ports/75439: scanning of some zip files broken in clamav
Suresh Ramasubramanian
suresh at frodo.hserus.net
Thu Dec 23 17:30:27 UTC 2004
>Number: 75439
>Category: ports
>Synopsis: scanning of some zip files broken in clamav
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 23 17:30:26 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Suresh Ramasubramanian
>Release: FreeBSD 4.10-STABLE i386
>Organization:
-ENOENT
>Environment:
System: FreeBSD frodo.hserus.net 4.10-STABLE FreeBSD 4.10-STABLE #0: Sat Jun 19 09:04:39 IST 2004 suresh at frodo.hserus.net:/usr/obj/usr/src/sys/FRODO i386
>Description:
clamav's zip scanning routines only support store and inflate, so can
uncompress deflated zip archives. Zip archives that have files compressed using
shrunk or imploded methods will fail
This causes emails to get tempfailed
2004-12-23 21:33:31 no IP address found for host webmail10.rediffmail.com (during SMTP connection from [202.54.124.179]:61858 I=[204.74.68.40]:25)
2004-12-23 21:33:38 1ChVR7-000MM2-84 malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1ChVR7-000MM2-84/1ChVR7-000MM2-84-00000.zip: Zip module
failure ERROR
2004-12-23 21:33:38 1ChVR7-000MM2-84 H=(rediffmail.com) [202.54.124.179]:61858 I=[204.74.68.40]:25 F=<rraghuram at rediffmail.com> temporarily rejected after DATA
2004-12-23 21:33:39 SMTP connection from (rediffmail.com) [202.54.124.179]:61858 I=[204.74.68.40]:25 closed by QUIT
More on this in the thread
http://arkiv.netbsd.se/?ml=clamav-users&a=2004-04&m=486418
>How-To-Repeat:
>Fix:
already in cvs after 0.80 was released according to the thread above
Alternative - there's a patch suggested on that clamav-users post I linked to
above to define more compression types for the stable clamav version ..
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list