open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

General CVS update

Browse Source 
git-svn: trunk@15
remotes/push_mirror/metadata
Tomasz Kojm 22 years ago
parent b459f975b5
commit d4d142187b
17 changed files with 218 additions and 105 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      clamav-devel/ChangeLog
  2. 4
      clamav-devel/acinclude.m4
  3. 4
      clamav-devel/aclocal.m4
  4. 6
      clamav-devel/clamscan/clamscan.c
  5. 1
      clamav-devel/clamscan/options.c
  6. 2
      clamav-devel/configure
  7. 2
      clamav-devel/configure.in
  8. 24
      clamav-devel/database/viruses.db2
  9. 2
      clamav-devel/docs/FreeBSD-HowTo/qmail-scanner-how-to.html
  10. 11
      clamav-devel/freshclam/manager.c
  11. 6
      clamav-devel/libclamav/clamav.h
  12. 211
      clamav-devel/libclamav/mbox.c
  13. 23
      clamav-devel/libclamav/others.c
  14. 6
      clamav-devel/libclamav/scanners.c
  15. 7
      clamav-devel/libclamav/text.c
  16. 2
      clamav-devel/mkinstalldirs
  17. 2
      clamav-devel/sigtool/sigtool.c

10
clamav-devel/ChangeLog
Unescape View File

@ -1,3 +1,13 @@
Sat Jul 26 17:11:46 CEST 2003
-----------------------------
* libclamav: updated mbox code (Nigel)
Thu Jul 24 13:29:39 CEST 2003
-----------------------------
* libclamav: mbox: fixed detection of the Gibe virus (bug reported
by Rene Bellora); support for log file names (problem
reported by Tomasz Papszun)
Sun Jul 20 23:43:38 CEST 2003
-----------------------------
* libclamav: mbox: improved scanning of uuencoded files and other

4
clamav-devel/acinclude.m4
Unescape View File

@ -68,7 +68,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created
dnl (the prefix is a bit different, since we add an extra -target- and -host-)
dnl
dnl @version: $Id: acinclude.m4,v 1.1 2003/07/29 15:40:20 nervoso Exp $
dnl @version: $Id: acinclude.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often
AC_DEFUN([AC_CREATE_TARGET_H],
@ -4110,7 +4110,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers)
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers)
dnl
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu>
dnl @version $Id: acinclude.m4,v 1.1 2003/07/29 15:40:20 nervoso Exp $
dnl @version $Id: acinclude.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $
dnl
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF],
[changequote(<<, >>)dnl

4
clamav-devel/aclocal.m4 vendored
Unescape View File

@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created
dnl (the prefix is a bit different, since we add an extra -target- and -host-)
dnl
dnl @version: $Id: aclocal.m4,v 1.1 2003/07/29 15:37:09 nervoso Exp $
dnl @version: $Id: aclocal.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often
AC_DEFUN([AC_CREATE_TARGET_H],
@ -4041,7 +4041,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers)
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers)
dnl
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu>
dnl @version $Id: aclocal.m4,v 1.1 2003/07/29 15:37:09 nervoso Exp $
dnl @version $Id: aclocal.m4,v 1.2 2003/08/02 22:37:52 kojm Exp $
dnl
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF],
[changequote(<<, >>)dnl

6
clamav-devel/clamscan/clamscan.c
Unescape View File

@ -62,6 +62,9 @@ void clamscan(struct optstruct *opt)
if(optl(opt, "stdout")) mprintf_stdout = 1;
else mprintf_stdout = 0;
if(optl(opt, "debug"))
cl_debug();
if(optc(opt, 'V')) {
mprintf("clamscan / ClamAV version "VERSION"\n");
mexit(0);
@ -168,11 +171,12 @@ void help(void)
mprintf("\n");
mprintf(" Clam AntiVirus Scanner "VERSION"\n");
mprintf(" (c) 2002 Tomasz Kojm <zolw@konarski.edu.pl>\n");
mprintf(" (c) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>\n");
mprintf(" \n");
mprintf(" --help -h Show help\n");
mprintf(" --version -V Print version number and exit\n");
mprintf(" --verbose -v Be verbose\n");
mprintf(" --debug Enable debug messages\n");
mprintf(" --quiet Be quiet, output only error messages\n");
mprintf(" --stdout Write to stdout instead of stderr\n");
mprintf(" (this help is always written to stdout)\n");

1
clamav-devel/clamscan/options.c
Unescape View File

@ -47,6 +47,7 @@ int main(int argc, char **argv)
{"help", 0, 0, 'h'},
{"quiet", 0, 0, 0},
{"verbose", 0, 0, 'v'},
{"debug", 0, 0, 0},
{"version", 0, 0, 'V'},
{"tempdir", 1, 0, 0},
{"database", 1, 0, 'd'},

2
clamav-devel/configure vendored
Unescape View File

@ -1901,7 +1901,7 @@ fi
# Define the identity of the package.
PACKAGE=clamav
VERSION=20030720
VERSION=cvs
cat >>confdefs.h <<_ACEOF

