@@ -1,3 +1,8 @@

+Wed Oct  8 12:39:26 CEST 2003 (tk)

+----------------------------------

+  * clamd: (!!!) fixed race condition in database reloading code

+  * libclamav: finished support for cvd files

+

 Sun Oct  5 18:30:40 BST 2003 (njh)

 ----------------------------------

   * clamav-milter: Used to always remove old UNIX domain sockets, now

@@ -25,6 +25,10 @@

 #define _GNU_SOURCE

 #include "getopt.h"

+#if defined(C_LINUX) && defined(CL_DEBUG)

+#include <sys/resource.h>

+#endif

+

 #include "options.h"

 #include "others.h"

@@ -44,7 +48,14 @@ int main(int argc, char **argv)

 	    {0, 0, 0, 0}

     	};

+#if defined(C_LINUX) && defined(CL_DEBUG)

+	/* njh@bandsman.co.uk: create a dump if needed */

+	struct rlimit rlim;

+    rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;

+    if(setrlimit(RLIMIT_CORE, &rlim) < 0)

+	perror("setrlimit");

+#endif

     opt=(struct optstruct*)mmalloc(sizeof(struct optstruct));

     opt->optlist = NULL;

@@ -68,21 +68,6 @@ void *threadscanner(void *arg)

     sigfillset(&sigset);

     pthread_sigmask(SIG_SETMASK, &sigset, NULL);

-    if(reload) {

-	logg("*Session(%d): database reloading (waiting).\n", tharg->sid);

-	ths[tharg->sid].reload = 1;

-	while(reload && maxwait--) /* wait during reloading */

-	    sleep(1);

-

-	if(!maxwait && reload) {

-	    logg("!Database reloading failed, time exceeded. Forcing quit.\n");

-	    kill(progpid, SIGTERM);

-	}

-

-	ths[tharg->sid].reload = 0;

-	logg("*Session(%d): database reloaded.\n", tharg->sid);

-    }

-

     if((bread = read(ths[tharg->sid].desc, buff, 1024)) == -1) {

 	logg("!Session(%d): read() failed.\n", tharg->sid);

 	THREXIT;

@@ -140,8 +125,9 @@ void *threadwatcher(void *arg)

 	struct cl_stat dbstat;

-    /* ignore all signals */

+    /* ignore all signals (except for SIGSEGV) */

     sigfillset(&sigset);

+    sigdelset(&sigset, SIGSEGV);

     pthread_sigmask(SIG_SETMASK, &sigset, NULL);

 #ifdef C_LINUX

@@ -282,8 +268,15 @@ void *threadwatcher(void *arg)

 	timer++;

-	/* reload the database(s) */

+	/* reload the database */

 	if(reload) {

+

+	    /* make sure the main thread doesn't start new threads */

+	    do {

+		usleep(200000);

+	    } while(!main_accept && !main_reload);

+

+	    /* wait until all working threads are finished */

 	    do {

 		need_wait = 0;

 		for(j = 0; j < threads; j++)

@@ -291,8 +284,7 @@ void *threadwatcher(void *arg)

 			if(time(NULL) - ths[j].start > timeout) {

 			    do_loop = 1;

 			    break;

-			} else if(!ths[j].reload)

-			    need_wait = 1;

+			} else need_wait = 1;

 		    }

 #ifdef CLAMUKO

@@ -317,6 +309,7 @@ void *threadwatcher(void *arg)

 		/* some threads must be stopped in the next iteration,

 		 * reload is still == 1

 		 */

+		logg("Database reload: some threads must be stopped in the next iteration.\n");

 		do_loop = 0;

 		continue;

 	    }

@@ -342,6 +335,8 @@ void *threadwatcher(void *arg)

 	    } else {

 		cl_buildtrie(*thwarg->root);

 		/* check integrity */

+		if(!testsignature(*thwarg->root))

+		    logg("!Unable to detect test signature.\n");

 		logg("Database correctly reloaded (%d viruses)\n", virnum);

 	    }

@@ -517,7 +512,9 @@ int acceptloop(int socketd, struct cl_node *root, const struct cfgstruct *copt)

     sigaddset(&sigact.sa_mask, SIGHUP);

     sigaction(SIGINT, &sigact, NULL);

     sigaction(SIGTERM, &sigact, NULL);

+#ifndef CL_DEBUG

     sigaction(SIGSEGV, &sigact, NULL);

+#endif

     sigaction(SIGHUP, &sigact, NULL);

     /* we need to save program's PID, because under Linux each thread

@@ -551,14 +548,16 @@ int acceptloop(int socketd, struct cl_node *root, const struct cfgstruct *copt)

 	}

+	main_accept = 1;

 	if((acceptd = accept(socketd, NULL, NULL)) == -1) {

 	    logg("!accept() failed.\n");

 	    /* exit ? */

 	    continue;

 	}

-

+	main_accept = 0;

 	if(reload) { /* do not start new threads */

+	    main_reload = 1;

 	    logg("*Main thread: database reloading (waiting).\n");

 	    maxwait = CL_DEFAULT_MAXWHILEWAIT;

 	    while(reload && maxwait--)

@@ -572,6 +571,7 @@ int acceptloop(int socketd, struct cl_node *root, const struct cfgstruct *copt)

 	    }

 	    logg("*Main thread: database reloaded.\n");

+	    main_reload = 0;

 	}

 	tharg = (struct thrarg *) mcalloc(1, sizeof(struct thrarg));

@@ -581,9 +581,7 @@ int acceptloop(int socketd, struct cl_node *root, const struct cfgstruct *copt)

 	tharg->limits = &limits;

 	tharg->options = options;

-	//pthread_mutex_lock(&ths[i].mutex);

 	ths[i].desc = acceptd;

-	ths[i].reload = 0;

 	ths[i].active = 1;

 	pthread_create(&ths[i].id, &thattr, threadscanner, tharg);

 	ths[i].start = time(NULL);

@@ -612,6 +610,7 @@ void sighandler(int sig)

 	    exit(0);

 	    break; /* not reached */

+#ifndef CL_DEBUG

 	case SIGSEGV:

 	    logg("Segmentation fault :-( Bye..\n");

@@ -622,7 +621,7 @@ void sighandler(int sig)

 	    pthread_kill(watcherid, 9);

 	    exit(11); /* probably not reached at all */

 	    break; /* not reached */

-

+#endif

 	case SIGHUP:

 	    sighup = 1;

 	    logg("SIGHUP catched: log file re-opened.\n");

@@ -34,7 +34,6 @@ struct thrarg {

 struct thrsession {

     pthread_mutex_t mutex;

     short int active;

-    short int reload;

     pthread_t id;

     time_t start;

     int desc;

@@ -49,7 +48,7 @@ struct thrwarg {

 short int progexit; /* exit steering variable */

 int progpid; /* clamd pid */

-short int reload, clamuko_reload;

+short int reload, clamuko_reload, main_accept, main_reload;

 int acceptloop(int socketd, struct cl_node *root, const struct cfgstruct *copt);

 void sighandler(int sig);

@@ -999,6 +999,7 @@ Optional Features:

   --disable-libtool-lock  avoid locking (might break parallel builds)

   --disable-bzip2	  Disable bzip2 support.

   --enable-milter	  Build clamav-milter (if milter library found)

+  --disable-dsig	  Disable digital signature support.

   --disable-pthreads      Disable POSIX threads support

   --disable-cr      Don't link with C reentrant library (BSD)

   --disable-urandom       Disable test for /dev/urandom

@@ -1901,7 +1902,7 @@ fi

 # Define the identity of the package.

  PACKAGE=clamav

- VERSION=20030829

+ VERSION="devel-`date +%Y%m%d`"

 cat >>confdefs.h <<_ACEOF

@@ -4534,7 +4535,7 @@ test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes

 case $host in

 *-*-irix6*)

   # Find out which ABI we are using.

-  echo '#line 4537 "configure"' > conftest.$ac_ext

+  echo '#line 4538 "configure"' > conftest.$ac_ext

   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5

   (eval $ac_compile) 2>&5

   ac_status=$?

@@ -5070,7 +5071,7 @@ chmod -w .

 save_CFLAGS="$CFLAGS"

 CFLAGS="$CFLAGS -o out/conftest2.$ac_objext"

 compiler_c_o=no

-if { (eval echo configure:5073: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then

+if { (eval echo configure:5074: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then

   # The compiler can only warn and ignore the option if not recognized

   # So say no if there are warnings

   if test -s out/conftest.err; then

@@ -6863,7 +6864,7 @@ else

     lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2

   lt_status=$lt_dlunknown

   cat > conftest.$ac_ext <<EOF

-#line 6866 "configure"

+#line 6867 "configure"

 #include "confdefs.h"

 #if HAVE_DLFCN_H

@@ -6961,7 +6962,7 @@ else

     lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2

   lt_status=$lt_dlunknown

   cat > conftest.$ac_ext <<EOF

-#line 6964 "configure"

+#line 6965 "configure"

 #include "confdefs.h"

 #if HAVE_DLFCN_H

@@ -8733,6 +8734,84 @@ else

   have_milter="no"

 fi;

+want_dsig="yes"

+# Check whether --enable-dsig or --disable-dsig was given.

+if test "${enable_dsig+set}" = set; then

+  enableval="$enable_dsig"

+  want_dsig="no"

+fi;

+

+if test "$want_dsig" = "yes"

+then

+    echo "$as_me:$LINENO: checking for __gmpz_init in -lgmp" >&5

+echo $ECHO_N "checking for __gmpz_init in -lgmp... $ECHO_C" >&6

+if test "${ac_cv_lib_gmp___gmpz_init+set}" = set; then

+  echo $ECHO_N "(cached) $ECHO_C" >&6

+else

+  ac_check_lib_save_LIBS=$LIBS

+LIBS="-lgmp  $LIBS"

+cat >conftest.$ac_ext <<_ACEOF

+#line $LINENO "configure"

+#include "confdefs.h"

+

+/* Override any gcc2 internal prototype to avoid an error.  */

+#ifdef __cplusplus

+extern "C"

+#endif

+/* We use char because int might match the return type of a gcc2

+   builtin and then its argument prototype would still apply.  */

+char __gmpz_init ();

+#ifdef F77_DUMMY_MAIN

+#  ifdef __cplusplus

+     extern "C"

+#  endif

+   int F77_DUMMY_MAIN() { return 1; }

+#endif

+int

+main ()

+{

+__gmpz_init ();

+  ;

+  return 0;

+}

+_ACEOF

+rm -f conftest.$ac_objext conftest$ac_exeext

+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5

+  (eval $ac_link) 2>&5

+  ac_status=$?

+  echo "$as_me:$LINENO: \$? = $ac_status" >&5

+  (exit $ac_status); } &&

+         { ac_try='test -s conftest$ac_exeext'

+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

+  (eval $ac_try) 2>&5

+  ac_status=$?

+  echo "$as_me:$LINENO: \$? = $ac_status" >&5

+  (exit $ac_status); }; }; then

+  ac_cv_lib_gmp___gmpz_init=yes

+else

+  echo "$as_me: failed program was:" >&5

+cat conftest.$ac_ext >&5

+ac_cv_lib_gmp___gmpz_init=no

+fi

+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext

+LIBS=$ac_check_lib_save_LIBS

+fi

+echo "$as_me:$LINENO: result: $ac_cv_lib_gmp___gmpz_init" >&5

+echo "${ECHO_T}$ac_cv_lib_gmp___gmpz_init" >&6

+if test $ac_cv_lib_gmp___gmpz_init = yes; then

+  LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -lgmp"; cat >>confdefs.h <<\_ACEOF

+#define HAVE_GMP 1

+_ACEOF

+

+else

+  echo "WARNING: GNU MP 3 or newer NOT FOUND - digital signature support will be disabled !"; want_dsig="no"

+fi

+

+fi

+

+

+

+

 if test "${ac_cv_header_syslog_h+set}" = set; then

   echo "$as_me:$LINENO: checking for syslog.h" >&5

 echo $ECHO_N "checking for syslog.h... $ECHO_C" >&6

@@ -19,8 +19,7 @@ AC_INIT(clamscan/clamscan.c)

 AC_CREATE_TARGET_H(target.h)

 AC_CANONICAL_SYSTEM

-AM_INIT_AUTOMAKE(clamav, 20030829)

-dnl AM_INIT_AUTOMAKE(clamav, `date +%Y%m%d`)

