@@ -1,3 +1,14 @@

+Sun Nov  5 17:08:22 CET 2006

+-----------------------------

+  * Bugfixes:

+    - freshclam: apply timeout patch from Everton da Silva Marques

+      <everton*lab.ipaccess.diveo.net.br> (new options: ConnectTimeout and

+      ReceiveTimeout)

+    - clamd: change stack size at the right place (closes bug#103)

+      Patch from Jonathan Chen <jon+clamav*spock.org>

+    - libclamav/petite.c: sanity check the number of rebuilt sections (speeds

+      up handling of malformed files)

+

 Sun Oct 15 20:10:31 CEST 2006

 -----------------------------

   * Bugfixes:

@@ -1,8 +1,11 @@

-0.88.5

+0.88.6

 ------

-This version fixes a crash in the CHM unpacker and a heap overflow in the

-function rebuilding PE files after unpacking.

+Changes in this release include better handling of network problems in

+freshclam and other minor bugfixes.

+

+The ClamAV developers encourage all users to give a try to the latest

+beta version of 0.90!

 --

 The ClamAV team (http://www.clamav.net/team.html)

@@ -2,6 +2,19 @@ Note: This README/NEWS file refers to the source tarball. Some things described

 here may not be available in binary packages.

 --

+0.88.6

+------

+

+Changes in this release include better handling of network problems in

+freshclam and other minor bugfixes.

+

+The ClamAV developers encourage all users to give a try to the latest

+beta version of 0.90!

+

+--

+The ClamAV team (http://www.clamav.net/team.html)

+

+

 0.88.5

 ------

@@ -230,7 +230,6 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop

 	struct sigaction sigact;

 	mode_t old_umask;

 	struct cl_limits limits;

-	pthread_attr_t thattr;

 	sigset_t sigset;

 	client_conn_t *client_conn;

 	struct cfgstruct *cpt;

@@ -417,9 +416,6 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop

 	logg("Self checking every %d seconds.\n", selfchk);

     }

-    pthread_attr_init(&thattr);

-    pthread_attr_setdetachstate(&thattr, PTHREAD_CREATE_DETACHED);

-

     if(cfgopt(copt, "ClamukoScanOnLine") || cfgopt(copt, "ClamukoScanOnAccess"))

 #ifdef CLAMUKO

     {

@@ -467,18 +463,6 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop

 	sigaction(SIGSEGV, &sigact, NULL);

     }

-#if defined(C_BIGSTACK) || defined(C_BSD)

-    /*

-     * njh@bandsman.co.uk:

-     * libclamav/scanners.c uses a *huge* buffer

-     * (128K not BUFSIZ from stdio.h).

-     * We need to allow for that.

-     */

-    pthread_attr_getstacksize(&thattr, &stacksize);

-    cli_dbgmsg("set stacksize to %u\n", stacksize + SCANBUFF + 64 * 1024);

-    pthread_attr_setstacksize(&thattr, stacksize + SCANBUFF + 64 * 1024);

-#endif

-

     pthread_mutex_init(&exit_mutex, NULL);

     pthread_mutex_init(&reload_mutex, NULL);

@@ -121,6 +121,9 @@ void thrmgr_destroy(threadpool_t *threadpool)

 threadpool_t *thrmgr_new(int max_threads, int idle_timeout, void (*handler)(void *))

 {

 	threadpool_t *threadpool;

+#if defined(C_BIGSTACK) || defined(C_BSD)

+	size_t stacksize;

+#endif

 	if (max_threads <= 0) {

 		return NULL;

@@ -154,6 +157,15 @@ threadpool_t *thrmgr_new(int max_threads, int idle_timeout, void (*handler)(void

 		free(threadpool);

 		return NULL;

 	}

+

+#if defined(C_BIGSTACK) || defined(C_BSD)

+	pthread_attr_getstacksize(&(threadpool->pool_attr), &stacksize);

+	stacksize = stacksize + 64 * 1024;

+	if (stacksize < 1048576) stacksize = 1048576; /* at least 1MB please */

+	logg("Set stack size to %u\n", stacksize);

+	pthread_attr_setstacksize(&(threadpool->pool_attr), stacksize);

+#endif

+

 	threadpool->state = POOL_VALID;

 	return threadpool;

@@ -2562,7 +2562,7 @@ fi

 # Define the identity of the package.

  PACKAGE=clamav

- VERSION="0.88.5"