2
clamav-devel/configure.in
Unescape View File

@ -19,7 +19,7 @@ AC_INIT(clamscan/clamscan.c)
AC_CREATE_TARGET_H(target.h)
AC_CANONICAL_SYSTEM
AM_INIT_AUTOMAKE(clamav, 20030720)
AM_INIT_AUTOMAKE(clamav, cvs)
dnl AM_INIT_AUTOMAKE(clamav, `date +%Y%m%d`)
LC_CURRENT=1
LC_REVISION=3

24
clamav-devel/database/viruses.db2
Unescape View File

@ -1,3 +1,4 @@
Trojan.Download-DK (Clam)=426f644852774f6938764e6a51754d6a51324c6a55324c6a63300d0a4c33356a59584a686232746c4c32747a6343356c6547554162584e6f5a5867755a58686c414752736241417541473176626742310d0a636d7741515142476157786c4146527641455276643235736232466b4146565354
Js.Exception.Gen (Clam)=73657454696d656f757428277b73657428293b7d272c31303030293b0a766172204d657373616765203d20224675636b20596f75223b
JS.FortNight.M (Clam)=653d4a5363726970742e456e636f64653e23407e5e6d51454141413d3d5b4b6d3b732b0959525344624f2b5e78634a4021716f5d7a48322c
JS/Fortnight.B.1 (Clam)=2c416b3959747b547e747f6b54744f27547e55492f2745345944776c264a68684154634532526b557f5920092b3d2646794740243973522131397d7f2a097820265a2a53776621556f317355665a622b4b2a4a477330214f4272716309427926212a4a7766543f7731773f395a62794b636466752b3275632b5d572c59587a
@ -50,7 +51,7 @@ Trojan.IRC-Bot.gen (Clam)=494e5649444941aec1a17742*41844e534849454c4400*73094ce2
Trojan.IRC-Sdbot (Clam)=773030742e616469676974616c2e6e6574ffff416e6b0b1a4432340023c5f1ee6debadadafc7d44e848dbdff8a4f4c45bf2e326b321e3e323ffb652b6c36006d736f66807eff057b6578658f034d6963726f1700a74096e5a97205a710db0bbf882525636f5f7065630820bff0b6fb2f632025730200400e686f205c660d0a3a735bf8b7
Trojan.Bionet.313 (Clam)=8366cf9034d82e01109c82743e4fbc22eeff0942696f4e6574636667bf062cf802ce4ce19214da41b59f01bd300eb926f3a5a460933c305ecf8544cecab9fcefe2fb10002bba78d51c48c94cc1742026e5864c4dd149e16c6536782dbf85c4868d27a2245e250b4ebcff2524424e3230494424135e3c6826803537531c2046f0
Trojan.Sub7-V21.srv (Clam)=615408086921f29001000c9434573bfdf60c0c2d7828ea06435569657902c0955ced10521992e61d30728414140430b5c354fa4964492e64e9f6181805e4f292153ea86f34708c706ab2d42e7e1efc17449496be487348279b008fe47248187ad606d07c65b35c2e687fe08c50e473b6592e9b8444743875
Worm.Fakerr.a (Clam)=09000b48006b496c4c6552675561546520312e30332c2049206d416b6520546849732076497255732042654361557345204920644f6e27542068417645204e6f5468496e4720744f20644f2121
Worm.Gruel.A (Clam)=09000b48006b496c4c6552675561546520312e30332c2049206d416b6520546849732076497255732042654361557345204920644f6e27542068417645204e6f5468496e4720744f20644f2121
Trojan.Webber.A (Clam)=c3005589e551505356578b750c8365f8008365fc00eb4f31db89dfeb368b45fc01f88b55080fbe04020fbe143e39d075014389f183c8ff40803c010075f939c37510ff45f88b45103945f875058b45fceb2d4789f183c8ff40803c010075f939c772baff45fc8b450889c183c8ff40803c010075f93945fc72
Troj/IGMPNuke (Clam)=2bc266dabdc059d785f030ed9b76751bb9bfc093edf2f10d751ec8240f751f496e6105fe75eceb398ac1045a1f10e91b9b7b200621ea318d4c130303abb9ed76c607d0803fccf7b8c788c2aced60075ed288f6d0ec87ffd77306f0be9bd97dfa9bdbe2d98e68adbfe14ed9ee9d84868a3e
Troj/EliteWrap.103 (Clam)=636a010072199a380a00c40404006c6f61640000636a000072197d31960072197d318c007219ea6710009d190c009d1908009d1904009d190000a76204009800726a02000000522d9a004b49b1679a380e000c05080057696e4c6f6733320000636a020072199a380c00240506004c6f
@ -152,3 +153,24 @@ Troj/FDoS-ICQRevenge (Clam)=01000904000078010000000000007f9036350000000000000100
Troj/SendFake-A (Clam)=ff50e80603000083c40c8d8524feffff50e89bfbffff83c404908d8524feffff50683c134000e8c6fbffff83c4088d8524feffff50e89b02000083c40489c085c07518a1ac20400050e87702000083c4046a01e8a502000083c40468621340008d8524feffff50e8b102000083c40889c0898520fdffff83bd20fdffff0075178d8524feffff506865134000e85402000083c408eb03
Troj/DDoS-Snoofer (Clam)=f0d38d45b05121d78d55d0edf003f1f5106aff006a408b0656ff9058122233219e21154cf4f20ca922bbeb0949121c0700a7f0fc2e047268474f580034262d3626fee02155b08d45c08d4de3d0523520bb27890410ff5290930da30aac0dbc0c28cc0ddc0320eee30ddb68f835116a0f562e08f6ff92640d19e81a10b4f026d52015b4bf232af0acdcf2b613f7f868e845f0578b07ff
Troj/DDoS-Snoofer.b (Clam)=ec83ec0c684611400064a100000000506489250000000083ec2853568b7508578bc683e6fe8965f483e0018b0ec745f820104000568945fc897508ff51048b1633db68f8304000536a0f56895de8895de4895dd4ff92640300008b3d74a14000508d45e850ffd78d4dd45051ff15b4a1400083c41050ff15aca140008d55e45052ffd78bf868e8304000578b07ff
Trojan.Yabinder (Clam)=14c962836612134420315598be5551f0897704b8a330cfaeff0f41a408f3c7ba476a40cc89470c51011e42b42b3949b48858fcf54e280e2c5737cdc7df4023c55d7b11536563686f204e6897f86f66660d0a857279057b6a3ce4370168c8a44f807e8ad442b574150cbdf6510305bf64059188193b4c4dd41247553481162c
