Re: [Clamav-users] clamscan chokes on this email

Mon, 22 Sep 2003 13:07:56 -0700 

On Mon, 2003-09-22 at 19:40, René Bellora wrote:
> hi!
> 
>     live virus sample in: http://rana.dyndns.org/mbox.txt
> 
>     i'm using clamscan version 20030829, and when i do 'clamscan --mbox' 
> on the aforementioned, i get:
> 
> clamscan: message.c:739: decodeLine: Assertion `strlen(line) <= 76' failed.
> Aborted
> 
> it seems that the encoding has one corrupt line (one additional char at the end of 
> one line). Nonetheless, Outlook 
> Express happily delivers an infected executable. Once extracted, the 
> executable is detected by clamscan as Worm.Gibe.F

I'm running the same version and 

$ clamscan -V
clamscan / ClamAV version 20030829

$ wget http://rana.dyndns.org/mbox.txt
20:38:51 (12.50 KB/s) - `mbox.txt' saved [145294/145294]

$ clamscan mbox.txt
mbox.txt: Exploit.IFrame.Gen FOUND

----------- SCAN SUMMARY -----------
Known viruses: 9641
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.12 MB
I/O buffer size: 131072 bytes
Time: 0.200 sec (0 m 0 s)

$ clamscan -m mbox.txt
clamscan: message.c:739: decodeLine: Assertion `strlen(line) <= 76'
failed.
Aborted

but 

$ ./clamav-devel-20030922/clamscan/clamscan -m mbox.txt
LibClamAV Warning: Illegal character <č> in base64 encoding
mbox.txt: Exploit.IFrame.Gen FOUND

----------- SCAN SUMMARY -----------
Known viruses: 9641
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 0.218 sec (0 m 0 s)

$ ./clamav-devel-20030922/clamscan/clamscan mbox.txt
mbox.txt
LibClamAV Warning: Illegal character <č> in base64 encoding
mbox.txt: Worm.Gibe.F FOUND

----------- SCAN SUMMARY -----------
Known viruses: 9641
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.10 MB
I/O buffer size: 131072 bytes
Time: 0.235 sec (0 m 0 s)

so different results using different options and clamscan versions...
with the exact same virus database.


Regards,

Miguel Dias

> 
>     regards,
>     René
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to