When using clamscan on very large file, DoS protection terminating the scanning may apply, returning 0 value, just as in case of successfull scan. If application relies on return value of clamscan, it is possible to trick the application to hide malicious code in very large file, so the DoS protection in clamscan occurs, returning successful return value. Upstream bug: https://bugzilla.clamav.net/show_bug.cgi?id=11522 Debian report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817067
Created clamav tracking bugs for this issue: Affects: fedora-all [bug 1316141] Affects: epel-all [bug 1316142]
Could I be given access to the upstream bug report?
(In reply to Orion Poplawski from comment #2) > Could I be given access to the upstream bug report? +1 , Orion have you already access to this bug report ?
fix 0.99.3 false negative of virus Pdf.Exploit.CVE_2016_1046-1. https://github.com/vrtadmin/clamav-devel/commit/167c0079292814ec5523d0b97a9e1b002bf8819b is this CVE ?
(In reply to Sergio Monteiro Basto from comment #3) > (In reply to Orion Poplawski from comment #2) > > Could I be given access to the upstream bug report? > > +1 , Orion have you already access to this bug report ? Nope.
(In reply to Sergio Monteiro Basto from comment #4) > fix 0.99.3 false negative of virus Pdf.Exploit.CVE_2016_1046-1. > > https://github.com/vrtadmin/clamav-devel/commit/ > 167c0079292814ec5523d0b97a9e1b002bf8819b > > is this CVE ? No, this fix is only applicable to 0.99.3 , conclusion this vulnerability may be closed as not a real vulnerability and won't fix until update to 0.99.3 release