Pieck (Clam)=eb0e00fe000000000000000000000000be0c00fa2e89a40b082e8c940d088cc88ed0bc6018fb561e06b8ffffbb7203cd213d72
Trojan.SMS-Bomber (Clam)=5f534d535f426f6d620000000000ffcc31002fc38be28b583ad411a5a900606737252fc48be28b583ad411a5a900606737252f3a4fad339966cf11b70c00aa0060
W97M.Coldape.A (Clam)=4e69636b2022546865204c6f7665204d6f6e6b657922205669727573205061636b61676520627920414c542d463420616e6420414c542d46313120666f722074686520416c7465726e6174697665205669727573204d61666961ce00000000000000a40001001e00ca00ae00020027a5ce00ae000400446f6e65ae000000ae004100484b45595f43555252454e545f555345525c536f6674776172655c564220616e64205642412050726f6772616d2053657474696e67735c4f66666963655c382e3000ae00070041564d2d5642530020
Worm.Lovgate.B (Clam)=0e70bad803bf2c5ca6ea5bcd856cd39fec1d480a7a1bcead158efee92dd12a10c3b72e9d6249a633c804737d2f31ee75ccfc42f46cfbf1028316799a00a98c07a38f916f21caca64eb1bf1abcda9e8649e3b632c56862fa65364522afc8aed05a1f0508026e1ed18119787f699ccce95eaeba3dc0bbb8bb0d3c91d8aba1945
Trojan.BombXP.2.0.0.0rev0.1c (Clam)=736d73626f6d620000000000ffcc3100056f95bbe7724adf4babd30f9f2868e854aa1b68b1730da449b4aedaf375a9409c3a4fad339966cf11b70c00aa0060d3
Trojan.Qwak (Clam)=207061737377292e2e2e00496e76616c6964204469616c6563742e2e2e00004e6f207265706c792066726f6d206469616c65637420726571756573742e2e2e0000000053656e64696e67206469616c656374206e65676f74696174652e2e2e0000000043616c6c6564206e616d65206e6f7420666f756e64202857726f6e67
Joke.Boredom.A (Clam)=065557696e646f777320686173206465746563746564207468617420796f75206d6179207375666665722066726f6d20686176696e67206120736d616c6c2070656e69732e20204973207468697320636f72726563743f08576f72645772617009000007
Trojan.Prosiak.E (Clam)=24c3546561a5391094a86134f15369cf2ba872341005d6c5fa3c444c14696d6534e359f73e256f77696842d0759924090c46ffd068732369616041717561ade02744d8a9100b0c53e7210492b442130a
Trojan.Prosiak.G (Clam)=48c64a57e1aa3001da8ff812feff81db6d61696c2e6c75626c696e2e706cef39a26ac2b77ad90192
Worm.Romeo (Clam)=c7ad193b3990f4a8100cd6f1c6e5895c895b6f1beb3acf4308d22dd4d1137e5ae32c373ce7edc1e07c0d250c1c843217a15c358381bd1d052d1709dbecb30a607e
Worm.MyLife.B (Clam)=01cfffffef216e740d0a526550726f6a65637431000d0a466f722069ff433664cbcc314338440f3a0fc0feff4fad339966cf11b70c00aa0060d393e4b104bfdbde6c0382000500666c6d74010300636172e4b6fbdb00199042002204233e1c6c74a536046e3956f8020020043ae8022607
Trojan.Dropper.B (Clam)=4d494d452d56657273696f6e3a20312e300d436f6e74656e742d4c6f636174696f6e3a46696c653a2f2f666f6f2e6578650d436f6e74656e742d5472616e736665722d456e636f64696e673a2062696e6172790d0d4d5a90000300000004000000ffff00
Exploit.ObjCodebase.Calc (Clam)=0909093c6f626a6563742077696474683d30206865696768743d302069643d226f46696c652220636c61737369643d22636c7369643a31313131313131312d313131312d313131312d313131312d3131313131313131313131312220636f6465626173653d22633a2f77696e6e742f73797374656d33322f63616c632e657865223e3c2f6f626a6563743e
Exploit.ObjCodebase.Calc.Mail (Clam)=636f6465626173653d334422633a2f77696e6e742f73797374656d33322f63616c632e657865223e3c2f6f626a6563743e
Trojan.Prorat.10.B (Clam)=3a767a2d546f5804124a8071e6f4839dfdd5218f5e15e6e55ee0b6ded352a97f8e40ca19565ca844410a44661fcea88df445f9e561acb83b60a20754d3c536d5478b0575aa0d51d901cb111eb3b4644fabf8ef406fbb15c5738f1ff71635acb07d2fb1e8d9df1650e7dee835606dd80ba47f96b9e3e8eaef7c3038ae203d4205f11423bb5a4740
Trojan.Dropper.C (Clam)=3c5343524950540866756e6374a76effffdffa206d616c77ab652829
Trojan.Delf.BZ (Clam)=14e97b00f7ffb8807b4900e82d09f7ffe8c803f7ffa1d06549008b00e804a4fbff833d7c7b490000740ba17c7b490050e8f03bf7ff33c05a595964891068b1324900c3e9ed02f7ffebf85f5e5be81307f7ff00000069736e736572766572000000ffffffff16000000687474703a2f2f7777772e697370796e6f772e636f6d
Troj/SunOS.RootKit #2 (Clam)=6e222c206765747569642829293b0d0a7d0d0a5f454f465f0d0a6363202d6f20757372207573722e630d0a63686d6f6420373030207573720d0a4946533d222f220d0a6578706f7274204946530d0a2f7573722f6f70656e77696e2f62696e2f66662e636f7265203020302030203020300d0a2366666320302030206664302f66643020310d0a726d202d6620757372207573722e63
V2PX.1200 (Clam)=e701b9fa326f385b389954b810d76f2198da1a7867124f387b18b9749801bb84326f387b18b974782b5bb17859d380e0580f9579d116a0b16ec28c07813b38b3eeb9faa838f5196a0a251b186d15a01a5aa11818a21818f5194b3bd1e2386bb3f069153b38b1bccc58d999f95cd3a6d9b7e95ad155ec7475998b6931ee48504eb833fe489d47b89d119c11de7011
V2P6.1993 (Clam)=303635a13de5b23e58ee096990e5308e40e469405e296fe428b9884fde4e884e3635a13e3fde65884e856e8a4e856e64ae1a61e48ede4ed7666ebe821d6c884e8c963736adf286b491703ed66e6e3e71e5288243d46e94cd626ee5288243fc6ecd6a6e6036cd686ecd606e953671f3adf2703ed66e6e3e71e528b294cd626ee528b6cd6a6ee528b4cd686ee528b0cd606e953671f3ad