+ VERSION="0.88.6"

 cat >>confdefs.h <<_ACEOF

@@ -2712,7 +2712,7 @@ ac_config_headers="$ac_config_headers clamav-config.h"

 LC_CURRENT=1

-LC_REVISION=17

+LC_REVISION=18

 LC_AGE=0

 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"

@@ -18,11 +18,11 @@ dnl   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

 AC_INIT(clamscan/clamscan.c)

 AC_CREATE_TARGET_H(target.h)

-AM_INIT_AUTOMAKE(clamav, "0.88.5")

+AM_INIT_AUTOMAKE(clamav, "0.88.6")

 AM_CONFIG_HEADER(clamav-config.h)

 LC_CURRENT=1

-LC_REVISION=17

+LC_REVISION=18

 LC_AGE=0

 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"

 AC_SUBST(LIBCLAMAV_VERSION)

Binary files a/docs/clamdoc.pdf and b/docs/clamdoc.pdf differ

@@ -70,7 +70,7 @@

     \vspace{3cm}

     \begin{flushright}

 	\rule[-1ex]{8cm}{3pt}\\

-	\huge Clam AntiVirus 0.88.3\\

+	\huge Clam AntiVirus 0.88.6\\

 	\huge \emph{User Manual}\\

     \end{flushright}

@@ -123,7 +123,7 @@

 	\item{POSIX compliant, portable}

 	\item{Fast scanning}

 	\item{Supports on-access scanning (Linux and FreeBSD only)}

-	\item{Detects over 35000 viruses, worms, and trojans, including

+	\item{Detects over 75.000 viruses, worms, and trojans, including

 	      Microsoft Office and MacOffice macro viruses}

 	\item{Scans within archives and compressed files (also protects

 	      against archive bombs), built-in support includes:

@@ -2092,8 +2092,6 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 				 &		  &	& \email{<ed*hp.uab.edu>}\\ \hline

 	\url{clamav.inoc.net} & 64.246.134.133 & USA & Robert Blayzor\\

 			      &		       &     & \email{<noc*inoc.net>}\\ \hline

-	\url{clamav.devolution.com} & 206.58.251.131 & California, & Scott Call\\

-				    &		     &		   & \email{<scall*atgi.net>}\\ \hline

 	\url{clamavdb.hostlink.com.hk} & 210.245.160.22 & Hong Kong & Alex Fong\\

 				       &		&	    & \email{<alexfkl*hostlink.com.hk>}\\ \hline

 	\url{clamav.clearfield.com} & 65.110.48.11 & USA & Jean-Francois Pirus\\

@@ -2202,8 +2200,6 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 				   &		   &	 & \email{<scollins*liquidweb.com>}\\ \hline

 	\url{clamav.xs4all.nl} & 194.109.6.74 & Netherlands & Eric Veldhuyzen\\

 			       &	      &		    & \email{<ericv*xs4all.net>}\\ \hline

-        \url{clamav.pinna.cx} & 69.57.154.46 & Texas, & Nicola Pinna\\

-			      &		     & USA    &	\email{<pinna*pinna.cx>}\\ \hline

 	\url{switch.clamav.net} & 130.59.10.35 & Switzerland & Thomas Lenggenhager\\

 				&	       &	     & \email{<lenggenhager*switch.ch>}\\ \hline

 	\url{clamav.public-internet.co.uk} & 195.85.245.20 & London, & Tom Beard\\

@@ -2277,6 +2273,26 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 			      &		     &	       & \email{<b.kopp*maoke.de>}\\ \hline

 	\url{4most1.clamav.ialfa.net} & 58.221.253.171 & People's Republic & Alfa Shen\\

 				      &		       & of China	   & \email{<alfa*ialfa.net>}\\ \hline

+	\url{clamav.hostway.co.kr} & 211.239.150.206 & Korea & Hoon Kim\\

+				   &		     &	     & \email{<hkim*hostway.co.kr>}\\ \hline

+	\url{clamav.doubleukay.com} & 202.71.97.92 & Malaysia & Woon Wai Keen\\

+				    &		   &	      & \email{<doubleukay*doubleukay.com>}\\ \hline

+	\url{clamav.archidiecezja.katowice.pl} & 212.106.154.2 & Poland & Artur Klimek\\

+					       &	       &	& \email{<artk*archidiecezja.katowice.pl>}\\ \hline

+	\url{clamav.dcux.com} & 61.129.102.109 & Shanghai, & Chun Xin Lee\\

+			      &		       & China	   & \email{<chunxin*osslab.org>}\\ \hline

+	\url{clamav.mirror.racksense.com} & 194.145.196.13 & United Kingdom & Paul Civati\\

+					  &		   &		    & \email{<mirror*racksense.com>}\\ \hline

+	\url{linkfirew.uncg.edu} & 152.13.144.243 & US & Vijay Sarvepalli\\

+				 &		  &    & \email{<vssarvepat*uncg.edu>}\\ \hline

+	\url{db.ezhik.org.ru} & 217.147.29.149 & Russia & Syrnikov Alexei\\

+			      &		       &	& \email{<san*ezhik.org.ru>}\\ \hline

+	\url{clamav.codefrog.dk} & 82.103.132.91 & Denmark & Lasse Brandt\\

+				 &		 &	   & \email{<lasse*codefrog.dk>}\\ \hline

+	\url{clamav.lmta.lt} & 193.219.48.134 & Lithuania & Rimas Kudelis\\

+			     &		      &		  & \email{<clamavdb*lmta.lt>}\\ \hline

+	\url{clamav.teleservice.net} & 85.30.129.18 & Sweden & Philip Olsson\\

+				     &		    &	     & \email{<philip*teleservice.net>}\\ \hline

     \end{tabular}}

     \end{center}

@@ -2545,11 +2561,14 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

     \begin{itemize}

 	\item ActiveIntra.net Inc. (\url{http://www.activeintra.net/})

 	\item Advance Healthcare Group (\url{http://www.ahgl.com.au/})

+	\item Allied Quotes (\url{http://www.AlliedQuotes.com /})

 	\item American Computer \& Electronic Services Corp. (\url{http://www.acesnw.com/})

 	\item Steve Anderson

 	\item Anonymous donor from Colorado, US

+	\item Arudius (\url{http://arudius.sourceforge.net/})

 	\item Peter Ashman

 	\item Atlas College (\url{http://www.atlascollege.nl/})

+	\item Australian Payday Cash Loans (\url{http://www.cashdoctors.com.au/})

 	\item AWD Online (\url{http://www.awdonline.com/})

 	\item BackupAssist Backup Software (\url{http://www.backupassist.com/})

 	\item Dave Baker

@@ -2557,9 +2576,11 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 	\item Aaron Begley

 	\item Craig H. Block

 	\item Norman E. Brake, Jr.

+	\item Josh Burstyn

 	\item By Design (\url{http://www.by-design.net/})

 	\item Canadian Web Hosting (\url{http://www.canadianwebhosting.com/})

 	\item cedarcreeksoftware.com (\url{http://www.cedarcreeksoftware.com/})

+	\item Ricardo Cerqueira

 	\item Thanos Chatziathanassiou

 	\item Cheahch from Singapore

 	\item Conexim Australia - business web hosting (\url{http://www.conexim.com.au})

@@ -2593,11 +2614,13 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 	\item GBC Internet Service Center GmbH (\url{http://www.gbc.net/})

 	\item GCS Tech (\url{http://www.gcstech.net/})

 	\item GHRS (\url{http://www.ghrshotels.com/})

+	\item Lyle Giese

 	\item Todd Goodman

 	\item Bill Gradwohl (\url{http://www.ycc.com/})

 	\item Grain-of-Salt Consulting

 	\item Terje Gravvold

 	\item Hart Computer (\url{http://www.hart.co.jp/})

+	\item Pen Helm

 	\item Hosting Metro LLC (\url{http://www.hostingmetro.com/})

 	\item IDEAL Software GmbH (\url{http://www.IdealSoftware.com/})

 	\item Industry Standard Computers (\url{http://www.ISCnetwork.com/})

@@ -2616,6 +2639,7 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 	\item Michel Machado (\url{http://oss.digirati.com.br/})

 	\item Olivier Marechal

 	\item Matthew McKenzie

+	\item Durval Menezes (\url{http://www.durval.com.br/})

 	\item Micro Logic Systems (\url{http://www.mls.nc/})

 	\item Midcoast Internet Solutions

 	\item Mimecast (\url{http://www.mimecast.com/})

@@ -2694,7 +2718,7 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 	Role: virus database maintainer, coder

