@@ -1,3 +1,13 @@

+Mon Feb 11 18:19:48 CET 2008 (acab)

+-----------------------------------

+  * WARNING: NEW LOGIC IN SCAN LIMITS

+    The logic in the scanner limits have been reworked. This results in

+    different command line options to clamscan, different config options to

+    clamd and, overall, a different behaviour.

+    I repeat: SOME THINGS HAVE CHANGED, BE CAREFUL!

+    At the moment this is a work in progress. Final version will be available

+    soon which will include a detailed ChangeLog and updated documentation.

+

 Mon Feb 11 18:33:22 EET 2008 (edwin)

 ------------------------------------

   * libclamav/mbox.c: replace getc() with getc_unlocked() when available. This

@@ -315,33 +315,36 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne

     logg("*Listening daemon: PID: %u\n", (unsigned int) mainpid);

     max_threads = cfgopt(copt, "MaxThreads")->numarg;

-    if(cfgopt(copt, "ScanArchive")->enabled) {

+    if(cfgopt(copt, "ScanArchive")->enabled) { /* FIXMELIMITS: unparsed if archives disabled! */

 	/* set up limits */

 	memset(&limits, 0, sizeof(struct cl_limits));

-	if((limits.maxfilesize = cfgopt(copt, "ArchiveMaxFileSize")->numarg)) {

-	    logg("Archive: Archived file size limit set to %lu bytes.\n", limits.maxfilesize);

+	logg("Archive support enabled.\n");

+	options |= CL_SCAN_ARCHIVE;

+

+	if((limits.maxfilesize = cfgopt(copt, "MaxScanSize")->numarg)) {

+	    logg("Limits: Global size limit set to %lu bytes.\n", limits.maxscansize);

 	} else {

-	    logg("^Archive: File size limit protection disabled.\n");

+	    logg("^Limits: Global size limit protection disabled.\n");

 	}

-	if((limits.maxreclevel = cfgopt(copt, "ArchiveMaxRecursion")->numarg)) {

-	    logg("Archive: Recursion level limit set to %u.\n", limits.maxreclevel);

+	if((limits.maxfilesize = cfgopt(copt, "MaxFileSize")->numarg)) {

+	    logg("Limits: File size limit set to %lu bytes.\n", limits.maxfilesize);

 	} else {

-	    logg("^Archive: Recursion level limit protection disabled.\n");

+	    logg("^Limits: File size limit protection disabled.\n");

 	}

-	if((limits.maxfiles = cfgopt(copt, "ArchiveMaxFiles")->numarg)) {

-	    logg("Archive: Files limit set to %u.\n", limits.maxfiles);

+	if((limits.maxreclevel = cfgopt(copt, "MaxRecursion")->numarg)) {

+	    logg("Limits: Recursion level limit set to %u.\n", limits.maxreclevel);

 	} else {

-	    logg("^Archive: Files limit protection disabled.\n");

+	    logg("^Limits: Recursion level limit protection disabled.\n");

 	}

-	if((limits.maxratio = cfgopt(copt, "ArchiveMaxCompressionRatio")->numarg)) {

-	    logg("Archive: Compression ratio limit set to %u.\n", limits.maxratio);

+	if((limits.maxfiles = cfgopt(copt, "MaxFiles")->numarg)) {

+	    logg("Limits: Files limit set to %u.\n", limits.maxfiles);

 	} else {

-	    logg("^Archive: Compression ratio limit disabled.\n");

+	    logg("^Limits: Files limit protection disabled.\n");

 	}

 	if(cfgopt(copt, "ArchiveLimitMemoryUsage")->enabled) {

@@ -350,22 +353,12 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne

 	} else {

 	    limits.archivememlim = 0;

 	}

-    }

-

-    if(cfgopt(copt, "ScanArchive")->enabled) {

-	logg("Archive support enabled.\n");

-	options |= CL_SCAN_ARCHIVE;

 	if(cfgopt(copt, "ArchiveBlockEncrypted")->enabled) {

 	    logg("Archive: Blocking encrypted archives.\n");

 	    options |= CL_SCAN_BLOCKENCRYPTED;

 	}

-	if(cfgopt(copt, "ArchiveBlockMax")->enabled) {

-	    logg("Archive: Blocking archives that exceed limits.\n");

-	    options |= CL_SCAN_BLOCKMAX;

-	}

-

     } else {

 	logg("Archive support disabled.\n");

     }

@@ -407,12 +400,6 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne

 	    options |= CL_SCAN_MAILURL;

 	}

-	if((limits.maxmailrec = cfgopt(copt, "MailMaxRecursion")->numarg)) {

-	    logg("Mail: Recursion level limit set to %u.\n", limits.maxmailrec);

-	} else {

-	    logg("^Mail: Recursion level limit protection disabled.\n");

-	}

-

     } else {

 	logg("Mail files support disabled.\n");

     }

@@ -146,11 +146,22 @@ int main(int argc, char **argv)

     /* validate some numerical options */

-    if(opt_check(opt, "max-space")) {

-	pt = opt_arg(opt, "max-space");

