@@ -29,8 +29,8 @@

 #endif

 #ifdef CL_THREAD_SAFE

-#ifndef	_REENTRANT

-#define	_REENTRANT	/* for Solaris 2.8 */

+#ifndef _REENTRANT

+#define _REENTRANT /* for Solaris 2.8 */

 #endif

 #endif

@@ -39,23 +39,23 @@

 #include <errno.h>

 #include <assert.h>

 #include <string.h>

-#ifdef	HAVE_STRINGS_H

+#ifdef HAVE_STRINGS_H

 #include <strings.h>

 #endif

-#ifdef	HAVE_STRING_H

+#ifdef HAVE_STRING_H

 #include <string.h>

 #endif

 #include <ctype.h>

 #include <time.h>

 #include <fcntl.h>

-#ifdef	HAVE_SYS_PARAM_H

+#ifdef HAVE_SYS_PARAM_H

 #include <sys/param.h>

 #endif

 #include <dirent.h>

 #include <limits.h>

 #include <signal.h>

-#ifdef	HAVE_UNISTD_H

+#ifdef HAVE_UNISTD_H

 #include <unistd.h>

 #endif

@@ -63,7 +63,7 @@

 #include <stddef.h>

 #endif

-#ifdef	CL_THREAD_SAFE

+#ifdef CL_THREAD_SAFE

 #include <pthread.h>

 #endif

@@ -86,9 +86,9 @@

 #define DCONF_PHISHING mctx->ctx->dconf->phishing

-#ifdef	CL_DEBUG

+#ifdef CL_DEBUG

-#if	defined(C_LINUX)

+#if defined(C_LINUX)

 #include <features.h>

 #endif

@@ -101,52 +101,53 @@

 #include <execinfo.h>

 #include <syslog.h>

-static	void	sigsegv(int sig);

-static	void	print_trace(int use_syslog);

+static void sigsegv(int sig);

+static void print_trace(int use_syslog);

-/*#define	SAVE_TMP */	/* Save the file being worked on in tmp */

+/*#define	SAVE_TMP */ /* Save the file being worked on in tmp */

 #endif

-#if	defined(NO_STRTOK_R) || !defined(CL_THREAD_SAFE)

+#if defined(NO_STRTOK_R) || !defined(CL_THREAD_SAFE)

 #undef strtok_r

 #undef __strtok_r

-#define strtok_r(a,b,c)	strtok(a,b)

+#define strtok_r(a, b, c) strtok(a, b)

 #endif

-#ifdef	HAVE_STDBOOL_H

-#ifdef	C_BEOS

+#ifdef HAVE_STDBOOL_H

+#ifdef C_BEOS

 #include "SupportDefs.h"

 #else

 #include <stdbool.h>

 #endif

 #else

-#ifdef	FALSE

-typedef	unsigned	char	bool;

+#ifdef FALSE

+typedef unsigned char bool;

 #else

-typedef enum	{ FALSE = 0, TRUE = 1 } bool;

+typedef enum { FALSE = 0,

+               TRUE  = 1 } bool;

 #endif

 #endif

-typedef	enum {

-	FAIL,

-	OK,

-	OK_ATTACHMENTS_NOT_SAVED,

-	VIRUS,

-	MAXREC,

-	MAXFILES

+typedef enum {

+    FAIL,

+    OK,

+    OK_ATTACHMENTS_NOT_SAVED,

+    VIRUS,

+    MAXREC,

+    MAXFILES

 } mbox_status;

 #ifndef isblank

-#define isblank(c)	(((c) == ' ') || ((c) == '\t'))

+#define isblank(c) (((c) == ' ') || ((c) == '\t'))

 #endif

-#define	SAVE_TO_DISC	/* multipart/message are saved in a temporary file */

+#define SAVE_TO_DISC /* multipart/message are saved in a temporary file */

 #include "htmlnorm.h"

 #include "phishcheck.h"

-#ifndef	_WIN32

+#ifndef _WIN32

 #include <sys/time.h>

 #include <netdb.h>

 #include <sys/socket.h>

@@ -170,19 +171,19 @@ typedef	enum {

  */

 /*#define	NEW_WORLD*/

-/*#define	SCAN_UNENCODED_BOUNCES	*//*

+/*#define	SCAN_UNENCODED_BOUNCES	*/ /*

 					 * Slows things down a lot and only catches unencoded copies

 					 * of EICAR within bounces, which don't matter

 					 */

-typedef	struct	mbox_ctx {

-	const	char	*dir;

