open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

General update.

Browse Source 
git-svn: trunk@21
remotes/push_mirror/metadata
Tomasz Kojm 22 years ago
parent 8ba844fea4
commit 049a18b966
38 changed files with 508 additions and 9293 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      clamav-devel/AUTHORS
  2. 44
      clamav-devel/ChangeLog
  3. 4
      clamav-devel/acinclude.m4
  4. 4
      clamav-devel/aclocal.m4
  5. 21
      clamav-devel/clamav-milter/INSTALL
  6. 4
      clamav-devel/clamav-milter/Makefile.am
  7. 7
      clamav-devel/clamav-milter/Makefile.in
  8. 107
      clamav-devel/clamav-milter/clamav-milter.c
  9. 1
      clamav-devel/clamd/cfgfile.c
  10. 4
      clamav-devel/clamd/clamd.c
  11. 38
      clamav-devel/clamd/localserver.c
  12. 59
      clamav-devel/clamd/others.c
  13. 1
      clamav-devel/clamd/others.h
  14. 10
      clamav-devel/clamd/scanner.c
  15. 2
      clamav-devel/clamd/server.c
  16. 10
      clamav-devel/clamscan/manager.c
  17. 46
      clamav-devel/clamscan/others.c
  18. 4
      clamav-devel/configure
  19. 4
      clamav-devel/configure.in
  20. 4
      clamav-devel/database/Makefile.am
  21. 4
      clamav-devel/database/Makefile.in
  22. 8715
      clamav-devel/database/viruses.db
  23. 176
      clamav-devel/database/viruses.db2
  24. 2
      clamav-devel/docs/FreeBSD-HowTo/qmail-scanner-how-to.html
  25. BIN
      clamav-devel/docs/clamdoc.pdf
  26. 2
      clamav-devel/docs/clamdoc.tex
  27. 3
      clamav-devel/etc/clamav.conf
  28. 1
      clamav-devel/freshclam/cfgfile.c
  29. 4
      clamav-devel/freshclam/freshclam.c
  30. 6
      clamav-devel/libclamav/clamav.h
  31. 396
      clamav-devel/libclamav/mbox.c
  32. 6
      clamav-devel/libclamav/md5.h
  33. 39
      clamav-devel/libclamav/message.c
  34. 5
      clamav-devel/libclamav/message.h
  35. 15
      clamav-devel/libclamav/others.c
  36. 15
      clamav-devel/libclamav/scanners.c
  37. 2
      clamav-devel/mkinstalldirs
  38. 28
      clamav-devel/sigtool/sigtool.c

8
clamav-devel/AUTHORS
Unescape View File

@ -9,10 +9,11 @@ Author of clamav-milter and the whole mbox code.
Database developers:
aCaB <acab@digitalfuture.it>
Diego D'Ambra <da@softcom.dk>
Jason Englander <jason@englanders.cc>
Tomasz Kojm <zolw@konarski.edu.pl>
Tomasz Papszun <tomek@lodz.tpsa.pl>
TrashScan was written by Trashware <trashware@gmx.net>.
@ -28,13 +29,16 @@ David Ford <david+cert@blue-labs.org>
Nigel Horne <njh@smsltd.demon.co.uk>
Hrvoje Habjanic <hrvoje.habjanic@zg.hinet.hr>
Robbert Kouprie <robbert@exx.nl>
Thomas Lamy <Thomas.Lamy@in-online.net>
Peter N Lewis <peter@stairways.com.au>
Mark Mielke <mark@mark.mielke.cc>
Arkadiusz Miskiewicz <misiek@pld.org.pl>
Hendrik Muhs <Hendrik.Muhs@student.uni-magdeburg.de>
Masaki Ogawa <proc@mac.com>
Ed Phillips <ed@UDel.Edu>
Andreas Piesk <Andreas.Piesk@heise.de>
Ant La Porte <ant@dvere.net>
Gernot Tenchio <g.tenchio@telco-tech.de>
Thomas Quinot <thomas@cuivre.fr.eu.org>
Gernot Tenchio <g.tenchio@telco-tech.de>
David Woakes <david@mitredata.co.uk>
Andoni Zubimendi <andoni@lpsat.net>

44
clamav-devel/ChangeLog
Unescape View File

@ -1,6 +1,44 @@
Wed Aug 6 23:20:08 CEST 2003
Fri Aug 29 06:00:01 CEST 2003
-----------------------------
* libclamav: updated mbox code (Nigel)
* clamav-milter: 0.60d: Removed superflous buffer and unneeded strerror
call (Nigel)
* libclamav: enabled support for Maildir files (thanks to Tomasz Papszun
for samples and to Nigel for making his code so flexible)
* libclamav: mbox: fixed a problem in saveFile() - extremely long file names
were causing snprintf() to truncate the last XXXXXX characters
required for mkstemp(). As a result the file was not scanned -
I found the problem in the old sample from Wash Odhiambo.
Wed Aug 27 23:25:52 CEST 2003
-----------------------------
* libclamav: message.c/h - allow any number of arguments to mime
commands (Nigel)
* libclamav: mbox - parseMimeHeader() potential memory problem fixed (Nigel)
* clamd, clamscan: removed duplicated rndnum() and switched to cl_rndnum()
* clamd: new directive FixStaleSocket by Thomas Lamy and Mark Mielke
Sat Aug 23 21:17:33 CEST 2003
-----------------------------
* freshclam: fixed --on-error-execute (don't run a command on "no update"
event). Fixed by David Woakes.
Wed Aug 20 02:30:37 CEST 2003
-----------------------------
* libclamav: mbox - support for "raw" messages (Nigel)
* sigtool: fixed a segmentation fault when a signature reaches end
of file (thanks to Tomasz Papszun for an example)
Tue Aug 19 02:33:48 CEST 2003
-----------------------------
* clamav-milter: 0.60b - support for CC bounces to an e-mail address other
than. Now compiles out of the box on FreeBSD 4.x (Nigel)
* Various fixes for Tru64 support (5.1a tested) by Hrvoje Habjanic
Wed Aug 13 16:07:39 CEST 2003
-----------------------------
* clamav-milter: 0.60a - tidied up message when sender is unknown (Nigel)
* libclamav: mbox updates: fixed an assertion error with some mail
files (Nigel)
Wed Aug 6 03:01:51 CEST 2003
-----------------------------
@ -21,7 +59,7 @@ Sat Jul 26 17:11:46 CEST 2003
Thu Jul 24 13:29:39 CEST 2003
-----------------------------
* libclamav: mbox: fixed detection of the Gibe virus (bug reported
by Rene Bellora); support for log file names (problem
by Rene Bellora); support for long file names (problem
reported by Tomasz Papszun)
Sun Jul 20 23:43:38 CEST 2003

4
clamav-devel/acinclude.m4
Unescape View File

@ -68,7 +68,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created
dnl (the prefix is a bit different, since we add an extra -target- and -host-)
dnl
dnl @version: $Id: acinclude.m4,v 1.4 2003/08/06 03:05:50 kojm Exp $
dnl @version: $Id: acinclude.m4,v 1.5 2003/08/29 14:27:14 kojm Exp $
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often
AC_DEFUN([AC_CREATE_TARGET_H],
@ -4110,7 +4110,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers)
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers)
dnl
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu>
dnl @version $Id: acinclude.m4,v 1.4 2003/08/06 03:05:50 kojm Exp $
dnl @version $Id: acinclude.m4,v 1.5 2003/08/29 14:27:14 kojm Exp $
dnl
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF],
[changequote(<<, >>)dnl

4
clamav-devel/aclocal.m4 vendored
Unescape View File

@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created
dnl (the prefix is a bit different, since we add an extra -target- and -host-)
dnl
dnl @version: $Id: aclocal.m4,v 1.4 2003/08/06 03:05:50 kojm Exp $
dnl @version: $Id: aclocal.m4,v 1.5 2003/08/29 14:27:14 kojm Exp $
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often
AC_DEFUN([AC_CREATE_TARGET_H],
@ -4041,7 +4041,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers)
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers)
dnl
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu>
dnl @version $Id: aclocal.m4,v 1.4 2003/08/06 03:05:50 kojm Exp $
dnl @version $Id: aclocal.m4,v 1.5 2003/08/29 14:27:14 kojm Exp $
dnl
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF],
[changequote(<<, >>)dnl

21
clamav-devel/clamav-milter/INSTALL
Unescape View File

@ -18,20 +18,29 @@ Fails to build on Linux/x86 with icc7.1 with -ipo (fails on libclamav.a - keeps
Tested with Electric Fence 2.2.2
Compiles OK on Linux/ppc (YDL2.3) with gcc2.95.4. Needs -lsmutil to link.
I haven't tested it further on this platform yet.
cc -O3 -pedantic -Wuninitialized -Wall -pipe -fomit-frame-pointer -ffast-math -finline-functions -funroll-loop -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lsmutil
I haven't tested it further on this platform yet.
YDL3.0 should compile out of the box
Sendmail on MacOS/X (10.1) is provided without a development package so this
can't be run "out of the box"
Solaris 8 needs -lresolv to link, and doesn't have strerror_r, so you'll
need to replace strerror_r with strerror.
Solaris 8 doesn't have milter support so clamav-milter won't work unless you
rebuild sendmail from source.
Solaris 9 has milter support in the supplied sendmail, but doesn't include
libmilter so you can't develop milter applications on it. Go to sendmail.org,
download the lastest sendmail, cd to libmilter and "make install" there.
Needs -lresolv
FreeBSD4.7 use /usr/local/bin/gcc30. GCC3.0 is an optional extra on
FreeBSD. It comes with getopt.h which is handy. To link you need
-lgnugetopt
gcc30 -O3 -DCONFDIR=\"/usr/local/etc\" -I. -I.. -I../clamd -I../libclamav -pedantic -Wuninitialized -Wall -pipe -mcpu=pentium -march=pentium -fomit-frame-pointer -ffast-math -finline-functions -funroll-loops clamav-milter.c -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lgnugetopt
FreeBSD4.8: should compile out of the box
OpenBSD3.3: the supplied sendmail does not come with Milter support. You
will need to rebuild sendmail from source
INSTALLATION
Install into /usr/local/sbin/clamav-milter, mode 744
@ -98,6 +107,12 @@ Changes
Thanks to Krzysztof Olędzki <ole@ans.pl>
0.60 11/7/03 Some TODOs done by Nigel Kukard <nkukard@lbsd.net>
Should stop a couple of remote chances of crashes
0.60a 22/7/03 Tidied up message when sender is unknown
0.60b 17/8/03 Optionally set postmaster address. Usually one uses
/etc/aliases, but not everyone want's to...
0.60c 22/8/03 Another go at Solaris support
0.60d 26/8/03 Removed superflous buffer and unneeded strerror call
ETIMEDOUT isn't an error, but should give a warning
BUG REPORTS

4
clamav-devel/clamav-milter/Makefile.am
Unescape View File

@ -23,7 +23,7 @@ sbin_PROGRAMS = clamav-milter
clamav_milter_SOURCES = clamav-milter.c
clamav_milter_LDADD = ../clamd/cfgfile.o ../clamd/others.o
clamav_milter_LDADD = ../clamd/cfgfile.o ../clamd/others.o ../clamscan/getopt.o
man_MANS = ../docs/clamav-milter.1
@ -33,5 +33,5 @@ endif
DEFS = @DEFS@
# CLAMD_LIBS is used, because clamav-milter requires the same libraries as clamd
LIBS = -L../libclamav -L/usr/lib/libmilter -lmilter @CLAMD_LIBS@
INCLUDES = -I../clamd -I../libclamav
INCLUDES = -I../clamd -I../libclamav -I../clamscan
EXTRA_DIST = clamav-milter.c clamd.sh clamav-milter.sh INSTALL

7
clamav-devel/clamav-milter/Makefile.in
Unescape View File

@ -120,14 +120,14 @@ install_sh = @install_sh@
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@clamav_milter_SOURCES = clamav-milter.c
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@clamav_milter_LDADD = ../clamd/cfgfile.o ../clamd/others.o
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@clamav_milter_LDADD = ../clamd/cfgfile.o ../clamd/others.o ../clamscan/getopt.o
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@man_MANS = ../docs/clamav-milter.1
DEFS = @DEFS@
# CLAMD_LIBS is used, because clamav-milter requires the same libraries as clamd
LIBS = -L../libclamav -L/usr/lib/libmilter -lmilter @CLAMD_LIBS@
INCLUDES = -I../clamd -I../libclamav
INCLUDES = -I../clamd -I../libclamav -I../clamscan
EXTRA_DIST = clamav-milter.c clamd.sh clamav-milter.sh INSTALL
subdir = clamav-milter
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
@ -146,7 +146,8 @@ clamav_milter_OBJECTS = $(am_clamav_milter_OBJECTS)
@HAVE_MILTER_FALSE@@USE_PTHREAD_FALSE@clamav_milter_DEPENDENCIES =
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@clamav_milter_DEPENDENCIES = \
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@ ../clamd/cfgfile.o \
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@ ../clamd/others.o
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@ ../clamd/others.o \
@HAVE_MILTER_TRUE@@USE_PTHREAD_TRUE@ ../clamscan/getopt.o
@HAVE_MILTER_TRUE@@USE_PTHREAD_FALSE@clamav_milter_DEPENDENCIES =
clamav_milter_LDFLAGS =
DEFAULT_INCLUDES = -I. -I$(srcdir)