+    if(opt_check(opt, "max-scansize")) {

+	pt = opt_arg(opt, "max-scansize");

 	if(!strchr(pt, 'M') && !strchr(pt, 'm')) {

 	    if(!cli_isnumber(pt)) {

-		logg("!--max-space requires a natural number\n");

+		logg("!--max-scansize requires a natural number\n");

+		opt_free(opt);

+		return 40;

+	    }

+	}

+    }

+

+    if(opt_check(opt, "max-filesize")) {

+	pt = opt_arg(opt, "max-filesize");

+	if(!strchr(pt, 'M') && !strchr(pt, 'm')) {

+	    if(!cli_isnumber(pt)) {

+		logg("!--max-filesize requires a natural number\n");

 		opt_free(opt);

 		return 40;

 	    }

@@ -313,14 +324,11 @@ void help(void)

     mprintf("    --block-max                          Block archives that exceed limits\n");

     mprintf("    --mail-follow-urls                   Download and scan URLs\n");

     mprintf("\n");

-    mprintf("    --max-space=#n                       Only extract first #n kilobytes from\n");

-    mprintf("                                         archived files\n");

-    mprintf("    --max-files=#n                       Only extract first #n files from\n");

-    mprintf("                                         archives\n");

-    mprintf("    --max-ratio=#n                       Maximum compression ratio limit\n");

+    mprintf("    --max-scansize=#n                    FIXMELIMITS\n");

+    mprintf("    --max-filesize=#n                    FIXMELIMITS\n");

+    mprintf("    --max-files=#n                       FIXMELIMITS\n");

     mprintf("    --max-recursion=#n                   Maximum archive recursion level\n");

     mprintf("    --max-dir-recursion=#n               Maximum directory recursion level\n");

-    mprintf("    --max-mail-recursion=#n              Maximum mail recursion level\n");

     mprintf("    --unzip[=FULLPATH]                   Enable support for .zip files\n");

     mprintf("    --unrar[=FULLPATH]                   Enable support for .rar files\n");

     mprintf("    --arj[=FULLPATH]                     Enable support for .arj files\n");

@@ -54,17 +54,15 @@ static struct option clamscan_longopt[] = {

     {"include", 1, 0, 0},

     {"include-dir", 1, 0, 0},

     {"max-files", 1, 0, 0},

-    {"max-space", 1, 0, 0},

-    {"max-ratio", 1, 0, 0},

+    {"max-filesize", 1, 0, 0},

+    {"max-scansize", 1, 0, 0},

     {"max-recursion", 1, 0, 0},

     {"max-dir-recursion", 1, 0, 0},

-    {"max-mail-recursion", 1, 0, 0},

     {"detect-pua", 0, 0, 0},

     {"disable-archive", 0, 0, 0},

     {"no-archive", 0, 0, 0},

     {"detect-broken", 0, 0, 0},

     {"block-encrypted", 0, 0, 0},

-    {"block-max", 0, 0, 0},

     {"no-pe", 0, 0, 0},

     {"no-elf", 0, 0, 0},

     {"no-ole2", 0, 0, 0},

@@ -220,9 +220,22 @@ int scanmanager(const struct optstruct *opt)

     /* set limits */

     memset(&limits, 0, sizeof(struct cl_limits));

-    if(opt_check(opt, "max-space")) {

+    if(opt_check(opt, "max-scansize")) {

 	char *cpy, *ptr;

-	ptr = opt_arg(opt, "max-space");

+	ptr = opt_arg(opt, "max-scansize");

+	if(tolower(ptr[strlen(ptr) - 1]) == 'm') {

+	    cpy = calloc(strlen(ptr), 1);

+	    strncpy(cpy, ptr, strlen(ptr) - 1);

+	    limits.maxfilesize = atoi(cpy) * 1024 * 1024;

+	    free(cpy);

+	} else

+	    limits.maxscansize = atoi(ptr) * 1024;

+    } else

+	limits.maxscansize = 104857600;  /* FIXMELIMITS */

+

+    if(opt_check(opt, "max-filesize")) {

+	char *cpy, *ptr;

+	ptr = opt_arg(opt, "max-filesize");

 	if(tolower(ptr[strlen(ptr) - 1]) == 'm') {

 	    cpy = calloc(strlen(ptr), 1);

 	    strncpy(cpy, ptr, strlen(ptr) - 1);

@@ -231,7 +244,7 @@ int scanmanager(const struct optstruct *opt)

 	} else

 	    limits.maxfilesize = atoi(ptr) * 1024;

     } else

-	limits.maxfilesize = 10485760;

+	limits.maxfilesize = 10485760;  /* FIXMELIMITS */

     if(opt_check(opt, "max-files"))

 	limits.maxfiles = atoi(opt_arg(opt, "max-files"));

@@ -243,16 +256,6 @@ int scanmanager(const struct optstruct *opt)

     else

         limits.maxreclevel = 8;

-    if(opt_check(opt, "max-mail-recursion"))

