[Pkg-clamav-devel] Bug#817067: Bug#817067: Bug#817067: clamscan large archive DOS protection could be used to hide virus
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Mon Aug 22 21:59:55 UTC 2016
On 2016-03-07 21:32:22 [+0100], Sebastian Andrzej Siewior wrote:
> Sounds reasonable. I forwarded your report upstream.
proxy mode on.
|Kevin Lin 2016-03-10 21:24:37 CET
|Engine limitations, as well as certain non-fatal internal errors, are
|suppressed within the engine. This is done to simplify issues and
|suppress issues caused by a non-clean return code and allow the engine
|to continue parsing the file.
|
|The solution to the issue would be to track the limitation statuses,
|most likely in the scanning context and have clamscan changed to
|interpret the statuses. Note that this mostly likely would affect the
|ABI.
|Steven Morgan 2016-06-24 20:26:42 CEST May use a virus such as
|Heuristic.SizeLimitsExceeded under the control of clamd/clamscan option
|(BlockLimitsExceeded). Rational - its not really an error or a virus,
|but flagging an heuristic fits better within ClamAV processing modes.
proxy mode off.
Sebastian
More information about the Pkg-clamav-devel
mailing list