 	\item Boguslaw Brandys \email{<bbrandys*clamav.net>}, Poland\\

-	Role: Win32 development

+	Role: temporarily inactive

 	\item Mike Cathey \email{<mike*clamav.net>}, USA\\

 	Role: co-sysadmin

@@ -2718,24 +2742,27 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

 	Role: virus database maintainer

 	\item Tomasz Kojm \email{<tkojm*clamav.net>}, Poland\\

-	Role: project leader, coder, virus database maintainer

+	Role: project leader, coder

 	\item Thomas Lamy \email{<tlamy*clamav.net>}, Germany\\

-	Role: random hacker

+	Role: inactive

 	\item Thomas Madsen \email{<tmadsen*clamav.net>}, Denmark\\

-	Role: virus submission management

+	Role: inactive

 	\item Denis De Messemacker \email{<ddm*clamav.net>}, Belgium\\

 	Role: inactive

 	\item Tomasz Papszun \email{<tomek*clamav.net>}, Poland\\

-	Role: virus database maintainer

+	Role: various help

 	\item Sven Strickroth \email{<sven*clamav.net>}, Germany\\

-	Role: virus database maintainer

+	Role: virus database maintainer, virus submission management

+

+	\item Edvin Torok \email{<edwin*clamav.net>}, Romania\\

+	Role: coder

 	\item Trog \email{<trog*clamav.net>}, United Kingdom\\

-	Role: coder, virus database maintainer

+	Role: coder

     \end{itemize}

 \end{document}

@@ -59,7 +59,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 <BR>

 <BR>

     <DIV ALIGN="RIGHT">

-<BR>	<FONT SIZE="+3">Clam AntiVirus 0.88.5

+<BR>	<FONT SIZE="+3">Clam AntiVirus 0.88.6

 <BR>	<FONT SIZE="+3"><I>User Manual</I>

 <BR>    

 </FONT></FONT></DIV>

@@ -67,7 +67,7 @@ Features</A>

 </LI>

 <LI>Supports on-access scanning (Linux and FreeBSD only)

 </LI>

-<LI>Detects over 70.000 viruses, worms, and trojans, including

+<LI>Detects over 75.000 viruses, worms, and trojans, including

 	      Microsoft Office and MacOffice macro viruses

 </LI>

 <LI>Scans within archives and compressed files (also protects

@@ -107,3 +107,11 @@ DatabaseMirror database.clamav.net

 # Enable debug messages in libclamav.

 # Default: disabled

 #Debug

+

+# Timeout in seconds when connecting to the database server.

+# Default: 30

+#ConnectTimeout 60

+

+# Timeout in seconds when reading from the database server.

+# Default: 30

+#ReceiveTimeout 60

@@ -41,7 +41,9 @@ freshclam_SOURCES = \

     dns.c \

     dns.h \

     execute.c \

-    execute.h

+    execute.h \

+    nonblock.c \

+    nonblock.h

 DEFS = @DEFS@ -DCL_NOTHREADS

 INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav

@@ -72,7 +72,8 @@ PROGRAMS = $(bin_PROGRAMS)

 am_freshclam_OBJECTS = output.$(OBJEXT) cfgparser.$(OBJEXT) \

 	getopt.$(OBJEXT) memory.$(OBJEXT) misc.$(OBJEXT) \

 	freshclam.$(OBJEXT) options.$(OBJEXT) manager.$(OBJEXT) \

-	notify.$(OBJEXT) dns.$(OBJEXT) execute.$(OBJEXT)

+	notify.$(OBJEXT) dns.$(OBJEXT) execute.$(OBJEXT) \

+	nonblock.$(OBJEXT)

 freshclam_OBJECTS = $(am_freshclam_OBJECTS)

 freshclam_LDADD = $(LDADD)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

@@ -228,7 +229,9 @@ freshclam_SOURCES = \

     dns.c \

     dns.h \

     execute.c \

-    execute.h

+    execute.h \

+    nonblock.c \

+    nonblock.h

 INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav

 all: all-am

@@ -310,6 +313,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/manager.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/memory.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonblock.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/options.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/output.Po@am__quote@

@@ -39,3 +39,6 @@

 #define CL_DEFAULT_CHECKS 12

 #define CL_DEFAULT_MAXATTEMPTS 3

 #define CL_MAX_CHILDREN 5

+#define CL_DEFAULT_CONNECTTIMEOUT 30

+#define CL_DEFAULT_RECVTIMEOUT 30

+

@@ -51,7 +51,7 @@

 #include "../libclamav/str.h" /* cli_strtok */

 #include "dns.h"

 #include "execute.h"

-

+#include "nonblock.h"

 int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, const char *hostname)

