Hi Steve, Thanks for the reply, i need to check since this zips contain customer data. Any other insights from the data provided by me.
Thanks Ravi ------------------------------------------------------------------------------------- Hi Ravi, Thanks for reporting this. Is it possible to upload the file to dropbox (or other) for testing? Steve On Thu, Jul 13, 2017 at 5:24 AM, Ravi <ravin4u at gmail.com <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>> wrote: >* Hi, *>>* We observed that segfaults causing clamd crash when scanning a zip *>* file(around 190 MB) which gets extracted by clamd in /tmp which goes upto *>* around 4.3 GB which is crossing hardlimits(*set to filesize and scanszie of *>* 4294967295 bytes in clamd.conf*). The system(OEL Virtual Machine) has *>* around 12 GB total memory & free memory of around 9 GB when the scan was *>* run. Below is the more info. Need help here to resolve since previously we *>* had scanned files of around 5GB which was not causing the issues. *>>* OS version : Oracle Linux Server release 7.2 *>* System: CPU Core : 4, Memory: 12GB *>* ClamAV version: ClamAV 0.99.2/23555/Wed Jul 12 07:00:09 2017 *>>* *# clamconf* *>>* *Config file: clamd.conf* *>* *-----------------------* *>* *LogFile disabled* *>* *StatsHostID disabled* *>* *StatsEnabled disabled* *>* *StatsPEDisabled disabled* *>* *StatsTimeout disabled* *>* *LogFileUnlock disabled* *>* *LogFileMaxSize = "1048576"* *>* *LogTime disabled* *>* *LogClean disabled* *>* *LogSyslog = "yes"* *>* *LogFacility = "LOG_LOCAL6"* *>* *LogVerbose disabled* *>* *LogRotate disabled* *>* *ExtendedDetectionInfo disabled* *>* *PidFile = "/var/run/clamd.scan/clamd.pid"* *>* *TemporaryDirectory disabled* *>* *DatabaseDirectory = "/var/lib/clamav"* *>* *OfficialDatabaseOnly disabled* *>* *LocalSocket = "/var/run/clamd.scan/clamd.sock"* *>* *LocalSocketGroup disabled* *>* *LocalSocketMode disabled* *>* *FixStaleSocket = "yes"* *>* *TCPSocket = "3310"* *>* *TCPAddr = "127.0.0.1"* *>* *MaxConnectionQueueLength = "30"* *>* *StreamMaxLength = "26214400"* *>* *StreamMinPort = "1024"* *>* *StreamMaxPort = "2048"* *>* *MaxThreads = "50"* *>* *ReadTimeout = "300"* *>* *CommandReadTimeout = "5"* *>* *SendBufTimeout = "500"* *>* *MaxQueue = "100"* *>* *IdleTimeout = "30"* *>* *ExcludePath disabled* *>* *MaxDirectoryRecursion = "15"* *>* *FollowDirectorySymlinks disabled* *>* *FollowFileSymlinks disabled* *>* *CrossFilesystems = "yes"* *>* *SelfCheck = "600"* *>* *DisableCache disabled* *>* *VirusEvent disabled* *>* *ExitOnOOM disabled* *>* *AllowAllMatchScan = "yes"* *>* *Foreground disabled* *>* *Debug disabled* *>* *LeaveTemporaryFiles disabled* *>* *User = "clamav"* *>* *AllowSupplementaryGroups = "yes"* *>* *Bytecode = "yes"* *>* *BytecodeSecurity = "TrustSigned"* *>* *BytecodeTimeout = "5000"* *>* *BytecodeUnsigned disabled* *>* *BytecodeMode = "ForceInterpreter"* *>* *DetectPUA disabled* *>* *ExcludePUA disabled* *>* *IncludePUA disabled* *>* *AlgorithmicDetection = "yes"* *>* *ScanPE = "yes"* *>* *ScanELF = "yes"* *>* *DetectBrokenExecutables = "yes"* *>* *ScanMail = "yes"* *>* *ScanPartialMessages disabled* *>* *PhishingSignatures = "yes"* *>* *PhishingScanURLs = "yes"* *>* *PhishingAlwaysBlockCloak disabled* *>* *PhishingAlwaysBlockSSLMismatch disabled* *>* *PartitionIntersection disabled* *>* *HeuristicScanPrecedence disabled* *>* *StructuredDataDetection disabled* *>* *StructuredMinCreditCardCount = "3"* *>* *StructuredMinSSNCount = "3"* *>* *StructuredSSNFormatNormal = "yes"* *>* *StructuredSSNFormatStripped disabled* *>* *ScanHTML = "yes"* *>* *ScanOLE2 = "yes"* *>* *OLE2BlockMacros disabled* *>* *ScanPDF = "yes"* *>* *ScanSWF = "yes"* *>* *ScanXMLDOCS = "yes"* *>* *ScanHWP3 = "yes"* *>* *ScanArchive = "yes"* *>* *ArchiveBlockEncrypted disabled* *>* *ForceToDisk disabled* *>* *MaxScanSize = "4294967295"* *>* *MaxFileSize = "4294967295"* *>* *MaxRecursion = "16"* *>* *MaxFiles = "10000"* *>* *MaxEmbeddedPE = "10485760"* *>* *MaxHTMLNormalize = "10485760"* *>* *MaxHTMLNoTags = "2097152"* *>* *MaxScriptNormalize = "5242880"* *>* *MaxZipTypeRcg = "1048576"* *>* *MaxPartitions = "50"* *>* *MaxIconsPE = "100"* *>* *MaxRecHWP3 = "16"* *>* *PCREMatchLimit = "10000"* *>* *PCRERecMatchLimit = "5000"* *>* *PCREMaxFileSize = "26214400"* *>* *ScanOnAccess disabled* *>* *OnAccessMountPath disabled* *>* *OnAccessIncludePath disabled* *>* *OnAccessExcludePath disabled* *>* *OnAccessExcludeUID disabled* *>* *OnAccessMaxFileSize = "5242880"* *>* *OnAccessDisableDDD disabled* *>* *OnAccessPrevention disabled* *>* *OnAccessExtraScanning disabled* *>* *DevACOnly disabled* *>* *DevACDepth disabled* *>* *DevPerformance disabled* *>* *DevLiblog disabled* *>* *DisableCertCheck disabled* *>>* *Config file: freshclam.conf* *>* *---------------------------* *>* *StatsHostID disabled* *>* *StatsEnabled disabled* *>* *StatsTimeout disabled* *>* *LogFileMaxSize = "1048576"* *>* *LogTime disabled* *>* *LogSyslog = "yes"* *>* *LogFacility = "LOG_LOCAL6"* *>* *LogVerbose disabled* *>* *LogRotate disabled* *>* *PidFile disabled* *>* *DatabaseDirectory = "/var/lib/clamav"* *>* *Foreground disabled* *>* *Debug disabled* *>* *AllowSupplementaryGroups disabled* *>* *UpdateLogFile = "/var/log/clamav/freshclam.log"* *>* *DatabaseOwner = "clamav"* *>* *Checks = "12"* *>* *DNSDatabaseInfo = "current.cvd.clamav.net <http://current.cvd.clamav.net> <http://current.cvd.clamav.net <http://current.cvd.clamav.net/> *>* >"* *>* *DatabaseMirror = "db.us.clamav.net <http://db.us.clamav.net> <http://db.us.clamav.net <http://db.us.clamav.net/>>"* *>* *PrivateMirror disabled* *>* *MaxAttempts = "3"* *>* *ScriptedUpdates = "yes"* *>* *TestDatabases = "yes"* *>* *CompressLocalDatabase disabled* *>* *ExtraDatabase disabled* *>* *DatabaseCustomURL disabled* *>* *HTTPProxyServer = "proxy "* *>* *HTTPProxyPort = "80"* *>* *HTTPProxyUsername = "test"* *>* *HTTPProxyPassword = "test"* *>* *HTTPUserAgent disabled* *>* *NotifyClamd = "/etc/clamd.conf"* *>* *OnUpdateExecute disabled* *>* *OnErrorExecute disabled* *>* *OnOutdatedExecute disabled* *>* *LocalIPAddress disabled* *>* *ConnectTimeout = "30"* *>* *ReceiveTimeout = "30"* *>* *SubmitDetectionStats disabled* *>* *DetectionStatsCountry disabled* *>* *DetectionStatsHostID disabled* *>* *SafeBrowsing disabled* *>* *Bytecode = "yes"* *>>* *clamav-milter.conf not found* *>>* *Software settings* *>* *-----------------* *>* *Version: 0.99.2* *>* *Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE *>* ICONV JIT* *>>* *Database information* *>* *--------------------* *>* *Database directory: /var/lib/clamav* *>* *bytecode.cld: version 306, sigs: 65, built on Tue Jul 11 16:56:41 2017* *>* *daily.cvd: version 23555, sigs: 1739528, built on Wed Jul 12 07:00:09 *>* 2017* *>* *main.cld: version 58, sigs: 4566249, built on Wed Jun 7 16:38:10 2017* *>* *Total number of signatures: 6305842* *>>* *Platform information* *>* *--------------------* *>* *uname: Linux 3.10.0-327.el7.x86_64 #1 SMP Fri Nov 20 00:18:34 PST 2015 *>* x86_64* *>* *OS: linux-gnu, ARCH: x86_64, CPU: x86_64* *>* *zlib version: 1.2.7 (1.2.7), compile flags: a9* *>* *Triple: x86_64-redhat-linux-gnu* *>* *CPU: i686, Little-endian* *>* *platform id: 0x0a2152520804080503040805* *>>* *Build information* *>* *-----------------* *>* *GNU