The cli_scandesc function causes clamav to crash, sometimes the read systemcall returns less than SCANBUFF bytes... I think the code expects this behaviour happen one time when reading the last block of data but if it happens several times, the length becomes negative and cli_bm_scanbuff will finally crash.
#0 0x08074899 in cli_bm_scanbuff () #1 0x08049ba5 in cli_scandesc () #2 0x08051820 in cli_magic_scandesc () #3 0x080519b1 in cli_scanfile () Release: 0.86.1 Please find attached a patch which should fix this problem. -- David Gueluy [EMAIL PROTECTED] Netasq _ Secure Internet Connectivity http://www.netasq.com ----------------------------------------------------------------------- This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. The information contained in this e-mail is intended solely for the addressee. Access to this e-mail by anyone else or any unauthorized review, use, disclosure or distribution is unauthorized and prohibited. If you are not the named addressee indicated in this message (or responsible for delivery of the message to such person), you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by fax or e-mail and delete and destroy all copies of the message. If you are the intended recipient but do not wish to receive communications through this medium, please advise the sender immediately. The views expressed in this e-mail are not necessarily the views of NetASQ. The company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary. ------------------------------------------------------------------------
patch-libclamav-matcher.c
Description: Binary data
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html