I must say that I agree. To have ClamAV crash on a badly formed signature is as bad (or worse) as having it crash while scanning.
Since ClamAV tends to be run with automatic updates to its DB, having a bad signature cause it to crash can result in email blockage or a total lack of AV service (including perhaps letting bad emails through). Even if clamd is auto-restarted (e.g., via systemd), it will likely crash each time, and thus be unavailable. Software should *never* crash when presented with invalid input, especially if the input arrives via the Internet. And it's quite conceivable that some especially clever bad guy might attack the source of signatures to incapacitate ClamAV, or, in the worst case, to cause it to execute arbitrary code instead of "merely" crashing. On Tue, 31 Jul 2018 18:14:29 +0100 (BST) "G.W. Haywood" <cla...@jubileegroup.co.uk> wrote: > Hi there, > > On Tue, 31 Jul 2018, Steve Basford wrote: > > > My little issue is with this statement: > > > > "It wasn't quite clear at the offset of this bug, but ClamAV cannot > > support unofficial signatures from a development standpoint. For > > numerous reasons, we do not regress against those signatures, and > > in cases where sig writers publish non-functional signatures due to > > insufficient testing (which then cause crashes in newer versions of > > clam) we cannot devote our resources to fixing that > > problem." (above Bugzilla) > > I'll take issue with that statement too. That's a cr@p developer > attitude. > > If an unofficial signature causes (or is even _capable_ of causing) > clam to crash, that's a fault in clam that needs to be fixed. > > If nothing else it means that you're quite likely less secure if > you're running clam on Linux than you are if you're _not_ running it. > _______________________________________________ clamav-users mailing list email@example.com http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml