[Pkg-clamav-devel] Bug#589767: clamav: clamscan gives opposite results on mbox file vs. maildir file

Jeff Green jeff at kikisoso.org
Tue Jul 20 20:48:06 UTC 2010 

Package: clamav
Version: 0.96.1+dfsg-1~volatile1
Severity: normal


Clamscan gives an alert on a mbox file with message provided as an attachment
(nix that, everytime I send it whether tar'ed and compressed or whatever
the debian mail server rejects it since it has "malware".) However when the 
mbox is broken out into individual message files via mb2md or mbox2maildir, 
then clamscan no longer gives the alert.

The problem seems to be associated with the initial From line. If it is there,
then clamscan gives the alert. If it is missing, then it does not. Usually,
clamscan works the same in either situation (at least with mbox2maildir which 
I have been using up until trying mb2md). The attached file seems to be
special somehow.


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory = "/tmp"
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "10485760"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
VirusEvent disabled
ExitOnOOM disabled
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures disabled
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
ClamukoScanOnAccess disabled
ClamukoScannerCount = "3"
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize disabled
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "4"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net", "clamav.catt.com", "db.us.clamav.net"
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: 0.96.1
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 JIT
Database directory: /var/lib/clamav/
WARNING: freshclam.conf and clamd.conf point to different database directories
main.cld: version 52, sigs: 704727, built on Mon Feb 15 09:54:51 2010
daily.cld: version 11397, sigs: 103036, built on Tue Jul 20 06:11:17 2010
bytecode.cld: version 31, sigs: 7, built on Thu Jul  8 12:46:51 2010

Platform information
--------------------
uname: Linux 2.6.26-2-686 #1 SMP Mon Jun 21 05:58:44 UTC 2010 i686
OS: linux-gnu, ARCH: i386, CPU: i486
zlib version: 1.2.3.3 (1.2.3.3), compile flags: 55

Build information
-----------------
GNU C: 4.3.2 (4.3.2)
GNU C++: 4.3.2 (4.3.2)
CPPFLAGS: 
CFLAGS: -Wall -g -O2
CXXFLAGS: -Wall -g -O2
LDFLAGS: 
Configure: '--build=i486-linux-gnu' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav' '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav' '--enable-milter' '--disable-clamuko' '--with-gnu-ld' '--enable-dns-fix' '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath' '--with-ltdl-include=/usr/include' '--with-ltdl-lib=/usr/lib' '--config-cache' 'build_alias=i486-linux-gnu' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS='

--- data dir ---
total 63532
-rw-r--r-- 1 clamav clamav    73728 2010-07-08 15:20 bytecode.cld
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 11:01 clamav-0c01e6ca3c8a9102af5e6a9f77eb3fb1
drwxr-xr-x 2 clamav clamav     4096 2008-06-13 16:55 clamav-16e13853ffef87783859a06432d7ad47
drwxr-xr-x 2 clamav clamav     4096 2007-05-01 08:24 clamav-248ea4992915aa551c49f5153902da25
drwxr-xr-x 2 clamav clamav     4096 2007-04-01 22:00 clamav-466635401fd40fc5f90005cad2f90575
drwxr-xr-x 2 clamav clamav     4096 2008-06-13 16:42 clamav-49acb263f1faf05aa0de76823383a973
drwxr-xr-x 2 clamav clamav     4096 2007-04-08 06:25 clamav-56a681041d29e3754da2589da9a1396b
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 10:28 clamav-58972a6ca447f49aa94213c86289eb2d
drwxr-xr-x 2 clamav clamav     4096 2007-04-15 06:33 clamav-6c1260bb075dc1ba3848829819850108
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 10:29 clamav-8759cde1086ceaac798e5a56806ed1f2
drwxr-xr-x 2 clamav clamav     4096 2008-06-13 16:54 clamav-90223d53220d18c7156425f7be48c64d
drwxr-xr-x 2 clamav clamav     4096 2008-06-10 09:28 clamav-92b9f7554a2d1d202c145a1ca2766149
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 10:32 clamav-972f9ad957627b724a6915fec4076b80
drwxr-xr-x 2 clamav clamav     4096 2007-05-03 12:37 clamav-9ce81647016b34fe777ff43462787eb8
-rw-r--r-- 1 clamav clamav  1851392 2008-10-09 03:03 clamav-a1ccf23787fe6f864f2dcd3b46a88467
drwxr-xr-x 2 clamav clamav     4096 2007-04-16 16:26 clamav-a1ebf29a7e1591111c049dd0c6a00449
drwxr-xr-x 2 clamav clamav     4096 2008-05-30 05:49 clamav-aa5bc465db67c8d0ee08ccdce19f9484
drwxr-xr-x 2 clamav clamav     4096 2007-04-10 14:45 clamav-c13bbedf6e1329fe2af1e3ed41443ce7
drwxr-xr-x 2 clamav clamav     4096 2007-04-13 10:00 clamav-c22248c7382d9f7cf65e797e76111aff
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 11:07 clamav-d267be02272cd1b49dce3ecad3914cc4
drwxr-xr-x 2 clamav clamav     4096 2008-10-09 03:03 clamav-d3f05340f28e536bc4d75d6df1f0cc98
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 10:21 clamav-d85213aacf6dbe35a54f208758649823
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 10:20 clamav-d98a07ae4e3e2e8e16894f6710447bf1
drwxr-xr-x 2 clamav clamav     4096 2007-04-13 07:29 clamav-ed7be22fb78d15fb297996816eac5a9b
drwxr-xr-x 2 clamav clamav     4096 2009-01-03 03:03 clamav-f1f5113be0456ec04bf996471129768d
drwxr-xr-x 2 clamav clamav     4096 2008-05-30 10:19 clamav-f32a15c9e94bee61dbebb80a470d35bc
drwxr-xr-x 2 clamav clamav     4096 2008-06-30 10:49 clamav-f36f3b09324e4aa489705eb5782e9622
-rw-r--r-- 1 clamav clamav  6268416 2010-07-20 09:11 daily.cld
-rw-r--r-- 1 clamav clamav 56671744 2010-02-15 12:06 main.cld
-rw------- 1 clamav clamav     3952 2010-07-20 15:11 mirrors.dat

-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages clamav depends on:
ii  clamav-freshclam 0.96.1+dfsg-1~volatile1 anti-virus utility for Unix - viru
ii  libc6            2.7-18lenny4            GNU C Library: Shared libraries
ii  libclamav6       0.96.1+dfsg-1~volatile1 anti-virus utility for Unix - libr
ii  zlib1g           1:1.2.3.3.dfsg-12       compression library - runtime

Versions of packages clamav recommends:
ii  clamav-base      0.96.1+dfsg-1~volatile1 anti-virus utility for Unix - base

Versions of packages clamav suggests:
pn  clamav-docs                   <none>     (no description available)

-- no debconf information

More information about the Pkg-clamav-devel mailing list