Re: [Clamav-users] Zip issues

[Odhiambo Washington]

* René Bellora <[EMAIL PROTECTED]> [20031107 17:47]: wrote:
> Tomasz Kojm wrote:
> 
> >I wasn't able to reproduce Mimail zip errors but there are real chances
> >the latest change in CVS will fix them. There's a snapshot available at:
> >
> >http://clamav.sf.net/snapshot/clamav-20031106-tk.tar.gz
> >
> >Please test it ASAP. Thank you.
> >
> >Best regards,
> >Tomasz Kojm
> > 
> >
> downloaded, compiled and installed (Redhat 7.2):
> 
> [EMAIL PROTECTED] tmp]# clamscan -V
> clamscan / ClamAV version devel-20031107
> [EMAIL PROTECTED] tmp]# clamscan photos.zip
> Segmentation fault
> 

Yayi! You should use clamscan --disable-archive --unzip instead!

Okay, here is my report also:

[EMAIL PROTECTED] -mnr
ns2.wananchi.com 4.9-STABLE i386

[EMAIL PROTECTED] -V
clamscan / ClamAV version devel-20031107

[EMAIL PROTECTED] --disable-archive --unzip photos.zip
Archive:  /wananchi/home/wash/Administration/Clamav/photos.zip
warning [/wananchi/home/wash/Administration/Clamav/photos.zip]:  2 extra bytes at 
beginning or within zipfile
  (attempting to process anyway)
file #1:  bad zipfile offset (local header sig):  2
  (attempting to re-compensate)
 extracting: photos.jpg.exe          
/var/tmp//5aabb0a588b657db/photos.jpg.exe: Worm.Mimail.C FOUND
/wananchi/home/wash/Administration/Clamav/photos.zip: Infected Archive FOUND

----------- SCAN SUMMARY -----------
Known viruses: 10129
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.01 MB
I/O buffer size: 131072 bytes
Time: 0.366 sec (0 m 0 s)

[EMAIL PROTECTED] photos.zip
/wananchi/home/wash/Administration/Clamav/photos.zip: Worm.Mimail.C FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.005 sec (0 m 0 s)
[EMAIL PROTECTED] photos.zip


Segmentation fault (core dumped)
[EMAIL PROTECTED]



[EMAIL PROTECTED] `which clamscan` clamscan.core
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read called at
/usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in 
elfstab_build_psymtabs
Deprecated bfd_read called at 
/usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in 
fill_symbuf

Core was generated by `clamscan'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libclamav.so.1...done.
Reading symbols from /usr/lib/libz.so.2...done.
Reading symbols from /usr/local/lib/libbz2.so.1...done.
Reading symbols from /usr/lib/libgmp.so.3...done.
Reading symbols from /usr/lib/libc_r.so.4...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/lib/libbz2.so.1...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x281367e0 in fclose () from /usr/lib/libc_r.so.4
(gdb) bt
#0  0x281367e0 in fclose () from /usr/lib/libc_r.so.4
#1  0x280759dd in cli_scanzip (desc=5, virname=0xbfbff6bc, scanned=0x8051c3c, 
root=0x80be800, limits=0x8c745b0, options=1, 
    reclev=0xbfbff67c) at scanners.c:351
#2  0x280762d8 in cli_magic_scandesc (desc=5, virname=0xbfbff6bc, scanned=0x8051c3c, 
root=0x80be800, limits=0x8c745b0,
options=1, 
    reclev=0xbfbff67c) at scanners.c:638
#3  0x28076540 in cl_scandesc (desc=5, virname=0xbfbff6bc, scanned=0x8051c3c, 
root=0x80be800, limits=0x8c745b0, options=1)
    at scanners.c:677
#4  0x804d015 in checkfile (filename=0x80bb000 "photos.zip", root=0x80be800, 
limits=0x8c745b0, options=1) at manager.c:744
#5  0x804be72 in scanfile (filename=0x80bb000 "photos.zip", root=0x80be800, 
user=0x2815dc80, opt=0x8056040, limits=0x8c745b0)
    at manager.c:353
#6  0x804bbfc in scanmanager (opt=0x8056040) at manager.c:250
#7  0x804993d in clamscan (opt=0x8056040) at clamscan.c:128
#8  0x8049fa3 in main (argc=2, argv=0xbfbff990) at options.c:148





        cheers
       - wash 
+----------------------------------+-----------------------------------------+
Odhiambo Washington                     . WANANCHI ONLINE LTD (Nairobi, KE)  |
<wash at wananchi dot com>              . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223                 . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121                 . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"  
                                                 --from a /. post

smime.p7s
Description: S/MIME cryptographic signature