Hi Ravi, Thanks for reporting this. Is it possible to upload the file to dropbox (or other) for testing?
Steve On Thu, Jul 13, 2017 at 5:24 AM, Ravi <ravi...@gmail.com> wrote: > Hi, > > We observed that segfaults causing clamd crash when scanning a zip > file(around 190 MB) which gets extracted by clamd in /tmp which goes upto > around 4.3 GB which is crossing hardlimits(*set to filesize and scanszie of > 4294967295 bytes in clamd.conf*). The system(OEL Virtual Machine) has > around 12 GB total memory & free memory of around 9 GB when the scan was > run. Below is the more info. Need help here to resolve since previously we > had scanned files of around 5GB which was not causing the issues. > > OS version : Oracle Linux Server release 7.2 > System: CPU Core : 4, Memory: 12GB > ClamAV version: ClamAV 0.99.2/23555/Wed Jul 12 07:00:09 2017 > > *# clamconf* > > *Config file: clamd.conf* > *-----------------------* > *LogFile disabled* > *StatsHostID disabled* > *StatsEnabled disabled* > *StatsPEDisabled disabled* > *StatsTimeout disabled* > *LogFileUnlock disabled* > *LogFileMaxSize = "1048576"* > *LogTime disabled* > *LogClean disabled* > *LogSyslog = "yes"* > *LogFacility = "LOG_LOCAL6"* > *LogVerbose disabled* > *LogRotate disabled* > *ExtendedDetectionInfo disabled* > *PidFile = "/var/run/clamd.scan/clamd.pid"* > *TemporaryDirectory disabled* > *DatabaseDirectory = "/var/lib/clamav"* > *OfficialDatabaseOnly disabled* > *LocalSocket = "/var/run/clamd.scan/clamd.sock"* > *LocalSocketGroup disabled* > *LocalSocketMode disabled* > *FixStaleSocket = "yes"* > *TCPSocket = "3310"* > *TCPAddr = "127.0.0.1"* > *MaxConnectionQueueLength = "30"* > *StreamMaxLength = "26214400"* > *StreamMinPort = "1024"* > *StreamMaxPort = "2048"* > *MaxThreads = "50"* > *ReadTimeout = "300"* > *CommandReadTimeout = "5"* > *SendBufTimeout = "500"* > *MaxQueue = "100"* > *IdleTimeout = "30"* > *ExcludePath disabled* > *MaxDirectoryRecursion = "15"* > *FollowDirectorySymlinks disabled* > *FollowFileSymlinks disabled* > *CrossFilesystems = "yes"* > *SelfCheck = "600"* > *DisableCache disabled* > *VirusEvent disabled* > *ExitOnOOM disabled* > *AllowAllMatchScan = "yes"* > *Foreground disabled* > *Debug disabled* > *LeaveTemporaryFiles disabled* > *User = "clamav"* > *AllowSupplementaryGroups = "yes"* > *Bytecode = "yes"* > *BytecodeSecurity = "TrustSigned"* > *BytecodeTimeout = "5000"* > *BytecodeUnsigned disabled* > *BytecodeMode = "ForceInterpreter"* > *DetectPUA disabled* > *ExcludePUA disabled* > *IncludePUA disabled* > *AlgorithmicDetection = "yes"* > *ScanPE = "yes"* > *ScanELF = "yes"* > *DetectBrokenExecutables = "yes"* > *ScanMail = "yes"* > *ScanPartialMessages disabled* > *PhishingSignatures = "yes"* > *PhishingScanURLs = "yes"* > *PhishingAlwaysBlockCloak disabled* > *PhishingAlwaysBlockSSLMismatch disabled* > *PartitionIntersection disabled* > *HeuristicScanPrecedence disabled* > *StructuredDataDetection disabled* > *StructuredMinCreditCardCount = "3"* > *StructuredMinSSNCount = "3"* > *StructuredSSNFormatNormal = "yes"* > *StructuredSSNFormatStripped disabled* > *ScanHTML = "yes"* > *ScanOLE2 = "yes"* > *OLE2BlockMacros disabled* > *ScanPDF = "yes"* > *ScanSWF = "yes"* > *ScanXMLDOCS = "yes"* > *ScanHWP3 = "yes"* > *ScanArchive = "yes"* > *ArchiveBlockEncrypted disabled* > *ForceToDisk disabled* > *MaxScanSize = "4294967295"* > *MaxFileSize = "4294967295"* > *MaxRecursion = "16"* > *MaxFiles = "10000"* > *MaxEmbeddedPE = "10485760"* > *MaxHTMLNormalize = "10485760"* > *MaxHTMLNoTags = "2097152"* > *MaxScriptNormalize = "5242880"* > *MaxZipTypeRcg = "1048576"* > *MaxPartitions = "50"* > *MaxIconsPE = "100"* > *MaxRecHWP3 = "16"* > *PCREMatchLimit = "10000"* > *PCRERecMatchLimit = "5000"* > *PCREMaxFileSize = "26214400"* > *ScanOnAccess disabled* > *OnAccessMountPath disabled* > *OnAccessIncludePath disabled* > *OnAccessExcludePath disabled* > *OnAccessExcludeUID disabled* > *OnAccessMaxFileSize = "5242880"* > *OnAccessDisableDDD disabled* > *OnAccessPrevention disabled* > *OnAccessExtraScanning disabled* > *DevACOnly disabled* > *DevACDepth disabled* > *DevPerformance disabled* > *DevLiblog disabled* > *DisableCertCheck disabled* > > *Config file: freshclam.conf* > *---------------------------* > *StatsHostID disabled* > *StatsEnabled disabled* > *StatsTimeout disabled* > *LogFileMaxSize = "1048576"* > *LogTime disabled* > *LogSyslog = "yes"* > *LogFacility = "LOG_LOCAL6"* > *LogVerbose disabled* > *LogRotate disabled* > *PidFile disabled* > *DatabaseDirectory = "/var/lib/clamav"* > *Foreground disabled* > *Debug disabled* > *AllowSupplementaryGroups disabled* > *UpdateLogFile = "/var/log/clamav/freshclam.log"* > *DatabaseOwner = "clamav"* > *Checks = "12"* > *DNSDatabaseInfo = "current.cvd.clamav.net <http://current.cvd.clamav.net > >"* > *DatabaseMirror = "db.us.clamav.net <http://db.us.clamav.net>"* > *PrivateMirror disabled* > *MaxAttempts = "3"* > *ScriptedUpdates = "yes"* > *TestDatabases = "yes"* > *CompressLocalDatabase disabled* > *ExtraDatabase disabled* > *DatabaseCustomURL disabled* > *HTTPProxyServer = "proxy "* > *HTTPProxyPort = "80"* > *HTTPProxyUsername = "test"* > *HTTPProxyPassword = "test"* > *HTTPUserAgent disabled* > *NotifyClamd = "/etc/clamd.conf"* > *OnUpdateExecute disabled* > *OnErrorExecute disabled* > *OnOutdatedExecute disabled* > *LocalIPAddress disabled* > *ConnectTimeout = "30"* > *ReceiveTimeout = "30"* > *SubmitDetectionStats disabled* > *DetectionStatsCountry disabled* > *DetectionStatsHostID disabled* > *SafeBrowsing disabled* > *Bytecode = "yes"* > > *clamav-milter.conf not found* > > *Software settings* > *-----------------* > *Version: 0.99.2* > *Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE > ICONV JIT* > > *Database information* > *--------------------* > *Database directory: /var/lib/clamav* > *bytecode.cld: version 306, sigs: 65, built on Tue Jul 11 16:56:41 2017* > *daily.cvd: version 23555, sigs: 1739528, built on Wed Jul 12 07:00:09 > 2017* > *main.cld: version 58, sigs: 4566249, built on Wed Jun 7 16:38:10 2017* > *Total number of signatures: 6305842* > > *Platform information* > *--------------------* > *uname: Linux 3.10.0-327.el7.x86_64 #1 SMP Fri Nov 20 00:18:34 PST 2015 > x86_64* > *OS: linux-gnu, ARCH: x86_64, CPU: x86_64* > *zlib version: 1.2.7 (1.2.7), compile flags: a9* > *Triple: x86_64-redhat-linux-gnu* > *CPU: i686, Little-endian* > *platform id: 0x0a2152520804080503040805* > > *Build information* > *-----------------* > *GNU C: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)* > *GNU C++: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)* > *CPPFLAGS:* > *CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches > -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall > -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99 > -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE* > *CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches > -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic > -std=gnu++98* > *LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld > -Wl,--as-needed* > *Configure: '--build=x86_64-redhat-linux-gnu' > '--host=x86_64-redhat-linux-gnu' '--program-prefix=' > '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' > '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' > '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' > '--libexecdir=/usr/libexec' '--localstatedir=/var' > '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' > '--infodir=/usr/share/info' '--disable-static' '--disable-rpath' > '--disable-silent-rules' '--disable-clamav' '--with-user=clamupdate' > '--with-group=clamupdate' '--with-libcurl=/usr' > '--with-dbdir=/var/lib/clamav' '--enable-milter' '--enable-clamdtop' > '--disable-unrar' 'build_alias=x86_64-redhat-linux-gnu' > 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall > -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong > --param=ssp-buffer-size=4 -grecord-gcc-switches > -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall > -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99' > 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld > -Wl,--as-needed' > 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' > --enable-ltdl-convenience* > *sizeof(void*) = 8* > *Engine flevel: 82, dconf: 82* > > > > *# clamdscan --fdpass > 2017-05-31T074648_324659544758317C34383030343232 > 383837313333343438343933.zip* > */AntiVirus/2017-05-31T074648_324659544758317C34383030343232 > 383837313333343438343933.zip: > no reply from clamd* > > *----------- SCAN SUMMARY -----------* > *Infected files: 0* > *Total errors: 1* > *Time: 14.427 sec (0 m 14 s)* > > *# dmesg* > *[214766.813013] traps: polkitd[19511] general protection ip:7f96843eeca2 > sp:7ffe16b8d010 error:0 in libmozjs-17.0.so > <http://libmozjs-17.0.so>[7f96842b0000+3b3000]* > *[215364.434433] clamd[25899]: segfault at 7f47925ec000 ip 00007f47b832d20b > sp 00007f4792fea138 error 7 in libc-2.17.so > <http://libc-2.17.so>[7f47b82a3000+1b4000]* > > > *# clamscan --max-filesize=5000M --max-scansize=5000M > 2017-05-31T074648_324659544758317C34383030343232 > 383837313333343438343933.zip* > *WARNING: Numerical value for option max-filesize too high, resetting to > 4G* > *WARNING: Numerical value for option max-scansize too high, resetting to > 4G* > *Segmentation fault (core dumped)* > > > Thanks > Ravi > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