2
clamav-devel/docs/FreeBSD-HowTo/qmail-scanner-how-to.html
Unescape View File

@ -31,7 +31,7 @@
<p class="COPYRIGHT">Copyright &copy; 2002 by Paul Hoadley and
Eric Parsonage</p>
<p class="PUBDATE">$Date: 2003/07/29 15:42:40 $<br>
<p class="PUBDATE">$Date: 2003/08/02 22:37:52 $<br>
</p>
<div>

11
clamav-devel/freshclam/manager.c
Unescape View File

@ -57,10 +57,9 @@ int downloadmanager(const struct optstruct *opt, const char *hostname)
mprintf("Checking for a new database - started at %s", ctime(&currtime));
/* first thing we want, is a local file md5 checksum */
/* first thing we want is a local file md5 checksum */
if(fileinfo(DB1NAME, 1) == -1) {
/* there is no database, so we just download new one */
/* there is no database, so we just download a new one */
nodb = 1;
mprintf(DB1NAME" not found in the data directory.\n");
} else {
@ -70,9 +69,7 @@ int downloadmanager(const struct optstruct *opt, const char *hostname)
}
}
/* second database */
if(fileinfo(DB2NAME, 1) == -1) {
/* there is no database, so we just download new one */
nodb2 = 1;
mprintf(DB2NAME" not found in the data directory.\n");
} else {
@ -82,10 +79,6 @@ int downloadmanager(const struct optstruct *opt, const char *hostname)
}
}
/*
* Ok, we have local file md5 checksum, now we download md5sum of current
* database from Internet.
*/
if(optl(opt, "proxy-user")) {
user = getargl(opt, "proxy-user");

