Mailing List Archive

Errir parsing PNG files and 451_mail_server_temporarily_rejected_message
Hi

I started seeing the error [
451_mail_server_temporarily_rejected_message ] on maillog, and looking
in the clamd.log I found a lot of lines like this [ /*/*/*/*.png: Can't
parse data ERROR ]
I added on clamd.conf the next line

ExcludePath ^\.png$

But clamd is still sending the error
Is there a way to avoid this ?
Any mail qith a PNG file is rejected by clamd

My config
FreeBSD 11.3-RELEASE-p13
qmail (with a lot ot patches)
SpamDyke 5.0.1
ClamAV 0.103.0

Thanks


--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi there,

On Mon, 19 Oct 2020, Pablo Murillo wrote:

> I started seeing the error [ 451_mail_server_temporarily_rejected_message ]
> on maillog, and

Can you tell us if the time these messages started to appear coincided
with anything that you did to the system, such as upgrades, installing
new software, etc.?

> looking in the clamd.log I found a lot of lines like this [ /*/*/*/*.png: Can't parse data ERROR ]

Unfortunately that message doesn't say much about where in the code
the error occurs, the function which prints it is just a generic
translation of an error code to a text string. If you enable debug
logging in clamd and debug messages in libclamav it should tell us a
bit more. All you need to do is add the lines

LogVerbose yes
Debug yes

to your clamd.conf and restart clamd. (After the problem is solved,
you'll probably want to remove these lines as they can produce a lot
of output.)

> I added on clamd.conf the next line
>
> ExcludePath ^\.png$
>
> But clamd is still sending the error

That works for scanning files in the filesystem, but if you're using
clamd via clamav-milter, which I guess is what you're doing as it's a
mail server error, I don't think that it will work. It's not an ideal
solution anyway.

> Is there a way to avoid this ?

It seems best to find out why PNG files are longer handled properly.
The debug messages should tell us something.

> My config
> FreeBSD 11.3-RELEASE-p13
> qmail (with a lot ot patches)
> SpamDyke 5.0.1
> ClamAV 0.103.0

I wonder if something might be interfering with the mail before clamd
sees it. When you get back with more information, could you confirm
that you're using clamav-milter and let us see the clamd configuration
file? The configuration file is probably called clamd.conf but you'll
need to make sure it's the one that your clamd is using. It might
help to let us see the clamav-milter configuration too, if that's what
you use to feed the messages to clamd.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi

I don't know if the PNG error is present from day 1 or not
A user ask me about a mail he was waiting and when I search in the logs
I found the 451 error, so I start searching the origin and I found it
with the PNG files

I just added the lines for debug
I'm not using milter, I'm using SimScan

The server is an MX server, configured with:
Qmail with Vpopmail
Spamdyke
Simscan
Clamav

The simscan runs from tcp.smtp from vpopmail
:allow,QMAILQUEUE="/var/qmail/bin/simscan"

I'm sending clamd.conf and 8 minutes off log (clamd.log) attached

1st error on line 1260 approximately at 18:45:05
3 errors in total

On 10/19/2020 6:00 PM, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Mon, 19 Oct 2020, Pablo Murillo wrote:
>
>> I started seeing the error [
>> 451_mail_server_temporarily_rejected_message ] on maillog, and
>
> Can you tell us if the time these messages started to appear coincided
> with anything that you did to the system, such as upgrades, installing
> new software, etc.?
>
>> looking in the clamd.log I found a lot of lines like this [
>> /*/*/*/*.png: Can't parse data ERROR ]
>
> Unfortunately that message doesn't say much about where in the code
> the error occurs, the function which prints it is just a generic
> translation of an error code to a text string.  If you enable debug
> logging in clamd and debug messages in libclamav it should tell us a
> bit more.  All you need to do is add the lines
>
> LogVerbose yes
> Debug yes
>
> to your clamd.conf and restart clamd.  (After the problem is solved,
> you'll probably want to remove these lines as they can produce a lot
> of output.)
>
>> I added on clamd.conf the next line
>>
>> ExcludePath ^\.png$
>>
>> But clamd is still sending the error
>
> That works for scanning files in the filesystem, but if you're using
> clamd via clamav-milter, which I guess is what you're doing as it's a
> mail server error, I don't think that it will work.  It's not an ideal
> solution anyway.
>
>> Is there a way to avoid this ?
>
> It seems best to find out why PNG files are longer handled properly.
> The debug messages should tell us something.
>
>> My config
>> FreeBSD 11.3-RELEASE-p13
>> qmail (with a lot ot patches)
>> SpamDyke 5.0.1
>> ClamAV 0.103.0
>
> I wonder if something might be interfering with the mail before clamd
> sees it.  When you get back with more information, could you confirm
> that you're using clamav-milter and let us see the clamd configuration
> file?  The configuration file is probably called clamd.conf but you'll
> need to make sure it's the one that your clamd is using.  It might
> help to let us see the clamav-milter configuration too, if that's what
> you use to feed the messages to clamd.
>


--
This email has been checked for viruses by AVG.
https://www.avg.com
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi there,

On Mon, 19 Oct 2020, Pablo Murillo wrote:

> I don't know if the PNG error is present from day 1 or not

When exactly was day 1?

Do you have any evidence that your virus scanning has ever worked at
all? Have you tried to test it e.g. by sending things like the EICAR
test file?

https://en.wikipedia.org/wiki/EICAR_test_file

Some of the references at the foot of that page may be useful to you.

> I'm not using milter, I'm using SimScan ...

I'm not sure how much help I'll be able to give you with Simscan. The
little searching I've done about it doesn't fill me with confidence.

While writing my previous mail it crossed my mind to ask if you knew
that your version of Spamdyke was six years old, but I decided to let
it pass. But I do now think that you need to look at your toolchain.
Do you know exactly which version of Simscan you're using? It seems
there are several. Looking at

https://sourceforge.net/projects/simscan/files/

for example, Simscan was last updated on October 29th 2007. Looking at

https://github.com/qmail/simscan

it was cleaned up and 'modernized' around 2014 but the changelog looks
rather sparse from 2007 onwards.

