[clamassassin-discuss] Bad version string when clamd not running breaks base64 decoding of message body

clamassassin at jelmail.com clamassassin at jelmail.com
Fri Jun 12 08:23:19 PDT 2015

There's no activity around this project, so I presume it's no longer
maintained. However, just in case anyone is interested and to record
this for future reference...

I noticed some emails were appearing corrupt in my mail client and I
tracked this down to base64 encoded messages that were processed with
clamassassin whilst clamd was not running.

The clamassassin code extracts the version string to include in a
"X-Virus-Checker-Version" string, which it does like this "clamdscan -V
--stdout". You can verify this from the command line

    $ clamdscan -V

When "clamd" isn't running, "clamdscan" gives an additional line of
output containing an error message, so the "version" becomes

    ERROR: Could not lookup : Servname not supported for ai_socktype
    ClamAV 0.98.7

This multi-line output causes an additional line to be added into the
message body when "formail" adds the header because there is a line feed
in the "version" text that is passed to formail. The additional line
breaks the expectation that the body is a base64 stream and breaks the
message decoding.

(it happens with all mail, it's just that base64 makes it very obvious
something is amiss).

A solution is to change line 135 so it only uses the last line returned
by clamdscan:

    # Set version header string
    CLAMVERS=`${CLAMSCAN} -V --stdout | tail -1`

I've attached a patch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: clamassassin-clamd.patch
Type: text/x-patch
Size: 292 bytes
Desc: not available
URL: <http://lists.jameslick.com/pipermail/clamassassin-discuss/attachments/20150612/5cd89cbd/attachment.bin>

More information about the clamassassin-discuss mailing list