107
clamav-devel/clamav-milter/clamav-milter.c
Unescape View File

@ -23,34 +23,29 @@
* See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html
*
* Installations for RedHat Linux and it's derivatives such as YellowDog:
*
* Add to /etc/mail/sendmail.mc:
* 1) Ensure that you have the sendmail-devel RPM installed
* 2) Add to /etc/mail/sendmail.mc:
* INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl
* define(`confINPUT_MAIL_FILTERS', `clamav')
*
* Check entry in /usr/local/etc/clamav.conf of the form:
* 3) Check entry in /usr/local/etc/clamav.conf of the form:
* LocalSocket /var/run/clamd.sock
* StreamSaveToDisk
*
* If you already have a filter (such as spamassassin-milter from
* 4) If you already have a filter (such as spamassassin-milter from
* http://savannah.nongnu.org/projects/spamass-milt) add it thus:
* INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl
* INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
* define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl
*
* You may find INPUT_MAIL_FILTERS is not needed on your machine, however it
* is recommended by the Sendmail documentation and I recommend going along
* 5) You may find INPUT_MAIL_FILTERS is not needed on your machine, however it
* is recommended by the Sendmail documentation and I suggest going along
* with that.
*
* I suggest putting SpamAssassin first since you're more likely to get spam
* 6) I suggest putting SpamAssassin first since you're more likely to get spam
* than a virus/worm sent to you.
*
* Add to /etc/sysconfig/clamav-milter
* 7) Add to /etc/sysconfig/clamav-milter
* CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav.sock"
* or if clamd is on a different machine
* CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav.sock"
*
* You should have received a script to put into /etc/init.d with this software.
* 8) You should have received a script to put into /etc/init.d with this
* software.
*
* Tested OK on Linux/x86 (RH8.0) with gcc3.2.
* cc -O3 -pedantic -Wuninitialized -Wall -pipe -mcpu=pentium -march=pentium -fomit-frame-pointer -ffast-math -finline-functions -funroll-loops clamav-milter.c -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o
@ -65,19 +60,28 @@
* Compiles OK on Linux/ppc (YDL2.3) with gcc2.95.4. Needs -lsmutil to link.
* cc -O3 -pedantic -Wuninitialized -Wall -pipe -fomit-frame-pointer -ffast-math -finline-functions -funroll-loop -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lsmutil
* I haven't tested it further on this platform yet.
* YDL3.0 should compile out of the box
cc -O3 -pedantic -Wuninitialized -Wall -pipe -fomit-frame-pointer -ffast-math -finline-functions -funroll-loop -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lsmutil
*
* Sendmail on MacOS/X (10.1) is provided without a development package so this
* can't be run "out of the box"
*
* Solaris 8 needs -lresolv to link, and doesn't have strerror_r, so you'll
* need to replace strerror_r with strerror.
* -Dstrerror_r=strerror at compile time.
* Solaris 8 doesn't have milter support so clamav-milter won't work unless
* you rebuild sendmail from source.
* Solaris 9 has milter support in the supplied sendmail, but doesn't include
* libmilter so you can't develop milter applications on it. Go to sendmail.org,
* download the lastest sendmail, cd to libmilter and "make install" there.
* Needs -lresolv
*
* FreeBSD4.7 use /usr/local/bin/gcc30. GCC3.0 is an optional extra on
* FreeBSD. It comes with getopt.h which is handy. To link you need
* -lgnugetopt
* gcc30 -O3 -DCONFDIR=\"/usr/local/etc\" -I. -I.. -I../clamd -I../libclamav -pedantic -Wuninitialized -Wall -pipe -mcpu=pentium -march=pentium -fomit-frame-pointer -ffast-math -finline-functions -funroll-loops clamav-milter.c -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lgnugetopt
*
* FreeBSD4.8: should compile out of the box
* OpenBSD3.3: the supplied sendmail does not come with Milter support. You
* will need to rebuild sendmail from source
*
* Changes
* 0.2: 4/3/03 clamfi_abort() now always calls pthread_mutex_unlock
* 5/3/03 Only send a bounce if -b is set
@ -107,9 +111,15 @@
* Thanks to Krzysztof Olędzki <ole@ans.pl>
* 0.60 11/7/03 Added suggestions by Nigel Kukard <nkukard@lbsd.net>
* Should stop a couple of remote chances of crashes
* 0.60a 22/7/03 Tidied up message when sender is unknown
* 0.60b 17/8/03 Optionally set postmaster address. Usually one uses
* /etc/aliases, but not everyone want's to...
* 0.60c 22/8/03 Another go at Solaris support
* 0.60d 26/8/03 Removed superflous buffer and unneeded strerror call
* ETIMEDOUT isn't an error, but should give a warning
*/
#define CM_VERSION "0.60"
#define CM_VERSION "0.60d"
/*#define CONFDIR "/usr/local/etc"*/
@ -145,7 +155,7 @@
#include <regex.h> // njh@bandsman.co.uk
#define _GNU_SOURCE
#include <getopt.h>
#include "getopt.h"
/*
* TODO: optional: xmessage on console when virus stopped (SNMP would be real nice!)
@ -158,6 +168,7 @@
* TODO: Support ThreadTimeout, LogTime and Logfile from the conf
* file
* TODO: Allow more than one clamdscan server to be given
* TODO: Optionally quanrantine infected e-mails
*/
/*
@ -211,6 +222,7 @@ static struct cfgstruct *copt;
static const char *localSocket;
static in_port_t tcpSocket;
static const char *serverIP = "127.0.0.1";
static const char *postmaster = "postmaster";
static void
help(void)
@ -225,6 +237,7 @@ help(void)
puts("\t--outgoing\t\t-o\tScan outgoing messages from this machine.");
puts("\t--server=ADDRESS\t-s ADDRESS\tIP address of server running clamd (when using TCPsocket).");
puts("\t--version\t\t-V\tPrint the version number of this software.");
puts("\t--postmaster\t\t-p\tPostmaster address [default=postmaster].");
#ifdef CL_DEBUG
puts("\t--debug-level=n\t\t-x n\tSets the debug level to 'n'.");
#endif
@ -278,6 +291,9 @@ main(int argc, char **argv)
{
"outgoing", 0, NULL, 'o'
},
{
"postmaster", 0, NULL, 'p'
},
{
"max-children", 1, NULL, 'm'
},
@ -317,11 +333,14 @@ main(int argc, char **argv)
case 'l': /* scan mail from the lan */
lflag++;
break;
case 'm': /* maximum number of children */
max_children = atoi(optarg);
break;
case 'o': /* scan outgoing mail */
oflag++;
break;
case 'm': /* maximum number of children */
max_children = atoi(optarg);
case 'p': /* postmaster e-mail address */
postmaster = optarg;
break;
case 's': /* server running clamd */
serverIP = optarg;
@ -633,13 +652,25 @@ clamfi_envfrom(SMFICTX *ctx, char **argv)
"hit max-children limit (%u >= %u): waiting for some to exit",
n_children, max_children);
rc = pthread_cond_timedwait(&n_children_cond, &n_children_mutex, &timeout);
#ifdef CL_DEBUG
if(rc != 0) {
char message[64], buf[64];
#else
if((rc != 0) && use_syslog) {
#endif
char message[64];
#ifdef TARGET_OS_SOLARIS /* no strerror_r */
snprintf(message, sizeof(message), "pthread_cond_timedwait: %s", strerror(rc));
#else
strerror_r(rc, buf, sizeof(buf));
snprintf(message, sizeof(message), "pthread_cond_timedwait: %s", buf);
if(use_syslog)
syslog(LOG_ERR, message);
#endif
if(use_syslog) {
if(rc == ETIMEDOUT)
syslog(LOG_NOTICE, message);
else
syslog(LOG_ERR, message);
}
#ifdef CL_DEBUG
puts(message);
#endif
@ -777,11 +808,12 @@ clamfi_envfrom(SMFICTX *ctx, char **argv)
/* 0.4 - use better error message */
if(use_syslog) {
char buf[64];
#ifdef TARGET_OS_SOLARIS /* no strerror_r */
syslog(LOG_ERR, "Failed to connect to port %d given by clamd: %s", port, strerror(rc));
#else
strerror_r(rc, buf, sizeof(buf));
syslog(LOG_ERR, "Failed to connect to port %d given by clamd: %s", port, buf);
#endif
}
return SMFIS_TEMPFAIL;
@ -926,28 +958,27 @@ clamfi_eom(SMFICTX *ctx)
* me might consider bouncing it...
*/
if(use_syslog)
syslog(LOG_NOTICE, "clean message from %s", privdata->from);
syslog(LOG_NOTICE, "clean message from %s",
(privdata->from) ? privdata->from : "an unknown sender");
} else {
int i;
char **to, *err;
FILE *sendmail;
/*
* TODO: check that clamd didn't crash (WIFSIGNALED(status))
*/
if(use_syslog)
syslog(LOG_NOTICE, mess);
/*
* Setup err as a list of recipients
*/
i = 1024;
err = (char *)malloc(i);
err = (char *)malloc(1024);
snprintf(err, i, "Intercepted virus from: %s to:", privdata->from);
sprintf(err, "Intercepted virus from %s to", privdata->from);
ptr = strchr(err, '\0');
i = 1024;
for(to = privdata->to; *to; to++) {
/*
* Re-alloc if we are about run out of buffer space
@ -959,7 +990,7 @@ clamfi_eom(SMFICTX *ctx)
ptr = strrcpy(ptr, " ");
ptr = strrcpy(ptr, *to);
}
(void)strrcpy(ptr, "\n");
(void)strcpy(ptr, "\n");
if(use_syslog)
syslog(LOG_NOTICE, err);
@ -972,9 +1003,9 @@ clamfi_eom(SMFICTX *ctx)
fputs("From: MAILER-DAEMON\n", sendmail);
if(bflag) {
fprintf(sendmail, "To: %s\n", privdata->from);
fputs("Cc: postmaster\n", sendmail);
fprintf(sendmail, "Cc: %s\n", postmaster);
} else
fputs("To: postmaster\n", sendmail);
fprintf(sendmail, "To: %s\n", postmaster);
for(to = privdata->to; *to; to++)
fprintf(sendmail, "Cc: %s\n", *to);

1
clamav-devel/clamd/cfgfile.c
Unescape View File

@ -63,6 +63,7 @@ struct cfgstruct *parsecfg(const char *cfgfile)
{"FollowFileSymlinks", OPT_NOARG},
{"Foreground", OPT_NOARG},
{"Debug", OPT_NOARG},
{"FixStaleSocket", OPT_NOARG},
{"User", OPT_STR},
{"AllowSupplementaryGroups", OPT_NOARG},
{"SelfCheck", OPT_NUM},

4
clamav-devel/clamd/clamd.c
Unescape View File

@ -175,8 +175,8 @@ void clamd(struct optstruct *opt)
logg("Reading databases from %s\n", dbdir);
if((ret = cl_loaddbdir(dbdir, &root, &virnum))) {
fprintf(stderr, "ERROR: %s\n", cl_perror(ret));
logg("!%s\n", cl_perror(ret));
fprintf(stderr, "ERROR: %s\n", cl_strerror(ret));
logg("!%s\n", cl_strerror(ret));
exit(1);
}

38
clamav-devel/clamd/localserver.c
Unescape View File

@ -46,23 +46,41 @@ int localserver(const struct optstruct *opt, const struct cfgstruct *copt, struc
if((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
estr = strerror(errno);
//fprintf(stderr, "ERROR: socket() error: %s\n", estr);
logg("!socket() error: %s\n", estr);
logg("!Socket allocation error: %s\n", estr);
exit(1);
}
if(bind(sockfd, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) == -1) {
if(stat(server.sun_path, &foo) != -1) {
//fprintf(stderr, "ERROR: Socket file %s already exists. Please remove it or use another one.\n", server.sun_path);
logg("!Socket file %s already exists. Please remove it or use another one.\n", server.sun_path);
if(errno == EADDRINUSE) {
if(connect(sockfd, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) >= 0) {
close(sockfd);
logg("!Socket file %s is in use by another process.\n", server.sun_path);
exit(1);
}
if(cfgopt(copt, "FixStaleSocket")) {
logg("^Socket file %s exists. Unclean shutdown? Removing...\n", server.sun_path);
if(unlink(server.sun_path) == -1) {
estr = strerror(errno);
logg("!Socket file %s could not be removed: %s\n", server.sun_path, estr);
exit(1);
}
if(bind(sockfd, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) == -1) {
estr = strerror(errno);
logg("!Socket file %s could not be bound: %s (unlink tried)\n", server.sun_path, estr);
exit(1);
}
} else if(stat(server.sun_path, &foo) != -1) {
logg("!Socket file %s exists. Either remove it, or configure a different one.\n", server.sun_path);
exit(1);
}
} else {
estr = strerror(errno);
logg("!Socket file %s could not be bound: %s\n", server.sun_path, estr);
exit(1);
}
}
estr = strerror(errno);
//fprintf(stderr, "ERROR: can't bind(): %s\n", estr);
logg("!bind() error: %s\n", estr);
exit(1);
} else
logg("Unix socket file %s\n", server.sun_path);
logg("Unix socket file %s\n", server.sun_path);
if((cpt = cfgopt(copt, "MaxConnectionQueueLength")))
backlog = cpt->numarg;

59
clamav-devel/clamd/others.c
Unescape View File

@ -132,6 +132,14 @@ int logg(const char *str, ...)
/* SYSLOG logging - no need for locking, mutexes, times & stuff ... :-) */
#ifndef vsyslog
#define vsyslog(a,b,c) { \
char my_tmp[4096]; \
vsnprintf(my_tmp,4095,b,c); \
my_tmp[4095]=0; \
syslog(a,my_tmp); }
#endif
va_start(args, str);
if(*str == '!') {
@ -198,66 +206,18 @@ void chomp(char *string)
*pt = 0;
}
#ifndef C_URANDOM
/* it's very weak */
int rndnum(unsigned int max)
{
struct timeval tv;
gettimeofday(&tv, (struct timezone *) 0);
srand(tv.tv_usec+clock());
return rand() % max;
}
#else
int rndnum(unsigned int max)
{
static FILE *fd = NULL;
unsigned int generated;
char *byte;
int size;
pthread_mutex_lock(&rand_mutex);
if(fd == NULL) {
if((fd = fopen("/dev/urandom", "rb")) == NULL) {
printf("ERROR: Can't open /dev/urandom.\n");
pthread_mutex_unlock(&rand_mutex);
return -1;
}
}
byte = (char *) &generated;
size = sizeof(generated);
do {
int bread;
bread = fread(byte, 1, size, fd);
size -= bread;
byte += bread;
} while(size > 0);
pthread_mutex_unlock(&rand_mutex);
return generated % max;
}
#endif
void virusaction(const char *filename, const char *virname, const struct cfgstruct *copt)
{
char *buffer, *pt, *cmd;
struct cfgstruct *cpt;
logg("InVirusAction\n", cmd);
if(!(cpt = cfgopt(copt, "VirusEvent")))
return;
cmd = strdup(cpt->strarg);
logg("COMMAND: %s\n", cmd);
buffer = (char *) cli_malloc(strlen(cmd) + strlen(filename) + strlen(virname) + 10, sizeof(char));
buffer = (char *) mcalloc(strlen(cmd) + strlen(filename) + strlen(virname) + 10, sizeof(char));
if((pt = strstr(cmd, "%f"))) {
*pt = 0; pt += 2;
@ -279,7 +239,6 @@ void virusaction(const char *filename, const char *virname, const struct cfgstru
free(buffer);
logg("Executing: %s\n", cmd);
/* WARNING: this is uninterruptable ! */
system(cmd);