-        limits.maxmailrec = atoi(opt_arg(opt, "max-mail-recursion"));

-    else

-        limits.maxmailrec = 64;

-

-    if(opt_check(opt, "max-ratio"))

-        limits.maxratio = atoi(opt_arg(opt, "max-ratio"));

-    else

-        limits.maxratio = 250;

-

     /* set options */

     if(opt_check(opt, "disable-archive") || opt_check(opt, "no-archive"))

@@ -266,9 +269,6 @@ int scanmanager(const struct optstruct *opt)

     if(opt_check(opt, "block-encrypted"))

 	options |= CL_SCAN_BLOCKENCRYPTED;

-    if(opt_check(opt, "block-max"))

-	options |= CL_SCAN_BLOCKMAX;

-

     if(opt_check(opt, "no-pe"))

 	options &= ~CL_SCAN_PE;

     else

@@ -425,9 +425,10 @@ static int clamav_unpack(const char *prog, const char **args, const char *tmpdir

     else

 	maxfiles = 0;

-    if(opt_check(opt, "max-space")) {

+    /* FIXMELIMITS */

+    if(opt_check(opt, "max-filesize")) {

 	    char *cpy, *ptr;

-	ptr = opt_arg(opt, "max-space");

+	ptr = opt_arg(opt, "max-filesize");

 	if(tolower(ptr[strlen(ptr) - 1]) == 'm') { /* megabytes */

 	    cpy = calloc(strlen(ptr), 1);

 	    strncpy(cpy, ptr, strlen(ptr) - 1);

@@ -224,10 +224,6 @@ LocalSocket /tmp/clamd.socket

 # Default: no

 #MailFollowURLs no

-# Recursion level limit for the mail scanner.

-# Default: 64

-#MailMaxRecursion 128

-

 # With this option enabled ClamAV will try to detect phishing attempts by using

 # signatures.

 # Default: yes

@@ -270,28 +266,27 @@ LocalSocket /tmp/clamd.socket

 # The options below protect your system against Denial of Service attacks

 # using archive bombs.

+# FIXMELIMITS

+# Value of 0 disables the limit.

+# Default: FIXMELIMITS

+#MaxScanSize 15M

+

 # Files in archives larger than this limit won't be scanned.

 # Value of 0 disables the limit.

 # Default: 10M

-#ArchiveMaxFileSize 15M

+#MaxFileSize 15M

 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR

 # file, all files within it will also be scanned. This options specifies how

 # deeply the process should be continued.

 # Value of 0 disables the limit.

 # Default: 8

-#ArchiveMaxRecursion 10

+#MaxRecursion 10

 # Number of files to be scanned within an archive.

 # Value of 0 disables the limit.

 # Default: 1000

-#ArchiveMaxFiles 1500

-

-# If a file in an archive is compressed more than ArchiveMaxCompressionRatio

-# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)

-# Value of 0 disables the limit.

-# Default: 250

-#ArchiveMaxCompressionRatio 300

+#MaxFiles 1500

 # Use slower but memory efficient decompression algorithm.

 # only affects the bzip2 decompressor.

@@ -302,12 +297,6 @@ LocalSocket /tmp/clamd.socket

 # Default: no

 #ArchiveBlockEncrypted no

-# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)

-# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is

-# reached.

-# Default: no

-#ArchiveBlockMax no

-

 ##

 ## Clamuko settings

@@ -181,7 +181,7 @@ static int ea05(int desc, cli_ctx *ctx, char *tmpd) {

   uint8_t b[300], comp;

   uint8_t *buf = b;

   uint32_t s, m4sum=0;

-  int i;

+  int i, ret;

   unsigned int files=0;

   char tempfile[1024];

   struct UNP UNP;

@@ -192,7 +192,7 @@ static int ea05(int desc, cli_ctx *ctx, char *tmpd) {

   for (i=0; i<16; i++)

     m4sum += buf[i];

-  while(!ctx->limits || !ctx->limits->maxfiles || files < ctx->limits->maxfiles) {

+  while((ret=cli_checklimits("autoit", ctx, 0, 0, 0))==CL_CLEAN) {

     buf = b;

     if (cli_readn(desc, buf, 8)!=8)

       return CL_CLEAN;

@@ -250,8 +250,8 @@ static int ea05(int desc, cli_ctx *ctx, char *tmpd) {

     cli_dbgmsg("autoit: advertised uncompressed size %x\n", cli_readint32((char *)buf+5) ^ 0x45aa);

     cli_dbgmsg("autoit: ref chksum: %x\n", cli_readint32((char *)buf+9) ^ 0xc3d2);

-    if(ctx->limits && ctx->limits->maxfilesize && UNP.csize > ctx->limits->maxfilesize) {

-      cli_dbgmsg("autoit: skipping file due to size limit (%u, max: %lu)\n", UNP.csize, ctx->limits->maxfilesize);

+    

+    if(cli_checklimits("autoit", ctx, UNP.csize, 0, 0)!=CL_CLEAN) {

       lseek(desc, UNP.csize, SEEK_CUR);

       continue;

     }

@@ -275,8 +275,7 @@ static int ea05(int desc, cli_ctx *ctx, char *tmpd) {

       if(!(UNP.usize = be32_to_host(*(uint32_t *)(buf+4))))

 	UNP.usize = UNP.csize; /* only a specifically crafted or badly corrupted sample should land here */

-      if(ctx->limits && ctx->limits->maxfilesize && UNP.usize > ctx->limits->maxfilesize) {

-	cli_dbgmsg("autoit: skipping file due to size limit (%u, max: %lu)\n", UNP.csize, ctx->limits->maxfilesize);

+      if(cli_checklimits("autoit", ctx, UNP.usize, 0, 0)!=CL_CLEAN) {

 	free(buf);

 	continue;

       }

@@ -382,8 +381,7 @@ static int ea05(int desc, cli_ctx *ctx, char *tmpd) {

     close(i);

     if(!cli_leavetemps_flag) unlink(tempfile);

   }

-  cli_dbgmsg("autoit: files limit reached (max: %u)\n", ctx->limits->maxfiles);

-  return CL_EMAXFILES;

+  return ret;

 }

@@ -478,7 +476,7 @@ static int ea06(int desc, cli_ctx *ctx, char *tmpd) {

   uint8_t b[600], comp, script;

   uint8_t *buf;

   uint32_t s;

-  int i;

+  int i, ret;

   unsigned int files=0;

   char tempfile[1024];

   const char prefixes[] = { '\0', '\0', '@', '$', '\0', '.', '"', '#' };

@@ -492,7 +490,7 @@ static int ea06(int desc, cli_ctx *ctx, char *tmpd) {

   /*   buf+=0x10; */

   lseek(desc, 16, SEEK_CUR);   /* for now we just skip the garbage */

-  while(!ctx->limits || !ctx->limits->maxfiles || files < ctx->limits->maxfiles) {

+  while((ret=cli_checklimits("cli_autoit", ctx, 0, 0, 0))==CL_CLEAN) {

     buf = b;

     if (cli_readn(desc, buf, 8)!=8)

       return CL_CLEAN;

@@ -555,8 +553,7 @@ static int ea06(int desc, cli_ctx *ctx, char *tmpd) {

     cli_dbgmsg("autoit: advertised uncompressed size %x\n", cli_readint32((char *)buf+5) ^ 0x87bc);

     cli_dbgmsg("autoit: ref chksum: %x\n", cli_readint32((char *)buf+9) ^ 0xa685);

-    if(ctx->limits && ctx->limits->maxfilesize && UNP.csize > ctx->limits->maxfilesize) {

-      cli_dbgmsg("autoit: skipping file due to size limit (%u, max: %lu)\n", UNP.csize, ctx->limits->maxfilesize);

+    if(cli_checklimits("autoit", ctx, UNP.csize, 0, 0)!=CL_CLEAN) {

       lseek(desc, UNP.csize, SEEK_CUR);

       continue;

     }

@@ -581,7 +578,7 @@ static int ea06(int desc, cli_ctx *ctx, char *tmpd) {

       if(!(UNP.usize = be32_to_host(*(uint32_t *)(buf+4))))

 	UNP.usize = UNP.csize; /* only a specifically crafted or badly corrupted sample should land here */

-      if(ctx->limits && ctx->limits->maxfilesize && UNP.usize > ctx->limits->maxfilesize) {

+      if(cli_checklimits("autoit", ctx, UNP.usize, 0, 0)!=CL_CLEAN) {

 	free(buf);

 	continue;

       }

@@ -893,8 +890,7 @@ static int ea06(int desc, cli_ctx *ctx, char *tmpd) {

     close(i);

     if(!cli_leavetemps_flag) unlink(tempfile);

   }

-  cli_dbgmsg("autoit: Files limit reached (max: %u)\n", ctx->limits->maxfiles);

-  return CL_EMAXFILES;

+  return ret;

 }

 #endif /* FPU_WORDS_BIGENDIAN */

@@ -617,7 +617,7 @@ fileblobAddData(fileblob *fb, const unsigned char *data, size_t len)

 		if(ctx) {

 			int do_scan = 1;

-			if(ctx->limits)

+			if(ctx->limits && ctx->limits->maxfilesize) /* FIXMELIMITS */

 				if(fb->bytes_scanned >= ctx->limits->maxfilesize)

 					do_scan = 0;

@@ -49,7 +49,7 @@

 #endif

 /* hard limits */

-#define CAB_FOLDER_LIMIT    5000

+#define CAB_FOLDER_LIMIT    5000 /* FIXMELIMITS */

 #define CAB_FILE_LIMIT	    5000

 /* Cabinet format data structures */

@@ -116,5 +116,8 @@ int cli_chm_open(int fd, const char *dirname, chm_metadata_t *metadata);

 int cli_chm_prepare_file(int fd, char *dirname, chm_metadata_t *metadata);

 int cli_chm_extract_file(int fd, char *dirname, chm_metadata_t *metadata);

 void cli_chm_close(chm_metadata_t *metadata);

-

+int cli_chm_open(int fd, const char *dirname, chm_metadata_t *metadata);

+void cli_chm_close(chm_metadata_t *metadata);

+int cli_chm_extract_file(int fd, char *dirname, chm_metadata_t *metadata);

+int cli_chm_prepare_file(int fd, char *dirname, chm_metadata_t *metadata);

 #endif

@@ -142,16 +142,17 @@ struct cl_engine {

 };

 struct cl_limits {

+    unsigned long int maxscansize;  /* during the scanning of archives this size

+				     * will never be exceeded

+				     */

+    unsigned long int maxfilesize;  /* compressed files will only be decompressed

+				     * and scanned up to this size

+				     */

     unsigned int maxreclevel;	    /* maximum recursion level for archives */

     unsigned int maxfiles;	    /* maximum number of files to be scanned

 				     * within a single archive

 				     */

-    unsigned int maxmailrec;	    /* maximum recursion level for mail files */

-    unsigned int maxratio;	    /* maximum compression ratio */

     unsigned short archivememlim;   /* limit memory usage for some unpackers */

-    unsigned long int maxfilesize;  /* compressed files larger than this limit

-				     * will not be scanned

-				     */

 };

 struct cl_stat {

@@ -1988,7 +1988,6 @@ parseEmailHeader(message *m, const char *line, const table_t *rfc821)

 /*

  * This is a recursive routine.

- * FIXME: We are not passed &mrec so we can't check against MAX_MAIL_RECURSION

  *

  * This function parses the body of mainMessage and saves its attachments in dir

  *

@@ -2011,22 +2010,17 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re

 	cli_dbgmsg("in parseEmailBody, %u files saved so far\n",

 		mctx->files);

-	if(limits) {

-		if(limits->maxmailrec) {

+	if(limits) { /* FIXMELIMITS */

+		if(limits->maxreclevel) {

 			const cli_ctx *ctx = mctx->ctx;	/* needed for BLOCKMAX :-( */

 			/*

 			 * This is approximate

 			 */

-			if(recursion_level > limits->maxmailrec) {

+			if(recursion_level > limits->maxreclevel) {

 				cli_warnmsg("parseEmailBody: hit maximum recursion level (%u)\n", recursion_level);

-				if(BLOCKMAX) {

-					if(ctx->virname)

-						*ctx->virname = "MIME.RecursionLimit";

-					return VIRUS;

-				} else

-					return MAXREC;

+				return MAXREC;

 			}

 		}

 		if(limits->maxfiles && (mctx->files >= limits->maxfiles)) {

@@ -108,15 +108,8 @@ int cli_msexpand(int fd, int ofd, cli_ctx *ctx)

     cli_dbgmsg("MSEXPAND: File size from header: %u\n", hdr.fsize);

-    if(ctx->limits && ctx->limits->maxfilesize && (hdr.fsize > ctx->limits->maxfilesize)) {

-	cli_dbgmsg("MSEXPAND: Size exceeded (%u, max: %lu)\n", hdr.fsize, ctx->limits->maxfilesize);

-        if(BLOCKMAX) {

-	    *ctx->virname = "MSEXPAND.ExceededFileSize";

-            return CL_VIRUS;

-        }

-	hdr.fsize = ctx->limits->maxfilesize;

-	cli_dbgmsg("MSEXPAND: Only extracting first %u bytes\n", hdr.fsize); /* may extract up to 2kB more */

-    }

+    if(cli_checklimits("MSEXPAND", ctx, hdr.fsize, 0, 0)!=CL_CLEAN)

+        return CL_SUCCESS;

     while(1) {

@@ -163,7 +163,6 @@ static int nsis_decomp(struct nsis_st *n) {

       break;

     case Z_STREAM_END:

       ret = CL_BREAK;

-    /* FIXME: regression needed */ 

     }

     n->nsis.avail_in = n->z.avail_in;

     n->nsis.next_in = n->z.next_in;

@@ -184,10 +183,9 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) {

     cli_dbgmsg("NSIS: extraction complete\n");

     return CL_BREAK;

   }

-  if (ctx->limits && ctx->limits->maxfiles && n->fno >= ctx->limits->maxfiles) {

-    cli_dbgmsg("NSIS: Files limit reached (max: %u)\n", ctx->limits->maxfiles);

-    return CL_EMAXFILES;

-  }

+  

+  if ((ret=cli_checklimits("NSIS", ctx, 0, 0, 0))!=CL_CLEAN)

+    return ret;

   if (n->fno)

     snprintf(n->ofn, 1023, "%s/content.%.3u", n->dir, n->fno);

@@ -225,11 +223,10 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) {

     n->asz -= size+4;

-    if (ctx->limits && ctx->limits->maxfilesize && size > ctx->limits->maxfilesize) {

-      cli_dbgmsg("NSIS: Skipping file due to size limit (%u, max: %lu)\n", size, ctx->limits->maxfilesize);

+    if ((ret=cli_checklimits("NSIS", ctx, size, 0, 0))!=CL_CLEAN) {

       close(n->ofd);

       if (lseek(n->ifd, size, SEEK_CUR)==-1) return CL_EIO;

-      return CL_EMAXSIZE;

+      return ret;

     }

     if (!(ibuf= (unsigned char *) cli_malloc(size))) {

       	cli_dbgmsg("NSIS: out of memory"__AT__"\n");

@@ -274,12 +271,11 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) {

 	  n->nsis.next_out = obuf;

 	  n->nsis.avail_out = BUFSIZ;

 	  loops=0;

-	  if (ctx->limits && ctx->limits->maxfilesize && size > ctx->limits->maxfilesize) {

-	    cli_dbgmsg("NSIS: Skipping file due to size limit (%u, max: %lu)\n", size, ctx->limits->maxfilesize);

+	  if ((ret=cli_checklimits("NSIS", ctx, size, 0, 0))!=CL_CLEAN) {

 	    free(ibuf);

 	    close(n->ofd);

 	    nsis_shutdown(n);

-	    return CL_EMAXSIZE;

+	    return ret;

 	  }

 	} else if (++loops > 10) {

 	  cli_dbgmsg("NSIS: xs looping, breaking out"__AT__"\n");

@@ -367,10 +363,9 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) {

     }

     size=cli_readint32(obuf);

-    if (ctx->limits && ctx->limits->maxfilesize && size > ctx->limits->maxfilesize) {

-      cli_dbgmsg("NSIS: Breaking out due to filesize limit (%u, max: %lu) in solid archive\n", size, ctx->limits->maxfilesize);

+    if ((ret=cli_checklimits("NSIS", ctx, size, 0, 0))!=CL_CLEAN) {

       close(n->ofd);

-      return CL_EFORMAT;

+      return ret;

     }

     n->nsis.next_out = obuf;

@@ -503,10 +498,6 @@ int cli_scannulsft(int desc, cli_ctx *ctx, off_t offset) {

 	struct nsis_st nsist;

     cli_dbgmsg("in scannulsft()\n");

-    if(ctx->limits && ctx->limits->maxreclevel && ctx->arec >= ctx->limits->maxreclevel) {

-        cli_dbgmsg("Archive recursion limit exceeded (arec == %u).\n", ctx->arec+1);

-	return CL_EMAXREC;

-    }

     memset(&nsist, 0, sizeof(struct nsis_st));

@@ -522,33 +513,25 @@ int cli_scannulsft(int desc, cli_ctx *ctx, off_t offset) {

     if(cli_leavetemps_flag) cli_dbgmsg("NSIS: Extracting files to %s\n", nsist.dir);

-    ctx->arec++;

-

     do {

         ret = cli_nsis_unpack(&nsist, ctx);

-	if(ret != CL_SUCCESS) {

-	    if(ret == CL_EMAXSIZE) {

-	        if(BLOCKMAX) {

-		    *ctx->virname = "NSIS.ExceededFileSize";

-		    ret=CL_VIRUS;

-		} else {

-		    ret = nsist.solid ? CL_BREAK : CL_SUCCESS;

-		}

-	    }

-	} else {

-	    cli_dbgmsg("NSIS: Successully extracted file #%u\n", nsist.fno);

-	    lseek(nsist.ofd, 0, SEEK_SET);

-	    if(nsist.fno == 1)

-	        ret=cli_scandesc(nsist.ofd, ctx, 0, 0, 0, NULL);

-	    else

-	        ret=cli_magic_scandesc(nsist.ofd, ctx);

-	    close(nsist.ofd);

-	    if(!cli_leavetemps_flag)

-	        unlink(nsist.ofn);

+	if (ret == CL_SUCCESS) {

+	  cli_dbgmsg("NSIS: Successully extracted file #%u\n", nsist.fno);

+	  lseek(nsist.ofd, 0, SEEK_SET);

+	  if(nsist.fno == 1)

+	    ret=cli_scandesc(nsist.ofd, ctx, 0, 0, 0, NULL);

+	  else

+	    ret=cli_magic_scandesc(nsist.ofd, ctx);

+	  close(nsist.ofd);

+	  if(!cli_leavetemps_flag)

+	    unlink(nsist.ofn);

+	} else if(ret == CL_EMAXSIZE) {

+	    cli_errmsg("returned %d\n", ret);

+	    ret = nsist.solid ? CL_BREAK : CL_SUCCESS;

 	}

     } while(ret == CL_SUCCESS);

-    if(ret == CL_BREAK)

+    if(ret == CL_BREAK || ret == CL_EMAXFILES)

 	ret = CL_CLEAN;

     cli_nsis_free(&nsist);

@@ -558,7 +541,6 @@ int cli_scannulsft(int desc, cli_ctx *ctx, off_t offset) {

     free(nsist.dir);

-    ctx->arec--;    

     return ret;

 }

@@ -475,7 +475,9 @@ static void ole2_walk_property_tree(int fd, ole2_header_t *hdr, const char *dir,

 	if ((prop_index < 0) || (prop_index > (int32_t) hdr->max_block_no) || (rec_level > 100) || (*file_count > 100000)) {

 		return;

 	}

-

+	/* FIXMELIMITS

+	 * DOES recursion on virtual object make sense ?