+AM_INIT_AUTOMAKE(clamav, "devel-`date +%Y%m%d`")

 LC_CURRENT=1

 LC_REVISION=3

 LC_AGE=0

@@ -81,6 +80,19 @@ AC_ARG_ENABLE(milter,

 [  --enable-milter	  Build clamav-milter (if milter library found)],

 ,have_milter="no")

+want_dsig="yes"

+AC_ARG_ENABLE(dsig,

+[  --disable-dsig	  Disable digital signature support.],

+want_dsig="no",)

+

+if test "$want_dsig" = "yes"

+then

+    AC_CHECK_LIB(gmp, __gmpz_init, [LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -lgmp"; AC_DEFINE(HAVE_GMP)], [echo "WARNING: GNU MP 3 or newer NOT FOUND - digital signature support will be disabled !"; want_dsig="no"])

+fi

+

+

+

+

 AC_CHECK_HEADER(syslog.h,AC_DEFINE(CLAMD_USE_SYSLOG),)

 dnl AC_CHECK_LIB(c, strtok_r,, AC_DEFINE(NO_STRTOK_R))

@@ -1,5 +1,5 @@

 #

-#  Copyright (C) 2002 Tomasz Kojm <zolw@konarski.edu.pl>

+#  Copyright (C) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>

 #

 #  This program is free software; you can redistribute it and/or modify

 #  it under the terms of the GNU General Public License as published by

@@ -16,7 +16,7 @@

 #  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

-CFLAGS = -Wall

+CFLAGS = -Wall -pedantic

 INCLUDES = -I.. -I@srcdir@/zziplib

@@ -35,6 +35,9 @@ libclamav_la_SOURCES = \

         others.h \

         readdb.c \

 	cvd.c \

+	cvd.h \

+	dsig.c \

+	dsig.h \

         str.c \

 	str.h \

 	defaults.h \

@@ -15,7 +15,7 @@

 @SET_MAKE@

 #

-#  Copyright (C) 2002 Tomasz Kojm <zolw@konarski.edu.pl>

+#  Copyright (C) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>

 #

 #  This program is free software; you can redistribute it and/or modify

 #  it under the terms of the GNU General Public License as published by

@@ -114,7 +114,7 @@ am__include = @am__include@

 am__quote = @am__quote@

 install_sh = @install_sh@

-CFLAGS = -Wall

+CFLAGS = -Wall -pedantic

 INCLUDES = -I.. -I@srcdir@/zziplib

@@ -133,6 +133,9 @@ libclamav_la_SOURCES = \

         others.h \

         readdb.c \

 	cvd.c \

+	cvd.h \

+	dsig.c \

+	dsig.h \

         str.c \

 	str.h \

 	defaults.h \

@@ -178,7 +181,7 @@ LTLIBRARIES = $(lib_LTLIBRARIES)

 libclamav_la_DEPENDENCIES =

 am_libclamav_la_OBJECTS = matcher.lo md5.lo others.lo readdb.lo cvd.lo \

-	str.lo scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo \

+	dsig.lo str.lo scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo \

 	zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo \

 	strc.lo blob.lo mbox.lo message.lo strrcpy.lo table.lo text.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

@@ -191,16 +194,17 @@ LIBS = @LIBS@

 depcomp = $(SHELL) $(top_srcdir)/depcomp

 am__depfiles_maybe = depfiles

 @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/blob.Plo ./$(DEPDIR)/cvd.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/matcher.Plo ./$(DEPDIR)/mbox.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/md5.Plo ./$(DEPDIR)/message.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/others.Plo ./$(DEPDIR)/readdb.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/scanners.Plo ./$(DEPDIR)/str.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/strc.Plo ./$(DEPDIR)/strrcpy.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/table.Plo ./$(DEPDIR)/text.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/unrarlib.Plo ./$(DEPDIR)/zzip-dir.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/zzip-err.Plo ./$(DEPDIR)/zzip-file.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/zzip-info.Plo ./$(DEPDIR)/zzip-io.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/zzip-stat.Plo ./$(DEPDIR)/zzip-zip.Plo

