@@ -1,8 +1,13 @@

+Sat Sep 18 01:13:21 CEST 2004 (tk)

+----------------------------------

+  * libclamav: add support for new signature format (*.ndb; not yet documented)

+  * sigtool: support ndb files

+

 Fri Sep 17 16:42:06 BST 2004 (njh)

 ----------------------------------

   * clamav-milter:	Fix problem in the template file handling where sendmail

 				variables did't work after clamav variables.

-				Thanks to "Sergey Y. Afonin" <asy@kraft-s.ru>

+				Thanks to "Sergey Y. Afonin" <asy*kraft-s.ru>

 				for pointing this out

 Fri Sep 17 14:47:53 BST 2004 (njh)

@@ -97,15 +97,20 @@ static const struct cli_magic_s cli_magic[] = {

     {0,  "\320\317\021\340\241\261\032\341",

 	                    8, "OLE2 container",  CL_TYPE_MSOLE2},

+    /* Graphics (may contain exploits against MS systems) */

+

+    {0,  "GIF",				 3, "GIF",	    CL_TYPE_GRAPHICS},

+    {0,  "BM",				 2, "BMP",          CL_TYPE_GRAPHICS},

+    {0,  "\377\330\377",		 4, "JPEG",         CL_TYPE_GRAPHICS},

+    {6,  "JFIF",			 4, "JPEG",         CL_TYPE_GRAPHICS},

+    {6,  "Exif",			 4, "JPEG",         CL_TYPE_GRAPHICS},

+    {0,  "\x89PNG",			 4, "PNG",          CL_TYPE_GRAPHICS},

+

     /* Ignored types */

     {0,  "\000\000\001\263",             4, "MPEG video stream",  CL_TYPE_DATA},

     {0,  "\000\000\001\272",             4, "MPEG sys stream",    CL_TYPE_DATA},

     {0,  "RIFF",                         4, "RIFF",		  CL_TYPE_DATA},

-    {0,  "GIF",				 3, "GIF",		  CL_TYPE_DATA},

-    {0,  "\x89PNG",			 4, "PNG",                CL_TYPE_DATA},

-    {0,  "\377\330\377",		 4, "JPEG",               CL_TYPE_DATA},

-    {0,  "BM",				 2, "BMP",                CL_TYPE_DATA},

     {0,  "OggS",                         4, "Ogg Stream",         CL_TYPE_DATA},

     {0,  "ID3",				 3, "MP3",		  CL_TYPE_DATA},

     {0,  "\377\373\220",		 3, "MP3",		  CL_TYPE_DATA},

@@ -38,6 +38,7 @@ typedef enum {

     CL_TYPE_MSCAB,

     CL_TYPE_MSCHM,

     CL_TYPE_SCRENC,

+    CL_TYPE_GRAPHICS,

     /* bigger numbers have higher priority (in o-t-f detection) */

     CL_TYPE_HTML, /* on the fly */

@@ -196,7 +196,7 @@ static void cli_freepatt(struct cli_ac_patt *list)

     while(handler) {

 	free(handler->pattern);

 	free(handler->virname);

-	if(handler->offset)

+	if(handler->offset && (!handler->sigid || handler->partno == 1))

 	    free(handler->offset);

 	if(handler->alt) {

 	    free(handler->altn);

@@ -264,11 +264,11 @@ static int inline cli_findpos(const char *buffer, int offset, int length, const

     return 1;

 }

-int cli_ac_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, int *partcnt, short otfrec, unsigned long int offset, unsigned long int *partoff, struct cli_voffset *voffset)

+int cli_ac_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, int *partcnt, short otfrec, unsigned long int offset, unsigned long int *partoff, unsigned short ftype, int fd)

 {

 	struct cli_ac_node *current;

 	struct cli_ac_patt *pt;

-	int position, type = CL_CLEAN, dist;

+	int position, type = CL_CLEAN, dist, t;

         unsigned int i;

@@ -291,9 +291,19 @@ int cli_ac_scanbuff(const char *buffer, unsigned int length, const char **virnam

 	    pt = current->list;

 	    while(pt) {

 		if(cli_findpos(buffer, position, length, pt)) {

+		    if((pt->offset || pt->target) && (!pt->sigid || pt->partno == 1)) {

+			if(ftype == CL_TYPE_UNKNOWN_TEXT)

+			    t = type;

+			else

+			    t = ftype;

+			if(!cli_validatesig(pt->target, t, pt->offset, offset + position, fd, pt->virname)) {

+			    pt = pt->next;

+			    continue;

+			}

+		    }

+

 		    if(pt->sigid) { /* it's a partial signature */

 			if(partcnt[pt->sigid] + 1 == pt->partno) {

-

 			    dist = 1;

 			    if(pt->maxdist)

 				if(offset + i - partoff[pt->sigid] > pt->maxdist)

@@ -23,7 +23,7 @@

 #include "matcher.h"

 int cli_ac_addpatt(struct cl_node *root, struct cli_ac_patt *pattern);

-int cli_ac_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, int *partcnt, short otfrec, unsigned long int offset, unsigned long int *partoff, struct cli_voffset *voffset);

+int cli_ac_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, int *partcnt, short otfrec, unsigned long int offset, unsigned long int *partoff, unsigned short ftype, int fd);

 int cli_ac_buildtrie(struct cl_node *root);

 void cli_ac_free(struct cl_node *root);

@@ -120,7 +120,7 @@ void cli_bm_free(struct cl_node *root)

     }

 }

-int cli_bm_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, unsigned long int offset, struct cli_voffset *voffset)

+int cli_bm_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, unsigned long int offset, unsigned short ftype, int fd)

 {

 	int i, j, shift, off, found = 0;

 	uint16_t idx;

@@ -166,10 +166,13 @@ int cli_bm_scanbuff(const char *buffer, unsigned int length, const char **virnam

 		}

 		if(found && p->length == j) {

-		    if(voffset) {

-			voffset->offstr = p->offset;

-			voffset->fileoff = offset + i - BM_MIN_LENGTH + BM_BLOCK_SIZE;

-                        voffset->target = p->target;

+

+		    if(p->target || p->offset) {

+			    int off = offset + i - BM_MIN_LENGTH + BM_BLOCK_SIZE;

+			if(!cli_validatesig(p->target, ftype, p->offset, off, fd, p->virname)) {

+			    p = p->next;

+			    continue;

+			}

 		    }

 		    if(virname)

@@ -24,7 +24,7 @@

 int cli_bm_addpatt(struct cl_node *root, struct cli_bm_patt *pattern);

 int cli_bm_init(struct cl_node *root);

-int cli_bm_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, unsigned long int offset, struct cli_voffset *voffset);

+int cli_bm_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, unsigned long int offset, unsigned short ftype, int fd);

 void cli_bm_free(struct cl_node *root);

 #endif

@@ -21,6 +21,10 @@

 #endif

 #include <string.h>

+#include <ctype.h>

+#include <sys/types.h>

+#include <sys/stat.h>

+#include <unistd.h>

 #include "clamav.h"

 #include "others.h"

@@ -29,14 +33,15 @@

 #include "md5.h"

 #include "filetypes.h"

 #include "matcher.h"

+#include "pe.h"

 #define MD5_BLOCKSIZE 4096

-#define TARGET_TABLE_SIZE 5

-static int targettab[TARGET_TABLE_SIZE] = { 0, CL_TYPE_MSEXE, CL_TYPE_MSOLE2, CL_TYPE_HTML, CL_TYPE_MAIL };

+#define TARGET_TABLE_SIZE 6

+static int targettab[TARGET_TABLE_SIZE] = { 0, CL_TYPE_MSEXE, CL_TYPE_MSOLE2, CL_TYPE_HTML, CL_TYPE_MAIL, CL_TYPE_GRAPHICS };

-int cl_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root)

+int cli_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, unsigned short ftype)

 {

 	int ret, *partcnt;

 	unsigned long int *partoff;

@@ -53,14 +58,19 @@ int cl_scanbuff(const char *buffer, unsigned int length, const char **virname, c

 	return CL_EMEM;

     }

-    if((ret = cli_bm_scanbuff(buffer, length, virname, root, 0, NULL)) != CL_VIRUS)

-	ret = cli_ac_scanbuff(buffer, length, virname, root, partcnt, 0, 0, partoff, NULL);

+    if((ret = cli_bm_scanbuff(buffer, length, virname, root, 0, ftype, -1)) != CL_VIRUS)

+	ret = cli_ac_scanbuff(buffer, length, virname, root, partcnt, 0, 0, partoff, ftype, -1);

     free(partcnt);

     free(partoff);

     return ret;

 }

+int cl_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root)

+{

+    return cli_scanbuff(buffer, length, virname, root, 0);

+}

+

 static struct cli_md5_node *cli_vermd5(const unsigned char *md5, const struct cl_node *root)

 {

 	struct cli_md5_node *pt;

@@ -79,6 +89,92 @@ static struct cli_md5_node *cli_vermd5(const unsigned char *md5, const struct cl

     return NULL;

 }

+static long int cli_caloff(const char *offstr, int fd)

+{

+	struct cli_pe_info peinfo;

+	long int offset = -1;

+	int n;

+

+

+    if(isdigit(offstr[0])) {

+	return atoi(offstr);

+    } if(!strncmp(offstr, "EP+", 3)) {

+	if((n = lseek(fd, 0, SEEK_CUR)) == -1) {

+	    cli_dbgmsg("Invalid descriptor\n");

+	    return -1;

+	}

+	lseek(fd, 0, SEEK_SET);

+	if(cli_peheader(fd, &peinfo))

+	    return -1;

+	free(peinfo.section);

+	lseek(fd, n, SEEK_SET);

+	return peinfo.ep + atoi(offstr + 3);

+    } else if(offstr[0] == 'S') {

+	if((n = lseek(fd, 0, SEEK_CUR)) == -1) {

+	    cli_dbgmsg("Invalid descriptor\n");

+	    return -1;

+	}

+	lseek(fd, 0, SEEK_SET);

+	if(cli_peheader(fd, &peinfo))

+	    return -1;

+	lseek(fd, n, SEEK_SET);

+

+	if(sscanf(offstr, "S%d+%ld", &n, &offset) != 2)

+	    return -1;

+

+	if(n >= peinfo.nsections) {

+	    free(peinfo.section);

+	    return -1;

+	}

+

+	offset += peinfo.section[n].raw;

+	free(peinfo.section);

+	return offset;

+    } else if(!strncmp(offstr, "EOF-", 4)) {

+	    struct stat sb;

+

+	if(fstat(fd, &sb) == -1)

+	    return -1;

+

+	return sb.st_size - atoi(offstr + 4);

+    }

+

+    return -1;

+}

+

+int cli_validatesig(unsigned short target, unsigned short ftype, const char *offstr, unsigned long int fileoff, int desc, const char *virname)

+{

+

+    if(target) {

+	if(target >= TARGET_TABLE_SIZE) {

+	    cli_errmsg("Bad target in signature (%s)\n", virname);

+	    return 0;

+	} else if(ftype) {

+	    if(targettab[target] != ftype) {

+		cli_dbgmsg("Type: %d, expected: %d (%s)\n", ftype, targettab[target], virname);

+		return 0;

+	    }

+	} 

+

+    }

+

+    if(offstr && desc != -1) {

+	    long int off = cli_caloff(offstr, desc);

+

+	if(off == -1) {

+	    cli_dbgmsg("Bad offset in signature (%s)\n", virname);

+	    return 0;

+	}

+

+	if(fileoff != off) {

+	    cli_dbgmsg("Virus offset: %d, expected: %d (%s)\n", fileoff, off, virname);

+	    return 0;

+	}

+    }

+

+    return 1;

+}

+

 int cli_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, short otfrec, unsigned short ftype)

 {

  	char *buffer, *buff, *endbl, *pt;

@@ -87,7 +183,6 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct

 	struct MD5Context ctx;

 	unsigned char digest[16];

 	struct cli_md5_node *md5_node;

-	struct cli_voffset voffset;

     if(!root) {

@@ -109,7 +204,7 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct

     }

     if((partoff = (unsigned long int *) cli_calloc(root->ac_partsigs + 1, sizeof(unsigned long int))) == NULL) {

-	cli_dbgmsg("cli_scanbuff(): unable to cli_calloc(%d, %d)\n", root->ac_partsigs + 1, sizeof(unsigned long int));

+	cli_dbgmsg("cli_scandesc(): unable to cli_calloc(%d, %d)\n", root->ac_partsigs + 1, sizeof(unsigned long int));

 	free(buffer);

 	free(partcnt);

 	return CL_EMEM;

@@ -118,7 +213,6 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct

     if(root->md5_hlist)

 	MD5Init(&ctx);

-    memset(&voffset, 0, sizeof(struct cli_voffset));

     buff = buffer;

     buff += root->maxpatlen; /* pointer to read data block */

@@ -136,28 +230,12 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct

 	if(bytes < SCANBUFF)

 	    length -= SCANBUFF - bytes;

-	if(cli_bm_scanbuff(pt, length, virname, root, offset, &voffset) == CL_VIRUS ||

-	   (ret = cli_ac_scanbuff(pt, length, virname, root, partcnt, otfrec, offset, partoff, &voffset)) == CL_VIRUS) {

+	if(cli_bm_scanbuff(pt, length, virname, root, offset, ftype, desc) == CL_VIRUS ||

+	   (ret = cli_ac_scanbuff(pt, length, virname, root, partcnt, otfrec, offset, partoff, ftype, desc)) == CL_VIRUS) {

 	    free(buffer);

 	    free(partcnt);

 	    free(partoff);

-	    if(voffset.target) {

-		if(voffset.target >= TARGET_TABLE_SIZE) {

-		    cli_errmsg("Bad target (%d) in signature for %s\n", voffset.target, *virname);

-		} else if(ftype && ftype != CL_TYPE_UNKNOWN_TEXT) {

-		    if(targettab[voffset.target] != ftype) {

-			cli_dbgmsg("Expected target type (%d) for %s != %d\n", voffset.target, *virname, ftype);

-			return CL_CLEAN;

-		    }

-		} else if(type) {

-		    if(targettab[voffset.target] != type) {

-			cli_dbgmsg("Expected target type (%d) for %s != %d\n", voffset.target, *virname, type);

-			return CL_CLEAN;

-		    }

-		}

-	    }

-

 	    return CL_VIRUS;

 	} else if(otfrec && ret >= CL_TYPENO) {

@@ -23,10 +23,8 @@

 int cli_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, short otfrec, unsigned short ftype);

-struct cli_voffset {

-    const char *offstr;

-    unsigned long int fileoff;

-    unsigned short target;

-};

+int cli_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, unsigned short ftype);

+

+int cli_validatesig(unsigned short target, unsigned short ftype, const char *offstr, unsigned long int fileoff, int desc, const char *virname);

 #endif

@@ -1182,7 +1182,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c

     return CL_CLEAN;

 }

-int cli_peheader(int desc, struct cli_pe_info **peinfo)

+int cli_peheader(int desc, struct cli_pe_info *peinfo)

 {

 	uint16_t e_magic; /* DOS signature ("MZ") */

 	uint32_t e_lfanew; /* address of new exe header */

@@ -1190,7 +1190,6 @@ int cli_peheader(int desc, struct cli_pe_info **peinfo)

 	struct pe_image_optional_hdr optional_hdr;

 	struct pe_image_section_hdr *section_hdr;

 	struct stat sb;

-	struct cli_pe_info *info;

 	int i;

@@ -1242,71 +1241,57 @@ int cli_peheader(int desc, struct cli_pe_info **peinfo)

 	return -1;

     }

-    if(!(info = cli_calloc(1, sizeof(struct cli_pe_info)))) {

-	cli_dbgmsg("Can't alloc memory\n");

-	return -1;

-    }

-

-    info->nsections = EC16(file_hdr.NumberOfSections);

+    peinfo->nsections = EC16(file_hdr.NumberOfSections);

     if(read(desc, &optional_hdr, sizeof(struct pe_image_optional_hdr)) != sizeof(struct pe_image_optional_hdr)) {

 	cli_dbgmsg("Can't optional file header\n");

-	free(info);

 	return -1;

     }

-    info->section = (struct SECTION *) cli_calloc(info->nsections, sizeof(struct SECTION));

+    peinfo->section = (struct SECTION *) cli_calloc(peinfo->nsections, sizeof(struct SECTION));

-    if(!info->section) {

+    if(!peinfo->section) {

 	cli_dbgmsg("Can't allocate memory for section headers\n");

-	free(info);

 	return -1;

     }

     if(fstat(desc, &sb) == -1) {

 	cli_dbgmsg("fstat failed\n");

-	free(info->section);

-	free(info);

+	free(peinfo->section);

 	return -1;

     }

-    section_hdr = (struct pe_image_section_hdr *) cli_calloc(info->nsections, sizeof(struct pe_image_section_hdr));

+    section_hdr = (struct pe_image_section_hdr *) cli_calloc(peinfo->nsections, sizeof(struct pe_image_section_hdr));

     if(!section_hdr) {

 	cli_dbgmsg("Can't allocate memory for section headers\n");

-	free(info->section);

-	free(info);

+	free(peinfo->section);

 	return -1;

     }

-    for(i = 0; i < info->nsections; i++) {

+    for(i = 0; i < peinfo->nsections; i++) {

 	if(read(desc, &section_hdr[i], sizeof(struct pe_image_section_hdr)) != sizeof(struct pe_image_section_hdr)) {

 	    cli_dbgmsg("Can't read section header\n");

 	    cli_dbgmsg("Possibly broken PE file\n");

 	    free(section_hdr);

-	    free(info->section);

-	    free(info);

+	    free(peinfo->section);

 	    return -1;

 	}

-	info->section[i].rva = EC32(section_hdr[i].VirtualAddress);

-	info->section[i].vsz = EC32(section_hdr[i].VirtualSize);

-	info->section[i].raw = EC32(section_hdr[i].PointerToRawData);

-	info->section[i].rsz = EC32(section_hdr[i].SizeOfRawData);

-

+	peinfo->section[i].rva = EC32(section_hdr[i].VirtualAddress);

+	peinfo->section[i].vsz = EC32(section_hdr[i].VirtualSize);

+	peinfo->section[i].raw = EC32(section_hdr[i].PointerToRawData);

+	peinfo->section[i].rsz = EC32(section_hdr[i].SizeOfRawData);

     }

-    if((info->ep = cli_rawaddr(EC32(optional_hdr.AddressOfEntryPoint), section_hdr, info->nsections)) == -1) {

+    if((peinfo->ep = cli_rawaddr(EC32(optional_hdr.AddressOfEntryPoint), section_hdr, peinfo->nsections)) == -1) {

 	cli_dbgmsg("Possibly broken PE file\n");

 	free(section_hdr);

-	free(info->section);

-	free(info);

+	free(peinfo->section);

 	return -1;

     }

     free(section_hdr);

-    *peinfo = info;

-

     return 0;

 }

@@ -102,6 +102,6 @@ struct cli_pe_info {

 int cli_scanpe(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options, int *arec, int *mrec);

-int cli_peheader(int desc, struct cli_pe_info **peinfo);

+int cli_peheader(int desc, struct cli_pe_info *peinfo);

 #endif

@@ -513,6 +513,9 @@ static int cli_loadndb(FILE *fd, struct cl_node **root, unsigned int *signo)

 	    free(virname);

 	    ret = CL_EMALFDB;

 	    break;

+	} else if(!strcmp(offset, "*")) {

+	    free(offset);

+	    offset = NULL;

 	}

 	if(!(sig = cli_strtok(buffer, 3, ":"))) {

@@ -852,7 +852,7 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *

 	    if(!data) {

 		cli_dbgmsg("VBADir: WARNING: VBA project '%s' decompressed to NULL\n", vba_project->name[i]);

 	    } else {

-		if(cl_scanbuff(data, data_len, virname, root) == CL_VIRUS) {

+		if(cli_scanbuff(data, data_len, virname, root, CL_TYPE_MSOLE2) == CL_VIRUS) {

 		    free(data);

 		    ret = CL_VIRUS;

 		    break;

@@ -893,7 +893,7 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *

 		if(!data) {

 			cli_dbgmsg("VBADir: WARNING: WM project '%s' macro %d decrypted to NULL\n", vba_project->name[i], i);

 		} else {

-			if(cl_scanbuff(data, vba_project->length[i], virname, root) == CL_VIRUS) {

+			if(cli_scanbuff(data, vba_project->length[i], virname, root, CL_TYPE_MSOLE2) == CL_VIRUS) {

 				free(data);

 				ret = CL_VIRUS;

 				break;

@@ -226,17 +226,13 @@ int build(struct optstruct *opt)

 	struct tm *brokent;

 	struct cl_cvd *oldcvd = NULL;

-    /* build a tar.gz archive

-     * we need: COPYING and {main.db, main.hdb, daily.db, daily.hdb}+

-     * in current working directory

-     */

     if(stat("COPYING", &foo) == -1) {

 	mprintf("COPYING file not found in current working directory.\n");

 	exit(1);

     }

-    if(stat("main.db", &foo) == -1 && stat("daily.db", &foo) == -1 && stat("main.hdb", &foo) == -1 && stat("daily.hdb", &foo)) {

+    if(stat("main.db", &foo) == -1 && stat("daily.db", &foo) == -1 && stat("main.hdb", &foo) == -1 && stat("daily.hdb", &foo) == -1 && stat("main.ndb", &foo) == -1 && stat("daily.ndb", &foo) == -1) {

 	mprintf("Virus database not found in current working directory.\n");

 	exit(1);

     }

@@ -256,7 +252,7 @@ int build(struct optstruct *opt)

 	mprintf("WARNING: There are no signatures in the database(s).\n");

     } else {

 	mprintf("Signatures: %d\n", no);

-	realno = countlines("main.db") + countlines("daily.db") + countlines("main.hdb") + countlines("daily.hdb");

+	realno = countlines("main.db") + countlines("daily.db") + countlines("main.hdb") + countlines("daily.hdb") + countlines("main.ndb") + countlines("daily.ndb");

 	if(realno != no) {

 	    mprintf("!Signatures in database: %d. Loaded: %d.\n", realno, no);

 	    mprintf("Please check the current directory and remove unnecessary databases\n");

@@ -273,7 +269,7 @@ int build(struct optstruct *opt)

 	    exit(1);

 	case 0:

 	    {

-		char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db", "daily.db", "Notes", "viruses.db3", "main.hdb", "daily.hdb", NULL };

+		char *args[] = { "tar", "-cvf", NULL, "COPYING", "main.db", "daily.db", "Notes", "viruses.db3", "main.hdb", "daily.hdb", "main.ndb", "daily.ndb", NULL };

 		args[2] = tarfile;

 		execv("/bin/tar", args);

 		mprintf("!Can't execute tar\n");

@@ -663,7 +659,7 @@ int listdb(const char *filename)

 	    mprintf("%s\n", start);

 	}

-    } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".hdb2")) {

+    } else if(cli_strbcasestr(filename, ".hdb")) {

 	while(fgets(buffer, FILEBUFF, fd)) {

 	    line++;

@@ -684,6 +680,26 @@ int listdb(const char *filename)

 	    free(start);

 	}

+    } else if(cli_strbcasestr(filename, ".ndb")) {

+

+	while(fgets(buffer, FILEBUFF, fd)) {

+	    line++;

+	    cli_chomp(buffer);

+	    start = cli_strtok(buffer, 0, ":");

+

+	    if(!start) {

+		mprintf("!listdb(): Malformed pattern line %d (file %s).\n", line, filename);

+		fclose(fd);

+		free(buffer);

+		return -1;

+	    }

+

+	    if((pt = strstr(start, " (Clam)")))

+		*pt = 0;

+

+	    mprintf("%s\n", start);

+	    free(start);

+	}

     }

     fclose(fd);

@@ -712,7 +728,7 @@ int listdir(const char *dirname)

 	    (cli_strbcasestr(dent->d_name, ".db")  ||

 	     cli_strbcasestr(dent->d_name, ".db2") ||

 	     cli_strbcasestr(dent->d_name, ".hdb") ||

-	     cli_strbcasestr(dent->d_name, ".hdb2") ||

+	     cli_strbcasestr(dent->d_name, ".ndb") ||

 	     cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbfile = (char *) mcalloc(strlen(dent->d_name) + strlen(dirname) + 2, sizeof(char));