Index: trunk/configure.ac
===================================================================
--- trunk/configure.ac	(revision 402)
+++ trunk/configure.ac	(revision 403)
@@ -12,5 +12,5 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 3.0.4)
+AM_INIT_AUTOMAKE(samhain, 3.0.5)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST
Index: trunk/docs/Changelog
===================================================================
--- trunk/docs/Changelog	(revision 402)
+++ trunk/docs/Changelog	(revision 403)
@@ -1,2 +1,6 @@
+3.0.5:
+	* fix xml format templates for registry check
+	* fix database download on registry check init (reported by ldieu)
+
 3.0.4:
 	* fix verbosity of message for alerts on already deleted watches
@@ -22,5 +26,5 @@
 	* change sql init scripts to make bigint fields unsigned (problem
 	  reported by A. Sabitov)
-	* patch by Andy Jack for issue with the --with-gpg option (hangs with 
+	* patch by Andy Jack for issue with the --with-gpg option (hangs with
           high cpu load at startup)
 	* call ./samhain-install.sh as /bin/sh ./samhain-install.sh in the
Index: trunk/src/sh_cat.c
===================================================================
--- trunk/src/sh_cat.c	(revision 402)
+++ trunk/src/sh_cat.c	(revision 403)
@@ -169,7 +169,7 @@
 
 #ifdef USE_REGISTRY_CHECK
-  { MSG_REG_MISS,   SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [RegistryKeyMissing]\" path=\"%s\" %s")},
-  { MSG_REG_NEW,    SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [RegistryKeyNew]\" path=\"%s\" %s")},
-  { MSG_REG_CHANGE, SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [RegistryKeyChanged]\" path=\"%s\" %s")},
+  { MSG_REG_MISS,   SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [RegistryKeyMissing] %s\" path=\"%s\" %s")},
+  { MSG_REG_NEW,    SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [RegistryKeyNew] %s\" path=\"%s\" %s")},
+  { MSG_REG_CHANGE, SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [RegistryKeyChanged] %s\" path=\"%s\" %s")},
 #endif
 
Index: trunk/src/sh_registry.c
===================================================================
--- trunk/src/sh_registry.c	(revision 402)
+++ trunk/src/sh_registry.c	(revision 403)
@@ -181,6 +181,13 @@
 	  if (status != 0)
 	    {
-	      char  errbuf[256];
+	      char  errbuf[512];
+	      char  *p;
 	      regerror(status, &(newkey->preg), errbuf, sizeof(errbuf));
+
+	      sl_strlcat(errbuf, ": ", sizeof(errbuf));
+	      p = sh_util_safe_name_keepspace(s);
+	      sl_strlcat(errbuf, p, sizeof(errbuf));
+	      SH_FREE(p);
+
 	      SH_MUTEX_LOCK(mutex_thread_nolog);
 	      sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, 
@@ -743,7 +750,8 @@
 	  doUpdate = S_TRUE;
 	}
+
     }
  
-  if ( sh.flag.checkSum == SH_CHECK_INIT || doUpdate == S_TRUE )
+  if ( sh.flag.checkSum == SH_CHECK_INIT || doUpdate == S_TRUE /* change detected */ )
     {
       struct store2db save;
@@ -767,8 +775,14 @@
     }
 
-  if (tPath)
-    sh_hash_set_visited (tPath);
-  else
-    sh_hash_set_visited (path);
+  /* Without this, freshly updated entries would get deleted
+   * as 'not seen'.
+   */
+  if (sh.flag.checkSum != SH_CHECK_INIT)
+    {
+      if (tPath)
+	sh_hash_set_visited (tPath);
+      else
+	sh_hash_set_visited (path);
+    }
 
   if (tPath)
@@ -806,4 +820,5 @@
 {
   HKEY hTestKey;
+  LONG qError;
   char * newpath;
   size_t len;
@@ -836,10 +851,12 @@
   snprintf(newpath, len, "%s\\%s", path, subkey);
   
-  if( RegOpenKeyEx( key,
-		    subkey,
-		    0,
-		    (KEY_READ | view),
-		    &hTestKey) == ERROR_SUCCESS
-      )
+  qError = RegOpenKeyEx( key,
+			 subkey,
+			 0,
+			 (KEY_READ | view),
+			 &hTestKey);
+
+
+  if (qError == ERROR_SUCCESS)
     {
       QueryKey(hTestKey, newpath, len-1, isSingle);
@@ -850,20 +867,43 @@
     {
       /* Error message */
-      char  * tmp    = sh_util_safe_name (newpath);
-      size_t  tlen   = sl_strlen(tmp);
-      
+      LPVOID lpMsgBuf;
+  
+      char  * tmp     = sh_util_safe_name (newpath);
+      size_t  tlen    = sl_strlen(tmp);
+
       if (SL_TRUE == sl_ok_adds(64, tlen))
 	{
-	  char * errbuf = SH_ALLOC(64 + tlen);
-	  sl_snprintf(errbuf, 64+tlen, _("Failed to open key %s"), tmp);
-	  
-	  SH_MUTEX_LOCK(mutex_thread_nolog);
-	  sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, 
-			  errbuf, _("CheckThisSubkey"));
-	  SH_MUTEX_UNLOCK(mutex_thread_nolog);
-	  
-	  SH_FREE(errbuf);
-	}
-      sh_reg_add_ign (tmp);
+	  char * errbuf;
+	  size_t elen;
+
+	  tlen += 64;
+
+	  elen = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | 
+			       FORMAT_MESSAGE_FROM_SYSTEM |
+			       FORMAT_MESSAGE_IGNORE_INSERTS,
+			       NULL,
+			       qError,
+			       MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+			       (LPTSTR) &lpMsgBuf,
+			       0, NULL );
+
+	  if (elen > 0 && SL_TRUE == sl_ok_adds(elen, tlen))
+	    {
+	      tlen += elen;
+
+	      errbuf = SH_ALLOC(elen + tlen);
+	      sl_snprintf(errbuf, 64+tlen, _("Failed to open key %s: %s"), 
+			  tmp, lpMsgBuf);
+	      LocalFree(lpMsgBuf);
+
+	      SH_MUTEX_LOCK(mutex_thread_nolog);
+	      sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, 
+			      errbuf, _("CheckThisSubkey"));
+	      SH_MUTEX_UNLOCK(mutex_thread_nolog);
+	      
+	      SH_FREE(errbuf);
+	    }
+	}
+      sh_reg_add_ign (newpath);
       SH_FREE(tmp);
     }
@@ -880,5 +920,4 @@
   char path[20] = "";
   int pos = 0;
-  int retval = -1;
   
   if      (0 == strncmp(key, _("HKEY_CLASSES_ROOT"), 17))