+@AMDEP_TRUE@	./$(DEPDIR)/dsig.Plo ./$(DEPDIR)/matcher.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/mbox.Plo ./$(DEPDIR)/md5.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/message.Plo ./$(DEPDIR)/others.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/readdb.Plo ./$(DEPDIR)/scanners.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/str.Plo ./$(DEPDIR)/strc.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/strrcpy.Plo ./$(DEPDIR)/table.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/text.Plo ./$(DEPDIR)/unrarlib.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/zzip-dir.Plo ./$(DEPDIR)/zzip-err.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/zzip-file.Plo ./$(DEPDIR)/zzip-info.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/zzip-io.Plo ./$(DEPDIR)/zzip-stat.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/zzip-zip.Plo

 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \

 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

 LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \

@@ -264,6 +268,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blob.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cvd.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsig.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/matcher.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mbox.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@

@@ -49,14 +49,17 @@ extern "C"

 #define CL_EACCES	200 /* access denied */

 #define CL_ENULLARG	300 /* null argument error */

-#define CL_ETMPFILE	-1 /* tmpfile() failed */

-#define CL_EFSYNC	-2 /* fsync() failed */

-#define CL_EMEM		-3 /* memory allocation error */

-#define CL_EOPEN	-4 /* file open error */

-#define CL_EMALFDB	-5 /* malformed database */

-#define CL_EPATSHORT	-6 /* pattern too short */

-#define CL_ETMPDIR	-7 /* mkdir() failed */

-#define CL_ECVDEXTR	-8 /* CVD extraction failure */

+#define CL_ETMPFILE	-1  /* tmpfile() failed */

+#define CL_EFSYNC	-2  /* fsync() failed */

+#define CL_EMEM		-3  /* memory allocation error */

+#define CL_EOPEN	-4  /* file open error */

+#define CL_EMALFDB	-5  /* malformed database */

+#define CL_EPATSHORT	-6  /* pattern too short */

+#define CL_ETMPDIR	-7  /* mkdir() failed */

+#define CL_ECVD		-8  /* not a CVD file (or broken) */

+#define CL_ECVDEXTR	-9  /* CVD extraction failure */

+#define CL_EMD5		-10 /* MD5 verification error */

+#define CL_EDSIG	-11 /* digital signature verification error */

 /* options */

 #define CL_RAW		  00

@@ -18,7 +18,6 @@

  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  */

-

 #include <stdio.h>

 #include <string.h>

 #include <stdlib.h>

@@ -28,6 +27,8 @@

 #include <zlib.h>

 #include "clamav.h"

+#include "others.h"

+#include "dsig.h"

 #define TAR_BLOCKSIZE 512

@@ -133,12 +134,15 @@ int cli_untgz(int fd, const char *destdir)

 	}

     }

+    if(outfile)

+	fclose(outfile);

+

     return 0;

 }

 char *cli_cut(const char *line, int field)

 {

-        int length, counter = 0, i, j = 0, k;

+        int length, counter = 0, i, j = 0;

         char *buffer;

     length = strlen(line);

@@ -161,10 +165,25 @@ char *cli_cut(const char *line, int field)

     return (char *) cli_realloc(buffer, strlen(buffer) + 1);

 }

-struct cl_cvd *cli_cvdhead(const char *head)

+struct cl_cvd *cli_cvdhead(FILE *fd)

 {

-	char *pt;

+	char *pt, head[513];

 	struct cl_cvd *cvd;

+	int i;

+

+

+    if(fread(head, 1, 512, fd) != 512) {

+	cli_errmsg("Can't read CVD head from stream\n");

+	return NULL;

+    }

+

+    head[512] = 0;

+    for(i = 511; i > 0 && (head[i] == ' ' || head[i] == 10); head[i] = 0, i--);

+

+    if(strncmp(head, "ClamAV-VDB:", 11)) {

+	cli_errmsg("Not a CVD file.\n");

+	return NULL;

+    }

     cvd = (struct cl_cvd *) cli_calloc(1, sizeof(struct cl_cvd));

     cvd->time = cli_cut(head, 2);

@@ -190,30 +209,14 @@ struct cl_cvd *cli_cvdhead(const char *head)

 struct cl_cvd *cl_cvdhead(const char *file)

 {

-	char head[257];

 	FILE *fd;

-	int i;

-

     if((fd = fopen(file, "rb")) == NULL) {

 	cli_errmsg("Can't open CVD file %s\n", file);

 	return NULL;

     }

-    if(fread(head, 1, 256, fd) != 256) {

-	cli_errmsg("Can't read CVD head from %s\n", file);

-	return NULL;

-    }

-    head[256] = 0;

-

-    for(i = 255; i > 0 && !isalnum(head[i]); head[i] = 0, i--);

-

-    if(strncmp(head, "ClamAV-VDB:", 11)) {

-	cli_errmsg("%s is not a CVD file.\n");

-	return NULL;

-    }

-

-    return cli_cvdhead(head);

+    return cli_cvdhead(fd);

 }

 void cl_cvdfree(struct cl_cvd *cvd)

@@ -225,28 +228,62 @@ void cl_cvdfree(struct cl_cvd *cvd)

     free(cvd);

 }

+int cli_cvdverify(FILE *fd)

+{

+	struct cl_cvd *head;

+	char *md5;

+

+    if((head = cli_cvdhead(fd)) == NULL)

+	return CL_ECVD;

+

+    //fseek(fd, 512, SEEK_SET);

+

+    md5 = cli_md5stream(fd);

+

+    cli_dbgmsg("MD5(.tar.gz) = %s\n", md5);

+

+    if(strncmp(md5, head->md5, 32)) {

+	cli_dbgmsg("MD5 verification error.\n");

+	return CL_EMD5;

+    }

+

+#ifdef HAVE_GMP

+    if(cli_versig(md5, head->dsig)) {

+	cli_dbgmsg("Digital signature verification error.\n");

+	return CL_EDSIG;

+    }

+#endif

+

+    return 0;

+}

+

+struct cl_cvd *cl_cvdverify(const char *file)

+{

+	FILE *fd;

+

+    if((fd = fopen(file, "rb")) == NULL) {

+	cli_errmsg("Can't open CVD file %s\n", file);

+	return NULL;

+    }

+

+    return cli_cvdverify(fd);

+}

+

 int cli_cvdload(FILE *fd, struct cl_node **root, int *virnum)

 {

-        char head[257], *dir, *tmp, buffer[BUFFSIZE];

-	int bytes;

-	struct cl_cvd *cvd;

+        char *dir, *tmp, buffer[BUFFSIZE];

+	int bytes, ret;

 	const char *tmpdir;

 	FILE *tmpd;

     cli_dbgmsg("in cli_cvdload()\n");

-    if(fread(head, 1, 256, fd) != 256) {

-	cli_errmsg("Can't read CVD head.\n");

-	return -1;

-    }

-    head[256] = 0;

-

-    cvd = cli_cvdhead(head);

-

-    /* verify md5/dsig */

+    /* verify */

+    if((ret = cli_cvdverify(fd)))

+	return ret;

-    /* unpack */

+    fseek(fd, 512, SEEK_SET);

     tmpdir = getenv("TMPDIR");

@@ -270,8 +307,8 @@ int cli_cvdload(FILE *fd, struct cl_node **root, int *virnum)

     }

     */

-    /* FIXME: it seems there is some problem with current position after

-     * gzdopen() in cli_untgz(). Temporarily we need this wrapper:

+    /* FIXME: it seems there is some problem with current position indicator

+     * after gzdopen() call in cli_untgz(). Temporarily we need this wrapper:

      */

 	    /* start */

@@ -91,7 +91,7 @@ int cl_loaddb(const char *filename, struct cl_node **root, int *virnum)

     /* check for CVD file */

     fgets(buffer, 12, fd);

-    fseek(fd, 0L, SEEK_SET);

+    rewind(fd);

     if(!strncmp(buffer, "ClamAV-VDB:", 11)) {

 	cli_dbgmsg("%s: CVD file detected\n", filename);

@@ -205,6 +205,7 @@ int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum)

 		}

 		sprintf(dbfile, "%s/%s", dirname, dent->d_name);

 		if((ret = cl_loaddb(dbfile, root, virnum))) {

+		    cli_dbgmsg("cl_loaddbdir(): error loading database %s\n", dbfile);

 		    free(dbfile);

 		    closedir(dd);

 		    return ret;

@@ -39,6 +39,7 @@ int main(int argc, char **argv)

 	static struct option long_options[] = {

 	    {"help", 0, 0, 'h'},

 	    {"quiet", 0, 0, 0},

+	    {"debug", 0, 0, 0},

 	    {"verbose", 0, 0, 'v'},

 	    {"stdout", 0, 0, 0},

 	    {"version", 0, 0, 'V'},

@@ -1,4 +1,4 @@

-/* THIS CODE REALLY SUCKS */

+/* THIS CODE SUCKS */

 /*

  *  Copyright (C) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>

@@ -148,6 +148,9 @@ void sigtool(struct optstruct *opt)

     if(optl(opt, "stdout")) mprintf_stdout = 1;

     else mprintf_stdout = 0;

+    if(optl(opt, "debug"))

+	cl_debug();

+

     if(optc(opt, 'V')) {

 	mprintf("sigtool / ClamAV version "VERSION"\n");

 	exit(0);

@@ -402,7 +405,7 @@ int build(struct optstruct *opt)

 	exit(1);

     }

-    if(stat("viruses.db", &foo) == -1 || stat("viruses.db2", &foo) == -1) {

+    if(stat("viruses.db", &foo) == -1 && stat("viruses.db2", &foo) == -1) {

 	mprintf("Virus database not found in current working directory.\n");

 	exit(1);

     }

@@ -518,12 +521,12 @@ int build(struct optstruct *opt)

     //strcat(header, ":");

     /* fill up with spaces */

-    if(strlen(header) > 256) {

+    if(strlen(header) > 512) {

 	mprintf("!Generated signature is too long.\n");

 	exit(1);

     }

-    while(strlen(header) < 256)

+    while(strlen(header) < 512)

 	strcat(header, " ");

     /* build the final database */

@@ -534,7 +537,7 @@ int build(struct optstruct *opt)

 	exit(1);

     }

-    fwrite(header, 1, 256, cvd);

+    fwrite(header, 1, 512, cvd);

     if((tar = fopen(gzfile, "rb")) == NULL) {

 	mprintf("!Can't open file %s for reading.\n", gzfile);

@@ -559,9 +562,11 @@ void cvdinfo(struct optstruct *opt)

 {

 	struct cl_cvd *cvd;

 	char *pt;

+	int ret;

-    if((cvd = cl_cvdhead(getargc(opt, 'i'))) == NULL) {

-	mprintf("!Can't read CVD header from %s\n", getargc(opt, 'i'));

+    pt = getargc(opt, 'i');

+    if((cvd = cl_cvdhead(pt)) == NULL) {

+	mprintf("!Can't read CVD header from %s\n", pt);

 	exit(1);

     }

@@ -572,9 +577,17 @@ void cvdinfo(struct optstruct *opt)

     mprintf("Builder: %s\n", cvd->builder);

     mprintf("MD5: %s\n", cvd->md5);

-   // pt = cl_md5file( DODAC WERYFIKACJE

     mprintf("Digital signature: %s\n", cvd->dsig);

+#ifndef HAVE_GMP

+    mprintf("Digital signature support not compiled in.\n");

+#endif

+

+    if((ret = cl_cvdverify(pt)))

+	mprintf("!Verification: %s\n", cl_strerror(ret));

+    else

+	mprintf("Verification OK.\n");

+

     // wyczysc cvd

 }

@@ -587,6 +600,7 @@ void help(void)

     mprintf("   --help		    -h		show help\n");

     mprintf("   --version		    -V		print version number and exit\n");

     mprintf("   --quiet				be quiet, output only error messages\n");

+    mprintf("   --debug				enable debug messages\n");

     mprintf("   --stdout				write to stdout instead of stderr\n");

     mprintf("					(this help is always written to stdout)\n");

     mprintf("   --hex-dump				convert data from stdin to hex\n");

@@ -594,8 +608,8 @@ void help(void)

     mprintf("   --command		    -c		scanner command string, with options\n");

     mprintf("   --string		    -s		'virus found' string in scan. output\n");

     mprintf("   --file		    -f		infected file\n");

-    mprintf("\n	DATABASE DEVELOPING:\n\n");

+    mprintf("	--info FILE	    -i FILE	print database information\n");

     mprintf("   --build NAME	    -b NAME		Build database\n");

-    

+

     exit(0);

 }