Open Xulunix opened 2 months ago
Interesting! Thanks for the report. This should definitely cause an error. I think ideally we'd check it on startup rather than having every scan fail.
Thanks for the reply. Checking on startup and returning an error wouldn't hurt for sure. However a scan should still fail if creating temp files is not possible. for example due to no space left on the device.
Agreed
Describe the bug
I'm using libclamav to integrate virus scanning into a custom application. During tests i noticed, that cl_scanfile_callback() returns clean if the scanner fails to create a temporary directory to scan an archive. This leads to files being marked as 'clean' if the configured tmpdir (CL_ENGINE_TMPDIR) becomes unavailable. I've tested the location becoming read-only and an invalid/non-existing path. Both resulted in 'CL_CLEAN'. Shouldn't be the default behavior be something other than clean in that case? From my point of view, silently skipping the scan and returning a clean result without scan seems dangerous to me.
The same behavior applies to clamscan, example below.
Is observing the log message callback the only/intended way to handle such errors during a scan?
How to reproduce the problem
Configure the temporary directory to an invalid or read-only path. Scan an archive Scan is skipped, clean-result returned.