[Pkg-clamav-devel] Bug#817067: Bug#817067: clamscan large archive DOS protection could be used to hide virus
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Mon Mar 7 20:32:22 UTC 2016
control: forwarded -1 https://bugzilla.clamav.net/show_bug.cgi?id=11522
control: tags -1 + upstream
On 2016-03-07 15:59:37 [-0400], Joey Hess wrote:
> Package: clamav
> Version: 0.99+dfsg-2
> Severity: important
> Tags: security
>
> Any script relying on clamscan's exit status can probably be tricked
> with a file that contains a virus, but that uses clamscan's DOS
> protection to trick clamscan into not scanning it in full.
This sounds similar to #740059. Here it continues, in the other it
aborts.
> Suggested fix: If clamscan doesn't process the whole file content for
> any reason, exit with 2, which is documented to mean "some error
> occurred".
Sounds reasonable. I forwarded your report upstream.
Sebastian
More information about the Pkg-clamav-devel
mailing list