search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.48k stars 708 forks source link

Clamdscan: discrepancies in processing file names on the command line vs in the --file-list file #1388

Open sfc-gh-dbasavin opened 1 month ago

sfc-gh-dbasavin commented 1 month ago

I encountered an issue trying to use clamdscan with --file-list option when one of the files I want to scan has special characters in the name.

Test file name: 'test'$'\n\n''SHUTDOWN'$'\n''.py', located in the /temp/ folder.

This works:

> clamdscan 'test'$'\n\n''SHUTDOWN'$'\n''.py'

/temp/test

SHUTDOWN
.py: OK

This does not work:

> echo "'test'$'\n\n''SHUTDOWN'$'\n''.py'" > file_list.txt 
> cat file_list.txt 
'test'$'\n\n''SHUTDOWN'$'\n''.py'

> clamdscan --file-list=file_list.txt

ERROR: Can't access file /temp/'test'$'\n\n''SHUTDOWN'$'\n''.py'

Environment info:

So it looks like file names are processed differently when they are specified directly on the command line vs when they are specified in the --file-list file. I would really appreciate any suggestions on how to make the behavior consistent when special characters are present. Thank you.