git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@425 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/03/21 02:41:14... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Sat Mar 20 17:49:43 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: More flexable approach to scanning bounce messages within |
|
4 |
+ emails means more bounces are caught but at the expense of some |
|
5 |
+ duplication of code for now |
|
6 |
+ |
|
1 | 7 |
Sat Mar 20 15:53:10 CET 2004 (tk) |
2 | 8 |
--------------------------------- |
3 | 9 |
* libclamav: make cli_filetype non static |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.55 2004/03/20 17:39:23 nigelhorne |
|
21 |
+ * First attempt to handle all bounces |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.54 2004/03/19 15:40:45 nigelhorne |
21 | 24 |
* Handle empty content-disposition types |
22 | 25 |
* |
... | ... |
@@ -153,7 +156,7 @@ |
153 | 153 |
* Compilable under SCO; removed duplicate code with message.c |
154 | 154 |
* |
155 | 155 |
*/ |
156 |
-static char const rcsid[] = "$Id: mbox.c,v 1.54 2004/03/19 15:40:45 nigelhorne Exp $"; |
|
156 |
+static char const rcsid[] = "$Id: mbox.c,v 1.55 2004/03/20 17:39:23 nigelhorne Exp $"; |
|
157 | 157 |
|
158 | 158 |
#if HAVE_CONFIG_H |
159 | 159 |
#include "clamav-config.h" |
... | ... |
@@ -1003,6 +1006,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1003 | 1003 |
rc = parseEmailBody(body, blobs, nBlobs, NULL, dir, rfc821Table, subtypeTable); |
1004 | 1004 |
messageDestroy(body); |
1005 | 1005 |
} |
1006 |
+ |
|
1006 | 1007 |
continue; |
1007 | 1008 |
case MULTIPART: |
1008 | 1009 |
/* |
... | ... |
@@ -1355,7 +1359,8 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1355 | 1355 |
} |
1356 | 1356 |
blobDestroy(b); |
1357 | 1357 |
} |
1358 |
- } else if((t_line = bounceBegin(mainMessage)) != NULL) { |
|
1358 |
+ } else if((!isAllText(mainMessage)) && |
|
1359 |
+ ((t_line = bounceBegin(mainMessage)) != NULL)) { |
|
1359 | 1360 |
/* |
1360 | 1361 |
* Attempt to save the original (unbounced) |
1361 | 1362 |
* message - clamscan will find that in the |
... | ... |
@@ -1367,9 +1372,9 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1367 | 1367 |
* Ignore the blank lines before the message |
1368 | 1368 |
* proper |
1369 | 1369 |
*/ |
1370 |
- while((t_line = t_line->t_next) != NULL) |
|
1370 |
+ /*while((t_line = t_line->t_next) != NULL) |
|
1371 | 1371 |
if(strcmp(t_line->t_text, "") != 0) |
1372 |
- break; |
|
1372 |
+ break;*/ |
|
1373 | 1373 |
|
1374 | 1374 |
if(t_line == NULL) { |
1375 | 1375 |
cli_dbgmsg("Not found bounce message\n"); |
... | ... |
@@ -1386,7 +1391,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1386 | 1386 |
* Fix thanks to "Andrey J. Melnikoff |
1387 | 1387 |
* (TEMHOTA)" <temnota@kmv.ru> |
1388 | 1388 |
*/ |
1389 |
- blobAddData(b, (unsigned char *)"Received: by clamd\n", 19); |
|
1389 |
+ /*blobAddData(b, (unsigned char *)"Received: by clamd\n", 19);*/ |
|
1390 | 1390 |
do { |
1391 | 1391 |
blobAddData(b, (unsigned char *)t_line->t_text, strlen(t_line->t_text)); |
1392 | 1392 |
blobAddData(b, (unsigned char *)"\n", 1); |
... | ... |
@@ -1863,10 +1868,10 @@ static bool |
1863 | 1863 |
isAllText(const message *m) |
1864 | 1864 |
{ |
1865 | 1865 |
const text *t; |
1866 |
- |
|
1866 |
+ |
|
1867 | 1867 |
for(t = messageGetBody(m); t; t = t->t_next) |
1868 | 1868 |
if(strncasecmp(t->t_text, |
1869 |
- "Content-Transfer-Encoding", |
|
1869 |
+ "Content-Transfer-Encoding", |
|
1870 | 1870 |
strlen("Content-Transfer-Encoding")) == 0) |
1871 | 1871 |
return FALSE; |
1872 | 1872 |
|
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: message.c,v $ |
20 |
+ * Revision 1.44 2004/03/20 17:39:23 nigelhorne |
|
21 |
+ * First attempt to handle all bounces |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.43 2004/03/20 13:23:44 nigelhorne |
21 | 24 |
* More bounces handled |
22 | 25 |
* |
... | ... |
@@ -126,7 +129,7 @@ |
126 | 126 |
* uuencodebegin() no longer static |
127 | 127 |
* |
128 | 128 |
*/ |
129 |
-static char const rcsid[] = "$Id: message.c,v 1.43 2004/03/20 13:23:44 nigelhorne Exp $"; |
|
129 |
+static char const rcsid[] = "$Id: message.c,v 1.44 2004/03/20 17:39:23 nigelhorne Exp $"; |
|
130 | 130 |
|
131 | 131 |
#if HAVE_CONFIG_H |
132 | 132 |
#include "clamav-config.h" |
... | ... |
@@ -155,10 +158,10 @@ static char const rcsid[] = "$Id: message.c,v 1.43 2004/03/20 13:23:44 nigelhorn |
155 | 155 |
#include "mbox.h" |
156 | 156 |
#include "blob.h" |
157 | 157 |
#include "text.h" |
158 |
-#include "table.h" |
|
159 | 158 |
#include "strrcpy.h" |
160 | 159 |
#include "others.h" |
161 | 160 |
#include "str.h" |
161 |
+#include "scanners.h" |
|
162 | 162 |
|
163 | 163 |
/* required for AIX and Tru64 */ |
164 | 164 |
#ifdef TRUE |
... | ... |
@@ -211,28 +214,34 @@ static struct mime_map { |
211 | 211 |
}; |
212 | 212 |
|
213 | 213 |
/* |
214 |
- * TODO: remove this table and scan all *efficiently* for bounce messages, |
|
215 |
- * probably using cl_magic[] from scanners.c |
|
214 |
+ * TODO: This is a duplicate of the table from scanners.c. We should have |
|
215 |
+ * just one table |
|
216 | 216 |
*/ |
217 |
-static const char *bounces[] = { |
|
218 |
- "=================================================================================", |
|
219 |
- "------ A continuacion adjuntamos copia del mensaje, incluyendo las cabeceras. ------", |
|
220 |
- "A copy of the original message below this line:", |
|
221 |
- "==== Begin Message", |
|
222 |
- "--- Below this line is a copy of the message.", |
|
223 |
- "--- Below this line is the original bounce.", |
|
224 |
- "|----------- Message text follows: (body too large, truncated) ----------|", |
|
225 |
- "[ Offending message ]", |
|
226 |
- "------- Original mail message ----", |
|
227 |
- "------------------------------ Original message ------------------------------", |
|
228 |
- " ----- Original message follows -----", |
|
229 |
- "Original message follows:", |
|
230 |
- "--- Returned Message ---", |
|
231 |
- "------- Returned Message --------", |
|
232 |
- "------- The original message sent:", |
|
233 |
- "------ This is a copy of the message, including all the headers. ------", |
