#include #include #include int isheader=1; int isfirstheader=1; #define STRLEN 8192 char header[STRLEN+2]=""; char hdr_from[STRLEN+2]=""; char hdr_to[STRLEN+2]=""; char hdr_subj[STRLEN+2]=""; char hdr_deliv[STRLEN+2]=""; #define LOGLEN STRLEN char logfile[LOGLEN+2]=""; int mimedepth=0; #define MAXMIME 8 char separator[MAXMIME][256]; #define TIMEOUT 3600 #define MAXEXTD 22 char dangerext[MAXEXTD][8]={ ".PIF",".SCR",".EXE",".COM",".BAT",".LNK",".CEO",".BAS", ".CMD",".CPL",".CRT",".HTA",".JS" ,".JSE",".LNK",".MSI", ".SHB",".SHS",".VB" ,".VBE",".VBS",".WSH" }; #define MAXEXTS 21 char suspicionext[MAXEXTS][8]={ ".ADE",".ADP",".CHM",".HLP",".INF",".INS",".ISP",".MDB", ".MDE",".MSC",".MSP",".MST",".PCD",".REG",".SCT",".URL", ".WSC",".WSF",".EML",".ZIP",".MAP" }; char*strstri(char*haystack,char*needle) { char*sp,*sp1; sp=strdup(haystack);if(!sp)return NULL; // DANGER! Silent failure! strupr(sp); sp1=strstr(sp,needle); if(sp1)sp1=sp1-sp+haystack; free(sp); return sp1; } char*strncatz(char*s1,char*s2,int n) { char*sp; sp=strncat(s1,s2,n);s1[n-1]=0;return sp; } int isboundary(char*s) { char*sp; if(strncmp(s,"--",2))return 0; sp=separator[mimedepth-1]; if(strncmp(s+2,sp,strlen(sp)))return 0; //printf("Separator\n"); if(!strncmp(s+strlen(sp)+2,"--",2))return 2; return 1; } int logrename(char*s) { strncatz(logfile,"Renamed: ",LOGLEN); strncatz(logfile,s,LOGLEN); strncatz(logfile,"\n",LOGLEN); } int sanitizefilename(char*s,int quot) { char*sp; int t; int log=0; sp=strrchr(s,'.'); if(!sp)return 0; if(quot) {for(t=0;t' '){strcpy(header,s);} if(!strncmpi(header,"CONTENT-TYPE:",13)) {if(sp=strstri(s,"BOUNDARY")) {sp=sp+8;while((sp[0]==' ')||(sp[0]=='='))sp++; if(sp[0]=='"'){sp++;quot=1;} mimedepth++; strcpy(separator[mimedepth-1],sp); if(quot){sp=strchr(separator[mimedepth-1],'"');if(sp)sp[0]=0;} sp=strchr(separator[mimedepth-1],'\r');if(sp)sp[0]=0; sp=strchr(separator[mimedepth-1],'\n');if(sp)sp[0]=0; } else if(sp=strstri(s,"NAME")) {sp=sp+4;while((sp[0]==' ')||(sp[0]=='='))sp++; if(sp[0]=='"'){sp++;quot=1;} {char s1[STRLEN+2],s2[STRLEN+2]; int fnlength; strcpy(s1,sp); if(quot){sp1=strchr(s1,'"');if(sp1)sp1[0]=0;} else{sp1=strchr(s1,';');if(sp1)sp1[0]=0;} sp1=strchr(s1,'\r');if(sp1)sp1[0]=0; sp1=strchr(s1,'\n');if(sp1)sp1[0]=0; fnlength=strlen(s1); sanitizefilename(s1,quot); strncpy(s2,s,sp-s);s2[sp-s]=0; strncatz(s2,s1,STRLEN); strncatz(s2,sp+fnlength,STRLEN); strcpy(s,s2); } } } else if(!strncmpi(header,"CONTENT-DISPOSITION:",13)) { if(sp=strstri(s,"FILENAME")) {sp=sp+4;while((sp[0]==' ')||(sp[0]=='='))sp++; if(sp[0]=='"'){sp++;quot=1;} {char s1[STRLEN+2],s2[STRLEN+2]; int fnlength; strcpy(s1,sp); if(quot){sp1=strchr(s1,'"');if(sp1)sp1[0]=0;} else{sp1=strchr(s1,';');if(sp1)sp1[0]=0;} sp1=strchr(s1,'\r');if(sp1)sp1[0]=0; sp1=strchr(s1,'\n');if(sp1)sp1[0]=0; fnlength=strlen(s1); sanitizefilename(s1,quot); strncpy(s2,s,sp-s);s2[sp-s]=0; strncatz(s2,s1,STRLEN); strncatz(s2,sp+fnlength,STRLEN); strcpy(s,s2); } } } else if(!strncmpi(header,"FROM:",5))strcpy(hdr_from,header); else if(!strncmpi(header,"TO:",3))strcpy(hdr_to,header); else if(!strncmpi(header,"DELIVERED-TO:",3))strcpy(hdr_deliv,header); else if(!strncmpi(header,"SUBJECT:",8))strcpy(hdr_subj,header); // if(!strncmpi(header,"CONTENT-TYPE:",13)) } int sanitizecontentlinetag(char*s,char*tag) { char*sp; sp=strstri(s,tag);if(sp){sp[0]='!';return 1;}return 0; } int sanitizecontentline(char*s) { char*sp; int line=0; while(sanitizecontentlinetag(s,"