[Pkg-clamav-devel] Bug#774686: Bug#774686: ClamAV: Can't create new file

[Andreas Cadhalpun]

Hi Sebastian,

On 10.01.2015 13:22, Sebastian Andrzej Siewior wrote:
> I will do the same change here by applying the
> patch at the end of this email. I upgraded the severity here to important
> since we have here some loss of functionality.
>
> I can prepare you a Wheezy package with this change if you like. I will
> have to check with the team if this is something we want to address now
> or wait for the next clamav release.

If I understand correctly, this problem only affects scanning 
(partially) broken archives and thus shouldn't have a major impact.

In particular the provided sample seems to be broken completely, because 
cabextract only extracts empty files.

In light of this I'd say the fix can wait until the next release.

> diff --git a/libclamav/libmspack.c b/libclamav/libmspack.c
> index e94312e..92338d5 100644
> --- a/libclamav/libmspack.c
> +++ b/libclamav/libmspack.c
> @@ -399,8 +397,12 @@ int cli_scanmscab(cli_ctx *ctx, off_t sfx_offset)
>   		}
>   		free(tmp_fname);
>   		files++;
> -		if (ret == CL_VIRUS && SCAN_ALL)
> -			continue;
> +		if (ret == CL_VIRUS) {
> +		       if (SCAN_ALL)
> +			       continue;
> +		       else
> +			       break;
> +		}
>   		if (ret)
>   			break;
>   	}
> @@ -507,8 +508,12 @@ int cli_scanmschm(cli_ctx *ctx)
>   		}
>   		free(tmp_fname);
>   		files++;
> -		if (ret == CL_VIRUS && SCAN_ALL)
> -			continue;
> +		if (ret == CL_VIRUS) {
> +		       if (SCAN_ALL)
> +			       continue;
> +		       else
> +			       break;
> +		}
>   		if (ret)
>   			break;
>   	}

These changes seem to have no effect, or have they?
The rest of the patch looks good.

Best regards,
Andreas