Mantis - clamav
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
4987 regular use major always 2012-08-01 10:20 2012-09-18 14:05
Reporter: laurent Platform:  
Assigned To: bonivart OS:  
Priority: normal OS Version:  
Status: closed Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0004987: Some files are wrongly reported as having a bad format
Description: Heads up:
There is a bug in 0.97.5 which makes it report some files as having format errors.

This happens on some Solaris related files, eg:
/var/tmp/137081-07.zip: OK
/var/tmp/137148-07.zip: OK
/var/tmp/137321-02.zip: Can't unpack some data ERROR
/var/tmp/138823-10.zip: OK
/var/tmp/138827-10.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 1278842
Engine version: 0.97.5
Scanned directories: 0
Scanned files: 4
Infected files: 0
Total errors: 1
Data scanned: 80.28 MB
Data read: 22.60 MB (ratio 3.55:1)
Time: 18.295 sec (0 m 18 s)

It also happens to me on some Red Hat RPM files, and a handful of others, .gz, .bz2. This bug is cross-platform, I first noticed it on RHEL5 with rpmforge ClamAV.
Of course those files are perfectly fine:
No errors detected in compressed data of /var/tmp/137321-02.zip.

An upstream bug is already open, there's apparently no official fix at this point:
https://bugzilla.clamav.net/show_bug.cgi?id=5252 [^]
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:
Issue History
Date Modified Username Field Change
2012-08-01 10:20 laurent New Issue
2012-08-01 11:45 bonivart Status new => assigned
2012-08-01 11:45 bonivart Assigned To => bonivart
2012-08-01 11:46 bonivart Note Added: 0010071
2012-08-01 11:46 bonivart Status assigned => feedback
2012-08-01 12:08 laurent Note Added: 0010072
2012-08-01 14:52 bonivart Note Added: 0010074
2012-08-14 23:00 bonivart Note Added: 0010090
2012-09-18 14:05 bonivart Note Added: 0010119
2012-09-18 14:05 bonivart Status feedback => closed
2012-09-18 14:05 bonivart Resolution open => fixed

Notes
(0010071)
bonivart   
2012-08-01 11:46   
Thank you for checking that it's cross-platform and that an upstream bug has been filed.

I don't really know what to do other than to quickly build a new package when new source is available?
(0010072)
laurent   
2012-08-01 12:08   
Agreed. There's a patch in a comment of the bug above, but personally, I'd wait a little. Applying it would be only if a fix becomes critical to some and an upstream release doesn't come.
(0010074)
bonivart   
2012-08-01 14:52   
If you want to do some tests I have built new packages with the patch mentioned:

http://buildfarm.opencsw.org/experimental.html#clamav [^]
(0010090)
bonivart   
2012-08-14 23:00   
Just got news from the ClamAV team that 0.97.6 will be released within a week fixing this. Did you try my patched packages?
(0010119)
bonivart   
2012-09-18 14:05   
Released 0.97.6 to unstable.