Bug 192407 - Attachment silently untested if quote missing in mime header.
Attachment silently untested if quote missing in mime header.
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: clamav (Show other bugs)
6
All Linux
medium Severity high
: ---
: ---
Assigned To: Enrico Scholz
Fedora Extras Quality Assurance
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-19 10:27 EDT by Patrick Monnerat
Modified: 2008-05-06 11:55 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-06 11:55:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
this e-mail data file exhibits the caveat (516 bytes, text/plain)
2006-05-19 10:27 EDT, Patrick Monnerat
no flags Details
Patch to avoid this problem (1.36 KB, patch)
2006-05-19 10:32 EDT, Patrick Monnerat
no flags Details | Diff

  None (edit)
Description Patrick Monnerat 2006-05-19 10:27:29 EDT
Description of problem:
In clamav-milter, an attachment is silently ignored if its name has unbalnced
quotes.

Version-Release number of selected component (if applicable):
clamav-milter-0.88.2-1

How reproducible:
Always with the attached e-mail file.


Steps to Reproduce:
1. Enable debug in clamav-milter
2. Send the attached e-mail file to the target server
3. Check file /var/log/clamd.milter on the server: attachment has not been tested.
  
Actual results:
Accepts a mail without knowing if a virus is in the attachment.

Expected results:
Real test of attachment

Additional info:
For safety purposes, the test email below does not contain any virus.
Comment 1 Patrick Monnerat 2006-05-19 10:27:29 EDT
Created attachment 129600 [details]
this e-mail data file exhibits the caveat
Comment 2 Patrick Monnerat 2006-05-19 10:32:34 EDT
Created attachment 129601 [details]
Patch to avoid this problem

There is a "TODO" comment in the source code, showing that the designers are
aware of this caveat. Since it may be used by some virus designer to bypass
clamav-milter, I think it must be fixed ASAP.
Comment 3 Patrick Monnerat 2006-07-11 08:49:03 EDT
Problem still present in 0.88.3-1
Patch may be applied as is
Comment 4 Patrick Monnerat 2006-08-10 06:12:55 EDT
Problem still present in 0.88.4-1
Patch may be applied as is
Comment 5 Patrick Monnerat 2006-10-24 06:13:45 EDT
Problem still present in 0.88.5-1
Patch may be applied as is
  By the way: Does anybody uses clamav-milter ??? ;-)
Comment 6 Christian Iseli 2007-01-17 18:19:13 EST
FC3 and FC4 have now been EOL'd.

Please check the ticket against a current Fedora release, and either adjust the
release number, or close it if appropriate.

Thanks.

Your friendly BZ janitor :-)
Comment 7 Patrick Monnerat 2007-01-18 05:05:36 EST
Bug still present with clamav-milter-0.88.7-1.fc6
Patch still usable as is
Comment 8 Patrick Monnerat 2007-01-30 13:09:54 EST
Bug still present with clamav-milter-0.88.7-1.fc6
Patch still usable as is
Comment 9 Nigel Horne 2007-06-09 16:46:29 EDT
This is fixed upstream (now on release 0.90.3).

I changed the contents of the test file to insert the EICAR test virus and now
see the below.

For the avoidance of doubt, the bug is not in clamav-milter, it is in the clamAV
engine (aka libclamav).

[njh@njh tmp]$ clamscan redhat.129600 
redhat.129600: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 124379
Engine version: devel-20070602
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 1.531 sec (0 m 1 s)
[njh@njh tmp]$ 
[njh@njh tmp]$ cat redhat.129600 
Subject: test
From: Someone <someone@somewhere.com>
To: somebody@elsewhere.org
Content-Type: multipart/mixed; boundary="=-SO08VINt7kJAPv02Y+q1"
Mime-Version: 1.0
Date: Thu, 18 May 2006 18:59:18 +0200


--=-SO08VINt7kJAPv02Y+q1
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Inline text

--=-SO08VINt7kJAPv02Y+q1
Content-Disposition: attachment; filename="Test.txt"
Content-Type: text/plain; name="=?ISO8859-1?Q?Test=2Etxt?=; charset=UTF-8
Content-Transfer-Encoding: 8bit

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

--=-SO08VINt7kJAPv02Y+q1--
[njh@njh tmp]$ 
Comment 10 Bug Zapper 2008-04-03 22:56:20 EDT
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers
Comment 11 Bug Zapper 2008-05-06 11:55:50 EDT
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.