Launchpad has imported 28 comments from the remote bug at https://bugzilla.clamav.net/show_bug.cgi?id=5252.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-06-15T17:56:49+00:00 Draynor wrote: Users have reported that scanning MS compressed files are returning "CL_EFORMAT: Bad format or broken data ERROR". The patch for bug #4626 introduced this behavior. We are currently investigating the correct solution to these reports. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/0 ------------------------------------------------------------------------ On 2012-06-15T18:22:38+00:00 Draynor wrote: The return value noted here is a scanning error code. This behavior has been seen on files that do not decompress correctly. If using clamav- milter, messages with attachments flagged as CL_EFORMAT trigger the OnFail Action specified in the clamav-milter.conf configuration file. The default Action for OnFail is Defer, so these messages will be rescanned at intervals and never delivered. There is a workaround to break the loop of re-scanning these broken files. To reject messages with these attachments, change the OnFail Action to Reject. If you prefer the old behavior of the previous release, change the OnFail Action to Accept. These solutions should be used as a temporary workaround only and in an environment where the connection to clamd is stable. Changing this configuration line will also affect any messages that fail scanning because of transient issues such as dropped connections or out of memory errors. If OnFail is set to Accept, malicious mail may be passed by the scanner. If OnFail is set to Reject, non-malicious mail may be rejected by the scanner. This workaround should be used with caution. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/1 ------------------------------------------------------------------------ On 2012-06-20T14:34:48+00:00 Draynor wrote: The root cause has been traced to an errorcode-handling change in the patch for bug #4669 and is not LZX-compression specific. Other file formats which have reported to trigger CL_EFORMAT errors include Excel & Word documents as well as PDF files. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/3 ------------------------------------------------------------------------ On 2012-06-20T20:57:43+00:00 Dfs-q wrote: Hi, guys, Is the patch at http://git.clamav.net/gitweb?p=clamav- devel.git;a=commit;h=cdbe27798612df93351a9d0da2a2e377ce4118aa a fix for this? Regards, David. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/4 ------------------------------------------------------------------------ On 2012-06-20T21:26:02+00:00 Scheidell wrote: I am getting ready to try it on FreeBSD. If anyone wants the ports patch let me know. This applies cleanly to 0.97.5. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/5 ------------------------------------------------------------------------ On 2012-06-20T21:51:20+00:00 Dfs-q wrote: The patch did not compile for me. This patch did: diff --git a/libclamav/scanners.c b/libclamav/scanners.c index e84d735..1055b2c 100644 --- a/libclamav/scanners.c +++ b/libclamav/scanners.c @@ -2369,7 +2369,19 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) ctx->fmap--; cli_bitset_free(ctx->hook_lsig_matches); ctx->hook_lsig_matches = old_hook_lsig_matches; - ret_from_magicscan(ret); + /* Same switch as end of magic_scandesc function */ + switch(ret) { + case CL_EFORMAT: + case CL_EMAXREC: + case CL_EMAXSIZE: + case CL_EMAXFILES: + cli_dbgmsg("Descriptor: %s\n", cl_strerror(ret)); + case CL_CLEAN: /* here, only from cli_checkfp() */ + cache_add(hash, hashed_size, ctx); + ret_from_magicscan(CL_CLEAN); + default: + ret_from_magicscan(ret); + } } } Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/6 ------------------------------------------------------------------------ On 2012-06-20T22:10:44+00:00 Scheidell wrote: on of (us?) is off by 30 lines. The original patch applied fine for me against 0.97.5 source tarball. are you saying 'it didn't compile' ? or are you saying the patch did not apply? (I am compiling now, both AMD64 and I386/32) Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/7 ------------------------------------------------------------------------ On 2012-06-20T22:24:05+00:00 Scheidell wrote: ok, I see: cli_dbgmsg("Descriptor[%d]: %s\n", fmap_fd(*ctx->fmap), cl_strerror(ret)); gives me: CCLD clamscan ../libclamav/.libs/libclamav.so: undefined reference to `fmap_fd' gmake[2]: *** [clamscan] Error 1 gmake[2]: Leaving directory `/work/a/ports/security/clamav/work/clamav-0.97.5/clamscan' gmake[1]: *** [all-recursive] Error 1 you changed it to: cli_dbgmsg("Descriptor: %s\n", cl_strerror(ret)); (still off by 30 lines.. strange) Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/8 ------------------------------------------------------------------------ On 2012-06-20T23:33:39+00:00 Dfs-q wrote: > (still off by 30 lines.. strange) I may have had some other patches... can't remember. I build Debian packages and there may be patches from the Debian maintainer in the mix. Regards, David. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/9 ------------------------------------------------------------------------ On 2012-06-21T21:17:18+00:00 Draynor wrote: There is a one line difference between the versions of the patch for the master code branch and 0.97 branch, and that debug line is it. Here is the commit for the 0.97 version (the diff David posted): http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=6a879ad98460303b23a6fc119769a3b463a902f8 The patch should apply cleanly to 0.97.5. Regression tests are running as we speak so we can be confident in the results. I'll give more status details as I have them. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/13 ------------------------------------------------------------------------ On 2012-06-26T11:18:31+00:00 Jlvazquez wrote: *** Bug 5346 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/14 ------------------------------------------------------------------------ On 2012-06-28T14:02:16+00:00 I4-sergio-md wrote: I hit same error with clamav-0.97.5-1600.fc16 : https://admin.fedoraproject.org/updates/FEDORA-2012-9577/clamav-0.97.5-1600.fc16 this is a show stopper Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/15 ------------------------------------------------------------------------ On 2012-07-05T02:25:52+00:00 Nrthomas wrote: Is there any ETA for shipping this fix ? Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/16 ------------------------------------------------------------------------ On 2012-07-05T02:51:27+00:00 Jhopkins-i wrote: We've been hitting this error with certain Thunderbird and Firefox .tar.bz2 archives: http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/14.0b4-candidates/build1/linux-i686/en-GB/thunderbird-14.0b4.tar.bz2 http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/14.0b4-candidates/build1/linux-i686/lt/thunderbird-14.0b4.tar.bz2 http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/14.0b4-candidates/build1/linux-i686/hr/thunderbird-14.0b4.tar.bz2 http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/14.0b4-candidates/build1/linux-i686/uk/thunderbird-14.0b4.tar.bz2 http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/14.0b4-candidates/build1/linux-i686/hu/thunderbird-14.0b4.tar.bz2 http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/14.0b11-candidates/build1/linux-x86_64/bn-IN/firefox-14.0b11.tar.bz2 If you decompress the .bz2 and scan the resulting .tar file, the scan completes ok. We're hitting this problem with clamscan 0.97.5. Downgrading to 0.97.4 scans the .tar.bz2 files OK. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/17 ------------------------------------------------------------------------ On 2012-07-05T03:03:42+00:00 Garrod-alwood wrote: If you are seeing this error, then I suggest completing the patch. It tested on my debian 6.0 compiled 0.97.5 with the patch, the issue no longer occurs. I can't wait till the regression tests are finished. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/18 ------------------------------------------------------------------------ On 2012-07-05T05:48:55+00:00 I4-sergio-md wrote: (In reply to comment #14) > If you are seeing this error, then I suggest completing the patch. It tested > on > my debian 6.0 compiled 0.97.5 with the patch, the issue no longer occurs. I > can't wait till the regression tests are finished. 1 - where is the patch ? 2 - Still not have the answer, when we have a new release ? Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/19 ------------------------------------------------------------------------ On 2012-07-05T13:21:21+00:00 Matthew Olney wrote: The fix for bug is currently in regression testing. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/20 ------------------------------------------------------------------------ On 2012-07-19T16:29:18+00:00 Xascha wrote: I'm having the same false positive with clamav-0.97.5 + current db, but with an mp4 file. Worked with older db's. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/25 ------------------------------------------------------------------------ On 2012-07-19T17:10:06+00:00 I4-sergio-md wrote: (In reply to comment #16) > The fix for bug is currently in regression testing. and what is the date ( in a number ) that regression testing finish ? 2 - Still not have the answer, when we have a new release ? we be one week , one month or one year ? Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/26 ------------------------------------------------------------------------ On 2012-07-19T17:21:10+00:00 Dfs-q wrote: Yes, the slow reaction to this (IMO) critical bug is very disappointing. Something as serious as this should definitely prompt a new release. For our customers, we build packages with the patch in Comment #5 or Comment #9 and it works fine. Regards, David. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/27 ------------------------------------------------------------------------ On 2012-07-25T17:18:44+00:00 Scott Kitterman wrote: (In reply to comment #15) > (In reply to comment #14) > > If you are seeing this error, then I suggest completing the patch. It > > tested on > > my debian 6.0 compiled 0.97.5 with the patch, the issue no longer occurs. I > > can't wait till the regression tests are finished. > > 1 - where is the patch ? > 2 - Still not have the answer, when we have a new release ? Would you please file a release critical bug against the clamav package in Debian for this issue? I'm one of the Debian clamav maintainers and that will help me get the fix into Wheezy (and Squeeze). Please give some indication of the steps to reproduce the issue so I can better demonstrate the problem/solution and get it approved. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/29 ------------------------------------------------------------------------ On 2012-07-27T16:05:15+00:00 Carter Browne wrote: This problems happens on RPMs as well. I applied the patch and when I try to compile is get: ../libclamav/.libs/libclamav.so: undefined reference to `fmap_fd' Environment Redhat AS 5.8 GCC gcc44-4.4.6-3 Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/32 ------------------------------------------------------------------------ On 2012-07-29T19:11:51+00:00 I4-sergio-md wrote: (In reply to comment #20) > (In reply to comment #15) > > (In reply to comment #14) > > > If you are seeing this error, then I suggest completing the patch. It > > > tested on > > > my debian 6.0 compiled 0.97.5 with the patch, the issue no longer occurs. > > > I > > > can't wait till the regression tests are finished. > > > > 1 - where is the patch ? > > 2 - Still not have the answer, when we have a new release ? > > Would you please file a release critical bug against the clamav package in > Debian for this issue? I'm one of the Debian clamav maintainers and that will > help me get the fix into Wheezy (and Squeeze). > > Please give some indication of the steps to reproduce the issue so I can > better > demonstrate the problem/solution and get it approved. I use and test it in Fedora 16, 0.97.5 have been push to stable updates , due a security concerns, I had to exclude clamav from updates ... Still not see, where is the patch, neither when we expect a need release ... At least let me know when was released by writing in this bug report. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/33 ------------------------------------------------------------------------ On 2012-08-06T07:21:19+00:00 SeanBoran wrote: FYI after a regular patching of Ubuntu 11.04, clam has started giving this error too (I hit it on a squid proxy scanning attachments). The Ubuntu tracking of this bug is: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1015405 Any news on when 0.97.6 might appear? Since I'm using standard Ubuntu packages I'd prefer an official clam release that gets pull into Ubuntu, as opposed to compiling from source. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/34 ------------------------------------------------------------------------ On 2012-08-06T08:23:08+00:00 Befsup wrote: We need this fix too. This is really urgent. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/35 ------------------------------------------------------------------------ On 2012-08-06T08:36:30+00:00 Befsup wrote: Please give us a rough date for 0.97.6. We have to supply our customers with a rough guess when this error will be fixed. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/36 ------------------------------------------------------------------------ On 2012-08-14T17:25:38+00:00 Scott Kitterman wrote: I've uploaded an updated package with the patch for this issue to Debian Unstable. From there it will propagate to Debian Wheezy/Squeeze Updates and Ubuntu. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/38 ------------------------------------------------------------------------ On 2012-08-14T20:46:15+00:00 Draynor wrote: Since I know many of you on this CC list have been asking, the complete 0.97.6 update including this patch is coming very soon. Reply at: https://bugs.launchpad.net/clamav/+bug/1015405/comments/39 ** Changed in: clamav Status: Unknown => In Progress ** Changed in: clamav Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1015405 Title: ClamAV error: CL_EFORMAT: Bad format or broken data To manage notifications about this bug go to: https://bugs.launchpad.net/clamav/+bug/1015405/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports