...
|
...
|
@@ -235,11 +235,11 @@ static blob *getHrefs(message *m, tag_arguments_t *hrefs);
|
235
|
235
|
static void hrefs_done(blob *b, tag_arguments_t *hrefs);
|
236
|
236
|
static void checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html);
|
237
|
237
|
|
238
|
|
-static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx);
|
239
|
|
-static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx);
|
240
|
|
-static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx);
|
241
|
|
-static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx);
|
242
|
|
-static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx);
|
|
238
|
+static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc);
|
|
239
|
+static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound);
|
|
240
|
+static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound);
|
|
241
|
+static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound);
|
|
242
|
+static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound);
|
243
|
243
|
|
244
|
244
|
/* Maximum line length according to RFC2821 */
|
245
|
245
|
#define RFC2821LENGTH 1000
|
...
|
...
|
@@ -772,7 +772,7 @@ doContinueMultipleEmptyOptions(const char *const line, bool *lastWasOnlySemi)
|
772
|
772
|
}
|
773
|
773
|
|
774
|
774
|
static bool
|
775
|
|
-hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
|
|
775
|
+hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound)
|
776
|
776
|
{
|
777
|
777
|
|
778
|
778
|
if (line) {
|
...
|
...
|
@@ -785,6 +785,7 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
|
785
|
785
|
if ((*lineFoldCnt) >= HEURISTIC_EMAIL_MAX_LINE_FOLDS_PER_HEADER) {
|
786
|
786
|
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
|
787
|
787
|
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxLineFoldCnt");
|
|
788
|
+ *heuristicFound = TRUE;
|
788
|
789
|
}
|
789
|
790
|
|
790
|
791
|
return TRUE;
|
...
|
...
|
@@ -794,12 +795,13 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
|
794
|
794
|
}
|
795
|
795
|
|
796
|
796
|
static bool
|
797
|
|
-haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
|
|
797
|
+haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound)
|
798
|
798
|
{
|
799
|
799
|
|
800
|
800
|
if (totalLen > HEURISTIC_EMAIL_MAX_HEADER_BYTES) {
|
801
|
801
|
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
|
802
|
802
|
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxHeaderBytes");
|
|
803
|
+ *heuristicFound = TRUE;
|
803
|
804
|
}
|
804
|
805
|
|
805
|
806
|
return TRUE;
|
...
|
...
|
@@ -808,12 +810,13 @@ haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
|
808
|
808
|
}
|
809
|
809
|
|
810
|
810
|
static bool
|
811
|
|
-haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
|
|
811
|
+haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound)
|
812
|
812
|
{
|
813
|
813
|
|
814
|
814
|
if (totalHeaderCnt > HEURISTIC_EMAIL_MAX_HEADERS) {
|
815
|
815
|
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
|
816
|
816
|
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxEmailHeaders");
|
|
817
|
+ *heuristicFound = TRUE;
|
817
|
818
|
}
|
818
|
819
|
|
819
|
820
|
return TRUE;
|
...
|
...
|
@@ -822,12 +825,13 @@ haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
|
822
|
822
|
}
|
823
|
823
|
|
824
|
824
|
static bool
|
825
|
|
-haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
|
|
825
|
+haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc)
|
826
|
826
|
{
|
827
|
827
|
|
828
|
828
|
if (mimePartCnt >= HEURISTIC_EMAIL_MAX_MIME_PARTS_PER_MESSAGE) {
|
829
|
829
|
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
|
830
|
830
|
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEPartsPerMessage");
|
|
831
|
+ *rc = VIRUS;
|
831
|
832
|
}
|
832
|
833
|
|
833
|
834
|
return TRUE;
|
...
|
...
|
@@ -836,12 +840,13 @@ haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
|
836
|
836
|
}
|
837
|
837
|
|
838
|
838
|
static bool
|
839
|
|
-haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx)
|
|
839
|
+haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound)
|
840
|
840
|
{
|
841
|
841
|
|
842
|
842
|
if (argCnt >= HEURISTIC_EMAIL_MAX_ARGUMENTS_PER_HEADER) {
|
843
|
843
|
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
|
844
|
844
|
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEArguments");
|
|
845
|
+ *heuristicFound = TRUE;
|
845
|
846
|
}
|
846
|
847
|
|
847
|
848
|
return TRUE;
|
...
|
...
|
@@ -902,8 +907,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
|
902
|
902
|
continue;
|
903
|
903
|
}
|
904
|
904
|
|
905
|
|
- if (hitLineFoldCnt(line, &lineFoldCnt, ctx)) {
|
906
|
|
- *heuristicFound = TRUE;
|
|
905
|
+ if (hitLineFoldCnt(line, &lineFoldCnt, ctx, heuristicFound)) {
|
907
|
906
|
break;
|
908
|
907
|
}
|
909
|
908
|
|
...
|
...
|
@@ -950,8 +954,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
|
950
|
950
|
DO_VERIFY_POINTER(header);
|
951
|
951
|
|
952
|
952
|
totalHeaderCnt++;
|
953
|
|
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
|
954
|
|
- *heuristicFound = TRUE;
|
|
953
|
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
|
955
|
954
|
break;
|
956
|
955
|
}
|
957
|
956
|
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
|
...
|
...
|
@@ -1040,8 +1043,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
|
1040
|
1040
|
|
1041
|
1041
|
if (lineAdded) {
|
1042
|
1042
|
totalHeaderBytes += strlen(line);
|
1043
|
|
- if (haveTooManyHeaderBytes(totalHeaderBytes, ctx)) {
|
1044
|
|
- *heuristicFound = TRUE;
|
|
1043
|
+ if (haveTooManyHeaderBytes(totalHeaderBytes, ctx, heuristicFound)) {
|
1045
|
1044
|
break;
|
1046
|
1045
|
}
|
1047
|
1046
|
}
|
...
|
...
|
@@ -1072,8 +1074,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
|
1072
|
1072
|
|
1073
|
1073
|
if (0 == needContinue) {
|
1074
|
1074
|
totalHeaderCnt++;
|
1075
|
|
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
|
1076
|
|
- *heuristicFound = TRUE;
|
|
1075
|
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
|
1077
|
1076
|
break;
|
1078
|
1077
|
}
|
1079
|
1078
|
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
|
...
|
...
|
@@ -1208,8 +1209,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
|
1208
|
1208
|
continue;
|
1209
|
1209
|
}
|
1210
|
1210
|
|
1211
|
|
- if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx)) {
|
1212
|
|
- *heuristicFound = TRUE;
|
|
1211
|
+ if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx, heuristicFound)) {
|
1213
|
1212
|
break;
|
1214
|
1213
|
}
|
1215
|
1214
|
|
...
|
...
|
@@ -1286,8 +1286,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
|
1286
|
1286
|
}
|
1287
|
1287
|
|
1288
|
1288
|
if (lineAdded) {
|
1289
|
|
- if (haveTooManyHeaderBytes(fulllinelength, m->ctx)) {
|
1290
|
|
- *heuristicFound = TRUE;
|
|
1289
|
+ if (haveTooManyHeaderBytes(fulllinelength, m->ctx, heuristicFound)) {
|
1291
|
1290
|
break;
|
1292
|
1291
|
}
|
1293
|
1292
|
}
|
...
|
...
|
@@ -1309,8 +1308,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
|
1309
|
1309
|
}
|
1310
|
1310
|
|
1311
|
1311
|
totalHeaderCnt++;
|
1312
|
|
- if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx)) {
|
1313
|
|
- *heuristicFound = TRUE;
|
|
1312
|
+ if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx, heuristicFound)) {
|
1314
|
1313
|
break;
|
1315
|
1314
|
}
|
1316
|
1315
|
if (parseEmailHeader(ret, fullline, rfc821, m->ctx, heuristicFound) < 0) {
|
...
|
...
|
@@ -2212,9 +2210,8 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re
|
2212
|
2212
|
|
2213
|
2213
|
free((char *)boundary);
|
2214
|
2214
|
|
2215
|
|
- if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx)) {
|
|
2215
|
+ if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx, &rc)) {
|
2216
|
2216
|
DO_FREE(messages);
|
2217
|
|
- rc = VIRUS;
|
2218
|
2217
|
break;
|
2219
|
2218
|
}
|
2220
|
2219
|
|
...
|
...
|
@@ -3293,8 +3290,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
|
3293
|
3293
|
cli_dbgmsg("mimeArgs = '%s'\n", buf);
|
3294
|
3294
|
|
3295
|
3295
|
argCnt++;
|
3296
|
|
- if (haveTooManyMIMEArguments(argCnt, ctx)) {
|
3297
|
|
- *heuristicFound = TRUE;
|
|
3296
|
+ if (haveTooManyMIMEArguments(argCnt, ctx, heuristicFound )) {
|
3298
|
3297
|
break;
|
3299
|
3298
|
}
|
3300
|
3299
|
messageAddArguments(m, buf);
|