,12 +304,12 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	 */

 	encrypted = (zdirent.d_flags & 0x2041 != 0);

-	cli_dbgmsg("Zip: %s, crc32: 0x%x, offset: %d, encrypted: %d, compressed: %u, normal: %u, method: %d, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_crc32, zdirent.d_off, encrypted, zdirent.d_csize, zdirent.st_size, zdirent.d_compr, zdirent.d_csize ? (zdirent.st_size / zdirent.d_csize) : 0, limits ? limits->maxratio : 0);

+	cli_dbgmsg("Zip: %s, crc32: 0x%x, offset: %d, encrypted: %d, compressed: %u, normal: %u, method: %d, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_crc32, zdirent.d_off, encrypted, zdirent.d_csize, zdirent.st_size, zdirent.d_compr, zdirent.d_csize ? (zdirent.st_size / zdirent.d_csize) : 0, ctx->limits ? ctx->limits->maxratio : 0);

 	if(!zdirent.st_size) {

 	    if(zdirent.d_crc32) {

 		cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n");

-		*virname = "Exploit.Zip.ModifiedHeaders";

+		*ctx->virname = "Exploit.Zip.ModifiedHeaders";

 		ret = CL_VIRUS;

 		break;

 	    }

@@ -327,7 +317,7 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	}

 	/* Scan metadata */

-	mdata = engine->zip_mlist;

+	mdata = ctx->engine->zip_mlist;

 	if(mdata) do {

 	    if(mdata->encrypted != encrypted)

 		continue;

@@ -347,7 +337,7 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	    if(mdata->fileno && mdata->fileno != files)

 		continue;

-	    if(mdata->maxdepth && arec > mdata->maxdepth)

+	    if(mdata->maxdepth && ctx->arec > mdata->maxdepth)

 		continue;

 	    /* TODO add support for regex */

@@ -360,7 +350,7 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	} while((mdata = mdata->next));

 	if(mdata) {

-	    *virname = mdata->virname;

+	    *ctx->virname = mdata->virname;

 	    ret = CL_VIRUS;

 	    break;

 	}

@@ -378,13 +368,13 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	/* work-around for problematic zips (zziplib crashes with them) */

 	if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {

 	    cli_dbgmsg("Zip: Malformed archive detected.\n");

-	    *virname = "Suspect.Zip";

+	    *ctx->virname = "Suspect.Zip";

 	    ret = CL_VIRUS;

 	    break;

 	}

-	if(limits && limits->maxratio > 0 && ((unsigned) zdirent.st_size / (unsigned) zdirent.d_csize) >= limits->maxratio) {

-	    *virname = "Oversized.Zip";

+	if(ctx->limits && ctx->limits->maxratio > 0 && ((unsigned) zdirent.st_size / (unsigned) zdirent.d_csize) >= ctx->limits->maxratio) {

+	    *ctx->virname = "Oversized.Zip";

 	    ret = CL_VIRUS;

 	    break;

         }

@@ -392,32 +382,32 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	if(DETECT_ENCRYPTED && encrypted) {

 	    cli_dbgmsg("Zip: Encrypted files found in archive.\n");

 	    lseek(desc, 0, SEEK_SET);

-	    ret = cli_scandesc(desc, virname, scanned, engine, 0, 0, NULL);

+	    ret = cli_scandesc(desc, ctx, 0, 0, NULL);

 	    if(ret < 0) {

 		break;

 	    } else if(ret != CL_VIRUS) {

-		*virname = "Encrypted.Zip";

+		*ctx->virname = "Encrypted.Zip";

 		ret = CL_VIRUS;

 	    }

 	    break;

 	}

-	if(limits) {

-	    if(limits->maxfilesize && ((unsigned int) zdirent.st_size > limits->maxfilesize)) {

-		cli_dbgmsg("Zip: %s: Size exceeded (%d, max: %ld)\n", zdirent.d_name, zdirent.st_size, limits->maxfilesize);

+	if(ctx->limits) {

+	    if(ctx->limits->maxfilesize && ((unsigned int) zdirent.st_size > ctx->limits->maxfilesize)) {

+		cli_dbgmsg("Zip: %s: Size exceeded (%d, max: %ld)\n", zdirent.d_name, zdirent.st_size, ctx->limits->maxfilesize);

 		/* ret = CL_EMAXSIZE; */

 		if(BLOCKMAX) {

-		    *virname = "Zip.ExceededFileSize";

+		    *ctx->virname = "Zip.ExceededFileSize";

 		    ret = CL_VIRUS;

 		    break;

 		}

 		continue; /* continue scanning */

 	    }

-	    if(limits->maxfiles && (files > limits->maxfiles)) {

-		cli_dbgmsg("Zip: Files limit reached (max: %d)\n", limits->maxfiles);

+	    if(ctx->limits->maxfiles && (files > ctx->limits->maxfiles)) {

+		cli_dbgmsg("Zip: Files limit reached (max: %d)\n", ctx->limits->maxfiles);

 		if(BLOCKMAX) {

-		    *virname = "Zip.ExceededFilesLimit";

+		    *ctx->virname = "Zip.ExceededFilesLimit";

 		    ret = CL_VIRUS;

 		    break;

 		}

@@ -472,13 +462,13 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

 	fd = fileno(tmp);

 	lseek(fd, 0, SEEK_SET);

-	if((ret = cli_magic_scandesc(fd, virname, scanned, engine, limits, options, arec, mrec)) == CL_VIRUS ) {

-	    cli_dbgmsg("Zip: Infected with %s\n", *virname);

+	if((ret = cli_magic_scandesc(fd, ctx)) == CL_VIRUS ) {

+	    cli_dbgmsg("Zip: Infected with %s\n", *ctx->virname);

 	    ret = CL_VIRUS;

 	    break;

 	} else if(ret == CL_EMALFZIP) {

 	    cli_dbgmsg("Zip: Malformed Zip file, scanning stopped.\n");

-	    *virname = "Suspect.Zip";

+	    *ctx->virname = "Suspect.Zip";

 	    ret = CL_VIRUS;

 	    break;

 	}

@@ -505,7 +495,7 @@ static int cli_scanzip(int desc, const char **virname, unsigned long int *scanne

     return ret;

 }

-static int cli_scangzip(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, unsigned int arec, unsigned int mrec)

+static int cli_scangzip(int desc, cli_ctx *ctx)

 {

 	int fd, bytes, ret = CL_CLEAN;

 	unsigned long int size = 0;

@@ -542,11 +532,11 @@ static int cli_scangzip(int desc, const char **virname, unsigned long int *scann

     while((bytes = gzread(gd, buff, FILEBUFF)) > 0) {

 	size += bytes;

-	if(limits)

-	    if(limits->maxfilesize && (size + FILEBUFF > limits->maxfilesize)) {

-		cli_dbgmsg("GZip: Size exceeded (stopped at %ld, max: %ld)\n", size, limits->maxfilesize);

+	if(ctx->limits)