@@ -1,3 +1,12 @@

+Mon Jul 19 19:46:03 CEST 2004 (tk)

+----------------------------------

+  * libclamav: use new, faster and memory efficient algorithm (multipattern

+	       variant of Boyer-Moore) for static signature matching (not

+	       yet fully optimised)

+  * libclamav: API: cl_build, cl_free succeed cl_buildtrie, cl_freetrie

+	       (old functions still supported)

+  * all: minor cleanup; fix compilation warnings

+

 Fri Jul 16 17:32:40 CEST 2004 (tk)

 ----------------------------------

   * libclamav: scanners: fix memory leak in new code (thanks to Trog)

@@ -46,7 +46,7 @@ while test $# -gt 0; do

 	;;

     --version)

-	echo devel-20040706

+	echo devel-20040718

 	exit 0

 	;;

@@ -68,7 +68,6 @@ void clamd(struct optstruct *opt)

 	struct cl_node *root = NULL;

 	const char *dbdir, *cfgfile;

 	int ret, virnum = 0, tcpsock;

-	char *var;

 #ifdef C_LINUX

 	struct stat sb;

 #endif

@@ -269,7 +268,7 @@ void clamd(struct optstruct *opt)

     }

     logg("Protecting against %d viruses.\n", virnum);

-    if((ret = cl_buildtrie(root)) != 0) {

+    if((ret = cl_build(root)) != 0) {

 	fprintf(stderr, "ERROR: Database initialization error: %s\n", cl_strerror(ret));;

 	logg("!Database initialization error: %s\n", cl_strerror(ret));;

 	exit(1);

@@ -43,6 +43,8 @@

 #include "shared.h"

 #include "output.h"

+#include "../libclamav/others.h"

+

 #ifdef C_LINUX

 dev_t procdev; /* /proc device */

 #endif

@@ -229,7 +231,7 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root

     while(!bound && portscan--) {

-	if((port = cl_rndnum(60000)) < 1024)

+	if((port = cli_rndnum(60000)) < 1024)

 	    port += 2139;

 	memset((char *) &server, 0, sizeof(server));

@@ -144,7 +144,7 @@ static struct cl_node *reload_db(struct cl_node *root, const struct cfgstruct *c

     /* release old structure */

     if(root) {

-	cl_freetrie(root);

+	cl_free(root);

 	root = NULL;

     }

@@ -173,8 +173,8 @@ static struct cl_node *reload_db(struct cl_node *root, const struct cfgstruct *c

 	exit(-1);

     }

-    if((retval = cl_buildtrie(root)) != 0) {

-	logg("!Database initialization error: can't build the trie: %s\n",

+    if((retval = cl_build(root)) != 0) {

+	logg("!Database initialization error: can't build engine: %s\n",

 	cl_strerror(retval));

 	exit(-1);

     }

@@ -54,11 +54,14 @@

 #include "memory.h"

 #include "output.h"

 #include "cfgparser.h"

+#include "../libclamav/others.h"

 #ifdef C_LINUX

 dev_t procdev;

 #endif

+extern int cli_mbox(const char *dir, int desc); /* FIXME */

+

 int scanmanager(const struct optstruct *opt)

 {

 	mode_t fmode;

@@ -154,8 +157,7 @@ int scanmanager(const struct optstruct *opt)

 	return 50;

     }

-    /* build the proper trie */

-    if((ret=cl_buildtrie(trie)) != 0) {

+    if((ret = cl_build(trie)) != 0) {

 	mprintf("@Database initialization error: %s\n", cl_strerror(ret));;

 	return 50;

     }

@@ -243,7 +245,7 @@ int scanmanager(const struct optstruct *opt)

 		}

 		/* generate the temporary directory */

-		dir = cl_gentemp(tmpdir);

+		dir = cli_gentemp(tmpdir);

 		if(mkdir(dir, 0700)) {

 			mprintf("@Can't create the temporary directory %s\n", dir);

 			exit(63); /* critical */

@@ -255,7 +257,7 @@ int scanmanager(const struct optstruct *opt)

 		/*

 		 * Extract the attachments into the temporary directory

 		 */

-		ret = cl_mbox(dir, 0);

+		ret = cli_mbox(dir, 0);

 		if(ret == 0) {

 			/* fix permissions of extracted files */

@@ -325,7 +327,7 @@ int scanmanager(const struct optstruct *opt)

     }

     /* free the trie */

-    cl_freetrie(trie);

+    cl_free(trie);

     free(limits);

@@ -566,7 +568,7 @@ int scancompressed(const char *filename, struct cl_node *root, const struct pass

     /* generate the temporary directory */

-    gendir = cl_gentemp(tmpdir);

+    gendir = cli_gentemp(tmpdir);

     if(mkdir(gendir, 0700)) {

 	mprintf("@Can't create the temporary directory %s\n", gendir);

 	exit(63); /* critical */

@@ -759,7 +761,7 @@ int scandenied(const char *filename, struct cl_node *root, const struct passwd *

     }

     /* generate the temporary directory */

-    gendir = cl_gentemp(tmpdir);

+    gendir = cli_gentemp(tmpdir);

     if(mkdir(gendir, 0700)) {

 	mprintf("@Can't create the temporary directory %s\n", gendir);

 	exit(63); /* critical */

@@ -57,10 +57,10 @@ int main(int argc, char **argv)

     printf("Loaded %d signatures.\n", no);

-    /* build the final trie */

-    if((ret = cl_buildtrie(root))) {

+    /* build engine */

+    if((ret = cl_build(root))) {

 	printf("Database initialization error: %s\n", cl_strerror(ret));;

-	cl_freetrie(root); /* free the partial trie */

+	cl_free(root);

 	close(fd);

 	exit(2);

     }

@@ -85,7 +85,7 @@ int main(int argc, char **argv)

     mb = size * (CL_COUNT_PRECISION / 1024) / 1024.0;

     printf("Data scanned: %2.2Lf Mb\n", mb);

-    cl_freetrie(root);

+    cl_free(root);

     close(fd);

     exit(ret == CL_VIRUS ? 1 : 0);

@@ -28,6 +28,7 @@

 #include <string.h>

 #include <errno.h>

 #include <signal.h>

+#include <time.h>

 #include <sys/types.h>

 #include <sys/stat.h>

 #include <fcntl.h>

@@ -44,6 +44,8 @@

 #include "manager.h"

 #include "notify.h"

 #include "memory.h"

+#include "output.h"

+#include "../libclamav/others.h"

 int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, const char *hostname)

 {

@@ -213,7 +215,7 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

     /* temporary file is created in clamav's directory thus we don't need

      * to create it immediately because race condition is not possible here

      */

-    tempname = cl_gentemp(".");

+    tempname = cli_gentemp(".");

     if((ret = get_database(remotename, hostfd, tempname, hostname, proxy, user, pass))) {

         mprintf("@Can't download %s from %s\n", remotename, ipaddr);

@@ -34,6 +34,7 @@

 #include "others.h"

 #include "cfgparser.h"

+#include "output.h"

 int notify(const char *cfgfile)

 {

@@ -26,6 +26,10 @@ include_HEADERS = clamav.h

 libclamav_la_SOURCES = \

 	clamav.h \

+        matcher-ac.c \

+        matcher-ac.h \

+        matcher-bm.c \

+        matcher-bm.h \

         matcher.c \

         matcher.h \

         md5.c \

@@ -72,13 +72,13 @@ am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"

 libLTLIBRARIES_INSTALL = $(INSTALL)

 LTLIBRARIES = $(lib_LTLIBRARIES)

 libclamav_la_DEPENDENCIES =

-am_libclamav_la_OBJECTS = matcher.lo md5.lo others.lo readdb.lo cvd.lo \

-	dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo \

-	zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo \

-	zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo \

-	snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo \

-	vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo \

-	qtmd.lo system.lo upx.lo htmlnorm.lo

+am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher.lo \

+	md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo \

+	filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo \

+	zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo \

+	blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo \

+	text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo \

+	cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

 depcomp = $(SHELL) $(top_srcdir)/depcomp

@@ -86,7 +86,8 @@ am__depfiles_maybe = depfiles

 @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/blob.Plo ./$(DEPDIR)/cabd.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/cvd.Plo ./$(DEPDIR)/dsig.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/filetypes.Plo ./$(DEPDIR)/htmlnorm.Plo \

-@AMDEP_TRUE@	./$(DEPDIR)/lzxd.Plo ./$(DEPDIR)/matcher.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/lzxd.Plo ./$(DEPDIR)/matcher-ac.Plo \

+@AMDEP_TRUE@	./$(DEPDIR)/matcher-bm.Plo ./$(DEPDIR)/matcher.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/mbox.Plo ./$(DEPDIR)/md5.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/message.Plo ./$(DEPDIR)/msexpand.Plo \

 @AMDEP_TRUE@	./$(DEPDIR)/mszipd.Plo \

@@ -231,6 +232,10 @@ libclamav_la_LDFLAGS = @TH_SAFE@ -version-info @LIBCLAMAV_VERSION@

 include_HEADERS = clamav.h

 libclamav_la_SOURCES = \

 	clamav.h \

+        matcher-ac.c \

+        matcher-ac.h \

+        matcher-bm.c \

+        matcher-bm.h \

         matcher.c \

         matcher.h \

         md5.c \

@@ -382,6 +387,8 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/filetypes.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htmlnorm.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lzxd.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/matcher-ac.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/matcher-bm.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/matcher.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mbox.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@

@@ -29,8 +29,6 @@ extern "C"

 #endif

-#define CL_NUM_CHILDS 256

-#define CL_MIN_LENGTH 2

 #define CL_COUNT_PRECISION 4096

@@ -76,19 +74,27 @@ extern "C"

 #define CL_HTML		32

 #define CL_PE		64

-struct cli_patt {

+

+struct cli_bm_patt {

+    const char *pattern;

+    char *virname;

+    int length; 

+    struct cli_bm_patt *next;

+};

+

+struct cli_ac_patt {

     short int *pattern;

     unsigned int length, mindist, maxdist;

     char *virname;

     unsigned short int sigid, parts, partno, type, alt, *altn;

     char **altc;

-    struct cli_patt *next;

+    struct cli_ac_patt *next;

 };

 struct cli_ac_node {

     char islast;

-    struct cli_patt *list;

-    struct cli_ac_node *trans[CL_NUM_CHILDS], *fail;

+    struct cli_ac_patt *list;

+    struct cli_ac_node *trans[256], *fail;

 };

 struct cli_md5_node {

@@ -97,13 +103,18 @@ struct cli_md5_node {

 };

 struct cl_node {

-    /* Aho-Corasick */

-    struct cli_ac_node *ac_root, **nodetable;

-    unsigned int maxpatlen, partsigs;

-    unsigned int nodes;

+    unsigned int maxpatlen; /* maximal length of pattern in db */

+

+    /* Extended Boyer-Moore */

+    int *bm_shift;

+    struct cli_bm_patt **bm_suffix;

+

+    /* Extended Aho-Corasick */

+    struct cli_ac_node *ac_root, **ac_nodetable;

+    unsigned int ac_partsigs, ac_nodes;

     /* MD5 */

-    struct cli_md5_node *hlist[256];

+    struct cli_md5_node **md5_hlist;

 };

 struct cl_limits {

@@ -141,12 +152,13 @@ extern int cl_scandesc(int desc, const char **virname, unsigned long int *scanne

 extern int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options);

-/* database loading */

+/* database */

 extern int cl_loaddb(const char *filename, struct cl_node **root, int *virnum);

 extern int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum);

 extern const char *cl_retdbdir(void);

 extern int cl_retflevel(void);

+/* CVD */

 extern struct cl_cvd *cl_cvdhead(const char *file);

 extern struct cl_cvd *cl_cvdparse(const char *head);

 extern int cl_cvdverify(const char *file);

@@ -162,24 +174,12 @@ extern void cl_debug(void);

 extern void cl_settempdir(const char *dir, short leavetemps);

-/* build a trie */

-extern int cl_buildtrie(struct cl_node *root);

-

-extern void cl_freetrie(struct cl_node *root);

+extern int cl_build(struct cl_node *root);

+extern void cl_free(struct cl_node *root);

 extern const char *cl_strerror(int clerror);

 extern const char *cl_perror(int clerror); /* deprecated */

-extern char *cl_md5buff(const char *buffer, unsigned int length);

-

-extern int cl_mbox(const char *dir, int desc);

-

-/* compute MD5 message digest from file (compatible with md5sum(1)) */

-extern char *cl_md5file(const char *filename);

-

-/* generate unique file name in temporary directory */

-char *cl_gentemp(const char *dir);

-

 #ifdef __cplusplus

 };

 #endif

@@ -342,7 +342,7 @@ int cli_cvdload(FILE *fd, struct cl_node **root, int *virnum)

 	tmpdir = "/tmp";

 #endif

-    dir = cl_gentemp(tmpdir);

+    dir = cli_gentemp(tmpdir);

     if(mkdir(dir, 0700)) {

 	cli_errmsg("cli_cvdload():  Can't create temporary directory %s\n", dir);

 	return CL_ETMPDIR;

@@ -361,7 +361,7 @@ int cli_cvdload(FILE *fd, struct cl_node **root, int *virnum)

 	    /* start */

-	    tmp = cl_gentemp(tmpdir);

+	    tmp = cli_gentemp(tmpdir);

 	    if((tmpd = fopen(tmp, "wb+")) == NULL) {

 		cli_errmsg("Can't create temporary file %s\n", tmp);

 		free(dir);

@@ -33,6 +33,7 @@

 #include "clamav.h"

 #include "others.h"

 #include "dsig.h"

+#include "str.h"

 static const char *cli_nstr = "118640995551645342603070001658453189751527774412027743746599405743243142607464144767361060640655844749760788890022283424922762488917565551002467771109669598189410434699034532232228621591089508178591428456220796841621637175567590476666928698770143328137383952820383197532047771780196576957695822641224262693037"; /* 1024 bits */

@@ -118,7 +119,7 @@ int cli_versig(const char *md5, const char *dsig)

 	return CL_EDSIG;

     }

-    pt2 = cl_str2hex(pt, 16);

+    pt2 = cli_str2hex(pt, 16);

     free(pt);

     cli_dbgmsg("Decoded signature: %s\n", pt2);

@@ -27,6 +27,8 @@

 #include "clamav.h"

 #include "filetypes.h"

+#include "others.h"

+#include "readdb.h"

 struct cli_magic_s {

     int offset;

@@ -21,6 +21,8 @@

 #endif

 #include <stdio.h>

+#include <string.h>

+#include <ctype.h>

 #include <unistd.h>

 #include <sys/types.h>

 #include <sys/stat.h>

new file mode 100644

@@ -0,0 +1,352 @@

+/*

+ *  C implementation of the Aho-Corasick pattern matching algorithm. It's based

+ *  on ScannerDaemon's Java version by Kurt Huwig and

+ *  http://www-sr.informatik.uni-tuebingen.de/~buehler/AC/AC.html

+ *  Thanks to Kurt Huwig for pointing me to this page.

+ *

+ *  Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdio.h>

+#include <string.h>

+#include <stdlib.h>

+#include <unistd.h>

+

+#include "clamav.h"

+#include "others.h"

+#include "matcher-ac.h"

+#include "unrarlib.h"

+#include "defaults.h"

+#include "filetypes.h"

+

+#define AC_MIN_LENGTH 2

+

+struct nodelist {

+    struct cli_ac_node *node;

+    struct nodelist *next;

+};

+

+int cli_ac_addpatt(struct cl_node *root, struct cli_ac_patt *pattern)

+{

+	struct cli_ac_node *pos, *next;

+	int i;

+

+    if(pattern->length < AC_MIN_LENGTH)

+	return CL_EPATSHORT;

+

+    pos = root->ac_root;

+

+    for(i = 0; i < AC_MIN_LENGTH; i++) {

+	next = pos->trans[((unsigned char) pattern->pattern[i]) & 0xff]; 

+

+	if(!next) {

+	    next = (struct cli_ac_node *) cli_calloc(1, sizeof(struct cli_ac_node));

+	    if(!next) {

+		cli_dbgmsg("Unable to allocate pattern node (%d)\n", sizeof(struct cl_node));

+		return CL_EMEM;

+	    }

+

+	    root->ac_nodes++;

+	    root->ac_nodetable = (struct cli_ac_node **) cli_realloc(root->ac_nodetable, (root->ac_nodes) * sizeof(struct cli_ac_node *));

+	    if(root->ac_nodetable == NULL) {

+		cli_dbgmsg("Unable to realloc nodetable (%d)\n", (root->ac_nodes) * sizeof(struct cl_node *));

+		return CL_EMEM;

+	    }

+	    root->ac_nodetable[root->ac_nodes - 1] = next;

+

+	    pos->trans[((unsigned char) pattern->pattern[i]) & 0xff] = next;

+	}

+

+	pos = next;

+    }

+

+    pos->islast = 1;

+

+    pattern->next = pos->list;

+    pos->list = pattern;

+

+    return 0;

