Hello! File type detection is performed primarily with file type magic (FTM) signatures loaded from daily.cvd. If you unpack daily.cvd, you’ll find them in daily.ftm. The signature format is documented here: https://www.clamav.net/documents/file-type-magic By adjusting these signatures, we disabled detecting PNG files as “CL_TYPE_PNG” for 0.103.0 and prior, instead detecting PNG files as “CL_TYPE_GRAPHICS” as it had been before.
If you look at daily.ftm now, the PNG related signatures are: 0:0:89504e47:PNG:CL_TYPE_ANY:CL_TYPE_GRAPHICS::121 0:0:89504e47:PNG:CL_TYPE_ANY:CL_TYPE_PNG:122 For 0.103.1+, PNG files will detect as CL_TYPE_PNG which will enable the (fixed) PNG parser. Because we’re able to effectively mitigate the issue by disabling PNG file type detection, which wasn’t working correctly in other ways from an efficacy standpoint due to other bugs anyways, we didn’t request a CVE or publish an advisory. -Micah From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Pierre Olivier KAPLAN Sent: Wednesday, March 3, 2021 5:12 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Question regarding the 0.103.1 PNG bug fix Hello, I have two question regarding the 0.103.1 Releases Notes. In the bug fixes is mentionned an issue with some PNG parsing file causing a stack exhaustion. With isn't this categorized as a vulnerability, as it allows DoS attacks ? It is also mentionned that a signature exists to avoid the parsing. But I couldn't find it in the database. Do you know which one we shall use ? Thanks in advance for your help
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