-	const	table_t	*rfc821Table;

-	const	table_t	*subtypeTable;

-	cli_ctx	*ctx;

-	unsigned	int	files;	/* number of files extracted */

+typedef struct mbox_ctx {

+    const char *dir;

+    const table_t *rfc821Table;

+    const table_t *subtypeTable;

+    cli_ctx *ctx;

+    unsigned int files; /* number of files extracted */

 #if HAVE_JSON

-	json_object *wrkobj;

+    json_object *wrkobj;

 #endif

 } mbox_ctx;

@@ -199,157 +200,134 @@ typedef	struct	mbox_ctx {

 #define UNLOCKFILE(fp)

 #endif

-static	int	cli_parse_mbox(const char *dir, cli_ctx *ctx);

-static	message	*parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821Table, const char *firstLine, const char *dir);

-static	message	*parseEmailHeaders(message *m, const table_t *rfc821Table);

-static	int	parseEmailHeader(message *m, const char *line, const table_t *rfc821Table);

-static	int	parseMHTMLComment(const char *comment, cli_ctx *ctx, void *wrkjobj, void *cbdata);

-static	mbox_status	parseRootMHTML(mbox_ctx *mctx, message *m, text *t);

-static	mbox_status	parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int recursion_level);

-static	int	boundaryStart(const char *line, const char *boundary);

-static	int	boundaryEnd(const char *line, const char *boundary);

-static	int	initialiseTables(table_t **rfc821Table, table_t **subtypeTable);

-static	int	getTextPart(message *const messages[], size_t size);

-static	size_t	strip(char *buf, int len);

-static	int	parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg);

-static	int	saveTextPart(mbox_ctx *mctx, message *m, int destroy_text);

-static	char	*rfc2047(const char *in);

-static	char	*rfc822comments(const char *in, char *out);

-static	int	rfc1341(message *m, const char *dir);

-static	bool	usefulHeader(int commandNumber, const char *cmd);

-static	char	*getline_from_mbox(char *buffer, size_t len, fmap_t *map, size_t *at);

-static	bool	isBounceStart(mbox_ctx *mctx, const char *line);

-static	bool	exportBinhexMessage(mbox_ctx *mctx, message *m);

-static	int	exportBounceMessage(mbox_ctx *ctx, text *start);

-static	const	char	*getMimeTypeStr(mime_type mimetype);

-static	const	char	*getEncTypeStr(encoding_type enctype);

-static	message	*do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, mbox_ctx *mctx, message *messageIn, text **tptr, unsigned int recursion_level);

-static	int	count_quotes(const char *buf);

-static	bool	next_is_folded_header(const text *t);

-static	bool	newline_in_header(const char *line);

-

-static	blob	*getHrefs(message *m, tag_arguments_t *hrefs);

-static	void	hrefs_done(blob *b, tag_arguments_t *hrefs);

-static	void	checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html);

+static int cli_parse_mbox(const char *dir, cli_ctx *ctx);

+static message *parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821Table, const char *firstLine, const char *dir);

+static message *parseEmailHeaders(message *m, const table_t *rfc821Table);

+static int parseEmailHeader(message *m, const char *line, const table_t *rfc821Table);

+static int parseMHTMLComment(const char *comment, cli_ctx *ctx, void *wrkjobj, void *cbdata);

+static mbox_status parseRootMHTML(mbox_ctx *mctx, message *m, text *t);

+static mbox_status parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int recursion_level);

+static int boundaryStart(const char *line, const char *boundary);

+static int boundaryEnd(const char *line, const char *boundary);

+static int initialiseTables(table_t **rfc821Table, table_t **subtypeTable);

+static int getTextPart(message *const messages[], size_t size);

+static size_t strip(char *buf, int len);

+static int parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg);

+static int saveTextPart(mbox_ctx *mctx, message *m, int destroy_text);

+static char *rfc2047(const char *in);

+static char *rfc822comments(const char *in, char *out);

+static int rfc1341(message *m, const char *dir);

+static bool usefulHeader(int commandNumber, const char *cmd);

+static char *getline_from_mbox(char *buffer, size_t len, fmap_t *map, size_t *at);

+static bool isBounceStart(mbox_ctx *mctx, const char *line);

+static bool exportBinhexMessage(mbox_ctx *mctx, message *m);

+static int exportBounceMessage(mbox_ctx *ctx, text *start);

+static const char *getMimeTypeStr(mime_type mimetype);

+static const char *getEncTypeStr(encoding_type enctype);

+static message *do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, mbox_ctx *mctx, message *messageIn, text **tptr, unsigned int recursion_level);

+static int count_quotes(const char *buf);

+static bool next_is_folded_header(const text *t);

+static bool newline_in_header(const char *line);

+

+static blob *getHrefs(message *m, tag_arguments_t *hrefs);

+static void hrefs_done(blob *b, tag_arguments_t *hrefs);

+static void checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html);

 /* Maximum line length according to RFC2821 */

-#define	RFC2821LENGTH	1000

+#define RFC2821LENGTH 1000

 /* Hashcodes for our hash tables */

-#define	CONTENT_TYPE			1

-#define	CONTENT_TRANSFER_ENCODING	2

-#define	CONTENT_DISPOSITION		3

+#define CONTENT_TYPE 1

+#define CONTENT_TRANSFER_ENCODING 2

+#define CONTENT_DISPOSITION 3

 /* Mime sub types */

-#define	PLAIN		1

-#define	ENRICHED	2

-#define	HTML		3

-#define	RICHTEXT	4

-#define	MIXED		5

-#define	ALTERNATIVE	6	/* RFC1521*/

-#define	DIGEST		7

-#define	SIGNED		8

-#define	PARALLEL	9

-#define	RELATED		10	/* RFC2387 */

-#define	REPORT		11	/* RFC1892 */

-#define	APPLEDOUBLE	12	/* Handling of this in only noddy for now */

-#define	FAX		MIXED	/*

-				 * RFC3458

-				 * Drafts stated to treat is as mixed if it is

-				 * not known.  This disappeared in the final

-				 * version (except when talking about

-				 * voice-message), but it is good enough for us

-				 * since we do no validation of coversheet

-				 * presence etc. (which also has disappeared

-				 * in the final version)

-				 */

-#define	ENCRYPTED	13	/*

-				 * e.g. RFC2015

-				 * Content-Type: multipart/encrypted;

-				 * boundary="nextPart1383049.XCRrrar2yq";

-				 * protocol="application/pgp-encrypted"

-				 */

-#define	X_BFILE		RELATED	/*

-				 * BeOS, expert two parts: the file and it's

-				 * attributes. The attributes part comes as

-				 *	Content-Type: application/x-be_attribute

-				 *		name="foo"

-				 * I can't find where it is defined, any

-				 * pointers would be appreciated. For now

-				 * we treat it as multipart/related

-				 */

-#define	KNOWBOT		14	/* Unknown and undocumented format? */

-

-static	const	struct tableinit {

-	const	char	*key;

-	int	value;

+#define PLAIN 1

+#define ENRICHED 2

+#define HTML 3

+#define RICHTEXT 4

+#define MIXED 5

+#define ALTERNATIVE 6 /* RFC1521*/

+#define DIGEST 7

+#define SIGNED 8

+#define PARALLEL 9

+#define RELATED 10      /* RFC2387 */

+#define REPORT 11       /* RFC1892 */

+#define APPLEDOUBLE 12  /* Handling of this in only noddy for now */

+#define FAX MIXED       /*                                              \

+                         * RFC3458                                      \

+                         * Drafts stated to treat is as mixed if it is  \

+                         * not known.  This disappeared in the final    \

+                         * version (except when talking about           \

+                         * voice-message), but it is good enough for us \

+                         * since we do no validation of coversheet      \

+                         * presence etc. (which also has disappeared    \

+                         * in the final version)                        \

+                         */

+#define ENCRYPTED 13    /*                                        \

+                         * e.g. RFC2015                           \

+                         * Content-Type: multipart/encrypted;     \

+                         * boundary="nextPart1383049.XCRrrar2yq"; \

+                         * protocol="application/pgp-encrypted"   \

+                         */

+#define X_BFILE RELATED /*                                           \

+                         * BeOS, expert two parts: the file and it's \

+                         * attributes. The attributes part comes as  \

+                         *	Content-Type: application/x-be_attribute  \

+                         *		name="foo"                               \

+                         * I can't find where it is defined, any     \

+                         * pointers would be appreciated. For now    \

+                         * we treat it as multipart/related          \

+                         */

+#define KNOWBOT 14      /* Unknown and undocumented format? */

+

+static const struct tableinit {

+    const char *key;

+    int value;

 } rfc821headers[] = {

-	/* TODO: make these regular expressions */

-	{	"Content-Type",			CONTENT_TYPE		},

-	{	"Content-Transfer-Encoding",	CONTENT_TRANSFER_ENCODING	},

-	{	"Content-Disposition",		CONTENT_DISPOSITION	},

-	{	NULL,				0			}

-}, mimeSubtypes[] = {	/* see RFC2045 */

-		/* subtypes of Text */

-	{	"plain",	PLAIN		},

-	{	"enriched",	ENRICHED	},

-	{	"html",		HTML		},

-	{	"richtext",	RICHTEXT	},

-		/* subtypes of Multipart */

-	{	"mixed",	MIXED		},

-	{	"alternative",	ALTERNATIVE	},

-	{	"digest",	DIGEST		},

-	{	"signed",	SIGNED		},

-	{	"parallel",	PARALLEL	},

-	{	"related",	RELATED		},

-	{	"report",	REPORT		},

-	{	"appledouble",	APPLEDOUBLE	},

-	{	"fax-message",	FAX		},

-	{	"encrypted",	ENCRYPTED	},

-	{	"x-bfile",	X_BFILE		},	/* BeOS */

-	{	"knowbot",		KNOWBOT		},	/* ??? */

-	{	"knowbot-metadata",	KNOWBOT		},	/* ??? */

-	{	"knowbot-code",		KNOWBOT		},	/* ??? */

-	{	"knowbot-state",	KNOWBOT		},	/* ??? */

-	{	NULL,		0		}

-}, mimeTypeStr[] = {

-	{	"NOMIME", 	NOMIME		},

-	{	"APPLICATION",	APPLICATION	},

-	{	"AUDIO",	AUDIO		},

-	{	"IMAGE",	IMAGE		},

-	{	"MESSAGE",	MESSAGE		},

-	{	"MULTIPART",	MULTIPART	},

-	{	"TEXT",		TEXT		},

-	{	"VIDEO",	VIDEO		},

-	{	"MEXTENSION",	MEXTENSION	},

-	{	NULL,		0		}

-}, encTypeStr[] = {

-	{	"NOENCODING", 	NOENCODING	},

-	{	"QUOTEDPRINTABLE", 	QUOTEDPRINTABLE	},

-	{	"BASE64", 	BASE64		},

-	{	"EIGHTBIT", 	EIGHTBIT	},

-	{	"BINARY", 	BINARY		},

-	{	"UUENCODE", 	UUENCODE	},

-	{	"YENCODE", 	YENCODE		},

-	{	"EEXTENSION", 	EEXTENSION	},

-	{	"BINHEX", 	BINHEX		},

-	{	NULL,		0		}

-};

-

-#ifdef	CL_THREAD_SAFE

-static	pthread_mutex_t	tables_mutex = PTHREAD_MUTEX_INITIALIZER;

