[Pkg-clamav-devel] Bug#916827: clamav UTF8 filenames
Dmitriy Sidorov
rauco at beer.tomsknet.ru
Wed Dec 19 07:36:07 GMT 2018
Package: clamav
Version: 0.100.2+dfsg-0+deb9u1
Severity: important
Tags: upstream
ClamAV didn’t do correct decode of complex UTF-8 filename from MHTML
container. Debug output
LibClamAV debug: rfc2047 returns 'Content-Disposition: attachment;
filename="Пакет документов Ð ´ля оплаты
декабрь .gz"'
LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg='
attachment; filename="Пакет документов Ð ´ля
оплаты декабрь .gz"'
LibClamAV debug: messageAddArgument, arg='filename="Пакет
документов Ð ´ля оплаты декабрь .gz"'
LibClamAV debug: Multipart 0: End of header information
LibClamAV debug: Part 0 has 4108 lines, rc = 1
LibClamAV debug: Mixed message part 0 is of type 1
LibClamAV debug: messageToFileblob
LibClamAV debug: messageExport: numberOfEncTypes == 1
LibClamAV debug: messageExport: enctype 0 is 2
LibClamAV debug: blobSetFilename: "P.P0P:P5Q. P4P>P:Q.P<P5P=Q.P>P2 P
4P;Q. P>P?P;P0Q.Q. P4P5P:P0P1Q
LibClamAV debug: fileblobSetFilename: file
_P_P0P_P5Q__P4P_P_Q_P_P5P_Q_P_P2_P_4P_Q__P_P_P_P0Q_Q__P4P5P_P0P1Q saved to
……
…..
LibClamAV debug: Exported 234078 bytes using enctype 2
LibClamAV debug: 2 trailing bytes to export
LibClamAV debug: base64chars = 2 (@ @ @)
LibClamAV debug:
CDBNAME:CL_TYPE_MHTML:234079:_P_P0P_P5Q__P4P_P_Q_P_P5P_Q_P_P2_P_4P_Q__P_P_P_
P0Q_Q__P4P5P_P0P1Q:234079:234079:0:0:0:(nil)
LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16)
LibClamAV debug: Recognized GZip file
Is it bug? Russian UTF8 filename ≪Пакет документов для
оплаты декабрь.gz≫ was decoded as some junk. KOI-8r works
fine.
In email the section header for attachment look like:
Content-Type: application/octet-stream; name="=?utf-
8?B?0J/QsNC60LXRgiDQtNC+0LrRg9C80LXQvdGC0L7QsiDQ?=
=?utf-8?B?tNC70Y8g0L7Qv9C70LDRgtGLINC00LXQutCw0LHRgNGM?=
=?utf-8?B?Lmd6?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="=?utf-
8?B?0J/QsNC60LXRgiDQtNC+0LrRg9C80LXQvdGC0L7QsiDQ?=
=?utf-8?B?tNC70Y8g0L7Qv9C70LDRgtGLINC00LXQutCw0LHRgNGM?=
=?utf-8?B?Lmd6?="
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
BlockMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "64"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "64"
ReadTimeout = "300"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "128"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User disabled
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA = "yes"
ExcludePUA disabled
IncludePUA = "Spy", "Script", "Server"
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "157286400"
MaxFileSize = "47185920"
MaxRecursion = "8"
MaxFiles = "10000"
MaxEmbeddedPE = "20971520"
MaxHTMLNormalize = "15728640"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "10485760"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.ru.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.100.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06
BZIP2 LIBXML2 PCRE ICONV JSON JIT
Platform information
--------------------
uname: Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5 (2017-09-19) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 9.5 (stretch)
zlib version: 1.2.8 (1.2.8), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: broadwell, Little-endian
platform id: 0x0a215d5d0806030001060300
Build information
-----------------
GNU C: 6.3.0 20170516 (6.3.0)
GNU C++: 6.3.0 20170516 (6.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-6sLuAe/clamav-
0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=forma
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-6sLuAe/clamav-
0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=for
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--
includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/
sizeof(void*) = 8
Engine flevel: 93, dconf: 93
--- data dir ---
total 271248
-rw-r--r-- 1 clamav clamav 951808 Aug 9 08:25 bytecode.cld
-rw-r--r-- 1 clamav clamav 158902784 Dec 19 10:25 daily.cld
-rw-r--r-- 1 clamav clamav 117892267 Mar 29 2018 main.cvd
-rw------- 1 clamav clamav 1040 Dec 19 13:25 mirrors.dat
-- System Information:
Debian Release: 9.5
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/5 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20181219/37ccbeed/attachment-0001.html>
More information about the Pkg-clamav-devel
mailing list