You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I reviewed the contents of mail.zip and see two HTML files:
mail/part.html
mail/part1.html
It looks to me like you're reporting an issue with ClamAV failing to extract a PNG file embedded in the HTML using base64 encoded CSS. We'd added support for extracting that in ClamAV 1.1.
part.html is the one that fails to extract the image, while part2.html correctly extracts it. The difference is that part.html has some whitespace (a new line, which is normalized into a single space) in the mime arguments.
The diff of the two files shows it clearly (note that part2 is on the left):
The clamscan --debug output also shows where this fails, because the mime argument has that space in it:
We'll need to add some logic in there to strip any whitespace in the mime args. I think that'll fix it.
The code in question is right here in mbox.c:
I don't have time to work on this right now as I'm fighting other fires. Going to mark this as a bug for now.
micahsnyder
changed the title
little problem with "data URI scheme" => content is not been checked
Failure extracting base64 encoded image attached to email in HTML CSS
Jul 31, 2024
ClamAV failed to extract a base64 encoded image attached to email in HTML CSS.
The attached mail.zip contains two files:
part.html
fails to extract the image because of new line in thesrc
string, here:part2.html
correctly extracts the image. The new line was removed, so thesrc
looks like this:The difference is a newline char before the "base64".
br Johannes
The text was updated successfully, but these errors were encountered: