@@ -1,3 +1,8 @@

+Sun Mar 21 09:51:45 GMT 2004 (njh)

+----------------------------------

+  * libclamav:	Faster scanning for non MIME messages, only scan the message

+  	once for binhex, uuencode, bounces etc.

+

 Sat Mar 20 19:37:11 GMT 2004 (njh)

 ----------------------------------

   * libclamav/message.c:	Removed the duplicated code from bounce checks

@@ -17,6 +17,9 @@

  *

  * Change History:

  * $Log: mbox.c,v $

+ * Revision 1.56  2004/03/21 09:41:26  nigelhorne

+ * Faster scanning for non MIME messages

+ *

  * Revision 1.55  2004/03/20 17:39:23  nigelhorne

  * First attempt to handle all bounces

  *

@@ -156,7 +159,7 @@

  * Compilable under SCO; removed duplicate code with message.c

  *

  */

-static	char	const	rcsid[] = "$Id: mbox.c,v 1.55 2004/03/20 17:39:23 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: mbox.c,v 1.56 2004/03/21 09:41:26 nigelhorne Exp $";

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

@@ -225,7 +228,6 @@ static	bool	continuationMarker(const char *line);

 static	int	parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg);

 static	void	saveTextPart(message *m, const char *dir);

 static	bool	saveFile(const blob *b, const char *dir);

-static	bool	isAllText(const message *m);

 /* Maximum number of attachments that we accept */

 #define	MAX_ATTACHMENTS	10

@@ -987,7 +989,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 						break;

 					case MESSAGE:

 						cli_dbgmsg("Found message inside multipart\n");

-						if(isAllText(aMessage))

+						if(messageIsAllText(aMessage))

 							continue;

 						body = parseEmailHeaders(aMessage, rfc821Table);

@@ -1359,7 +1361,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 					}

 					blobDestroy(b);

 				}

-			} else if((!isAllText(mainMessage)) &&

+			} else if((!messageIsAllText(mainMessage)) &&

 				  ((t_line = bounceBegin(mainMessage)) != NULL)) {

 				/*

 				 * Attempt to save the original (unbounced)

@@ -1367,31 +1369,9 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 				 * directory and call us again (with any luck)

 				 * having found an e-mail message to handle

 				 */

-

-				/*

-				 * Ignore the blank lines before the message

-				 * proper

-				 */

-				/*while((t_line = t_line->t_next) != NULL)

-					if(strcmp(t_line->t_text, "") != 0)

-						break;*/

-

-				if(t_line == NULL) {

-					cli_dbgmsg("Not found bounce message\n");

-					saveTextPart(mainMessage, dir);

-				} else if((b = blobCreate()) != NULL) {

+				if((b = blobCreate()) != NULL) {

 					cli_dbgmsg("Found a bounce message\n");

-					/*

-					 * Ensure the when any bounce messages

-					 * that have been saved in the

-					 * temporary directory are passed to

-					 * cl_mbox() by inserting a header line

-					 * that scanners.c recognises as a mail

-					 *

-					 * Fix thanks to "Andrey J. Melnikoff

-					 * (TEMHOTA)" <temnota@kmv.ru>

-					 */

-					/*blobAddData(b, (unsigned char *)"Received: by clamd\n", 19);*/

+

 					do {

 						blobAddData(b, (unsigned char *)t_line->t_text, strlen(t_line->t_text));

 						blobAddData(b, (unsigned char *)"\n", 1);

@@ -1413,7 +1393,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con

 					 * content encoding statement don't

 					 * bother saving to scan, it's safe

 					 */

-					saveIt = !isAllText(mainMessage);

+					saveIt = !messageIsAllText(mainMessage);

 				else

 					saveIt = TRUE;

@@ -1853,27 +1833,3 @@ saveFile(const blob *b, const char *dir)

 	return (close(fd) >= 0);

 }

-

-/*

- * If a message doesn't not contain another message which could be harmful

- * it is deemed to be safe.

- *

- * TODO: ensure nothing can get through this

- *

- * TODO: check to see if we need to

- * find anything else, perhaps anything

- * from the RFC821 table?

- */

-static bool

-isAllText(const message *m)

-{

-	const text *t;

-

-	for(t = messageGetBody(m); t; t = t->t_next)

-		if(strncasecmp(t->t_text,

-			"Content-Transfer-Encoding",

-			strlen("Content-Transfer-Encoding")) == 0)

-				return FALSE;

-

-	return TRUE;

-}

@@ -17,6 +17,9 @@

  *

  * Change History:

  * $Log: message.c,v $

+ * Revision 1.46  2004/03/21 09:41:27  nigelhorne

+ * Faster scanning for non MIME messages

+ *

  * Revision 1.45  2004/03/20 19:26:48  nigelhorne

  * Second attempt to handle all bounces

  *

@@ -132,7 +135,7 @@

  * uuencodebegin() no longer static

  *

  */

-static	char	const	rcsid[] = "$Id: message.c,v 1.45 2004/03/20 19:26:48 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: message.c,v 1.46 2004/03/21 09:41:27 nigelhorne Exp $";

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

@@ -259,6 +262,7 @@ messageReset(message *m)

 	memset(m, '\0', sizeof(message));

 	m->mimeType = NOMIME;

+	m->encodingType = NOENCODING;

 }

 void

@@ -668,6 +672,8 @@ messageGetEncoding(const message *m)

 void

 messageAddLine(message *m, const char *line)

 {

+	static const char encoding[] = "Content-Transfer-Encoding";

+	static const char binhex[] = "(This file must be converted with BinHex 4.0)";

 	assert(m != NULL);

 	if(m->body_first == NULL)

@@ -677,12 +683,38 @@ messageAddLine(message *m, const char *line)

 		m->body_last = m->body_last->t_next;

 	}

+	if(m->body_last == NULL)

+		return;

+

 	m->body_last->t_next = NULL;

 	m->body_last->t_text = strdup((line) ? line : "");

 	assert(m->body_last->t_text != NULL);

 	assert(m->body_first != NULL);

+

+	/*

+	 * See if this line marks the start of a non MIME inclusion that

+	 * will need to be scanned

+	 */

+	if(line) {

+		if((m->encoding == NULL) &&

+		   (strncasecmp(line, encoding, sizeof(encoding) - 1) == 0))

+			m->encoding = m->body_last;

+		else if((m->bounce == NULL) &&

+			(cli_filetype(line, strlen(line)) == CL_MAILFILE))

+				m->bounce = m->body_last;

+		else if((m->binhex == NULL) &&

+			(strncasecmp(line, binhex, sizeof(binhex) - 1) == 0))

+				m->binhex = m->body_last;

+		else if((m->uuencode == NULL) &&

+			((strncasecmp(line, "begin ", 6) == 0) &&

+			(isdigit(line[6])) &&

+			(isdigit(line[7])) &&

+			(isdigit(line[8])) &&

+			(line[9] == ' ')))

+				m->uuencode = m->body_last;

+	}

 }

 const text *

@@ -1115,6 +1147,7 @@ messageToText(const message *m)

 /*

  * Scan to find the UUENCODED message (if any)

  */

+#if	0

 const text *

 uuencodeBegin(const message *m)

 {

@@ -1138,10 +1171,18 @@ uuencodeBegin(const message *m)

 	}

 	return NULL;

 }

+#else

+const text *

+uuencodeBegin(const message *m)

+{

+	return m->uuencode;

+}

+#endif

 /*

  * Scan to find the BINHEX message (if any)

  */

+#if	0

 const text *

 binhexBegin(const message *m)

 {

@@ -1153,11 +1194,19 @@ binhexBegin(const message *m)

 	return NULL;

 }

+#else

+const text *

+binhexBegin(const message *m)

+{

+	return m->binhex;

+}

+#endif

 /*

  * Scan to find a bounce message. There is no standard for these, not

  * even a convention, so don't expect this to be foolproof

  */

+#if	0

 const text *

 bounceBegin(const message *m)

 {

@@ -1169,6 +1218,45 @@ bounceBegin(const message *m)

 	return NULL;

 }

+#else

+const text *

+bounceBegin(const message *m)

+{

+	return m->bounce;

+}

+#endif

+

+/*

+ * If a message doesn't not contain another message which could be harmful

+ * it is deemed to be safe.

+ *

+ * TODO: ensure nothing can get through this

+ *

+ * TODO: check to see if we need to

+ * find anything else, perhaps anything

+ * from the RFC821 table?

+ */

+#if	0

+int

+messageIsAllText(const message *m)

+{

+	const text *t;

+

+	for(t = messageGetBody(m); t; t = t->t_next)

+		if(strncasecmp(t->t_text,

+			"Content-Transfer-Encoding",

+			strlen("Content-Transfer-Encoding")) == 0)

+				return 0;

+

+	return 1;

+}

+#else

+int

+messageIsAllText(const message *m)

+{

+	return (m->encoding == NULL);

+}

+#endif

 /*

  * Decode a line and add it to a buffer, return the end of the buffer

@@ -16,6 +16,9 @@

  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  *

  * $Log: message.h,v $

+ * Revision 1.6  2004/03/21 09:41:27  nigelhorne

+ * Faster scanning for non MIME messages

+ *

  * Revision 1.5  2004/01/28 10:15:24  nigelhorne

  * Added support to scan some bounce messages

  *

@@ -35,6 +38,14 @@ typedef struct message {

 	char	**mimeArguments;

 	char	*mimeDispositionType;	/* probably attachment */

 	text	*body_first, *body_last;

+	/*

+	 * Markers for the start of various non MIME messages that could

+	 * be included within this message

+	 */

+	text	*bounce;	/* start of a bounced message */

+	text	*binhex;	/* start of a binhex message */

+	text	*uuencode;	/* start of a uuencoded message */

+	text	*encoding;	/* is the non MIME message encoded? */

 } message;

 message	*messageCreate(void);

@@ -59,5 +70,6 @@ text	*messageToText(const message *m);

 const	text	*uuencodeBegin(const message *m);

 const	text	*binhexBegin(const message *m);

 const	text	*bounceBegin(const message *m);

+int	messageIsAllText(const message *m);

 #endif	/*_MESSAGE_H*/