+    /* TODO: make these regular expressions */

+    {"Content-Type", CONTENT_TYPE},

+    {"Content-Transfer-Encoding", CONTENT_TRANSFER_ENCODING},

+    {"Content-Disposition", CONTENT_DISPOSITION},

+    {NULL, 0}},

+  mimeSubtypes[] = {/* see RFC2045 */

+                    /* subtypes of Text */

+                    {"plain", PLAIN},

+                    {"enriched", ENRICHED},

+                    {"html", HTML},

+                    {"richtext", RICHTEXT},

+                    /* subtypes of Multipart */

+                    {"mixed", MIXED},

+                    {"alternative", ALTERNATIVE},

+                    {"digest", DIGEST},

+                    {"signed", SIGNED},

+                    {"parallel", PARALLEL},

+                    {"related", RELATED},

+                    {"report", REPORT},

+                    {"appledouble", APPLEDOUBLE},

+                    {"fax-message", FAX},

+                    {"encrypted", ENCRYPTED},

+                    {"x-bfile", X_BFILE},          /* BeOS */

+                    {"knowbot", KNOWBOT},          /* ??? */

+                    {"knowbot-metadata", KNOWBOT}, /* ??? */

+                    {"knowbot-code", KNOWBOT},     /* ??? */

+                    {"knowbot-state", KNOWBOT},    /* ??? */

+                    {NULL, 0}},

+  mimeTypeStr[] = {{"NOMIME", NOMIME}, {"APPLICATION", APPLICATION}, {"AUDIO", AUDIO}, {"IMAGE", IMAGE}, {"MESSAGE", MESSAGE}, {"MULTIPART", MULTIPART}, {"TEXT", TEXT}, {"VIDEO", VIDEO}, {"MEXTENSION", MEXTENSION}, {NULL, 0}}, encTypeStr[] = {{"NOENCODING", NOENCODING}, {"QUOTEDPRINTABLE", QUOTEDPRINTABLE}, {"BASE64", BASE64}, {"EIGHTBIT", EIGHTBIT}, {"BINARY", BINARY}, {"UUENCODE", UUENCODE}, {"YENCODE", YENCODE}, {"EEXTENSION", EEXTENSION}, {"BINHEX", BINHEX}, {NULL, 0}};

+

+#ifdef CL_THREAD_SAFE

+static pthread_mutex_t tables_mutex = PTHREAD_MUTEX_INITIALIZER;

 #endif

-static	table_t *rfc821 = NULL;

-static	table_t *subtype = NULL;

+static table_t *rfc821  = NULL;

+static table_t *subtype = NULL;

-int

-cli_mbox(const char *dir, cli_ctx *ctx)

+int cli_mbox(const char *dir, cli_ctx *ctx)

 {

-	if(dir == NULL) {

-		cli_dbgmsg("cli_mbox called with NULL dir\n");

-		return CL_ENULLARG;

-	}

-	return cli_parse_mbox(dir, ctx);

+    if (dir == NULL) {

+        cli_dbgmsg("cli_mbox called with NULL dir\n");

+        return CL_ENULLARG;

+    }

+    return cli_parse_mbox(dir, ctx);

 }

 /*

@@ -370,51 +348,51 @@ cli_mbox(const char *dir, cli_ctx *ctx)

 static int

 cli_parse_mbox(const char *dir, cli_ctx *ctx)

 {

-	int retcode;

-	message *body;

-	char buffer[RFC2821LENGTH + 1];

-	mbox_ctx mctx;

-	size_t at = 0;

-	fmap_t *map = *ctx->fmap;

-

-	cli_dbgmsg("in mbox()\n");

-

-	if(!fmap_gets(map, buffer, &at, sizeof(buffer) - 1)) {

-		/* empty message */

-		return CL_CLEAN;

-	}

-#ifdef	CL_THREAD_SAFE

-	pthread_mutex_lock(&tables_mutex);

+    int retcode;

+    message *body;

+    char buffer[RFC2821LENGTH + 1];

+    mbox_ctx mctx;

+    size_t at   = 0;

+    fmap_t *map = *ctx->fmap;

+

+    cli_dbgmsg("in mbox()\n");

+

+    if (!fmap_gets(map, buffer, &at, sizeof(buffer) - 1)) {

+        /* empty message */

+        return CL_CLEAN;

+    }

+#ifdef CL_THREAD_SAFE

+    pthread_mutex_lock(&tables_mutex);

 #endif

-	if(rfc821 == NULL) {

-		assert(subtype == NULL);

-

-		if(initialiseTables(&rfc821, &subtype) < 0) {

-			rfc821 = NULL;

-			subtype = NULL;

-#ifdef	CL_THREAD_SAFE

-			pthread_mutex_unlock(&tables_mutex);

+    if (rfc821 == NULL) {

+        assert(subtype == NULL);

+

+        if (initialiseTables(&rfc821, &subtype) < 0) {

+            rfc821  = NULL;

+            subtype = NULL;

+#ifdef CL_THREAD_SAFE

+            pthread_mutex_unlock(&tables_mutex);

 #endif

-			return CL_EMEM;

-		}

-	}

-#ifdef	CL_THREAD_SAFE

-	pthread_mutex_unlock(&tables_mutex);

+            return CL_EMEM;

+        }

+    }

+#ifdef CL_THREAD_SAFE

+    pthread_mutex_unlock(&tables_mutex);

 #endif

-	retcode = CL_SUCCESS;

-	body = NULL;

+    retcode = CL_SUCCESS;

+    body    = NULL;

-	mctx.dir = dir;

-	mctx.rfc821Table = rfc821;

-	mctx.subtypeTable = subtype;

-	mctx.ctx = ctx;

-	mctx.files = 0;

+    mctx.dir          = dir;

+    mctx.rfc821Table  = rfc821;

+    mctx.subtypeTable = subtype;

+    mctx.ctx          = ctx;

+    mctx.files        = 0;

 #if HAVE_JSON

-	mctx.wrkobj = ctx->wrkproperty;

+    mctx.wrkobj = ctx->wrkproperty;

 #endif

-	/*

+    /*

 	 * Is it a UNIX style mbox with more than one

 	 * mail message, or just a single mail message?

 	 *

@@ -423,9 +401,9 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)

 	 * than one message is handled, e.g. giving a better indication of

 	 * which message within the mailbox is infected

 	 */

-	/*if((strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/

-	if(strncmp(buffer, "From ", 5) == 0) {

-		/*

+    /*if((strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/

+    if (strncmp(buffer, "From ", 5) == 0) {

+        /*

 		 * Have been asked to check a UNIX style mbox file, which

 		 * may contain more than one e-mail message to decode

 		 *

@@ -443,47 +421,47 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)

 		 * This would remove a problem with this code that it can

 		 * fill up the tmp directory before it starts scanning

 		 */

-		bool lastLineWasEmpty;

-		int messagenumber;

-		message *m = messageCreate();

-

-		if(m == NULL)

-			return CL_EMEM;

-

-		lastLineWasEmpty = FALSE;

-		messagenumber = 1;

-		messageSetCTX(m, ctx);

-

-		do {

-			cli_chomp(buffer);

-			/*if(lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/

-			if(lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0)) {

-				cli_dbgmsg("Deal with message number %d\n", messagenumber++);

-				/*

+        bool lastLineWasEmpty;

+        int messagenumber;

+        message *m = messageCreate();

+

+        if (m == NULL)

+            return CL_EMEM;

+

+        lastLineWasEmpty = FALSE;

+        messagenumber    = 1;

+        messageSetCTX(m, ctx);

+

+        do {

+            cli_chomp(buffer);

+            /*if(lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/

+            if (lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0)) {

+                cli_dbgmsg("Deal with message number %d\n", messagenumber++);

+                /*

 				 * End of a message in the mail box

 				 */

-				body = parseEmailHeaders(m, rfc821);

-				if(body == NULL) {

-					messageReset(m);

-					continue;

-				}

-				messageSetCTX(body, ctx);

-				messageDestroy(m);

-				if(messageGetBody(body)) {

-					mbox_status rc = parseEmailBody(body, NULL, &mctx, 0);

-					if(rc == FAIL) {

-						messageReset(body);

-						m = body;

-						continue;

-					} else if(rc == VIRUS) {

-						cli_dbgmsg("Message number %d is infected\n",

-							messagenumber-1);

-						retcode = CL_VIRUS;

-						m = NULL;

-						break;

-					}

-				}

-				/*

+                body = parseEmailHeaders(m, rfc821);

+                if (body == NULL) {

+                    messageReset(m);

+                    continue;

+                }

+                messageSetCTX(body, ctx);

+                messageDestroy(m);

+                if (messageGetBody(body)) {

+                    mbox_status rc = parseEmailBody(body, NULL, &mctx, 0);

+                    if (rc == FAIL) {

+                        messageReset(body);

+                        m = body;

+                        continue;

+                    } else if (rc == VIRUS) {

+                        cli_dbgmsg("Message number %d is infected\n",

+                                   messagenumber - 1);

+                        retcode = CL_VIRUS;

+                        m       = NULL;

+                        break;

+                    }

+                }

+                /*

 				 * Starting a new message, throw away all the

 				 * information about the old one. It would

 				 * be best to be able to scan this message

@@ -491,72 +469,72 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)

 				 * that haven't been passed here so it can't be

 				 * called

 				 */

-				m = body;

-				messageReset(body);

-				messageSetCTX(body, ctx);

+                m = body;

+                messageReset(body);

+                messageSetCTX(body, ctx);

-				cli_dbgmsg("Finished processing message\n");

-			} else

-				lastLineWasEmpty = (bool)(buffer[0] == '\0');

+                cli_dbgmsg("Finished processing message\n");

+            } else

+                lastLineWasEmpty = (bool)(buffer[0] == '\0');

-			if(isuuencodebegin(buffer)) {

-				/*

+            if (isuuencodebegin(buffer)) {

+                /*

 				 * Fast track visa to uudecode.

