git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@428 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/03/22 02:21:12... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sun Mar 21 17:30:22 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: Scan bounce messages with no headers for encoded viruses/worms |
|
4 |
+ |
|
1 | 5 |
Sun Mar 21 09:51:45 GMT 2004 (njh) |
2 | 6 |
---------------------------------- |
3 | 7 |
* libclamav: Faster scanning for non MIME messages, only scan the message |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.57 2004/03/21 17:19:49 nigelhorne |
|
21 |
+ * Handle bounce messages with no headers |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.56 2004/03/21 09:41:26 nigelhorne |
21 | 24 |
* Faster scanning for non MIME messages |
22 | 25 |
* |
... | ... |
@@ -159,7 +162,7 @@ |
159 | 159 |
* Compilable under SCO; removed duplicate code with message.c |
160 | 160 |
* |
161 | 161 |
*/ |
162 |
-static char const rcsid[] = "$Id: mbox.c,v 1.56 2004/03/21 09:41:26 nigelhorne Exp $"; |
|
162 |
+static char const rcsid[] = "$Id: mbox.c,v 1.57 2004/03/21 17:19:49 nigelhorne Exp $"; |
|
163 | 163 |
|
164 | 164 |
#if HAVE_CONFIG_H |
165 | 165 |
#include "clamav-config.h" |
... | ... |
@@ -989,7 +992,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
989 | 989 |
break; |
990 | 990 |
case MESSAGE: |
991 | 991 |
cli_dbgmsg("Found message inside multipart\n"); |
992 |
- if(messageIsAllText(aMessage)) |
|
992 |
+ if(encodingLine(aMessage) == NULL) |
|
993 | 993 |
continue; |
994 | 994 |
|
995 | 995 |
body = parseEmailHeaders(aMessage, rfc821Table); |
... | ... |
@@ -1361,7 +1364,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1361 | 1361 |
} |
1362 | 1362 |
blobDestroy(b); |
1363 | 1363 |
} |
1364 |
- } else if((!messageIsAllText(mainMessage)) && |
|
1364 |
+ } else if((encodingLine(mainMessage) != NULL) && |
|
1365 | 1365 |
((t_line = bounceBegin(mainMessage)) != NULL)) { |
1366 | 1366 |
/* |
1367 | 1367 |
* Attempt to save the original (unbounced) |
... | ... |
@@ -1393,9 +1396,33 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1393 | 1393 |
* content encoding statement don't |
1394 | 1394 |
* bother saving to scan, it's safe |
1395 | 1395 |
*/ |
1396 |
- saveIt = !messageIsAllText(mainMessage); |
|
1397 |
- else |
|
1396 |
+ saveIt = (encodingLine(mainMessage) != NULL); |
|
1397 |
+ else if((t_line = encodingLine(mainMessage)) != NULL) { |
|
1398 |
+ /* |
|
1399 |
+ * Some bounces include the message |
|
1400 |
+ * body without the headers |
|
1401 |
+ */ |
|
1402 |
+ if((b = blobCreate()) != NULL) { |
|
1403 |
+ cli_dbgmsg("Found a bounce message with no header\n"); |
|
1404 |
+ blobAddData(b, "Received: by clamd\n", 19); |
|
1405 |
+ do { |
|
1406 |
+ blobAddData(b, (unsigned char *)t_line->t_text, strlen(t_line->t_text)); |
|
1407 |
+ blobAddData(b, (unsigned char *)"\n", 1); |
|
1408 |
+ } while((t_line = t_line->t_next) != NULL); |
|
1409 |
+ |
|
1410 |
+ saveFile(b, dir); |
|
1411 |
+ |
|
1412 |
+ blobDestroy(b); |
|
1413 |
+ } |
|
1414 |
+ saveIt = FALSE; |
|
1415 |
+ } else { |
|
1416 |
+ /* |
|
1417 |
+ * Save the entire text portion, |
|
1418 |
+ * since it it may be an HTML |
|
1419 |
+ * file with a JavaScript virus |
|
1420 |
+ */ |
|
1398 | 1421 |
saveIt = TRUE; |
1422 |
+ } |
|
1399 | 1423 |
|
1400 | 1424 |
if(saveIt) { |
1401 | 1425 |
cli_dbgmsg("Saving text part to scan\n"); |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: message.c,v $ |
20 |
+ * Revision 1.47 2004/03/21 17:19:49 nigelhorne |
|
21 |
+ * Handle bounce messages with no headers |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.46 2004/03/21 09:41:27 nigelhorne |
21 | 24 |
* Faster scanning for non MIME messages |
22 | 25 |
* |
... | ... |
@@ -135,7 +138,7 @@ |
135 | 135 |
* uuencodebegin() no longer static |
136 | 136 |
* |
137 | 137 |
*/ |
138 |
-static char const rcsid[] = "$Id: message.c,v 1.46 2004/03/21 09:41:27 nigelhorne Exp $"; |
|
138 |
+static char const rcsid[] = "$Id: message.c,v 1.47 2004/03/21 17:19:49 nigelhorne Exp $"; |
|
139 | 139 |
|
140 | 140 |
#if HAVE_CONFIG_H |
141 | 141 |
#include "clamav-config.h" |
... | ... |
@@ -1251,10 +1254,10 @@ messageIsAllText(const message *m) |
1251 | 1251 |
return 1; |
1252 | 1252 |
} |
1253 | 1253 |
#else |
1254 |
-int |
|
1255 |
-messageIsAllText(const message *m) |
|
1254 |
+const text * |
|
1255 |
+encodingLine(const message *m) |
|
1256 | 1256 |
{ |
1257 |
- return (m->encoding == NULL); |
|
1257 |
+ return m->encoding; |
|
1258 | 1258 |
} |
1259 | 1259 |
#endif |
1260 | 1260 |
|
... | ... |
@@ -1475,7 +1478,7 @@ base64(char c) |
1475 | 1475 |
return 62; |
1476 | 1476 |
|
1477 | 1477 |
if(c != '/') |
1478 |
- cli_warnmsg("Illegal character <%c> in base64 encoding\n", c); |
|
1478 |
+ cli_dbgmsg("Illegal character <%c> in base64 encoding\n", c); |
|
1479 | 1479 |
|
1480 | 1480 |
return 63; |
1481 | 1481 |
} |
... | ... |
@@ -16,6 +16,9 @@ |
16 | 16 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
17 | 17 |
* |
18 | 18 |
* $Log: message.h,v $ |
19 |
+ * Revision 1.7 2004/03/21 17:19:49 nigelhorne |
|
20 |
+ * Handle bounce messages with no headers |
|
21 |
+ * |
|
19 | 22 |
* Revision 1.6 2004/03/21 09:41:27 nigelhorne |
20 | 23 |
* Faster scanning for non MIME messages |
21 | 24 |
* |
... | ... |
@@ -70,6 +73,6 @@ text *messageToText(const message *m); |
70 | 70 |
const text *uuencodeBegin(const message *m); |
71 | 71 |
const text *binhexBegin(const message *m); |
72 | 72 |
const text *bounceBegin(const message *m); |
73 |
-int messageIsAllText(const message *m); |
|
73 |
+const text *encodingLine(const message *m); |
|
74 | 74 |
|
75 | 75 |
#endif /*_MESSAGE_H*/ |