C: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)* *>* *GNU C++: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)* *>* *CPPFLAGS:* *>* *CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions *>* -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches *>* -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall *>* -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99 *>* -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE* *>* *CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions *>* -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches *>* -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic *>* -std=gnu++98* *>* *LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld *>* -Wl,--as-needed* *>* *Configure: '--build=x86_64-redhat-linux-gnu' *>* '--host=x86_64-redhat-linux-gnu' '--program-prefix=' *>* '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' *>* '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' *>* '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' *>* '--libexecdir=/usr/libexec' '--localstatedir=/var' *>* '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' *>* '--infodir=/usr/share/info' '--disable-static' '--disable-rpath' *>* '--disable-silent-rules' '--disable-clamav' '--with-user=clamupdate' *>* '--with-group=clamupdate' '--with-libcurl=/usr' *>* '--with-dbdir=/var/lib/clamav' '--enable-milter' '--enable-clamdtop' *>* '--disable-unrar' 'build_alias=x86_64-redhat-linux-gnu' *>* 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall *>* -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong *>* --param=ssp-buffer-size=4 -grecord-gcc-switches *>* -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall *>* -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99' *>* 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld *>* -Wl,--as-needed' *>* 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' *>* --enable-ltdl-convenience* *>* *sizeof(void*) = 8* *>* *Engine flevel: 82, dconf: 82* *>>>>* *# clamdscan --fdpass *>* 2017-05-31T074648_324659544758317C34383030343232 *>* 383837313333343438343933.zip* *>* */AntiVirus/2017-05-31T074648_324659544758317C34383030343232 *>* 383837313333343438343933.zip: *>* no reply from clamd* *>>* *----------- SCAN SUMMARY -----------* *>* *Infected files: 0* *>* *Total errors: 1* *>* *Time: 14.427 sec (0 m 14 s)* *>>* *# dmesg* *>* *[214766.813013] traps: polkitd[19511] general protection ip:7f96843eeca2 *>* sp:7ffe16b8d010 error:0 in libmozjs-17.0.so <http://libmozjs-17.0.so> *>* <http://libmozjs-17.0.so <http://libmozjs-17.0.so/>>[7f96842b0000+3b3000]* *>* *[215364.434433] clamd[25899]: segfault at 7f47925ec000 ip 00007f47b832d20b *>* sp 00007f4792fea138 error 7 in libc-2.17.so <http://libc-2.17.so> *>* <http://libc-2.17.so <http://libc-2.17.so/>>[7f47b82a3000+1b4000]* *>>>* *# clamscan --max-filesize=5000M --max-scansize=5000M *>* 2017-05-31T074648_324659544758317C34383030343232 *>* 383837313333343438343933.zip* *>* *WARNING: Numerical value for option max-filesize too high, resetting to *>* 4G* *>* *WARNING: Numerical value for option max-scansize too high, resetting to *>* 4G* *>* *Segmentation fault (core dumped)* *>>>* Thanks *>* Ravi *>* _______________________________________________ *>* clamav-users mailing list *>* clamav-users at lists.clamav.net <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> *>* http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> *>>>* Help us build a comprehensive ClamAV guide: *>* https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq> *>>* http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> *> _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
