Bug 192407 - Attachment silently untested if quote missing in mime header.
Summary: Attachment silently untested if quote missing in mime header.
Alias: None
Product: Fedora
Classification: Fedora
Component: clamav
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Enrico Scholz
QA Contact: Fedora Extras Quality Assurance
Whiteboard: bzcl34nup
Depends On:
TreeView+ depends on / blocked
Reported: 2006-05-19 14:27 UTC by Patrick Monnerat
Modified: 2008-05-06 15:55 UTC (History)
4 users (show)

Clone Of:
Last Closed: 2008-05-06 15:55:52 UTC

Attachments (Terms of Use)
this e-mail data file exhibits the caveat (516 bytes, text/plain)
2006-05-19 14:27 UTC, Patrick Monnerat
no flags Details
Patch to avoid this problem (1.36 KB, patch)
2006-05-19 14:32 UTC, Patrick Monnerat
no flags Details | Diff

Description Patrick Monnerat 2006-05-19 14:27:29 UTC
Description of problem:
In clamav-milter, an attachment is silently ignored if its name has unbalnced

Version-Release number of selected component (if applicable):

How reproducible:
Always with the attached e-mail file.

Steps to Reproduce:
1. Enable debug in clamav-milter
2. Send the attached e-mail file to the target server
3. Check file /var/log/clamd.milter on the server: attachment has not been tested.
Actual results:
Accepts a mail without knowing if a virus is in the attachment.

Expected results:
Real test of attachment

Additional info:
For safety purposes, the test email below does not contain any virus.

Comment 1 Patrick Monnerat 2006-05-19 14:27:29 UTC
Created attachment 129600 [details]
this e-mail data file exhibits the caveat

Comment 2 Patrick Monnerat 2006-05-19 14:32:34 UTC
Created attachment 129601 [details]
Patch to avoid this problem

There is a "TODO" comment in the source code, showing that the designers are
aware of this caveat. Since it may be used by some virus designer to bypass
clamav-milter, I think it must be fixed ASAP.

Comment 3 Patrick Monnerat 2006-07-11 12:49:03 UTC
Problem still present in 0.88.3-1
Patch may be applied as is

Comment 4 Patrick Monnerat 2006-08-10 10:12:55 UTC
Problem still present in 0.88.4-1
Patch may be applied as is

Comment 5 Patrick Monnerat 2006-10-24 10:13:45 UTC
Problem still present in 0.88.5-1
Patch may be applied as is
  By the way: Does anybody uses clamav-milter ??? ;-)

Comment 6 Christian Iseli 2007-01-17 23:19:13 UTC
FC3 and FC4 have now been EOL'd.

Please check the ticket against a current Fedora release, and either adjust the
release number, or close it if appropriate.


Your friendly BZ janitor :-)

Comment 7 Patrick Monnerat 2007-01-18 10:05:36 UTC
Bug still present with clamav-milter-0.88.7-1.fc6
Patch still usable as is

Comment 8 Patrick Monnerat 2007-01-30 18:09:54 UTC
Bug still present with clamav-milter-0.88.7-1.fc6
Patch still usable as is

Comment 9 Nigel Horne 2007-06-09 20:46:29 UTC
This is fixed upstream (now on release 0.90.3).

I changed the contents of the test file to insert the EICAR test virus and now
see the below.

For the avoidance of doubt, the bug is not in clamav-milter, it is in the clamAV
engine (aka libclamav).

[njh@njh tmp]$ clamscan redhat.129600 
redhat.129600: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 124379
Engine version: devel-20070602
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 1.531 sec (0 m 1 s)
[njh@njh tmp]$ 
[njh@njh tmp]$ cat redhat.129600 
Subject: test
From: Someone <someone@somewhere.com>
To: somebody@elsewhere.org
Content-Type: multipart/mixed; boundary="=-SO08VINt7kJAPv02Y+q1"
Mime-Version: 1.0
Date: Thu, 18 May 2006 18:59:18 +0200

Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Inline text

Content-Disposition: attachment; filename="Test.txt"
Content-Type: text/plain; name="=?ISO8859-1?Q?Test=2Etxt?=; charset=UTF-8
Content-Transfer-Encoding: 8bit


[njh@njh tmp]$ 

Comment 10 Bug Zapper 2008-04-04 02:56:20 UTC
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

Comment 11 Bug Zapper 2008-05-06 15:55:50 UTC
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.