Ubuntu
clamav package

  1. Bug #1915095
  2. Comment #6

Comment 6 for bug 1915095

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Hi Bryce, Brandon,

Indeed, the test I posted in comment #1 doesn't work anymore. I don't remember the version of clamav I used back then, unfortunately. I did some strace'ing and noticed something strange: clamav was opening the file, but wasn't actually reading anything. After investigating a bit, I found the following upstream commit:

https://github.com/Cisco-Talos/clamav/commit/e01ba94e36f1786a0bbd04631f12ed5f2afdd094

or, more specifically, this hunk:

https://github.com/Cisco-Talos/clamav/commit/e01ba94e36f1786a0bbd04631f12ed5f2afdd094#diff-9ea761d49c419551e2cc5b26230a94bcfcd4fd52f1d65ba237d7717bcef999b7

It checks to see if the file size is 5 bytes or less, and bails out if it is. Unfortunately my test file is too small and ends up triggering this.

In order to reproduce the bug, I'd suggest the following:

# dd if=/dev/zero of=test bs=1M count=1
# stat test
...
Access: 2022-06-08 20:17:56.454580579 +0000
# clamscan test
...
# stat test
...
Access: 2022-06-08 20:18:23.722421260 +0000

This has been tested on Focal using clamav 0.103.6+dfsg-0ubuntu0.20.04.1.