Browse code
Find more HTML.Phishing.Bank-426
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Tue May 16 21:15:25 BST 2006 (njh) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav/mbox.c: Some HTML.Phishing.Bank-426 were getting through, |
|
| 4 |
+ based on help from Sven |
|
| 5 |
+ |
|
| 1 | 6 |
Mon May 15 20:23:30 CEST 2006 (tk) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* shared/options.[ch]: new command line parser module |
| ... | ... |
@@ -16,7 +16,7 @@ |
| 16 | 16 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
| 17 | 17 |
* MA 02110-1301, USA. |
| 18 | 18 |
*/ |
| 19 |
-static char const rcsid[] = "$Id: mbox.c,v 1.300 2006/05/12 21:02:40 nigelhorne Exp $"; |
|
| 19 |
+static char const rcsid[] = "$Id: mbox.c,v 1.301 2006/05/16 20:16:38 njh Exp $"; |
|
| 20 | 20 |
|
| 21 | 21 |
#if HAVE_CONFIG_H |
| 22 | 22 |
#include "clamav-config.h" |
| ... | ... |
@@ -1268,6 +1268,7 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
| 1268 | 1268 |
{
|
| 1269 | 1269 |
bool inHeader = TRUE; |
| 1270 | 1270 |
bool contMarker = FALSE; |
| 1271 |
+ bool bodyIsEmpty = TRUE; |
|
| 1271 | 1272 |
bool lastWasBlank = FALSE, lastBodyLineWasBlank = FALSE; |
| 1272 | 1273 |
message *ret; |
| 1273 | 1274 |
bool anyHeadersFound = FALSE; |
| ... | ... |
@@ -1355,6 +1356,7 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
| 1355 | 1355 |
|
| 1356 | 1356 |
cli_dbgmsg("End of header information\n");
|
| 1357 | 1357 |
inHeader = FALSE; |
| 1358 |
+ bodyIsEmpty = TRUE; |
|
| 1358 | 1359 |
} else |
| 1359 | 1360 |
contMarker = FALSE; |
| 1360 | 1361 |
} else {
|
| ... | ... |
@@ -1460,6 +1462,7 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
| 1460 | 1460 |
* Fast track visa to uudecode. |
| 1461 | 1461 |
* TODO: binhex, yenc |
| 1462 | 1462 |
*/ |
| 1463 |
+ bodyIsEmpty = FALSE; |
|
| 1463 | 1464 |
if(uudecodeFile(ret, line, dir, fin) < 0) |
| 1464 | 1465 |
if(messageAddStr(ret, line) < 0) |
| 1465 | 1466 |
break; |
| ... | ... |
@@ -1470,8 +1473,22 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
| 1470 | 1470 |
continue; |
| 1471 | 1471 |
} |
| 1472 | 1472 |
lastBodyLineWasBlank = TRUE; |
| 1473 |
- } else |
|
| 1473 |
+ } else {
|
|
| 1474 |
+ if(bodyIsEmpty) {
|
|
| 1475 |
+ /* |
|
| 1476 |
+ * Broken message: new line in the |
|
| 1477 |
+ * middle of the headers, so the first |
|
| 1478 |
+ * line of the body is in fact |
|
| 1479 |
+ * the last lines of the header |
|
| 1480 |
+ */ |
|
| 1481 |
+ if(strncmp(line, "Message-Id: ", 12) == 0) |
|
| 1482 |
+ continue; |
|
| 1483 |
+ if(strncmp(line, "Date: ", 6) == 0) |
|
| 1484 |
+ continue; |
|
| 1485 |
+ } |
|
| 1486 |
+ bodyIsEmpty = FALSE; |
|
| 1474 | 1487 |
lastBodyLineWasBlank = FALSE; |
| 1488 |
+ } |
|
| 1475 | 1489 |
|
| 1476 | 1490 |
if(messageAddStr(ret, line) < 0) |
| 1477 | 1491 |
break; |