Re: [Clamav-devel] Bug with .fp file being ignored

Fri, 20 Sep 2019 02:29:22 -0700 

Hi Mark,

Did you have any luck identifying the source of the bug?  I admit I bookmarked 
your email and failed to find time to look into it myself after that.  

-Micah

On 7/12/19, 6:09 PM, "clamav-devel on behalf of Mark Allan" 
<clamav-devel-boun...@lists.clamav.net on behalf of markjal...@gmail.com> wrote:

    Hi,
    
    I think there's a bug with ClamAV not honouring the contents of a .fp file
    within the database directory.
    
    I've tested 0.101.2 as well as previous versions of ClamAV going back to
    0.99.4 and the issue seems to have appeared as of 0.100.0 onwards.
    
    To re-create the issue:
    
    Find a zip file which you know reports an infection when scanned.
    Use sigtool --md5 to generate an FP sig of the zip file and save it in a
    <filename>.fp file in the databse directory.
    Use clamscan to scan the file and see that it still reports the file as
    being infected.
    
    
    The output from clamscan --debug shows the .fp file is being loaded, but it
    just doesn't seem to be being honoured for some reason.
    
    I see the same thing when I build ClamAV on macOS as well as when using the
    apt-get distribution on Ubuntu 18.04
    
    Lastly, it only appears to be an issue with archive filetypes eg .zip, .dmg
    etc. Simple files are excluded as expected - similarly, if you generate an
    FP sig of a simple file and put that file within an archive, it correctly
    gets excluded.
    
    I'll clone the source from Git on Monday and have a dig through it myself
    to see if I can fix the bug, but thought I'd mention it here in case
    someone's already on it, or at least knows where I can start looking!
    
    Cheers
    Mark
    _______________________________________________
    
    clamav-devel mailing list
    clamav-devel@lists.clamav.net
    https://lists.clamav.net/mailman/listinfo/clamav-devel
    
    Please submit your patches to our Bugzilla: http://bugzilla.clamav.net
    
    Help us build a comprehensive ClamAV guide:
    https://github.com/vrtadmin/clamav-faq
    
    http://www.clamav.net/contact.html#ml
    

_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Bugzilla: http://bugzilla.clamav.net

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to