From ${URL} : When using clamscan on very large file, DoS protection terminating the scanning may apply, returning 0 value, just as in case of successfull scan. If application relies on return value of clamscan, it is possible to trick the application to hide malicious code in very large file, so the DoS protection in clamscan occurs, returning successful return value. Upstream bug: https://bugzilla.clamav.net/show_bug.cgi?id=11522 Debian report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817067 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
upstream still has bug locked.
Fixed in 0.99.3
We have to identify the code change. Upstream's version information was wrong in the past so we need to double check.
At least the commit https://github.com/Cisco-Talos/clamav-devel/commit/312b7e539106775832fad0c53d22bb8813b8240b (linked with upstream's bug id) is in =app-antivirus/clamav-0.100.0. But keep in mind that 0.100.0 is not the successor of 0.99.3 like one would expect. Due to this, not adjusting summary.
@Whissi: do you have a sample file to test this on? I would hope at least that by now this is long fixed in the 0.100.X series too
Any update here?
(In reply to Aaron Bauman from comment #6) > Any update here? https://bugzilla.clamav.net/show_bug.cgi?id=11522#c5 says: "This issue has been addressed in 0.99.3 with the addition of the clamscan --block-max option and the clamd BlockMax directive."
Tree is clean.
Unable to check for sanity: > no match for package: app-antivirus/clamav-0.100.0
GLSA Vote: No Thank you all for you work. Closing as [noglsa].