Package: clamav Version: 0.100.2+dfsg-0+deb9u1
Severity: important Tags: upstream ClamAV didn’t do correct decode of complex UTF-8 filename from MHTML container. Debug output LibClamAV debug: rfc2047 returns 'Content-Disposition: attachment; filename="Пакет документов Ð ´ля оплаты декабрь .gz"' LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' attachment; filename="Пакет документов Ð ´ля оплаты декабрь .gz"' LibClamAV debug: messageAddArgument, arg='filename="Пакет документов Ð ´ля оплаты декабрь .gz"' LibClamAV debug: Multipart 0: End of header information LibClamAV debug: Part 0 has 4108 lines, rc = 1 LibClamAV debug: Mixed message part 0 is of type 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: "P.P0P:P5Q. P4P>P:Q.P<P5P=Q.P>P2 P 4P;Q. P>P?P;P0Q.Q. P4P5P:P0P1Q LibClamAV debug: fileblobSetFilename: file _P_P0P_P5Q__P4P_P_Q_P_P5P_Q_P_P2_P_4P_Q__P_P_P_P0Q_Q__P4P5P_P0P1Q saved to …… ….. LibClamAV debug: Exported 234078 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (@ @ @) LibClamAV debug: CDBNAME:CL_TYPE_MHTML:234079:_P_P0P_P5Q__P4P_P_Q_P_P5P_Q_P_P2_P_4P_Q__P_P_P_ P0Q_Q__P4P5P_P0P1Q:234079:234079:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized GZip file Is it bug? Russian UTF8 filename ≪Пакет документов для оплаты декабрь.gz≫ was decoded as some junk. KOI-8r works fine. In email the section header for attachment look like: Content-Type: application/octet-stream; name="=?utf- 8?B?0J/QsNC60LXRgiDQtNC+0LrRg9C80LXQvdGC0L7QsiDQ?= =?utf-8?B?tNC70Y8g0L7Qv9C70LDRgtGLINC00LXQutCw0LHRgNGM?= =?utf-8?B?Lmd6?=" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="=?utf- 8?B?0J/QsNC60LXRgiDQtNC+0LrRg9C80LXQvdGC0L7QsiDQ?= =?utf-8?B?tNC70Y8g0L7Qv9C70LDRgtGLINC00LXQutCw0LHRgNGM?= =?utf-8?B?Lmd6?=" -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- BlockMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile = "/var/log/clamav/clamav.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "64" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "64" ReadTimeout = "300" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "128" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA = "yes" ExcludePUA disabled IncludePUA = "Spy", "Script", "Server" AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "157286400" MaxFileSize = "47185920" MaxRecursion = "8" MaxFiles = "10000" MaxEmbeddedPE = "20971520" MaxHTMLNormalize = "15728640" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "10485760" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "100000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.ru.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings ----------------- Version: 0.100.2 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT Platform information -------------------- uname: Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5 (2017-09-19) x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: Debian GNU/Linux 9.5 (stretch) zlib version: 1.2.8 (1.2.8), compile flags: a9 Triple: x86_64-pc-linux-gnu CPU: broadwell, Little-endian platform id: 0x0a215d5d0806030001060300 Build information ----------------- GNU C: 6.3.0 20170516 (6.3.0) GNU C++: 6.3.0 20170516 (6.3.0) CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-6sLuAe/clamav- 0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=forma CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-6sLuAe/clamav- 0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=for LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '-- includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/ sizeof(void*) = 8 Engine flevel: 93, dconf: 93 --- data dir --- total 271248 -rw-r--r-- 1 clamav clamav 951808 Aug 9 08:25 bytecode.cld -rw-r--r-- 1 clamav clamav 158902784 Dec 19 10:25 daily.cld -rw-r--r-- 1 clamav clamav 117892267 Mar 29 2018 main.cvd -rw------- 1 clamav clamav 1040 Dec 19 13:25 mirrors.dat -- System Information: Debian Release: 9.5 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/5 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)