@@ -1,3 +1,9 @@

+Sat Mar 20 17:49:43 GMT 2004 (njh)

+----------------------------------

+  * libclamav:	More flexable approach to scanning bounce messages within

+  	emails means more bounces are caught but at the expense of some

+	duplication of code for now

+

 Sat Mar 20 15:53:10 CET 2004 (tk)

 ---------------------------------

   * libclamav: make cli_filetype non static

@@ -17,6 +17,9 @@

  *

  * Change History:

  * $Log: mbox.c,v $

+ * Revision 1.55  2004/03/20 17:39:23  nigelhorne

+ * First attempt to handle all bounces

+ *

  * Revision 1.54  2004/03/19 15:40:45  nigelhorne

  * Handle empty content-disposition types

  *

@@ -153,7 +156,7 @@

  * Compilable under SCO; removed duplicate code with message.c

  *

  */

-static	char	const	rcsid[] = "$Id: mbox.c,v 1.54 2004/03/19 15:40:45 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: mbox.c,v 1.55 2004/03/20 17:39:23 nigelhorne Exp $";

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

@@ -1003,6 +1006,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 							rc = parseEmailBody(body, blobs, nBlobs, NULL, dir, rfc821Table, subtypeTable);

 							messageDestroy(body);

 						}

+

 						continue;

 					case MULTIPART:

 						/*

@@ -1355,7 +1359,8 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 					}

 					blobDestroy(b);

 				}

-			} else if((t_line = bounceBegin(mainMessage)) != NULL) {

+			} else if((!isAllText(mainMessage)) &&

+				  ((t_line = bounceBegin(mainMessage)) != NULL)) {

 				/*

 				 * Attempt to save the original (unbounced)

 				 * message - clamscan will find that in the

@@ -1367,9 +1372,9 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 				 * Ignore the blank lines before the message

 				 * proper

 				 */

-				while((t_line = t_line->t_next) != NULL)

+				/*while((t_line = t_line->t_next) != NULL)

 					if(strcmp(t_line->t_text, "") != 0)

-						break;

+						break;*/

 				if(t_line == NULL) {

 					cli_dbgmsg("Not found bounce message\n");

@@ -1386,7 +1391,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 					 * Fix thanks to "Andrey J. Melnikoff

 					 * (TEMHOTA)" <temnota@kmv.ru>

 					 */

-					blobAddData(b, (unsigned char *)"Received: by clamd\n", 19);

+					/*blobAddData(b, (unsigned char *)"Received: by clamd\n", 19);*/

 					do {

 						blobAddData(b, (unsigned char *)t_line->t_text, strlen(t_line->t_text));

 						blobAddData(b, (unsigned char *)"\n", 1);

@@ -1863,10 +1868,10 @@ static bool

 isAllText(const message *m)

 {

 	const text *t;

-	

+

 	for(t = messageGetBody(m); t; t = t->t_next)

 		if(strncasecmp(t->t_text,

-			"Content-Transfer-Encoding", 

+			"Content-Transfer-Encoding",

 			strlen("Content-Transfer-Encoding")) == 0)

 				return FALSE;

@@ -17,6 +17,9 @@

  *

  * Change History:

  * $Log: message.c,v $

+ * Revision 1.44  2004/03/20 17:39:23  nigelhorne

+ * First attempt to handle all bounces

+ *

  * Revision 1.43  2004/03/20 13:23:44  nigelhorne

  * More bounces handled

  *

@@ -126,7 +129,7 @@

  * uuencodebegin() no longer static

  *

  */

-static	char	const	rcsid[] = "$Id: message.c,v 1.43 2004/03/20 13:23:44 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: message.c,v 1.44 2004/03/20 17:39:23 nigelhorne Exp $";

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

@@ -155,10 +158,10 @@ static	char	const	rcsid[] = "$Id: message.c,v 1.43 2004/03/20 13:23:44 nigelhorn

 #include "mbox.h"

 #include "blob.h"

 #include "text.h"

-#include "table.h"

 #include "strrcpy.h"

 #include "others.h"

 #include "str.h"

+#include "scanners.h"

 /* required for AIX and Tru64 */

 #ifdef TRUE

@@ -211,28 +214,34 @@ static	struct	mime_map {

 };

 /*

- * TODO: remove this table and scan all *efficiently* for bounce messages,

- * probably using cl_magic[] from scanners.c

+ * TODO: This is a duplicate of the table from scanners.c. We should have

+ * just one table

  */

-static const char *bounces[] = {

-	"=================================================================================",

-	"------ A continuacion adjuntamos copia del mensaje, incluyendo las cabeceras. ------",

-	"A copy of the original message below this line:",

-	"==== Begin Message",

-	"--- Below this line is a copy of the message.",

-	"--- Below this line is the original bounce.",

-	"|----------- Message text follows: (body too large, truncated) ----------|",

-	"[ Offending message ]",

-	"------- Original mail message ----",

-	"------------------------------ Original message ------------------------------",

-	"   ----- Original message follows -----",

-	"Original message follows:",

-	"--- Returned Message ---",

-	"------- Returned Message --------",

-	"------- The original message sent:",

-	"------ This is a copy of the message, including all the headers. ------",

-	" --------Unsent Message below:",

-	NULL

+struct cli_magic_s {

+    int offset;

+    const char *magic;

+    size_t length;

+    const char *descr;

+    cli_file_t type;

+};

+

+static const struct cli_magic_s cli_magic[] = {

+    {0,  "Rar!",			4, "RAR",	    CL_RARFILE},

+    {0,  "PK\003\004",			4, "ZIP",	    CL_ZIPFILE},

+    {0,  "BZh",				3, "BZip",	    CL_BZFILE},

+    {0,  "From ",			5, "MBox",	    CL_MAILFILE},

+    {0,  "Received: ",			10, "Raw mail",	    CL_MAILFILE},

+    {0,  "Return-Path: ",		13, "Maildir",	    CL_MAILFILE},

+    {0,  "Return-path: ",		13, "Maildir",	    CL_MAILFILE},

+    {0,  "Delivered-To: ",		14, "Mail",	    CL_MAILFILE},

+    {0,  "X-UIDL: ",			8, "Mail",	    CL_MAILFILE},

+    {0,  "For: ",			5, "Eserv mail",    CL_MAILFILE},

+    {0,  "From: ",			6, "Exim mail",	    CL_MAILFILE},

+    {0,  "X-Symantec-",			11, "Symantec",	    CL_MAILFILE},

+    {0,  "Hi. This is the qmail-send",  26, "Qmail bounce", CL_MAILFILE},

+    {0,  "\320\317\021\340\241\261\032\341",

+	                    8, "OLE2 container",  CL_OLE2FILE},

+    {-1, NULL,              0, NULL,              CL_UNKNOWN_TYPE}

 };

 message *

@@ -410,7 +419,7 @@ messageAddArgument(message *m, const char *arg)

 	   (strncasecmp(arg, "filename", 8) != 0) &&

 	   (strncasecmp(arg, "boundary", 8) != 0) &&

 	   (strncasecmp(arg, "type", 4) != 0)) {

-	   	cli_dbgmsg("Discarding unwanted argument '%s'\n", arg);

+		cli_dbgmsg("Discarding unwanted argument '%s'\n", arg);

 		return;

 	}

@@ -1181,26 +1190,18 @@ const text *

 bounceBegin(const message *m)

 {

 	const text *t_line;

-	static table_t *bounceMessages;

-	if(bounceMessages == NULL) {

-		const char **bounce;

-

-		/*

-		 * TODO: mutex this in a multi-threaded environment

-		 */

-		bounceMessages = tableCreate();

+	for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) {

+		const struct cli_magic_s *c;

-		for(bounce = bounces; *bounce; bounce++)

-			if(tableInsert(bounceMessages, *bounce, 1) < 0)

-				cli_warnmsg("Bounce messages starting with\n\t%s\nwon't be detected\n",

-					*bounce);

+		for(c = cli_magic; c->magic; c++)

+			if((c->type == CL_MAILFILE) &&

+			   (strncmp(c->magic, t_line->t_text, strlen(c->magic)) == 0)) {

+				cli_dbgmsg("Found bounce message of type %s\n", c->descr);

+				return t_line;

+			}

 	}

-	for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next)

-		if(tableFind(bounceMessages, t_line->t_text) == 1)

-			return t_line;

-

 	return NULL;

 }