[Pkg-clamav-devel] Bug#599908: Bug#599908: clamav return errors on corrupted PDF

Michael Tautschnig mt at debian.org
Wed Oct 13 21:31:10 UTC 2010 

Hi Marco,

> Mandi! Michael Tautschnig
>   In chel di` si favelave...
> 
> > Thanks for reporting this issue; from your report I guess that this is perfectly
> > reproducible and you can probably just use clamscan to reproduce the problem.
> > Could you do a clamscan --debug YOUR_FILE and send the output? I think this
> > should not disclose and private information.
> 
> Really, really, strange.
> 
> I've buld up a script that weekly scan most of my disk space with
> clamav, and move on quarantine infected files.
> 
> The script lastly execute:
> 
>  nice -20 clamscan --quiet --infected --stdout --no-summary --recursive \
> 	--max-filesize=50M --max-scansize=250M --exclude=/.inbox
> 	--exclude-dir=/srv/users/.cestino --exclude-dir=/srv/media/.cestino
> 	--log=/tmp/sysscan.log.HOOPjNpC --max-dir-recursion=1000 /home
> 	/srv/users /srv/media
> 
> and check return code, if different from 0 or 1 bump an error.
> 
> 
> But if i try to scan manually the file:
> 
>  mouse:~# clamscan --stdout --no-summary --recursive --max-filesize=50M --max-scansize=250M "/srv/users/OVCI/cose vecchie/Recupero pc Ale Giardina dopo furto/normale/842-98_SP500_GE.pdf"; echo $?
>  /srv/users/OVCI/cose vecchie/Recupero pc Ale Giardina dopo furto/normale/842-98_SP500_GE.pdf: OK
>  0
> 
> work well. Boh.
> 
> 
> Anyway i attach the ''debug run'', hoping will be useful.
> 

Well, as there is no error to be observed it is not as useful as one could hope
it to be. There are some notices about bogus PDF headers, but that doesn't seem
to be causing any trouble.

We will probably need some kind of delta debugging here. If I got it right, your
scripted check results in the error that you reported, but the manual scan does
not. Let's try to make the command lines as similar as possible. What about

 nice -20 clamscan --quiet --infected --stdout --no-summary --recursive \
	--max-filesize=50M --max-scansize=250M --exclude=/.inbox
	--exclude-dir=/srv/users/.cestino --exclude-dir=/srv/media/.cestino
	--log=/tmp/sysscan.log.HOOPjNpC --max-dir-recursion=1000 
  "/srv/users/OVCI/cose vecchie/Recupero pc Ale Giardina dopo furto/normale/842-98_SP500_GE.pdf"

Does that also cause any errors to be logged? What happens if you omit the --log
directive? Same with --quiet, --infected, --exclude=... options?

Thanks a lot,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20101013/e3118b0a/attachment.pgp>

More information about the Pkg-clamav-devel mailing list