Mailing List Archive

Hi there,

Le 24 avr. 2010 à 04:24, Jennifer Fong a écrit :

> Hi, there--
>
> I sincerely apologize if this has been mentioned before. Very few results come up when I search for anything related to ssn's on the archives, so hopefully I'm not being repetitive...
>
> I've been having problems with false positives on SSNs when searching only unstripped/hyphened ssn's.
>
> It looks like the problem is that in dlp.c, in dlp_is_valid_ssn
>
> cli_isnumber is never run on the supposedly numeric components of numbuf, but if there are any numbers in these components, the
> sscanf... check still returns that it successfully matched all three.
>
> Then, if by chance the numeric portions of the components satisfy the rules of a valid ssn, clamscan thinks the invalid string is a valid ssn.
>
> For example, 111-11-4<>! returns as a valid ssn.
>
> I'm not really familiar enough with programming to know whether I am actually reading the code correctly or not, but I am convinced enough to bring it to the list.
>
> Is this intended or just a known issue that has been put on the backburner?

I second about false positive, I had several PS and PDF files that has being detected as a false positive.

I had to desactivate this in my mail server farm.

Xavier
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Hi, Xavier & list--
>
> I second about false positive, I had several PS and PDF files that has being detected as a false positive.
>
> I had to desactivate this in my mail server farm.
>
> Xavier
>

Xavier, just fyi--I added the lines below to work around the problem,
then rebuilt [this is version 0.96]. Clamav still passes all tests with
make check, and it still seems to do its job when I scan the source
directory, in addition to lessening the false positives on ps/pdf/xml
files and datestamps... I think I'll keep it.

... Then again I, er, wouldn't apply the patch willy-nilly to your
mailservers' installations though. ;]

Does anyone have a more efficient/proper solution?



--- libclamav/dlp.c 2010-04-27 10:12:26.000000000 -0700
+++ libclamav/dlp.c.ssnpatch 2010-04-27 10:11:49.000000000 -0700
@@ -312,6 +312,16 @@
if(numbuf[3] != '-' || numbuf[6] != '-')
return 0;

+ /* check each number if numeric */
+ char areastr[4]="...";
+ char grstr[3]="..";
+ char serstr[5]="....";
+ strncpy(areastr,numbuf,3);
+ strncpy(grstr,numbuf+4,2);
+ strncpy(serstr,numbuf+7,4);
+ if((!cli_isnumber(areastr)) || (!cli_isnumber(grstr)) ||
(!cli_isnumber(serstr)))
+ return 0;
+
if(sscanf((const char *) numbuf,
"%3d-%2d-%4d",
&area_number,
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net