1
clamav-devel/clamd/others.h
Unescape View File

@ -32,7 +32,6 @@ short int logverbose, logcompressed, loglock, logtime;
int logsize;
const char *logfile;
int logg(const char *str, ...);
int rndnum(unsigned int max);
#if defined(CLAMD_USE_SYSLOG) && !defined(C_AIX)
short use_syslog;

10
clamav-devel/clamd/scanner.c
Unescape View File

@ -151,8 +151,8 @@ int scan(const char *filename, unsigned long int *scanned, const struct cl_node
logg("%s: %s FOUND\n", filename, virname);
virusaction(filename, virname, copt);
} else if(ret != CL_CLEAN) {
mdprintf(odesc, "%s: %s ERROR\n", filename, cl_perror(ret));
logg("%s: %s ERROR\n", filename, cl_perror(ret));
mdprintf(odesc, "%s: %s ERROR\n", filename, cl_strerror(ret));
logg("%s: %s ERROR\n", filename, cl_strerror(ret));
}
break;
case S_IFDIR:
@ -181,7 +181,7 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root
while(!binded && portscan--) {
if((port = rndnum(60000)) < 1024)
if((port = cl_rndnum(60000)) < 1024)
port += 2139;
memset((char *) &server, 0, sizeof(server));
@ -266,8 +266,8 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root
logg("stream: %s FOUND\n", virname);
virusaction("InputStream", virname, copt);
} else if(ret != CL_CLEAN) {
mdprintf(odesc, "stream: %s ERROR\n", cl_perror(ret));
logg("stream: %s ERROR\n", cl_perror(ret));
mdprintf(odesc, "stream: %s ERROR\n", cl_strerror(ret));
logg("stream: %s ERROR\n", cl_strerror(ret));
} else
mdprintf(odesc, "stream: OK\n");

2
clamav-devel/clamd/server.c
Unescape View File

@ -327,7 +327,7 @@ void *threadwatcher(void *arg)
logg("Reading databases from %s\n", dbdir);
if((ret = cl_loaddbdir(dbdir, &*thwarg->root, &virnum))) {
logg("!%s\n", cl_perror(ret));
logg("!%s\n", cl_strerror(ret));
kill(progpid, SIGTERM);
/* we stay in reload == 1, so all threads are waiting */
continue;

10
clamav-devel/clamscan/manager.c
Unescape View File

@ -82,13 +82,13 @@ int scanmanager(const struct optstruct *opt)
switch(sb.st_mode & S_IFMT) {
case S_IFREG:
if((ret = cl_loaddb(getargc(opt, 'd'), &trie, &claminfo.signs))) {
mprintf("@%s\n", cl_perror(ret));
mprintf("@%s\n", cl_strerror(ret));
return 50;
}
break;
case S_IFDIR:
if((ret = cl_loaddbdir(getargc(opt, 'd'), &trie, &claminfo.signs))) {
mprintf("@%s\n", cl_perror(ret));
mprintf("@%s\n", cl_strerror(ret));
return 50;
}
break;
@ -99,7 +99,7 @@ int scanmanager(const struct optstruct *opt)
} else {
if((ret = cl_loaddbdir(cl_retdbdir(), &trie, &claminfo.signs))) {
mprintf("@%s\n", cl_perror(ret));
mprintf("@%s\n", cl_strerror(ret));
return 50;
}
}
@ -750,7 +750,7 @@ int checkfile(const char *filename, const struct cl_node *root, const struct cl_
mprintf("%s: OK\n", filename);
} else
if(!printinfected)
mprintf("%s: %s\n", filename, cl_perror(ret));
mprintf("%s: %s\n", filename, cl_strerror(ret));
close(fd);
return ret;
@ -772,7 +772,7 @@ int checkstdin(const struct cl_node *root, const struct cl_limits *limits)
mprintf("stdin: OK\n");
} else
if(!printinfected)
mprintf("stdin: %s\n", cl_perror(ret));
mprintf("stdin: %s\n", cl_strerror(ret));
return ret;
}

46
clamav-devel/clamscan/others.c
Unescape View File

@ -232,50 +232,6 @@ int fileinfo(const char *filename, short i)
/* these functions return pseudo random number from [0, max) */
#ifndef C_URANDOM
/* it's very weak */
unsigned int rndnum(unsigned int max)
{
struct timeval tv;
gettimeofday(&tv, (struct timezone *) 0);
srand(tv.tv_usec+clock());
return rand() % max;
}
#else
int rndnum(unsigned int max)
{
static FILE *fd = NULL;
unsigned int generated;
char *byte;
int size;
if(fd == NULL) {
if((fd = fopen("/dev/urandom", "rb")) == NULL) {
mprintf("!Can't open /dev/urandom.\n");
return -1;
}
}
byte = (char *) &generated;
size = sizeof(generated);
do {
int bread;
bread = fread(byte, 1, size, fd);
size -= bread;
byte += bread;
} while(size > 0);
return generated % max;
}
#endif
/*
#ifdef C_LINUX
int detectcpu(void)
@ -480,7 +436,7 @@ char *gentemp(const char *dir)
do {
for(i = 0; i < 32; i++)
salt[i] = rndnum(255);
salt[i] = cl_rndnum(255);
tmp = cl_md5buff(salt, 32);
strncat(name, tmp, 16);

4
clamav-devel/configure vendored
Unescape View File

@ -1901,7 +1901,7 @@ fi
# Define the identity of the package.
PACKAGE=clamav
VERSION=20030806
VERSION=20030829
cat >>confdefs.h <<_ACEOF
@ -9072,7 +9072,7 @@ _ACEOF
fi
;;
solaris*)
FRESHCLAM_LIBS="-lsocket -lnsl"
FRESHCLAM_LIBS="-lsocket -lnsl -lresolv"
if test "$have_pthreads" = "yes"; then
LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -lpthread"
CLAMD_LIBS="-lpthread -lsocket -lnsl"

4
clamav-devel/configure.in
Unescape View File

@ -19,7 +19,7 @@ AC_INIT(clamscan/clamscan.c)
AC_CREATE_TARGET_H(target.h)
AC_CANONICAL_SYSTEM
AM_INIT_AUTOMAKE(clamav, 20030806)
AM_INIT_AUTOMAKE(clamav, 20030829)
dnl AM_INIT_AUTOMAKE(clamav, `date +%Y%m%d`)
LC_CURRENT=1
LC_REVISION=3
@ -223,7 +223,7 @@ cygwin*)
fi
;;
solaris*)
FRESHCLAM_LIBS="-lsocket -lnsl"
FRESHCLAM_LIBS="-lsocket -lnsl -lresolv"
if test "$have_pthreads" = "yes"; then
LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -lpthread"
CLAMD_LIBS="-lpthread -lsocket -lnsl"

4
clamav-devel/database/Makefile.am
Unescape View File

@ -24,8 +24,8 @@ CLAMAVGROUP = @CLAMAVGROUP@
install:
$(mkinstalldirs) $(DESTDIR)$(DBINST)
@$(INSTALL_DATA) viruses.db $(DESTDIR)$(DBINST)
@$(INSTALL_DATA) viruses.db2 $(DESTDIR)$(DBINST)
# @$(INSTALL_DATA) viruses.db $(DESTDIR)$(DBINST)
# @$(INSTALL_DATA) viruses.db2 $(DESTDIR)$(DBINST)
@$(INSTALL_DATA) mirrors.txt $(DESTDIR)$(DBINST)
@if test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \
chmod 775 $(DESTDIR)$(DBINST); \

4
clamav-devel/database/Makefile.in
Unescape View File

@ -246,8 +246,8 @@ uninstall-am: uninstall-info-am
install:
$(mkinstalldirs) $(DESTDIR)$(DBINST)
@$(INSTALL_DATA) viruses.db $(DESTDIR)$(DBINST)
@$(INSTALL_DATA) viruses.db2 $(DESTDIR)$(DBINST)
# @$(INSTALL_DATA) viruses.db $(DESTDIR)$(DBINST)
# @$(INSTALL_DATA) viruses.db2 $(DESTDIR)$(DBINST)
@$(INSTALL_DATA) mirrors.txt $(DESTDIR)$(DBINST)
@if test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \
chmod 775 $(DESTDIR)$(DBINST); \

8715
clamav-devel/database/viruses.db
View File

File diff suppressed because it is too large Load Diff

176
clamav-devel/database/viruses.db2
Unescape View File

@ -1,176 +0,0 @@
Trojan.Download-DK (Clam)=426f644852774f6938764e6a51754d6a51324c6a55324c6a63300d0a4c33356a59584a686232746c4c32747a6343356c6547554162584e6f5a5867755a58686c414752736241417541473176626742310d0a636d7741515142476157786c4146527641455276643235736232466b4146565354
Js.Exception.Gen (Clam)=73657454696d656f757428277b73657428293b7d272c31303030293b0a766172204d657373616765203d20224675636b20596f75223b
JS.FortNight.M (Clam)=653d4a5363726970742e456e636f64653e23407e5e6d51454141413d3d5b4b6d3b732b0959525344624f2b5e78634a4021716f5d7a48322c
JS/Fortnight.B.1 (Clam)=2c416b3959747b547e747f6b54744f27547e55492f2745345944776c264a68684154634532526b557f5920092b3d2646794740243973522131397d7f2a097820265a2a53776621556f317355665a622b4b2a4a477330214f4272716309427926212a4a7766543f7731773f395a62794b636466752b3275632b5d572c59587a
Linux.RST.B (Clam)=52b83600000089fbb91389000089f2cd805a595b3d000000007c2566814e100001535152b836000000
Oror-fam (Clam)=495243*56697275*53455859330f5455*4b617a61*536e617073686f
Trojan.Bancodor (Clam)=652e697461752e636f6d2e62722f475249504e45542f6772616367692e65786522000000ffffffff320000002268747470733a2f2f62616e6b6c696e
Trojan.Dos.Hacktool (Clam)=748950724a505797a0b0210e9c59c774885fb018cc9cc03d0a68463353c3c441e00845301ffdad22db813388e010742a6a0468c9f64113d068b2571998a42d5880ba148857fcb4960c0d827c4e24a8
Trojan.Downloader-b (Clam)=5368656c6c457865637574654100000055524c446f776e6c6f6164546f46696c6541
Trojan.IRC.Client (Clam)=2a4243437868318ccc303183634285387faeddae54760e401c10117808052bb3b5de43aae80eb220e4256bee2ec106747277f0abae053eb81581384675051f2cd8c707854a1da5f0773307b31db0d80805a175269d04ccbeb7c5d6481de76200f2
Trojan.IRC.Ratsou.B (Clam)=6d85537465616c7468326afe5b2c2851067b0b8d050f1655fb001c33c58825980997c755d56602b30881b8434b00859a556d950699ed50c33a0846519dbd2e0c4b4717
Trojan.Peido.A (Clam)=746d70203d2053706c6974286d616c776172652c20222c22290a70617468203d2022633a5c50726f6772617e315c4f75746c6f6f7e315c6f75746c33322e73637222
Trojan.PSW.SharaQQ.30 (Clam)=8f0c4b615752646f7786561c334d62e26150673602cc3f55846cc416109d59786eb36e2c5ec16c61b1444110c75612130c515479709066a3c7d7d341630c62766558a42a3b5368b86cff275049c40ace04202904f11213e8e10e
Trojan.Sdbot (Clam)=64656c202574656d70250d2e6261740d0a0025735c722e6261740075726c20766973697465642e00696e76616c69642055524c2e006572726f72207669736974696e672055524c2e002a2f2a
Trojan.SubSeven.Server.20 (Clam)=b0d7cc01fc48750118d87650aac3b0fd460c0210ed25dc2d262db12106487420024ed0e9862eae4895b8ff0ef27d7b2ca5c7461c0446bceb271740917c1d7002980f28c0bdd92edbeb062447180d20e8807e4836c1ab7442aeb25e516a6ccbf7a6748d464850d904ff1deba023f85f0606
VBS.Kristen (Clam)=203d203137205468656e0d0a*203d20436872283332290d0a456c73650d0a*203d204368722841736328
VBS.Lamerone (Clam)=456c736549662041736328*29203c3e20333420416e642041736328*29203c3e20333520416e642041736328*29204d6f642032203c3e2030205468656e0d0a
VBS.VBSWG.Gen (Clam)=203d2037205468656e*203d43687228333429*656e64206966*49662041736328*29203c3e20333520616e642041736328*203c3e203334205468656e*49662041736328
VBS/CoolNote.Worm (Clam)=5072696e7a20436861726c65732041726520446965*434f4f4c5f4e4f54455041445f44454d4f2e545854??766273
VBS/Eraser (Clam)=457261736546696c6573*46756e6374696f6e*46696c65546f4572617365*46696c65546f45726173652e70617468
VBS/Madonna (Clam)=4d61646f6e6e61*4a6164726171756572204b696c6c6572
VBS/Redlof-A (Clam)=45786563757465282244696d204b65794172722833292c54686973546578742226766243724c6626224b6579417272283029*45786563757465285468697354657874290d
VBS/SST (Clam)=43687228*4e657874*456e64*46756e6374696f6e*205b4b5d416c616d6172
W32.Parite.B (Clam)=d270effbdac4845b127ef3543d39746007d63d2d510280256f1459c213cbc65c56
W32/BadTrans (Clam)=6563*6179*46656213615361274672690054687500??9d5bfe576564005475656f172f
W32/Blakan (Clam)=20627920*67656e657261*74696f6e20766972757320
W32/Cervivec (Clam)=56746970*5769747a*626c6167*4a6f6b65*5a617274
W32/Gokar (Clam)=47006f0062006f00*7400650061006d00760069007200750073*4b006100720065006e
W32/Gop (Clam)=736d74702e796561682e6e65*2d20474554204f494351
W32/GriYo (Clam)=436f64656420627920477269596f*323941
W32/Hybris.C (Clam)=4000??????????????????????????83??????75f2e9????ffff00000000
W32/Hybris.D (Clam)=3629ced72a67a34a5c3812*6629ce072b67d34a5c6812*a29dfad81918d74c9fc09abf1968*1881c3040000004875f16800104000c3
W32/Magistr.B (Clam)=fce804720000391dd5bb04a4b324377205f21e90907e0d2e0bcdf4ec60f9ebc8d22036b4eca964c711070cf67577eb48869e925a8abe11dc00636816fdbe67d4ccebce628b3dc90fc273bd2ac6a927d50e23
W32/Magistr.B=0000??2e??????????0000ed????0000????0000????0000????00000000000000??0000*e804720000
W32/MyLife.E (Clam)=7a6172793230*40656d61696c2e636f6d
W32/Plex (Clam)=504500004c01??00????????00000000??000000e000????0b01????00????0000??000000000000??????000010000000????000000????0010000000??0000??000000??000000??00??00706c7872
W32/Sigh-1 (Clam)=ce592616d42415a82b37daafee93*7caf1830b0c44a36ee61008f72c1b589bfdb58d02cd22fd49dec*d0969040594d98c10809971280c65e4336537b2506bd253c02302563a030f23a32db1fc6e92b97ac7731
W95.Tenrobot.A (Clam)=1403f303cb51685254454e33d252ffd685c00f85cd0000008d85962040005053ffd66a406800100008
W95/Elkern (Clam)=57716b*3d757365725875*5c6578706c6f726572
W95/Hybris.Gen.1 (Clam)=704000ff1500704000a34224400083c4848bcc50e87c000000
W97/Marker (Clam)=3c2d207468697320697320*206d61726b657221
W97M/Story.A (Clam)=9901001800540068006900730044006f00630075006d0065006e0074
W98/Hybris.E (Clam)=10400081*75f16800104000c300000000
Win32.Jasemin (Clam)=e8000000005e2bc9587402????b9211400008bc1f87302
Win32.Powerful (Clam)=609cfce8000000005d83ed08b0??b91d0600008d751b300646e2fb
WM.Npad.A (Clam)=4d414356495224000006
WM.Tristate (Clam)=53756220616374696f6e686f6f6b287472697374617465292000
WM/Thus.B=d0cf11e0a1b11ae1*546875735f3030
Worm.Hybris.D (Clam)=858e5a31c5cfda503fcce07a06975e2185cfa79676385a31c5cf1c22bd32120000b800104000812885cf592181c0040000004d75f168a8584000c3
Trojan.IRC-Bot.gen (Clam)=494e5649444941aec1a17742*41844e534849454c4400*73094ce2*b37c8b471039464c
Trojan.IRC-Sdbot (Clam)=773030742e616469676974616c2e6e6574ffff416e6b0b1a4432340023c5f1ee6debadadafc7d44e848dbdff8a4f4c45bf2e326b321e3e323ffb652b6c36006d736f66807eff057b6578658f034d6963726f1700a74096e5a97205a710db0bbf882525636f5f7065630820bff0b6fb2f632025730200400e686f205c660d0a3a735bf8b7
Trojan.Bionet.313 (Clam)=8366cf9034d82e01109c82743e4fbc22eeff0942696f4e6574636667bf062cf802ce4ce19214da41b59f01bd300eb926f3a5a460933c305ecf8544cecab9fcefe2fb10002bba78d51c48c94cc1742026e5864c4dd149e16c6536782dbf85c4868d27a2245e250b4ebcff2524424e3230494424135e3c6826803537531c2046f0
Trojan.Sub7-V21.srv (Clam)=615408086921f29001000c9434573bfdf60c0c2d7828ea06435569657902c0955ced10521992e61d30728414140430b5c354fa4964492e64e9f6181805e4f292153ea86f34708c706ab2d42e7e1efc17449496be487348279b008fe47248187ad606d07c65b35c2e687fe08c50e473b6592e9b8444743875
Worm.Gruel.A (Clam)=09000b48006b496c4c6552675561546520312e30332c2049206d416b6520546849732076497255732042654361557345204920644f6e27542068417645204e6f5468496e4720744f20644f2121
Trojan.Webber.A (Clam)=c3005589e551505356578b750c8365f8008365fc00eb4f31db89dfeb368b45fc01f88b55080fbe04020fbe143e39d075014389f183c8ff40803c010075f939c37510ff45f88b45103945f875058b45fceb2d4789f183c8ff40803c010075f939c772baff45fc8b450889c183c8ff40803c010075f93945fc72
Troj/IGMPNuke (Clam)=2bc266dabdc059d785f030ed9b76751bb9bfc093edf2f10d751ec8240f751f496e6105fe75eceb398ac1045a1f10e91b9b7b200621ea318d4c130303abb9ed76c607d0803fccf7b8c788c2aced60075ed288f6d0ec87ffd77306f0be9bd97dfa9bdbe2d98e68adbfe14ed9ee9d84868a3e
Troj/EliteWrap.103 (Clam)=636a010072199a380a00c40404006c6f61640000636a000072197d31960072197d318c007219ea6710009d190c009d1908009d1904009d190000a76204009800726a02000000522d9a004b49b1679a380e000c05080057696e4c6f6733320000636a020072199a380c00240506004c6f
Troj/Aenima (Clam)=c549e63cf46cd111b63074dd05c10000000000000000010000004200e848420050726a41456e696d610000006c6cb60000000000ffcc3100570249e63cf46cd111b63074dd05c100000349e63cf46cd111b63074dd05c100003a4fad339966cf11b70c00aa0060d393
Troj/Mailbomb (Clam)=ffa40335490f324000081e72ff9a0335499a381000ae030b004d41494c2046524f4d3a3c00c311a34b2c00df409a380e00ca0308003e7b454e5445527d0000c311df40a3103d385d5335490f324000ed37b00e8d3880841e001c0f371b60ff020435490f324000081e60fff80335499a38
Troj/Icqflood (Clam)=20736f757263652055494e3a00000000425554544f4e000052616e646f6d6c792067656e6572617465642055494e0000313032370000000049435120506f72743a00000045444954000000003132372e302e302e31000000535441544943000056696374696d277320616464726573733a
Word-C #2 (Clam)=01bead108034ab4681fe6d1672
Word-C #3 (Clam)=24bfd12680351c4781ffa32c72
Word-C #4 (Clam)=bf250780353b4781ff840c72
Word-C #5 (Clam)=be1d2880342c4681feef2d72
Word-C #6 (Clam)=21bbf4048037e44381fb570a72
Word-C #7 (Clam)=bb1c2880370a4381fb7b2d72
Word-C #8 (Clam)=bb1c2880370a4381fb7b2d72
Troj/ICQ-Mouse (Clam)=6c8643a82a7806540812e486e1520cc419d85206b419d40c54c33d68a824090ae8a90514e4643009684840873eda6370e407d31102bd6244455354b122013210c04943514d6f1c757365016d2046696cdfcd6710e72d2d17d139c7984578700f6c6f69741d9d729c67ce616d073d666eaf
Troj/Wako (Clam)=4f464620200000003830300044444520494e495449414c495a4154494f4e204641494c5552452e00434c4f4e455300007175697420257325730000000d0a000025732573000000002f6563686f2034202d732057614b6f20466c6f6f64426f7473205374617475733a20256420436c6f6e657320436f6e6e65637465642e
Troj/IRCKill (Clam)=5265636f6e6e656374696e67207761746368657220626f742e2e2e0020646f6e652e0a005265636f6e6e656374696e67206b696c6c65722e2e2e0055736167653a202573203c7365727665723e5b3a3c706f72743e5d203c6b696c6c207365727665723e5b3a3c706f72743e5d203c6e
Troj/Sunfo (Clam)=b94c000000663d33c9ba9e574000a100704000e97dc6ffff00b954000000663d33c9baf8494000a100704000e964c6ffff00006803040068030800f603ffff68033a005e0728002200000063003a005c00770069006e0064006f00770073005c00700069002e0069006e006900000094
Troj/Sping (Clam)=3529204578656375746520612066696c650a36292044656c65746520612066696c650a372920746f20717569740a000025630000646972206172677320286174206c65617374202a2e2a293f0a000000257300005768617420646972656374726f793f0a00000000576861742066696c
Troj/UnabomberB (Clam)=552d24004b499a3812007c000c0043616e63656c6c65642e2e2e0000c3116e4a3a00724c00c04b499a3816009e00100054686520556e61626f6d6265722e2e2e0000c311a74a4000724c00c04b499a380600c40001003000c3116e4a4400724c00c04b499a381600da0011005265616479
Troj/ICQZap (Clam)=202020506f727420746f2057696e393520627920537465656c4265616b004943515a41502e455845202d206261736564206f6e2074686520494351204d65737361676520466c6f6f64657220627920656e6b696c5e20616e642069725100c4914000000000002e3f4156696f7340400000
Js/Fortnight@M (Clam)=402536312537322536382536352536462532452536332536462536442f6d2e68746d22200d0a77696474683d30
Troj/Panther (Clam)=558bec83c4f4e83533fdffe81846fdffe85372fdffe8b6ddfdffe89ddefdffe8e8fdfdffe83764feffe8be2effffe8f5a5ffffe804d1ffffa124164300e81225ffffb98c164300badcee4200a124164300e80e25ffffa124164300e89425ffffe80641fdff8be55dc38d4000000000000000000000000000
Troj/Crow (Clam)=680c304000e8a9070000c9c38d76005589e5a14c414000a3003040008d502089150430400083c040a308304000c9c3596f752063616e206b69737320796f75722061737320676f6f6462796520626162790a00536f636b657400756e61626c6520746f20696e697469616c697a652077
Troj/WinNuke-A (Clam)=c3cccccc8b4424042da403000083f812770f33c98a887c354000ff248d6835400033c0c3b811040000c3b804080000c3b812040000c3b804040000c350354000563540005c354000623540004d35400000040404010404040404040404040404040203cc5733c0bff8e84100b940000000f3abaaa3
Troj/Genocide (Clam)=5573696e6720256420746872656164732e2e2e00496e76616c69642049502072616e67652e0000005468726561642065786974696e672e00546573740000000057696e47656e6f63696465202d2000000d0a0000506c65617365207761697420666f7220616c6c207468726561647320
Troj/PingTos (Clam)=6e061a2250696e6720546f73736572222062792041636964416e67656c0c436c69656e7448656967687403c4010b436c69656e7457696474680373010a466f6e742e436f6c6f72070c636c57696e646f77546578740b466f6e742e48656967687402f509466f6e742e4e616d65060d4d532053616e732053657269660a466f
Troj/Spy-13.B (Clam)=01d3137701e4137701f4137701011477010e1477014c147701681477010100d302dd00d3029d0cd30200000000000000001a535059545352206f72646572656420746f207265626f6f743a201c556e61626c6520746f2073656e6420626f6f7420726571756573742012535059426f6f74
Troj/Spy-13.A (Clam)=7eaa16579ae105b101a29700c6069a0001b8320031d252509aa20f6002c6069c0001833e580000750eb8960031d252509aa20f6002eb04ff0e5800803e9800007503e9befda09d00509ab80f60029abe10600289ec5dca0400105370792077696c6c20656e64206e6f771f52656d6f7465
V2P6.a (Clam)=f8f9b9d307baa7f3fc9033f6bd270290311290454ae2f8
Troj/Spy-13.C (Clam)=0114137701c2137701d3137701e4137701f4137701011477010e1477014c147701681477010100d302dd00d3029d0cd302000000000000000021535059545352206f72646572656420746f206469652071756965746c79206f6e2016556e61626c6520746f2073746f7020535059545352
Troj/Spy-13.D (Clam)=013a06a7017446c47efc26c6450302a0a701988bf8d1e781c7a801897ef88c5efac47ef8268a05c47efc268805c47ef8268a4501c47efc26884501803ea701207507c606a70100eb04fe06a70189ec5dca04001c52756e206c696b6520746869733a20535059545352203c6e616d653e01
Troj/Snuke-A (Clam)=0d706e4000731d8bc183e11f83e0e7c1f8038b90706d40008d04caf640040174038b00c3c7055461400009000000c7055861400000000000b8ffffffffc3cccccccccccccccccccccccccc6a02e8a9d3ffff83c404c3cccccccccc558bec57568b750c8b7d088b4d103bfe760c8bc603c1
Troj/Flooder.PortPro (Clam)=f32c40000c2d4000252d4000ffcc2d0011b4070000b0040000000d0066726d506f7274536561726368000d001a00506f727450726f2076302e3933206279205c5c53744f724d5c5c000551090000e50b0000ce130000c30f000022012600ff1901004200233e0400006c740000360400
Troj/Nukeit-C (Clam)=010000000000e0010000949b000010070000b00400000000000010005f004900490044005f00460052004d0050004e00450057004b00300039003600070054005900500045004c00490042000d005f004900490044005f00460052004d00410042004f0055005400
Troj/BD.Netbus (Clam)=3ffc180c7ffe380efffff80ffffff80ffffff80fffffffffff0448696e7406064e657442757309506f7075704d656e75070a506f7075704d656e75310a4f6e44626c436c69636b07134e6f7469667949636f6e3144626c436c69636b044c65667403b00103546f70026800000a54506f
Troj/BD.Netbus-Patch1.6 (Clam)=6a006a128b430450e8aa08fbff6aff56e87203fbff56e81c01fbffe8cf01fbff8903a1307545008b008b402489430433c05a595964891068895445008d45fce8efe3faffc3e909defaffebf05e5b595dc30000ffffffff060000004e45544255530000ffffffff060000005f53484152
Troj/Netrust (Clam)=a1735aa5226aa7d5f20f797a661fdaa735fa2a702a6552a6a18620eaa7562aa78d3a3c1d1aa91c3aa5946a3f267aa99abaa99cdaa99efaa9351110003b036801f000bc0d9804ff03410000000406004c6162656c310001011700436f707972696768742031393938204576314c43304445
Troj/BD.NetBus-Patch1.1 (Clam)=204e6574427573205061746368657220312e31204279204d6173746572706f7765725e49560c436c69656e7448656967687403ab000b436c69656e74576964746803e5010c466f6e742e43686172736574070f44454641554c545f434841525345540a466f6e742e436f6c6f72070c636c
Troj/BO-Server (Clam)=58aa4200080004005f5f5f4350506465627567486f6f6b002863746f724d61736b2026203078303130302920213d2030207c7c202863746f724d61736b20262030783030323029203d3d20300078782e637070002863746f724d61736b20262030783030383029203d3d20300078782e
Troj/HackCOM (Clam)=8681343c874646cce2f7
Troj/GirlFriend.135B (Clam)=4769726c467269656e642053657276657220312e3020424554410000ffffffff05000000544553543f000000ffffffff0700000021616c6976652100ffffffff0b0000007961626164616261646f6f00ffffffff0c000000416b756e616d61746174612100000000ffffffff05000000
Troj/Fatalerr (Clam)=3498010c0006496d616765310400ffff0000ffff0000ffff0000ffff0000070654466f726d31ffff0000ffff0000380005556e69743100000e633a5c6f7333323737392e7379730b446174652f54696d653a200b5573657220202020203a200b50617373776f7264203a200e3d3d3d3d3d
Troj/DosNuke (Clam)=ff00410054686973206c697374656e7320696e206f6e206120706f727420746f2073656520696620616e796f6e6520697320747279696e6720746f206e756b6520796f752e00120000ff0204010001000000000001000100000000000100010000000000b954000000663d33c9ba904a
Troj/Newker (Clam)=a4294000b3294000c9294000e2294000fb294000142a4000ffcc2d000b0f090000b7040000000a0066726d4443434e65776b000d002000444343204e65776b2076302e31332062792054434220265c5c53744f724d5c5c00058c0a0000ab090000f10e00009d0800002203260027004400ff1901004200233e0400006c740000360400000000010002002020100000000000e802
Troj/Nuker-CGSi (Clam)=6f6e73749090558bec84d2740883c4f0e82d5e02008948048b4d0c8948088b4d0889480c84d2740fe85d5e0200648f050000000083c40c5dc208009090905356578bf98bf28bd856578bcbb201b86c364000e8afffffff8bd0a164b24300e8df0300005f5e5bc3909090558bec5153568b
Troj/BackOrifice (Clam)=f533ff85f67e238b4c241c03e933d28a142f5268d886410053e8b1d1000083c40c473bfe7ce78b6c24
Troj/Orifice.Sniff (Clam)=ff15686101106a01a380060210e88d0a000085c059743ca18006021033c98a0d8106021025ff000000c12d8006021010a388060210890d8c060210c1e00803c1a384060210e88102000085c07509e8880a000033c0eb72ff1518610110a3983d0210e806090000a36c060210e8e60300
Troj/Mdrop-CFG (Clam)=010031750000a000008000000000a89c50376a0000000000010009040000b800000000000000a89c50376a0000000000010000000000c800000000000000a89c50376a0000000000010000000000d8000000f030010024020000b0040000000000001433010014000000b00400000000000028330100a8080000b0
Troj/BD.Drive-B (Clam)=010031750000a00000800000000069503b36000000000000010009040000b80000000000000069503b36000000000000010000000000c80000000000000069503b36000000000000010000000000d8000000f0800000c4020000b004000000000000b483000014000000b004000000000000c8830000e8020000b0
Troj/BD.Busconquer-GJ (Clam)=8e64f3bea4be5eec75941f5bac84aaacc01d61267a99339a59597f51c28022f6258e44022cbbc7e598ac1081dd69bc6cb8115dfcd216d855048223821868304fdcc1094e70ccbc9445c9b02b84899d802820189d60500a8802a2402ca28028201c0c0440058602f4fee405440151d4c451
Troj/Nuke-BitchSlap (Clam)=0e4269746368536c61702076312e309affff00009affff00009affff00009affff00009affff00009affff00009affff00009affff00009affff00009affff00005589e531c09affff0000bf02000e57c43ef20c06579affff0000bfc000b8ffff5057bf9e0b1e57c43ef20c06579aff
Troj/BO.2000-BeOne.113 (Clam)=2e63756c7464656164636f772e636f6d2f006f70656e006d61696c746f3a206265656f6e6540696e616d652e636f6d3f7375626a6563743d426f436c69656e74206279204265654f6e65006f70656e00687474703a2f2f7777772e6d756c74696d616e69612e636f6d2f6265656f6e652f
W32/Achtung (Clam)=6f66745c57696e646f77735c43757272656e7456657273696f6e5c52756e000000717569742061636874756e67210000005265676973747279204572726f7228536574293a202564005265676973747279204572726f722028437265617465293a202564005c61636874756e672e657865
Troj/BD.Netbus-160 (Clam)=2b78541295c5a566c4cc9ff8ccc8910ffcdbe1c327cd5eb468c1c2d5715985b9a98987a8c6ba8e469756616cbcf2e99d6f3efbe0dd37dffae89befbe7cbdcba654dbab6beca2823debd7c4241cce889d0f0b45ac3e5058989110b7276ee7a6b5aba3d6ae5931efb949b337a492d84299a1
Troj/FreeBSD.RootKit (Clam)=6374696f6e2062792074726970776972652e204d
Troj/SunOS.RootKit (Clam)=73703d22636f736d6f732e6b616973742e61632e6b
Emma.427 (Clam)=c3602e8b1e010181c30301e80a008bfe8d7703a4a561ffe653
Zombie (Clam)=019c3d004b740f3d694b74069d2eff2e84008bd89dcf2ec706
Java/Strange.Brew (Clam)=01c2000000c8000001c8000000c9000001c8840601a70145840602a7013f840604a701391912b6
SillyC.160.B (Clam)=5d81ed0601b903008db69d01bf000157f3a48d96a301b41acd21b44e8d969701b90700cd217303eb6090b8023d8d96c1
Troj/Sniff-ICQ.WPD (Clam)=0f841101000083c030423d6847420072ed8d4c24105155ff15e8d5420083f8010f85bb000000b94000000033c0bfa8a14200f3abaa837c24100176718a44241684c074378d5424178a0a84c9742d33c081e1ff0000008a42ff3bc177148a98a9a1420080cb048898a9a14200403bc176ec
Troj/WinNuke (Clam)=e8020000000000000000000070690000360200000000000000000000a86b0000ce010000000000000000000050700000460000000000000000000000506600002200000000000000000000005c690000140000000000000000000000786d0000d802000000
Troj/Mdrop-BL (Clam)=8601000000000000000000003cc80e00a20500000000000000000000e0cd0e00b8020000000000000000000020d20e002a000000000000000000000074b10e00220000000000000000000000b0ab0e00220000000000000000000000a4ac0e00e802000000
Troj/Orivion (Clam)=280100000000000000000000847600006e0400000000000000000000f47a0000ac0600000000000000000000a0810000da000000000000000000000060b80000300100000000000000000000607600002200000000000000000000007c820000d002000000
Troj/FormMail-A (Clam)=010000000000400100006858000014000000b004000000000000000000001a6a3034010001000000010000000000680100007c58000070050000b004000000000000070054005900500045004c00490042000a005f004900490044005f0046004f0052004d003100
Troj/Flooder-X (Clam)=010000000000400200001098020070090000b0040000000000000b005f004900490044005f00580046004c004f004f0044000b005f004900490044005f005400480041004e004b0053000a005f004900490044005f00530054004100520054000a005f004900490044005f00410042004f0055005400070054005900500045004c0049004200
Troj/Euthana (Clam)=0a4974656d486569676874020e0d4974656d732e537472696e6773010639582d4d61696c65723a2045757468616e6173696120312e353220627920687474703a2f2f6b72306d65636f72702e686f6d652e6d6c2e6f72670620582d4d61696c65723a20454c4d205b76657273696f6e2032
Troj/Jidamod (Clam)=202b0d0a0054686520776f726b206f66204a69642061204d6f622e0d0a00202020202020202020202020546865204c6561646572206f6620476c6f62616c204d61666961682c200d0a0020202020202020202020202020202020416c696173205368756d61747375204b696d6174617a65
Troj/ICQ-ISeekU (Clam)=0777777777777777777777777700000007000000000000000000000000000000070ffffffffffffffffffffffff00000070ffffffffffffffffffffffff00000070ffffffffff87ffffffffffff0888888888f8fff8777ff777ffffffff00000000000fffffffffffffffffffff00000070fffffff877777777ffffffff0008888888ffffffffffffffffffffff00000000000
Troj/Orifice-A (Clam)=772e63756c7464656164636f77
PS-MPC090B (Clam)=f6e800005d81ed160181fc5349740b8db6d001bf000157a4eb111e060e1f0e078db6cf018dbec701a5
PS-MPC.Z10 (Clam)=57012e8104000046464f75f6
VGEN/2531.739 (Clam)=b430cd213c02740d77168d167007b409cd21e9aa008d16a307b409cd21eb4090a12c008ec033ffb9ff7f32c0f2ae2680
VGEN/23639.663 (Clam)=b430cd213c02740d77168d165a07b409cd21e9f6008d168d07b409cd21eb4090a12c008ec033ffb9ff7f32c0f2ae2680
Virus-101.2560.a (Clam)=908d5c4df8b9b403902e8b17f986d69055f88beef5b80d009003e8f52eff7600fc58f55dfc01c2f8f7d2fc2e8917f843fc43f8e2d3
VGEN/284.12 (Clam)=02e9420100000d0a2863293139393320564720456e7465727072697365730d0a0d0a2a20436f6e67726174756c6174696f
MPC #23 (Clam)=8beccc8b6efa81ed03001e06b84144cd213d535074528cd8488ed8832e03002390832e12002390
V2PX.1620 (Clam)=34f7f54d429f300630023ada3ad6da2bda36c23179afa6a0a7ad11a0790d16f0f18c8a888f8e88828b8e828a858ebcb1bfadb9a9bbadb5a1b7adb1a9b3aeadb2ac8e978a968ea182a08eab8aaa8ed578bf0762ad03641f620e5cea03c7ef45b37a59f88beaf101894ee689cb2f0e33f8bbf8a9c0f22ded03bc7ea364c0a576d8bbf089e5bb0de801005695c9390bc1feb1a80b132a
VGEN/1881.96 (Clam)=b85e15ba53050500003b060200731a2d2000fa8ed0fb2d19008ec050b9c70033ff57be4401fcf3a5cbb409ba3201cd21
V2PX.1260a (Clam)=d990310d43474b42f8904640e2eb
V2PX.1260b (Clam)=31054643f8409047e2e9
VGEN/1055.0 (Clam)=bf19015061c35751508b
Troj/Spam-UY (Clam)=205559340c436c69656e74486569676874
Troj/Bomber (Clam)=0a54686520656e642e2e2e9affff00
VLC-Earthquake (B) (Clam)=20bf030190b9330281355d014747e2f8c3
PS-MPC-003 (Clam)=01b837012e8135000047474875f6
Phoenix-2000 (Clam)=90e8000087c05e95b8d603508bde33c92e334c1f46464879f75a2e31
Necro.666 (Clam)=01acb90080f2aeb90400acae75efe2fa89
VGEN/281.512 (Clam)=c3e849dd0600071ccb251f050902000400a01000000000008bece814df81246d2de9b81613040000558bec55e90000bf4c
Troj/Linux.Rootkit-A (Clam)=105b5e5f81c44c050000c3908b7424108b5c240cc1eb054b0f888f0000008d7c24148d365756e8d1faffff83c40885c07d16566871bb04086888d70408e852f2ffff83c40ceb1a90f6442426017509833d1cd2040800740957e852f4ffff83c40483c6204b79bd5b5e5f81c44c050000c38d76008d7424145653e87dfaffff83c40885c07d1e536871bb04086888d70408e8fef1ffff
Troj/Sumo-A (Clam)=2e636f6d004e4f544943450000505249564d5347004b69636b65642066726f6d206368616e6e656c20257320627920257320282573290a00004b49434b00000000436f6c6c696465626f7420257320636f6e6e656374656420746f2025730a00004e49434b2025730a55534552202573202e202e203a25732025730a0051554954000000002121212025730a006c6f73696e00000025
Troj/Spam-Alanche.34 (Clam)=524d57495a0007414c414e43484500000001000007564234303031360000094176616c616e636865000000000000000000000000009affffffff3c05ea03000000980012008800160078001a0068001e00a800ffff09040000e200000005000b000c003200e803ffffa00e2a34380ea2350c00c41f5a3c0a00f42002320100954a0300b21689e9da451b10b17608002b336f60320003
Troj/Nuke-Smurf (Clam)=49004e005500500006004400560043004c0041004c000b005000410043004b0041004700450049004e0046004f000600540046004f0052004d0031000b00540046004f0052004d005f00410042004f00550054000800540046004f0052004d005f0049004f000e00540046004f0052004d005f0053004d0055005200460049004e00470008004d00410049004e00490043004f004e00
Troj/FDoS-Bmb (Clam)=6a026a02e8a702000083c40c89c08945e46a108d45ec508b45e450e89802000083c40c8b55e489d0eb008b5de0c9c3426d623220666f722057496e626c6f777a206279205f4a6d616e0a0053796e7461783a20626d6220686f737420706f72740a00506f72742063616e20626520616e7920706f72742c20616e79206f66207468656d2077
Troj/WCrash (Clam)=c6890383e0fc03d883c304e81cffffff83c6048bc72d9400000083e80c2bc68d5001891383e2fcc7441304020000003b05447f4000730f8bd003d20315587f400083c2f4eb068b15687f40008b4a04894b048953088b4b04895908895a048d500489140333c05f5e5b5dc390558bec53568b550c8b5d0881e200f0ffff8b0b8bc103c383c0fc3bca0f86a1000000f600020f84930000
Troj/Nuke-DoS (Clam)=5207cad8792c86a4c8f1003caa9246f6ffda876507040646f6f70000f63dd0ec876f1efff605f60544019f057dd650e2fe87cf1c0d7d10ed15aa940c0011d14a0044ff53534f434b33322ee74f4358a9fdb9f343006ffe968079007200690067aa6f00747970a979704407306caa9680680f306e7970530b3073eef90065006d3130200049ee293063002e797031003900493083d1f6
Troj/ICQSpoof (Clam)=38782045444920253038782045425020253038782045495020253038780d0a0045415820253038782045425820253038782045435820253038782045445820253038780d0a00457863657074696f6e2025782c20617420616464726573732025780a0000ff2584414000909000000000ff2588414000909000000000ff258c414000909000000000ff2598414000909000000000ff25
Troj/FDoS-ICQRevenge (Clam)=01000904000078010000000000007f90363500000000000001000904000088010000000000007f90363500000000000001000904000098010000b0610000e80200000000000000000000ac6400007e02000000000000000000002c670000e40200000000000000000000d46c000094000000000000000000000098640000140000000000000000000000106a0000c402000000
Troj/SendFake-A (Clam)=ff50e80603000083c40c8d8524feffff50e89bfbffff83c404908d8524feffff50683c134000e8c6fbffff83c4088d8524feffff50e89b02000083c40489c085c07518a1ac20400050e87702000083c4046a01e8a502000083c40468621340008d8524feffff50e8b102000083c40889c0898520fdffff83bd20fdffff0075178d8524feffff506865134000e85402000083c408eb03
Troj/DDoS-Snoofer (Clam)=f0d38d45b05121d78d55d0edf003f1f5106aff006a408b0656ff9058122233219e21154cf4f20ca922bbeb0949121c0700a7f0fc2e047268474f580034262d3626fee02155b08d45c08d4de3d0523520bb27890410ff5290930da30aac0dbc0c28cc0ddc0320eee30ddb68f835116a0f562e08f6ff92640d19e81a10b4f026d52015b4bf232af0acdcf2b613f7f868e845f0578b07ff
Troj/DDoS-Snoofer.b (Clam)=ec83ec0c684611400064a100000000506489250000000083ec2853568b7508578bc683e6fe8965f483e0018b0ec745f820104000568945fc897508ff51048b1633db68f8304000536a0f56895de8895de4895dd4ff92640300008b3d74a14000508d45e850ffd78d4dd45051ff15b4a1400083c41050ff15aca140008d55e45052ffd78bf868e8304000578b07ff
Trojan.Yabinder (Clam)=14c962836612134420315598be5551f0897704b8a330cfaeff0f41a408f3c7ba476a40cc89470c51011e42b42b3949b48858fcf54e280e2c5737cdc7df4023c55d7b11536563686f204e6897f86f66660d0a857279057b6a3ce4370168c8a44f807e8ad442b574150cbdf6510305bf64059188193b4c4dd41247553481162c
Pieck (Clam)=eb0e00fe000000000000000000000000be0c00fa2e89a40b082e8c940d088cc88ed0bc6018fb561e06b8ffffbb7203cd213d72
Trojan.SMS-Bomber (Clam)=5f534d535f426f6d620000000000ffcc31002fc38be28b583ad411a5a900606737252fc48be28b583ad411a5a900606737252f3a4fad339966cf11b70c00aa0060
W97M.Coldape.A (Clam)=4e69636b2022546865204c6f7665204d6f6e6b657922205669727573205061636b61676520627920414c542d463420616e6420414c542d46313120666f722074686520416c7465726e6174697665205669727573204d61666961ce00000000000000a40001001e00ca00ae00020027a5ce00ae000400446f6e65ae000000ae004100484b45595f43555252454e545f555345525c536f6674776172655c564220616e64205642412050726f6772616d2053657474696e67735c4f66666963655c382e3000ae00070041564d2d5642530020
Worm.Lovgate.B (Clam)=0e70bad803bf2c5ca6ea5bcd856cd39fec1d480a7a1bcead158efee92dd12a10c3b72e9d6249a633c804737d2f31ee75ccfc42f46cfbf1028316799a00a98c07a38f916f21caca64eb1bf1abcda9e8649e3b632c56862fa65364522afc8aed05a1f0508026e1ed18119787f699ccce95eaeba3dc0bbb8bb0d3c91d8aba1945
Trojan.BombXP.2.0.0.0rev0.1c (Clam)=736d73626f6d620000000000ffcc3100056f95bbe7724adf4babd30f9f2868e854aa1b68b1730da449b4aedaf375a9409c3a4fad339966cf11b70c00aa0060d3
Trojan.Qwak (Clam)=207061737377292e2e2e00496e76616c6964204469616c6563742e2e2e00004e6f207265706c792066726f6d206469616c65637420726571756573742e2e2e0000000053656e64696e67206469616c656374206e65676f74696174652e2e2e0000000043616c6c6564206e616d65206e6f7420666f756e64202857726f6e67
Joke.Boredom.A (Clam)=065557696e646f777320686173206465746563746564207468617420796f75206d6179207375666665722066726f6d20686176696e67206120736d616c6c2070656e69732e20204973207468697320636f72726563743f08576f72645772617009000007
Trojan.Prosiak.E (Clam)=24c3546561a5391094a86134f15369cf2ba872341005d6c5fa3c444c14696d6534e359f73e256f77696842d0759924090c46ffd068732369616041717561ade02744d8a9100b0c53e7210492b442130a
Trojan.Prosiak.G (Clam)=48c64a57e1aa3001da8ff812feff81db6d61696c2e6c75626c696e2e706cef39a26ac2b77ad90192
Worm.Romeo (Clam)=c7ad193b3990f4a8100cd6f1c6e5895c895b6f1beb3acf4308d22dd4d1137e5ae32c373ce7edc1e07c0d250c1c843217a15c358381bd1d052d1709dbecb30a607e
Worm.MyLife.B (Clam)=01cfffffef216e740d0a526550726f6a65637431000d0a466f722069ff433664cbcc314338440f3a0fc0feff4fad339966cf11b70c00aa0060d393e4b104bfdbde6c0382000500666c6d74010300636172e4b6fbdb00199042002204233e1c6c74a536046e3956f8020020043ae8022607
Trojan.Dropper.B (Clam)=4d494d452d56657273696f6e3a20312e300d436f6e74656e742d4c6f636174696f6e3a46696c653a2f2f666f6f2e6578650d436f6e74656e742d5472616e736665722d456e636f64696e673a2062696e6172790d0d4d5a90000300000004000000ffff00
Exploit.ObjCodebase.Calc (Clam)=0909093c6f626a6563742077696474683d30206865696768743d302069643d226f46696c652220636c61737369643d22636c7369643a31313131313131312d313131312d313131312d313131312d3131313131313131313131312220636f6465626173653d22633a2f77696e6e742f73797374656d33322f63616c632e657865223e3c2f6f626a6563743e
Exploit.ObjCodebase.Calc.Mail (Clam)=636f6465626173653d334422633a2f77696e6e742f73797374656d33322f63616c632e657865223e3c2f6f626a6563743e
Trojan.Prorat.10.B (Clam)=3a767a2d546f5804124a8071e6f4839dfdd5218f5e15e6e55ee0b6ded352a97f8e40ca19565ca844410a44661fcea88df445f9e561acb83b60a20754d3c536d5478b0575aa0d51d901cb111eb3b4644fabf8ef406fbb15c5738f1ff71635acb07d2fb1e8d9df1650e7dee835606dd80ba47f96b9e3e8eaef7c3038ae203d4205f11423bb5a4740
Trojan.Dropper.C (Clam)=3c5343524950540866756e6374a76effffdffa206d616c77ab652829
Trojan.Delf.BZ (Clam)=14e97b00f7ffb8807b4900e82d09f7ffe8c803f7ffa1d06549008b00e804a4fbff833d7c7b490000740ba17c7b490050e8f03bf7ff33c05a595964891068b1324900c3e9ed02f7ffebf85f5e5be81307f7ff00000069736e736572766572000000ffffffff16000000687474703a2f2f7777772e697370796e6f772e636f6d
Troj/SunOS.RootKit #2 (Clam)=6e222c206765747569642829293b0d0a7d0d0a5f454f465f0d0a6363202d6f20757372207573722e630d0a63686d6f6420373030207573720d0a4946533d222f220d0a6578706f7274204946530d0a2f7573722f6f70656e77696e2f62696e2f66662e636f7265203020302030203020300d0a2366666320302030206664302f66643020310d0a726d202d6620757372207573722e63
V2PX.1200 (Clam)=e701b9fa326f385b389954b810d76f2198da1a7867124f387b18b9749801bb84326f387b18b974782b5bb17859d380e0580f9579d116a0b16ec28c07813b38b3eeb9faa838f5196a0a251b186d15a01a5aa11818a21818f5194b3bd1e2386bb3f069153b38b1bccc58d999f95cd3a6d9b7e95ad155ec7475998b6931ee48504eb833fe489d47b89d119c11de7011
V2P6.1993 (Clam)=303635a13de5b23e58ee096990e5308e40e469405e296fe428b9884fde4e884e3635a13e3fde65884e856e8a4e856e64ae1a61e48ede4ed7666ebe821d6c884e8c963736adf286b491703ed66e6e3e71e5288243d46e94cd626ee5288243fc6ecd6a6e6036cd686ecd606e953671f3adf2703ed66e6e3e71e528b294cd626ee528b6cd6a6ee528b4cd686ee528b0cd606e953671f3ad

2
clamav-devel/docs/FreeBSD-HowTo/qmail-scanner-how-to.html
Unescape View File

@ -31,7 +31,7 @@
<p class="COPYRIGHT">Copyright &copy; 2002 by Paul Hoadley and
Eric Parsonage</p>
<p class="PUBDATE">$Date: 2003/08/06 03:05:51 $<br>
<p class="PUBDATE">$Date: 2003/08/29 14:27:14 $<br>
</p>
<div>

BIN
clamav-devel/docs/clamdoc.pdf
View File

Binary file not shown.

2
clamav-devel/docs/clamdoc.tex
Unescape View File

@ -1093,6 +1093,8 @@ define(`confINPUT_MAIL_FILTERS', `clmilter')
\item Masahiro Teramoto \email{<markun@onohara.to>} - official FreeBSD
port maintainer.
\item Trashware \email{trashware(.at.)gmx.net} - TrashScan
\item David Woakes \email{david(.at.)mitredata.co.uk} - freshclam \\
--on-error-execute fix.
\item Troy Wollenslegel \email{<troy(.at.)intranet.org>} - bug report:
handling inaccessible directories in archives.
\item Andoni Zubimendi \email{<andoni(.at.)lpsat.net>} - fix for

3
clamav-devel/etc/clamav.conf
Unescape View File

@ -52,6 +52,9 @@ Example
# which is only accessible for a user running daemon.
LocalSocket /tmp/clamd
# Remove stale socket after unclean shutdown.
#RemoveStaleSocket
# TCP port address.
#TCPSocket 3310

1
clamav-devel/freshclam/cfgfile.c
Unescape View File

@ -63,6 +63,7 @@ struct cfgstruct *parsecfg(const char *cfgfile)
{"FollowFileSymlinks", OPT_NOARG},
{"Foreground", OPT_NOARG},
{"Debug", OPT_NOARG},
{"FixStaleSocket", OPT_NOARG},
{"User", OPT_STR},
{"AllowSupplementaryGroups", OPT_NOARG},
{"SelfCheck", OPT_NUM},

4
clamav-devel/freshclam/freshclam.c
Unescape View File

@ -133,7 +133,7 @@ void freshclam(struct optstruct *opt)
ret = download(opt);
if(optl(opt, "on-error-execute"))
if(ret)
if(ret > 1)
system(getargl(opt, "on-error-execute"));
logg("\n--------------------------------------\n");
@ -144,7 +144,7 @@ void freshclam(struct optstruct *opt)
ret = download(opt);
if(optl(opt, "on-error-execute"))
if(ret)
if(ret > 1)
system(getargl(opt, "on-error-execute"));
mexit(ret);

6
clamav-devel/libclamav/clamav.h
Unescape View File

@ -119,7 +119,8 @@ extern void cl_buildtrie(struct cl_node *root);
extern void cl_freetrie(struct cl_node *root);
extern char *cl_perror(int clerror);
extern char *cl_strerror(int clerror);
extern char *cl_perror(int clerror); /* deprecated */
extern char *cl_md5buff(const char *buffer, unsigned int length);
@ -134,6 +135,9 @@ extern short int *cl_hex2str(const char *hex);
/* encode a buffer 'string' length of 'len' to a hexadecimal string */
extern char *cl_str2hex(const char *string, unsigned int len);
/* generate a pseudo-random number */
extern unsigned int cl_rndnum(unsigned int max);
#ifdef __cplusplus
};
#endif

396
clamav-devel/libclamav/mbox.c
Unescape View File

@ -74,7 +74,6 @@ static size_t strstrip(char *s);
static bool continuationMarker(const char *line);
static int parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg);
static bool saveFile(const blob *b, const char *dir);
static bool newMessageStart(const char *buf);
/* Maximum number of attachements that we accept */
#define MAX_ATTACHMENTS 10
@ -87,8 +86,6 @@ static bool newMessageStart(const char *buf);
#define CONTENT_TRANSFER_ENCODING 2
#define CONTENT_DISPOSITION 3
/*#define VALIDATE_MBOX /* validate the file is a UNIX mbox */
/* Mime sub types */
#define PLAIN 1
#define ENRICHED 2
@ -134,152 +131,222 @@ static const struct tableinit {
* named pipe or memory mapped file?
* TODO: if debug is enabled, catch a segfault and dump the current e-mail
* in it's entirety, then call abort()
* TODO: parse .msg format files
*/
int
cl_mbox(const char *dir, int desc)
{
int retcode;
char buffer[LINE_LENGTH];
bool first = TRUE;
bool inHeader = FALSE;
bool inMimeHeader = FALSE;
bool lastLineWasEmpty = TRUE;
int retcode, i;
bool isMbox; /*
* is it a UNIX style mbox with more than one
* mail message, or just a single mail message?
*/
message *m;
table_t *rfc821Table, *subtypeTable;
FILE *fd;
char buffer[LINE_LENGTH];
#ifdef CL_THREAD_SAFE
char *strptr;
#endif
cli_dbgmsg("in mbox()\n");
if(initialiseTables(&rfc821Table, &subtypeTable) < 0)
i = dup(desc);
if((fd = fdopen(i, "rb")) == NULL) {
cli_errmsg("Can't open descriptor %d\n", desc);
close(i);
return -1;
}
if(fgets(buffer, sizeof(buffer), fd) == NULL) {
/* empty message */
fclose(fd);
return 0;
}
m = messageCreate();
assert(m != NULL);
retcode = 0;
if((fd = fdopen(dup(desc), "rb")) == NULL) {
cli_errmsg("Can't open descriptor %d\n", desc);
if(initialiseTables(&rfc821Table, &subtypeTable) < 0) {
messageDestroy(m);
fclose(fd);
return -1;
}
/*
* handle more than one message in the filter. Probably a waste of time
*/
while(fgets(buffer, sizeof(buffer), fd) != NULL) {
#ifdef CL_THREAD_SAFE
char *strptr;
#endif
/*cli_dbgmsg("read: %s", buffer);*/
#ifdef VALIDATE_MBOX
if(first)
/*
* Check it is a mail box.
* tm@softcom.dk: check for a single mail message
*/
if(!newMessageStart(buffer)) {
cli_errmsg("Not a valid mail message");
retcode = -1;
break;
}
#endif
isMbox = (strncmp(buffer, "From ", 5) == 0);
if(isMbox) {
/*
* Handle this where we're mid point through this stuff
* Content-Type: multipart/alternative;
* boundary="----foo"
* Have been asked to check a UNIX style mbox file, which
* may contain more than one e-mail message to decode
*/
if(inMimeHeader) {
const char *ptr;
assert(!first);
bool inHeader = FALSE;
bool inMimeHeader = FALSE;
bool lastLineWasEmpty = TRUE;
bool first = TRUE;
if(!continuationMarker(buffer))
inMimeHeader = FALSE; /* no more args */
do {
/*cli_dbgmsg("read: %s", buffer);*/
/*
* Add all the arguments on the line
* Handle this where we're mid point through this stuff
* Content-Type: multipart/alternative;
* boundary="----foo"
*/
for(ptr = strtok_r(buffer, ";\r\n", &strptr); ptr; ptr = strtok_r(NULL, ":\r\n", &strptr))
messageAddArgument(m, ptr);
if(inHeader && ((buffer[0] == '\t') || (buffer[0] == ' ')))
inMimeHeader = TRUE;
if(inMimeHeader) {
const char *ptr;
assert(!first);
if(!continuationMarker(buffer))
inMimeHeader = FALSE; /* no more args */
} else if((!inHeader) && lastLineWasEmpty && newMessageStart(buffer)) {
/*
* New message, save the previous message, if any
*/
if(!first) {
/*
* End of the current message, add it and look
* for the start of the next one
* Add all the arguments on the line
*/
messageClean(m);
if(messageGetBody(m))
if(!insert(m, NULL, 0, NULL, dir, rfc821Table, subtypeTable))
break;
for(ptr = strtok_r(buffer, ";\r\n", &strptr); ptr; ptr = strtok_r(NULL, ":\r\n", &strptr))
messageAddArgument(m, ptr);
} else if((!inHeader) && lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0)) {
/*
* Starting a new message, throw away all the
* information about the old one
* New message, save the previous message, if any
*/
messageReset(m);
} else
first = FALSE;
if(!first) {
/*
* End of the current message, add it and look
* for the start of the next one
*/
messageClean(m);
if(messageGetBody(m))
if(!insert(m, NULL, 0, NULL, dir, rfc821Table, subtypeTable))
break;
/*
* Starting a new message, throw away all the
* information about the old one
*/
messageReset(m);
} else
first = FALSE;
lastLineWasEmpty = inHeader = TRUE;
#ifdef CL_DEBUG
cli_dbgmsg("Finished processing message\n");
#endif
} else if(inHeader) {
/*
* A blank line signifies the end of the header and
* the start of the text
*/
if((strstrip(buffer) == 0) || (buffer[0] == '\n') || (buffer[0] == '\r')) {
cli_dbgmsg("End of header information\n");
inHeader = FALSE;
} else {
const bool isLastLine = !continuationMarker(buffer);
const char *cmd = strtok_r(buffer, " \t", &strptr);
lastLineWasEmpty = inHeader = TRUE;
cli_dbgmsg("Finished processing message\n");
} else if(inHeader) {
if (cmd && *cmd) {
const char *arg = strtok_r(NULL, "\r\n", &strptr);
cli_dbgmsg("Deal with header %s", buffer);
if(arg)
if(parseMimeHeader(m, cmd, rfc821Table, arg) == CONTENT_TYPE)
inMimeHeader = !isLastLine;
/*
* A blank line signifies the end of the header and
* the start of the text
*/
if((strstrip(buffer) == 0) || (buffer[0] == '\n') || (buffer[0] == '\r')) {
cli_dbgmsg("End of header information\n");
inHeader = FALSE;
} else {
const bool isLastLine = !continuationMarker(buffer);
const char *cmd = strtok_r(buffer, " \t", &strptr);
if (cmd && *cmd) {
const char *arg = strtok_r(NULL, "\r\n", &strptr);
if(arg)
if(parseMimeHeader(m, cmd, rfc821Table, arg) == CONTENT_TYPE)
inMimeHeader = !isLastLine;
}
}
}
} else {
assert(!first);
} else {
assert(!first);
/*cli_dbgmsg("adding line %s", buffer);*/
/*cli_dbgmsg("adding line %s", buffer);*/
lastLineWasEmpty = ((buffer[0] == '\n') || (buffer[0] == '\r'));
lastLineWasEmpty = ((buffer[0] == '\n') || (buffer[0] == '\r'));
/*
* Add this line to the end of the linked list
* of lines. This isn't needed when using
* .forward since the rest of the file *must*
* be the text so a single fread() should
* suffice. Still, it does no harm and is more
* flexible this way
*
* Note that the terminating newline is not
* added
*/
messageAddLine(m, strtok_r(buffer, "\r\n", &strptr));
}
} while(fgets(buffer, sizeof(buffer), fd) != NULL);
} else {
/* !isMbox => single mail message */
bool inHeader = TRUE;
bool inMimeHeader = FALSE;
do {
/*
* Add this line to the end of the linked list
* of lines. This isn't needed when using
* .forward since the rest of the file *must*
* be the text so a single fread() should
* suffice. Still, it does no harm and is more
* flexible this way
*
* Note that the terminating newline is not
* added
* State machine:
* inMimeHeader = handling mime commands over
* more than one line
* inHeader = handling e-mail header
* otherwise = handling e-mail body
*/
messageAddLine(m, strtok_r(buffer, "\r\n", &strptr));
}
/*
* Section B.2 of RFC822 says TAB or SPACE means
* a continuation of the previous entry
*/
if(inHeader && ((buffer[0] == '\t') || (buffer[0] == ' ')))
inMimeHeader = TRUE;
if(inMimeHeader) {
const char *ptr;
assert(inHeader);
if(!continuationMarker(buffer))
inMimeHeader = FALSE; /* no more args */
/*
* Add all the arguments on the line
*/
for(ptr = strtok_r(buffer, ";\r\n", &strptr); ptr; ptr = strtok_r(NULL, ":\r\n", &strptr))
messageAddArgument(m, ptr);
} else if(inHeader) {
cli_dbgmsg("Deal with header %s", buffer);
/*
* A blank line signifies the end of the header and
* the start of the text
*/
if((strstrip(buffer) == 0) || (buffer[0] == '\n') || (buffer[0] == '\r')) {
cli_dbgmsg("End of header information\n");
inHeader = FALSE;
} else {
const bool isLastLine = !continuationMarker(buffer);
const char *cmd = strtok_r(buffer, " \t", &strptr);
if (cmd && *cmd) {
const char *arg = strtok_r(NULL, "\r\n", &strptr);
if(arg)
if(parseMimeHeader(m, cmd, rfc821Table, arg) == CONTENT_TYPE)
inMimeHeader = !isLastLine;
}
}
} else {
/*cli_dbgmsg("adding line %s", buffer);*/
messageAddLine(m, strtok_r(buffer, "\r\n", &strptr));
}
} while(fgets(buffer, sizeof(buffer), fd) != NULL);
}
fclose(fd);
retcode = 0;
/*
* Write out the last entry in the mailbox
*/
if(retcode == 0) {
messageClean(m);
if(messageGetBody(m))
if(!insert(m, NULL, 0, NULL, dir, rfc821Table, subtypeTable))
retcode = -1;
}
messageClean(m);
if(messageGetBody(m))
if(!insert(m, NULL, 0, NULL, dir, rfc821Table, subtypeTable))
retcode = -1;
/*
* Tidy up and quit
@ -341,6 +408,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
char *strptr;
#endif
cli_dbgmsg("Parsing mail file\n");
mimeType = messageGetMimeType(mainMessage);
mimeSubtype = messageGetMimeSubtype(mainMessage);
@ -353,6 +422,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
mimeType = NOMIME;
}
cli_dbgmsg("mimeType = %d\n", mimeType);
switch(mimeType) {
case NOMIME:
aText = textAddMessage(aText, mainMessage);
@ -362,6 +433,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
aText = textCopy(messageGetBody(mainMessage));
break;
case MULTIPART:
assert(mimeSubtype[0] != '\0');
boundary = messageFindArgument(mainMessage, "boundary");
@ -517,6 +589,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
rc = insert(aMessage, blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);
blobArrayDestroy(blobs, nBlobs);
blobs = NULL;
nBlobs = 0;
/*
* Fixed based on an idea from Stephen White <stephen@earth.li>
@ -588,6 +662,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
bool addAttachment = FALSE;
bool addToText = FALSE;
const char *dtype;
text *t;
aMessage = messages[i];
@ -603,14 +678,19 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
switch(messageGetMimeType(aMessage)) {
case APPLICATION:
#if 0
/* strict checking... */
if((strcasecmp(dtype, "attachment") == 0) ||
(strcasecmp(cptr, "x-msdownload") == 0) ||
(strcasecmp(cptr, "octet-stream") == 0) ||
(strcasecmp(dtype, "octet-stream") == 0))
addAttachment = TRUE;
else {
cli_dbgmsg("Discarded application not sent as attachment\n");
cli_dbgmsg("Discarded mixed/application not sent as attachment\n");
continue;
}
#endif
addAttachment = TRUE;
break;
case NOMIME:
@ -659,8 +739,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
*
*/
cli_dbgmsg("Found multipart inside multipart\n");
/*rc = insert(NULL, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);*/
rc = insert(aMessage, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);
t = messageToText(aMessage);
rc = insert(aMessage, blobs, nBlobs, t, dir, rfc821Table, subtypeTable);
textDestroy(t);
mainMessage = aMessage;
continue;
@ -735,6 +816,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
rc = insert(messages[htmltextPart], blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);
blobArrayDestroy(blobs, nBlobs);
blobs = NULL;
nBlobs = 0;
break;
default:
/*
@ -753,6 +836,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
if(blobs && (blobsIn == NULL))
puts("arraydestroy");
if(aText && (textIn == NULL))
textDestroy(aText);
return rc;
case MESSAGE:
@ -765,15 +851,16 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
case BINARY:
break;
default:
cli_warnmsg("MIME type 'message' can not be decoded\n");
cli_warnmsg("MIME type 'message' cannot be decoded\n");
break;
}
if(strcasecmp(mimeSubtype, "rfc822") == 0) {
if((strcasecmp(mimeSubtype, "rfc822") == 0) ||
(strcasecmp(mimeSubtype, "delivery-status") == 0)) {
/*
* TODO: Tidy this up, it's just a duplicate
* of the cl_mbox code....
*/
const text *t = messageToText(mainMessage);
text *t = messageToText(mainMessage);
bool inHeader = TRUE;
bool inMimeHeader = FALSE;
message *m;
@ -837,21 +924,11 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
}
}
} else
/*
* Add this line to the end of the linked list
* of lines. This isn't needed when using
* .forward since the rest of the file *must*
* be the text so a single fread() should
* suffice. Still, it does no harm and is more
* flexible this way
*
* Note that the terminating newline is not
* added
*/
messageAddLine(m, strtok_r(buffer, "\r\n", &strptr));
free(buffer);
} while((t = t->t_next) != NULL);
textDestroy(t);
messageClean(m);
if(messageGetBody(m))
rc = insert(m, NULL, 0, NULL, dir, rfc821Table, subtypeTable);
@ -890,7 +967,14 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
*/
if(blobs == NULL)
blobs = blobList;
blobs[nBlobs++] = aBlob;
for(i = 0; i < nBlobs; i++)
if(blobs[i] == NULL)
break;
blobs[i] = aBlob;
if(i == nBlobs) {
nBlobs++;
assert(nBlobs < MAX_ATTACHMENTS);
}
}
} else
cli_warnmsg("Discarded application not sent as attachment\n");
@ -989,11 +1073,12 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
for(attachmentNumber = 0; attachmentNumber < nBlobs; attachmentNumber++) {
blob *b = blobs[attachmentNumber];
assert(b != NULL);
if(!saveFile(b, dir))
break;
blobDestroy(b);
if(b) {
if(!saveFile(b, dir))
break;
blobDestroy(b);
blobs[attachmentNumber] = NULL;
}
}
}
@ -1001,8 +1086,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
textDestroy(aText);
/* Already done */
/*if(blobs && (blobsIn == NULL))
blobArrayDestroy(blobs, nBlobs);*/
if(blobs && (blobsIn == NULL))
blobArrayDestroy(blobs, nBlobs);
cli_dbgmsg("insert() returning 1\n");
@ -1049,9 +1134,9 @@ endOfMessage(const char *line, const char *boundary)
return 0;
if(*line++ != '-')
return 0;
if(strncasecmp(line, boundary, strlen(boundary)) != 0)
return 0;
len = strlen(boundary);
if(strncasecmp(line, boundary, len) != 0)
return 0;
if(strlen(line) != (len + 2))
return 0;
line = &line[len];
@ -1216,7 +1301,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
char *strptr;
#endif
char *copy = strdup(arg);
char *ptr = copy;
cli_dbgmsg("parseMimeHeader: cmd='%s', arg='%s'\n", cmd, arg);
@ -1265,7 +1350,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
messageSetDispositionType(m, strtok_r(copy, ";", &strptr));
messageAddArgument(m, strtok_r(NULL, "\r\n", &strptr));
}
free(copy);
free(ptr);
return type;
}
@ -1277,10 +1362,10 @@ saveFile(const blob *b, const char *dir)
int fd;
const char *cptr, *suffix;
#ifdef NAME_MAX /* e.g. Linux */
char filename[NAME_MAX + 1];
char filename[NAME_MAX + 6 + 1];
#else
#ifdef MAXNAMELEN /* e.g. Solaris */
char filename[MAXNAMELEN + 1];
char filename[MAXNAMELEN + 6 + 1];
#endif
#endif
@ -1320,7 +1405,7 @@ saveFile(const blob *b, const char *dir)
fd = mkstemp(filename);
#else
(void)mktemp(filename);
fd = open(filename, O_WRONLY|O_CREAT|O_EXCL, 0600);
fd = open(filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
#endif
if(fd < 0) {
@ -1329,10 +1414,12 @@ saveFile(const blob *b, const char *dir)
}
/*
* Add the suffix back to the end of the filename. Sigh.
* Add the suffix back to the end of the filename. Tut-tut, filenames
* should be independant of their usage on UNIX type systems.
*/
if(strlen(suffix) > 1) {
char *stub = strdup(filename);
strcat(filename, suffix);
link(stub, filename);
unlink(stub);
@ -1340,37 +1427,8 @@ saveFile(const blob *b, const char *dir)
}
write(fd, blobGetData(b), (size_t)nbytes);
close(fd);
cli_dbgmsg("Attachment saved as %s (%ul bytes long)\n",
cli_dbgmsg("Attachment saved as %s (%lu bytes long)\n",
filename, nbytes);
return TRUE;
}
static bool
newMessageStart(const char *buf)
{
if(strncmp(buf, "From ", 5) == 0)
return TRUE;
/*
* Do NOT enable this code, it gets confused by RFC822 messages
* enapsulated in other messages e.g.
*
* ....
* --NAB47372.960554223/xxx
* Content-Type: message/rfc822
*
* Return-Path: MAILER-DAEMON
* ....
*/
#if 0
if(strncmp(buf, "Return-Path: ", 13) == 0)
return TRUE;
if(strncmp(buf, "Received: ", 10) == 0)
return TRUE;
#endif
return FALSE;
return (close(fd) >= 0);
}

6
clamav-devel/libclamav/md5.h
Unescape View File

@ -87,13 +87,17 @@ struct md5_ctx
md5_uint32 total[2];
md5_uint32 buflen;
#ifdef C_DARWIN
#ifndef __attribute__
char buffer[128];
#else
char buffer[128] __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
#endif
};
#ifndef __attribute__
#define __alignof__(a) sizeof(a)
#endif
/*
* The following three functions are build up the low level used in
* the functions `md5_stream' and `md5_buffer'.

39
clamav-devel/libclamav/message.c
Unescape View File

@ -17,7 +17,7 @@
*/
#ifndef CL_DEBUG
#define NDEBUG /* map CLAMAV debug onto standard */
/*#define NDEBUG /* map CLAMAV debug onto standard */
#endif
#ifdef CL_THREAD_SAFE
@ -131,11 +131,8 @@ messageReset(message *m)
if(m->mimeDispositionType)
free(m->mimeDispositionType);
for(i = 0; i < MAXARGS; i++)
if(m->mimeArguments[i])
free(m->mimeArguments[i]);
else
break;
for(i = 0; i < m->numberOfArguments; i++)
free(m->mimeArguments[i]);
if(m->body_first)
textDestroy(m->body_first);
@ -238,17 +235,18 @@ messageAddArgument(message *m, const char *arg)
/* Empty argument? Probably a broken mail client... */
return;
#ifdef CL_DEBUG
cli_dbgmsg("Add argument '%s'\n", arg);
#endif
for(offset = 0; offset < MAXARGS; offset++)
for(offset = 0; offset < m->numberOfArguments; offset++)
if(m->mimeArguments[offset] == NULL)
break;
else if(strcasecmp(arg, m->mimeArguments[offset]) == 0)
return; /* already in there */
assert(offset < MAXARGS);
if(offset == m->numberOfArguments) {
m->numberOfArguments++;
m->mimeArguments = (char **)realloc(m->mimeArguments, m->numberOfArguments * sizeof(char *));
}
m->mimeArguments[offset] = strdup(arg);
}
@ -388,7 +386,7 @@ messageGetArgument(const message *m, int arg)
{
assert(m != NULL);
assert(arg >= 0);
assert(arg < MAXARGS);
assert(arg < m->numberOfArguments);
return((m->mimeArguments[arg]) ? m->mimeArguments[arg] : "");
}
@ -405,7 +403,7 @@ messageFindArgument(const message *m, const char *variable)
assert(m != NULL);
assert(variable != NULL);
for(i = 0; i < MAXARGS; i++) {
for(i = 0; i < m->numberOfArguments; i++) {
const char *ptr;
size_t len;
@ -450,7 +448,7 @@ messageSetEncoding(message *m, const char *enctype)
return;
}
cli_warnmsg("Unknown encoding type \"%s\"", enctype);
cli_warnmsg("Unknown encoding type \"%s\"\n", enctype);
}
encoding_type
@ -560,7 +558,7 @@ messageToBlob(const message *m)
filename = strtok_r(NULL, "\r\n", &strptr);
if(filename == NULL) {
cli_warnmsg("Attachment sent with no filename\n");
cli_dbgmsg("UUencoded attachment sent with no filename\n");
blobDestroy(b);
free(copy);
return NULL;
@ -580,7 +578,7 @@ messageToBlob(const message *m)
filename = messageFindArgument(m, "name");
if(filename == NULL) {
cli_warnmsg("Attachment sent with no filename\n");
cli_dbgmsg("Attachment sent with no filename\n");
blobDestroy(b);
return NULL;
}
@ -621,7 +619,8 @@ messageToBlob(const message *m)
break;
uptr = decodeLine(m, line, data);
assert(uptr != NULL);
if(uptr == NULL)
break;
assert(uptr <= &data[sizeof(data)]);
@ -672,7 +671,8 @@ messageToText(const message *m)
uptr = decodeLine(m, line, data);
assert(uptr != NULL);
if(uptr == NULL)
break;
assert(uptr <= &data[sizeof(data)]);
@ -711,6 +711,7 @@ decodeLine(const message *m, const char *line, unsigned char *ptr)
switch(messageGetEncoding(m)) {
case NOENCODING:
case EIGHTBIT:
default: /* unknown encoding type - try our best */
ptr = (unsigned char *)strrcpy((char *)ptr, line);
/* Put the new line back in */
return (unsigned char *)strrcpy((char *)ptr, "\n");
@ -771,9 +772,6 @@ decodeLine(const message *m, const char *line, unsigned char *ptr)
* TODO: find out what this is, encoded as binary??
*/
break;
default:
assert(0);
}
*ptr = '\0';
@ -890,4 +888,3 @@ uudecode(char c)
{
return(c - ' ');
}

5
clamav-devel/libclamav/message.h
Unescape View File

@ -19,13 +19,12 @@
#ifndef _MESSAGE_H
#define _MESSAGE_H
#define MAXARGS 5 /* maximum number of arguments to a mime content-type */
typedef struct message {
mime_type mimeType;
encoding_type encodingType;
char *mimeSubtype;
char *mimeArguments[MAXARGS];
int numberOfArguments; /* count of mimeArguments */
char **mimeArguments;
char *mimeDispositionType; /* probably attachment */
text *body_first, *body_last;
} message;

15
clamav-devel/libclamav/others.c
Unescape View File

@ -84,7 +84,7 @@ void cl_debug(void)
cli_debug_flag = 1;
}
char *cl_perror(int clerror)
char *cl_strerror(int clerror)
{
switch(clerror) {
case CL_CLEAN:
@ -126,6 +126,11 @@ char *cl_perror(int clerror)
}
}
char *cl_perror(int clerror)
{
return cl_strerror(clerror);
}
char *cl_md5file(const char *filename)
{
FILE *fd;
@ -197,8 +202,9 @@ void *cli_calloc(size_t nmemb, size_t size)
#ifndef C_URANDOM
/* it's very weak */
#include <sys/time.h>
unsigned int cli_rndnum(unsigned int max)
unsigned int cl_rndnum(unsigned int max)
{
struct timeval tv;
@ -210,7 +216,7 @@ unsigned int cli_rndnum(unsigned int max)
#else
int cli_rndnum(unsigned int max)
unsigned int cl_rndnum(unsigned int max)
{
static FILE *fd = NULL;
unsigned int generated;
@ -264,7 +270,7 @@ char *cli_gentemp(const char *dir)
do {
for(i = 0; i < 32; i++)
salt[i] = cli_rndnum(255);
salt[i] = cl_rndnum(255);
tmp = cl_md5buff(salt, 32);
strncat(name, tmp, 16);
@ -298,6 +304,7 @@ int cli_rmdirs(const char *dirname)
if(errno == EACCES) {
cli_errmsg("Can't remove some temporary directories due to access problem.\n");
closedir(dd);
free(fname);
return 0;
}
cli_rmdirs(fname);

15
clamav-devel/libclamav/scanners.c
Unescape View File

@ -50,12 +50,13 @@ int cli_scanrar_inuse = 0;
#define SCAN_ARCHIVE (options & CL_ARCHIVE)
#define SCAN_MAIL (options & CL_MAIL)
#define MAGIC_BUFFER_SIZE 10
#define MAGIC_BUFFER_SIZE 13
#define RAR_MAGIC_STR "Rar!"
#define ZIP_MAGIC_STR "PK\003\004"
#define GZIP_MAGIC_STR "\037\213"
#define MAIL_MAGIC_STR "From "
#define RAWMAIL_MAGIC_STR "Received: "
#define MAILDIR_MAGIC_STR "Return-Path: "
#define BZIP_MAGIC_STR "BZh"
@ -234,13 +235,14 @@ int cli_scanzip(int desc, char **virname, long int *scanned, const struct cl_nod
ZZIP_FILE *zfp;
FILE *tmp;
char buff[BUFFSIZE];
int fd, bytes, files = 0, ret = CL_CLEAN;
int fd, bytes, files = 0, ret = CL_CLEAN, err;
cli_dbgmsg("Starting scanzip()\n");
if((zdir = zzip_dir_fdopen(dup(desc), 0)) == NULL) {
cli_dbgmsg("Zip -> Not supported file format.\n");
if((zdir = zzip_dir_fdopen(dup(desc), &err)) == NULL) {
cli_dbgmsg("Zip -> Not supported file format ?.\n");
cli_dbgmsg("zzip_dir_fdopen() return code: %d\n", err);
return CL_EZIP;
}
@ -634,12 +636,15 @@ int cli_magic_scandesc(int desc, char **virname, long int *scanned, const struct
lseek(desc, 0, SEEK_SET);
if(!strncmp(magic, MAIL_MAGIC_STR, strlen(MAIL_MAGIC_STR))) {
cli_dbgmsg("Recognized mail file.\n");
cli_dbgmsg("Recognized Mbox mail file.\n");
ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);
}
else if(!strncmp(magic, RAWMAIL_MAGIC_STR, strlen(RAWMAIL_MAGIC_STR))) {
cli_dbgmsg("Recognized raw mail file.\n");
ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);
} else if(!strncmp(magic, MAILDIR_MAGIC_STR, strlen(MAILDIR_MAGIC_STR))) {
cli_dbgmsg("Recognized Maildir mail file.\n");
ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);
}
lseek(desc, 0, SEEK_SET);

2
clamav-devel/mkinstalldirs
Unescape View File

@ -4,7 +4,7 @@
# Created: 1993-05-16
# Public domain
# $Id: mkinstalldirs,v 1.4 2003/08/06 03:05:51 kojm Exp $
# $Id: mkinstalldirs,v 1.5 2003/08/29 14:27:14 kojm Exp $
errstatus=0
dirmode=""

28
clamav-devel/sigtool/sigtool.c
Unescape View File

@ -1,3 +1,5 @@
/* THIS CODE REALLY SUCKS */
/*
* Copyright (C) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>
*
@ -163,7 +165,7 @@ void sigtool(struct optstruct *opt)
}
} else {
int jmp, start, end, found = 0, exec = 0, pos, filesize;
int jmp, lastjmp, start, end, found = 0, exec = 0, pos, filesize;
char *c, *s, *f, *tmp, *signame, *bsigname, *f2;
FILE *fd, *wd;
@ -215,7 +217,7 @@ void sigtool(struct optstruct *opt)
unlink(tmp);
free(tmp);
//mprintf("Starting precise loop\n");
while(end < filesize) {
while(end <= filesize) {
tmp = cut(f, 0, end);
exec++;
if(scanfile(c, s, tmp) == 1) {
@ -232,6 +234,7 @@ void sigtool(struct optstruct *opt)
}
end++;
}
if(found) break;
}
if(jmp)
@ -247,10 +250,9 @@ void sigtool(struct optstruct *opt)
}
// zamazuj 1 bajt ruszajac do tylu i sprawdzaj czy wykrywa dalej wirusa
// - znajdz pierwsyz bajt, po ktorego zamazaniu wirus nie jest wykrywany
/* now we go backward as long as signature can be detected */
/* now we go backward until the signature can't be detected */
found = 0;
jmp = 50;
pos = end - jmp;
@ -268,7 +270,7 @@ void sigtool(struct optstruct *opt)
} else {
mprintf("Detected at %d, moving forward.\n", pos);
if(jmp == 1) {
if(jmp == 1 && lastjmp == 1) {
unlink(tmp);
free(tmp);
//mprintf("Starting precise loop\n");
@ -276,20 +278,22 @@ void sigtool(struct optstruct *opt)
tmp = change(f2, pos);
exec++;
if(scanfile(c, s, tmp) == 1) {
mprintf(" *** Found signature's start at %d\n", pos);
unlink(tmp);
free(tmp);
found = 1;
break;
mprintf("Moving forward %d -> %d\n", pos, pos + 1);
pos++;
} else {
mprintf(" *** Found signature's start at %d\n", pos);
unlink(tmp);
free(tmp);
mprintf("Moving forward %d -> %d\n", pos, pos + 1);
found = 1;
break;
}
pos++;
}
if(found) break;
}
lastjmp = jmp;
if(jmp)
jmp--;
jmp = jmp/2 + 1; //??????????????
@ -312,7 +316,7 @@ void sigtool(struct optstruct *opt)
mprintf("The signature length is %d, so the length of the hex string should be %d\n", end - pos, 2 * (end - pos));
if(end - pos < 8) {
mprintf("\nWARNING: THE SIGNATURE IS TO SMALL (PROBABLY ONLY A PART OF THE REAL SIGNATURE).\n");
mprintf("\nWARNING: THE SIGNATURE IS TO SMALL (PROBABLY ONLY A PART OF A REAL SIGNATURE).\n");
mprintf(" PLEASE DON'T USE IT.\n\n");
}

Write Preview
Loading…
Cancel
Save