Your message dated Thu, 29 Apr 2010 09:01:16 +0200
with message-id <[email protected]>
and subject line Fixed upstream in 0.95
has caused the Debian Bug report #246669,
regarding clamav-daemon: clamd protocol scan result output format is ambiguous,
poses security risk
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
246669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=246669
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clamav-daemon
Version: 0.70-1
Severity: important
| io:~> l tmp
| total 24
| -rw-r--r-- 1 julian users 22409 2004-04-30 10:45 INFECTED
| io:~> mv tmp/INFECTED 'tmp/test: OK
| >> foo'
| io:~> telnet localhost 3310
| Trying 127.0.0.1...
| Connected to localhost.
| Escape character is '^]'.
| SCAN /home/julian/tmp
| /home/julian/tmp/test: OK
| foo: Worm.SomeFool.Z FOUND
| Connection closed by foreign host.
| io:~>
Obviously the names of files that are scanned are output rawly, which
makes it possible to manipulate the semantics of the output.
In the example above, I just embedded a newline (\n) character in a file
name, which causes the misnamed infected file to be undetectable.
The clamd protocol really should not output raw file names if they
contain (ambiguous) control characters. At least, such characters
should be escaped.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (600, 'testing'), (90, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.4.25-1-k6
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8
Versions of packages clamav-daemon depends on:
ii clamav 0.70-1 Antivirus scanner for Unix
ii clamav-freshclam [clamav-da 0.70-1 Downloads clamav virus databases f
ii debconf [debconf-2.0] 1.4.22 Debian configuration management sy
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libclamav1 0.70-1 Virus scanner library
ii logrotate 3.6.5-2 Log rotation utility
ii ucf 1.02 Update Configuration File: preserv
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Version: 0.95+dfsg-1
This has been fixed upstream in 0.95 and upstream was kind enough to describe
precisely how it was fixed:
----- Forwarded message from [email protected] -----
Clamd proto consists of a few ascii commands like SCAN, RELOAD, CONTSCAN
etc.
In the original implementation, however, there was no clear marker for
the end of the command.
So clamd was simply reading a packet of data as returned by recv() and
assume it was the full line.
This was not very smart but was not a big problem since most commands
were pretty short and anyway clamd was processing a single command on
each connection: e.g.
client: SCAN file
clamd: file OK
clamd: <close connection>
When sessions were added troubles started to appear because clamd had to
figure where a command would end and the next command would start.
Since packets can be cached, merged, splitted etc. along the line, the
one command per recv() rule wasn't good anymore.
So the "n" notation was added: by prepending a "n" to the command - e.g.
nSCAN - the client tells clamd that the end of command is denoted by an
end of line char - i.e. "\n".
Similarly the "z" notation is available where a binary zero (aka NUL or
'\0') marks the end of a command. This allows scanning of filenames
which includes a \n char (which is legal under most unices and FS's).
Since the problem exists on the client side as well, at least for
requests resulting in multiple replies (like contscan), clamd replies to
commands using the same notation as the request. So n-commands are
replied with a \n separator and z-commands with a \0.
As of 0.95 clamd handles the 3 versions of the protocol described
above, hovewver the no-prefix one is deprecated and some newer
commands (like IDSESSION) are only allowed in the "n" or "z" form.
-acab
----- End forwarded message -----
pgpTqCcImEX9I.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
