Mailing List Archive

[clamav-users] clamsubmit fails with Authenticity token element not found.
When trying to report false negative with clamsubmit it always fails
with "Authenticity token element not found."

ClamAV 0.103.2/26196/Wed Jun 9 14:11:28 2021 from Debian
buster-updates.


--
Virgo Pärna
virgo.parna@mail.ee


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit fails with Authenticity token element not found. [ In reply to ]
Hi there,

On Thu, 10 Jun 2021, Virgo P?rna via clamav-users wrote:

> When trying to report false negative with clamsubmit it always fails
> with "Authenticity token element not found."
>
> ClamAV 0.103.2/26196/Wed Jun 9 14:11:28 2021 from Debian
> buster-updates.

This could be for any of several reasons, for example a packaging
problem, an installation issue, failure to follow the documentation...
so we need more information. Probably quite a lot more.

When did you first use clamsubmit?
What did you do to configure it?
Can you show us terminal sessions (for example use 'script') including
the full commands you gave, any session logs, etc.?

In case it helps,

1. Here's the command template used in my (automated) submissions:

# grep clamsubmit mailabuse.conf
script /usr/bin/clamsubmit -N "G.W. Haywood" -e abuse@jubileegroup.co.uk -n FILE ; /usr/bin/logger -p mail.debug -t mailabuse "Submit FILE to ClamAV"

2. Here's a recent successful submission:

# cat /var/log/mail.log.2.gz | gunzip | tail -n 1
Apr 30 15:52:24 alpha mailabuse: Submit /tmp/32658a436bfa1bb404cfb9b36a1477396c8171e95556f455f3fa1d8a2d14e63a to ClamAV

3. Here's the response to that submission:

8<----------------------------------------------------------------------
> Date: Sat, 01 May 2021 06:29:24 +0000 (UTC)
> From: noreply@clamav.com
> Subject: ClamAV.net - Your malware submission
> To: abuse@jubileegroup.co.uk
>
> <!DOCTYPE html>
> <html>
> <head>
> <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>
> </head>
> <body>
> <p>
> G.W. Haywood,
> </p>
>
> <p>
> Thank you again for your submission.
> </p>
>
> <p>Your File:</br>
> 32658a436bfa1bb404cfb9b36a1477396c8171e95556f455f3fa1d8a2d14e63a (SHA256: 78e801975a08b6f22e0ef6b60b8db1cfedc9267a42bc1fd0d1a328ec30cf28ea)</br>
> </p>
>
> </br>
> <p>Our initial assessment has verified the sample as a threat & we will be publishing signatures for ClamAV.</p>
>
> <p>-The ClamAV team</p>
> [snip]
> </html>
8<----------------------------------------------------------------------

HTH

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit fails with Authenticity token element not found. [ In reply to ]
On Thu, 10 Jun 2021 11:24:20 +0100 (BST), G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:
>
>
> When did you first use clamsubmit?

This version - today. I have used it past couple of times.

> What did you do to configure it?

No configuration. Just executed it.

> Can you show us terminal sessions (for example use 'script') including
> the full commands you gave, any session logs, etc.?
>

virgo@dragon:~/viirus/br$ clamsubmit -e virgo@gaiasoft.ee -n
1623305281.M727046P21743V000000000000097BI0000000000225DC4_0.dragon\,S\=1899576\:2\,S
-N "Virgo Pärna"
Authenticity token element not found.
virgo@dragon:~/viirus/br$

When googling error message I got source file, which seems to
indicate that the issue is with server response, that does not contain
authenticity_token.


--
Virgo Pärna
virgo.parna@mail.ee


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit fails with Authenticity token element not found. [ In reply to ]
Hi there,

On Thu, 10 Jun 2021, Virgo P?rna via clamav-users wrote:

> > When did you first use clamsubmit?
>
> This version - today. I have used it past couple of times.

Did you use the same '-N' command line argument? Did it succeed?

> ...
> -N "Virgo P?rna"
> Authenticity token element not found.

Just a thought, because things like this have bitten me in the past,
is it perhaps a problem with the character set you're using? In your
name, the character after the 'P' is obviously not going to be ASCII.

If it isn't something as simple as that you might need to record the
traffic with tcpdump and let the ClamAV team see it, or ask them to
look in their logs.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit fails with Authenticity token element not found. [ In reply to ]
Hi Virgo,

We've been experiencing ClamSubmit failures in our test suite for a month or more. I have a branch with a fix for it that is in review for inclusion in 0.103.3 which we'll publish late this month. The issue we're seeing is a little different, but sounds similar. It has to do with unexpected changes to Cloudflare's cfduid cookie system.

Would you be able to test a pull request? Here's the PR: https://github.com/Cisco-Talos/clamav/pull/167
I recently added some documentation to help get started with checking out PR's on Github for PR review, if that helps: https://docs.clamav.net/manual/Development/testing-pull-requests.html

Regards,
-Micah

> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of
> Virgo Pärna via clamav-users
> Sent: Thursday, June 10, 2021 6:46 AM
> To: clamav-users@lists.clamav.net
> Cc: Virgo Pärna <virgo.parna@mail.ee>
> Subject: Re: [clamav-users] clamsubmit fails with Authenticity token element
> not found.
>
> On Thu, 10 Jun 2021 11:24:20 +0100 (BST), G.W. Haywood via clamav-users
> <clamav-users@lists.clamav.net> wrote:
> >
> >
> > When did you first use clamsubmit?
>
> This version - today. I have used it past couple of times.
>
> > What did you do to configure it?
>
> No configuration. Just executed it.
>
> > Can you show us terminal sessions (for example use 'script') including
> > the full commands you gave, any session logs, etc.?
> >
>
> virgo@dragon:~/viirus/br$ clamsubmit -e virgo@gaiasoft.ee -n
> 1623305281.M727046P21743V000000000000097BI0000000000225DC4_0.dr
> agon\,S\=1899576\:2\,S
> -N "Virgo Pärna"
> Authenticity token element not found.
> virgo@dragon:~/viirus/br$
>
> When googling error message I got source file, which seems to indicate
> that the issue is with server response, that does not contain authenticity_token.
>
>
> --
> Virgo Pärna
> virgo.parna@mail.ee
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit fails with Authenticity token element not found. [ In reply to ]
On Thu, 10 Jun 2021 14:58:25 +0100 (BST), G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> On Thu, 10 Jun 2021, Virgo Pärna via clamav-users wrote:
>
>> > When did you first use clamsubmit?
>>
>> This version - today. I have used it past couple of times.
>
> Did you use the same '-N' command line argument? Did it succeed?

Jes, same name.
>
>> ...
>> -N "Virgo Pärna"
>> Authenticity token element not found.
>
> Just a thought, because things like this have bitten me in the past,
> is it perhaps a problem with the character set you're using? In your
> name, the character after the 'P' is obviously not going to be ASCII.

Changing it to ae did not help.

--
Virgo Pärna
virgo.parna@mail.ee


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit fails with Authenticity token element not found. [ In reply to ]
On Fri, 11 Jun 2021 02:37:59 +0000, Micah Snyder (micasnyd) via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Would you be able to test a pull request? Here's the PR: https://github.com/Cisco-Talos/clamav/pull/167

And it worked. Just running clamsubmit directly from build/clamsubmit/
Just required cmake from buster-backports and bunch of dev
libraries to be installed.

--
Virgo Pärna
virgo.parna@mail.ee


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml