I already pointed out this problem in Bug 81075 but to no avail. :-( Reproducible: Didn't try Steps to Reproduce: I won
I already pointed out this problem in Bug 81075 but to no avail. :-( Reproducible: Didn't try Steps to Reproduce: I won´t try to reproduce it - this is a production server and I do not have required sample mails to test it elsewhere. Actual Results: Please see: http://lurker.clamav.net/thread/20050209.190624.3bbb8981.en.html http://sourceforge.net/forum/forum.php?thread_id=1226202&forum_id=443243 Expected Results: No false positives, please! People want their mail!
Fix from http://lurker.clamav.net/message/20050208.154110.9cd5bde8.en.html --- libclamav/special.c 5 Feb 2005 15:50:18 -0000 1.8 +++ libclamav/special.c 8 Feb 2005 14:47:06 -0000 1.9 @@ -224,6 +224,12 @@ return 0; } + if (memcmp(&form_type, "ACON", 4) != 0) { + /* Only scan MS animated icon files */ + /* There is a *lot* of broken software out there that produces bad RIFF files */ + return 0; + } + chunk_size = riff_endian_convert_32(chunk_size, big_endian); do { @@ -234,6 +240,6 @@ if (offset < chunk_size) { retval = 2; - }; + } return retval; }
Could you please try out clamav-0.82-r1, freshly landing on portage mirrors in few hours? The patch is applied there. Sorry for not taking care of this earlier, I had some prior engagements.
Sure, I will give it a try. It will however take a day or two to report back, since this bug was filed solely upon reports of users who complained about loosing innocent emails. So I need a few thousands email samples to pass through. ;-) Thanks.
Marking this as verified upstream as per http://lurker.clamav.net/message/20050214.003000.79670a95.en.html and obsoleted by Bug 81931 (ClamAV 0.83 is out and includes this patch). Thank you.
0.83 is now in portage, thanks. I'm marking 0.82-r1 stable, as it's 0.82 (which is marked stable) with this patch.
