On Wed, 28 Feb 2007 11:28:38 +0800 "alex" <[EMAIL PROTECTED]> wrote:
> Dears all: > > I have read the source code of clamav 0.90 and found a strange code in > filetype.c. > > There is an expressioniIn 233 line of filetype.c : > > if(!iscntrl(buf[i]) && !isprint(buf[i]) && !internat[buf[i] & > 0xff]) > > and this expression would ALWAYS be false. > > I want to know if i am wrong ? Hi Alex, you're not wrong. The problem is however not a big issue because from the ClamAV point of view it's much more safe to assume that all files are of the type CL_TYPE_UNKNOWN_TEXT (it will have some performance drawbacks, though). The line 233 should read "if(!internat[buf[i]])" however I'm rather in favour of rewriting that check (to not depend on a single character but use some basic statistics instead) or dropping it completely. Otherwise, it may in some cases lead to false negatives or allow attackers to fool ClamAV very easily. Regards, -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 15:11:49 CET 2007 _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