 {

@@ -267,7 +267,19 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

 	char  *tempname, ipaddr[16], *pt;

 	const char *proxy = NULL, *user = NULL, *pass = NULL;

 	int flevel = cl_retflevel();

+	int ctimeout; /* connect timeout in seconds */

+	int rtimeout; /* recv timeout in seconds */

+

+

+    if((cpt = cfgopt(copt, "ConnectTimeout")))

+	ctimeout = cpt->numarg;

+    else

+	ctimeout = CL_DEFAULT_CONNECTTIMEOUT;

+    if((cpt = cfgopt(copt, "ReceiveTimeout")))

+	rtimeout = cpt->numarg;

+    else

+	rtimeout = CL_DEFAULT_RECVTIMEOUT;

     if((current = cl_cvdhead(localname)) == NULL)

 	nodb = 1;

@@ -327,10 +339,11 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

     memset(ipaddr, 0, sizeof(ipaddr));

     if(!nodb && dbver == -1) {

+

 	if(ip[0]) /* use ip to connect */

-	    hostfd = wwwconnect(ip, proxy, port, ipaddr, localip);

+	    hostfd = wwwconnect(ip, proxy, port, ipaddr, localip, ctimeout);

 	else

-	    hostfd = wwwconnect(hostname, proxy, port, ipaddr, localip);

+	    hostfd = wwwconnect(hostname, proxy, port, ipaddr, localip, ctimeout);

 	if(hostfd < 0) {

             mprintf("@No servers could be reached. Giving up\n");

@@ -345,7 +358,7 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

 	if(!ip[0])

 	    strcpy(ip, ipaddr);

-	remote = remote_cvdhead(remotename, hostfd, hostname, proxy, user, pass, &ims);

+	remote = remote_cvdhead(remotename, hostfd, hostname, proxy, user, pass, &ims, rtimeout);

 	if(!nodb && !ims) {

 	    mprintf("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder);

@@ -393,9 +406,9 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

     if(ipaddr[0]) {

 	/* use ipaddr in order to connect to the same mirror */

-	hostfd = wwwconnect(ipaddr, proxy, port, NULL, localip);

+	hostfd = wwwconnect(ipaddr, proxy, port, NULL, localip, ctimeout);

     } else {

-	hostfd = wwwconnect(hostname, proxy, port, ipaddr, localip);

+	hostfd = wwwconnect(hostname, proxy, port, ipaddr, localip, ctimeout);

 	if(!ip[0])

 	    strcpy(ip, ipaddr);

     }

@@ -414,7 +427,7 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

     tempname = cli_gentemp(".");

     mprintf("*Retrieving http://%s/%s\n", hostname, remotename);

-    if((ret = get_database(remotename, hostfd, tempname, hostname, proxy, user, pass))) {

+    if((ret = get_database(remotename, hostfd, tempname, hostname, proxy, user, pass, rtimeout))) {

         mprintf("@Can't download %s from %s (IP: %s)\n", remotename, hostname, ipaddr);

         unlink(tempname);

         free(tempname);

@@ -483,7 +496,7 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

 /* this function returns socket descriptor */

 /* proxy support finshed by njh@bandsman.co.uk */

-int wwwconnect(const char *server, const char *proxy, int pport, char *ip, char *localip)

+int wwwconnect(const char *server, const char *proxy, int pport, char *ip, char *localip, int ctimeout)

 {

 	int socketfd = -1, port, i;

 	struct sockaddr_in name;

@@ -615,7 +628,7 @@ int wwwconnect(const char *server, const char *proxy, int pport, char *ip, char

 	name.sin_addr = *((struct in_addr *) host->h_addr_list[i]);

 	name.sin_port = htons(port);

-	if(connect(socketfd, (struct sockaddr *) &name, sizeof(struct sockaddr_in)) == -1) {

+	if(wait_connect(socketfd, (struct sockaddr *) &name, sizeof(struct sockaddr_in), ctimeout) == -1) {

 	    mprintf("Can't connect to port %d of host %s (IP: %s)\n", port, hostpt, ipaddr);

 	    continue;

 	} else {

@@ -635,7 +648,7 @@ int Rfc2822DateTime(char *buf, time_t mtime)

     return strftime(buf, 36, "%a, %d %b %Y %X GMT", time);

 }

-struct cl_cvd *remote_cvdhead(const char *file, int socketfd, const char *hostname, const char *proxy, const char *user, const char *pass, int *ims)

+struct cl_cvd *remote_cvdhead(const char *file, int socketfd, const char *hostname, const char *proxy, const char *user, const char *pass, int *ims, int rtimeout)

 {

 	char cmd[512], head[513], buffer[FILEBUFF], *ch, *tmp;

 	int i, j, bread, cnt;

@@ -698,7 +711,7 @@ struct cl_cvd *remote_cvdhead(const char *file, int socketfd, const char *hostna

     tmp = buffer;

     cnt = FILEBUFF;

-    while ((bread = recv(socketfd, tmp, cnt, 0)) > 0) {

+    while ((bread = wait_recv(socketfd, tmp, cnt, 0, rtimeout)) > 0) {

 	tmp+=bread;

 	cnt-=bread;

 	if (cnt <= 0) break;

@@ -759,7 +772,7 @@ struct cl_cvd *remote_cvdhead(const char *file, int socketfd, const char *hostna

     return cvd;

 }

-int get_database(const char *dbfile, int socketfd, const char *file, const char *hostname, const char *proxy, const char *user, const char *pass)

+int get_database(const char *dbfile, int socketfd, const char *file, const char *hostname, const char *proxy, const char *user, const char *pass, int rtimeout)

 {

 	char cmd[512], buffer[FILEBUFF], *ch;

 	int bread, fd, i, rot = 0;

@@ -829,7 +842,7 @@ int get_database(const char *dbfile, int socketfd, const char *file, const char

     while (1) {

       /* recv one byte at a time, until we reach \r\n\r\n */

-      if((i >= sizeof(buffer) - 1) || recv(socketfd, buffer + i, 1, 0) == -1) {

+      if((i >= sizeof(buffer) - 1) || wait_recv(socketfd, buffer + i, 1, 0, rtimeout) == -1) {

         mprintf("@Error while reading database from %s\n", hostname);

         close(fd);

         unlink(file);

@@ -857,7 +870,7 @@ int get_database(const char *dbfile, int socketfd, const char *file, const char

     /* receive body and write it to disk */

-    while((bread = read(socketfd, buffer, FILEBUFF)) > 0) {

+    while((bread = wait_recv(socketfd, buffer, FILEBUFF, 0, rtimeout)) > 0) {

 	write(fd, buffer, bread);

 	mprintf("Downloading %s [%c]\r", dbfile, rotation[rot]);

 	fflush(stdout);

@@ -26,11 +26,11 @@ int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, c

 int downloaddb(const char *localname, const char *remotename, const char *hostname, char *ip, int *signo, const struct cfgstruct *copt, const char *dnsreply, char *localip, int outdated);

-int wwwconnect(const char *server, const char *proxy, int pport, char *remoteip, char *localip);

+int wwwconnect(const char *server, const char *proxy, int pport, char *remoteip, char *localip, int timeout);

-struct cl_cvd *remote_cvdhead(const char *file, int socketfd, const char *hostname, const char *proxy, const char *user, const char *pass, int *ims);

+struct cl_cvd *remote_cvdhead(const char *file, int socketfd, const char *hostname, const char *proxy, const char *user, const char *pass, int *ims, int rtimeout);

-int get_database(const char *dbfile, int socketfd, const char *file, const char *hostname, const char *proxy, const char *user, const char *pass);

+int get_database(const char *dbfile, int socketfd, const char *file, const char *hostname, const char *proxy, const char *user, const char *pass, int rtimeout);

 unsigned int fmt_base64(char* dest,const char* src,unsigned int len);

new file mode 100644

@@ -0,0 +1,307 @@

+/*

+ *  Copyright 2006 Everton da Silva Marques <everton.marques@gmail.com>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include "nonblock.h"

+

+#include <stdio.h>

+#include <stdlib.h>

+#include <unistd.h>

+#include <string.h>

+#include <ctype.h>

+#include <netinet/in.h>

+#include <netdb.h>

+#include <sys/types.h>

+#include <sys/socket.h>

+#include <sys/time.h>

+#include <time.h>

+#include <fcntl.h>

+#include <sys/stat.h>

+#include <clamav.h>

+#include <errno.h>

+

+#include "shared/output.h"

+

+#ifdef SO_ERROR

+

+#ifndef timercmp

+# define timercmp(a, b, cmp)          \

+  (((a)->tv_sec == (b)->tv_sec) ?     \

+   ((a)->tv_usec cmp (b)->tv_usec) :  \

+   ((a)->tv_sec cmp (b)->tv_sec))