+}

+

+static int cli_enqueue(struct nodelist **bfs, struct cli_ac_node *n)

+{

+	struct nodelist *new;

+

+    new = (struct nodelist *) cli_calloc(1, sizeof(struct nodelist));

+    if (new == NULL) {

+	cli_dbgmsg("Unable to allocate node list (%d)\n", sizeof(struct nodelist));

+	return CL_EMEM;

+    }

+

+    new->next = *bfs;

+    new->node = n;

+    *bfs = new;

+    return 0;

+}

+

+static struct cli_ac_node *cli_dequeue(struct nodelist **bfs)

+{

+	struct nodelist *handler, *prev = NULL;

+	struct cli_ac_node *pt;

+

+    handler = *bfs;

+

+    while(handler && handler->next) {

+	prev = handler;

+	handler = handler->next;

+    }

+

+    if(!handler) {

+	return NULL;

+    } else {

+	pt = handler->node;

+	free(handler);

+	if(prev)

+	    prev->next = NULL;

+	else

+	    *bfs = NULL;

+

+	return pt;

+    }

+}

+

+static int cli_maketrans(struct cl_node *root)

+{

+	struct nodelist *bfs = NULL;

+	struct cli_ac_node *ac_root = root->ac_root, *child, *node;

+	int i, ret;

+

+

+    ac_root->fail = NULL;

+    if((ret = cli_enqueue(&bfs, ac_root)) != 0) {

+	return ret;

+    }

+

+    while((node = cli_dequeue(&bfs))) {

+	if(node->islast)

+	    continue;

+

+	for(i = 0; i < 256; i++) {

+	    child = node->trans[i];

+	    if(!child) {

+		if(node->fail)

+		    node->trans[i] = (node->fail)->trans[i];

+		else

+		    node->trans[i] = ac_root;

+	    } else {

+		if(node->fail)

+		    child->fail = (node->fail)->trans[i];

+		else

+		    child->fail = ac_root;

+

+		if((ret = cli_enqueue(&bfs, child)) != 0) {

+		    return ret;

+		}

+	    }

+	}

+    }

+    return 0;

+}

+

+int cli_ac_buildtrie(struct cl_node *root)

+{

+	int ret;

+

+    if(!root)

+	return CL_EMALFDB;

+

+    if(!root->ac_root) {

+	cli_dbgmsg("Pattern matcher not initialised\n");

+	return 0;

+    }

+

+    if((ret = cli_addtypesigs(root)))

+	return ret;

+

+    return cli_maketrans(root);

+}

+

+static void cli_freepatt(struct cli_ac_patt *list)

+{

+	struct cli_ac_patt *handler, *prev;

+	int i;

+

+

+    handler = list;

+

+    while(handler) {

+	free(handler->pattern);

+	free(handler->virname);

+	if(handler->alt) {

+	    free(handler->altn);

+	    for(i = 0; i < handler->alt; i++)

+		free(handler->altc[i]);

+	    free(handler->altc);

+	}

+	prev = handler;

+	handler = handler->next;

+	free(prev);

+    }

+}

+

+void cli_ac_free(struct cl_node *root)

+{

+	unsigned int i;

+

+

+    for(i = 0; i < root->ac_nodes; i++) {

+	cli_freepatt(root->ac_nodetable[i]->list);

+	free(root->ac_nodetable[i]);

+    }

+

+    if(root->ac_nodetable)

+	free(root->ac_nodetable);

+

+    if(root->ac_root)

+	free(root->ac_root);

+}

+

+static int inline cli_findpos(const char *buffer, int offset, int length, const struct cli_ac_patt *pattern)

+{

+	int bufferpos = offset + AC_MIN_LENGTH;

+	int postfixend = offset + length;

+	unsigned int i, j, alt = 0, found = 0;

+

+

+    if(bufferpos >= length)

+	bufferpos %= length;

+

+    for(i = AC_MIN_LENGTH; i < pattern->length; i++) {

+

+	if(bufferpos == postfixend)

+	    return 0;

+

+	if(pattern->pattern[i] == CLI_ALT) {

+	    for(j = 0; j < pattern->altn[alt]; j++) {

+		if(pattern->altc[alt][j] == buffer[bufferpos])

+		    found = 1;

+	    }

+

+	    if(!found)

+		return 0;

+	    alt++;

+

+	} else if(pattern->pattern[i] != CLI_IGN && (char) pattern->pattern[i] != buffer[bufferpos])

+	    return 0;

+

+	bufferpos++;

+

+	if(bufferpos == length)

+	    bufferpos = 0;

+    }

+

+    return 1;

+}

+

+int cli_ac_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, int *partcnt, int typerec, unsigned long int offset, unsigned long int *partoff)

+{

+	struct cli_ac_node *current;

+	struct cli_ac_patt *pt;

+	int position, type = CL_CLEAN, dist;

+        unsigned int i;

+

+

+    if(!root->ac_root) {

+	cli_dbgmsg("cli_ac_scanbuff: Pattern matcher not initialised\n");

+	return CL_CLEAN;

+    }

+

+    if(!partcnt || !partoff) {

+	cli_dbgmsg("cli_ac_scanbuff(): partcnt == NULL || partoff == NULL\n");

+	return CL_ENULLARG;

+    }

+

+    current = root->ac_root;

+

+    for(i = 0; i < length; i++)  {

+	current = current->trans[(unsigned char) buffer[i] & 0xff];

+

+	if(current->islast) {

+	    position = i - AC_MIN_LENGTH + 1;

+

+	    pt = current->list;

+	    while(pt) {

+		if(cli_findpos(buffer, position, length, pt)) {

+		    if(pt->sigid) { /* it's a partial signature */

+			if(partcnt[pt->sigid] + 1 == pt->partno) {

+

+			    dist = 1;

+			    if(pt->maxdist)

+				if(offset + i - partoff[pt->sigid] > pt->maxdist)

+				    dist = 0;

+

+			    if(dist && pt->mindist)

+				if(offset + i - partoff[pt->sigid] < pt->mindist)

+				    dist = 0;

+

+			    if(dist) {

+				partoff[pt->sigid] = offset + i + pt->length;

+

+				if(++partcnt[pt->sigid] == pt->parts) { /* the last one */

+				    if(pt->type) {

+					if(typerec) {

+					    if(pt->type > type) {

+						cli_dbgmsg("Matched signature for file type: %s\n", pt->virname);

+						type = pt->type;

+					    }

+					}

+				    } else {

+					if(virname)

+					    *virname = pt->virname;

+

+					return CL_VIRUS;

+				    }

+				}

+			    }

+			}

+

+		    } else { /* old type signature */

+			if(pt->type) {

+			    if(typerec) {

+				if(pt->type > type) {

+				    cli_dbgmsg("Matched signature for file type: %s\n", pt->virname);

+

+				    type = pt->type;

+				}

+			    }

+			} else {

+			    if(virname)

+				*virname = pt->virname;

+

+			    return CL_VIRUS;

+			}

+		    }

+		}

+

+		pt = pt->next;

+	    }

+

+	    current = current->fail;

+	}

+    }

+

+    return typerec ? type : CL_CLEAN;

+}

new file mode 100644

@@ -0,0 +1,29 @@

+/*

+ *  Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+ */

+

+#ifndef __MATCHER_AC_H

+#define __MATCHER_AC_H

+

+#include "clamav.h"

+

+int cli_ac_addpatt(struct cl_node *root, struct cli_ac_patt *pattern);

+int cli_ac_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, int *partcnt, int typerec, unsigned long int offset, unsigned long int *partoff);

+int cli_ac_buildtrie(struct cl_node *root);

+void cli_ac_free(struct cl_node *root);

+

+#endif

new file mode 100644

@@ -0,0 +1,149 @@

+/*

+ *  Copyright (C) 2004 Tomasz Kojm <tkojm@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+ */

+

+#include "clamav.h"

+#include "memory.h"

+#include "others.h"

+#include "cltypes.h"

+

+#define BM_MIN_LENGTH 10

+#define BM_BLOCK_SIZE 3

+

+#define MIN(a,b) (a < b) ? a : b

+

+

+int cli_bm_addpatt(struct cl_node *root, struct cli_bm_patt *pattern)

+{

+	int i;

+	uint16_t idx;

+	const char *pt = pattern->pattern;

+	struct cli_bm_patt *prev, *next = NULL;

+

+

+    if(pattern->length < BM_MIN_LENGTH) {

+	cli_dbgmsg("Ignoring signature for %s (too short)\n", pattern->virname);

+	/* return CL_EPATSHORT; */

+    }

+

+    for(i = BM_MIN_LENGTH - BM_BLOCK_SIZE; i >= 0; i--) {