--- Begin Message ---
Yes, please attach to https://bugzilla.clamav.net/show_bug.cgi?id=12077 and
we'll take a look.
Unfortunately ClamAV yara support isn't as comprehensive as the full yara
language definition. There's no guarantee that legitimate yara rules for other
applications will work with ClamAV without testing of each rule. We have plans
to improve the yara support, but I'm unsure if / when full yara support could
be implemented.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On May 17, 2018, at 1:27 AM, Al Varnell via clamav-users
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
From: Al Varnell <alvarn...@mac.com<mailto:alvarn...@mac.com>>
Subject: Re: [clamav-users] Clamscan crash on Mac OS X - yara rules
Date: May 17, 2018 at 1:27:03 AM EDT
To: ClamAV users ML
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
You almost certainly need to attach it to a ticket at
<https://bugzilla.clamav.net <https://bugzilla.clamav.net/>>. I don't see how
anybody would be able to make sense of a partial crash report.
That being said, it's almost certainly the result of a misconfigured yara rule,
so they will need to see that, as well, if you have the time to narrow it down
to a single list. I know there is already an open ticket on a previous rule
from an UNOFFICIAL definition list.
-Al-
ClamXAV User
On Wed, May 16, 2018 at 07:08 PM, James Brown via clamav-users wrote:
Application Specific Information:
Assertion failed: (sp =3D=3D 0), function yr_execute_code, file =
yara_exec.c, line 177.
=20
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff9895d82a __kill + 10
1 libsystem_c.dylib 0x00007fff92ed6a9c abort + 177
2 libsystem_c.dylib 0x00007fff92f095de __assert_rtn =
+ 146
3 libclamav.7.dylib 0x000000010eaa61ee =
yr_execute_code + 4638 (yara_exec.c:177)
4 libclamav.7.dylib 0x000000010e9c7560 cli_exp_eval =
+ 928 (matcher.c:817)
5 libclamav.7.dylib 0x000000010e9c8bbc =
cli_fmap_scandesc + 3900 (matcher.c:1220)
6 libclamav.7.dylib 0x000000010e9de079 cli_scanraw + =
153 (scanners.c:2424)
7 libclamav.7.dylib 0x000000010e9ddb4d =
magic_scandesc + 10333 (scanners.c:3469)
8 libclamav.7.dylib 0x000000010e9e000d =
cli_base_scandesc + 365 (scanners.c:3616)
9 libclamav.7.dylib 0x000000010e9e05df scan_common + =
671 (scanners.c:4016)
10 libclamav.7.dylib 0x000000010e9e06b2 =
cl_scandesc_callback + 34 (scanners.c:4030)
11 clamscan 0x000000010e9a1a95 scanfile + =
741 (manager.c:392)
12 clamscan 0x000000010e9a12a1 scanmanager + =
5729 (manager.c:1166)
13 clamscan 0x000000010e99f968 main + 680 =
(clamscan.c:161)
14 clamscan 0x000000010e99aff4 start + 52
Let me know if there=E2=80=99s an email address I can send the full =
crash logs to if that would help.
Thanks,
James.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--- End Message ---
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml