Hi, As you know, the Clam folks continue their tradition of security problems, and have released version 0.88 to plug the latest hole discovered.
However, there seems to be a regression in 0.88 compared to 0.87.1. The file http://www.roaringpenguin.com/msg-1212-47.zip contains an EICAR test virus in a "deflate64" zip file. Clam's built-in ZIP code doesn't handle deflate64, but the external UNIX utility "unzip" does. So in earlier versions, clamscan --unzip msg-1212-47.zip finds the EICAR: $ clamscan --unzip msg-1212-47.zip /home/dfs/msg-1212-47.zip: Zip module failure Archive: /home/dfs/msg-1212-47.zip inflating: eicar.com /tmp/clamav-364678599ce3d6be/eicar.com: Eicar-Test-Signature FOUND /home/dfs/msg-1212-47.zip: Infected.Archive FOUND whereas 0.88 reacts thus: $ clamscan --unzip msg-1212-47.zip /home/dfs/msg-1212-47.zip: OK I tried reading the Clam source code to figure out the difficulty, but soon got lost in a maze of twisty little passages, all alike. I have filed a bug report at clamav.net. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
