1. clamav-devel
  2. Commit 627465e7d794ad101228448c93df169bda45b4e2
Browse code

Handle bounce messages with no headers

git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@428 77e5149b-7576-45b1-b177-96237e5ba77b

Nigel Horne authored on 2004/03/22 02:21:12
Showing 4 changed files
ChangeLog
History View file @ 627465e
... ... 
@@ -1,3 +1,7 @@
1 
+Sun Mar 21 17:30:22 GMT 2004 (njh)
2 
+----------------------------------
3 
+  * libclamav:	Scan bounce messages with no headers for encoded viruses/worms
4 
+
1 5 
 Sun Mar 21 09:51:45 GMT 2004 (njh)
2 6 
 ----------------------------------
3 7 
   * libclamav:	Faster scanning for non MIME messages, only scan the message
libclamav/mbox.c
History View file @ 627465e
... ... 
@@ -17,6 +17,9 @@
17 17 
  *
18 18 
  * Change History:
19 19 
  * $Log: mbox.c,v $
20 
+ * Revision 1.57  2004/03/21 17:19:49  nigelhorne
21 
+ * Handle bounce messages with no headers
22 
+ *
20 23 
  * Revision 1.56  2004/03/21 09:41:26  nigelhorne
21 24 
  * Faster scanning for non MIME messages
22 25 
  *
... ... 
@@ -159,7 +162,7 @@
159 159 
  * Compilable under SCO; removed duplicate code with message.c
160 160 
  *
161 161 
  */
162 
-static	char	const	rcsid[] = "$Id: mbox.c,v 1.56 2004/03/21 09:41:26 nigelhorne Exp $";
162 
+static	char	const	rcsid[] = "$Id: mbox.c,v 1.57 2004/03/21 17:19:49 nigelhorne Exp $";
163 163
164 164 
 #if HAVE_CONFIG_H
165 165 
 #include "clamav-config.h"
... ... 
@@ -989,7 +992,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con
989 989 
 						break;
990 990 
 					case MESSAGE:
991 991 
 						cli_dbgmsg("Found message inside multipart\n");
992 
-						if(messageIsAllText(aMessage))
992 
+						if(encodingLine(aMessage) == NULL)
993 993 
 							continue;
994 994
995 995 
 						body = parseEmailHeaders(aMessage, rfc821Table);
... ... 
@@ -1361,7 +1364,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con
1361 1361 
 					}
1362 1362 
 					blobDestroy(b);
1363 1363 
 				}
1364 
-			} else if((!messageIsAllText(mainMessage)) &&
1364 
+			} else if((encodingLine(mainMessage) != NULL) &&
1365 1365 
 				  ((t_line = bounceBegin(mainMessage)) != NULL)) {
1366 1366 
 				/*
1367 1367 
 				 * Attempt to save the original (unbounced)
... ... 
@@ -1393,9 +1396,33 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con
1393 1393 
 					 * content encoding statement don't
1394 1394 
 					 * bother saving to scan, it's safe
1395 1395 
 					 */
1396 
-					saveIt = !messageIsAllText(mainMessage);
1397 
-				else
1396 
+					saveIt = (encodingLine(mainMessage) != NULL);
1397 
+				else if((t_line = encodingLine(mainMessage)) != NULL) {
1398 
+					/*
1399 
+					 * Some bounces include the message
1400 
+					 * body without the headers
1401 
+					 */
1402 
+					if((b = blobCreate()) != NULL) {
1403 
+						cli_dbgmsg("Found a bounce message with no header\n");
1404 
+						blobAddData(b, "Received: by clamd\n", 19);
1405 
+						do {
1406 
+							blobAddData(b, (unsigned char *)t_line->t_text, strlen(t_line->t_text));
1407 
+							blobAddData(b, (unsigned char *)"\n", 1);
1408 
+						} while((t_line = t_line->t_next) != NULL);
1409 
+
1410 
+						saveFile(b, dir);
1411 
+
1412 
+						blobDestroy(b);
1413 
+					}
1414 
+					saveIt = FALSE;
1415 
+				} else {
1416 
+					/*
1417 
+					 * Save the entire text portion,
1418 
+					 * since it it may be an HTML
1419 
+					 * file with a JavaScript virus
1420 
+					 */
1398 1421 
 					saveIt = TRUE;
1422 
+				}
1399 1423
1400 1424 
 				if(saveIt) {
1401 1425 
 					cli_dbgmsg("Saving text part to scan\n");
libclamav/message.c
History View file @ 627465e
... ... 
@@ -17,6 +17,9 @@
17 17 
  *
18 18 
  * Change History:
19 19 
  * $Log: message.c,v $
20 
+ * Revision 1.47  2004/03/21 17:19:49  nigelhorne
21 
+ * Handle bounce messages with no headers
22 
+ *
20 23 
  * Revision 1.46  2004/03/21 09:41:27  nigelhorne
21 24 
  * Faster scanning for non MIME messages
22 25 
  *
... ... 
@@ -135,7 +138,7 @@
135 135 
  * uuencodebegin() no longer static
136 136 
  *
137 137 
  */
138 
-static	char	const	rcsid[] = "$Id: message.c,v 1.46 2004/03/21 09:41:27 nigelhorne Exp $";
138 
+static	char	const	rcsid[] = "$Id: message.c,v 1.47 2004/03/21 17:19:49 nigelhorne Exp $";
139 139
140 140 
 #if HAVE_CONFIG_H
141 141 
 #include "clamav-config.h"
... ... 
@@ -1251,10 +1254,10 @@ messageIsAllText(const message *m)
1251 1251 
 	return 1;
1252 1252 
 }
1253 1253 
 #else
1254 
-int
1255 
-messageIsAllText(const message *m)
1254 
+const text *
1255 
+encodingLine(const message *m)
1256 1256 
 {
1257 
-	return (m->encoding == NULL);
1257 
+	return m->encoding;
1258 1258 
 }
1259 1259 
 #endif
1260 1260
... ... 
@@ -1475,7 +1478,7 @@ base64(char c)
1475 1475 
 		return 62;
1476 1476
1477 1477 
 	if(c != '/')
1478 
-		cli_warnmsg("Illegal character <%c> in base64 encoding\n", c);
1478 
+		cli_dbgmsg("Illegal character <%c> in base64 encoding\n", c);
1479 1479
1480 1480 
 	return 63;
1481 1481 
 }
libclamav/message.h
History View file @ 627465e
... ... 
@@ -16,6 +16,9 @@
16 16 
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 17 
  *
18 18 
  * $Log: message.h,v $
19 
+ * Revision 1.7  2004/03/21 17:19:49  nigelhorne
20 
+ * Handle bounce messages with no headers
21 
+ *
19 22 
  * Revision 1.6  2004/03/21 09:41:27  nigelhorne
20 23 
  * Faster scanning for non MIME messages
21 24 
  *
... ... 
@@ -70,6 +73,6 @@ text	*messageToText(const message *m);
70 70 
 const	text	*uuencodeBegin(const message *m);
71 71 
 const	text	*binhexBegin(const message *m);
72 72 
 const	text	*bounceBegin(const message *m);
73 
-int	messageIsAllText(const message *m);
73 
+const	text	*encodingLine(const message *m);
74 74
75 75 
 #endif	/*_MESSAGE_H*/