[exim-dev] [Bug 1418] New: several fixed-size buffers in mal…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-dev
Nouveaux-sujets: [exim-dev] [Bug 1418] several fixed-size buffers in malware.c, [exim-dev] [Bug 1418] several fixed-size buffers in malware.c, [exim-dev] [Bug 1418] several fixed-size buffers in malware.c, [exim-dev] [Bug 1418] several fixed-size buffers in malware.c, [exim-dev] [Bug 1418] several fixed-size buffers in malware.c
Sujet: [exim-dev] [Bug 1418] New: several fixed-size buffers in malware.c
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1418
           Summary: several fixed-size buffers in malware.c
           Product: Exim
           Version: 4.82
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Content Scanning
        AssignedTo: tom@???
        ReportedBy: jgh146exb@???
                CC: exim-dev@???



The file has at least four limited-size arrays. One of these has been seen to
be a limiting factor in the response from a scanner, resulting in
false-negatives. One class of malware involves a very long filename on an
executable, presumably to make it hard for both humans and scanners.

Limits involved probably need to be on order of the OS filename limit, but
preferably not using excessive resource for all uses.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email