> I have found a certain kind of mime structure and headers, that
> causes clamd to produce false negatives errors. The debugging outpout of
> clamd reports "LibClamAV debug: getline: buffer overflow stopped" and the
> viral attachment is not opened at all. (See
> http://users.auth.gr/~apap/clamav/viral-mail.raw and
> http://users.auth.gr/~apap/clamav/CLAMD-DEBUG-cannot-detect-attached-virus-in-viral-raw-mail.log)
> If the same mail is in mbox format (the only difference is in the
> first line "From "), the attachements are opened normally, and Worm.Bagz.D
> is found. (See http://users.auth.gr/~apap/clamav/viral-mail.mbox and
> http://users.auth.gr/~apap/clamav/CLAMD-DEBUG-detects-attached-virus-in-mbox-mail.log)
The problem seems to have been fixed sometime after clamav0.85.1,
but no later than CVS version clamav-devel-20050518. I had originally
observed the problem with clamav0.84.
Many thanks go to Nigel for his immediate support, Andrey Melnikoff for
his patch, and all the others that responded.
Apostolis Papayanakis
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
