On Sun, 21 Sep 2003 at 21:49:31 -0700, Tom Brown wrote:
> On Sun, 21 Sep 2003, Luca 'NERvOus' Gibelli wrote:
>
> ?? I expect it'll bounce, since I'm not subscribed. Please forward it if
> you don't see it there.
>
> > Security bugs should be sent via private mail to Tomasz Kojm
> > ([EMAIL PROTECTED]).
>
> hhmm, the ability to hang clamd could be considered a security bug... sure
> wreaks havoc with our systems... :-(
>
[...]
> /:home:~> clamscan --mbox bad.mbox
> Segmentation fault (core dumped)
>
> /:home:~> clamscan --version
> clamscan / ClamAV version 0.60
>
At my place, 'clamscan --mbox bad.mbox' doesn't coredump, just warns:
LibClamAV Warning: Empty attachment not saved
bad.mbox: OK
$ clamscan --version
clamscan / ClamAV version 0.60+BugFixesFromCVS-20030829
(from the Debian package).
> bad.mbox is attached, it's just a single small message ... although it may
In fact, there are 2 messages; mutt shows:
q:Quit d:Del u:Undel s:Save m:Mail r:Reply g:Group ?:Help
1 N 20.09.03 owner-sotd (7.7K)
2 21.09.03 Mail System Interna (0.3K) DON'T DELETE THIS MESSAGE -- FOLDER
don't mind it, just to be precise.
> well be misformatted... pine shows it as empty... then again, we are using
> mime-defang and I think it would have been the decoded contents that were
> given to clamd ...
>
> -Tom
The message from owner-sotd is heavily misformatted!
Even so good MUA like mutt shows the text part of that message as:
[EMAIL PROTECTED] using -f
Received: from Administrator (pool-68-161-142-58.ny325.east.verizon.net [68.161.
142.58])
by star3.baremetal.com (8.12.10/8.12.9) with ESMTP id h8KArWNW014741
for <[EMAIL PROTECTED]>; Sat, 20 Sep 2003 03:53:33 -0700
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Most Cheapest Software Products!
Date: Fri, 05 Sep 03 04:20:12 Eastern Daylight Time
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="----=_NextPart_000_00C4_6670AD7C.A42FBC
77"
X-Priority: 3
This is because lines are broken (further parts of the lines are moved
to new lines). See below:
[...]
> From owner-sotd Sat Sep 20 03:45:44 2003
> Received: from star3.baremetal.com (star3.baremetal.com [216.86.113.236])
> by mailman.baremetal.com (8.12.10/8.12.9) with ESMTP id h8KAjiBm022039
> for <[EMAIL PROTECTED]>; Sat, 20 Sep 2003 03:45:44 -0700
> Received: from star3.baremetal.com (localhost [127.0.0.1])
> by star3.baremetal.com (8.12.10/8.12.9) with ESMTP id h8KArYNV014766
> for <[EMAIL PROTECTED]>; Sat, 20 Sep 2003 03:53:34 -0700
> Received: (from [EMAIL PROTECTED])
> by star3.baremetal.com (8.12.10/8.12.10/Submit) id h8KArYhN014764
> for [EMAIL PROTECTED]; Sat, 20 Sep 2003 03:53:34 -0700
> X-Authentication-Warning: star3.baremetal.com: kididdles set sender to Web-maste
> [EMAIL PROTECTED] using -f
^^^ Instead of "[EMAIL PROTECTED] using -f" there is:
"Web-maste
[EMAIL PROTECTED] using -f"
> Received: from Administrator (pool-68-161-142-58.ny325.east.verizon.net [68.161.
> 142.58])
^^^ Instead of "[68.161.142.58])"
there is:
"[68.161.
142.58])".
> by star3.baremetal.com (8.12.10/8.12.9) with ESMTP id h8KArWNW014741
> for <[EMAIL PROTECTED]>; Sat, 20 Sep 2003 03:53:33 -0700
> Message-Id: <[EMAIL PROTECTED]>
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Most Cheapest Software Products!
> Date: Fri, 05 Sep 03 04:20:12 Eastern Daylight Time
> MIME-Version: 1.0
> Content-Type: multipart/mixed;boundary= "----=_NextPart_000_00C4_6670AD7C.A42FBC
> 77"
^^^
That's why the attachment is seen as empty: instead of the string
"_NextPart_000_00C4_6670AD7C.A42FBC77" there is:
"_NextPart_000_00C4_6670AD7C.A42FBC" with "77" in the *next* line, which
is not valid.
[...]
> ------=_NextPart_000_00C4_6670AD7C.A42FBC77
^^
So the boundary string doesn't match that declared earlier.
> Content-Type: text/html
> Content-Transfer-Encoding: base64
>
[...]
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Clamav-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-devel