+#endif /* timercmp */

+

+#ifndef timersub

+# define timersub(a, b, result)                       \

+  do {                                                \

+    (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;     \

+    (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;  \

+    if ((result)->tv_usec < 0) {                      \

+      --(result)->tv_sec;                             \

+      (result)->tv_usec += 1000000;                   \

+    }                                                 \

+  } while (0)

+#endif /* timersub */

+

+#define NONBLOCK_SELECT_MAX_FAILURES 3

+#define NONBLOCK_MAX_BOGUS_LOOPS     10

+#undef  NONBLOCK_DEBUG

+

+static int connect_error(int sock)

+{

+	int optval;

+	int optlen;

+

+	optlen = sizeof(optval);

+	getsockopt(sock, SOL_SOCKET, SO_ERROR, &optval, &optlen);

+

+	if (optval) {

+		logg("connect_error: getsockopt(SO_ERROR): fd=%d error=%d: %s\n",

+		     sock, optval, strerror(optval));

+	}

+

+	return optval ? -1 : 0;

+}

+

+static int nonblock_connect(int sock, const struct sockaddr *addr, socklen_t addrlen, int secs)

+{

+	/* Max. of unexpected select() failures */

+	int select_failures = NONBLOCK_SELECT_MAX_FAILURES;

+	/* Max. of useless loops */

+	int bogus_loops = NONBLOCK_MAX_BOGUS_LOOPS;

+	struct timeval timeout;  /* When we should time out */

+	int numfd;               /* Highest fdset fd plus 1 */

+

+	/* Calculate into 'timeout' when we should time out */

+	gettimeofday(&timeout, 0);

+	timeout.tv_sec += secs;

+

+	/* Launch (possibly) non-blocking connect() request */

+	if (connect(sock, addr, addrlen)) {

+		int e = errno;

+#ifdef NONBLOCK_DEBUG

+		logg("DEBUG nonblock_connect: connect(): fd=%d errno=%d: %s\n",

+		     sock, e, strerror(e));

+#endif

+		switch (e) {

+		case EALREADY:

+		case EINPROGRESS:

+			break; /* wait for connection */

+		case EISCONN:

+			return 0; /* connected */

+		default:

+			logg("nonblock_connect: connect(): fd=%d errno=%d: %s\n",

+			     sock, e, strerror(e));

+			return -1; /* failed */

+		}

+	}

+	else {

+		return connect_error(sock);

+	}

+

+	numfd = sock + 1; /* Highest fdset fd plus 1 */

+

+	for (;;) {

+		fd_set fds;

+		struct timeval now;

+		struct timeval wait;

+		int n;

+

+		/* Force timeout if we ran out of time */

+		gettimeofday(&now, 0);

+		if (timercmp(&now, &timeout, >)) {

+			logg("nonblock_connect: connect timing out (%d secs)\n",

+			     secs);

+			break; /* failed */

+		}

+

+		/* Calculate into 'wait' how long to wait */

+		timersub(&timeout, &now, &wait); /* wait = timeout - now */

+

+		/* Init fds with 'sock' as the only fd */

+		FD_ZERO(&fds);

+		FD_SET(sock, &fds);

+

+		n = select(numfd, 0, &fds, 0, &wait);

+		if (n < 0) {

+			logg("nonblock_connect: select() failure %d: errno=%d: %s\n",

+			     select_failures, errno, strerror(errno));

+			if (--select_failures >= 0)

+				continue; /* keep waiting */

+			break; /* failed */

+		}

+

+#ifdef NONBLOCK_DEBUG

+		logg("DEBUG nonblock_connect: select = %d\n", n);

+#endif

+

+		if (n) {

+			return connect_error(sock);

+		}

+

+		/* Select returned, but there is no work to do... */

+		if (--bogus_loops < 0) {

+			logg("nonblock_connect: giving up due to excessive bogus loops\n");

+			break; /* failed */

+		}

+

+	} /* for loop: keep waiting */

+

+	return -1; /* failed */

+}

+

+static ssize_t nonblock_recv(int sock, void *buf, size_t len, int flags, int secs)

+{

+	/* Max. of unexpected select() failures */

+	int select_failures = NONBLOCK_SELECT_MAX_FAILURES;

+	/* Max. of useless loops */

+	int bogus_loops = NONBLOCK_MAX_BOGUS_LOOPS;

+	struct timeval timeout;  /* When we should time out */

+	int numfd;               /* Highest fdset fd plus 1 */

+

+	/* Calculate into 'timeout' when we should time out */

+	gettimeofday(&timeout, 0);

+	timeout.tv_sec += secs;

+

+	numfd = sock + 1; /* Highest fdset fd plus 1 */

+

+	for (;;) {

+		fd_set fds;

+		struct timeval now;

+		struct timeval wait;

+		int n;

+

+		/* Force timeout if we ran out of time */

+		gettimeofday(&now, 0);

+		if (timercmp(&now, &timeout, >)) {

+			logg("nonblock_recv: recv timing out (%d secs)\n", secs);

+			break; /* failed */

+		}

+

+		/* Calculate into 'wait' how long to wait */

+		timersub(&timeout, &now, &wait); /* wait = timeout - now */

+

+		/* Init fds with 'sock' as the only fd */

+		FD_ZERO(&fds);

+		FD_SET(sock, &fds);

+

+		n = select(numfd, &fds, 0, 0, &wait);

+		if (n < 0) {

+			logg("nonblock_recv: select() failure %d: errno=%d: %s\n",

+			     select_failures, errno, strerror(errno));

+			if (--select_failures >= 0)

+				continue; /* keep waiting */

+			break; /* failed */

+		}

+

+		if (n) {

+			return recv(sock, buf, len, flags);

+		}

+

+		/* Select returned, but there is no work to do... */

+		if (--bogus_loops < 0) {

+			logg("nonblock_recv: giving up due to excessive bogus loops\n");

+			break; /* failed */

+		}

+

+	} /* for loop: keep waiting */

+

+	return -1; /* failed */

+}

+

+static long nonblock_fcntl(int sock)

+{

+	long fcntl_flags; /* Save fcntl() flags */

+

+	fcntl_flags = fcntl(sock, F_GETFL, 0);

+	if (fcntl_flags == -1) {

+		logg("nonblock_fcntl: saving: fcntl(%d, F_GETFL): errno=%d: %s\n",

+		     sock, errno, strerror(errno));

+	}

+	else if (fcntl(sock, F_SETFL, fcntl_flags | O_NONBLOCK)) {

+		logg("nonblock_fcntl: fcntl(%d, F_SETFL, O_NONBLOCK): errno=%d: %s\n",

+		     sock, errno, strerror(errno));

+	}

+

+	return fcntl_flags;

+}

+

+static void restore_fcntl(int sock, long fcntl_flags)

+{

+	if (fcntl_flags != -1) {

+		if (fcntl(sock, F_SETFL, fcntl_flags)) {

+			logg("restore_fcntl: restoring: fcntl(%d, F_SETFL): errno=%d: %s\n",

+			     sock, errno, strerror(errno));

+		}

+	}

+}

+

+/*

+	wait_connect(): wrapper for connect(), with explicit 'secs' timeout

+*/

+int wait_connect(int sock, const struct sockaddr *addr, socklen_t addrlen, int secs)

+{

+	long fcntl_flags; /* Save fcntl() flags */

+	int ret;

+

+	/* Temporarily set socket to non-blocking mode */

+	fcntl_flags = nonblock_fcntl(sock);

+

+	ret = nonblock_connect(sock, addr, addrlen, secs);

+

+	/* Restore socket's default blocking mode */

+	restore_fcntl(sock, fcntl_flags);

+

+	return ret;

+}

+

+/*

+	wait_recv(): wrapper for recv(), with explicit 'secs' timeout

+*/

+ssize_t wait_recv(int sock, void *buf, size_t len, int flags, int secs)

+{

+	long fcntl_flags; /* Save fcntl() flags */

+	int ret;

+

+	/* Temporarily set socket to non-blocking mode */

+	fcntl_flags = nonblock_fcntl(sock);

+

+	ret = nonblock_recv(sock, buf, len, flags, secs);

+

+	/* Restore socket's default blocking mode */

+	restore_fcntl(sock, fcntl_flags);

+

+	return ret;

+}

+

+#else /* !SO_ERROR */

+

+int wait_connect(int sock, const struct sockaddr *addr, socklen_t addrlen, int secs)

+{

+    return connect(sock, addr, addrlen);

+}

+

+ssize_t wait_recv(int sock, void *buf, size_t len, int flags, int secs)

+{

+    return recv(sock, buf, len, flags);

+}

+

+#endif /* SO_ERROR */

new file mode 100644

@@ -0,0 +1,39 @@

+/*

+ *  Copyright 2006 Everton da Silva Marques <everton.marques@gmail.com>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+ */

+

+#ifndef __NONBLOCK_H

+#define __NONBLOCK_H

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <sys/types.h>