I had a quick look for the alleged Simscan mailing list archives and
failed to find anything.

Have you applied any patches to Simscan? See for example

https://freebsdrocks.net/simscan.shtml

The last 13 years has seen ClamAV continuously developed, but not
Simscan. I can't point to evidence of incompatibility between the
two, but it's possible that some may have arisen. The ClamAV team
will continue development. As far as compatibility testing goes I
don't know how high Simscan will be on their priority list. Micah
will probably be able to tell us if they test with it - Micah?

It appears that Simscan may use 'ripmime' to split up a mail into its
components and write them to files, before scanning with clamd using
the clamd CONTSCAN command. There are other ways to go about it and I
wonder if it might be where the problem lies. You might want to look
for the possibility of saving the temporary files which Qmail writes
for clamd to scan, so that you can look at them, and for example scan
them manually. AFAICT the latest release of 'ripmime' is from 2011,
nearly a decade old. All the links given in 'Support options' at

https://pldaniels.com/ripmime/

seem to be dead, empty or irrelevant and looking at

https://github.com/inflex/ripMIME/blob/master/CHANGELOG

virtually nothing has been done to it since 2008.

In the past, whenever I've tried to use software with histories like
this it's been a very unhappy experience. It's possible that such old
software has no vulnerabilities, but it's also possible that it's at
least as big a threat as many of those that you're trying to protect
against by using ClamAV.

> I'm sending clamd.conf and 8 minutes off log (clamd.log) attached

It might help to see more of the log - complete from restart, and with
a few controlled emails only so that it's easy to see what's going on;
but I wonder if it's worth the trouble of investigating until you've
taken a step back and given your toolchain some thought.

If, despite the risks I've pointed out, you are comfortable with it,
then I'd suggest you set up a test-bed system which has no Internet
connection and push some local mail through it to see how it behaves,
of course watching the logs carefully all the while.

Have you asked about this on a Qmail mailing list?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Dears,

I can agree with what Ged said. Running qmail/simscan/vpopmail it's only
feasible if you have enough programming language and YOU will continue
discover and do your own patches for the problems that can appear. I did
it for several years but too much is too much.

What version of simscan do you have?
Is you clamav user able to read the files from /var/qmail/simscan/ ?
Most probably this is the problem and it was there since day 1 and/or
you change the group(/etc/group) settings.
Anyhow, look at Roberto blog(he is another ambitious guy to continue
with qmail) because you might find really useful things related to
simscan there. This also include possible bugs around ripemime.
https://notes.sagredo.eu/en/qmail-notes-185/simscan-38.html


//
Best regards,
Iulian Stan

On 2020-10-20 14:53, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Mon, 19 Oct 2020, Pablo Murillo wrote:
>
>> I don't know if the PNG error is present from day 1 or not
>
> When exactly was day 1?
>
> Do you have any evidence that your virus scanning has ever worked at
> all? Have you tried to test it e.g. by sending things like the EICAR
> test file?
>
> https://en.wikipedia.org/wiki/EICAR_test_file
>
> Some of the references at the foot of that page may be useful to you.
>
>> I'm not using milter, I'm using SimScan ...
>
> I'm not sure how much help I'll be able to give you with Simscan. The
> little searching I've done about it doesn't fill me with confidence.
>
> While writing my previous mail it crossed my mind to ask if you knew
> that your version of Spamdyke was six years old, but I decided to let
> it pass. But I do now think that you need to look at your toolchain.
> Do you know exactly which version of Simscan you're using? It seems
> there are several. Looking at
>
> https://sourceforge.net/projects/simscan/files/
>
> for example, Simscan was last updated on October 29th 2007. Looking at
>
> https://github.com/qmail/simscan
>
> it was cleaned up and 'modernized' around 2014 but the changelog looks
> rather sparse from 2007 onwards.
>
> I had a quick look for the alleged Simscan mailing list archives and
> failed to find anything.
>
> Have you applied any patches to Simscan? See for example
>
> https://freebsdrocks.net/simscan.shtml
>
> The last 13 years has seen ClamAV continuously developed, but not
> Simscan. I can't point to evidence of incompatibility between the
> two, but it's possible that some may have arisen. The ClamAV team
> will continue development. As far as compatibility testing goes I
> don't know how high Simscan will be on their priority list. Micah
> will probably be able to tell us if they test with it - Micah?
>
> It appears that Simscan may use 'ripmime' to split up a mail into its
> components and write them to files, before scanning with clamd using
> the clamd CONTSCAN command. There are other ways to go about it and I
> wonder if it might be where the problem lies. You might want to look
> for the possibility of saving the temporary files which Qmail writes
> for clamd to scan, so that you can look at them, and for example scan
> them manually. AFAICT the latest release of 'ripmime' is from 2011,
> nearly a decade old. All the links given in 'Support options' at
>
> https://pldaniels.com/ripmime/
>
> seem to be dead, empty or irrelevant and looking at
>
> https://github.com/inflex/ripMIME/blob/master/CHANGELOG
>
> virtually nothing has been done to it since 2008.
>
> In the past, whenever I've tried to use software with histories like
> this it's been a very unhappy experience. It's possible that such old
> software has no vulnerabilities, but it's also possible that it's at
> least as big a threat as many of those that you're trying to protect
> against by using ClamAV.
>
>> I'm sending clamd.conf and 8 minutes off log (clamd.log) attached
>
> It might help to see more of the log - complete from restart, and with
> a few controlled emails only so that it's easy to see what's going on;
> but I wonder if it's worth the trouble of investigating until you've
> taken a step back and given your toolchain some thought.
>
> If, despite the risks I've pointed out, you are comfortable with it,
> then I'd suggest you set up a test-bed system which has no Internet
> connection and push some local mail through it to see how it behaves,
> of course watching the logs carefully all the while.
>
> Have you asked about this on a Qmail mailing list?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
I don't think the age of a program is an issue
QMAIL is by far the best and most reliable mail server, and it was
developed in 1998!
The problem is not program's age , the problem is the ugly programers :D
Ajajaja

All the programs are working perfect, all are patched with the relevant
patches
I did all the tests, with clamav
Clamav is working very good, stoping a lot of viruses, the only thing I
found was this with png files

Tell me, how can I active the " cli_dbgmsg " from libclamav ?
I have LogVerbose and Debug with yes on clamd.conf, but I don't see any
of the messages from libclamav
Do I need to build Clamav with --enable-debug ?

