[Pkg-clamav-devel] Bug#774686: Bug#774686: ClamAV: Can't create new file

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Thu Jan 8 14:33:19 UTC 2015 

* =?UTF-8?Q?B=C3=BCschel at buxtehude.debian.org | 2015-01-06 10:09:21 [+0100]:

>On some files clamav reports an error.
>Example:
>root at host:~# clamscan projectlibre-1.5.9.msi
>projectlibre-1.5.9.msi: Can't create new file ERROR

If you start with --debug you see

| LibClamAV debug: CAB/CAB-SFX signature found at 5120
| LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ANTLR.TXT:0:1208:0:0:0:(nil)
| LibClamAV debug: cli_scanmscab() failed to extract 9
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: cli_scanraw: MaxEmbeddedPE exceeded
| LibClamAV debug: Descriptor[3]: Continuing after cli_scanraw error Can't create new file
| LibClamAV debug: cli_magic_scandesc: returning 9  at line 2327

clamav finds a CAB file within the MSI file and scans it. The mspack
library finds a file named ANTLR.TXT but uncompressing fails with a CRC
error (denoted by the number 9). I have no idea if this is a valid error
or a bug in the mspack library. Unfortunately the error code from
libmspack is passed up to clamav which is intepreted differently and
this leads to the wrong "Can't create new file" error. 

>This file can be downloaded at http://sourceforge.net/projects/projectlibre/files/ProjectLibre/1.5.9/ or directly http://netcologne.dl.sourceforge.net/project/projectlibre/ProjectLibre/1.5.9/projectlibre-1.5.9.msi
Thank you, this was helpfull.

>The same error occurs with HAVP and clamav as proxy filter with virus scan.

Is there a limitation of using HAVP due to this error?

>An system with debian squeeze 6.0.10 (LTS enabled) and clamav-0.98.1+dfsg-1+deb6u4 doesn't report an error.
The problem is how I wired up libmspack. I will check later how the old
library handles the unpacking error.

Sebastian

More information about the Pkg-clamav-devel mailing list