We run a webmail service and use clamdscan/clamd in mbox mode to scan incoming messages. Every so often certain messages will cause clamd to hang (not crash, but just hang indefinitely), which causes all of our incoming mail to back up. It appears as if certain SPAM messages are causing this behavior -- and they also cause clamscan to segfault.
I recompiled clamscan 0.60 in debug mode and ran it against one of the messages that presumably caused clamd to hang. As expected, clamscan segfaulted and clamd just hung. BTW, this same behavior was occuring under previous versions of clamav. Any suggestions? The message causing the segfault is attached. Here is the debug output: ----- wallace:/tmp/scan2# clamscan --mbox /tmp/scan3/mboxscan-qmail.ufpwAg LibClamAV debug: Loading databases from /var/lib/clamav/ LibClamAV debug: Loading /var/lib/clamav//viruses.db2 LibClamAV debug: Initializing trie. LibClamAV debug: Loading /var/lib/clamav//viruses.db LibClamAV debug: Recognized mail file. LibClamAV debug: in mbox() LibClamAV debug: Finished processing message LibClamAV debug: continuationMarker(Return-Path: <[EMAIL PROTECTED]> ) LibClamAV debug: parseMimeHeader: cmd='Return-Path:', arg='<[EMAIL PROTECTED]>' LibClamAV debug: continuationMarker(Delivered-To: [EMAIL PROTECTED] ) LibClamAV debug: parseMimeHeader: cmd='Delivered-To:', arg='[EMAIL PROTECTED]' LibClamAV debug: continuationMarker(Received: (qmail 30491 invoked from network); 22 Jun 2003 10:17:26 -0000 ) LibClamAV debug: parseMimeHeader: cmd='Received:', arg='(qmail 30491 invoked from network); 22 Jun 2003 10:17:26 -0000' LibClamAV debug: continuationMarker(Received: from unknown (HELO big53.bigemailoffers.com) (216.93.191.53) ) LibClamAV debug: parseMimeHeader: cmd='Received:', arg='from unknown (HELO big53.bigemailoffers.com) (216.93.191.53)' LibClamAV debug: continuationMarker( by 0 with SMTP; 22 Jun 2003 10:17:26 -0000 ) LibClamAV debug: parseMimeHeader: cmd='by', arg='0 with SMTP; 22 Jun 2003 10:17:26 -0000' LibClamAV debug: continuationMarker(Received: by big53.bigemailoffers.com (PowerMTA(TM) v1.5); Sun, 22 Jun 2003 03:05:07 -0700 (envelope-from <[EMAIL PROTECTED]>) ) LibClamAV debug: parseMimeHeader: cmd='Received:', arg='by big53.bigemailoffers.com (PowerMTA(TM) v1.5); Sun, 22 Jun 2003 03:05:07 -0700 (envelope-from <[EMAIL PROTECTED]>)' LibClamAV debug: continuationMarker(Subject: Take part in our software giveaway ) LibClamAV debug: parseMimeHeader: cmd='Subject:', arg='Take part in our software giveaway' LibClamAV debug: continuationMarker(From: Video Professor<[EMAIL PROTECTED]> ) LibClamAV debug: parseMimeHeader: cmd='From:', arg='Video Professor<[EMAIL PROTECTED]>' LibClamAV debug: continuationMarker(To: [EMAIL PROTECTED] ) LibClamAV debug: parseMimeHeader: cmd='To:', arg='[EMAIL PROTECTED]' LibClamAV debug: continuationMarker(MIME-Version: 1.0 ) LibClamAV debug: parseMimeHeader: cmd='MIME-Version:', arg='1.0' LibClamAV debug: continuationMarker(Content-Type: multipart/alternative; boundary="_NextPart_6345643_boundary" ) LibClamAV debug: parseMimeHeader: cmd='Content-Type:', arg='multipart/alternative; boundary="_NextPart_6345643_boundary"' LibClamAV debug: messageSetMimeType: 'multipart' LibClamAV debug: Add argument 'boundary="_NextPart_6345643_boundary"' LibClamAV debug: continuationMarker(Date: Sun, 22 Jun 2003 03:05:07 -0700 ) LibClamAV debug: parseMimeHeader: cmd='Date:', arg='Sun, 22 Jun 2003 03:05:07 -0700' LibClamAV debug: End of header information LibClamAV debug: in insert(nBlobs = 0) LibClamAV debug: messageFindArgument: compare 8 bytes of boundary with boundary="_NextPart_6345643_boundary" LibClamAV debug: found _NextPart_6345643_boundary in --_NextPart_6345643_boundary LibClamAV debug: Now read in part 0 LibClamAV debug: continuationMarker(Content-Type: text/plain; charset:ISO-8859-1) LibClamAV debug: insert content-type: parse line 'Content-Type: text/plain; charset:ISO-8859-1' LibClamAV debug: messageSetMimeType: 'text' LibClamAV debug: Add arguments ' charset:ISO-8859-1' clamscan: message.c:277: messageAddArguments: Assertion `string != ((void *)0)' failed. Aborted (core dumped) -----
