control: forwarded -1 https://bugzilla.clamav.net/show_bug.cgi?id=11522 control: tags -1 + upstream
On 2016-03-07 15:59:37 [-0400], Joey Hess wrote: > Package: clamav > Version: 0.99+dfsg-2 > Severity: important > Tags: security > > Any script relying on clamscan's exit status can probably be tricked > with a file that contains a virus, but that uses clamscan's DOS > protection to trick clamscan into not scanning it in full. This sounds similar to #740059. Here it continues, in the other it aborts. > Suggested fix: If clamscan doesn't process the whole file content for > any reason, exit with 2, which is documented to mean "some error > occurred". Sounds reasonable. I forwarded your report upstream. Sebastian