I am using clamav binaries from Crashhat for Fedora Core 1. And have an NTFS filesystem mounted through http://linux-ntfs.sourceforge.net/.
After upgrading 0.72, there is two problems with OLE2 files:
1. clamscan and clamd both segfaults when trying to scan OLE2 files located on ntfs partition.
2. When the file is on ext3 partition, there is a debug error but no segfault.
I know that is a bit confusing. Sorry for that. Hope the debug output helps. Regards, Mehmet
output of clamscan --debug excel.xls (excel.xls is a template file from excel 2000)
when excel.xls on NTFS partition:
LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: Loading /var/lib/clamav/daily.cvd LibClamAV debug: /var/lib/clamav/daily.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = fb69bcf0328d74a6b879f1fdab0c747d LibClamAV debug: Decoded signature: fb69bcf0328d74a6b879f1fdab0c747d LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-01c2ff6333f2950f/COPYING LibClamAV debug: Unpacking /tmp/clamav-01c2ff6333f2950f/viruses.db2 LibClamAV debug: Loading databases from /tmp/clamav-01c2ff6333f2950f LibClamAV debug: Loading /tmp/clamav-01c2ff6333f2950f/viruses.db2 LibClamAV debug: Initializing trie. LibClamAV debug: Loading /var/lib/clamav/main.cvd LibClamAV debug: /var/lib/clamav/main.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 2afa38b2ececc44e99e396f97e94adef LibClamAV debug: Decoded signature: 2afa38b2ececc44e99e396f97e94adef LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-83ce78ccd8ca0bb2/COPYING LibClamAV debug: Unpacking /tmp/clamav-83ce78ccd8ca0bb2/viruses.db LibClamAV debug: Loading databases from /tmp/clamav-83ce78ccd8ca0bb2 LibClamAV debug: Loading /tmp/clamav-83ce78ccd8ca0bb2/viruses.db LibClamAV debug: Recognized OLE2 container file LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: mmap'ed file Segmentation Fault
when excel.xls on ext3:
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: /var/lib/clamav/daily.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = fb69bcf0328d74a6b879f1fdab0c747d
LibClamAV debug: Decoded signature: fb69bcf0328d74a6b879f1fdab0c747d
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-8bfc7cb0582a2574/COPYING
LibClamAV debug: Unpacking /tmp/clamav-8bfc7cb0582a2574/viruses.db2
LibClamAV debug: Loading databases from /tmp/clamav-8bfc7cb0582a2574
LibClamAV debug: Loading /tmp/clamav-8bfc7cb0582a2574/viruses.db2
LibClamAV debug: Initializing trie.
LibClamAV debug: Loading /var/lib/clamav/main.cvd
LibClamAV debug: /var/lib/clamav/main.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 2afa38b2ececc44e99e396f97e94adef
LibClamAV debug: Decoded signature: 2afa38b2ececc44e99e396f97e94adef
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-470acdf5af80ad3c/COPYING
LibClamAV debug: Unpacking /tmp/clamav-470acdf5af80ad3c/viruses.db
LibClamAV debug: Loading databases from /tmp/clamav-470acdf5af80ad3c
LibClamAV debug: Loading /tmp/clamav-470acdf5af80ad3c/viruses.db
LibClamAV debug: Recognized OLE2 container file
LibClamAV debug: in cli_scanole2()
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: mmap'ed file
LibClamAV debug:
Magic: 0xLibClamAV debug: d0LibClamAV debug: cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug:
LibClamAV debug: CLSID: {LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: }
LibClamAV debug: Minor version: 0x3e
LibClamAV debug: DLL version: 0x3
LibClamAV debug: Byte Order: -2
LibClamAV debug: Big Block Size: 9
LibClamAV debug: Small Block Size: 6
LibClamAV debug: BAT count: 1
LibClamAV debug: Prop start: 1
LibClamAV debug: SBAT cutoff: 4096
LibClamAV debug: SBat start: 2
LibClamAV debug: SBat block count: 1
LibClamAV debug: XBat start: -2
LibClamAV debug: XBat block count: 0
LibClamAV debug: Root EntryLibClamAV debug: [root]LibClamAV debug: rLibClamAV debug: 3136 0
LibClamAV debug: _1_CompObjLibClamAV debug: [file]LibClamAV debug: bLibClamAV debug: 106 ffffffff
LibClamAV debug: BookLibClamAV debug: [file]LibClamAV debug: rLibClamAV debug: 2944 ffffffff
LibClamAV debug: _5_SummaryInformationLibClamAV debug: [file]LibClamAV debug: rLibClamAV debug: 56 ffffffff
LibClamAV debug: VBA scan dir: /tmp/clamav-fa0baa0030fae86b
LibClamAV debug: in vba56_dir_read()
LibClamAV debug: Can't open /tmp/clamav-fa0baa0030fae86b/_VBA_PROJECT
LibClamAV debug: Open WordDocument failed
excel.xls: OK
----------- SCAN SUMMARY ----------- Known viruses: 21883 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 1.320 sec (0 m 1 s)
------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