 				 * TODO: binhex, yenc

 				 */

-			  if(uudecodeFile(m, buffer, dir, map, &at) < 0)

-					if(messageAddStr(m, buffer) < 0)

-						break;

-			} else

-				/* at this point, the \n has been removed */

-				if(messageAddStr(m, buffer) < 0)

-					break;

-		} while(fmap_gets(map, buffer, &at, sizeof(buffer) - 1));

-

-		if(retcode == CL_SUCCESS) {

-			cli_dbgmsg("Extract attachments from email %d\n", messagenumber);

-			body = parseEmailHeaders(m, rfc821);

-		}

-		if(m)

-			messageDestroy(m);

-	} else {

-		/*

+                if (uudecodeFile(m, buffer, dir, map, &at) < 0)

+                    if (messageAddStr(m, buffer) < 0)

+                        break;

+            } else

+                /* at this point, the \n has been removed */

+                if (messageAddStr(m, buffer) < 0)

+                break;

+        } while (fmap_gets(map, buffer, &at, sizeof(buffer) - 1));

+

+        if (retcode == CL_SUCCESS) {

+            cli_dbgmsg("Extract attachments from email %d\n", messagenumber);

+            body = parseEmailHeaders(m, rfc821);

+        }

+        if (m)

+            messageDestroy(m);

+    } else {

+        /*

 		 * It's a single message, parse the headers then the body

 		 */

-		if(strncmp(buffer, "P I ", 4) == 0)

-			/*

+        if (strncmp(buffer, "P I ", 4) == 0)

+            /*

 			 * CommuniGate Pro format: ignore headers until

 			 * blank line

 			 */

-			while(fmap_gets(map, buffer, &at, sizeof(buffer) - 1) &&

-				(strchr("\r\n", buffer[0]) == NULL))

-					;

-		/* getline_from_mbox could be using unlocked_stdio(3),

+            while (fmap_gets(map, buffer, &at, sizeof(buffer) - 1) &&

+                   (strchr("\r\n", buffer[0]) == NULL))

+                ;

+        /* getline_from_mbox could be using unlocked_stdio(3),

 		 * so lock file here */

-		/*

+        /*

 		 * Ignore any blank lines at the top of the message

 		 */

-		while(strchr("\r\n", buffer[0]) &&

-		      (getline_from_mbox(buffer, sizeof(buffer) - 1, map, &at) != NULL))

-			;

+        while (strchr("\r\n", buffer[0]) &&

+               (getline_from_mbox(buffer, sizeof(buffer) - 1, map, &at) != NULL))

+            ;

-		buffer[sizeof(buffer) - 1] = '\0';

+        buffer[sizeof(buffer) - 1] = '\0';

-		body = parseEmailFile(map, &at, rfc821, buffer, dir);

-	}

+        body = parseEmailFile(map, &at, rfc821, buffer, dir);

+    }

-	if(body) {

-		/*

+    if (body) {

+        /*

 		 * Write out the last entry in the mailbox

 		 */

-		if((retcode == CL_SUCCESS) && messageGetBody(body)) {

-			messageSetCTX(body, ctx);

-			switch(parseEmailBody(body, NULL, &mctx, 0)) {

-				case OK:

-				case OK_ATTACHMENTS_NOT_SAVED:

-					break;

-				case FAIL:

-					/*

+        if ((retcode == CL_SUCCESS) && messageGetBody(body)) {

+            messageSetCTX(body, ctx);

+            switch (parseEmailBody(body, NULL, &mctx, 0)) {

+                case OK:

+                case OK_ATTACHMENTS_NOT_SAVED:

+                    break;

+                case FAIL:

+                    /*

 					 * beware: cli_magic_scandesc(),

 					 * changes this into CL_CLEAN, so only

 					 * use it to inform the higher levels

@@ -565,37 +543,37 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)

 					 * decoding errors on what *is* a valid

 					 * mbox

 					 */

-					retcode = CL_EFORMAT;

-					break;

-				case MAXREC:

-					retcode = CL_EMAXREC;

-					break;

-				case MAXFILES:

-					retcode = CL_EMAXFILES;

-					break;

-				case VIRUS:

-					retcode = CL_VIRUS;

-					break;

-			}

-		}

-

-		if(body->isTruncated && retcode == CL_SUCCESS)

-			retcode = CL_EMEM;

-		/*

+                    retcode = CL_EFORMAT;

+                    break;

+                case MAXREC:

+                    retcode = CL_EMAXREC;

+                    break;

+                case MAXFILES:

+                    retcode = CL_EMAXFILES;

+                    break;

+                case VIRUS:

+                    retcode = CL_VIRUS;

+                    break;

+            }

+        }

+

+        if (body->isTruncated && retcode == CL_SUCCESS)

+            retcode = CL_EMEM;

+        /*

 		 * Tidy up and quit

 		 */

-		messageDestroy(body);

-	}

+        messageDestroy(body);

+    }

-	if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted &&

-	   (*ctx->virname == NULL || SCAN_ALLMATCHES)) {

-	    retcode = cli_append_virus(ctx, "Heuristics.Phishing.Email");

-	    ctx->found_possibly_unwanted = 0;

-	}

+    if ((retcode == CL_CLEAN) && ctx->found_possibly_unwanted &&

+        (*ctx->virname == NULL || SCAN_ALLMATCHES)) {

+        retcode                      = cli_append_virus(ctx, "Heuristics.Phishing.Email");

+        ctx->found_possibly_unwanted = 0;

+    }

-	cli_dbgmsg("cli_mbox returning %d\n", retcode);

+    cli_dbgmsg("cli_mbox returning %d\n", retcode);

-	return retcode;

+    return retcode;

 }

 /*

@@ -607,58 +585,58 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)

 static message *

 parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *firstLine, const char *dir)

 {

-	bool inHeader = TRUE;

-	bool bodyIsEmpty = TRUE;

-	bool lastWasBlank = FALSE, lastBodyLineWasBlank = FALSE;

-	message *ret;

-	bool anyHeadersFound = FALSE;

-	int commandNumber = -1;

-	char *fullline = NULL, *boundary = NULL;

-	size_t fulllinelength = 0;

-	char buffer[RFC2821LENGTH + 1];

-

-	cli_dbgmsg("parseEmailFile\n");

-

-	ret = messageCreate();

-	if(ret == NULL)

-		return NULL;

-

-	strncpy(buffer, firstLine, sizeof(buffer)-1);

-	do {

-		const char *line;

-

-		(void)cli_chomp(buffer);

-

-		if(buffer[0] == '\0')

-			line = NULL;

-		else

-			line = buffer;

-

-		/*

+    bool inHeader     = TRUE;

+    bool bodyIsEmpty  = TRUE;

+    bool lastWasBlank = FALSE, lastBodyLineWasBlank = FALSE;

+    message *ret;

+    bool anyHeadersFound = FALSE;

+    int commandNumber    = -1;

+    char *fullline = NULL, *boundary = NULL;

+    size_t fulllinelength = 0;

+    char buffer[RFC2821LENGTH + 1];

+

+    cli_dbgmsg("parseEmailFile\n");

+

+    ret = messageCreate();

+    if (ret == NULL)

+        return NULL;

+

+    strncpy(buffer, firstLine, sizeof(buffer) - 1);

+    do {

+        const char *line;

+

+        (void)cli_chomp(buffer);

+

+        if (buffer[0] == '\0')

+            line = NULL;

+        else

+            line = buffer;

+

+        /*

 		 * Don't blank lines which are only spaces from headers,

 		 * otherwise they'll be treated as the end of header marker

 		 */

-		if(lastWasBlank) {

-			lastWasBlank = FALSE;

-			if(boundaryStart(buffer, boundary)) {

-				cli_dbgmsg("Found a header line with space that should be blank\n");

-				inHeader = FALSE;

-			}

-		}

-		if(inHeader) {

-			cli_dbgmsg("parseEmailFile: check '%s' fullline %p\n",

-				buffer, fullline);

-			/*

+        if (lastWasBlank) {

+            lastWasBlank = FALSE;

+            if (boundaryStart(buffer, boundary)) {