micahsnyder
commented
3 months ago There was an issue publishing the morning of June 19th. We manually published later that day and it seems there was a mistake made in that manual process. Specifically, the daily.ign2 signature file was missing from daily.cvd. This file ignores signatures in the main.cvd which have yet to be dropped (we don't update main.cvd very often).
It shouldn't happen again. Sorry for the inconvenience.
Describe the bug
Started 19th June 2024, we started seeing cases where the clamAV started flagging png files as infected using this virus definition: Img.Packed.PngContainsDownloadCmd-6786216-0 Our system fetches the latest clamav database everyday. Since June 19th we started seeing this issue.
[Update] I unpacked the daily.cvd files for june18/june19/june20 In unpacked daily.cvd received from public servers on june19 , i see the daily.ign2 file contains only this string "fake_dont_remove_this_line" while daily.ign2 for june18 and june20 are correct.
Does this means clamav released a borken/corrupted daily.cvd on june19?
PFA all three daily.cvd (unpacked) for june18,june19 and june20 https://drive.google.com/drive/folders/1wrxIm_WRc8Wo3UCH-rg37_KrVan_5nJ1?usp=sharing
How to reproduce the problem
Download the daily.cvd from test19 folder shared in the google drive link Try some png files with ClamAV and latest database , one should be able to see it flagged with Img.Packed.PngContainsDownloadCmd-6786216-0 virus definition.
Please check the clamAV DB and see if this definition Img.Packed.PngContainsDownloadCmd-6786216-0 has been introduced again or its a mistake?