Thanks
Pablo Murillo

On 10/20/2020 8:53 AM, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Mon, 19 Oct 2020, Pablo Murillo wrote:
>
>>  I don't know if the PNG error is present from day 1 or not
>
> When exactly was day 1?
>
> Do you have any evidence that your virus scanning has ever worked at
> all?  Have you tried to test it e.g. by sending things like the EICAR
> test file?
>
> https://en.wikipedia.org/wiki/EICAR_test_file
>
> Some of the references at the foot of that page may be useful to you.
>
>> I'm not using milter, I'm using SimScan ...
>
> I'm not sure how much help I'll be able to give you with Simscan. The
> little searching I've done about it doesn't fill me with confidence.
>
> While writing my previous mail it crossed my mind to ask if you knew
> that your version of Spamdyke was six years old, but I decided to let
> it pass.  But I do now think that you need to look at your toolchain.
> Do you know exactly which version of Simscan you're using?  It seems
> there are several.  Looking at
>
> https://sourceforge.net/projects/simscan/files/
>
> for example, Simscan was last updated on October 29th 2007. Looking at
>
> https://github.com/qmail/simscan
>
> it was cleaned up and 'modernized' around 2014 but the changelog looks
> rather sparse from 2007 onwards.
>
> I had a quick look for the alleged Simscan mailing list archives and
> failed to find anything.
>
> Have you applied any patches to Simscan?  See for example
>
> https://freebsdrocks.net/simscan.shtml
>
> The last 13 years has seen ClamAV continuously developed, but not
> Simscan.  I can't point to evidence of incompatibility between the
> two, but it's possible that some may have arisen.  The ClamAV team
> will continue development.  As far as compatibility testing goes I
> don't know how high Simscan will be on their priority list.  Micah
> will probably be able to tell us if they test with it - Micah?
>
> It appears that Simscan may use 'ripmime' to split up a mail into its
> components and write them to files, before scanning with clamd using
> the clamd CONTSCAN command.  There are other ways to go about it and I
> wonder if it might be where the problem lies.  You might want to look
> for the possibility of saving the temporary files which Qmail writes
> for clamd to scan, so that you can look at them, and for example scan
> them manually.  AFAICT the latest release of 'ripmime' is from 2011,
> nearly a decade old.  All the links given in 'Support options' at
>
> https://pldaniels.com/ripmime/
>
> seem to be dead, empty or irrelevant and looking at
>
> https://github.com/inflex/ripMIME/blob/master/CHANGELOG
>
> virtually nothing has been done to it since 2008.
>
> In the past, whenever I've tried to use software with histories like
> this it's been a very unhappy experience.  It's possible that such old
> software has no vulnerabilities, but it's also possible that it's at
> least as big a threat as many of those that you're trying to protect
> against by using ClamAV.
>
>> I'm sending clamd.conf and 8 minutes off log (clamd.log) attached
>
> It might help to see more of the log - complete from restart, and with
> a few controlled emails only so that it's easy to see what's going on;
> but I wonder if it's worth the trouble of investigating until you've
> taken a step back and given your toolchain some thought.
>
> If, despite the risks I've pointed out, you are comfortable with it,
> then I'd suggest you set up a test-bed system which has no Internet
> connection and push some local mail through it to see how it behaves,
> of course watching the logs carefully all the while.
>
> Have you asked about this on a Qmail mailing list?
>

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi there,

On Tue, 20 Oct 2020, Pablo Murillo wrote:

> I have LogVerbose and Debug with yes on clamd.conf, but I don't see any of
> the messages from libclamav

Have you used the LogFile directive in clamd.conf? Some messages are
probably going to stderr (and maybe from there to /dev/null). You can
try starting clamd from the command line redirecting stderr to a file.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi all,

It seems as though the new PNG graphics format/CVE checker added in 0.103 is causing trouble for you and for some others. We will disable it for now, which we can do with an update to the daily database.

Pablo, if you're allowed to share some of the PNG files with me that caused issues for you, the samples will help us find the bug in the PNG parser.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



?On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:

Hi

I started seeing the error [
451_mail_server_temporarily_rejected_message ] on maillog, and looking
in the clamd.log I found a lot of lines like this [ /*/*/*/*.png: Can't
parse data ERROR ]
I added on clamd.conf the next line

ExcludePath ^\.png$

But clamd is still sending the error
Is there a way to avoid this ?
Any mail qith a PNG file is rejected by clamd

My config
FreeBSD 11.3-RELEASE-p13
qmail (with a lot ot patches)
SpamDyke 5.0.1
ClamAV 0.103.0

Thanks


--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi there,

On Tue, 20 Oct 2020, Micah Snyder (micasnyd) via clamav-users wrote:

> It seems as though the new PNG graphics format/CVE checker added in
> 0.103 is causing trouble for you and for some others. ...

Has this been reported elsewhere? Nothing in Bugzilla AFAICT.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
> On Oct 21, 2020, at 9:50 AM, G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Hi there,
>
> On Tue, 20 Oct 2020, Micah Snyder (micasnyd) via clamav-users wrote:
>
>> It seems as though the new PNG graphics format/CVE checker added in
>> 0.103 is causing trouble for you and for some others. ...
>
> Has this been reported elsewhere? Nothing in Bugzilla AFAICT.
>
>

Interesting, yes, all bugs should be in bugzilla, however, this may be permission secured.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Thanks Pablo I'll check it out right away! I hope you're feeling better now :D

Best,
Micah

?On 10/20/20, 1:10 PM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:

Hi Micah

I was ready to send a new mail when yours arrived
I made a lot of test and when I activated the option LogClean to yes on
clamd.conf I found that not all PNG generate the problem !
I'm sending some PNGs attached inside a tar.gz

Now, I feel me better, I thought that I was the problem :D

Pablo Murillo

On 10/20/2020 4:40 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> Hi all,
>
> It seems as though the new PNG graphics format/CVE checker added in 0.103 is causing trouble for you and for some others. We will disable it for now, which we can do with an update to the daily database.
>
> Pablo, if you're allowed to share some of the PNG files with me that caused issues for you, the samples will help us find the bug in the PNG parser.
>
> Regards,
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
>
> On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:
>
> Hi
>
> I started seeing the error [
> 451_mail_server_temporarily_rejected_message ] on maillog, and looking
> in the clamd.log I found a lot of lines like this [ /*/*/*/*.png: Can't
> parse data ERROR ]
> I added on clamd.conf the next line
>
> ExcludePath ^\.png$
>
> But clamd is still sending the error
> Is there a way to avoid this ?
> Any mail qith a PNG file is rejected by clamd
>
> My config
> FreeBSD 11.3-RELEASE-p13
> qmail (with a lot ot patches)
> SpamDyke 5.0.1
> ClamAV 0.103.0
>
> Thanks
>
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Ajajaja
I feel better !
ajajaja

Check the mail I sent few minutes ago with more info and more files
(defug, config, the rights pngs, and the real error)

Sorry my english !


On 10/21/2020 1:48 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> Thanks Pablo I'll check it out right away! I hope you're feeling better now :D
>
> Best,
> Micah
>
> ?On 10/20/20, 1:10 PM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:
>
> Hi Micah
>
> I was ready to send a new mail when yours arrived
> I made a lot of test and when I activated the option LogClean to yes on
> clamd.conf I found that not all PNG generate the problem !
> I'm sending some PNGs attached inside a tar.gz
>
> Now, I feel me better, I thought that I was the problem :D
>
> Pablo Murillo
>
> On 10/20/2020 4:40 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> > Hi all,
> >
> > It seems as though the new PNG graphics format/CVE checker added in 0.103 is causing trouble for you and for some others. We will disable it for now, which we can do with an update to the daily database.
> >
> > Pablo, if you're allowed to share some of the PNG files with me that caused issues for you, the samples will help us find the bug in the PNG parser.
> >
> > Regards,
> > Micah
> >
> >
> > Micah Snyder
> > ClamAV Development
> > Talos
> > Cisco Systems, Inc.
> >
> >
> >
> > On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:
> >
> > Hi
> >
> > I started seeing the error [
> > 451_mail_server_temporarily_rejected_message ] on maillog, and looking
> > in the clamd.log I found a lot of lines like this [ /*/*/*/*.png: Can't
> > parse data ERROR ]
> > I added on clamd.conf the next line
> >
> > ExcludePath ^\.png$
> >
> > But clamd is still sending the error
> > Is there a way to avoid this ?
> > Any mail qith a PNG file is rejected by clamd
> >
> > My config
> > FreeBSD 11.3-RELEASE-p13
> > qmail (with a lot ot patches)
> > SpamDyke 5.0.1
> > ClamAV 0.103.0
> >
> > Thanks
> >
> >
> > --
> > This email has been checked for viruses by AVG.
> > https://www.avg.com
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi

What happened with this ?
Now I'm seeing some errors in GIF files too

On 10/21/2020 2:04 PM, Pablo Murillo wrote:
> Ajajaja
> I feel better !
> ajajaja
>
> Check the mail I sent few minutes ago with more info and more files
> (defug, config, the rights pngs, and the real error)
>
> Sorry my english !
>
>
> On 10/21/2020 1:48 PM, Micah Snyder (micasnyd) via clamav-users wrote:
>> Thanks Pablo I'll check it out right away!  I hope you're feeling
>> better now :D
>>
>> Best,
>> Micah
>>
>> ?On 10/20/20, 1:10 PM, "clamav-users on behalf of Pablo Murillo"
>> <clamav-users-bounces@lists.clamav.net on behalf of
>> info@pablomurillo.com.ar> wrote:
>>
>>      Hi Micah
>>
>>      I was ready to send a new mail when yours arrived
>>      I made a lot of test and when I activated the option LogClean to
>> yes on
>>      clamd.conf I found that not all PNG generate the problem !
>>      I'm sending some PNGs attached inside a tar.gz
>>
>>      Now, I feel me better, I thought that I was the problem :D
>>
>>      Pablo Murillo
>>
>>      On 10/20/2020 4:40 PM, Micah Snyder (micasnyd) via clamav-users
>> wrote:
>>      > Hi all,
>>      >
>>      > It seems as though the new PNG graphics format/CVE checker
>> added in 0.103 is causing trouble for you and for some others.  We
>> will disable it for now, which we can do with an update to the daily
>> database.
>>      >
>>      > Pablo, if you're allowed to share some of the PNG files with
>> me that caused issues for you, the samples will help us find the bug
>> in the PNG parser.
>>      >
>>      > Regards,
>>      > Micah
>>      >
>>      >
>>      > Micah Snyder
>>      > ClamAV Development
>>      > Talos
>>      > Cisco Systems, Inc.
>>      >
>>      >
>>      >
>>      > On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo
>> Murillo" <clamav-users-bounces@lists.clamav.net on behalf of
>> info@pablomurillo.com.ar> wrote:
>>      >
>>      >      Hi
>>      >
>>      >      I started seeing the error [
>>      >      451_mail_server_temporarily_rejected_message ] on
>> maillog, and looking
>>      >      in the clamd.log I found a lot of lines like this [
>> /*/*/*/*.png: Can't
>>      >      parse data ERROR ]
>>      >      I added on clamd.conf the next line
>>      >
>>      >      ExcludePath ^\.png$
>>      >
>>      >      But clamd is still sending the error
>>      >      Is there a way to avoid this ?
>>      >      Any mail qith a PNG file is rejected by clamd
>>      >
>>      >      My config
>>      >      FreeBSD 11.3-RELEASE-p13
>>      >      qmail (with a lot ot patches)
>>      >      SpamDyke 5.0.1
>>      >      ClamAV 0.103.0
>>      >
>>      >      Thanks
>>      >
>>      >
>>      >      --
>>      >      This email has been checked for viruses by AVG.
>>      >      https://www.avg.com
>>      >
>>      >
>>      >      _______________________________________________
>>      >
>>      >      clamav-users mailing list
>>      >      clamav-users@lists.clamav.net
>>      > https://lists.clamav.net/mailman/listinfo/clamav-users
>>      >
>>      >
>>      >      Help us build a comprehensive ClamAV guide:
>>      >      https://github.com/vrtadmin/clamav-faq
>>      >
>>      >      http://www.clamav.net/contact.html#ml
>>      >
>>      >
>>      > _______________________________________________
>>      >
>>      > clamav-users mailing list
>>      > clamav-users@lists.clamav.net
>>      > https://lists.clamav.net/mailman/listinfo/clamav-users
>>      >
>>      >
>>      > Help us build a comprehensive ClamAV guide:
>>      > https://github.com/vrtadmin/clamav-faq
>>      >
>>      > http://www.clamav.net/contact.html#ml
>>
>>
>>      --
>>      This email has been checked for viruses by AVG.
>>      https://www.avg.com
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
We disabled the PNG parser because of bugs in the code that need to be fixed. I'm actively working on the PNG and GIF parsers, and have started testing with larger sample sets to try to make sure they're more robust. T

he GIF parser seems fairly stable though I'm putting a lot of effort into making the code readable and adding debug output. If you have GIF samples that are incorrectly throwing parse errors, can you share them with me? It would be very helpful.

-Micah

?On 11/2/20, 11:50 AM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:

Hi

What happened with this ?
Now I'm seeing some errors in GIF files too

On 10/21/2020 2:04 PM, Pablo Murillo wrote:
> Ajajaja
> I feel better !
> ajajaja
>
> Check the mail I sent few minutes ago with more info and more files
> (defug, config, the rights pngs, and the real error)
>
> Sorry my english !
>
>
> On 10/21/2020 1:48 PM, Micah Snyder (micasnyd) via clamav-users wrote:
>> Thanks Pablo I'll check it out right away! I hope you're feeling
>> better now :D
>>
>> Best,
>> Micah
>>
>> On 10/20/20, 1:10 PM, "clamav-users on behalf of Pablo Murillo"
>> <clamav-users-bounces@lists.clamav.net on behalf of
>> info@pablomurillo.com.ar> wrote:
>>
>> Hi Micah
>>
>> I was ready to send a new mail when yours arrived
>> I made a lot of test and when I activated the option LogClean to
>> yes on
>> clamd.conf I found that not all PNG generate the problem !
>> I'm sending some PNGs attached inside a tar.gz
>>
>> Now, I feel me better, I thought that I was the problem :D
>>
>> Pablo Murillo
>>
>> On 10/20/2020 4:40 PM, Micah Snyder (micasnyd) via clamav-users
>> wrote:
>> > Hi all,
>> >
>> > It seems as though the new PNG graphics format/CVE checker
>> added in 0.103 is causing trouble for you and for some others. We
>> will disable it for now, which we can do with an update to the daily
>> database.
>> >
>> > Pablo, if you're allowed to share some of the PNG files with
>> me that caused issues for you, the samples will help us find the bug
>> in the PNG parser.
>> >
>> > Regards,
>> > Micah
>> >
>> >
>> > Micah Snyder
>> > ClamAV Development
>> > Talos
>> > Cisco Systems, Inc.
>> >
>> >
>> >
>> > On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo
>> Murillo" <clamav-users-bounces@lists.clamav.net on behalf of
>> info@pablomurillo.com.ar> wrote:
>> >
>> > Hi
>> >
>> > I started seeing the error [
>> > 451_mail_server_temporarily_rejected_message ] on
>> maillog, and looking
>> > in the clamd.log I found a lot of lines like this [
>> /*/*/*/*.png: Can't
>> > parse data ERROR ]
>> > I added on clamd.conf the next line
>> >
>> > ExcludePath ^\.png$
>> >
>> > But clamd is still sending the error
>> > Is there a way to avoid this ?
>> > Any mail qith a PNG file is rejected by clamd
>> >
>> > My config
>> > FreeBSD 11.3-RELEASE-p13
>> > qmail (with a lot ot patches)
>> > SpamDyke 5.0.1
>> > ClamAV 0.103.0
>> >
>> > Thanks
>> >
>> >
>> > --
>> > This email has been checked for viruses by AVG.
>> > https://www.avg.com
>> >
>> >
>> > _______________________________________________
>> >
>> > clamav-users mailing list
>> > clamav-users@lists.clamav.net
>> > https://lists.clamav.net/mailman/listinfo/clamav-users
>> >
>> >
>> > Help us build a comprehensive ClamAV guide:
>> > https://github.com/vrtadmin/clamav-faq
>> >
>> > http://www.clamav.net/contact.html#ml
>> >
>> >
>> > _______________________________________________
>> >
>> > clamav-users mailing list
>> > clamav-users@lists.clamav.net
>> > https://lists.clamav.net/mailman/listinfo/clamav-users
>> >
>> >
>> > Help us build a comprehensive ClamAV guide:
>> > https://github.com/vrtadmin/clamav-faq
>> >
>> > http://www.clamav.net/contact.html#ml
>>
>>
>> --
>> This email has been checked for viruses by AVG.
>> https://www.avg.com
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
I try so send several mails to the list with gifs attached, but none
arrived to the list

I'm sending a link to one gif that everyday is rejected by ClamAV
Link to gif file: http://pablomurillo.com.ar/image001.gif

On 11/2/2020 9:02 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> We disabled the PNG parser because of bugs in the code that need to be fixed. I'm actively working on the PNG and GIF parsers, and have started testing with larger sample sets to try to make sure they're more robust. T
>
> he GIF parser seems fairly stable though I'm putting a lot of effort into making the code readable and adding debug output. If you have GIF samples that are incorrectly throwing parse errors, can you share them with me? It would be very helpful.
>
> -Micah
>
> ?On 11/2/20, 11:50 AM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:
>
> Hi
>
> What happened with this ?
> Now I'm seeing some errors in GIF files too
>
> On 10/21/2020 2:04 PM, Pablo Murillo wrote:
> > Ajajaja
> > I feel better !
> > ajajaja
> >
> > Check the mail I sent few minutes ago with more info and more files
> > (defug, config, the rights pngs, and the real error)
> >
> > Sorry my english !
> >
> >
> > On 10/21/2020 1:48 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> >> Thanks Pablo I'll check it out right away! I hope you're feeling
> >> better now :D
> >>
> >> Best,
> >> Micah
> >>
> >> On 10/20/20, 1:10 PM, "clamav-users on behalf of Pablo Murillo"
> >> <clamav-users-bounces@lists.clamav.net on behalf of
> >> info@pablomurillo.com.ar> wrote:
> >>
> >> Hi Micah
> >>
> >> I was ready to send a new mail when yours arrived
> >> I made a lot of test and when I activated the option LogClean to
> >> yes on
> >> clamd.conf I found that not all PNG generate the problem !
> >> I'm sending some PNGs attached inside a tar.gz
> >>
> >> Now, I feel me better, I thought that I was the problem :D
> >>
> >> Pablo Murillo
> >>
> >> On 10/20/2020 4:40 PM, Micah Snyder (micasnyd) via clamav-users
> >> wrote:
> >> > Hi all,
> >> >
> >> > It seems as though the new PNG graphics format/CVE checker
> >> added in 0.103 is causing trouble for you and for some others. We
> >> will disable it for now, which we can do with an update to the daily
> >> database.
> >> >
> >> > Pablo, if you're allowed to share some of the PNG files with
> >> me that caused issues for you, the samples will help us find the bug
> >> in the PNG parser.
> >> >
> >> > Regards,
> >> > Micah
> >> >
> >> >
> >> > Micah Snyder
> >> > ClamAV Development
> >> > Talos
> >> > Cisco Systems, Inc.
> >> >
> >> >
> >> >
> >> > On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo
> >> Murillo" <clamav-users-bounces@lists.clamav.net on behalf of
> >> info@pablomurillo.com.ar> wrote:
> >> >
> >> > Hi
> >> >
> >> > I started seeing the error [
> >> > 451_mail_server_temporarily_rejected_message ] on
> >> maillog, and looking
> >> > in the clamd.log I found a lot of lines like this [
> >> /*/*/*/*.png: Can't
> >> > parse data ERROR ]
> >> > I added on clamd.conf the next line
> >> >
> >> > ExcludePath ^\.png$
> >> >
> >> > But clamd is still sending the error
> >> > Is there a way to avoid this ?
> >> > Any mail qith a PNG file is rejected by clamd
> >> >
> >> > My config
> >> > FreeBSD 11.3-RELEASE-p13
> >> > qmail (with a lot ot patches)
> >> > SpamDyke 5.0.1
> >> > ClamAV 0.103.0
> >> >
> >> > Thanks
> >> >
> >> >
> >> > --
> >> > This email has been checked for viruses by AVG.
> >> > https://www.avg.com
> >> >
> >> >
> >> > _______________________________________________
> >> >
> >> > clamav-users mailing list
> >> > clamav-users@lists.clamav.net
> >> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >> >
> >> >
> >> > Help us build a comprehensive ClamAV guide:
> >> > https://github.com/vrtadmin/clamav-faq
> >> >
> >> > http://www.clamav.net/contact.html#ml
> >> >
> >> >
> >> > _______________________________________________
> >> >
> >> > clamav-users mailing list
> >> > clamav-users@lists.clamav.net
> >> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >> >
> >> >
> >> > Help us build a comprehensive ClamAV guide:
> >> > https://github.com/vrtadmin/clamav-faq
> >> >
> >> > http://www.clamav.net/contact.html#ml
> >>
> >>
> >> --
> >> This email has been checked for viruses by AVG.
> >> https://www.avg.com
> >>
> >>
> >> _______________________________________________
> >>
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> https://lists.clamav.net/mailman/listinfo/clamav-users
> >>
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Thanks Pablo,

Just took a look - it seems that image001.gif is missing the final byte, a value "0x3B" should be at the end of every GIF file. Interestingly firefox rendered it, though clam didn't like it and 010editor's GIF template also couldn't handle it. Perhaps this is the sort of issue that should be overlooked when validating the format?

I wonder if this is a common occurrence. I haven't seen it in my test set yet, but I'm still collecting more files to test with.

-Micah

?On 11/2/20, 5:58 PM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:

I try so send several mails to the list with gifs attached, but none
arrived to the list

I'm sending a link to one gif that everyday is rejected by ClamAV
Link to gif file: http://pablomurillo.com.ar/image001.gif

On 11/2/2020 9:02 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> We disabled the PNG parser because of bugs in the code that need to be fixed. I'm actively working on the PNG and GIF parsers, and have started testing with larger sample sets to try to make sure they're more robust. T
>
> he GIF parser seems fairly stable though I'm putting a lot of effort into making the code readable and adding debug output. If you have GIF samples that are incorrectly throwing parse errors, can you share them with me? It would be very helpful.
>
> -Micah
>
> On 11/2/20, 11:50 AM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:
>
> Hi
>
> What happened with this ?
> Now I'm seeing some errors in GIF files too
>
> On 10/21/2020 2:04 PM, Pablo Murillo wrote:
> > Ajajaja
> > I feel better !
> > ajajaja
> >
> > Check the mail I sent few minutes ago with more info and more files
> > (defug, config, the rights pngs, and the real error)
> >
> > Sorry my english !
> >
> >
> > On 10/21/2020 1:48 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> >> Thanks Pablo I'll check it out right away! I hope you're feeling
> >> better now :D
> >>
> >> Best,
> >> Micah
> >>
> >> On 10/20/20, 1:10 PM, "clamav-users on behalf of Pablo Murillo"
> >> <clamav-users-bounces@lists.clamav.net on behalf of
> >> info@pablomurillo.com.ar> wrote:
> >>
> >> Hi Micah
> >>
> >> I was ready to send a new mail when yours arrived
> >> I made a lot of test and when I activated the option LogClean to
> >> yes on
> >> clamd.conf I found that not all PNG generate the problem !
> >> I'm sending some PNGs attached inside a tar.gz
> >>
> >> Now, I feel me better, I thought that I was the problem :D
> >>
> >> Pablo Murillo
> >>
> >> On 10/20/2020 4:40 PM, Micah Snyder (micasnyd) via clamav-users
> >> wrote:
> >> > Hi all,
> >> >
> >> > It seems as though the new PNG graphics format/CVE checker
> >> added in 0.103 is causing trouble for you and for some others. We
> >> will disable it for now, which we can do with an update to the daily
> >> database.
> >> >
> >> > Pablo, if you're allowed to share some of the PNG files with
> >> me that caused issues for you, the samples will help us find the bug
> >> in the PNG parser.
> >> >
> >> > Regards,
> >> > Micah
> >> >
> >> >
> >> > Micah Snyder
> >> > ClamAV Development
> >> > Talos
> >> > Cisco Systems, Inc.
> >> >
> >> >
> >> >
> >> > On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo
> >> Murillo" <clamav-users-bounces@lists.clamav.net on behalf of
> >> info@pablomurillo.com.ar> wrote:
> >> >
> >> > Hi
> >> >
> >> > I started seeing the error [
> >> > 451_mail_server_temporarily_rejected_message ] on
> >> maillog, and looking
> >> > in the clamd.log I found a lot of lines like this [
> >> /*/*/*/*.png: Can't
> >> > parse data ERROR ]
> >> > I added on clamd.conf the next line
> >> >
> >> > ExcludePath ^\.png$
> >> >
> >> > But clamd is still sending the error
> >> > Is there a way to avoid this ?
> >> > Any mail qith a PNG file is rejected by clamd
> >> >
> >> > My config
> >> > FreeBSD 11.3-RELEASE-p13
> >> > qmail (with a lot ot patches)
> >> > SpamDyke 5.0.1
> >> > ClamAV 0.103.0
> >> >
> >> > Thanks
> >> >
> >> >
> >> > --
> >> > This email has been checked for viruses by AVG.
> >> > https://www.avg.com
> >> >
> >> >
> >> > _______________________________________________
> >> >
> >> > clamav-users mailing list
> >> > clamav-users@lists.clamav.net
> >> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >> >
> >> >
> >> > Help us build a comprehensive ClamAV guide:
> >> > https://github.com/vrtadmin/clamav-faq
> >> >
> >> > http://www.clamav.net/contact.html#ml
> >> >
> >> >
> >> > _______________________________________________
> >> >
> >> > clamav-users mailing list
> >> > clamav-users@lists.clamav.net
> >> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >> >
> >> >
> >> > Help us build a comprehensive ClamAV guide:
> >> > https://github.com/vrtadmin/clamav-faq
> >> >
> >> > http://www.clamav.net/contact.html#ml
> >>
> >>
> >> --
> >> This email has been checked for viruses by AVG.
> >> https://www.avg.com
> >>
> >>
> >> _______________________________________________
> >>
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> https://lists.clamav.net/mailman/listinfo/clamav-users
> >>
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
Hi there,

On Tue, 3 Nov 2020, Micah Snyder (micasnyd) via clamav-users wrote:

> Just took a look - it seems that image001.gif is missing the final
> byte, a value "0x3B" should be at the end of every GIF file.
> ...
> I wonder if this is a common occurrence. ...

It seems to be common enough to need to be able to cope with it.

I just ran 'locate' on my laptop to find every .gif file on the box,
piped the output through 'tail -c1' and 'hexdump -f something' to get
the final byte of each file in hex, through a 'perl -ap' one-liner to
count the distinct final bytes, and finally through 'sort'.

Results from 5970 GIF files:

01 1
3e 1
ad 1
82 7
0a 8
d9 32
00 45
3b 5875

I've almost no idea where all these files came from. Many will have
been parts of packages, many will be just interesting images that I
grabbed from articles I've read over the years. It's possibile that
at least some of them are broken bits from failed browser processes
etc. I spent no time looking for clues. Many of the files are very
old. The oldest file is 26 years old - as it happens, to the day!

Please let me know if I can do any more with this.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Errir parsing PNG files and 451_mail_server_temporarily_rejected_message [ In reply to ]
The gif I sent is part of teh signature of a mail
Nothing important

On 11/2/2020 11:04 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> Thanks Pablo,
>
> Just took a look - it seems that image001.gif is missing the final byte, a value "0x3B" should be at the end of every GIF file. Interestingly firefox rendered it, though clam didn't like it and 010editor's GIF template also couldn't handle it. Perhaps this is the sort of issue that should be overlooked when validating the format?
>
> I wonder if this is a common occurrence. I haven't seen it in my test set yet, but I'm still collecting more files to test with.
>
> -Micah
>
> ?On 11/2/20, 5:58 PM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:
>
> I try so send several mails to the list with gifs attached, but none
> arrived to the list
>
> I'm sending a link to one gif that everyday is rejected by ClamAV
> Link to gif file: http://pablomurillo.com.ar/image001.gif
>
> On 11/2/2020 9:02 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> > We disabled the PNG parser because of bugs in the code that need to be fixed. I'm actively working on the PNG and GIF parsers, and have started testing with larger sample sets to try to make sure they're more robust. T
> >
> > he GIF parser seems fairly stable though I'm putting a lot of effort into making the code readable and adding debug output. If you have GIF samples that are incorrectly throwing parse errors, can you share them with me? It would be very helpful.
> >
> > -Micah
> >
> > On 11/2/20, 11:50 AM, "clamav-users on behalf of Pablo Murillo" <clamav-users-bounces@lists.clamav.net on behalf of info@pablomurillo.com.ar> wrote:
> >
> > Hi
> >
> > What happened with this ?
> > Now I'm seeing some errors in GIF files too
> >
> > On 10/21/2020 2:04 PM, Pablo Murillo wrote:
> > > Ajajaja
> > > I feel better !
> > > ajajaja
> > >
> > > Check the mail I sent few minutes ago with more info and more files
> > > (defug, config, the rights pngs, and the real error)
> > >
> > > Sorry my english !
> > >
> > >
> > > On 10/21/2020 1:48 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> > >> Thanks Pablo I'll check it out right away! I hope you're feeling
> > >> better now :D
> > >>
> > >> Best,
> > >> Micah
> > >>
> > >> On 10/20/20, 1:10 PM, "clamav-users on behalf of Pablo Murillo"
> > >> <clamav-users-bounces@lists.clamav.net on behalf of
> > >> info@pablomurillo.com.ar> wrote:
> > >>
> > >> Hi Micah
> > >>
> > >> I was ready to send a new mail when yours arrived
> > >> I made a lot of test and when I activated the option LogClean to
> > >> yes on
> > >> clamd.conf I found that not all PNG generate the problem !
> > >> I'm sending some PNGs attached inside a tar.gz
> > >>
> > >> Now, I feel me better, I thought that I was the problem :D
> > >>
> > >> Pablo Murillo
> > >>
> > >> On 10/20/2020 4:40 PM, Micah Snyder (micasnyd) via clamav-users
> > >> wrote:
> > >> > Hi all,
> > >> >
> > >> > It seems as though the new PNG graphics format/CVE checker
> > >> added in 0.103 is causing trouble for you and for some others. We
> > >> will disable it for now, which we can do with an update to the daily
> > >> database.
> > >> >
> > >> > Pablo, if you're allowed to share some of the PNG files with
> > >> me that caused issues for you, the samples will help us find the bug
> > >> in the PNG parser.
> > >> >
> > >> > Regards,
> > >> > Micah
> > >> >
> > >> >
> > >> > Micah Snyder
> > >> > ClamAV Development
> > >> > Talos
> > >> > Cisco Systems, Inc.
> > >> >
> > >> >
> > >> >
> > >> > On 10/19/20, 11:26 AM, "clamav-users on behalf of Pablo
> > >> Murillo" <clamav-users-bounces@lists.clamav.net on behalf of
> > >> info@pablomurillo.com.ar> wrote:
> > >> >
> > >> > Hi
> > >> >
> > >> > I started seeing the error [
> > >> > 451_mail_server_temporarily_rejected_message ] on
> > >> maillog, and looking
> > >> > in the clamd.log I found a lot of lines like this [
> > >> /*/*/*/*.png: Can't
> > >> > parse data ERROR ]
> > >> > I added on clamd.conf the next line
> > >> >
> > >> > ExcludePath ^\.png$
> > >> >
> > >> > But clamd is still sending the error
> > >> > Is there a way to avoid this ?
> > >> > Any mail qith a PNG file is rejected by clamd
> > >> >
> > >> > My config
> > >> > FreeBSD 11.3-RELEASE-p13
> > >> > qmail (with a lot ot patches)
> > >> > SpamDyke 5.0.1
> > >> > ClamAV 0.103.0
> > >> >
> > >> > Thanks
> > >> >
> > >> >
> > >> > --
> > >> > This email has been checked for viruses by AVG.
> > >> > https://www.avg.com
> > >> >
> > >> >
> > >> > _______________________________________________
> > >> >
> > >> > clamav-users mailing list
> > >> > clamav-users@lists.clamav.net
> > >> > https://lists.clamav.net/mailman/listinfo/clamav-users
> > >> >
> > >> >
> > >> > Help us build a comprehensive ClamAV guide:
> > >> > https://github.com/vrtadmin/clamav-faq
> > >> >
> > >> > http://www.clamav.net/contact.html#ml
> > >> >
> > >> >
> > >> > _______________________________________________
> > >> >
> > >> > clamav-users mailing list
> > >> > clamav-users@lists.clamav.net
> > >> > https://lists.clamav.net/mailman/listinfo/clamav-users
> > >> >
> > >> >
> > >> > Help us build a comprehensive ClamAV guide:
> > >> > https://github.com/vrtadmin/clamav-faq
> > >> >
> > >> > http://www.clamav.net/contact.html#ml
> > >>
> > >>
> > >> --
> > >> This email has been checked for viruses by AVG.
> > >> https://www.avg.com
> > >>
> > >>
> > >> _______________________________________________
> > >>
> > >> clamav-users mailing list
> > >> clamav-users@lists.clamav.net
> > >> https://lists.clamav.net/mailman/listinfo/clamav-users
> > >>
> > >>
> > >> Help us build a comprehensive ClamAV guide:
> > >> https://github.com/vrtadmin/clamav-faq
> > >>
> > >> http://www.clamav.net/contact.html#ml
> > >
> >
> > --
> > This email has been checked for viruses by AVG.
> > https://www.avg.com
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml