git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@416 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/03/19 17:10:15... | ... |
@@ -1,3 +1,10 @@ |
1 |
+Fri Mar 19 08:18:24 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/mbox.c: If an RFC822 message is found as part of a multipart |
|
4 |
+ message and that message has no encoding, don't save for scanning |
|
5 |
+ * libclamav/message.c: Handle content encoding of '8 bit' as well |
|
6 |
+ as the more correct '8bit' |
|
7 |
+ |
|
1 | 8 |
Thu Mar 18 22:01:39 GMT 2004 (njh) |
2 | 9 |
---------------------------------- |
3 | 10 |
* libclamav: If a message only contains a single RFC822 message that has no |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.53 2004/03/19 08:08:02 nigelhorne |
|
21 |
+ * If a message part of a multipart contains an RFC822 message that has no encoding don't scan it |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.52 2004/03/18 21:51:41 nigelhorne |
21 | 24 |
* If a message only contains a single RFC822 message that has no encoding don't save for scanning |
22 | 25 |
* |
... | ... |
@@ -147,7 +150,7 @@ |
147 | 147 |
* Compilable under SCO; removed duplicate code with message.c |
148 | 148 |
* |
149 | 149 |
*/ |
150 |
-static char const rcsid[] = "$Id: mbox.c,v 1.52 2004/03/18 21:51:41 nigelhorne Exp $"; |
|
150 |
+static char const rcsid[] = "$Id: mbox.c,v 1.53 2004/03/19 08:08:02 nigelhorne Exp $"; |
|
151 | 151 |
|
152 | 152 |
#if HAVE_CONFIG_H |
153 | 153 |
#include "clamav-config.h" |
... | ... |
@@ -216,6 +219,7 @@ static bool continuationMarker(const char *line); |
216 | 216 |
static int parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg); |
217 | 217 |
static void saveTextPart(message *m, const char *dir); |
218 | 218 |
static bool saveFile(const blob *b, const char *dir); |
219 |
+static bool isAllText(const message *m); |
|
219 | 220 |
|
220 | 221 |
/* Maximum number of attachments that we accept */ |
221 | 222 |
#define MAX_ATTACHMENTS 10 |
... | ... |
@@ -977,6 +981,9 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
977 | 977 |
break; |
978 | 978 |
case MESSAGE: |
979 | 979 |
cli_dbgmsg("Found message inside multipart\n"); |
980 |
+ if(isAllText(aMessage)) |
|
981 |
+ continue; |
|
982 |
+ |
|
980 | 983 |
body = parseEmailHeaders(aMessage, rfc821Table); |
981 | 984 |
/* |
982 | 985 |
* We've fininished with the |
... | ... |
@@ -999,7 +1006,6 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
999 | 999 |
* It's a multi part within a multi part |
1000 | 1000 |
* Run the message parser on this bit, it won't |
1001 | 1001 |
* be an attachment |
1002 |
- * |
|
1003 | 1002 |
*/ |
1004 | 1003 |
cli_dbgmsg("Found multipart inside multipart\n"); |
1005 | 1004 |
if(aMessage) { |
... | ... |
@@ -1392,29 +1398,15 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1392 | 1392 |
|
1393 | 1393 |
cli_dbgmsg("Not found uuencoded file\n"); |
1394 | 1394 |
|
1395 |
- if(messageGetMimeType(mainMessage) == MESSAGE) { |
|
1395 |
+ if(messageGetMimeType(mainMessage) == MESSAGE) |
|
1396 | 1396 |
/* |
1397 | 1397 |
* Quick peek, if the encapsulated |
1398 | 1398 |
* message has no |
1399 | 1399 |
* content encoding statement don't |
1400 | 1400 |
* bother saving to scan, it's safe |
1401 |
- * |
|
1402 |
- * TODO: check to see if we need to |
|
1403 |
- * find anything else, perhaps anything |
|
1404 |
- * from the RFC821 table? |
|
1405 | 1401 |
*/ |
1406 |
- const text *t; |
|
1407 |
- |
|
1408 |
- saveIt = FALSE; |
|
1409 |
- |
|
1410 |
- for(t = messageGetBody(mainMessage); t; t = t->t_next) |
|
1411 |
- if(strncasecmp(t->t_text, |
|
1412 |
- "Content-Transfer-Encoding", |
|
1413 |
- strlen("Content-Transfer-Encoding")) == 0) { |
|
1414 |
- saveIt = TRUE; |
|
1415 |
- break; |
|
1416 |
- } |
|
1417 |
- } else |
|
1402 |
+ saveIt = !isAllText(mainMessage); |
|
1403 |
+ else |
|
1418 | 1404 |
saveIt = TRUE; |
1419 | 1405 |
|
1420 | 1406 |
if(saveIt) { |
... | ... |
@@ -1850,3 +1842,27 @@ saveFile(const blob *b, const char *dir) |
1850 | 1850 |
|
1851 | 1851 |
return (close(fd) >= 0); |
1852 | 1852 |
} |
1853 |
+ |
|
1854 |
+/* |
|
1855 |
+ * If a message doesn't not contain another message which could be harmful |
|
1856 |
+ * it is deemed to be safe. |
|
1857 |
+ * |
|
1858 |
+ * TODO: ensure nothing can get through this |
|
1859 |
+ * |
|
1860 |
+ * TODO: check to see if we need to |
|
1861 |
+ * find anything else, perhaps anything |
|
1862 |
+ * from the RFC821 table? |
|
1863 |
+ */ |
|
1864 |
+static bool |
|
1865 |
+isAllText(const message *m) |
|
1866 |
+{ |
|
1867 |
+ const text *t; |
|
1868 |
+ |
|
1869 |
+ for(t = messageGetBody(m); t; t = t->t_next) |
|
1870 |
+ if(strncasecmp(t->t_text, |
|
1871 |
+ "Content-Transfer-Encoding", |
|
1872 |
+ strlen("Content-Transfer-Encoding")) == 0) |
|
1873 |
+ return FALSE; |
|
1874 |
+ |
|
1875 |
+ return TRUE; |
|
1876 |
+} |