add separate limit value for mail recursion level

git-svn: trunk@2553

clamav-devel/ChangeLog

@@ -1,3 +1,9 @@
+Tue Dec 12 14:57:11 CET 2006 (tk)
+---------------------------------
+  * libclamav: add separate limit value for mail recursion level
+  * clamscan: new option --max-mail-recursion
+  * clamd: new option MailMaxRecursion
+
 Tue Dec 12 12:36:28 CET 2006 (tk)
 ---------------------------------
   * libclamav/scanners.c: fix debug message (bb#160), patch from

clamav-devel/clamd/server-th.c

@@ -398,6 +398,12 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_node *root, unsigned in
 	    options |= CL_SCAN_MAILURL;
 	}
 
+	if((limits.maxmailrec = cfgopt(copt, "MailMaxRecursion")->numarg)) {
+	    logg("Mail: Recursion level limit set to %u.\n", limits.maxmailrec);
+	} else {
+	    logg("^Mail: Recursion level limit protection disabled.\n");
+	}
+
     } else {
 	logg("Mail files support disabled.\n");
     }

clamav-devel/clamscan/clamscan.c

@@ -156,6 +156,14 @@ int main(int argc, char **argv)
 	}
     }
 
+    if(opt_check(opt, "max-mail-recursion")) {
+	if(!isnumb(opt_arg(opt, "max-mail-recursion"))) {
+	    logg("!--max-mail-recursion requires a natural number\n");
+	    opt_free(opt);
+	    return 40;
+	}
+    }
+
     if(opt_check(opt, "max-dir-recursion")) {
 	if(!isnumb(opt_arg(opt, "max-dir-recursion"))) {
 	    logg("!--max-dir-recursion requires a natural number\n");
@@ -275,9 +283,10 @@ void help(void)
     mprintf("                                         archived files\n");
     mprintf("    --max-files=#n                       Only extract first #n files from\n");
     mprintf("                                         archives\n");
-    mprintf("    --max-recursion=#n                   Maximum archive recursion level\n");
     mprintf("    --max-ratio=#n                       Maximum compression ratio limit\n");
+    mprintf("    --max-recursion=#n                   Maximum archive recursion level\n");
     mprintf("    --max-dir-recursion=#n               Maximum directory recursion level\n");
+    mprintf("    --max-mail-recursion=#n              Maximum mail recursion level\n");
     mprintf("    --unzip[=FULLPATH]                   Enable support for .zip files\n");
     mprintf("    --unrar[=FULLPATH]                   Enable support for .rar files\n");
     mprintf("    --arj[=FULLPATH]                     Enable support for .arj files\n");

clamav-devel/clamscan/manager.c

@@ -160,6 +160,11 @@ int scanmanager(const struct optstruct *opt)
     else
         limits->maxreclevel = 8;
 
+    if(opt_check(opt, "max-mail-recursion"))
+        limits->maxmailrec = atoi(opt_arg(opt, "max-mail-recursion"));
+    else
+        limits->maxmailrec = 64;
+
     if(opt_check(opt, "max-ratio"))
         limits->maxratio = atoi(opt_arg(opt, "max-ratio"));
     else

clamav-devel/docs/man/clamd.conf.5.in

@@ -228,6 +228,11 @@ Default: enabled
 If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR
 .br 
 Default: disabled
+.TP
+\fBMailMaxRecursion\fR
+Recursion level limit for the mail scanner.
+.br
+Default: 64
 .TP 
 \fBDetectPhishing\fR
 With this option enabled ClamAV will try to detect phishing attempts.

clamav-devel/docs/man/clamscan.1

@@ -120,6 +120,9 @@ Set archive recursion level limit. This option protects your system against DoS
 .TP 
 \fB\-\-max\-ratio=#n\fR
 Set maximum archive compression ratio limit. This option protects your system against DoS attacks (default: 250).
+.TP
+\fB\-\-max\-mail\-recursion=#n\fR
+Recursion level limit for the internal mail scanner.
 .TP 
 \fB\-\-max\-dir\-recursion=#n\fR
 Maximum depth directories are scanned at (default: 15).

clamav-devel/etc/clamd.conf

@@ -213,6 +213,10 @@ LocalSocket /tmp/clamd
 # Default: no
 #MailFollowURLs no
 
+# Recursion level limit for the mail scanner.
+# Default: 64
+#MailMaxRecursion 128
+
 # With this option enabled ClamAV will try to detect phishing attempts (using signatures).
 # Default: yes
 #DetectPhishing yes

clamav-devel/examples/ex1.c

@@ -80,7 +80,8 @@ int main(int argc, char **argv)
 					* file (files exceeding this limit
 					* will be ignored)
 					*/
-    limits.maxreclevel = 5; /* maximum recursion level */
+    limits.maxreclevel = 5; /* maximum recursion level for archives */
+    limits.maxmailrec = 64; /* maximum recursion level for mail files */
     limits.maxratio = 200; /* maximum compression ratio */
 
     /* scan file descriptor */

clamav-devel/libclamav/clamav.h

@@ -189,10 +189,11 @@ struct cl_engine {
 };
 
 struct cl_limits {
-    unsigned int maxreclevel;	    /* maximum recursion level */
+    unsigned int maxreclevel;	    /* maximum recursion level for archives */
     unsigned int maxfiles;	    /* maximum number of files to be scanned
 				     * within a single archive
 				     */
+    unsigned int maxmailrec;	    /* maximum recursion level for mail files */
     unsigned int maxratio;	    /* maximum compression ratio */
     unsigned short archivememlim;   /* limit memory usage for some unpackers */
     unsigned long int maxfilesize;  /* compressed files larger than this limit

clamav-devel/shared/cfgparser.c

@@ -48,6 +48,7 @@ struct cfgoption cfg_options[] = {
     {"DetectBrokenExecutables", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
     {"ScanMail", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
     {"MailFollowURLs", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},
+    {"MailMaxRecursion", OPT_NUM, 64, NULL, 0, OPT_CLAMD},
     {"DetectPhishing", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},
 #ifdef CL_EXPERIMENTAL
     {"PhishingScanURLs",OPT_BOOL, 1, NULL, 0, OPT_CLAMD},