Package: clamav Version: 0.99+dfsg-2 Severity: important Tags: security Any script relying on clamscan's exit status can probably be tricked with a file that contains a virus, but that uses clamscan's DOS protection to trick clamscan into not scanning it in full.
Unfortunately, when a file is too large or otherwise triggers the DOS protections, clamscan exits 0 without checking all of it. clamscan git-annex.dmg git-annex.dmg: OK ----------- SCAN SUMMARY ----------- Known viruses: 4291311 Engine version: 0.99 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 25.35 MB (ratio 0.00:1) Time: 8.958 sec (0 m 8 s) The dmg in the example above could contain a virus. It's too large for clamscan to process it, but there's no indication of that, except perhaps a hint in the 0 MB scanned line. Suggested fix: If clamscan doesn't process the whole file content for any reason, exit with 2, which is documented to mean "some error occurred". -- see shy jo