Skip Menu |

This queue is for tickets about the File-Scan-ClamAV CPAN distribution.

Report information
The Basics
Id: 131538
Status: new
Priority: 0/
Queue: File-Scan-ClamAV
People
Owner: Nobody in particular
Requestors: chas.owens [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Jan 21 22:36:26 2020 chas.owens [...] gmail.com - Ticket created
Subject: Serious security issue with File::Scan::ClamAV
Date: Tue, 21 Jan 2020 22:35:51 -0500
To: bug-File-Scan-ClamAV [...] rt.cpan.org
From: "Chas. Owens" <chas.owens [...] gmail.com>
In streamscan the code checks to see if a virus was found: my @return; if($r =~ /stream:\ (.+)\ FOUND/ix){ @return = ('FOUND', $1); } else { @return = ('OK'); } $conn->close; return @return; If the server dies before responding, this leads to a false negative. It should be something more like my @return; if (not $r) { @return = ('Error: no response',); } elsif($r =~ /stream:\ (.+)\ FOUND/ix){ @return = ('FOUND', $1); } elseif ($r =~ /^stream: OK/ { @return = ('OK'); } else { @return = ("Error: unexpected response [$r]"); } $conn->close; return @return;