--- Begin Message ---
Yes, please attach to https://bugzilla.clamav.net/show_bug.cgi?id=12077 and 
we'll take a look.

Unfortunately ClamAV yara support isn't as comprehensive as the full yara 
language definition.  There's no guarantee that legitimate yara rules for other 
applications will work with ClamAV without testing of each rule.  We have plans 
to improve the yara support, but I'm unsure if / when full yara support could 
be implemented.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On May 17, 2018, at 1:27 AM, Al Varnell via clamav-users 
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:


From: Al Varnell <alvarn...@mac.com<mailto:alvarn...@mac.com>>
Subject: Re: [clamav-users] Clamscan crash on Mac OS X - yara rules
Date: May 17, 2018 at 1:27:03 AM EDT
To: ClamAV users ML 
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>


You almost certainly need to attach it to a ticket at 
<https://bugzilla.clamav.net <https://bugzilla.clamav.net/>>. I don't see how 
anybody would be able to make sense of a partial crash report.

That being said, it's almost certainly the result of a misconfigured yara rule, 
so they will need to see that, as well, if you have the time to narrow it down 
to a single list. I know there is already an open ticket on a previous rule 
from an UNOFFICIAL definition list.

-Al-
ClamXAV User

On Wed, May 16, 2018 at 07:08 PM, James Brown via clamav-users wrote:


Application Specific Information:
Assertion failed: (sp =3D=3D 0), function yr_execute_code, file =
yara_exec.c, line 177.
=20

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib         0x00007fff9895d82a __kill + 10
1   libsystem_c.dylib              0x00007fff92ed6a9c abort + 177
2   libsystem_c.dylib              0x00007fff92f095de __assert_rtn =
+ 146
3   libclamav.7.dylib              0x000000010eaa61ee =
yr_execute_code + 4638 (yara_exec.c:177)
4   libclamav.7.dylib              0x000000010e9c7560 cli_exp_eval =
+ 928 (matcher.c:817)
5   libclamav.7.dylib              0x000000010e9c8bbc =
cli_fmap_scandesc + 3900 (matcher.c:1220)
6   libclamav.7.dylib              0x000000010e9de079 cli_scanraw + =
153 (scanners.c:2424)
7   libclamav.7.dylib              0x000000010e9ddb4d =
magic_scandesc + 10333 (scanners.c:3469)
8   libclamav.7.dylib              0x000000010e9e000d =
cli_base_scandesc + 365 (scanners.c:3616)
9   libclamav.7.dylib              0x000000010e9e05df scan_common + =
671 (scanners.c:4016)
10  libclamav.7.dylib              0x000000010e9e06b2 =
cl_scandesc_callback + 34 (scanners.c:4030)
11  clamscan                       0x000000010e9a1a95 scanfile + =
741 (manager.c:392)
12  clamscan                       0x000000010e9a12a1 scanmanager + =
5729 (manager.c:1166)
13  clamscan                       0x000000010e99f968 main + 680 =
(clamscan.c:161)
14  clamscan                       0x000000010e99aff4 start + 52

Let me know if there=E2=80=99s an email address I can send the full =
crash logs to if that would help.

Thanks,

James.


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--- End Message ---
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to