@@ -575,7 +575,7 @@ fileblobAddData(fileblob *fb, const unsigned char *data, size_t len)

 				fb->bytes_scanned += (unsigned long)len;

 				if((len > 5) && cli_updatelimits(ctx, len)==CL_CLEAN && (cli_scanbuff(data, (unsigned int)len, 0, ctx->virname, ctx->engine, CL_TYPE_BINARY_DATA, NULL) == CL_VIRUS)) {

-					cli_dbgmsg("fileblobAddData: found %s\n", *ctx->virname);

+				    cli_dbgmsg("fileblobAddData: found %s\n", cli_get_last_virus_str(ctx->virname));

 					fb->isInfected = 1;

 				}

 			}

@@ -138,23 +138,21 @@ static inline int matcher_run(const struct cli_matcher *root,

 	if (ret == CL_VIRUS) {

 	    if (ctx) {

 		cli_append_virus(ctx, *virname);

-#if 1

 		if (SCAN_ALL)

 		    viruses_found++;

 		else

-#endif

 		    return ret;

 	    }

 	}

     }

     PERF_LOG_TRIES(acmode, 0, length);

     ret = cli_ac_scanbuff(buffer, length, virname, NULL, acres, root, mdata, offset, ftype, ftoffset, acmode, NULL);

-#if 1

+

     if (ctx && ret == CL_VIRUS)

 	cli_append_virus(ctx, *virname);

     if (ctx && SCAN_ALL && viruses_found)

 	return CL_VIRUS;

-#endif

+

     return ret;

 }

@@ -190,8 +188,6 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,

 	ret = matcher_run(troot, buffer, length, &virname, acdata ? (acdata[0]): (&mdata), offset, NULL, ftype, NULL, AC_SCAN_VIR, NULL, *ctx->fmap, NULL, NULL, ctx);

-	//	if (virname)

-	//	    cli_append_virus(ctx, virname);

 	if(!acdata)

 	    cli_ac_freedata(&mdata);

@@ -206,8 +202,6 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,

     ret = matcher_run(groot, buffer, length, &virname, acdata ? (acdata[1]): (&mdata), offset, NULL, ftype, NULL, AC_SCAN_VIR, NULL, *ctx->fmap, NULL, NULL, ctx);

-    //  if (virname)

-    //	cli_append_virus(ctx, virname);

     if(!acdata)

 	cli_ac_freedata(&mdata);

@@ -492,7 +486,7 @@ int cli_checkfp(unsigned char *digest, size_t size, cli_ctx *ctx)

             for(i=0; i<SHA1_HASH_SIZE; i++)

                 sprintf((char *)shash1+i*2, "%02x", shash1[SHA1_HASH_SIZE+i]);

-	    cli_errmsg("COLLECT:%s:%s:%u:%s:%s\n", shash256, shash1, size, *ctx->virname, ctx->entry_filename);

+	    cli_errmsg("COLLECT:%s:%s:%u:%s:%s\n", shash256, shash1, size, cli_get_last_virus(ctx), ctx->entry_filename);

         } else

             cli_errmsg("can't compute sha\n!");

         ctx->sha_collect = -1;

@@ -803,7 +797,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

 	    ret = matcher_run(troot, buff, bytes, &virname, &tdata, offset, &info, ftype, ftoffset, acmode, acres, map, bm_offmode ? &toff : NULL, &viroffset, ctx);

 	    if (virname) {

-		//		cli_append_virus(ctx, virname);

 		viruses_found++;

 	    }

 	    if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) {

@@ -825,7 +818,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

 	    ret = matcher_run(groot, buff, bytes, &virname, &gdata, offset, &info, ftype, ftoffset, acmode, acres, map, NULL, &viroffset, ctx);

             if (virname) {

-		//              cli_append_virus(ctx, virname);

 		viruses_found++;

 	    }

 	    if((ret == CL_VIRUS && !SCAN_ALL) || ret == CL_EMEM) {

@@ -866,8 +858,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

     }

     if(!ftonly && hdb) {

-	enum CLI_HASH_TYPE hashtype;

-	unsigned int hvirs = 0, hfps = 0;

+	enum CLI_HASH_TYPE hashtype, hashtype2;

 	if(compute_hash[CLI_HASH_MD5])

 	    cli_md5_final(digest[CLI_HASH_MD5], &md5ctx);

@@ -880,23 +871,26 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

 	virname = NULL;

 	for(hashtype = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype++) {

-	    if(compute_hash[hashtype] && (ret = cli_hm_scan(digest[hashtype], map->len, &virname, hdb, hashtype)) == CL_VIRUS) {

-

-		if(fp && cli_hm_scan(digest[hashtype], map->len, NULL, fp, hashtype) == CL_VIRUS) {

-		    hfps++;

-		    continue;

+	    if(compute_hash[hashtype] &&

+	       (ret = cli_hm_scan(digest[hashtype], map->len, &virname, hdb, hashtype)) == CL_VIRUS) {

+		if(fp) {

+		    for(hashtype2 = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype2++) {

+			if(compute_hash[hashtype2] &&

+			   cli_hm_scan(digest[hashtype2], map->len, NULL, fp, hashtype2) == CL_VIRUS) {

+			    ret = CL_CLEAN;

+			    break;

+			}

+		    }

+		}

+		if (ret == CL_VIRUS) {

+		    viruses_found++;

+		    cli_append_virus(ctx, virname);

+		    if (!SCAN_ALL)

+			break;

 		}

-		hvirs++;

-		cli_append_virus(ctx, virname);

 		virname = NULL;

-		if(!SCAN_ALL)

-		    break;

 	    }

 	}

-	if(hvirs > hfps)

-	    ret = CL_VIRUS;

-	else

-	    ret = CL_CLEAN;

     }

     if(troot) {

@@ -545,15 +545,9 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)

 		messageDestroy(body);

 	}

-#if 0

-	if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted && (*ctx->virname == NULL)) {

-	    *ctx->virname = "Heuristics.Phishing.Email";

-#else

-	/* TBD: Breaks unit_test/check1_clamscan.sh and check2_clamd.sh w/SCAN_ALL */

 	if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted &&

 	   (*ctx->virname == NULL || SCAN_ALL)) {

 	    cli_append_virus(ctx, "Heuristics.Phishing.Email");

-#endif

 	    ctx->found_possibly_unwanted = 0;

 	    retcode = CL_VIRUS;

 	}

@@ -797,16 +797,24 @@ void cli_append_virus(cli_ctx * ctx, const char * virname)

 const char * cli_get_last_virus(const cli_ctx * ctx)

 {

-    if (!ctx->virname)

+    if (!ctx || !ctx->virname || !(*ctx->virname))

 	return NULL;

-    if (SCAN_ALL && ctx->num_viruses) {

+    if (SCAN_ALL && ctx->num_viruses)

 	return ctx->virname[ctx->num_viruses-1];

-    }

     else

 	return *ctx->virname;

 }

+const char * cli_get_last_virus_str(const cli_ctx * ctx)

+{

+    const char * ret;

+    if ((ret = cli_get_last_virus(ctx)))

+	return ret;

+    return "";

+}

+

+

 #ifdef	C_WINDOWS

 /*

@@ -427,6 +427,7 @@ static inline void cli_writeint32(char *offset, uint32_t value)

 void cli_append_virus(cli_ctx *ctx, const char *virname);

 const char *cli_get_last_virus(const cli_ctx *ctx);

+const char *cli_get_last_virus_str(const cli_ctx *ctx);

 /* used by: spin, yc (C) aCaB */

 #define __SHIFTBITS(a) (sizeof(a)<<3)

@@ -1675,7 +1675,7 @@ static int cli_scan_structured(cli_ctx *ctx)

 	size_t pos = 0;

 	int (*ccfunc)(const unsigned char *buffer, int length);

 	int (*ssnfunc)(const unsigned char *buffer, int length);

-	unsigned int viruses_found;

+	unsigned int viruses_found = 0;

     if(ctx == NULL)

 	return CL_ENULLARG;

@@ -2202,7 +2202,7 @@ static void emax_reached(cli_ctx *ctx) {

 	cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", retcode, __AT__); \

 	if(ctx->engine->cb_post_scan) {					\

 	    perf_start(ctx, PERFT_POSTCB);				\

-	    switch(ctx->engine->cb_post_scan(fmap_fd(*ctx->fmap), retcode, ret == CL_VIRUS ? cli_get_last_virus(ctx) : NULL, ctx->cb_ctx)) { \

+	    switch(ctx->engine->cb_post_scan(fmap_fd(*ctx->fmap), retcode, retcode == CL_VIRUS ? cli_get_last_virus(ctx) : NULL, ctx->cb_ctx)) { \

 	    case CL_BREAK:									\

 		cli_dbgmsg("cli_magic_scandesc: file whitelisted by post_scan callback\n"); 	\

 		perf_stop(ctx, PERFT_POSTCB);							\