|
234 |
- " --------Unsent Message below:", |
|
235 |
- NULL |
|
217 |
+struct cli_magic_s { |
|
218 |
+ int offset; |
|
219 |
+ const char *magic; |
|
220 |
+ size_t length; |
|
221 |
+ const char *descr; |
|
222 |
+ cli_file_t type; |
|
223 |
+}; |
|
224 |
+ |
|
225 |
+static const struct cli_magic_s cli_magic[] = { |
|
226 |
+ {0, "Rar!", 4, "RAR", CL_RARFILE}, |
|
227 |
+ {0, "PK\003\004", 4, "ZIP", CL_ZIPFILE}, |
|
228 |
+ {0, "BZh", 3, "BZip", CL_BZFILE}, |
|
229 |
+ {0, "From ", 5, "MBox", CL_MAILFILE}, |
|
230 |
+ {0, "Received: ", 10, "Raw mail", CL_MAILFILE}, |
|
231 |
+ {0, "Return-Path: ", 13, "Maildir", CL_MAILFILE}, |
|
232 |
+ {0, "Return-path: ", 13, "Maildir", CL_MAILFILE}, |
|
233 |
+ {0, "Delivered-To: ", 14, "Mail", CL_MAILFILE}, |
|
234 |
+ {0, "X-UIDL: ", 8, "Mail", CL_MAILFILE}, |
|
235 |
+ {0, "For: ", 5, "Eserv mail", CL_MAILFILE}, |
|
236 |
+ {0, "From: ", 6, "Exim mail", CL_MAILFILE}, |
|
237 |
+ {0, "X-Symantec-", 11, "Symantec", CL_MAILFILE}, |
|
238 |
+ {0, "Hi. This is the qmail-send", 26, "Qmail bounce", CL_MAILFILE}, |
|
239 |
+ {0, "\320\317\021\340\241\261\032\341", |
|
240 |
+ 8, "OLE2 container", CL_OLE2FILE}, |
|
241 |
+ {-1, NULL, 0, NULL, CL_UNKNOWN_TYPE} |
|
236 | 242 |
}; |
237 | 243 |
|
238 | 244 |
message * |
... | ... |
@@ -410,7 +419,7 @@ messageAddArgument(message *m, const char *arg) |
410 | 410 |
(strncasecmp(arg, "filename", 8) != 0) && |
411 | 411 |
(strncasecmp(arg, "boundary", 8) != 0) && |
412 | 412 |
(strncasecmp(arg, "type", 4) != 0)) { |
413 |
- cli_dbgmsg("Discarding unwanted argument '%s'\n", arg); |
|
413 |
+ cli_dbgmsg("Discarding unwanted argument '%s'\n", arg); |
|
414 | 414 |
return; |
415 | 415 |
} |
416 | 416 |
|
... | ... |
@@ -1181,26 +1190,18 @@ const text * |
1181 | 1181 |
bounceBegin(const message *m) |
1182 | 1182 |
{ |
1183 | 1183 |
const text *t_line; |
1184 |
- static table_t *bounceMessages; |
|
1185 | 1184 |
|
1186 |
- if(bounceMessages == NULL) { |
|
1187 |
- const char **bounce; |
|
1188 |
- |
|
1189 |
- /* |
|
1190 |
- * TODO: mutex this in a multi-threaded environment |
|
1191 |
- */ |
|
1192 |
- bounceMessages = tableCreate(); |
|
1185 |
+ for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) { |
|
1186 |
+ const struct cli_magic_s *c; |
|
1193 | 1187 |
|
1194 |
- for(bounce = bounces; *bounce; bounce++) |
|
1195 |
- if(tableInsert(bounceMessages, *bounce, 1) < 0) |
|
1196 |
- cli_warnmsg("Bounce messages starting with\n\t%s\nwon't be detected\n", |
|
1197 |
- *bounce); |
|
1188 |
+ for(c = cli_magic; c->magic; c++) |
|
1189 |
+ if((c->type == CL_MAILFILE) && |
|
1190 |
+ (strncmp(c->magic, t_line->t_text, strlen(c->magic)) == 0)) { |
|
1191 |
+ cli_dbgmsg("Found bounce message of type %s\n", c->descr); |
|
1192 |
+ return t_line; |
|
1193 |
+ } |
|
1198 | 1194 |
} |
1199 | 1195 |
|
1200 |
- for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) |
|
1201 |
- if(tableFind(bounceMessages, t_line->t_text) == 1) |
|
1202 |
- return t_line; |
|
1203 |
- |
|
1204 | 1196 |
return NULL; |
1205 | 1197 |
} |
1206 | 1198 |
|