Hi Folks, If this is the wrong place to report this, please let me know. I checked the main clamav site and it asks that problems related to 3rd party builds should be sent to that 3rd party.
We have a number of files that are causing clam 0.91 to crash (both clamd and clamscan). The files, surprisingly, appear to be coming from amazon.com and appear to be fairly straight forward, though I suppose they could be spoofed. The problem started occurring when we upgraded from: clamd daemon devel-20070312 (OS: windows, ARCH: i386, CPU: i686) to clamd daemon 0.91 (OS: windows, ARCH: i386, CPU: i686) There were no configuration file changes during the upgrade. Some troubleshooting has determined that the crashing is being caused by the PhisingScanURLs module. We had never explicitly turned this module on, leaving the default of # Scan urls found in mails for phishing attempts. # (available in experimental builds only) # Default: yes #PhishingScanURLs yes Three startup logs for clamav are below showing the old build, the new build and the new build after changing the directive "PhishingScanURLs NO" and uncommenting it. After setting it to NO, it logs "Disabling URL based phishing detection.", however when it is commented out it does not log anything, so one cannot tell whether or not it is enabled, and we assumed that it was not enabled due to the "(available in experimental builds only)" comment in the config file. I guess the issue in summary are that: 1. The file in the attached .zip crashed clam when using the PhisingScanURLs yes 2. Clam does not log when PhishingScanURLs is enabled, only when it is disabled. The attached zip file is password protected with 'crashclam' so that it does not get scanned and crash everyone else. It contains a single .eml file. Thanks, Justin Fri May 04 18:57:13 2007 -> clamd daemon devel-20070312 (OS: windows, ARCH: i386, CPU: i686) Fri May 04 18:57:13 2007 -> Log file size limit disabled. Fri May 04 18:57:13 2007 -> Reading databases from x:\clamAV\data Fri May 04 18:57:23 2007 -> Loaded 114050 signatures. Fri May 04 18:57:23 2007 -> Bound to address 127.0.0.1 on tcp port 3310 Fri May 04 18:57:23 2007 -> Setting connection queue length to 15 Fri May 04 18:57:23 2007 -> Archive: Archived file size limit set to 104857600 bytes. Fri May 04 18:57:23 2007 -> Archive: Recursion level limit set to 5. Fri May 04 18:57:23 2007 -> Archive: Files limit set to 1000. Fri May 04 18:57:23 2007 -> Archive: Compression ratio limit set to 200. Fri May 04 18:57:23 2007 -> Archive support enabled. Fri May 04 18:57:23 2007 -> Algorithmic detection enabled. Fri May 04 18:57:23 2007 -> Portable Executable support enabled. Fri May 04 18:57:23 2007 -> ELF support enabled. Fri May 04 18:57:23 2007 -> Mail files support enabled. Fri May 04 18:57:23 2007 -> Mail: Recursion level limit set to 64. Fri May 04 18:57:23 2007 -> OLE2 support enabled. Fri May 04 18:57:23 2007 -> PDF support disabled. Fri May 04 18:57:23 2007 -> HTML support enabled. Fri May 04 18:57:23 2007 -> Self checking every 1800 seconds. Fri Jul 27 09:13:42 2007 -> clamd daemon 0.91 (OS: windows, ARCH: i386, CPU: i686) Fri Jul 27 09:13:42 2007 -> Log file size limit disabled. Fri Jul 27 09:13:42 2007 -> Reading databases from x:\clamAV\data Fri Jul 27 09:13:48 2007 -> Loaded 140763 signatures. Fri Jul 27 09:13:48 2007 -> Bound to address 127.0.0.1 on tcp port 3310 Fri Jul 27 09:13:48 2007 -> Setting connection queue length to 15 Fri Jul 27 09:13:48 2007 -> Archive: Archived file size limit set to 104857600 bytes. Fri Jul 27 09:13:48 2007 -> Archive: Recursion level limit set to 5. Fri Jul 27 09:13:48 2007 -> Archive: Files limit set to 1000. Fri Jul 27 09:13:48 2007 -> Archive: Compression ratio limit set to 200. Fri Jul 27 09:13:48 2007 -> Archive support enabled. Fri Jul 27 09:13:48 2007 -> Algorithmic detection enabled. Fri Jul 27 09:13:48 2007 -> Portable Executable support enabled. Fri Jul 27 09:13:48 2007 -> ELF support enabled. Fri Jul 27 09:13:48 2007 -> Mail files support enabled. Fri Jul 27 09:13:48 2007 -> Mail: Recursion level limit set to 64. Fri Jul 27 09:13:48 2007 -> OLE2 support enabled. Fri Jul 27 09:13:48 2007 -> PDF support disabled. Fri Jul 27 09:13:48 2007 -> HTML support enabled. Fri Jul 27 09:13:48 2007 -> Self checking every 1800 seconds. Fri Aug 03 09:37:55 2007 -> clamd daemon 0.91 (OS: windows, ARCH: i386, CPU: i686) Fri Aug 03 09:37:55 2007 -> Log file size limit disabled. Fri Aug 03 09:37:55 2007 -> Reading databases from x:\clamAV\data Fri Aug 03 09:37:55 2007 -> Disabling URL based phishing detection. Fri Aug 03 09:38:01 2007 -> Loaded 142120 signatures. Fri Aug 03 09:38:01 2007 -> Bound to address 127.0.0.1 on tcp port 3310 Fri Aug 03 09:38:01 2007 -> Setting connection queue length to 15 Fri Aug 03 09:38:01 2007 -> Archive: Archived file size limit set to 104857600 bytes. Fri Aug 03 09:38:01 2007 -> Archive: Recursion level limit set to 5. Fri Aug 03 09:38:01 2007 -> Archive: Files limit set to 1000. Fri Aug 03 09:38:01 2007 -> Archive: Compression ratio limit set to 200. Fri Aug 03 09:38:01 2007 -> Archive support enabled. Fri Aug 03 09:38:01 2007 -> Algorithmic detection enabled. Fri Aug 03 09:38:01 2007 -> Portable Executable support enabled. Fri Aug 03 09:38:01 2007 -> ELF support enabled. Fri Aug 03 09:38:01 2007 -> Mail files support enabled. Fri Aug 03 09:38:01 2007 -> Mail: Recursion level limit set to 64. Fri Aug 03 09:38:01 2007 -> OLE2 support enabled. Fri Aug 03 09:38:01 2007 -> PDF support disabled. Fri Aug 03 09:38:01 2007 -> HTML support enabled. Fri Aug 03 09:38:01 2007 -> Self checking every 1800 seconds.
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