+	 * WHY no size checking ? */

 	if (limits && limits->maxfiles && (*file_count > limits->maxfiles)) {

 		cli_dbgmsg("OLE2: File limit reached (max: %d)\n", limits->maxfiles);

 		return;

@@ -778,7 +780,7 @@ static int ole2_read_header(int fd, ole2_header_t *hdr)

 }

 #endif

-int cli_ole2_extract(int fd, const char *dirname, const struct cl_limits *limits)

+int cli_ole2_extract(int fd, const char *dirname, cli_ctx *ctx)

 {

 	ole2_header_t hdr;

 	int hdr_size;

@@ -878,7 +880,7 @@ int cli_ole2_extract(int fd, const char *dirname, const struct cl_limits *limits

 	/* OR */

-	ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, &file_count, limits);

+	ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, &file_count, ctx->limits);

 abort:

 #ifdef HAVE_MMAP

@@ -24,8 +24,8 @@

 #ifndef __OLE2_EXTRACT_H

 #define __OLE2_EXTRACT_H

-#include "clamav.h"

+#include "others.h"

-int cli_ole2_extract(int fd, const char *dirname, const struct cl_limits *limits);

+int cli_ole2_extract(int fd, const char *dirname, cli_ctx *ctx);

 #endif

@@ -204,6 +204,51 @@ const char *cl_strerror(int clerror)

     }

 }

+int cli_checklimits(const char *who, cli_ctx *ctx, unsigned long need1, unsigned long need2, unsigned long need3) {

+    int ret = CL_SUCCESS;

+    unsigned long needed;

+

+    /* if called without limits, go on, unpack, scan */

+    if(!ctx || !ctx->limits) return CL_CLEAN;

+

+    needed = (need1>need2)?need1:need2;

+    needed = (needed>need3)?needed:need3;

+

+    /* if we have global scan limits */

+    if(needed && ctx->limits->maxscansize) {

+        /* if the remaining scansize is too small... */

+        if(ctx->limits->maxscansize-ctx->scansize<needed) {

+	    /* ... we tell the caller to skip this file */

+	    cli_dbgmsg("%s: scansize exceeded (initial: %lu, remaining: %lu, needed: %lu)\n", who, ctx->limits->maxscansize, ctx->scansize, needed);

+	    ret = CL_EMAXSIZE;

+	}

+    }

+

+    /* if we have per-file size limits, and we are overlimit... */

+    if(needed && ctx->limits->maxfilesize && ctx->limits->maxfilesize<needed) {

+	/* ... we tell the caller to skip this file */

+        cli_dbgmsg("%s: filesize exceeded (allowed: %lu, needed: %lu)\n", who, ctx->limits->maxfilesize, needed);

+	ret = CL_EMAXSIZE;

+    }

+

+    if(ctx->limits->maxfiles && ctx->scannedfiles>=ctx->limits->maxfiles) {

+        cli_dbgmsg("%s: files limit reached (max: %u)\n", who, ctx->limits->maxfiles);

+	return CL_EMAXFILES;

+    }

+    return ret;

+}

+

+int cli_updatelimits(cli_ctx *ctx, unsigned long needed) {

+    int ret=cli_checklimits("cli_updatelimits", ctx, needed, 0, 0);

+

+    if (ret != CL_CLEAN) return ret;

+    ctx->scannedfiles++;

+    ctx->scansize+=needed;

+    if(ctx->scansize > ctx->limits->maxscansize)

+        ctx->scansize = ctx->limits->maxscansize;

+    return CL_CLEAN;

+}

+

 unsigned char *cli_md5digest(int desc)

 {

 	unsigned char *digest;

@@ -636,11 +681,7 @@ int cli_rmdirs(const char *dirname)

 			    return -1;

 			}

-#ifdef	C_WINDOWS

-			sprintf(path, "%s\\%s", dirname, dent->d_name);

-#else

 			sprintf(path, "%s/%s", dirname, dent->d_name);

-#endif

 			/* stat the file */

 			if(lstat(path, &statbuf) != -1) {

@@ -83,9 +83,10 @@ typedef struct {

     const struct cli_matcher *root;

     const struct cl_engine *engine;

     const struct cl_limits *limits;

+    unsigned long scansize;

     unsigned int options;

-    unsigned int arec;

-    unsigned int mrec;

+    unsigned int recursion;

+    unsigned int scannedfiles;

     unsigned int found_possibly_unwanted;

     struct cli_dconf *dconf;

 } cli_ctx;

@@ -99,7 +100,7 @@ typedef struct {

 #define SCAN_ELF	    (ctx->options & CL_SCAN_ELF)

 #define SCAN_ALGO 	    (ctx->options & CL_SCAN_ALGORITHMIC)

 #define DETECT_ENCRYPTED    (ctx->options & CL_SCAN_BLOCKENCRYPTED)

-#define BLOCKMAX	    (ctx->options & CL_SCAN_BLOCKMAX)

+/* #define BLOCKMAX	    (ctx->options & CL_SCAN_BLOCKMAX) */

 #define DETECT_BROKEN	    (ctx->options & CL_SCAN_BLOCKBROKEN)

 /* based on macros from A. Melnikoff */

@@ -234,5 +235,7 @@ void cli_bitset_free(bitset_t *bs);

 int cli_bitset_set(bitset_t *bs, unsigned long bit_offset);

 int cli_bitset_test(bitset_t *bs, unsigned long bit_offset);

 const char* cli_ctime(const time_t *timep, char *buf, const size_t bufsize);

-

+int cli_checklimits(const char *, cli_ctx *, unsigned long, unsigned long, unsigned long);

+int cli_updatelimits(cli_ctx *, unsigned long);

+unsigned long cli_getsizelimit(cli_ctx *, unsigned long);

 #endif

@@ -79,10 +79,9 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)

 	char *buf;	/* start of memory mapped area */

 	const char *p, *q, *trailerstart;

 	const char *xrefstart;	/* cross reference table */

-	const struct cl_limits *limits;

 	/*size_t xreflength;*/

 	table_t *md5table;

-	int printed_predictor_message, printed_embedded_font_message, rc;

+	int printed_predictor_message, printed_embedded_font_message, rc, ret;

 	unsigned int files;

 	struct stat statb;

@@ -192,12 +191,11 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)

 	rc = CL_CLEAN;

 	files = 0;

-	limits = ctx->limits;

 	/*

 	 * The body section consists of a sequence of indirect objects

 	 */

-	while((p < xrefstart) && (rc == CL_CLEAN) &&

+	while((p < xrefstart) && ((rc=cli_checklimits("cli_pdf", ctx, 0, 0, 0))==CL_CLEAN) &&

 	      ((q = pdf_nextobject(p, bytesleft)) != NULL)) {

 		int is_ascii85decode, is_flatedecode, fout, len, has_cr;

 		/*int object_number, generation_number;*/

@@ -494,11 +492,6 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)

 		free(md5digest);

 		cli_dbgmsg("cli_pdf: extracted file %u to %s\n", ++files,

 			fullname);

-		if(limits && limits->maxfiles && (files >= limits->maxfiles)) {

-			/* Bug 698 */

-			cli_dbgmsg("cli_pdf: number of files exceeded %u\n", limits->maxfiles);

-			rc = CL_EMAXFILES;

-		}

 	}

 	munmap(buf, size);

@@ -541,7 +534,7 @@ try_flatedecode(unsigned char *buf, off_t real_len, off_t calculated_len, int fo

 static int

 flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx)

 {

-	int zstat;

+	int zstat, ret;

 	off_t nbytes;

 	z_stream stream;

 	unsigned char output[BUFSIZ];

@@ -611,17 +604,10 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx)

 					}

 					nbytes += written;

-					if(ctx->limits &&

-					   ctx->limits->maxfilesize &&

-					   (nbytes > (off_t) ctx->limits->maxfilesize)) {

-						cli_dbgmsg("cli_pdf: flatedecode size exceeded (%lu > %lu)\n",

-							   (unsigned long)nbytes, (unsigned long)ctx->limits->maxfilesize);

+					if((ret=cli_checklimits("cli_pdf", ctx, nbytes, 0, 0))!=CL_CLEAN) {

+						/* FIXMELIMITS */

 						inflateEnd(&stream);

-						if(BLOCKMAX) {

-							*ctx->virname = "PDF.ExceededFileSize";

-							return CL_VIRUS;

-						}

-						return CL_CLEAN;

+						return ret;

 					}

 					stream.next_out = output;

 					stream.avail_out = sizeof(output);

@@ -651,28 +637,6 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx)

 		}

 	}

-

-	/*

-	 * On BSD systems total_in and total_out are "long long", so these

-	 * numbers could (in theory) get truncated in the debug statement

-	 */

-	cli_dbgmsg("cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)\n",

-		(unsigned long)stream.total_in, (unsigned long)stream.total_out,

-		(unsigned long)(stream.total_out / stream.total_in),

-		ctx->limits ? ctx->limits->maxratio : 0);

-

-	if(ctx->limits &&

-	   ctx->limits->maxratio &&

-	   ((stream.total_out / stream.total_in) > ctx->limits->maxratio)) {

-		cli_dbgmsg("cli_pdf: flatedecode Max ratio reached\n");

-		inflateEnd(&stream);

-		if(BLOCKMAX) {

-			*ctx->virname = "Oversized.PDF";

-			return CL_VIRUS;

-		}

-		return CL_CLEAN;

-	}

-

 #ifdef	SAVE_TMP

 	unlink(tmpfilename);

 #endif

@@ -82,15 +82,9 @@

 #define PESALIGN(o,a) (((a))?(((o)/(a)+((o)%(a)!=0))*(a)):(o))

 #define CLI_UNPSIZELIMITS(NAME,CHK) \