Comments (7)
The problem is my own ISP is intentionally deleting the release, because my ISP are idiots, and they scan all files uploaded for "viruses", and ClamAV is telling them the file test/test_files/chmd/cve-2015-4467-reset-interval-zero.chm
is a BC.Legacy.Exploit.CVE_2012_1458-1 "virus".
CVE-2012-1458 and CVE-2015-4467 are the same exploit for the same lines of code in chmd.c
, the former reported only to ClamAV and the latter reported to me.
In other words, the test file I intentionally include to prove that libmspack is no longer exploitable by a 6 year old exploit, is still in ClamAV's database as something that can be used to exploit 6 year old copies of ClamAV, and therefore that's a "virus", which will continually block and prevent the release of the latest libmspack 0.7
Thanks a bunch, ClamAV.
from libmspack.
now there's a valid use of a facepalm
from libmspack.
libmspack 0.7.1alpha has been released. The only change over libmspack 0.7alpha is that it obfuscates the file which ClamAV objects to, so that ClamAV won't claim the release is "infected".
The file is deobfuscated during the build process, so libmspack can still be tested and proven not vulnerable to this old vulnerability.
from libmspack.
thanks!
from libmspack.
Sorry about that Stuart! I think we had a similar issue back in the day (long before my time) with the non-malicious test samples we use in unit testing. Ours are also generated now to prevent ClamAV from flagging its own tarball.
By the way, I'd like to collaborate more closely with you in the future, particularly with regards to vulnerability reports and such. Feel free to PM me on Twitter (@0xC0000063) or by email (micasnyd -at- cisco -dot- com).
from libmspack.
Sorry, this was a Gentoo build issue. We now have to copy sources and can no longer do out-of-source builds. Not a big deal.
from libmspack.
Which has nothing to do with the original issue though. Open a new issue next time ...
from libmspack.
Related Issues (20)
- cabextract doesn't build from master HOT 2
- memory exhausted in oabd_decompress() HOT 2
- memory exhausted in chmd_read_headers() HOT 1
- Heap buffer overflow in chmd_read_headers() HOT 7
- Multiple filters in one command HOT 6
- 1.9.1: issue with dist tar ball HOT 2
- Not clear on Github how to get libmspack vs cabextract releases HOT 17
- chmextract HOT 2
- Conflicting definitions for copy_fh HOT 3
- configure / libtool fails with -flto HOT 12
- configure / libtool fails with -flto HOT 6
- Compilier warnings with 1.9.1 HOT 4
- Compiler error with 1.9.1 / gcc 9.3.1 HOT 5
- Malloc size error in chmd.c:1327:34 HOT 2
- extra = 0 confusion HOT 4
- build fails on macos HOT 1
- cabextract: Writing into symlinks HOT 11
- Issue with KWAJ method 2 decompression HOT 2
- Fail to properly create path components coming from the archive HOT 3
- Cannot extract files from a .cab file containing file names encoded in shift_JIS HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libmspack.