On Mon, Sep 29, 2003 at 11:51:42AM -0700, Tom Brown wrote: > On Mon, 29 Sep 2003, Nigel Horne wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Monday 22 Sep 2003 5:49 am, Tom Brown wrote: > > > > > hhmm, the ability to hang clamd could be considered a security bug... sure > > > wreaks havoc with our systems... :-( > > > > > /:home:~> clamscan --mbox bad.mbox > > > Segmentation fault (core dumped) > > > > > > /:home:~> clamscan --version > > > clamscan / ClamAV version 0.60 > > > > I just tried it and got this: > > yes, I know better now... > > > [EMAIL PROTECTED] tmp]$ clamscan --mbox bad.mbox > > LibClamAV Warning: Empty attachment not saved > > bad.mbox: OK > > [EMAIL PROTECTED] tmp]$ clamscan --version > > clamscan / ClamAV version 20030829 > > yes, this was yet another 'bogus' bug report that could be fixed > by having a more current "release" than 0.60 ... what are the > plans for "blessing" another tarball with the title "stable > versin" and putting it up on the > http://prdownloads.sourceforge.net/clamav/ page? Given that all > the suggestions on this list to pretty much every bug report is > "upgrade" it doesn't seem to make a lot of sense to even have > 0.60 up there.
One of the problems is the lack of maintainance of the stable release. Patch releases should be provided between stable releases for serious bugs, as Magnus has been doing for the debian packages. Fetching cvs snapshots is probably not suitable for the majority of users, and theirs little point leaving the last available stable download when it's critically unreliable. Perhaps we can do this from the next stable release which is expected very soon... > strange that clamscan calls aprox 100 lines of base64 an "empty > attachment", but I know next to nothing about mime. I see other > antivirus scanners producing messages like that... the email is > 110k but the contents are about 4k ... Perhaps its in ms-tnef format. > note also that the version numbers from 20030829 are pretty > bogus... > > [EMAIL PROTECTED] ~]# clamscan --version > clamscan / ClamAV version 20030829 > > [EMAIL PROTECTED] ~]# rpm -qi clamav > Name : clamav Relocations: (not relocateable) > Version : devel_20030922 Vendor: (none) Yep. -- Damien ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-devel
