Created attachment 610106 [details] thunderbird file that demos error Description of problem: Scanning errors on some file types: DOCX, tar.bz2, XLSX. See clamscan output below. /tmp/phpF1EYUZ: CL_EFORMAT: Bad format or broken data ERROR ----------- SCAN SUMMARY ----------- Known viruses: 1299629 Engine version: 0.97.5 Scanned directories: 0 Scanned files: 0 Infected files: 0 Total errors: 1 Data scanned: 0.47 MB Data read: 0.24 MB (ratio 1.98:1) Time: 4.861 sec (0 m 4 s) Version-Release number of selected component (if applicable): Name : clamav Arch : i686 Version : 0.97.5 Release : 1.el6 Size : 15 M Repo : installed From repo : epel Summary : Anti-virus software URL : http://www.clamav.net/ License : GPLv2 How reproducible: YES Steps to Reproduce: 1. yum install clamav clamav-db 1a. once clamav is installed and sigs updated. run clamscan on a known appropriate file. (thunderbird-14.0b4.tar.bz2 attached) 2. # clamscan $FILENAME Actual results: thunderbird-14.0b4.tar.bz2: CL_EFORMAT: Bad format or broken data ERROR ----------- SCAN SUMMARY ----------- Known viruses: 1299629 Engine version: 0.97.5 Scanned directories: 0 Scanned files: 0 Infected files: 0 Total errors: 1 Data scanned: 69.72 MB Data read: 19.41 MB (ratio 3.59:1) Time: 11.293 sec (0 m 11 s) Expected results: FILENAME: OK Additional info: relevant bug and patch found at Ubuntu bug reporting. https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1015405
This looks to have been fixed in the 0.97.6 release: ===================================================================== [nsavm01] strobert 20:15 Mon /tmp>clamscan thunder.tar.bz2 thunder.tar.bz2: OK ----------- SCAN SUMMARY ----------- Known viruses: 1453264 Engine version: 0.97.6 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 69.72 MB Data read: 19.41 MB (ratio 3.59:1) Time: 9.969 sec (0 m 9 s) ===================================================================== (thunder.tar.bz2 is the attachement from this bug) From looking at hte Debian bug the bug at clamav: https://bugzilla.clamav.net/show_bug.cgi?id=5252 in there says it should be fixed in 0.97.6