@@ -1,3 +1,9 @@

+Tue Dec 12 14:57:11 CET 2006 (tk)

+---------------------------------

+  * libclamav: add separate limit value for mail recursion level

+  * clamscan: new option --max-mail-recursion

+  * clamd: new option MailMaxRecursion

+

 Tue Dec 12 12:36:28 CET 2006 (tk)

 ---------------------------------

   * libclamav/scanners.c: fix debug message (bb#160), patch from

@@ -398,6 +398,12 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_node *root, unsigned in

 	    options |= CL_SCAN_MAILURL;

 	}

+	if((limits.maxmailrec = cfgopt(copt, "MailMaxRecursion")->numarg)) {

+	    logg("Mail: Recursion level limit set to %u.\n", limits.maxmailrec);

+	} else {

+	    logg("^Mail: Recursion level limit protection disabled.\n");

+	}

+

     } else {

 	logg("Mail files support disabled.\n");

     }

@@ -156,6 +156,14 @@ int main(int argc, char **argv)

 	}

     }

+    if(opt_check(opt, "max-mail-recursion")) {

+	if(!isnumb(opt_arg(opt, "max-mail-recursion"))) {

+	    logg("!--max-mail-recursion requires a natural number\n");

+	    opt_free(opt);

+	    return 40;

+	}

+    }

+

     if(opt_check(opt, "max-dir-recursion")) {

 	if(!isnumb(opt_arg(opt, "max-dir-recursion"))) {

 	    logg("!--max-dir-recursion requires a natural number\n");

@@ -275,9 +283,10 @@ void help(void)

     mprintf("                                         archived files\n");

     mprintf("    --max-files=#n                       Only extract first #n files from\n");

     mprintf("                                         archives\n");

-    mprintf("    --max-recursion=#n                   Maximum archive recursion level\n");

     mprintf("    --max-ratio=#n                       Maximum compression ratio limit\n");

+    mprintf("    --max-recursion=#n                   Maximum archive recursion level\n");

     mprintf("    --max-dir-recursion=#n               Maximum directory recursion level\n");

+    mprintf("    --max-mail-recursion=#n              Maximum mail recursion level\n");

     mprintf("    --unzip[=FULLPATH]                   Enable support for .zip files\n");

     mprintf("    --unrar[=FULLPATH]                   Enable support for .rar files\n");

     mprintf("    --arj[=FULLPATH]                     Enable support for .arj files\n");

@@ -160,6 +160,11 @@ int scanmanager(const struct optstruct *opt)

     else

         limits->maxreclevel = 8;

+    if(opt_check(opt, "max-mail-recursion"))

+        limits->maxmailrec = atoi(opt_arg(opt, "max-mail-recursion"));

+    else

+        limits->maxmailrec = 64;

+

     if(opt_check(opt, "max-ratio"))

         limits->maxratio = atoi(opt_arg(opt, "max-ratio"));

     else

@@ -228,6 +228,11 @@ Default: enabled

 If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR

 .br 

 Default: disabled

+.TP

+\fBMailMaxRecursion\fR

+Recursion level limit for the mail scanner.

+.br

+Default: 64

 .TP 

 \fBDetectPhishing\fR

 With this option enabled ClamAV will try to detect phishing attempts.

@@ -120,6 +120,9 @@ Set archive recursion level limit. This option protects your system against DoS

 .TP 

 \fB\-\-max\-ratio=#n\fR

 Set maximum archive compression ratio limit. This option protects your system against DoS attacks (default: 250).

+.TP

+\fB\-\-max\-mail\-recursion=#n\fR

+Recursion level limit for the internal mail scanner.

 .TP 

 \fB\-\-max\-dir\-recursion=#n\fR

 Maximum depth directories are scanned at (default: 15).

@@ -213,6 +213,10 @@ LocalSocket /tmp/clamd

 # Default: no

 #MailFollowURLs no

+# Recursion level limit for the mail scanner.

+# Default: 64

+#MailMaxRecursion 128

+

 # With this option enabled ClamAV will try to detect phishing attempts (using signatures).

 # Default: yes

 #DetectPhishing yes

@@ -80,7 +80,8 @@ int main(int argc, char **argv)

 					* file (files exceeding this limit

 					* will be ignored)

 					*/

-    limits.maxreclevel = 5; /* maximum recursion level */

+    limits.maxreclevel = 5; /* maximum recursion level for archives */

+    limits.maxmailrec = 64; /* maximum recursion level for mail files */

     limits.maxratio = 200; /* maximum compression ratio */

     /* scan file descriptor */

@@ -189,10 +189,11 @@ struct cl_engine {

 };

 struct cl_limits {

-    unsigned int maxreclevel;	    /* maximum recursion level */

+    unsigned int maxreclevel;	    /* maximum recursion level for archives */

     unsigned int maxfiles;	    /* maximum number of files to be scanned

 				     * within a single archive

 				     */

+    unsigned int maxmailrec;	    /* maximum recursion level for mail files */

     unsigned int maxratio;	    /* maximum compression ratio */

     unsigned short archivememlim;   /* limit memory usage for some unpackers */

     unsigned long int maxfilesize;  /* compressed files larger than this limit

@@ -48,6 +48,7 @@ struct cfgoption cfg_options[] = {

     {"DetectBrokenExecutables", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},

     {"ScanMail", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"MailFollowURLs", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},

+    {"MailMaxRecursion", OPT_NUM, 64, NULL, 0, OPT_CLAMD},

     {"DetectPhishing", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

 #ifdef CL_EXPERIMENTAL

     {"PhishingScanURLs",OPT_BOOL, 1, NULL, 0, OPT_CLAMD},