6
clamav-devel/libclamav/clamav.h
Unescape View File

@ -75,7 +75,7 @@ struct cl_node {
struct patt *list;
struct cl_node *trans[CL_NUM_CHILDS], *fail;
/* FIXME: these variables are only used in the root node */
/* FIXME: these variables are only used in a root node */
unsigned int maxpatlen, partsigs;
unsigned int nodes;
struct cl_node **nodetable;
@ -106,11 +106,13 @@ extern int cl_loaddb(const char *filename, struct cl_node **root, int *virnum);
extern int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum);
extern char *cl_retdbdir(void);
/* datadir stat functions */
/* data dir stat functions */
extern int cl_statinidir(const char *dirname, struct cl_stat *dbstat);
extern int cl_statchkdir(const struct cl_stat *dbstat);
extern int cl_statfree(struct cl_stat *dbstat);
/* enable debug information */
extern void cl_debug(void);
/* build a trie */
extern void cl_buildtrie(struct cl_node *root);

211
clamav-devel/libclamav/mbox.c
Unescape View File

@ -17,7 +17,7 @@
*/
#ifndef CL_DEBUG
#define NDEBUG /* map CLAMAV debug onto standard */
/*#define NDEBUG /* map CLAMAV debug onto standard */
#endif
#ifdef CL_THREAD_SAFE
@ -36,6 +36,7 @@
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/param.h>
#include <clamav.h>
#include "table.h"
@ -72,7 +73,8 @@ static size_t strip(char *buf, int len);
static size_t strstrip(char *s);
static bool continuationMarker(const char *line);
static int parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg);
static int saveFile(const blob *b, const char *dir);
static bool saveFile(const blob *b, const char *dir);
static bool newMessageStart(const char *buf);
/* Maximum number of attachements that we accept */
#define MAX_ATTACHMENTS 10
@ -85,6 +87,8 @@ static int saveFile(const blob *b, const char *dir);
#define CONTENT_TRANSFER_ENCODING 2
#define CONTENT_DISPOSITION 3
/*#define VALIDATE_MBOX /* validate the file is a UNIX mbox */
/* Mime sub types */
#define PLAIN 1
#define ENRICHED 2
@ -144,9 +148,8 @@ cl_mbox(const char *dir, int desc)
cli_dbgmsg("in mbox()\n");
if(initialiseTables(&rfc821Table, &subtypeTable) < 0) {
if(initialiseTables(&rfc821Table, &subtypeTable) < 0)
return -1;
}
m = messageCreate();
assert(m != NULL);
@ -155,7 +158,7 @@ cl_mbox(const char *dir, int desc)
if((fd = fdopen(dup(desc), "rb")) == NULL) {
cli_errmsg("Can't open descriptor %d\n", desc);
return -1;
return -1;
}
/*
@ -166,18 +169,18 @@ cl_mbox(const char *dir, int desc)
char *strptr;
#endif
/*cli_dbgmsg("read: %s", buffer);*/
#ifdef VALIDATE_MBOX
if(first)
/*
* Check it is a mail box.
* tm@softcom.dk: check for a single mail message
*/
if((strncmp(buffer, "From ", 5) != 0) &&
(strncmp(buffer, "Return-Path: ", 13) != 0) &&
(strncmp(buffer, "Received: ", 10) != 0)) {
if(!newMessageStart(buffer)) {
cli_errmsg("Not a valid mail message");
retcode = -1;
break;
}
#endif
/*
* Handle this where we're mid point through this stuff
@ -198,7 +201,7 @@ cl_mbox(const char *dir, int desc)
for(ptr = strtok_r(buffer, ";\r\n", &strptr); ptr; ptr = strtok_r(NULL, ":\r\n", &strptr))
messageAddArgument(m, ptr);
} else if((!inHeader) && lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0)) {
} else if((!inHeader) && lastLineWasEmpty && newMessageStart(buffer)) {
/*
* New message, save the previous message, if any
*/
@ -234,7 +237,7 @@ cl_mbox(const char *dir, int desc)
} else {
const bool isLastLine = !continuationMarker(buffer);
const char *cmd = strtok_r(buffer, " \t", &strptr);
if (cmd && *cmd) {
const char *arg = strtok_r(NULL, "\r\n", &strptr);
@ -284,7 +287,6 @@ cl_mbox(const char *dir, int desc)
tableDestroy(rfc821Table);
tableDestroy(subtypeTable);
cli_dbgmsg("cli_mbox returning %d\n", retcode);
return retcode;
@ -298,7 +300,7 @@ cl_mbox(const char *dir, int desc)
* textIn is the plain text message being built up so far
* blobsIn contains the array of attachments found so far
*
* Returns:
* Returns:
* 0 for fail
* 1 for success, attachements saved
* 2 for success, attachements not saved
@ -308,7 +310,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
{
char *ptr;
message *messages[MAXALTERNATIVE];
int inhead, inMimeHead, i, rc;
int inhead, inMimeHead, i, rc, htmltextPart, multiparts = 0;
text *aText;
blob *blobList[MAX_ATTACHMENTS], **blobs;
const char *cptr;
@ -325,9 +327,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
blobs = blobsIn;
/* Anything left to be parsed? */
if(mainMessage) {
if(mainMessage && (messageGetBody(mainMessage) != NULL)) {
