Re: [Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15

Fri, 29 May 2020 16:46:49 -0700 

Quick follow-up to this one.

Upon further digging, if the --fdpass flag is passed to clamdscan, you get 
different output...albeit still very wrong!
        /Applications/Microsoft 
Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll:
 (null) FOUND

Does anyone have any thoughts at all?

Thanks,
Mark

> On 29 May 2020, at 1:26 am, Mark Allan <markjal...@gmail.com> wrote:
> 
> Hi folks,
> 
> I'm still testing 0.102.3 but I've hit a few issues where some known-good 
> files are being detected as infected because they're generating the following 
> error:
>       Can't allocate memory ERROR
> 
> Output from clamscan and clamdscan are as follows:
> 
>> $ /usr/local/bin/clamscan /Applications/Microsoft\ 
>> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>> 
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 0
>> Engine version: 0.102.3
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 1
>> Data scanned: 0.00 MB
>> Data read: 0.01 MB (ratio 0.00:1)
>> Time: 0.009 sec (0 m 0 s)
>> 
>> Escalate:/Applications $ /usr/local/bin/clamdscan --multiscan 
>> /Applications/Microsoft\ 
>> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>> /Applications/Microsoft 
>> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll:
>>  Can't allocate memory ERROR
>> 
>> ----------- SCAN SUMMARY -----------
>> Infected files: 0
>> Total errors: 1
>> Time: 0.002 sec (0 m 0 s)
>> Escalate:/Applications $ 
> 
> 
> I removed main.cvd and bytecode.cvd from the database directory, unpacked 
> daily.cvd and eventually tracked it down to daily.crb
> 
> Removing the following definition solves the problem, but for some reason 
> this can't be added to an ign2 file...and this sig worked on older versions 
> of clamav, so it feels like that's the wrong solution anyway!
>       Trusted.CA.Microsoft-7350512-0
> 
> Has anyone else come up against this problem before, and do you know what I 
> can do about it?
> 
> Many thanks
> Mark
> 

_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to