int numberOfAttachments = 0;
int plaintextPart, multiparts;
mime_type mimeType;
const char *mimeSubtype;
const text *t_line;
@ -338,7 +339,6 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
char *strptr;
#endif
assert(messageGetBody(mainMessage) != NULL);
mimeType = messageGetMimeType(mainMessage);
mimeSubtype = messageGetMimeSubtype(mainMessage);
@ -366,7 +366,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
if(boundary == NULL) {
cli_warnmsg("Multipart MIME message contains no boundaries\n");
return 2; /* Broken e-mail message */
return 2; /* Broken e-mail message */
}
@ -494,10 +494,10 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
aMessage = NULL;
assert(multiparts > 0);
plaintextPart = getTextPart(messages, multiparts);
htmltextPart = getTextPart(messages, multiparts);
if(plaintextPart >= 0)
aText = textAddMessage(aText, messages[plaintextPart]);
if(htmltextPart >= 0)
aText = textAddMessage(aText, messages[htmltextPart]);
else
/*
* There isn't a text bit. If there's a
@ -507,11 +507,11 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
for(i = 0; i < multiparts; i++)
if(messageGetMimeType(messages[i]) == MULTIPART) {
aMessage = messages[i];
plaintextPart = i;
htmltextPart = i;
break;
}
assert(plaintextPart != -1);
assert(htmltextPart != -1);
rc = insert(aMessage, blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);
blobArrayDestroy(blobs, nBlobs);
@ -536,12 +536,12 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
case ALTERNATIVE:
cli_dbgmsg("Multipart alternative handler\n");
plaintextPart = getTextPart(messages, multiparts);
htmltextPart = getTextPart(messages, multiparts);
if(plaintextPart == -1)
plaintextPart = 0;
if(htmltextPart == -1)
htmltextPart = 0;
aMessage = messages[plaintextPart];
aMessage = messages[htmltextPart];
aText = textAddMessage(aText, aMessage);
rc = insert(NULL, blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);
@ -592,6 +592,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
assert(aMessage != NULL);
dtype = messageGetDispositionType(aMessage);
cptr = messageGetMimeSubtype(aMessage);
#ifdef CL_DEBUG
cli_dbgmsg("Mixed message part %d is of type %d\n",
@ -600,13 +601,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
switch(messageGetMimeType(aMessage)) {
case APPLICATION:
/*
* We don't care about the application
* subtype, since we don't spawn
* anything off
*/
if((strcasecmp(dtype, "attachment") == 0) ||
(strcasecmp(dtype, "octet-stream")))
(strcasecmp(cptr, "x-msdownload") == 0) ||
(strcasecmp(dtype, "octet-stream") == 0))
addAttachment = TRUE;
else {
cli_dbgmsg("Discarded application not sent as attachment\n");
@ -660,7 +657,8 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
*
*/
cli_dbgmsg("Found multipart inside multipart\n");
rc = insert(NULL, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);
/*rc = insert(NULL, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);*/
rc = insert(aMessage, blobs, nBlobs, messageToText(aMessage), dir, rfc821Table, subtypeTable);
mainMessage = aMessage;
continue;
@ -710,7 +708,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
* the list we've just built up
*/
for(i = 0; i < nBlobs; i++) {
#ifdef CL_DEBUG
assert(blobs[i]->magic == BLOB);
#endif
blobList[numberOfAttachments++] = blobs[i];
}
@ -727,11 +727,11 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
* message and we need to dig out the plain
* text part of that alternative
*/
plaintextPart = getTextPart(messages, multiparts);
if(plaintextPart == -1)
plaintextPart = 0;
htmltextPart = getTextPart(messages, multiparts);
if(htmltextPart == -1)
htmltextPart = 0;
rc = insert(messages[plaintextPart], blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);
rc = insert(messages[htmltextPart], blobs, nBlobs, aText, dir, rfc821Table, subtypeTable);
blobArrayDestroy(blobs, nBlobs);
break;
default:
@ -775,6 +775,9 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
bool inHeader = TRUE;
bool inMimeHeader = FALSE;
message *m;
assert(t != NULL);
m = messageCreate();
assert(m != NULL);
@ -822,7 +825,7 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
else {
const bool isLastLine = !continuationMarker(buffer);
const char *cmd = strtok_r(buffer, " \t", &strptr);
if (cmd && *cmd) {
const char *arg = strtok_r(NULL, "\r\n", &strptr);
@ -870,7 +873,10 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
return 0;
case APPLICATION:
if(strcasecmp(messageGetMimeSubtype(mainMessage), "octet-stream") == 0) {
cptr = messageGetMimeSubtype(mainMessage);
if((strcasecmp(cptr, "octet-stream") == 0) ||
(strcasecmp(cptr, "x-msdownload") == 0)) {
blob *aBlob = messageToBlob(mainMessage);
if(aBlob) {
@ -899,27 +905,67 @@ insert(message *mainMessage, blob **blobsIn, int nBlobs, text *textIn, const cha
}
}
#ifdef CL_DEBUG
cli_dbgmsg("%d attachments found\n", nBlobs);
#endif
if(nBlobs == 0 && mainMessage) {
if(nBlobs == 0) {
blob *b;
/*
* No attachments, but it may still contain a uu-encoded file
* No attachements - look for a text that we can save to scan
*/
blob *b;
messageSetEncoding(mainMessage, "x-uuencode");
#ifdef CL_DEBUG
cli_dbgmsg("%d multiparts found\n", multiparts);
#endif
htmltextPart = getTextPart(messages, multiparts);
if(htmltextPart > 0) {
b = messageToBlob(messages[htmltextPart]);
if((b = messageToBlob(mainMessage)) != NULL) {
if((cptr = blobGetFilename(b)) != NULL) {
cli_dbgmsg("Found uuencoded message %s\n", cptr);
assert(b != NULL);
#ifdef CL_DEBUG
cli_dbgmsg("Found HTML part in %d, encoded with scheme %d\n",
htmltextPart, messageGetEncoding(messages[htmltextPart]));
#endif
(void)saveFile(b, dir);
(void)saveFile(b, dir);
}
blobDestroy(b);
}
if(mainMessage) {
/*
* Look for uu-encoded main file
*/
const text *t_line;
for(t_line = messageGetBody(mainMessage); t_line; t_line = t_line->t_next) {
const char *line = t_line->t_text;
if((strncasecmp(line, "begin ", 6) == 0) &&
(isdigit(line[6])) &&
(isdigit(line[7])) &&
(isdigit(line[8])) &&
(line[9] == ' '))
break;
}
if(t_line != NULL) {
messageSetEncoding(mainMessage, "x-uuencode");
if((b = messageToBlob(mainMessage)) != NULL) {
if((cptr = blobGetFilename(b)) != NULL) {
cli_dbgmsg("Found uuencoded message %s\n", cptr);
(void)saveFile(b, dir);
}
blobDestroy(b);
}
}
}
} else {
short attachmentNumber;
@ -1028,13 +1074,10 @@ initialiseTables(table_t **rfc821Table, table_t **subtypeTable)
}
/*
* If there's a plain text version use that, otherwise
* If there's a HTML text version use that, otherwise
* use the first text part, otherwise just use the
* first one around
*
* Alternatively we could hunt out any HTML
* version and save that, if the displaying client
* can cope with HTML.
* first one around. HTML text is most likely to include
* a scripting worm
*
* If we can't find one, return -1
*/
@ -1046,7 +1089,7 @@ getTextPart(message *const messages[], size_t size)
for(i = 0; i < size; i++) {
assert(messages[i] != NULL);
if((messageGetMimeType(messages[i]) == TEXT) &&
(strcasecmp(messageGetMimeSubtype(messages[i]), "plain") == 0))
(strcasecmp(messageGetMimeSubtype(messages[i]), "html") == 0))
return (int)i;
}
for(i = 0; i < size; i++)
@ -1210,20 +1253,24 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
return type;
}
static int
static bool
saveFile(const blob *b, const char *dir)
{
unsigned long nbytes = blobGetDataSize(b);
const char *cptr;
char *filename = NULL;
size_t dirLen = strlen(dir);
int fd;
const char *suffix;
const char *cptr, *suffix;
#ifdef NAME_MAX /* e.g. Linux */
char filename[NAME_MAX + 1];
#else
#ifdef MAXNAMELEN /* e.g. Solaris */
char filename[MAXNAMELEN + 1];
#endif
#endif
assert(dir != NULL);
if(nbytes == 0)
return 1;
return TRUE;
cptr = blobGetFilename(b);
@ -1243,9 +1290,11 @@ saveFile(const blob *b, const char *dir)
}
cli_dbgmsg("Saving attachment in %s/%s\n", dir, cptr);
/* tk: use dynamic allocation */
filename = cli_malloc(dirLen + strlen(cptr) + strlen(suffix) + 8);
sprintf(filename, "%s/%sXXXXXX", dir, cptr);
/*
* Allow for very long filenames. We have to truncate them to fit
*/
snprintf(filename, sizeof(filename) - 7, "%s/%s", dir, cptr);
strcat(filename, "XXXXXX");
/*
* TODO: add a HAS_MKSTEMP property
@ -1259,8 +1308,7 @@ saveFile(const blob *b, const char *dir)
if(fd < 0) {
cli_errmsg("%s: %s\n", filename, strerror(errno));
free(filename);
return 0;
return FALSE;
}
/*
@ -1279,7 +1327,32 @@ saveFile(const blob *b, const char *dir)
cli_dbgmsg("Attachment saved as %s (%ul bytes long)\n",
filename, nbytes);
free(filename);
return TRUE;
}
return 1;
static bool
newMessageStart(const char *buf)
{
if(strncmp(buf, "From ", 5) == 0)
return TRUE;
/*
* Do NOT enable this code, it gets confused by RFC822 messages
* enapsulated in other messages e.g.
*
* ....
* --NAB47372.960554223/xxx
* Content-Type: message/rfc822
*
* Return-Path: MAILER-DAEMON
* ....
*/
#if 0
if(strncmp(buf, "Return-Path: ", 13) == 0)
return TRUE;
if(strncmp(buf, "Received: ", 10) == 0)
return TRUE;
#endif
return FALSE;
}

23
clamav-devel/libclamav/others.c
Unescape View File

@ -43,6 +43,8 @@
pthread_mutex_t cli_rand_mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
int cli_debug_flag = 0;
void cli_warnmsg(const char *str, ...)
{
va_list args;
@ -65,16 +67,21 @@ void cli_errmsg(const char *str, ...)
void cli_dbgmsg(const char *str, ...)
{
#ifdef CL_DEBUG
va_list args;
va_start(args, str);
fprintf(stderr, "LibClamAV debug: ");
vfprintf(stderr, str, args);
va_end(args);
#else
return;
#endif
if(cli_debug_flag) {
va_start(args, str);
fprintf(stderr, "LibClamAV debug: ");
vfprintf(stderr, str, args);
va_end(args);
} else
return;
}
void cl_debug(void)
{
cli_debug_flag = 1;
}
char *cl_perror(int clerror)

6
clamav-devel/libclamav/scanners.c
Unescape View File

@ -50,12 +50,12 @@ int cli_scanrar_inuse = 0;
#define SCAN_ARCHIVE (options & CL_ARCHIVE)
#define SCAN_MAIL (options & CL_MAIL)
#define MAGIC_BUFFER_SIZE 6
#define MAGIC_BUFFER_SIZE 10
#define RAR_MAGIC_STR "Rar!"
#define ZIP_MAGIC_STR "PK\003\004"
#define GZIP_MAGIC_STR "\037\213"
#define MAIL_MAGIC_STR "From "
/*#define RAWMAIL_MAGIC_STR "Received: "*/
#define RAWMAIL_MAGIC_STR "Received: "
#define BZIP_MAGIC_STR "BZh"
@ -637,12 +637,10 @@ int cli_magic_scandesc(int desc, char **virname, long int *scanned, const struct
cli_dbgmsg("Recognized mail file.\n");
ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);
}
/*
else if(!strncmp(magic, RAWMAIL_MAGIC_STR, strlen(RAWMAIL_MAGIC_STR))) {
cli_dbgmsg("Recognized raw mail file.\n");
ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);
}
*/
lseek(desc, 0, SEEK_SET);
}

7
clamav-devel/libclamav/text.c
Unescape View File

@ -139,9 +139,10 @@ textAdd(text *t_head, const text *t)
if(t_head == NULL)
return textCopy(t);
ret = t_head;
if(t == NULL)
return t_head;
assert(t != NULL);
ret = t_head;
while(t_head->t_next)
t_head = t_head->t_next;
@ -170,6 +171,8 @@ textAdd(text *t_head, const text *t)
text *
textAddMessage(text *aText, const message *aMessage)
{
assert(aMessage != NULL);
if(messageGetEncoding(aMessage) == NOENCODING)
return textAdd(aText, messageGetBody(aMessage));
else {

2
clamav-devel/mkinstalldirs
Unescape View File

@ -4,7 +4,7 @@
# Created: 1993-05-16
# Public domain
# $Id: mkinstalldirs,v 1.1 2003/07/29 15:39:41 nervoso Exp $
# $Id: mkinstalldirs,v 1.2 2003/08/02 22:37:52 kojm Exp $
errstatus=0
dirmode=""

2
clamav-devel/sigtool/sigtool.c
Unescape View File

@ -369,7 +369,7 @@ void help(void)
{
mprintf("\n");
mprintf(" Clam AntiVirus: Signature Tool (sigtool) "VERSION"\n");
mprintf(" (c) 2002 Tomasz Kojm <zolw@konarski.edu.pl>\n");
mprintf(" (c) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl>\n");
mprintf("\n");
mprintf(" --help -h show help\n");
mprintf(" --version -V print version number and exit\n");

Write Preview
Loading…
Cancel
Save